KubeCon + CloudNativeCon North America 2019

7:30am PST

Registration + Badge Pick-up at San Diego Convention Center (Main Conference Venue)

Monday November 18, 2019 7:30am - 6:00pm PST
Foyer A & B - San Diego Convention Center Ground Level

8:00am PST

AWS Container Day 2019 San Diego hosted by AWS (Free Additional Registration Required)

Start off your KubeCon 2019 in San Diego with AWS! In this full-day event, we'll cover how Amazon EKS makes it easy to deploy, manage, and scale containerized applications using Kubernetes on AWS through talks, demos, and a workshop. We'll have team members hanging out all day to help answer questions!

The day will include:

Discussion of the EKS feature roadmap with the EKS team
Deep dive on machine learning and deep learning with EKS
Hands-on EKS workshop to help get you up in running
Partner discussions on how to use community and 3rd party tools with EKS

If you're interested in joining the workshop, please bring your laptop.

How to Register: Registration is now closed.

For questions regarding this event, please reach out to containers-pmm@amazon.com.

Monday November 18, 2019 8:00am - 5:00pm PST
Pacific Ballroom - Wyndham San Diego Bayside

8:00am PST

Cloud Native Security Day hosted by CNCF (Additional Registration + Fee Required)

Cloud Native Security is a multi-objective and multi-constrained problem space spanning many areas. Pretty much everything falls into security, from identity management to storage solutions. Cloud Native Security Day is intended to drive collaboration, discussion, and knowledge sharing of cloud native security accomplishments and roadblocks. Get connected with others that are passionate about security. Learn from practitioners about pitfalls to avoid, hurdles to jump, and how to integrate security into your cloud native project, architecture, and enhance team awareness on security.

How to register: Pre-registration is required. To register for Cloud Native Security Day Hosted by CNCF, add it on during your KubeCon + CloudNativeCon registration.

Monday November 18, 2019 8:00am - 5:00pm PST
San Diego A - Marriott Marquis San Diego Marina Hotel

8:00am PST

EnvoyCon 2019 hosted by CNCF (Additional Registration + Fee Required)

Originally built at Lyft and now a CNCF graduated project, Envoy is a cloud-native high-performance edge/middle/service proxy. In a short period of time, Envoy has been widely adopted throughout the industry in a variety of different deployment scenarios including edge proxy, “service mesh,” internal middle-proxy load balancer, etc. Envoy’s extensibility, performance, quality, API driven configuration, and community have all been drivers for the rapid growth of the project.

The Envoy maintainers are excited to announce the 2nd annual EnvoyCon, a practitioner-driven community conference that emphasizes end-user case studies as well as deep technical talks from vendors that have chosen to build offerings on top of Envoy (zero product pitches!). Come join us for an exciting day of technical content and networking (both the social and computing kind). Learn more about Envoy.

How to register: Pre-registration is required. To register for EnvoyCon 2019, add it on during your KubeCon + CloudNativeCon registration.

Monday November 18, 2019 8:00am - 5:00pm PST
Pacific Ballroom, Salon 16/17/19 - Marriott Marquis San Diego Marina Hotel

8:00am PST

Modern Service Mesh and API Management hosted by Kong (Additional Registration + Fee Required)

Breakfast & Registration
9am - 10am

API Gateway & Ingress Management
10am - 12pm
Ingress management is an important part of your configuration and operations. When services are exposed outside a cluster, one needs to take care of authentication, observability to maintain SLOs, auditing, encryption and integrations with other third-party vendors, amongst other things.
During this workshop, we'll go through the architecture and design of an Ingress layer, and set up Kong on Kubernetes.
We will interact and configure Kong via `kubectl` to expose the services running inside the cluster, perform transformations, traffic throttling, authentication, logging on traffic flowing through the cluster.

Lunch & Networking
12pm - 1pm

Service Mesh
1:00pm - 2:45pm
Service mesh is a new pattern to build reliable distributed and decoupled applications, but often too complicated to implement with 1st generation control planes. Kong takes a new approach to service mesh with Kuma in order to build modern architectures across a large variety of platforms, including Kubernetes and VMs. Kuma is a universal control plane that addresses limitations of 1st generation service mesh technologies by enabling seamless management of any service on the network.
We’ll walk you through easily setting up service mesh across multiple environments, and enabling security and observability – in any network – automatically. We will introduce new concepts and products along the way, and let developers and architects of any skillset being comfortable with service mesh.
Registrants may choose to attend morning or afternoon sessions. Light breakfast, lunch and refreshments will be provided.

How to register: Pre-registration is required. To register for Modern Service Mesh and API Management, add it on during your KubeCon + CloudNativeCon registration.
For questions regarding this event, please reach out to events@konghq.com.

Monday November 18, 2019 8:00am - 5:00pm PST
Room 3 - San Diego Convention Center Upper Level

8:00am PST

Registration + Badge Pick up at Embassy Suites

Monday November 18, 2019 8:00am - 6:00pm PST
Main Lobby - Embassy Suites

8:00am PST

Registration + Badge Pick-up at Hard Rock Hotel

Monday November 18, 2019 8:00am - 6:00pm PST
Main Lobby - Hard Rock Hotel

CNCF End User Partner Summit (Additional Registration + Fee Required)

The CNCF End User Partner Summit brings together cloud native users to share best practices and lessons learned. The day will start with stories from end users, and their journey to overcome the challenges of adopting cloud native across different industries. It will continue with an unconference, where attendees can meet peers and learn how to navigate and contribute to the cloud native community.

Tickets cost USD $100 which is donated to the diversity scholarship. Your organization must be a member of the CNCF End User Community (https://www.cncf.io/people/end-user-community/) to attend. End user members may purchase up to four tickets, and end user supporters may purchase up to two. Contact chung@linuxfoundation.org with any questions.

How to register: Pre-registration and approval is required. To apply for this event add it on during your KubeCon + CloudNativeCon registration.

Agenda

8:00 Registration and welcome - Cheryl Hung, CNCF
8:30 Jeff Brewer, TOC End User Representative - Jeff Brewer, Intuit
8:50 Testing your Kubernetes cluster for scalability - Federico Hernandez, Meltwater
9:00 APIs Mesh, the new landscape of API management in K8s - Jean-Christophe Counio, WeWork
9:10 ChubaoFS, a new distributed filesystem storage solution for K8s - Liying Zhang and Wei Ding, JD.com
9:30 Open sourcing Kruise Wizard, a tool to create repeatable and standardized Kustomized based deployments - Ken, Fabio and Ryan, Mastercard
10:00 Talk and demo about Keikoproj - Shri Javadekar, Intuit.
10:30 Unconference
- Cluster Lifecycle - When and how to upgrade Kubernetes - Federico Hernandez, Meltwater
  - In place upgrades vs new clusters.
  - Testing new versions (and self-developed tooling to support this).
  - Upgrade process (and self-developed tooling to support this).
  - Procedures and practices around the upgrade to guarantee zero-down time for the tenants.
- CNCF End User Case Studies - Julie Dam, CNCF
11:00 Maintainers panel - ask questions to Alexis Richardson, Michelle Noorali, Eduardo Silva, Torin Sandall, Derek Collison
11:30 Wrap up

How is cloud native security different than the cloud security you already know?
How do you do more than just “shift left” and really integrate runtime security intelligence back with developers?
How does a cloud-native, container-first approach change the traditional “firewall” model of security?
How do you build security that spans all your modern compute options - from VMs to containers to serverless and everything in between?

Interested in speaking? Submit a CFP here: https://www.papercall.io/cnl-kubecon-colo. Deadline: October 18

How to Register: Pre-registration is required. To register for Cloud Native Live: Evolving Security, add it on during your KubeCon + CloudNativeCon registration.

For questions regarding this event, please reach out to cloudnativelive@paloaltonetworks.com.

Monday November 18, 2019 9:00am - 5:00pm PST
Room 16AB - San Diego Convention Center Mezzanine Level

9:00am PST

Continuous Delivery Summit hosted by Continuous Delivery Foundation (Additional Registration + Fee Required)

The Continuous Delivery Summit is a one-day event that brings together the open source CI/CD community. Meet peers and drive the future direction of continuous delivery.

How to register: Pre-registration is required. To register for Continuous Delivery Summit, add it on during your KubeCon + CloudNativeCon registration.

For questions regarding this event, please reach out to eruf@linuxfoundation.org.

Monday November 18, 2019 9:00am - 5:00pm PST
Room 1AB - San Diego Convention Center Upper Level

Registration + Badge Pick-up at San Diego International Airport (Terminal 1)

Monday November 18, 2019 10:00am - 6:00pm PST
Terminal 1 Baggage Claim by Main Information Desk - San Diego Int'l. Airport

10:00am PST

Registration + Badge Pick-up at San Diego International Airport (Terminal 2)

Monday November 18, 2019 10:00am - 6:00pm PST
Terminal 2 Baggage Claim across from Carousel 6 - San Diego Int'l. Airport

Lightning Talk Sessions, Application + Development

Lightning Talk: What Makes a Good Multi-tenant Kubernetes Solution? - Victor Varza, Adobe

Multi-tenancy leads to sharing resources with hundreds of independent users or teams. Currently, Kubernetes primitives do not provide support for running production workloads in a multi-tenant architecture.

This talk is focused on how to glue together open-source technologies in order to achieve soft multi-tenancy requirements such as: self-management, access control, resource control and workload isolation.

You will learn how to build production ready cross-cloud multi-tenant clusters using Kubernetes primitives and other open-source technologies like Cilium, Heptio Contour, Kata Containers, Open Policy Agent and friends.

Speakers

Victor Varza

Sr. Cloud Software Engineer, Adobe

Victor Varza is a Senior Cloud Software Engineer at Adobe Romania, where he is currently working on running an enterprise cross-cloud multi-tenant microservices platform based on Kubernetes. He has over 8 years of experience in development of large-scale platforms based on Linux... Read More →

What Makes a Good Multi Tenant Kubernetes Solution pdf

Monday November 18, 2019 5:02pm - 5:07pm PST
Exhibit Hall AB - San Diego Convention Center Ground Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

5:08pm PST

Lightning Talk: Boosting Your kubectl Productivity - Mauricio Salatino, LearnK8s

If you work with Kubernetes, then kubectl is probably one of your most-used tools. Whenever you spend a lot of time working with a specific tool, it is worth to get to know it very well and learn how to use it efficiently. The goal of this lighting talk is not only to make your daily work with Kubernetes more efficient but also more enjoyable!

Speakers

Mauricio Salatino

OSS Software Engineer, Diagrid

Mauricio works as Open Source Software Engineer at @Diagrid, contributing to and driving initiatives for the Dapr OSS project. Mauricio also serves as a Steering Committee member for the Knative Project, and he is also Co-Leading the Knative Functions initiative. He is writing a book... Read More →

Monday November 18, 2019 5:08pm - 5:13pm PST
Exhibit Hall AB - San Diego Convention Center Ground Level

Lightning Talk Sessions, Customizing + Extending Kubernetes

Experience Level Beginner (Very basic information)

5:14pm PST

Lightning Talk: Get Started With Non-Code Contributions to Kubernetes - David Strebel, Microsoft

Want to contribute to contribute to the Kubernetes project, but not a coder? This lightning talk will focus on how you can contribute back to Kubernetes without writing a line of code.

There exists this notion of developers, developers, developers and that you need to write code to be able to contribute to open source. There are many different ways that you can help out in an open source project without being a developer. In quick talk we will show the different needs open source projects have for non-code contributions and the roles that fit in for non-code contributors.

Coming away from this lightning talk you will have a good understating of how you can get involved in the Kubernetes project and start contributing with no code at all!

Speakers

David Strebel

Open Source Architect, Microsoft

Dave Strebel is a Global Open Source Architect on the Microsoft Global Black Belt team. Dave focuses on containers, microservice architecture and the cloud-native ecosystem. Dave has been working in technology for over 15 years and has a mixed background across application development... Read More →

Monday November 18, 2019 5:14pm - 5:19pm PST
Exhibit Hall AB - San Diego Convention Center Ground Level

Lightning Talk Sessions, Community

Experience Level Beginner (Very basic information)

5:20pm PST

Lightning Talk: Kuber-What-Es?! Misadventures in Building UIs for K8s-Based ML Platforms - Alexandra Johnson, Independent

Last year, our team set out to build a machine learning platform for launching hyperparameter optimization jobs. However, after our launch, the kubernetes-based machine learning platform wasn't a hit with our internal users. This talk explains why, starting with our three critical user interface design decisions, the two problems these led to, and our one direction for future work. This talk is meant to be a very compact, but honest, look at some of the user experience challenges faced by teams building kubernetes-based ML platforms.

Speakers

Alexandra Johnson

Tech Lead, Independent

Alexandra loves creating simple and easy to use interfaces for complicated products. Until recently, she was the Platform Tech Lead at SigOpt, where she and her team worked on everything from machine learning infrastructure to web dashboards to API design. She is based out of San... Read More →

Kuber what es 2019 pdf

Monday November 18, 2019 5:20pm - 5:25pm PST
Exhibit Hall AB - San Diego Convention Center Ground Level

Lightning Talk Sessions, Machine Learning + Data

Experience Level Beginner (Very basic information)
Session Slides Included Yes

5:26pm PST

Lightning Talk: Code Kubernetes While You Are Using It - Mario Loriedo, Red Hat

This lightning talk is about deploying a development platform on a Kubernetes cluster and using it to code and rollout an Kubernetes component update. Without stopping coding.

To do so we are going to use Eclipse Che, a container based IDE that runs on Kubernetes and is particularly adapted for rapid cloud native development.

Speakers

Mario Loriedo

Senior Principal Software Engineer, Red Hat

Mario is a Senior Principal Software Engineer at Red Hat and a CNCF Ambassador. He works on container-based developer tools. He co-maintains the CNCF Devfile project and leads the Eclipse Che project. He has been a speaker at conferences such as KubeCon, LinuxCon, JavaOne and FOS... Read More →

Coding Kubernetes While You Are Using It pdf

Monday November 18, 2019 5:26pm - 5:31pm PST
Exhibit Hall AB - San Diego Convention Center Ground Level

Lightning Talk Sessions, Application + Development

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

5:32pm PST

Lightning Talk: Sharing a GPU Among Multiple Containers - Patrick McQuighan, Algorithmia

We’ve been sharing GPU resources across multiple containers since 2016, and we’ve learned a few lessons along the way. In this lightning talk, we’ll walk you through the work we’ve done and discuss some newer approaches to the same problem.

Specifically, this talk will address:

* Why GPUs matter
* What makes sharing GPUs across containers hard
* How we’ve managed to share GPUs in the past
* Recent solutions, including the GPUShare Scheduler Extender project (https://github.com/AliyunContainerService/gpushare-scheduler-extender)

Speakers

Patrick McQuighan

Senior Software Engineer, Algorithmia

Patrick joined Algorithmia in December 2015 and has focused on improving system performance and creating the Enterprise AI Layer Enterprise product, an ML deployment and management system that runs on multiple cloud providers and on-prem infrastructures. Previously, Patrick worked... Read More →

McQuighan Share GPUs pdf

Monday November 18, 2019 5:32pm - 5:37pm PST
Exhibit Hall AB - San Diego Convention Center Ground Level

Lightning Talk Sessions, Machine Learning + Data

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

5:38pm PST

Lightning Talk: How the Observability Team at Spotify Radically Decreased On-Call Alerts - Lauren Muhlhauser, Spotify

The Reliability team at Spotify took over the monitoring stack and decreased incident pages by 42% within 6 months. At first, they were devoting all their time to managing on-call alerts and tech debt. Now, on-call alerts are manageable and infrequent, and the team is on a path to using entirely open sourced products.

This stack was developed years prior, when there were few well-developed open source solutions available. Lauren describes how migrations to new tools (Grafana and Prometheus) decreased their backlog and on-call pages. She will also cover the improvements the team made to their own open source products (Heroic and FFWD) and why they chose to continue using and maintaining them. Lastly, she will discuss a new tool that the team will be repurposing and open sourcing in the near future.

Speakers

Lauren Muhlhauser

Site Reliability Engineer, Spotify

Lauren is a Site Reliability Engineer at Spotify on the Observability team. She is currently working on maintaining the monitoring and alerting stack, as well as implementing tracing.

How the Observability Team at Spotify Radically Decreased On Call Alerts pdf

Monday November 18, 2019 5:38pm - 5:43pm PST
Exhibit Hall AB - San Diego Convention Center Ground Level

Lightning Talk Sessions, Observability

Experience Level Beginner (Very basic information)
Session Slides Included Yes

5:44pm PST

Lightning Talk: CRDs All the Way Down – Using OPA for Complex CRD Validation and Defaulting - Puja Abbassi, Giant Swarm

Custom Resource Definitions (CRDs) and custom controllers (aka the operator pattern) are becoming the main way we extend Kubernetes. From etcd and Prometheus to full-on Kubernetes extensions a la Cluster API and Service Broker API - a lot of teams are building operators.

As the CRD concept is maturing SIG API machinery is adding useful features like validation, defaulting, structural schemas, etc. In more complex extensions with multiple CRDs and multiple controllers, we run into validation and defaulting use cases that can only be modeled with custom validation and mutation webhooks.

This talk will discuss use cases for complex CRD validation and defaulting, incl. common use cases like validating a CRD against another CRD. Furthermore, the speaker will make a point of why to use Open Policy Agent as a common agent to implement such use cases.

Speakers

Puja

VP Product, Giant Swarm

Puja Abbassi is the Vice President of Product at Giant Swarm, building a managed cloud native developer platform based on Kubernetes. In Kubernetes he focuses on extending Kubernetes with custom resources and controllers. With many years of Kubernetes experience and having been in... Read More →

Advanced CRD Validation and Defaulting with OPA pdf

Monday November 18, 2019 5:44pm - 5:49pm PST
Exhibit Hall AB - San Diego Convention Center Ground Level

Lightning Talk Sessions, Customizing + Extending Kubernetes

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

5:50pm PST

Lightning Talk: Easily Observing Operators - Lili Cosic, Red Hat

With everyone building their own operator, instrumenting them is an important piece of the puzzle. In this lighting talk, Lili will demonstrate how to implement operator observability by using kube-state-metrics as a library, to natively expose operator specific metrics.

Join this session to learn how to generate operator and custom resource metrics on the fly in just a few lines of code, by leveraging kube-state-metrics.

Speakers

Lili Cosic

Lili is a software engineer but her main focus for the past 7 years has been infrastrucure engienering. Her monitoring focus started at Red Hat where she worked on the OpenShift monitoring team, where she worked on OpenShift monitoring product as well as mantained various open source... Read More →

Monday November 18, 2019 5:50pm - 5:55pm PST
Exhibit Hall AB - San Diego Convention Center Ground Level

Lightning Talk Sessions, Observability

Experience Level Beginner (Very basic information)

5:56pm PST

Lightning Talk: Open Match - Matchmaking Framework - Robert Bailey, Google

Open Match is an open source game matchmaking framework that simplifies building a scalable and extensible Matchmaker. Open Match is designed to give the game developer full control over how to generate quality matches without having to deal with the challenges of building a scalable online production service. It enables the game developer to re-use the core framework code across games, and just focusing on the rebuilding the matchmaking logic custom to each game.

At its core, Open Match comprises of a set of services hosted in a Kubernetes cluster that manage Players, trigger custom matchmaking logic to generate match proposals and provides ability to evaluate these for quality. The framework also provides functionality such as monitoring, alerting, metrics analysis, autoscaling etc.

Speakers

Robert Bailey

Staff Software Engineer, Google

Robert is part of Google's Cloud Gaming team working on open source gaming infrastructure projects founded by Google such as Agones and Open Match. He was previously a lead for the Cluster Lifecycle SIG, worked on Kubernetes for more than 4 years, and was one of the founding members... Read More →

Lightning Talk Open Match pdf

Monday November 18, 2019 5:56pm - 6:01pm PST
Exhibit Hall AB - San Diego Convention Center Ground Level

Lightning Talk Sessions, Application + Development

Experience Level Beginner (Very basic information)
Session Slides Included Yes

6:02pm PST

Lightning Talk: Is Your Kubernetes Cluster's DNS Working? - Jonathan Perry, Flowmill

Your Kubernetes cluster is gaining traction and more and more developers are bringing up new services. That’s great news. But you’ve been getting reports of intermittent service failures that you haven’t been able to track down. It doesn’t seem to be anything else...could it be DNS? Maybe we’re not running enough DNS pods or they are restarting too frequently?

This talk will explain how to actually measure DNS health for your Kubernetes cluster and properly plan its capacity. We will share some specific mechanisms to gather DNS traffic information per service both with some standard Linux tools and systematically with eBPF.

Speakers

Jonathan Perry

CEO and Co-Founder, Flowmill

Jonathan is CEO at Flowmill. Jonathan was a Facebook fellow and previously worked for 7 years in communication systems R&D and HPC algorithm development in the Israeli Defense Force (IDF). Jonathan received his Ph.D. from MIT CSAIL’s Networks and Mobile Systems group, where his... Read More →

Is Your Kubernetes Cluster's DNS Working pdf

Monday November 18, 2019 6:02pm - 6:07pm PST
Exhibit Hall AB - San Diego Convention Center Ground Level

Lightning Talk Sessions, Networking

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

6:08pm PST

Lightning Talk: Want to Donate a Project to the CNCF? Here's How - Cheryl Hung, CNCF

From the very first open source project, Kubernetes, to over 30 now, the projects are the lifeblood of the CNCF. The most mature (aka graduated) projects have become de-facto industry standards, backed by thriving communities.

However, it's not always clear how new projects are chosen to enter the CNCF.

Cheryl explains how you can propose a project to join the CNCF, and what the Technical Oversight Committee is looking for.

Speakers

Cheryl Hung

VP Ecosystem, Cloud Native Computing Foundation

Cheryl Hung is VP Ecosystem at the Cloud Native Computing Foundation, where she drives adoption of cloud native infrastructure. As a non-profit under the Linux Foundation, the CNCF hosts open source projects including Kubernetes, Prometheus and Envoy.She founded the 5000+ strong Cloud... Read More →

Want to donate a project to the CNCF Here's how Cheryl Hung 18 November 2019.pptx pdf

Monday November 18, 2019 6:08pm - 6:13pm PST
Exhibit Hall AB - San Diego Convention Center Ground Level

Lightning Talk Sessions, Community

Experience Level Beginner (Very basic information)
Session Slides Included Yes

6:15am PST

Group Fun Run

Group Fun Run will meet at 6:15 am near the Grand Staircase outside Hall D of the San Diego Convention Center.

Join other runners each morning and see some local San Diego sights like the Gaslamp Quarter, the Embarcadero, Petco Park, and more! Please meet at the San Diego Convention Center Grand Staircase (outside hall D) at 6:15 am. Participants will be required to provide their own running attire and water.

Please sign up using the Google Form for updates.

Meet Time: 6:15 AM
Start Time: 6:30 AM

Tuesday November 19, 2019 6:15am - 6:30am PST
Grand Staircase, Outside Hall D - San Diego Convention Center

Experience Level Any

7:00am PST

Continental Breakfast (Main Conference Venue)

Tuesday November 19, 2019 7:00am - 9:00am PST
Foyer A & B - San Diego Convention Center Ground Level

7:00am PST

Registration + Badge Pick-up at San Diego Convention Center (Main Conference Venue)

Tuesday November 19, 2019 7:00am - 6:00pm PST
Foyer A & B - San Diego Convention Center Ground Level

7:30am PST

The New Stack Pancake Breakfast: Kubernetes and Cloud-Native Security - sponsored by Palo Alto Networks

Seating availability limited and on a first-come-first-serve basis. This event tends to fill up fast, so get in line early to secure your spot.

The reports are in — Kubernetes and cloud-native technologies open the attack surface far and wide. Come have a short stack with The New Stack for a Q&A with our expert panelists about the issues and options for managing security in cloud-native workloads. Be prepared and enjoy some pancakes at KubeCon + CloudNativeCon in San Diego!

Moderators

Joab Jackson

Reporter, The New Stack

Alex Williams

Founder and Publisher, The New Stack

Alex Williams is founder and publisher of The New Stack, a content platform for the people who build and manage software the world relies on. He was an editor at ReadWriteWeb and TechCrunch before leaving in 2014 to start The New Stack. Alex hosts The New Stack Makers pancake and... Read More →

Speakers

Sean Michael Kerner

Reporter, Linux Foundation

Sean Michael Kerner is a technology journalist and his coverage of the technology industry appears in multiple publications around the world. Kerner is also an IT consultant, technology enthusiast and tinkerer, and has been known to spend his spare time immersed in the study of the... Read More →

John Morello

VP of product for Prisma, Palo Alto Networks

John Morello is the VP of Product at Palo Alto Networks, and the former Chief Technology Officer at Twistlock. Prior to that, John was a CISO at a Fortune 500 global chemical company. Before that, he spent 14 years at Microsoft, in both Microsoft Consulting Services and product... Read More →

Chenxi Wang, Ph.D.

Managing General Partner, Rain Capital

Chenxi Wang, Ph.D., founder of the Jane Bond Project. Dr. Wang also serves on the board of directors for the Open Web Application Security Project (OWASP) Foundation, as an investment advisor to ClearSky Cyber Security and SixThirty Cyber and a strategy advisor to various security... Read More →

Tuesday November 19, 2019 7:30am - 8:45am PST
Room 2 - San Diego Convention Center Upper Level

8:00am PST

Quiet Room

Tuesday November 19, 2019 8:00am - 6:00pm PST
Room 13 - San Diego Convention Center Mezzanine Level

9:00am PST

Keynote: Hiding in the Dark - Dan Kohn, Executive Director, Cloud Native Computing Foundation

What can Minecraft teach us about the adoption of cloud native technologies?

Speakers

Dan Kohn

General Manager, Linux Foundation Public Health, Linux Foundation

Dan leads Linux Foundation Public Health, a new initiative to use open source software to help public health authorities combat COVID-19 and serves as VP, Strategic Programs for the Cloud Native Computing Foundation, which sustains and integrates open source technologies like Kubernetes... Read More →

1 Dan Kohn pptx

Tuesday November 19, 2019 9:00am - 9:10am PST
Exhibit Hall AB - San Diego Convention Center Ground Level

Session Slides Included Yes

9:10am PST

Keynote: CNCF Updates - Cheryl Hung, Director of Ecosystem, Cloud Native Computing Foundation

Speakers

Cheryl Hung

VP Ecosystem, Cloud Native Computing Foundation

2 Cheryl Hung pdf

Tuesday November 19, 2019 9:10am - 9:20am PST
Exhibit Hall AB - San Diego Convention Center Ground Level

Session Slides Included Yes

9:20am PST

Keynote: CNCF Project Updates - Bryan Liles, KubeCon + CloudNativeCon North America 2019 Co-Chair & Senior Staff Engineer, VMware

Speakers

Bryan Liles

Senior Staff Engineer, VMware

Bryan Liles is a Senior Staff Engineer at VMware where he runs multiple projects, including Octant, a tool which allows you to view your Kubernetes in a graphical fashion. Over the past decade, Bryan has spoken on myriad topics from machine learning, developer health, programming... Read More →

3 Bryan Liles TuesdayMorning Fixed NEW.pptx pdf

Tuesday November 19, 2019 9:20am - 9:45am PST
Exhibit Hall AB - San Diego Convention Center Ground Level

Session Slides Included Yes

9:47am PST

Sponsored Keynote: Keep Kubernetes Caffeinated - Erin Boyd, Principal Software Engineer, Red Hat

Today, we have a whole host of amazing coffee makers that can take a pod of coffee, brew it, deploy it into your cup, add the milk and sweetener, and deliver it just how you like it. In the same way, Kubernetes Operators are taking the complexity out of producing, deploying, and operating applications.
One particular example of where Operators are making a big impact is Storage. Storage features in Kubernetes are evolving to solving more complex problems such as data replication and support for object storage. Come and see how the Rook project is extending these storage capabilities to deliver your applications—just like your favorite cup of coffee.

Speakers

Erin Boyd

Engineer, Red Hat

Erin is currently the Director of Emerging Technologies and Distinguished Engineer at Red Hat in the Office of the CTO. Erin was previously an Apple Cloud Services Engineer at Apple. Erin is a Kubernetes contributor and an Apache Ambari committer. Erin is an active contributor to... Read More →

4 Erin Boyd Red Hat R2 VB.pptx pdf

Tuesday November 19, 2019 9:47am - 9:52am PST
Exhibit Hall AB - San Diego Convention Center Ground Level

Session Slides Included Yes

9:54am PST

Keynote: NATS: Past, Present and the Future - Derek Collison, Founder and CEO, Synadia

A brief history of the NATS project, where it is today, how it fits into cloud-native architecture, and where it's going in the near future.

Speakers

Derek Collison

Founder and CEO, Synadia

Derek Collison is a 30 year industry veteran, entrepreneur, and pioneer in secure and large-scale distributed systems and cloud computing. He helped change the way financial, transportation, and logistics systems fundamentally worked while spending over a decade at TIBCO, designing... Read More →

5 Derek Collison.pptx pdf

Tuesday November 19, 2019 9:54am - 10:14am PST
Exhibit Hall AB - San Diego Convention Center Ground Level

Session Slides Included Yes

10:16am PST

Sponsored Keynote: Bringing Confidential Computing to Kubernetes - Lachlan Evenson, Principal Program Manager, Microsoft Azure

Speakers

Lachie Evenson

Principal Program Manager, Microsoft

Lachlan is a Principal Program Manager on the open source team at Azure. As a cloud native ambassador, emeritus Kubernetes steering committee member and release lead, Lachlan has deep operational knowledge of many Cloud Native projects. He spends his days building and contributing... Read More →

Bringing Confidential Computing to Kubernetes pdf

Tuesday November 19, 2019 10:16am - 10:21am PST
Exhibit Hall AB - San Diego Convention Center Ground Level

Session Slides Included Yes

10:20am PST

Keynote: Closing Remarks - Vicki Cheung, KubeCon + CloudNativeCon North America 2019 Co-Chair & Engineering Manager, Lyft

Speakers

Vicki Cheung

Staff Software Engineer, Lyft

10:25am PST

Coffee Break

Tuesday November 19, 2019 10:25am - 10:55am PST
Sponsor Showcase, Sails Pavillion - San Diego Convention Center Upper Level

10:25am PST

Sponsor Showcase

Tuesday November 19, 2019 10:25am - 8:40pm PST
Sails Pavilion + Ballroom 6AB - San Diego Convention Center Upper Level

Sponsor Showcase

10:55am PST

Containing the Container: Developer Experience vs Strict Security Posture - Brian Bagdzinski & Sharat Nellutla, Verizon

Within Verizon IT we manage multiple multi-tenant Kubernetes clusters across on-prem and multiple clouds hosting hundreds of applications. Containers, Kubernetes, and cloud-native are central pillars: both for our application modernization strategy, and for our north star architecture. However we operate in a highly regulated environment, and our security posture is such that our developers are not permitted to run tools locally that might be considered essential to deliver on this strategy: Docker and Minikube! In this talk we will candidly discuss how we are evolving the developer experience in this space, despite the security constraints, leveraging open source tooling such as Skaffold, Harbor, Kaniko, and Jib.

Speakers

Sharat Nellutla

Associate Director, Verizon

Sharat is an Associate Director at Verizon. With over 15 years of experience in platform engineering and leadership experience, Sharat leads Verizon's enterprise Kubernetes engineering and Gitops platform engineering teams. He is responsible for multi-cloud Kubernetes architecture... Read More →

Brian Bagdzinski

Cloud Engineer, Verizon

Brian Bagdzinski is a Senior Cloud Engineer at Verizon. As an application developer, as well as being part of a small team responsible for launching a Serverless platform, he is very familiar with how process can get in the way of innovation and creativity. This has instilled in him... Read More →

Containing the Container pdf

Tuesday November 19, 2019 10:55am - 11:30am PST
Room 29ABCD - San Diego Convention Center Upper Level

Kubernetes Multitenancy Karl Isenberg KubeCon NA 2019 pdf

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

10:55am PST

Kubernetes at Cruise: Two Years of Multitenancy - Karl Isenberg, Cruise

Cruise has been working on self-driving cars for six years and growing exponentially for most of that time. Two years ago they started using Kubernetes, betting on namespace-level multitenancy to provide isolation between teams and projects. Today they have over 40 internal tenants, 100,000 pods, 4,000 nodes, and… an embarrassing number of KubeDNS replicas.

This session will take you through the motivations, story, and results of migrating to multitenant Kubernetes, along with some hard-earned Pro Tips from the trenches.

You’ll also learn about the open source tooling they built around Spinnaker, Vault, Google Cloud, and Istio in order to integrate with our multitenant Kubernetes.

Come see how they went from barely isolated to very isolated and saved a few million dollars doing it!

Speakers

Karl Isenberg

Anthos Solutions Architect, Google

Karl Isenberg is on the Blueprint Solutions team at Google. Prior to Google Karl lead the PaaS team at Cruise. Before that, Karl worked on the vendor side on container platforms for more than 5 years as a committer on Kubernetes, DC/OS, and CloudFoundry at Mesosphere and Pivotal... Read More →

Tuesday November 19, 2019 10:55am - 11:30am PST
Room 6F - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

10:55am PST

Building Reusable DevSecOps Pipelines on a Secure Kubernetes Platform - Steven Terrana, Booz Allen Hamilton & Michael Ducy, Sysdig

Onboarding development teams can often be the critical point in determining if a team will adopt modern Cloud Native and DevSecOps practices. If there is too much friction for developers to build, scan, and test their applications or to secure their application environments then these best practices are often pushed aside. In this talk we’ll cover how we automated the creation of a trusted software supply chain. Through a live demonstration, we will show how this approach accelerates adoption by allowing developers to inherit a preconfigured pipeline performing various security tests (and underlying tooling) as well as safeguards (via the CNCF Sandbox project Falco) put in place to monitor production workloads for security problems.

Speakers

Steven Terrana

Chief Engineer, Booz Allen Hamilton

Steven is a Chief Engineer at Booz Allen Hamilton focused on building reusable capabilities for the Firm and industry. He uses these capabilities to help organizations adopt all things modern software delivery: DevSecOps, Cloud Infrastructure, Container Orchestration, and Microservice... Read More →

Michael Ducy

Director of Open Source, Sysdig

Michael Ducy started his technology journey at a young age. Always curious, he was once threatened that he’d never have toys bought for him again if he didn’t stop taking them apart to see how they worked. His first workbench was given to him at the age of 5. His first programming... Read More →

kubecon na ppt reg.pptx pdf

Tuesday November 19, 2019 10:55am - 11:30am PST
Ballroom Sec 20AB - San Diego Convention Center Upper Level

CI/CD

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

10:55am PST

Sharing is Caring: How to Begin Speaking at Conferences - Jenny Burcio & Ashlynn Polini, Docker

For many, the idea of speaking in front of a bunch of strangers can be enough to prevent you from ever responding to a CFP. But don't let it! Speaking at conferences, meetups, or even at your own company is a fantastic way to share you knowledge, meet others, advance your career, and give back. Whether you are on the fence, have decided to take the plunge and submit a CFP, or have already even a few talks, this session is for you. Jenny Burcio and Ashlynn Polini will outline tips and strategies for turning your idea into a winning proposal and ultimately a compelling talk. Drawing on their experience reviewing DockerCon CFPs and prepping speakers (including themselves) for a variety of conferences, they will share how to submit and prepare for your first - or next - conference talk.

Speakers

Jenny Burcio

Sr. Manager, Marketing, Docker

Jenny Burcio manages the Docker Community, including managing content for DockerCon and the Captains program, where she helps awesome Docker community members inspire and educate others. Prior to Docker, Jenny worked at Apigee helping to build their community programs and partner... Read More →

Ashlynn Polini

Sr Manager, Events, Docker

Ashlynn Polini runs the user conference known as DockerCon, where she helps awesome Docker community members inspire, connect and learn from each other. Prior to Docker, Ashlynn worked at startups helping to build marketing and operations programs. Ashlynn is a recovering soccer athlete... Read More →

Tuesday November 19, 2019 10:55am - 11:30am PST
Room 31ABC - San Diego Convention Center Upper Level

Kubecon Presentation Only Slightly Bent Uber’s Kubernetes Migration Journey Microservices pdf

Experience Level Beginner (Very basic information)

10:55am PST

Only Slightly Bent: Uber’s Kubernetes Migration Journey for Microservices - Yunpeng Liu, Uber

Uber started using docker containers at scale in 2015, and has gone through a few generations of cluster management and service discovery technologies. In early 2019, we started working on migration from Mesos to Kubernetes to support secure service mesh and machine learning workloads.

This is a complex problem - there are thousands of services, tens of millions of containers to be launched daily while maintaining high machine resource utilization. To that end, a lot of customizations are built into our Kubernetes stack including elastic resource sharing, oversubscription, fast rollback and deploy, changes to service discovery and attestation etc.

This talk will cover:
- Overview of Uber Compute Infra
- API server benchmark and tweaks
- Custom controller and scheduler logic
- CRI: resource, health check, logging, isolation
- SPIRE and service discovery setup at Uber

Speakers

Yunpeng Liu

Sr Software Engineer, Uber

Lead the compute cluster lifecycle management at Uber.Currently working on efficiency and federation projects in Uber Compute.

Tuesday November 19, 2019 10:55am - 11:30am PST
Room 30ABCDE - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

10:55am PST

Running Apache Samza on Kubernetes - Weiqing Yang, LinkedIn Corporation

Apache Samza is a distributed stream processing framework that allows you to process and analyze your data in real-time. It has been widely used at Linkedin and other companies on a large scale. Recently, we added Kubernetes as the new scheduler backend for Samza to run in distributed mode. In this talk, we will deep dive into the technical details about how Samza runs natively on Kubernetes by leveraging the primitives provided by Kubernetes for scheduling, storages, etc. We will also compare running Samza on Kubernetes with other existing solutions such as YARN and standalone mode. Finally, we will share some practices about running Kubernetes as a container orchestration framework for other big data processing engines.

Speakers

Weiqing Yang

Software Engineer, LinkedIn

Weiqing has been working in big data computation frameworks since 2015 and is an Apache Spark/HBase/Hadoop/Samza contributor. She is currently a software engineer in streaming infrastructure team at LinkedIn, working on Samza, Brooklin, etc. Before that, she worked in Spark team at... Read More →

RunningApacheSamzaOnK8s pdf

Tuesday November 19, 2019 10:55am - 11:30am PST
Room 1AB - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

10:55am PST

CNCF SIG-Security Intro - Sarah Allen, CNCF SIG-Security & Brandon Lum, IBM

“Cloud Native” is open source cloud computing for applications — a complete trusted toolkit for modern architectures (CNCF presentation). There are multiple proposed projects which address key parts of the problem of providing access controls and addressing safety concerns. Each of these adds value, yet for these technical solutions to be capable of working well together and manageable to operate they will need a minimal shared context of what defines a secure system architecture.

Speakers

Sarah Allen

Co-chair, CNCF SIG-Security

Sarah was a founding co-chaired the SAFE WG, now renamed to CNCF SIG-Security. She has been worrying about security concerns, since first building Shockwave in the mid-90s (Netscape plug-in and ActiveX control). In early 2000s, she started developing open source as part of the OpenLaszlo... Read More →

Brandon Lum

Software Engineer, Google

Brandon loves designing and implementing computer systems (with a focus on Security, Operating Systems, and Distributed/Parallel Systems). Brandon is a Co-chair of the CNCF Security TAG, and as a part of Google's Open Source Security Team, he works on improving the security of the... Read More →

CNCF Security SIG Intro 19 Nov 2019 pdf

Tuesday November 19, 2019 10:55am - 11:30am PST
Room 6D - San Diego Convention Center Upper Level

Experience Level Any
Session Slides Included Yes

10:55am PST

Intro to gRPC - Jayant Kolhe & Eric Anderson, Google

gRPC is a modern, open source remote procedure call (RPC) framework that can run anywhere. It enables client and server applications to communicate transparently, and makes it easier to build connected systems. Join us for this session to hear about the gRPC project, how you can use it in your applications, and how to get involved with contributing!

Speakers

Eric Anderson

Software Engineer, Google

Eric Anderson is the tech lead of gRPC Java as a software engineer at Google. He contributed to the gRPC wire protocol and is experienced with HTTP/2. Previously, he developed the Connectors 4 framework for the Google Search Appliance. Prior to Google, Eric maintained data-driven... Read More →

Jayant Kolhe

Engineering Director, Google

Jayant is Director of Engineering at Google working in Google Cloud Organization. He has been at Google for last 10 years. He manages teams that work in areas of Networking, distributed systems and APIs. He has led and managed multiple Open Source Projects such as gRPC and Protocol... Read More →

Intro to gRPC pdf

Tuesday November 19, 2019 10:55am - 11:30am PST
Room 14AB - San Diego Convention Center Mezzanine Level

Experience Level Any
Session Slides Included Yes

10:55am PST

Intro: Brigade - Matt Butcher & Radu Matei, Microsoft

Brigade is a lightweight, Kubernetes-native framework which allows the creation of event-driven workflows. Using JavaScript, Brigade chains together containers and controls their execution in an in-cluster scripting environment that enables easy error handling and data sharing. In this session, you will learn how to get started with Brigade, how to use the existing GitHub, CloudEvents and generic event support and integrate them in your workflow, and how different companies are using Brigade to automate their internal workflows (from code quality assessment and security scanning, to automatically generating preview environments for each pull request), and ultimately allow teams to build massively distributed workflows using a few lines of JavaScript.

Speakers

Radu Matei

Software Engineer, Microsoft Azure

Radu is a Software Engineer at Microsoft Azure, working on Kubernetes and open source developer tools for distributed systems. He is a core maintainer of Brigade, as well as of the Cloud Native Application Bundles (CNAB) project.When he is not working on open source, he loves playing... Read More →

Matt Butcher

Principal Software Development Engineer, Microsoft Azure

Matt does cloud native open source development at Microsoft, where he has worked on Brigade, Helm, Krustlet and others. Matt is the author of a bunch of books and articles, most recently O'Reilly's book "Learn Helm" (with Matt Farina and Josh Dolitsky). When not coding, Matt enjoys... Read More →

Matei butcher brigade intro pdf

Tuesday November 19, 2019 10:55am - 11:30am PST
Room 33ABC - San Diego Convention Center Upper Level

Experience Level Any
Session Slides Included Yes

10:55am PST

Intro: Kubernetes SIG PM - Stephen Augustus, VMware

Kubernetes is one of the most high-velocity open source projects in the world, and one of the most unique features of this community project - that it has it's own PM team and PM process. SIG PM, originally established as a Product Management Group, today covers multiple aspects of Product, Program and Project Management of Kubernetes. In this session, the SIG PM co-chairs will provide a brief overview of SIG PM history and basic principles, the areas of interaction with the Kubernetes community, together with the information on how to start contributing to Kubernetes as a PM.

Speakers

Stephen Augustus

Lead, Cloud Native Tools & Advocacy, VMware

Stephen Augustus is an active leader in the Kubernetes community. He currently serves as a Special Interest Group Chair (Release, PM), a Release Manager, and a subproject owner for Azure.Stephen leads the Cloud Native Developer Strategy team at VMware, driving meaningful interactions... Read More →

Tuesday November 19, 2019 10:55am - 11:30am PST
Room 32AB - San Diego Convention Center Upper Level

Experience Level Any

10:55am PST

KubeEdge – Kubernetes Native Edge Computing Framework - Jason Wu & Sean Wang, Futurewei

KubeEdge is an open source edge computing framework that extends the power of kubernetes from central cloud to edge. In this session attendees will learn about: - Why KubeEdge is useful for Edge Computing; - Architecture and major design considerations of KubeEdge; - Latest updates and challenges we faced getting there; - Where KubeEdge is headed. There will be an extended open Q&A at the end for attendees to ask questions. KubeEdge was accepted as the first edge computing project hosted under the Cloud Native Computing Foundation (CNCF) in March 2019.

Speakers

Jason Wu

VP of Product, Futurewei

Sean Wang

senior director, Futurewei

Sean Wang is a senior director at FutureWei Inc in Seattle. He was the founder of Intelligent EdgeFabric platform, a commercial edge computing service which was later on contributed to CNCF as KubeEdge. Sean has deep interest in large scale distributed systems, built and led various... Read More →

2019KubeConNA kubeedge intro pdf

Tuesday November 19, 2019 10:55am - 11:30am PST
Room 17AB - San Diego Convention Center Mezzanine Level

Experience Level Any
Session Slides Included Yes

10:55am PST

OPA Introduction & Community Update - Rita Zhang, Microsoft & Patrick East, Styra

Come to this session to learn about the Open Policy Agent (OPA) project. OPA is a general-purpose policy engine that solves a number of policy-related use cases in Kubernetes and the wider cloud native ecosystem. During this session the OPA maintainers will introduce the project and then provide updates on the latest and greatest features to land in OPA and OPA Gatekeeper.

Speakers

Rita Zhang

Principal Software Engineer, Microsoft

Rita Zhang is a software engineer at Microsoft, based in San Francisco. She leads the Azure Container Upstream team building features for Kubernetes upstream and various CNCF projects. Rita is a Kubernetes SIG Auth co-chair, a maintainer of the Secrets Store CSI Driver project, and... Read More →

Patrick East

Senior Software Engineer, Styra

OPA+Gatekeeper Intro & Update KubeCon 2019 pdf

Tuesday November 19, 2019 10:55am - 11:30am PST
Room 5AB - San Diego Convention Center Upper Level

Experience Level Any
Session Slides Included Yes

10:55am PST

Securing the Software Supply Chain with in-toto - Santiago Torres-Arias & Justin Cappos, NYU

The cloud native ecosystem and tooling allows for rapid development and delivery of applications using various services in different configurations in highly-automated software supply chains. Unfortunately, this supply chain has become an attractive target for attacks. An attacker that compromises any of the steps of the supply chain, compromises a dependency or alters the product in transit, can affect all users at once and with devastating consequences.

In this talk, we will talk about the current integrations of in-toto in the cloud/container space. In addition, we will cover the existing in-toto toolchains and how they can be used in various scenarios, from supply CI systems like Jenkins, to providers such as GitLab, and beyond. We will showcase these in different real-world use cases with concrete examples inspire attendees on how to secure their supply chain.

Speakers

Santiago Torres

PhD Student, New York University

Justin Cappos

Professor, NYU

Justin Cappos is a professor in the Computer Science and Engineering department at New York University, who strives to provide service to society through technology. Justin's research philosophy focuses on solving real world security problems in practice. He and his students often... Read More →

Tuesday November 19, 2019 10:55am - 11:30am PST
Room 23BC - San Diego Convention Center Upper Level

Experience Level Any

10:55am PST

SIG Cloud Provider Intro - Fabio Rapposelli, VMware & Nick Turner, Amazon

The long-term goal of SIG Cloud Provider is to promote a vendor-neutral ecosystem for our community. New vendors providing support for Kubernetes should feel equally empowered to do so as any of today’s existing cloud providers. More importantly, SIG Cloud Provider is focused on ensuring a consistent and high-quality user experience across providers. The SIG acts as a central group for developing the Kubernetes project in a way that ensures all providers share common privileges and responsibilities. This intro session will begin with an introduction to the SIG activities in representing the collective interests of all participating cloud providers in the Kubernetes ecosystem, and help guide participants in how to become involved with SIG and to transition from specific cloud SIGs to Cloud Provider Working Groups.

Speakers

Nicholas Turner

Senior Software Development Engineer, Amazon

Nick works at Amazon Web Services as a software development engineer for EKS where he works on building and operating a Kubernetes platform for customers who run their infrastructure on AWS. In the community, he is active in sig-cloud-provider and the provider-aws subproject, and... Read More →

Fabio Rapposelli

Staff Engineer 2, VMware

Purveyor of all things open source, loves distributed systems and solving complex problems. Renaissance man and human Rube Goldberg machine, Fabio has been working at the intersection between Kubernetes and VMware for the past 4 years. Frequent speaker at conferences such as dotGo... Read More →

KubeCon NA 2019 SIG Cloud Provider 2 pdf

Tuesday November 19, 2019 10:55am - 11:30am PST
Room 7AB - San Diego Convention Center Upper Level

The Release Team Shadow Program Mentoring For The Future pdf

Experience Level Any
Session Slides Included Yes

10:55am PST

The Release Team Shadow Program - Mentoring For the Future - Guinevere Saenger, GitHub & Lachlan Evenson, Microsoft

Each Kubernetes release is guided by a team of specialist community members to shepherd the process and to culminate in a new release of the world’s most popular container orchestration tool. After Release Day, the team members update some docs, and then disband to re-focus their efforts elsewhere in the project, giving room to others to fill their former roles. But have you ever wondered how the Kubernetes Release Team gets formed in the first place? Come to this talk to find out how YOU could be part of a future Kubernetes Release Team! This talk will discuss the purpose and implementation of the Kubernetes Release Team Shadow Program, give examples of success and areas of growth, and may help you decide if this is an area where you would like to start your journey as a Kubernetes contributor.

Speakers

Lachie Evenson

Principal Program Manager, Microsoft

Guinevere Saenger

Software Engineer, GitHub

Guinevere Saenger was a part of Ada Developers Academy Cohort 6, transitioning into tech from being a full-time professional pianist. Two years after graduating, Guinevere writes deployment automation tooling on the Moda platform at GitHub, and keeps GitHub’s Kubernetes infrastructure... Read More →

Tuesday November 19, 2019 10:55am - 11:30am PST
Room 6E - San Diego Convention Center Upper Level

Experience Level Any
Session Slides Included Yes

10:55am PST

Low Latency Multi-cluster Kubernetes Networking in AWS - Paul Fisher, Lyft

Lyft is migrating their entire service stack of hundreds of microservices to Kubernetes on AWS. A critical component to Lyft’s successful migration is their open source set of CNI plugins which implement a simple, fast, and low latency networking stack tying together multiple Kubernetes clusters into a flat network within AWS Virtual Private Clouds. Paul’s talk takes a deep dive into the design and implementation of Lyft’s multi-cluster Kubernetes platform from a network-centric perspective, including Envoy mesh integration and performance characteristics.

Speakers

Paul Fisher

Software Engineer, Lyft

Paul Fisher works on all things infrastructure related at Lyft, from monitoring software to the service provisioning stack. He’s currently leading the Lyft migration to Kubernetes. Paul tends toward work that lies at the intersection of systems programming and scale. He's previously... Read More →

Kubecon Lyft CNI 2019 pdf

Tuesday November 19, 2019 10:55am - 11:30am PST
Room 28ABCDE - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

10:55am PST

Blazin’ Fast PromQL - Tom Wilkie, Grafana Labs

PromQL, the Prometheus Query Language, is a concise, powerful and increasingly popular language for querying time series data. But PromQL queries can take a long time when they have to consider >100k series and months of data. Even with Prometheus’ compression, a 90 day query over 200k series can touch ~100GB of data.

In this talk we will present a series of techniques employed by Cortex (a CNCF project for clustered Prometheus) for accelerating PromQL queries -- namely query results caching, time slice parallelisation, aggregation sharding and automatic recoding rule substitutions.

But there’s more: we will show how you can use this technology to get these improvements with Thanos and Prometheus. Finally, we will cover optimisations to the PromQL engine by the Cortex team, and how these have already been merged upstream to benefit the whole community.

Speakers

Tom Wilkie

VP Product, Grafana Labs

Tom is VP Product at Grafana Labs, but really he is a software engineer. Tom is a maintainer on the Prometheus project and a maintainer and the original author of Cortex, both CNCF projects. Previously Tom founded Kausal, a company working on Prometheus, and worked at companies such... Read More →

2019 11 Blazin' Fast PromQL pdf

Tuesday November 19, 2019 10:55am - 11:30am PST
Room 11AB - San Diego Convention Center Upper Level

Experience Level Advanced (Expert level experience)

10:55am PST

Making the Most Out of Kubernetes Audit Logs - Laurent Bernaille & Robert Boll, Datadog

The Kubernetes audit logs are a rich source of information: all of the calls made to the API server are stored, along with additional metadata such as usernames, timings, and source IPs. They help to answer questions such as “What is overloading my control plane?” or “Which sequence of events led to this problematic situation?”. These questions are hard to answer otherwise—especially in large clusters. At Datadog, we have been running clusters with 1000+ nodes for more than a year and during that time, the audit logs have proved invaluable.

In this talk, we will first introduce the audit logs, explain how they are configured, and review the type of data they store. We will then demo a functioning setup and show a few different types of analysis techniques. Finally, we will describe in detail several scenarios where they have helped us to diagnose complex problems.

Speakers

Laurent Bernaille

Staff Engineer, Datadog

Laurent Bernaille worked several years as a consultant specialized in cloud, containers, and automation and helped organizations migrate to the public cloud, adopt containers and improve their deployment pipelines. He is now Staff Engineer at Datadog and works in the Compute team... Read More →

Robert Boll

Engineering Manager, Runtime Platforms, Datadog

Rob is a software engineer with a keen interest in cloud infrastructure and delivery. He is currently an Engineering Manager at Datadog, working on the infrastructure platform and scaling global compute infrastructure built on Kubernetes.

Making the Most out of Kubernetes Audit Logs pdf

Tuesday November 19, 2019 10:55am - 11:30am PST
Room 6C - San Diego Convention Center Upper Level

The Devil in the Details Kubernetes’ First Security Assessment updated pdf

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

10:55am PST

The Devil in the Details: Kubernetes’ First Security Assessment - Aaron Small, Google & Jay Beale, InGuardians

In October of last year, the Kubernetes project created a new Security Audit working group and began Kubernetes’ first comprehensive third-party security assessment. In the months that followed, we worked closely with Trail of Bits and Atredis Partners to assess and improve Kubernetes’ security posture. Through code review and penetration testing, we found and addressed 37 new vulnerabilities. With support from many Kubernetes contributors, the third party security firms and Kubernetes project produced a formal threat model covering eight critical components across six different trust zones. In this talk, we will share our findings, methodology, and vision for future security investments. We’ll discuss what the work uncovered, and what this means to Kubernetes security both now and for the future.

Speakers

Aaron Small

Product Manager, Google

Jay Beale

CEO and CTO, InGuardians

Jay Beale is CTO and CEO for InGuardians. He works on Kubernetes, Linux and Cloud-Native security, both as a professional threat actor and an Open Source maintainer and contributor. He's the architect of the open source Peirates attack tool for Kubernetes and Bustakube CTF Kubernetes... Read More →

Tuesday November 19, 2019 10:55am - 11:30am PST
Room 16AB - San Diego Convention Center Mezzanine Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

10:55am PST

Service Mesh: There and Back Again - Hema Lee & Cody Vandermyn, Nordstrom

You might have heard about service mesh and its amazing benefits. Maybe you believe it’s the next big thing, but will it truly meet expectations? As any start to a relationship, things look fun and easy but once we talk performance at scale, compliance with internal security policies, and seamless onboarding, you might reconsider taking it home to meet your parents!

With a highly distributed system that includes services running on Kubernetes clusters along with VM and Serverless workloads, vanilla service mesh would not work for us. In this talk, Hema & Cody will cover how Nordstrom’s relationship with service mesh evolved, what initial results revealed, what surprised us, and the open source contributions and adaptations we made to get to production readiness. We will share lessons learned and hopefully help with your service mesh relationship.

Speakers

Hema Lee

Senior Software Engineer, Nordstrom

Hema is a Senior Engineer at Nordstrom and a member of the Engineering Platform organization. Currently, she's deep in the world of securing service to service communications across all of Nordstrom's compute infrastructure. Previously, her work spanned developing components for distributed... Read More →

Cody Vandermyn

Sr. Software Engineer, Nordstrom

Cody Vandermyn works as a Senior Engineer at Nordstrom. He is an active contributor to open source including the Linkerd project. As an avid software geek, Cody enjoys building cloud native applications using new technology, ensuring they are easy to maintain and educating others... Read More →

TACO KubeCon19 pdf

Tuesday November 19, 2019 10:55am - 11:30am PST
Ballroom Sec 20CD - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

10:55am PST

Beyond Storage Management - Andrew Large & Yinan Li, Google

Kubernetes added alpha support for persistent volume snapshotting in 1.12 through the Container Storage Interface (CSI). While having some limitations, this feature is critical to stateful workloads and serves as one of the building blocks for developing advanced, enterprise-grade capabilities around data protection.
This talk provides an overview of standard enterprise data protection policies and practices and discusses how those might map into Kubernetes. We’ll discuss the full scope of what data protection might look like in Kubernetes and considerations that go into building an enterprise-grade data protection solution, placing the volume snapshot work in a larger context, and propose some explicit potential future standards activities.

Speakers

Yinan Li

Software Engineer, Google

Yinan Li is currently a Software Engineer at Google. He focuses on work that enriches Kubernetes with enterprise-grade data management capabilities and work that enables large-scale data processing on Kubernetes, including the Kubernetes scheduler backend for Apache Spark. Yinan is... Read More →

Andrew Large

Software Engineer, Google

Andrew Large is currently a software engineer at Google. He focuses on work that enriches Kubernetes with enterprise-grade data management capabilities in hybrid and multi-cloud environments. Prior to Google, Andrew led the cloud analytics teaocsm at Tintri - an enterprise storage... Read More →

Beyond Storage Management pdf

Tuesday November 19, 2019 10:55am - 11:30am PST
Room 15AB - San Diego Convention Center Mezzanine Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

11:50am PST

eBay Search On K8s - Mohnish Kodnani & Yashwanth Vempati, eBay

eBay currently has billions of items available for search. The search engine at any given time can get around 100K’s of queries per second for search within this inventory.
In order to support this scale of traffic and the size of the inventory we need thousands of servers. The inventory is sharded and then replicated across these servers to handle the traffic. In this talk we will go through how we migrated the application to kubernetes and its deployment architecture while meeting some of the business requirements for resiliency and availability. We will also go through our index distribution architecture that leverages kubernetes principles. At the end we will also share our challenges and learnings while deploying the application on kubernetes.

Speakers

Mohnish Kodnani

Sr MTS, Software Engineer, eBay

Mohnish works on eBay Search Engine’s Indexing and Data Acquisition domains. He is currently in-charge of migrating the Search Engine’s deployment on top of k8s. In his spare time he loves to travel, rock climb and spend time with his 5 year old son.

Yashwanth Vempati

MTS 1,Software Engineer, eBay

Yashwanth is a passionate engineer interested in solving complex business problems. Right now he is working on moving majority of traditional application into cloud native. He is also working on storing data from kubernetes clusters and use them for monitoring and machine learning... Read More →

ebay search on k8s pdf

Tuesday November 19, 2019 11:50am - 12:25pm PST
Room 6C - San Diego Convention Center Upper Level

Scaling resilient systems A journey into Slack's database service pdf

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

11:50am PST

Scaling Resilient Systems: A Journey into Slack's Database Service - Rafael Chacon & Guido Iaquinti, Slack

Monitoring and observability are important concepts, especially in complex and distributed systems. Redundancy and defensive programming are important as well, but sometimes they are not enough. Designing systems to minimize the blast radius when the unexpected happens is often the key.

In this talk, Rafael and Guido will share an overview about how Slack designed, built, scaled and then iterated to improve its distributed database service based on top of Vitess, now a CNCF project. The Databases team at Slack scaled a Vitess cluster from 0 to spikes of 2.7 Million queries per second. This journey has taught us how to operate a database cluster with more than 2000 nodes and expecting to growth to more than 3500 in the next 12 months.

Speakers

Guido Iaquinti

Site Reliability Engineer, Freelance

Guido is a system engineer with academic background and experience in high volume/high availability Internet architectures. He is a technology enthusiast excited about open source software. His passion is to develop, scale and automate complex systems.

Rafael Chacon

Engineer, Slack

Rafael Chacon is a Staff Software Engineer on the infrastructure team at Slack, where he is working on the MySQL database layer on top of Vitess. Rafael has been part of the team that has migrated more than 30% of Slack database traffic from MySQL to Vitess. He is also now a core... Read More →

Tuesday November 19, 2019 11:50am - 12:25pm PST
Ballroom Sec 20AB - San Diego Convention Center Upper Level

Applying Policy Throughout The Application Lifecycle with Open Policy Agent pdf

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

11:50am PST

Applying Policy Throughout The Application Lifecycle with Open Policy Agent - Gareth Rushgrove, Snyk

Open Policy Agent is built to be used as a library in other tools and there are already several open source projects using OPA as generic policy engine. This is powerful because it allows end users to invest in one use case, and reuse some of the same knowledge and tools, especially the Rego data assertion language, to solve other adjacent problems.

In this talk we will look at applying Open Policy Agent tools throughout the application lifecycle. We’ll explore:

* Writing unit tests for Kubernetes configuration (and Helm charts) using Conftest
* Defining a CI pipeline in code, and testing that using OPA
* Gating deployments to the cluster using Gatekeeper
* Auditing the cluster for security best practices, by porting the Kubesec ruleset to Rego
* Porting pod security policies to OPA
* Writing unit tests for the Rego policy code we wrote above

Speakers

Gareth Rushgrove

VP Product, Snyk

Gareth Rushgrove is VP of Product at Snyk, working remotely from Cambridge, UK, helping to build interesting tools for people to better secure their applications. He has previously worked for the UK Government Digital Service focused on infrastructure, operations and information security... Read More →

Tuesday November 19, 2019 11:50am - 12:25pm PST
Room 29ABCD - San Diego Convention Center Upper Level

CI/CD

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

11:50am PST

Panel: What’s Essential in an OSS Project Launch Playbook? - Betty Junod, Solo.io; Jian He, Alibaba; Karen Chu, Matt Butcher, & Ronan Flynn-Curran, Microsoft

Creating/developing a new OSS project is hard as is, but how can you go about successfully sharing your project with the community once you’re ready?

Collectively, this panel has launched/worked on multiple open source projects such as Helm, OpenKruise, CNAB, Docker, Gloo & Service Mesh Interface. From their experience, they've identified elements essential to any open source project launch, no matter how small/big your project is.

In this panel, they'll discuss what should be in an OSS project launch playbook:
• Infrastructure: tools needed to create a public space for your project
• Communications: techniques for setting a tone, creating a brand & spreading the word
• Governance: what you need to create a protected but open space for your community
• Goal: purpose of open sourcing your project, rules of engagement
• Community: what you need to plan to grow, cultivate & engage members

Speakers

Matt Butcher

Principal Software Development Engineer, Microsoft Azure

Karen Chu

Community PM, Microsoft

Karen Chu is a Community PM on the Microsoft Azure Container Compute Upstream team with a focus on open source tools such as Helm, CNAB, Brigade, CNAB, and more. She is a CNCF Ambassador, meet-up organizer, and conference organizer. She has also worked The Illustrated Children’s... Read More →

Jian He

Staff Engineer, Alibaba

Jian He is a Staff Engineer at Alibaba where he works on container infrastructure to support Alibaba ecosystem. Prior to that, he worked at Hortonworks where he mainly works on Hadoop and is a Hadoop committer and PMC member. Jian He graduated from Brown University in Computer Sc... Read More →

Betty Junod

VP of Marketing, Solo.io

Betty Junod is the VP of Marketing at Solo.io focused on open source and commercial software tools in the Service Mesh and Kubernetes ecosystem including Gloo, SuperGloo, GlooShot, Squash and Service Mesh Hub. Previously Betty led product and partner marketing at Docker, the container... Read More →

Ronan Flynn-Curran

Designer/Software Engineer, Microsoft

Ronan is a designer and developer who brands, builds and works to boost open source projects at Microsoft Azure. He works within the Deis Labs team, whose goal is to make container-based developer tools accessible and friendly to all. Day-to-day he works on making sites, identity... Read More →

Tuesday November 19, 2019 11:50am - 12:25pm PST
Room 7AB - San Diego Convention Center Upper Level

TEE based KMS plugin for encryption of kubernetes secrets pdf

Experience Level Intermediate (Mid-level experience)

11:50am PST

Hardware-based KMS Plug-in to Protect Secrets in Kubernetes - Raghu Yeluri & Haidong Xia, Intel

Secrets are a key pillar of K8S security, and K8S 1.10+ enhanced the protection of secrets at-rest in the etcd, with support for an external KMS (via KMS plug-ins), and supporting envelope encryption. However, the secret encryption keys (DEKs/KEK) are in the clear in memory of the K8S Master in the KMS plug-ins (during execution). An attacker with privilege access to k8S master node/host, can read the keys from memory, access secrets, compromising data & k8s cluster. This session proposes a solution (with a quick demo) to add a new KMS plug-in that leverages hardware based TEE (Trusted execution environment – like Intel SGX) to ensure that the keys, and the encryption of the secrets, are protected by the CPU on the master, addressing the threat vector mentioned. It enumerates multiple options for the integration with KMS, articulating the the trade-offs of the approaches.

Speakers

Raghu Yeluri

Sr. Principal Engineer, Intel

Raghu Yeluri is a Sr. Principal Engineer and lead Security Architect in the Data Center Group at Intel Corporation with focus on confidential compute in cloud native, containerized deployments leveraging hardware-based security. In this role, he drives security solution architecture... Read More →

Haidong Xia

Sr. Solutions Architect, Intel

Haidong is a Sr. security solution architect in Data Center Group at Intel Corporation. He is also a seasoned developer working on Kubernetes/container security, OpenStack integration of h/w security features and controls, and micro-service/cloud native architecture development. He... Read More →

Tuesday November 19, 2019 11:50am - 12:25pm PST
Room 6E - San Diego Convention Center Upper Level

Enabling Kubeflow with Enterprise Grade Auth for On Premise Deployments pdf

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

11:50am PST

Enabling Kubeflow with Enterprise-Grade Auth for On-Prem Deployments - Yannis Zarkadas, Arrikto & Krishna Durai, Cisco

Kubeflow is an open source machine learning platform built on Kubernetes. Every service in Kubeflow is implemented either as a Custom Resource Definition (CRD) (e.g., TensorFlow Job) or as a standalone service (e.g., Kubeflow Pipelines).

As enterprises start to adopt Kubeflow, the need for access control, authentication, and authorization is emerging. An enterprise-grade solution to authenticate and authorize on two API layers: Kubernetes APIs and Kubeflow’s stand-alone services APIs. For better adoption, the solution should also integrate seamlessly with existing user management solutions in enterprises, such as LDAP or Active Directory (AD).

We present how we combined open-source, cloud-native technologies to design and implement a flexible, modular solution for enterprise authentication and authorization in Kubeflow. The talk will include a live demo.

Speakers

Yannis Zarkadas

Software Engineer, Arrikto

Yannis is a software engineer at Arrikto, working with Kubeflow and the Kubernetes sig-storage group. He loves contributing to open source projects and has authored the Cassandra Operator in Rook and the official Scylla Operator, which he is currently maintaining.

Krishna Durai

Software Engineer, Cisco

Krishna is a software engineer at Cisco, Bangalore and is a contributor to the Kubeflow open-source project. He has been designing and engineering AI platforms in enterprise domains like healthcare.

Enabling Kubeflow with Enterprise Grade Auth for On Premise Deployments pptx

Tuesday November 19, 2019 11:50am - 12:25pm PST
Room 16AB - San Diego Convention Center Mezzanine Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

11:50am PST

Cortex 101: Horizontally Scalable Long Term Storage for Prometheus - Chris Marchbanks, Splunk

Cortex provides horizontally scalable, highly available, multi-tenant, long term storage for Prometheus metrics, and a horizontally scalable, Prometheus-compatible query API. Cortex allows users to deploy a centralised, globally aggregated view of all their Prometheus instances, storing data indefinitely. In this talk we will discuss Cortex's history, Cortex's architecture, and how to get started with Cortex. Cortex is a CNCF sandbox project.

Speakers

Chris Marchbanks

Senior Software Engineer, Splunk

Chris is a Software Engineer at Splunk where he delivers observability for teams working on multiple internal Kubernetes clusters. He is a team member for two CNCF projects, Prometheus and Cortex. Outside of work, Chris enjoys skiing uphill in the mountains of Colorado.

cortex 101 pdf

Tuesday November 19, 2019 11:50am - 12:25pm PST
Room 15AB - San Diego Convention Center Mezzanine Level

Five things you didn’t know you could do with SPIFFE and SPIRE pdf

Experience Level Any
Session Slides Included Yes

11:50am PST

Five Things You Didn’t Know You Could Do with SPIFFE and SPIRE - Andrew Jessup & Andrés Vega, Scytale

Zero Trust networking and secure authentication are hot topics in security team meetings all over the world. But how do you actually get started? The open-source SPIFFE and SPIRE projects are your foundation for building ridiculously secure software, even between multiple clouds and clusters.

In this talk, we will guide you through five practical applications with the open-source SPIFFE and SPIRE projects, including automatic authentication and mutual TLS encryption between:

workloads on two different clouds,
a workload in a virtual machine and an Istio cluster,
a container in a Google Container Engine cluster and Amazon Web Services
a workload in a Kubernetes cluster and a MySQL database
a workload in a Kubernetes cluster and a Hashicorp Vault cluster
a workload in a Kubernetes cluster and an API gateway

And we’ll do all of this without any annoying passwords, API keys, or secrets.

This talk focuses on real, practical examples of the SPIFFE and SPIRE projects. It assumes no prior knowledge of them, though some passing familiarity with Kubernetes will be helpful.

Speakers

Andrew Jessup

Recovering Engineer, Scytale

I'm head of product at Scytale, where we're redefining Privileged Access Management for a multi-cloud, micro-services driven world. A significant part of that vision is working to drive the SPIFFE and SPIRE projects to help organisations securely connect un-trusted systems.

Andres Vega

Founder, M42

Tuesday November 19, 2019 11:50am - 12:25pm PST
Room 31ABC - San Diego Convention Center Upper Level

Experience Level Beginner (Very basic information)
Session Slides Included Yes

11:50am PST

How to Migrate a MySQL Database to Vitess - Sugu Sougoumarane & Morgan Tocker, PlanetScale

Vitess is a cloud-native storage solution that can scale indefinitely. This session will cover a high level overview of all the Vitess features, the architecture, and what database workloads are a good fit. We will then walk through a demo of live-migrating an existing MySQL installation into Vitess. Because Vitess also speaks the MySQL protocol, it is easy to retrofit scaling into your existing database systems.

Speakers

Sugu Sougoumarane

CTO, Planetscale, Inc.

Sugu is the co-creator of Vitess, and has been working on it since 2010. Prior to Vitess, Sugu worked on scalability at YouTube and was also part of PayPal in the early days. His recent interest is in distributed systems and consensus algorithms. He occasionally shares his thoughts... Read More →

Morgan Tocker

Community Development Manager, Planetscale, Inc.

Migrating MySQL to Vitess@SanDiego (1) pdf

Tuesday November 19, 2019 11:50am - 12:25pm PST
Room 6D - San Diego Convention Center Upper Level

Experience Level Any
Session Slides Included Yes

11:50am PST

Intro to Cloud Native Buildpacks - Terence Lee, Heroku & Emily Casey, Pivotal

You're great at running containers but you shouldn't have to be great at building them. In this talk, you'll learn about Cloud Native Buildpacks, a higher-level abstraction for building apps compared to Dockerfiles. Buildpacks are a standardized tool for creating images in a secure, reproducible, and efficient manner. As an app developer, you don't need to know best practices around ordering commands for layer reuse. As an operator, you don't need to worry about exposing developers to the responsibilities that come with Dockerfile. Come learn how buildpacks meet developers at their source code, automate the delivery of both OS-level and application-level dependency upgrades, and help you efficiently handle day-2 app operations

Speakers

Emily Casey

Cloud Native Buildpacks Lead Engineer, Pivotal

Terence Lee

Software Engineering Architect, Heroku (Salesforce)

Terence is as Software Engineering Architect at Heroku (Salesforce) working on Builds & Languages. He's worked on some OSS projects such as Ruby (the language), mruby, Bundler, Resque, as well as helping with the Rails Girls movement. When he’s not going to an awesome Heroku/Tech... Read More →

Tuesday November 19, 2019 11:50am - 12:25pm PST
Room 14AB - San Diego Convention Center Mezzanine Level

Experience Level Any
Session Slides Included Yes

11:50am PST

Intro to SIG Service Catalog - Jonathan Berkhahn, IBM & Mateusz Szostok, SAP

This is an introduction to the Kubernetes Service Catalog extension project. Service Catalog lets you provision cloud services directly from the comfort of native Kubernetes tooling, regardless of where the service is actually hosted. Service Catalog is a Kubernetes implementation of the Open Service Broker API, an open standard to provision and manage cloud services. Come learn how you can use Service Catalog to access third-party services from your Kubernetes applications or to offer your service to Kubernetes users. We will walk through provisioning a relational database through Service Catalog and and then connect to it from an application running on Kubernetes.

Speakers

Jonathan Berkhahn

Senior Software ENgineer, IBM

Jonathan is a member of the steering committee of Operator Framework, and a maintainer of Operator SDK. He's worked in the past on various open technologies in the cloud platform space, including Kubernetes and Cloud Foundry. His passions in open source include behavior driven development... Read More →

Mateusz Szostok

Senior Software Engineer, SAP

Mateusz Szostok works at SAP in an open-source project called Kyma. He is one of the co-chairs of the Service Catalog SIG. He specializes in such domains as Service Catalog, Brokers, and Controllers. Currently, he is in charge of the task to replace the Aggregated API Server with... Read More →

ServiceCatalog Intro KubeCon NA 2019 pdf

Tuesday November 19, 2019 11:50am - 12:25pm PST
Room 32AB - San Diego Convention Center Upper Level

Experience Level Any
Session Slides Included Yes

11:50am PST

Intro: Contributor Experience SIG - Elsie Phillips, Red Hat & Paris Pittman, Google

In this 30 minute session, we will explore the projects we have been working on with Contributor Experience and the future work we have on deck. We will provide an update to the following projects and have information on how to get involved.

Speakers

Paris Pittman

Kubernetes OSS Strategy, Google

Paris is a Developer Relations Program Manager on Google Cloud's Open Source Strategy team focusing on the Kubernetes Community. She is a co-chair of the special interest group for Contributor Experience and an organizer of Bay Area Kubernetes Meetup with 4,000 members. She has 14... Read More →

Elsie Phillips

Product Marketing Manager, Red Hat

Tuesday November 19, 2019 11:50am - 12:25pm PST
Room 23BC - San Diego Convention Center Upper Level

Experience Level Any

11:50am PST

Intro: Flux - Stefan Prodan & Alexis Richardson, Weaveworks

In this session, we will introduce the basics of Flux and its Helm Operator sub-project. Flux is an open source operator that makes GitOps happen in your cluster. It automatically ensures that the state of your Kubernetes cluster matches the configuration you’ve supplied in Git. We will explore the GitOps methodology and talk about the benefits of using Flux to do Kubernetes cluster management and application delivery. We shall compare Flux with other approaches like Spinnaker and talk about the differences between CiOps and GitOps. Flux joined CNCF in August 2019 as a sandbox project.

Speakers

Alexis Richardson

CEO, Weaveworks

Alexis is CEO and co-founder of Weaveworks, and was the first chair of the CNCF TOC. He is also known for popularising the terms and practices of GitOps. Previously, at Pivotal, as head of products for Spring, RabbitMQ, Redis and vFabric, he "rebooted" Spring and transitioned the... Read More →

Stefan Prodan

Principal Engineer, Weaveworks

Stefan is a Principal Engineer at Weaveworks and an open source contributor to cloud-native projects. He is the creator of Flagger the progressive delivery operator for Kubernetes, and a core maintainer of the CNCF's Flux project. He worked as a software architect and a DevOps consultant... Read More →

Tuesday November 19, 2019 11:50am - 12:25pm PST
Room 5AB - San Diego Convention Center Upper Level

Experience Level Any

11:50am PST

Introduction to CRI-O - Mrunal Patel & Peter Hunt, Red Hat, Inc.

You have a lot of complicated things to think about as a developer and Kubernetes admin. Your container runtime shouldn't be one of them. CRI-O is there to be your "no-worry" CRI option. Running distributed applications, even with kubernetes, is a challenging task, and ultimately a developer’s focus should be on providing value to their end-users. CRI-O is a container runtime designed to be secure and reliable and is developed exclusively for Kubernetes so that you can focus on what matters more. Join Mrunal Patel and Peter Hunt as they walk through the architecture and design of CRI-O and show you how to deploy and run with kubernetes, so you can choose it as your runtime, and promptly forget about it.

Speakers

Mrunal Patel

Senior Principal Software Engineer, Red Hat

Mrunal Patel is a Senior Principal Software Engineer at Red Hat working on containers for Openshift. He is a maintainer of runc/libcontainer and the OCI runtime specification. He started the CRI-O runtime. He is active across various projects in the kubernetes SIG Node. He has also... Read More →

Peter Hunt

Red Hat

Peter Hunt is a Senior Software Engineer working at Red Hat. Passionate about free software, Peter focuses on maintaining CRI-O, attending SIG node, and ~writing~ squashing bugs. Outside of the virtual world, Peter likes collecting floral-printed pants, gardening, and dancing.

kubecon 19 intro to CRI O pptx

Tuesday November 19, 2019 11:50am - 12:25pm PST
Room 33ABC - San Diego Convention Center Upper Level

Experience Level Any

11:50am PST

Introduction to Virtual Kubelet – Featuring Titus by Netflix - Ria Bhatia, Microsoft & Sargun Dhillon, Netflix

Virtual-kubelet can extend kubernetes in many interesting and unique ways. This talk will go through how providers are utilizing virtual-kubelet to extend Kubernetes either for their customers, or for the benefit of their platform. The talk will also go through how Netflix is using virtual-kubelet to aid in integration with their existing architecture. Virtual-kubelet is able to give them the best of both worlds. Netflix has been able to leverage the Kubernetes API Server and the controllers as a mechanism to accelerate their control plane, whilst being able to use their existing containerization and isolation technology that’s been in development under the guise of the Titus (https://medium.com/netflix-techblog/the-evolution-of-container-usage-at-netflix-3abfc096781b) project since December 2015. The flexibility of the project, has allowed them to introduce new southbound, and northbound concepts to their product, which is enabling greater efficiency, and scalability.

Speakers

Ria Bhatia

Program Manager, Independent

Ria Bhatia was a Program Manager for Upstream Azure Compute within Microsoft. She's been working with the community on different ways to scale in Kubernetes and operate Kubernetes. She actively maintains Virtual Kubelet and has spoken at multiple meetups and conferences, including... Read More →

Sargun Dhillon

Senior Software Engineer, Netflix

Sargun Dhillon is a software engineer. He's been working in the container ecosystem for a number of years, ranging from projects like LXC to Mesos. He currently works on the Netflix container platform, Titus as a member of the agent team.

Tuesday November 19, 2019 11:50am - 12:25pm PST
Room 6F - San Diego Convention Center Upper Level

Experience Level Any

11:50am PST

Rethinking the K8s DNS for the Modern Enterprise - Deepa Kalani & Venil Noronha, VMware

The Domain Name System (DNS) is the component that provides the most vital piece of information for one to locate and communicate with services running in a Kubernetes cluster. This technology provides a set of features for name resolution, service discovery, metrics collection, query tracing, etc. However, this is only sufficient to satisfy the requirements of traditional workloads, and modern enterprises demand more.

In this talk, we will discuss the state-of-the-art in the modern enterprise in the context of the Kubernetes DNS. We will present use-cases like extensive aliasing, multi-tenancy, security, etc. that stretch the capabilities of currently available DNS solutions like CoreDNS, Kube-DNS, etc. We will then examine possible approaches to solve these challenges and see where these technologies fall short and how they could be improved.

Speakers

Deepa Kalani

Staff Engineer 2, VMware

Deepa Kalani is a Staff Engineer at VMWare, responsible for development of service mesh technologies with a focus on Istio and Envoy integrations for the enterprise. Prior to VMware, Deepa held various engineering roles at PLUMgrid and Cisco Systems.

Venil Noronha

Sr. Member of Technical Staff, VMware, Inc.

Venil Noronha is an engineer with the Tanzu Service Mesh team at VMware. He also contributes upstream to open source projects in the service mesh domain, like Istio and Envoy proxy. In the past, he has contributed to several open source projects including Kubernetes, Spring, and... Read More →

Rethinking the K8s DNS for the Modern Enterprise pdf

Tuesday November 19, 2019 11:50am - 12:25pm PST
Room 30ABCDE - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

11:50am PST

No-Nonsense Observability Improvement - Cory Watson, SignalFx

Observability has gone from a thing you read about on Twitter or Medium thinkpieces to something your organization “has”. Maybe you’ve got a few new observability tools deployed. How is that working out for you?

Regardless of your adoption level – from logs on local boxes up to the highest cardinality traces and feature analysis – at the end of the day these are tools, not magic spells. How do you teach, train, use, evangelize, and measure the impact they have in your organization?

Cory has been a part of solo and large observability teams, in-house and vendor, and worked with dozens of companies. In this session he’ll explain some no-nonsense, tool agnostic methods for wringing more value out of what you have, identifying when to use new tools, how to handle migrations, how to measure value, and how to deal with “why does this cost so much?”

Speakers

Cory Watson

Technical Director, SignalFx

Cory Watson is Director of Technology at SignalFx, leading high impact, customer-focused projects around observability and monitoring. Cory started his journey as an SRE at Twitter, and continued on to found the observability team at Stripe. He is a strong voice in the observability... Read More →

No Nonsense Observability Improvement pdf

Tuesday November 19, 2019 11:50am - 12:25pm PST
Room 17AB - San Diego Convention Center Mezzanine Level

KubeCon NA 2019 Take Envoy beyond a K8s service mesh pdf

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

11:50am PST

Take Envoy Beyond a K8s Service Mesh - to Legacy Bare Metal and VMs + More - Steve Sloka & Steven Wong, VMware

Envoy’s mission is to extract network and communication security code from applications in a way that developers and users can deploy components that just work no matter where they run or what hosts them.

This session will show how to leverage Envoy to achieve interoperation of applications and services, split across Kubernetes and traditional VM or bare metal hosts. We’ll look at how to incrementally bring Kubernetes into an existing application architecture based on existing VM or bare metal applications and services.

Specific examples will demonstrate:
- Using Contour with Envoy as an Ingress and load balancer solution with a richer feature set than some common alternatives
- Sending requests from VM workloads to Kubernetes services
- Direct requests to services running on a VM from Kubernetes
- Dynamical traffic steering - K8s and VM workloads at the same time

Speakers

Steven Wong

VMware

Steve Wong has been active in the Kubernetes community since 2015. He is a co chair of the CNCF Working Group. Steve is co-chair of the VMware User Group on the Kubernetes project. He has implemented industrial control systems for many factories, pipelines, and process control systems... Read More →

Steve Sloka

Sr. Member of Technical Staff, VMware

Steve Sloka is a Sr. Member of Technical Staff at VMware based in Pittsburgh, PA dealing with all things Cloud, Containers, and Kubernetes. Steve is a maintainer of Contour & Gimbal and is a contributor to many other open source projects. Steve is also a Kubernetes contributor and... Read More →

Tuesday November 19, 2019 11:50am - 12:25pm PST
Room 28ABCDE - San Diego Convention Center Upper Level

Experience Level Beginner (Very basic information)
Session Slides Included Yes

11:50am PST

CAP_NET_RAW and ARP Spoofing in Your Cluster: It's Going Downhill From Here - Liz Rice, Aqua Security

Did you know that by default, your applications running in Kubernetes can open raw network sockets? This talk demonstrates how, in the right circumstances, the CAP_NET_RAW capability that allows this can be abused by a compromised application.

* ARP spoofing: pretending to represent the wrong IP address
* If the app can ARP spoof the IP address of the DNS service, this potentially lets it spoof DNS addresses: pretending to represent the wrong domain name

Sounds bad, doesn't it?

These attacks, and their consequences, will be demonstrated live, along with preventative measures that you can take to ensure they aren't happening on your cluster.

This talk explains CAP_NET_RAW and spoofing, but the audience is expected to be comfortable with Kubernetes concepts like pod specs and admission controllers.

Speakers

Liz Rice

Chief Open Source Officer, Isovalent

Liz Rice is Chief Open Source Officer with eBPF specialists Isovalent, creators of the Cilium project. She was chair of the CNCF's Technical Oversight Committee 2019-2022, and Co-Chair of KubeCon + CloudNativeCon in 2018. She is also the author of Container Security and Learning eBPF... Read More →

ARP DNS spoof pdf

Tuesday November 19, 2019 11:50am - 12:25pm PST
Room 11AB - San Diego Convention Center Upper Level

Kubecon U.S Air Force Chief Software Officer Keynote v1.3 no video pptx

Experience Level Advanced (Expert level experience)
Session Slides Included Yes

11:50am PST

How the Department of Defense Moved to Kubernetes and Istio - Nicolas Chaillan, Department of Defense

This session will showcase the DoD Enterprise DevSecOps initiative and its architecture. It describes how the Department of Defense is securing OCI compliant containers, moving to Kubernetes and Istio, ensuring abstraction and scale across hundreds of environments, including Clouds, on-premise and classified environments. It will particularly focus on the sidecar security stack leveraging Envoy and sidecar containers to ensure zero trust security and baked-in multi-layer security.

Speakers

Nicolas Chaillan

Chief Software Officer, U.S. Air Force, USAF

Mr. Nicolas Chaillan, a highly qualified expert, is appointed as the first Air Force Chief Software Officer, under Dr. William Roper, the Assistant Secretary of the Air Force for Acquisition, Technology and Logistics, Arlington, Virginia. He is also the co-lead for the Department... Read More →

Tuesday November 19, 2019 11:50am - 12:25pm PST
Ballroom Sec 20CD - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

11:50am PST

Building Blocks: How Raw Block PVs Changed the Way We Look at Storage - Jose A. Rivera & Rohan Gupta, Red Hat

Raw block PersistentVolumes (PVs) allow applications to consume storage in a new way. In particular, Rook-Ceph now makes use of them to provide the backing store for its clustered storage in a more Kubernetes-like fashion and with improved security. Now we can rethink the notion of how we structure our storage clusters, moving the focus away from static nodes and basing them on more dynamic, resilient devices.

This talk will go over how we incorporated raw block PVs, how the operator manages them, and how we can now define storage cluster. It will also include a demo of the resiliency of these new types of devices. By the end of the talk, you'll not only know how to use raw block PVs but also why and when to use them.

Speakers

Jose A. Rivera

Senior Software Engineer, Red Hat

Jose Rivera is a Senior Software Engineer at Red Hat. He's worked in and around storage for over 10 years, with experiences spanning across multiple networked and software-defined storage projects such as Samba (SMB) and GlusterFS. Currently he works on OpenShift Container Storage... Read More →

Rohan Gupta

Software Engineer, Red Hat

Rohan Gupta currently serves as Software Engineer at Red Hat. He is in the Storage Team, and he works primarily on Rook-Ceph.

Building Blocks KubeCon NA 2019 pdf

Tuesday November 19, 2019 11:50am - 12:25pm PST
Room 1AB - San Diego Convention Center Upper Level

Experience Level Beginner (Very basic information)
Session Slides Included Yes

12:25pm PST

Attendee Headshots, sponsored by Codefresh (Reservation Required; Link in Description)

Get ready for your close up! We are proud to offer a limited number of complimentary headshots to attendees that are looking to spruce up their resume or LinkedIn profile. A reservation is required.
Thank you to our sponsor, Codefresh!

Tuesday November 19, 2019 12:25pm - 2:25pm PST
Room 21 - San Diego Convention Center Upper Level

Social Events

1:15pm PST

Chair Yoga (RSVP Required)

Need to take a break and stretch after your session? Join one of our chair-yoga classes! Chair Yoga is a great way to reset without having to leave your seat. Just a quick 30-minute session focused on movement and flexibility is enough to revitalize meetings and event participants. All levels of fitness can benefit from chair yoga including those with disabilities or mobility issues.
Space is limited. Please sign up through the attached Google Form.

Tuesday November 19, 2019 1:15pm - 1:45pm PST
23A - San Diego Convention Center Upper Level

Experience Level Any

2:25pm PST

A Peek Inside the Enterprise Cloud at Salesforce - Xiao Zhou & Thomas Hargrove, Salesforce

This talk offers a peek inside the enterprise cloud infrastructure at Salesforce. Kubernetes is open source software which is becoming the de facto standard for running services as scale.
Enterprise data centers are aiming to be closely managed and very secure. At Salesforce, we are bringing these two together. We are using Kubernetes to manage 2600+ hosts across 20+ private data centers. In this talk, we’ll be looking at the challenges and our approaches for using Kubernetes as the management software from several perspectives: Multi-tenants and self-serving, Management tooling, Security, Testing, Monitoring/alerting, also Visibility.

Speakers

Thomas Hargrove

Software Engineering Senior Director, Salesforce

Thomas is a Software Engineering Senior Director at Salesforce on the infrastructure engineering team. He helped build the hosted Kubernetes offering for Salesforce 1st party data centers with many enhancements around security, visibility and integration to internal systems. Before... Read More →

Xiao Zhou

Director Software Engineering, Salesforce

Xiao is a Software Engineering Director in Salesforce. She has about 10 years of experiences in the large scale and distributed computing area. Xiao has led numerous cloud native efforts and projects at Salesforce, and previously VMware. She is very passionate about improving quality... Read More →

A Peek inside the Enterprise Cloud pdf

Tuesday November 19, 2019 2:25pm - 3:00pm PST
Room 14AB - San Diego Convention Center Mezzanine Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

2:25pm PST

Running Istio and Kubernetes On-prem at Yahoo Scale - Suresh Visvanathan & Mrunmayi Dhume, Verizon

At Yahoo!, there are 18+ production grade Kubernetes(K8s) clusters and my team operates one of the largest on-prem K8s clusters handling 150K+ containers, 500+ applications and serving 1Million+ request per second. Mission critical Applications, such as Yahoo! Sports/Finance/Home are deployed and enabled by K8s/Istio platforms. The journey started 2 years ago as a ‘proof of concept’ with K8s and signing up for ‘early engagement program’ with Istio team to adopt Istio/Envoy to modernize our stack and move towards micro service architecture. During this journey, 1.Build Identity platform which provide unique identity for workloads 2.Enabled workload with sidecar envoy proxy and integrated with in-house Custom CA & RBAC for authN/Z 3. Build tools to manage both Istio & K8s cluster at scale.This talk will detail how K8s and Istio/Envoy used to deploy/secure/connect workloads @ Yahoo Scale.

Speakers

Suresh Visvanathan

Sr Architect, Verizon Media

Suresh Visvanathan, Sr Architect, has over 13 years of experience in IT and Software. Suresh’s current responsibilities include the architecture, vision, strategy and design of cloud platform as-a-service (PaaS). Suresh has been architecting solutions and building products around... Read More →

Mrunmayi Dhume

Principal Software Engineer, Verizon Media (Yahoo)

Mrunmayi Dhume is a Principal Software Engineer in the Core Infrastructure team at Verizon Media. She is part of the team responsible for providing L3/L4 routing solutions and leads the design and implementation of the routing layer and identity provider system components for Kubernetes... Read More →

K8s & Istio @ Yahoo pdf

Tuesday November 19, 2019 2:25pm - 3:00pm PST
Ballroom Sec 20AB - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

2:25pm PST

Managing Helm Deployments with Gitops at CERN - Ricardo Rocha, CERN

Kubernetes has taken a key role at CERN both for physics analysis and core IT services, simplifying and accelerating deployments and allowing a much higher rate of updates and upgrades.

This session will describe how helm is used for managing the description and configuration of the services. How CERN uses chartmuseum to maintain its private chart repositories, and how a custom plugin is used to manage secrets in the configuration, safely pushing encrypted payloads into git repositories. How a well defined structure of umbrella charts (sometimes referred to as meta charts) is used to define high level applications with complex dependencies, and how the notion of service variants and environments is exposed.

A demo will show the full gitops lifecycle for both production and canary deployments, relying on weave flux to quickly propagate changes to clusters.

Speakers

Ricardo Rocha

Computing Engineer, CERN

Ricardo is a Computing Engineer at CERN IT focusing on containerized deployments, networking and more recently machine learning platforms. He has led for several years the internal effort to transition services and workloads to use cloud native technologies, as well as dissemination... Read More →

Managing Helm Deployments with GitOPS at CERN pdf

Tuesday November 19, 2019 2:25pm - 3:00pm PST
Ballroom Sec 20CD - San Diego Convention Center Upper Level

CI/CD

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

2:25pm PST

Mental Health in Tech - Dr. Jennifer Akullian, Growth Coaching Institute

According to research by Open Sourcing Mental Illness, 51% of individuals working in the tech community have been identified with a mental illness. This is disproportionate to the 20% prevalence in the general population. To compound the concern, many working in the tech community are at risk for burnout, a condition that often resembles mental illness. While lots of people in tech struggle with mental health, industry-specific research and advocacy in the community is disproportionately inadequate.

For organizations, awareness and advocacy around employee mental health is crucial, after all, happy employees are more productive and less likely to leave their job. For employees who are struggling, it is important they know that they are not alone and there is help. This talk is focused on reducing the stigma around mental illness and expanding education and awareness into how to help yourself and others in your community. Jennifer will provide mental health background as she reviews the research pertaining to the tech community. Industry-specific burnout will be discussed and strategies for improving one’s experience or helping a friend or colleague will be examined.

Speakers

Dr. Jennifer Akullian

Founder | Psychologist, Growth Coaching Institute

Jen is a former psychologist, focusing her work in technology since 2015. Founder and Executive Coach at Growth Coaching Institute, much of her work focuses on cognitive health and managing industry-specific challenges and burnout, to allow motivated top performers to excel and find... Read More →

MentalHealthinTech Kubecon DrAkullian pdf

Tuesday November 19, 2019 2:25pm - 3:00pm PST
Room 6E - San Diego Convention Center Upper Level

Experience Level Any
Session Slides Included Yes

2:25pm PST

Russian Doll: Extending Containers with Nested Processes - Christie Wilson & Jason Hall, Google

Kubernetes extensibility has gone mainstream. From CRDs to admission controllers to custom schedulers, as a platform builder you have access to a powerful toolbox! But what about the humble Pod and its hardworking containers? What if you want to extend them? What tools are at your disposal?

In this talk you’ll learn how to extend a container by overriding its binary. This inventive approach is used by Prow (the CI/CD system that tests Kubernetes itself) and systems built on Tekton Pipelines (a Kubernetes based CI/CD platform) like Jenkins X and OpenShift Pipelines.

You’ll see how you can control the order of container execution within a Pod, stream logs to a persistent store at scale, and gracefully handle the appearance and lifecycle of injected sidecars. You’ll learn some of the benefits and drawbacks, as well as how to overcome the hurdles.

Speakers

Jason Hall

Software Engineer, Google

Jason Hall (he/him) is a software engineer at Google, currently working on the Tekton project. Before Tekton, he helped launch Google Cloud Build (formery Google Cloud Container Builder), and before that helped launch Google Cloud Source Repositories.

Christie Wilson

Software Engineer, Google

Christie Wilson (she/her) is a software engineer at Google and co-creator of the Tekton project. Over the past decade+ she has worked in the mobile, financial and video game industries. Prior to working at Google she built load testing tools for AAA video game titles, and founded... Read More →

Russian Doll slides pdf

Tuesday November 19, 2019 2:25pm - 3:00pm PST
Room 6C - San Diego Convention Center Upper Level

Introducing KFServing Cloud Native Serverless Inferencing pdf

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

2:25pm PST

Introducing KFServing: Serverless Model Serving on Kubernetes - Ellis Bigelow, Google & Dan Sun, Bloomberg

Production-grade serving of ML models is a challenging task for data scientists. In this talk, we'll discuss how KFServing powers some real-world examples of inference in production at Bloomberg, which supports the business domains of NLP, computer vision, and time-series analysis. KFServing (https://github.com/kubeflow/kfserving) provides a Kubernetes CRD for serving ML models on arbitrary frameworks. It aims to solve 80% of model serving use cases by providing performant, high abstraction interfaces for common ML frameworks. It provides a consistent and richly featured abstraction that supports bleeding-edge serving features like CPU/GPU auto-scaling, scale to and from 0, and canary rollouts. KFServing's charter includes a rich roadmap to fulfill a complete story for mission critical ML, including inference graphs, model explainability, outlier detection, and payload logging.

Speakers

Dan Sun

Software Engineer Team Lead, Bloomberg

Dan Sun is a team lead of the Data Science Serverless Runtime team at Bloomberg. Focused on building mission-critical production ML inference managed solutions, he strives to understand and tackle data scientists' complex problems. He also has many years of experience at Bloomberg... Read More →

Ellis Bigelow

Software Engineer, Google

Ellis Bigelow is a software engineer at Google Cloud developing next generation systems for the AI Platform Prediction Service. In addition to his efforts on Google's managed product, he leads the open source project, Kubeflow/KFServing, a kubernetes-based serverless inferencing platform... Read More →

Tuesday November 19, 2019 2:25pm - 3:00pm PST
Room 15AB - San Diego Convention Center Mezzanine Level

Experience Level Beginner (Very basic information)
Session Slides Included Yes

2:25pm PST

Cloud Provider Subproject AWS / User Group AWS - Cheng Pan, Amazon & Justin SB, Google

SIG AWS is now a sub project of SIG Cloud provider. It is also a User Group. In this session, we will discuss what this means for you and our ongoing roadmap. We will also both demo and discuss features of the 7 projects (previously SIG AWS subprojects) that are part of Cloud Provider Subproject AWS. Bring details of your use cases and feature requests so you can define the future roadmap / feature ask. Also bring your priorities wrt documentation and testing. Finally we will gather together to discuss immediate contributions that folks can make to make these projects meaningful for all users of k8s on AWS.

Speakers

Justin Santa Barbara

Software Engineer, Google

Justin has been contributing to kubernetes since 2014, and loves helping users adopt and grow their use of kubernetes - initially as the primary maintainer of the kubernetes AWS support, he also started the kOps project. He joined Google in 2018 to work full time on Kubernetes, focusing... Read More →

Tuesday November 19, 2019 2:25pm - 3:00pm PST
Room 6D - San Diego Convention Center Upper Level

Experience Level Any

2:25pm PST

Intro to Thanos: Scale Your Prometheus Monitoring With Ease - Lucas Serven, Red Hat & Dominic Green, Improbable

Thanos is an open-source CNCF Sandbox project that builds upon Prometheus components to create a global-scale highly available monitoring system. It seamlessly extends Prometheus in a few simple steps and it is already used in production by dozens of companies that aim for high multi-cloud scale for metrics while keeping low maintenance cost. During this talk, core maintainers of Thanos will explain basic concepts behind the project, its use cases, and tradeoffs. You will learn where to start and how to quickly deploy Thanos on Kubernetes without impacting your existing Prometheus setup. This talk is recommended for beginners that want to know more about running highly available Prometheus setup at scale with potentially unlimited metric retention with the lowest possible effort and cost.

Speakers

Dominic Green

Lead Engineer, Netspeak Games

Dom was the first cadet to outsmart the Kobiashi Maru, completed the Kessel Run in less than twelve parsecs, and beat Parzival to the First Gate. While not melting reality with fiction Dom works as an Engineer at Netspeak Games a London based game studio that is looking to push the... Read More →

Lucas Servén Marín

Principal Software Engineer, Red Hat

Lucas Servén Marín is a principal software engineer from Spain currently working for Red Hat in Berlin. By trade he is an electrical engineer, with a Masters in robotics. After two years at CoreOS, he joined Red Hat where he works on the OpenShift Monitoring team and contributes... Read More →

CNCFSanDiego IntroductionToThanos pdf

Tuesday November 19, 2019 2:25pm - 3:00pm PST
Room 6F - San Diego Convention Center Upper Level

Experience Level Any
Session Slides Included Yes

2:25pm PST

Intro: Linkerd - William Morgan, Buoyant

In this session, William Morgan will provide an introduction to Linkerd, the CNCF's service mesh project. Linkerd features blazing fast performance, an ultralight footprint, a Kubernetes-native design, and open governance. You'll learn what it does, why it's useful, differences with other service meshes, and finish with a brief Q&A.

Speakers

William Morgan

CEO, Buoyant

William Morgan is the CEO of Buoyant. Prior to founding Buoyant, he was an infrastructure engineer at Twitter, where he ran several teams building on product-facing backend infrastructure. He has worked at Powerset, Microsoft, adap.tv, and MITRE Corp, and has been contributing to... Read More →

Intro to Linkerd Kubecon NA 2019 (San Diego) pdf

Tuesday November 19, 2019 2:25pm - 3:00pm PST
Room 11AB - San Diego Convention Center Upper Level

Experience Level Any
Session Slides Included Yes

2:25pm PST

Introduction to Autoscaling - Marcin Wielgus & Vivek Bagade, Google

Come and see how to reduce the cost of your cluster and make your workloads more robust by dynamically adjusting them to the current traffic. During this talk members of SIG-Autoscaling will explain why you should be autoscaling both applications and clusters, and what tools Kubernetes provides to do that. You will learn the mechanics of Cluster, Horizontal Pod and Vertical Pod Autoscalers, their new features as well as the best practices for applying them in production.

Speakers

Marcin Wielgus

Staff Software Engineer, Google

Marcin Wielgus is a Staff Software Engineer at Google. Marcin joined the company in 2010 and since then he has been working on various projects, ranging from Android applications to recommendation engines. He started contributing to Kubernetes before the 1.0 release and currently... Read More →

Vivek Bagade

Software Engineer, Google Inc

Vivek works at Google developing Kubernetes Cluster Autoscaler and Node Autoprovisioning. In the past, Vivek worked on building a Kubernetes PaaS for cloud robotics with Rapyuta Robotics and building a contextual advertising platform with Media.net

Tuesday November 19, 2019 2:25pm - 3:00pm PST
Room 28ABCDE - San Diego Convention Center Upper Level

Experience Level Any

2:25pm PST

Introduction to CNI, the Container Network Interface Project - Bryan Boreham, Weaveworks & Dan Williams, Red Hat

CNI, the Container Network Interface, is a small but critical piece of infrastructure linking runtimes such as Kubernetes and CloudFoundry to dozens of different container network implementations. This session is aimed at users and developers who have little previous knowledge of container networking. Attendees will hear: - A broad overview of what CNI is - What the CNCF-hosted CNI project has delivered - How CNI relates to Kubernetes - How they can get more involved in the project

Speakers

Dan Williams

Manager, RHEL Networking, Red Hat

Dan is leading the OVN team. He is one of the architects of the OCP networking. Previously he has worked on Network Manager and made it ubiquitous for all linux distros like RHEL, Fedora, Ubuntu, Suse, Centos. Dan also lead the development of Multus, the plugin layer for Kubes, and... Read More →

Bryan Boreham

Distinguished Engineer, Grafana Labs

Bryan is a Distinguished Engineer at Grafana Labs, the observability company.After first getting into programming as a kid, creating a video game called "Splat", Bryan's career has ranged from charting pie sales at a bakery to real-time pricing of billion-dollar bond trades.At Grafana... Read More →

CNI Intro Nov 2019 pdf

Tuesday November 19, 2019 2:25pm - 3:00pm PST
Room 17AB - San Diego Convention Center Mezzanine Level

Experience Level Any
Session Slides Included Yes

2:25pm PST

Introduction to Windows Containers in Kubernetes - Michael Michael, VMware & Deep Debroy, Docker

The chairs for SIG-Windows will provide an update on the efforts to bring Windows to Kubernetes. This will concentrate on presenting an introduction of Windows Containers in Kubernetes and new features that are being delivered.

Speakers

Michael Michael

Director of Product Management, VMware

Michael Michael (or M2) is a Maintainer of Harbor and Contour, co-chairs Kubernetes' SIG-Windows, and is the product lead for Velero, Octant, and Sonobuoy. M2 is focused on cloud native technologies, delivering agility and simplicity to developers and accelerating the modernization... Read More →

Deep Debroy

Software Engineering Manager, Docker

Deep Debroy is a software Engineering Manager at Docker Inc. focussing on different aspects of enabling Windows workloads on Kubernetes as well as Persistent Storage in general. He is an active contributor to Kubernetes projects under SIG Windows and SIG Storage.

SIG Windows Intro KubeCon US 2019 pdf

Tuesday November 19, 2019 2:25pm - 3:00pm PST
Room 5AB - San Diego Convention Center Upper Level

Experience Level Any
Session Slides Included Yes

2:25pm PST

KubeVirt Intro: Virtual Machine Management on Kubernetes - Steve Gordon, Red Hat & Chandrakanth Jakkidi, F5

This session will provide an introduction to the KubeVirt project, which turns Kubernetes into an orchestration engine for not just application containers but virtual machine workloads as well. This provides a unified development platform where developers can build, modify, and deploy applications made up of both Application Containers as well as Virtual Machines in a common, shared environment.

In the session, you will learn more about why KubeVirt exists, how people are using it today, and how the project actually works from an architectural perspective. You will also see a short demo of the project in action!

Finally, you will hear about future plans for developing KubeVirt’s capabilities that are emerging from the community.

Speakers

Steve Gordon

Principal Product Manager, Red Hat

Geographically displaced Australian. Focused on building infrastructure solutions for compute use cases using a spectrum of virtualization, containerization, and bare-metal provisioning technologies. Stephen is currently a Principal Product Manager at Red Hat based in Toronto, Canada... Read More →

Chandrakanth Jakkidi

Senior Software Engineer, F5 Networks

Chandrakanth Reddy Jakkidi is an Active OpenSource Contributor. He is involved in CNCF and Open Infrastructure community projects. He is Contributed to Openstack , Kubernetes projects.Presently an active contributor to Kubevirt Project.Chandrakanth is having 14+ years experience... Read More →

Introduction to KubeVirt KUBECONNA19 pdf

Tuesday November 19, 2019 2:25pm - 3:00pm PST
Room 33ABC - San Diego Convention Center Upper Level

Experience Level Beginner (Very basic information)
Session Slides Included Yes

2:25pm PST

SIG Usability: Intro and How to Get Started - Tasha Drew, VMware

SIG Usability is a new SIG focused on the core end-user usability of the Kubernetes project. This covers topics like user experience and accessibility. The goal of SIG Usability is to facilitate adoption of the Kubernetes project by as diverse a community of end users as possible. We do this be ensuring that each end user’s interaction with Kubernetes, from discovery to successful production use is seamless and positive. Examples of efforts include user research, internationalization and accessibility. Join us at this session to learn about the SIG, what we've been up to, and how to get involved as a new contributor!

Speakers

Tasha Drew

Senior Director, xLabs, VMware

Tasha has been an innovative product leader in Silicon Valley for over a decade. She is Senior Director of xLabs in the Office of the CTO’s Advanced Technology Group at VMware. She is co-chair of the Kubernetes Working Group for Multi-Tenancy and co-chair of the Kubernetes SIG Usability... Read More →

2019 Intro to SIG Usability pdf

Tuesday November 19, 2019 2:25pm - 3:00pm PST
Room 23BC - San Diego Convention Center Upper Level

Adapting Kubernetes to Constrained IP Address Environments pdf

Experience Level Any
Session Slides Included Yes

2:25pm PST

Adapting Kubernetes to Constrained IP Address Environments - Mahesh Narayanan & Satyadeep Musuvathy, Google

When it comes to IP addresses, Kubernetes has a demand and supply issue.
On the Demand side, Kubernetes treats Pods as first class citizens with their own IPs. This makes port mappings and usage from a developer’s point of view much much simpler. But from an infrastructure perspective, this makes the whole cluster use IP addresses liberally.

On the Supply side, Kubernetes deployments generally run alongside incumbent networks. Therefore there are not enough IPs to allocate and have a production grade deployment.

Based on real world experience by our customers so far, we have found that there are a few ways to design your clusters to address these concerns:
-- Optimize the per node allocation so that the overall consumption can be optimized
-- re-use IP addresses for Infrastructure but have unique Services IPs.
-- Leverage a new IP addressing scheme through non-RFC 1918 ranges

Speakers

Mahesh Narayanan

Product Manager, Google

Mahesh Narayanan is a Cloud Networking Product Manager at Google Cloud. He works on GKE and drives its networking strategy and roadmap. Mahesh has also worked in sales and customer support roles and has a good understanding of customer perspective. Prior to Google, Mahesh worked in... Read More →

Satyadeep Musuvathy

Software Engineer, Google

Satya is a Software Engineer at Google. He lives and breathes GKE including GKE On-Prem. Satya has extensive Enterprise customer experience with stints at companies like Yahoo and Walmart.

Tuesday November 19, 2019 2:25pm - 3:00pm PST
Room 16AB - San Diego Convention Center Mezzanine Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

2:25pm PST

From Issue to PR Merged: A Fluentd “Tail” - Jordan Hamel, Amgen

Do you often find yourself opening an issue or looking for an alternative open-source project with support for your use case? Not sure where to start in contributing a fix for an issue?
Getting involved in the Fluentd ecosystem and submitting a PR helped make it possible for Amgen to effortlessly collect CloudTrail logs from hundreds of AWS accounts owned by separate teams.
We'll take a look at the details of how to collect and annotate logs stored in any format or account in AWS with Fluentd where hundreds or any number of accounts are in use. We'll also follow the details of contributing this now merged PR to the Fluentd S3 plugin that made it possible.
Whether you're a new or long-time user of Fluentd, come and be inspired to consider contributing back to observability related open-source projects like Fluentd and the benefits it can bring to your organization and the community.

Speakers

Jordan Hamel

Sr Mgr Software Development Engineering, Amgen

Jordan Hamel is a software engineer currently at Amgen who cares about making sure software and the users like each other. Having previously led E-commerce operations for years at Newegg.com, he is a huge fan and supporter of making the user experience as observable as possible and... Read More →

fluentd tail prezi convert compressed pdf

Tuesday November 19, 2019 2:25pm - 3:00pm PST
Room 7AB - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

2:25pm PST

Living with the Pathology of the Cloud: How AWS Runs Lots of Clusters - Micah Hausler, Amazon

Disk speed screeches to a crawl, packets get dropped, connections time out: welcome to the cloud! Most of the time the cloud "just works", but when it doesn’t, how does Kubernetes and etcd handle failure? In this talk Micah will discuss considerations for building and configuring cloud native systems for failure including how Amazon EKS’s architecture and design accounts for outages and dependency failures. Micah will also cover and lessons learned from managing lots and lots of Kubernetes and etcd for customers around the world.

Speakers

Micah Hausler

Principal Engineer, AWS

Micah is a Kubernetes contributor, a member of the Kubernetes Security Response Committee, and a Principal Engineer working on EKS at Amazon Web Services.

living with the pathology of the cloud pdf

Tuesday November 19, 2019 2:25pm - 3:00pm PST
Room 29ABCD - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

2:25pm PST

PodOverhead: Accounting for Greater Cluster Stability - Eric Ernst, Intel

Accounting is very important in Kubernetes. Better accounting leads to improved node stability, density, and more accurate charging users based on their actual resource utilization. Unfortunately, there are gaps in resource accounting in Kubernetes today, mostly based on the fact that running a pod is not actually free.

In Kubernetes 1.16, the PodOverhead feature is introduced to fix these issues.

We’ll dive into the details of a pod’s journey from client CLI to running on a node, touching on kubectl, API server, admission controllers, etcd, scheduler, kubelet, containerd/cri-o, and runtimes like Kata Containers and gVisor. Through this we will highlight the current gaps and how the PodOverhead feature addresses them.

Attend to get a basic understanding of the Pod creation process, and learn what the new PodOverhead feature is and how it can be used to improve cluster stability.

Speakers

Eric Ernst

Senior software engineer, Intel

Eric is a senior software engineer at Intel’s Open Source Technology Center, based out of Portland, Oregon. Eric has spent the last several years working on embedded firmware and the Linux kernel. Eric has been a developer and technical lead for the Intel Clear Containers project... Read More →

kubecon PodOverhead v2 pdf

Tuesday November 19, 2019 2:25pm - 3:00pm PST
Room 1AB - San Diego Convention Center Upper Level

Runtimes

Experience Level Intermediate (Mid-level experience)

2:25pm PST

Enforcing Automatic mTLS with Linkerd and OPA Gatekeeper - Ivan Sim, Buoyant & Rita Zhang, Microsoft

Whether you are operating a 5-node or a 500-node Kubernetes clusters, ensuring the integrity and security of the traffic among your workloads is something that should be taken seriously. As your team grows, it is important to automate the application and management of different mTLS policies.

In this talk, Ivan and Rita will share with you how Linkerd and Gatekeeper work together to automate and enforce mTLS policy in production. They will show you how easy it is to encrypt all east-west traffic using Linkerd’s zero config automatic mTLS feature. Then, you will see how Gatekeeper is used to define, enforce and audit every workload entering your cluster to ensure configuration is valid and conformant to policy.

Speakers

Rita Zhang

Principal Software Engineer, Microsoft

Ivan Sim

Software Engineer, Red Hat

slides v0.0.1 pdf

Tuesday November 19, 2019 2:25pm - 3:00pm PST
Room 31ABC - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

2:25pm PST

Porting Envoy to Windows; A Progress Report - Yechiel Kalmenson & William A. Rowe, Jr., Pivotal

Envoy is a high-performance open source edge and service proxy that makes the network transparent to applications. As of now Envoy is only available on Linux, and that’s a big blocker for Windows teams who want to migrate their monolithic apps to more service-oriented architectures.

Last year a team at Pivotal started working with Microsoft on making Envoy on Windows a reality. This talk will give a progress report on the work being done:

* An overview of the history of the project. Starting with the work done by Microsoft, contributions to upstream so far, and what we have left.

* Some of the challenges the team faced and how they overcame them. For example, the workarounds we employed to get a working Windows environment for Envoy, and some of the performance issues which still need to be solved.

* What the team is currently working on and what the outlook for the future is like.

Speakers

William A. Rowe, Jr.

Principal Software Engineer, Pivotal

William is a veteran of the Apache HTTP Server and APR projects, establishing Windows as a first class platform at these projects. He's applying this experience at Pivotal to help the Envoy Proxy project crew bring Envoy to native Windows OS.

Yechiel Kalmenson

Software Engineer, Pivotal

Yechiel Kalmenson was born and raised in Brooklyn. He got his rabbinical training in Israel and spent a few years teaching both children and adults. After a brief stint in Tech Support, he found his next calling and went on to study software development. He currently works as a... Read More →

Porting Envoy To Windows pdf

Tuesday November 19, 2019 2:25pm - 3:00pm PST
Room 32AB - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

2:25pm PST

Building a Database as a Service on Kubernetes - Abhi Vaidyanatha & Lucy Burns, PlanetScale

Stateful, scalable storage on Kubernetes is an unsolved problem. Creating it as a service is even more difficult. The cloud-native ecosystem offers many tools such as the operator-sdk, Prometheus, Grafana, etcd, Vitess, and much more, but integrating them isn't necessarily intuitive.

Two of PlanetScale's employees that have engineered and managed the project describe the journey of leveraging all of these open source technologies to build out a database as a service on Kubernetes.

Speakers

Lucy Burns

Product Manager, PlanetScale

Abhi Vaidyanatha

Software Engineer, PlanetScale

Abhi is a confused economist who enjoys writing backend code for various parts of PlanetScale's Vitess management software. In his spare time he is a DJ, podcast host, and competitive Super Smash Bros. player.

Building a Cloud Database pdf

Tuesday November 19, 2019 2:25pm - 3:00pm PST
Room 30ABCDE - San Diego Convention Center Upper Level

Managing Apache Flink on Kubernetes FlinkK8sOperator (1) pdf

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

3:20pm PST

Managing Apache Flink on Kubernetes - FlinkK8sOperator - Anand Swaminathan, Lyft

We have designed and built an open-source Kubernetes native operator that manages the complete lifecycle of Apache Flink applications from creation to execution. FlinkK8sOperator (https://github.com/lyft/flinkk8soperator) leverages Kubernetes CustomResourceDefinition to enable native management of Flink applications on Kubernetes. In this session, I will be presenting some of the unique challenges of running a complex, stateful application on Kubernetes, and the lessons we have learnt. I will also be providing an overview of how flink operator abstracts out the complexity of hosting, configuring, managing and operating 1000s of Flink clusters from application developers, and concluding with a demo.

Speakers

Anand Swaminathan

Software Engineer, Lyft

Anand currently works as a Software Engineer at Lyft building infrastructure for large scale streaming and batch processing systems. He is a major contributor and core maintainer of the open source project - FlinkK8sOperator. Prior to Lyft, Anand worked on DynamoDB (AWS), building... Read More →

Tuesday November 19, 2019 3:20pm - 3:55pm PST
Room 6D - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

3:20pm PST

10 Weird Ways to Blow Up Your Kubernetes - Melanie Cebula & Bruce Sherrod, Airbnb

It’s a brand new world in infrastructure with the advent of microservices, containerization, Kubernetes, and service mesh. And all is well. Or is it? Find out how easy it is to break container runtimes, abuse your service mesh, and take all of your production services down-- the results will surprise you! In the last year Airbnb scaled up to over 700 services in Kubernetes, running on all types of workloads across 1000s of nodes and dozens of clusters. We’ve learned a lot along the way and have some of our favorite stories to share-- from weird bugs, to hacky workarounds, to serious downtime. Favorites include:
- “Just what is the autoscaler doing”?
- “Knock knock, It’s Kube-DNS”
- “Whose PID is it anyway”?
and more!

Speakers

Melanie Cebula

Staff Software Engineer, Airbnb

Melanie Cebula is an expert in Cloud Infrastructure, where she is recognized worldwide for explaining radically new ways of thinking about cloud efficiency and usability. She is an international keynote speaker, presenting complex technical topics to a broad range of audiences, both... Read More →

Bruce Sherrod

Software Engineer, Airbnb

Bruce Sherrod is a software engineer on the service orchestration team at Airbnb.

kubecon 2019 preso pdf

Tuesday November 19, 2019 3:20pm - 3:55pm PST
Ballroom Sec 20AB - San Diego Convention Center Upper Level

Admission Webhooks Configuration and Debugging Best Practices pdf

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

3:20pm PST

Kubernetes in Your 4x4 – Continuous Deployment Directly to the Car - Rafal Kowalski, Grape Up

Automotive industry is getting more and more digitalized. Vehicles are not only a mean of transportation, but they pursue to be the drivers' control center with multiple software components onboard. To keep pace with evolving customer expectations and the newest technological solutions, vehicle's software requires frequent updates. However, the delivery process in a scaled up environment is not straightforward. Developers and operators have to face challenges, which are unusual in the typical Cloud Native world. Even basic service deployment may be complicated due to network performance or geographical considerations. During this talk, Rafał will show how to use Kubernetes, KubeEdge, k3s, Jenkins and RSocket for building continuous deployment pipelines, which ship software directly to the car, deals with rollbacks and connectivity issues.

Speakers

Rafał Kowalski

Cloud Solution Architect, Grape Up

Rafał Kowalski is a Cloud Solution Architect at Grape Up and a PhD student at the Complex Theory System Department at the Institute of Nuclear Physics Polish Academy of Science. His professional career, as well as scientific work, is related to delivering robust, scalable cloud-based... Read More →

Kubernetes in your 4x4 pdf

Tuesday November 19, 2019 3:20pm - 3:55pm PST
Room 6C - San Diego Convention Center Upper Level

CI/CD

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

3:20pm PST

Admission Webhooks: Configuration and Debugging Best Practices - Haowei Cai, Google

Admission (mutating and validating) webhooks have become popular mechanisms for extending Kubernetes API request admission. The admission webhook API is graduating GA in Kubernetes 1.16, where new features are introduced and debuggability improvements are made. In this talk, the audience will learn common pitfalls in admission webhook development, best practices in webhook configuration, and how to identify and debug failures caused by misconfigured or buggy admission webhooks.

Speakers

Haowei Cai

Software Engineer, Google

Haowei Cai is a Software Engineer for Google Cloud. He is one of the owners of Kubernetes Python client library and an active Kubernetes SIG API Machinery contributor. He has been contributing to Kubernetes Extensibility (Admission Webhooks and CRD) to GA working group in the past... Read More →

Tuesday November 19, 2019 3:20pm - 3:55pm PST
Room 29ABCD - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

3:20pm PST

Towards Continuous Computer Vision Model Improvement with Kubeflow - Derek Hao Hu & Yanjia Li, Snap Inc.

With deep learning gaining popularity in industry, there is a lot of material focusing on model training and serving. However, in production machine learning typically isn't complete after a single round of training. Model owners need to find ways to improve trained models regularly, and good machine learning pipelines achieve this by leveraging continuous feedback.

In this talk, we will demonstrate how Kubeflow and Kubeflow Pipelines are being used to continuously improve computer vision models at Snapchat. We will walkthrough how we orchestrate multiple components with Kubeflow Pipelines to extract data, label images, and (re)train machine learning models. We will also discuss best practices for authoring Kubeflow Pipeline components based on our experiences from developing and deploying these components for production use.

Speakers

Derek Hao Hu

Software Engineer, Snap Inc.

Derek Hao Hu is a software engineer at Snap on the Perception team. He's been working on building machine learning infrastructure, components, pipelines and tools that power different types of computer vision experiences inside Snapchat.

Yanjia Li

Software Engineer, Snap Inc.

Yanjia Li is a Software Engineer on the Perception team of Snap. He has been working on the algorithms and systems behind various computer vision products in Snapchat. One of his focus areas is building the software to handle large-scale deep learning model training and inference... Read More →

Tuesday November 19, 2019 3:20pm - 3:55pm PST
Room 31ABC - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)

3:20pm PST

An Introduction to Helm - Matt Farina, Samsung SDS & Josh Dolitsky, Blood Orange

CNCF Helm is a package manager that provides the tools to find, share, and install and manage software in Kubernetes. In this session you will learn the basics about using Helm. We will look at the makeup of charts, the packages for Helm. From there we will explore the ways to share and consume charts. To complete the lifecycle, we will look at installing and managing charts in a Kubernetes cluster. Helm is a project that was first introduced in 2015 and was part of Kubernetes prior to the creation of the CNCF. It entered the CNCF as part of Kubernetes and grew to eventually became a sister project, alongside Kubernetes, in the CNCF.

Speakers

Matt Farina

Distinguished Engineer, SUSE

Matt works as a Distinguished Engineer at SUSE, where he works on Rancher, focusing on cloud native technologies. He is also a member of the CNCF Technical Oversight Committee. Matt is an author, speaker, and regular contributor to open source.

Josh Dolitsky

Founder & Chief Engineer, bloodorange.io

Helm Intro pdf

Tuesday November 19, 2019 3:20pm - 3:55pm PST
Ballroom Sec 20CD - San Diego Convention Center Upper Level

Experience Level Any
Session Slides Included Yes

3:20pm PST

CNCF Network SIG Intro & Deep-Dive - Lee Calcote, Layer5 & Matt Klein, Lyft

“It’s the network!” is the cry of every system administrator, every developer. With the increased prevalence of microservice-based distributed systems, it’s true - networking as a discipline has never been more critical in the efficient operation of cloud native deployments. Networking primitives, including load balancing, observability, authentication, authorization, policy, rate limiting, QoS, mesh networks, legacy infrastructure bridging, and so on are now receiving substantial development and investment throughout the industry and are the subject of focus of the CNCF Network SIG.

Join this talk for an intro to the SIG, its charter and a deeper discussion of current cloud native networking topics being advanced in this SIG. Current CNCF projects in-scope: CNI, CoreDNS, Envoy, gRPC, Linkerd, NATS, Network Service Mesh.

Speakers

Matt Klein

Software Engineer, Lyft

Matt Klein is a software engineer at Lyft and the creator of Envoy. He has been working on operating systems, virtualization, distributed systems, networking, and making systems easy to operate for nearly 20 years across a variety of companies. Some highlights include leading the... Read More →

Lee Calcote

Founder and CEO, Layer5

Lee Calcote is an innovative product and technology leader, passionate about empowering engineers and enabling organizations. As Founder and CEO of Layer5, he is at the forefront of the cloud native movement. Open source, advanced and emerging technologies have been a consistent focus... Read More →

Tuesday November 19, 2019 3:20pm - 3:55pm PST
Room 6E - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)

3:20pm PST

Community Bridge BoF - Ihor Dvoretskyi, Cloud Native Computing Foundation & Shubhra Kar, Linux Foundation

CommunityBridge is a platform Developed by the Linux Foundation, which accelerates the adoption, innovation, and sustainability of open source software. This year, CNCF is participating in the Community Bridge, sponsoring three students to work on Kubernetes and CoreDNS projects during the foundations’ pilot stage. This BoF is an opportunity to meet in person and discuss the areas of collaboration between Community Bridge and the Cloud Native Community.

Speakers

Shubhra Kar

CTO and GM of Product & IT, Linux Foundation

Ihor Dvoretskyi

Developer Advocate, Cloud Native Computing Foundation

Tuesday November 19, 2019 3:20pm - 3:55pm PST
Room 23BC - San Diego Convention Center Upper Level

Experience Level Any

3:20pm PST

Fluentd: Cloud Native Logging - Yuta Iwama & Masahiro Nakagawa, Arm Treasure Data

Logging for cloud-native applications and environments is a continuous challenge from an operational perspective. Fluentd offers a full logging layer than can be accommodated and extended as required to solve any logging need. In this Fluentd session, you will learn about its administration and log processing from a general perspective.

Speakers

Masahiro Nakagawa

Principal Engineer, Treasure Data

Fluentd maintainer

Yuta Iwama

Software Engineer, Arm Treasure Data

Fluentd maintainer

CNCFCon KubeCon NA 2019 pdf

Tuesday November 19, 2019 3:20pm - 3:55pm PST
Room 17AB - San Diego Convention Center Mezzanine Level

Experience Level Any
Session Slides Included Yes

3:20pm PST

Intro to the Kubernetes Working Group for Multi-tenancy - Tasha Drew, VMware

This introduction will go over what the multi-tenancy working group has been working on and how new contributors can become engaged. New users and contributors are encouraged to attend if multi-tenancy in core Kubernetes is something you are interested in or are working on implementing at your own organization.

Speakers

Tasha Drew

Senior Director, xLabs, VMware

2019 Intro to Multi tenancy WG pdf

Tuesday November 19, 2019 3:20pm - 3:55pm PST
Room 5AB - San Diego Convention Center Upper Level

Experience Level Any
Session Slides Included Yes

3:20pm PST

Intro: Harbor - Enterprise Cloud Native Artifact Registry - Steven Ren & Alex Xu, VMware

As container technology becomes widely adopted in the industry, how to manage containerized applications poses new challenges to platform engineers. One of the challenges is to securely and efficiently manage containerized application packages with either container image or Helm Chart format. Project Harbor is an open-source trusted cloud native registry project that stores, manages, signs, and scans content, thus resolving common image or Helm Chart management challenges. In this presentation, we will focus on the management of container images and Helm Charts through Harbor. We will review and provide solutions to the challenges faced by organizations, including RBAC (Role-Based Access Control), vulnerability scanning, large scale content distribution, content replication, content trust (notary), webhook, tag retention, and DevOps integrations, etc.. Real-world use cases will be discussed in the session. Of course, fantastic demos will be shown to let you easily understand the related use cases.

Speakers

Steven Ren

Senior Manager, VMware

Alex Xu

Product Manager, VMware

Tuesday November 19, 2019 3:20pm - 3:55pm PST
Room 14AB - San Diego Convention Center Mezzanine Level

Experience Level Any

3:20pm PST

Jaeger Intro - Yuri Shkuro, Uber Technologies & Pavol Loffay, Red Hat

This session is an introduction to Jaeger and distributed tracing. We will do a demo of the current Jaeger features, talk about the roadmap, and finish with a Q&A. After this session the attendees should better understand how Jaeger fits in the observability space for cloud native applications. For more information on the project everybody is welcome to attend the Jaeger Deep Dive Session.

Speakers

Pavol Loffay

Pavol Loffay, Red hat

Pavol Loffay is a principal software engineer at Red Hat working on open-source observability technology for modern cloud-native applications. Pavol contributes and maintains Cloud Native Computing Foundation (CNCF) projects OpenTelemetry and Jaeger. In his free time, Pavol likes... Read More →

Yuri Shkuro

Software Engineer, Uber Technologies

Yuri Shkuro is a software engineer at Uber Technologies, working on distributed tracing, observability, reliability, and performance problems; author of the book ["Mastering Distributed Tracing"](https://www.shkuro.com/books/2019-mastering-distributed-tracing/); creator of Jaeger... Read More →

KCCNCNA19 Jaeger Intro pdf

Tuesday November 19, 2019 3:20pm - 3:55pm PST
Room 16AB - San Diego Convention Center Mezzanine Level

Experience Level Any
Session Slides Included Yes

3:20pm PST

Service Discovery With Hybrid and Multi-Cloud: Introduction to CoreDNS - Yong Tang, MobileIron

CoreDNS is a flexible and extensible DNS server with a focus on service discovery. While best known for its ability to serve as the cluster DNS of Kubernetes, CoreDNS is also capable of service discovery in hybrid or multi-cloud environments. The flexibility and extensibility of CoreDNS comes from its unique plugin-based architecture. With plugins such as Route53, Azure, or Google Cloud DNS, CoreDNS exposes services from Kubernetes clusters and cloud service providers in similar fashion. In this Intro session, the focus is it to discuss service discovery in a hybrid environment. Several interesting Corefile configurations will be shared, which are very useful in production usage. The updates on the current state and the road map of CoreDNS, and how CoreDNS as a project could be extended for usages beyond DNS, will be discussed as well.

Speakers

Yong Tang

Senior Director, Engineering, Ivanti

Yong Tang is Senior Director of Engineering at Ivanti. He is a core maintainer of CoreDNS and contributes to many container, cloud-native, and machine learning projects for the open source community. In addition to CoreDNS, he is a maintainer of Docker/Moby. He is also a maintainer... Read More →

KubeCon San Diego CoreDNS pdf

Tuesday November 19, 2019 3:20pm - 3:55pm PST
Room 33ABC - San Diego Convention Center Upper Level

Experience Level Any
Session Slides Included Yes

3:20pm PST

Using TUF to Mitigate Repository Compromises - Marina Moore, NYU & Justin Cappos, NYU

The secure distribution of software is critical to the overall security of a system. In this talk, Justin Cappos and Marina Moore will provide an introduction to The Update Framework (TUF), a CNCF project that has been used throughout the cloud native community for compromise resilient software updates. TUF provides a flexible framework for secure updates even through a compromise of signing keys or the update repository. You will come away from this talk with an understanding of why secure distribution of software is important and how TUF can be used to achieve this goal.

Speakers

Justin Cappos

Professor, NYU

Marina Moore

PhD Candidate, New York University

Marina Moore is a PhD candidate at NYU Tandon’s Secure Systems Lab researching secure software updates and software supply chain security. She is a maintainer of The Update Framework (TUF), a CNCF graduated project, as well as in-toto, an incubating project. She contributed to the... Read More →

Tuesday November 19, 2019 3:20pm - 3:55pm PST
Room 32AB - San Diego Convention Center Upper Level

CNCon NA 2019 Design Decisions for Communication Systems pdf

Experience Level Any

3:20pm PST

Design Decisions for Communication Systems - Eric Anderson, Google

When hearing about a new programming language, one might learn it is imperative, strongly-typed, dynamically-type-checked, object-oriented, and garbage-collected. If they have used multiple languages in the past, they now have a pretty good view of the basic constraints of the language.

When it comes to communication systems, it's not as much common knowledge the design choices made and the impact they have. Come hear Eric Anderson discuss a variety of communication systems, from IPC to message queues to REST, modern and historical, and the various features they provide and some trade-offs involved. Learn where gRPC fits and how its design choices impact your service design.

Speakers

Eric Anderson

Software Engineer, Google

Tuesday November 19, 2019 3:20pm - 3:55pm PST
Room 15AB - San Diego Convention Center Mezzanine Level

Experience Level Beginner (Very basic information)
Session Slides Included Yes

3:20pm PST

Weighing a Cloud: Measuring Your Kubernetes Clusters - Han Kang, Google & Elana Hashman, Red Hat

Kubernetes is complicated. Instrumenting it can be worse. Measuring the components of a distributed system shouldn't be as daunting as being asked to weigh a literal cloud.

In this talk, we'll go over the components of a Kubernetes control-plane and show you where to look to figure out what is actually happening. We will show you common cluster issues and how they would look in your instrumentation, so that you can more effectively diagnose clusters.

Starting in version 1.14, Kubernetes metrics were overhauled to provide consistent, high quality metrics. Han Kang and Elana Hashman will go over the changes and the potential ingestion implications of this overhaul and how it may affect you.

Speakers

Han Kang

Senior Staff Software Engineer, Google

Han Kang is a Senior Staff Software Engineer at Google. Han co-chairs SIG instrumentation while also participating in SIG API Machinery, focusing on operational aspects of managing Kubernetes clusters.

Elana Hashman

Principal Software Engineer, Red Hat

Elana Hashman currently works for Red Hat as a Principal Software Engineer on the OpenShift Container Platform Node Team, working upstream in Kubernetes SIG Node. Previously, she served as an SRE and technical lead on Azure Red Hat OpenShift. She is a subproject lead for the SIG Node... Read More →

Weighing a Cloud: Measuring Your Kubernetes Clusters pdf

Tuesday November 19, 2019 3:20pm - 3:55pm PST
Room 30ABCDE - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

3:20pm PST

Building the Cloud Native Kernel: Kubernetes Release Engineering - Tim Pepper & Stephen Augustus, VMware

Is Kubernetes a kernel or distribution? Yes! It is necessarily both!

CRD’s, out-of-tree cloud providers, and CNI/CSI/CRI abstractions evolve Kubernetes’ core toward an extensible kernel.

At 2017, KubeCon NA Tim Hockin and Michael Rubin started a conversation on formalizing “Kubernetes upstream as a distro”, proposing we clean up thinking/processes, define tools/standards, incentivize distros to stay close. They argued for a Kubernetes reference distribution focused on correctness and stability.

So where is it?

After a slow start, we have momentum in 2019 to improve conformance, API stability, and better documented support stances. However to understand why we don’t (yet) have an upstream reference distro, we need to dive deep on build/release/test tooling.

This talk will summarize Kubernetes distro issues/advances and potential contribution areas for individuals and companies.

Speakers

Stephen Augustus

Lead, Cloud Native Tools & Advocacy, VMware

Tim Pepper

Principal Engineer, VMware

Tim is a Principal Engineer in VMware's Open Source Technology Center with over 25 years in open source, working as an open source developer advocate and contributor to Kubernetes (current Steering Committee elected member, emeritus Code of Conduct Committee elected member; past SIG... Read More →

KubeCon NA 2019 Building the Cloud Native Kernel pptx

Tuesday November 19, 2019 3:20pm - 3:55pm PST
Room 1AB - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

3:20pm PST

Superpowers for Windows Containers - Deep Debroy & Jean Rouge, Docker

The Windows Operating System does not support privileged operations from inside a container today. Daemon-sets on Windows nodes in Kubernetes clusters that need to perform configuration actions on the node are significantly impacted by the absence of privileged mode support on Windows. In this talk we:
1. Explore the pros and cons of the options the SIG Windows community brainstormed to provide containers running on Windows the ability to perform privileged operations while being managed by Kubernetes.
2. Delve into the specific characteristics of the privileged proxy approach we decided to adopt.
3. Demonstrate how the privileged proxy approach is used to support privileged operations that need to be executed by daemon-sets associated with CSI plugins running on Windows nodes in a Kubernetes cluster.

Speakers

Deep Debroy

Software Engineering Manager, Docker

Jean Rouge

Senior Software Engineer, Docker

Jean is a Senior Software Engineer at Docker and an active contributor in kubernetes and various Docker open-source projects. Most recently he has led the work around GMSA support in Windows on Kubernetes. He's been passionate about DevOps since the beginning of his career: he's worked... Read More →

WindowsSuperpowers pdf

Tuesday November 19, 2019 3:20pm - 3:55pm PST
Room 7AB - San Diego Convention Center Upper Level

Runtimes

Experience Level Advanced (Expert level experience)
Session Slides Included Yes

3:20pm PST

Walls Within Walls: What if Your Attacker Knows Parkour? - Tim Allclair & Greg Castle, Google

What happens if an attacker escapes a container and compromises your node? Is it game over for the whole cluster, or can you limit the blast radius? Whether it be for defense in depth or multi-tenancy, it is important to understand the security boundaries in your cluster. In this talk, we’ll discuss various isolation approaches and evaluate them through the eyes of an attacker who has compromised a node and is looking to propagate.

We’ll deep dive on ‘node isolation’: using Kubernetes scheduling to execute workloads on separate nodes, and demonstrate live attacks and defences to educate about strengths and weaknesses of this strategy. We’ll also discuss progress made by SIG-Auth in this area over the past few releases. After this talk you will understand when node isolation is or isn't an appropriate security mechanism, the steps to implement it, and what some alternatives are.

Speakers

Greg Castle

Kubernetes/GKE Security Tech Lead, Google

Greg is the tech lead for the Kubernetes and Google Kubernetes Engine (GKE) security team at Google, and is a regular at SIG-Auth. Greg has 15 years of experience in a number of security roles including product security, penetration testing, incident response, platform hardening... Read More →

Tim Allclair

Software Engineer, Google

Tim Allclair joined the Kubernetes project just after the 1.0 launch in 2015, and currently works on the GKE Control Plane team. He is a member of the Kubernetes Security Response Committee, and a SIG Auth maintainer (previous co-chair). He has led development of several Kubernetes... Read More →

walls within walls castle tallclair kubeconUSA2019 pdf

Tuesday November 19, 2019 3:20pm - 3:55pm PST
Room 6F - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

3:20pm PST

Airbnb Service Discovery: Past, Present, Future (Challenges of Change) - Chase Childers, Airbnb

In 2013, Airbnb released an open source service discovery solution (SmartStack) and has functioned on the same framework for years. Historically our infrastructure ran on AWS EC2 instances and utilized HAProxy (within Smartstack) for proxying traffic. With a migration to Service Oriented Architecture and Kubernetes, our service discovery must also change. In this presentation we will cover the evolution of our service discovery framework starting with where we started, where we’ve been, where we’ve failed, and where we’re going (hint: Envoy) at Airbnb. This includes both our missteps and our learnings from migrating within a hybrid EC2/Kubernetes world. We’ll dive deep into topics such as challenges of managing and migrating your own service discovery stack, migrating ingress and egress traffic independently, and rolling out infrastructure changes across a massive fleet of services.

Speakers

Chase Childers

Site Reliability Engineer, Airbnb

Chase Childers is on the Site Reliability Engineering Team at Airbnb. He has collaborated with the Service Orchestration and Traffic teams to focus on service discovery migrations in the EC2 and Kubernetes context. Outside of this collaboration, his related work includes preparing... Read More →

Airbnb Service Discovery KubeCon 2019 pdf

Tuesday November 19, 2019 3:20pm - 3:55pm PST
Room 28ABCDE - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

3:20pm PST

Vitess: Stateless Storage in the Cloud - Sugu Sougoumarane, PlanetScale

When Vitess was migrated to run from bare-metal into Google's cloud, it was deployed as a regular stateless application. This meant that a process reschedule resulted in all the local data being wiped.

The property of Vitess to survive in such an unforgiving environment made it naturally suited to run on Kubernetes.

How did Vitess manage to run on such an environment without losing data, and providing High Availability, Scale and Performance? How are other organizations running Vitess?

This session will answer these questions, as well as go into the design principles that prepared Vitess to be cloud-native.

Speakers

Sugu Sougoumarane

CTO, Planetscale, Inc.

Vitess@SanDiego pdf

Tuesday November 19, 2019 3:20pm - 3:55pm PST
Room 11AB - San Diego Convention Center Upper Level

Experience Level Beginner (Very basic information)
Session Slides Included Yes

Dejan Bosanac

Software Engineer, Red Hat

I’m a software engineer at Red Hat with an interest in open source and integrating systems. Over the years I’ve been involved in various open source communities tackling problems like: Enterprise messaging and integration, IoT cloud platforms and Edge computing.

Ted Ross

Senior Principal Software Engineer, Red Hat

Ted Ross has been with Red Hat Engineering since 2007 working on messaging products like MRG and A-MQ. He is currently working on the Skupper project. His background is in embedded systems and Networking. One of his primary interests is in bringing the performance, scale, and reliability... Read More →

Developing Edge with Kubernetes pdf

Tuesday November 19, 2019 4:25pm - 5:00pm PST
Room 28ABCDE - San Diego Convention Center Upper Level

Making an Internal Kubernetes Offering Generally Available pdf

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

4:25pm PST

Making an Internal Kubernetes Offering Generally Available - James Wen, Spotify

In the span of two years, Spotify went from two developers investigating what a potential migration to Kubernetes might involve to having an internal, multi-tenant offering of Kubernetes become generally available for all its developers as the new, primary runtime offering.

Spotify has previously given talks on the earlier bootstrapping, experimentation, alpha, and beta phases of this migration process. However, this talk will focus on the latter work involved in bringing the internal offering of Kubernetes “across the finish line.” The talk will cover what was required to bring the offering to general availability, including work shoring up scalability and reliability via a multicluster strategy, DIRT testing, operational metrics and alerts. This talk will also cover the technical and process elements involved in designing a successful self-service migration experience for developers.

Speakers

James Wen

Senior Site Reliability Engineer, Spotify

James Wen is a senior site reliability engineer at Spotify, where he’s currently focused on revamping Spotify’s runtime infrastructure. Previously, James was the team lead (anchor) of the Cloud Foundry Buildpacks team at Pivotal and served as a core contributor and maintainer... Read More →

Tuesday November 19, 2019 4:25pm - 5:00pm PST
Room 30ABCDE - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

4:25pm PST

Mario’s Adventures in Tekton Land - Vincent Demeester, Red Hat & Andrea Frittoli, IBM

Tekton is a Kubernetes-native, lightweight, easy to manage CI/CD pipelines engine. Pipeline building blocks can be reused, version controlled and curated in a catalogue that embeds best practices. Tekton, hosted by the CD Foundation, aspires to be the common denominator in CI/CD. The Tekton team wanted to make sure that the project is going in the right direction by "dogfooding" i.e. by using Tekton to run its own automation "plumbing". The initial continuous integration setup embedded most of the testing pipelines in bash scripts. The speakers replaced this with Tekton, hence improving the readability of the pipelines and the reproducibility of CI runs. Eventually, they moved onto continuously delivering Tekton and its pipelines via Tekton. In this talk, the speakers will tell their experiences about using a cloud-native pipeline system to test, release and continuously deploy itself.

Speakers

Andrea Frittoli

Open Source Advocate, IBM

Andrea Frittoli is an Open Source Advocate at IBM. He has more than 10 years of experience serving open source communities. Andrea is the co-founder of CDEvents and a maintainer of Tekton. He serves as chair of the CD Foundation Technical Oversight Committee. Andrea is a frequent... Read More →

Vincent Demeester

Principal Sofware Engineer, Red Hat

I'm a french developer, Gopher, sysadmin, factotum, free-software fan and unicode lover ; tektoncd, docker/moby maintainer, knative contributor amongst other project.

Mario's Adventures in Tekton Land(2) pdf

Tuesday November 19, 2019 4:25pm - 5:00pm PST
Room 17AB - San Diego Convention Center Mezzanine Level

CI/CD

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

4:25pm PST

Polymorphic Reconcilers in Kubernetes - Advanced DuckTyping - Scott Nichols & Matt Moore, Google

The explosion of Custom Resources in Kubernetes has lead to the development of new techniques to reference and reconcile objects in Kubernetes. Come learn how we are leveraging some simple patterns to produce complex systems within Kubernetes in the Knative project, and how you can adapt these methods to your applications.

Speakers

Matthew Moore

Software Engineer, VMware

Matt is a member of the Technical Oversight Committee for Knative, leads Knative Serving, and started Knative Build. Previously as Google, Matt was Uber TL of container tools, and was the original TL for Google's Container Registry (gcr.io).

Scott Nichols

Founder Chainguard, Chainguard, Inc

Scott Nichols is a focused on making it easy to create and understand portable event driven serverless workloads. This work is done through Kubernetes, Knative and CloudEvents.

duck talk 2 pdf

Tuesday November 19, 2019 4:25pm - 5:00pm PST
Room 16AB - San Diego Convention Center Mezzanine Level

Kubecon San Diego — Measuring and Optimizing Kubernetes Usage at Lyft pdf

Experience Level Advanced (Expert level experience)
Session Slides Included Yes

4:25pm PST

Measuring and Optimizing Kubeflow Clusters at Lyft - Konstantin Gizdarski, Lyft & Richard Liu, Google

Machine learning workloads are often resource-intensive operations. As companies adopt more of these workloads, tracking resource consumption and optimizing spending becomes more challenging.

At Lyft, we developed a system which scrapes metrics from Kubernetes clusters and persists them in data warehouses. We then built a pipeline that transforms snapshots into cluster utilization metrics along the dimensions of CPU, memory, and GPU. Finally we join these metrics into our cost and usage dataset, so teams can budget resources accordingly and reduce spending.

In this talk, we will give an overview of Infraspend - our infrastructure for tracking Kubernetes usage. Attendees will learn how the data we collected helped Lyft reduce spending for Kubeflow clusters. The audience will also gain insights into how Kubernetes clusters can be optimized without performance or stability compromises.

Speakers

Richard Liu

Senior Software Engineer, Google

Richard Liu is a Senior Software Engineer at Google Cloud. He is currently an owner and maintainer of the TensorFlow operator and Katib projects in Kubeflow. Previously he had worked as a software developer at Microsoft Azure.

Konstantin Gizdarski

Software Engineer, Lyft

Konstantin Gizdarski is a Software Engineer at Lyft, where he has been working on — among other things — surfacing the utilization and efficiency of Kubernetes infrastructure. Previously, he has worked on machine learning and product at both Facebook and Stripe.

Tuesday November 19, 2019 4:25pm - 5:00pm PST
Room 6C - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

4:25pm PST

Birds of a Feather: CNCF Project Maintainers - Amye Scavarda, Cloud Native Computing Foundation

Speakers

Amye Scavarda Perrin

Director of Developer Programs, CNCF, The Linux Foundation

Tuesday November 19, 2019 4:25pm - 5:00pm PST
Room 23BC - San Diego Convention Center Upper Level

4:25pm PST

Birds of a Feather: SODA: The Path To Data Autonomy - Steven Tan, Futurewei & Anjaneya "Reddy" Chagam, Intel

Data autonomy is the ability to control data anywhere, anytime. It is about storing, running and managing data for cloud native, virtualization, and legacy environments both on-premise and in the cloud. The SODA Foundation is embarking on a mission to deliver open data autonomy for end users. To tackle this formidable task, SODA has brought together a community of global innovators to collaborate and contribute to this open source project.

Speakers

Reddy Chagam

Senior Principal Engineer and Lead Cloud Storage Architect, Intel

Anjaneya “Reddy” Chagam is a Senior Principal Engineer and Lead Cloud Storage Architect in Intel’s Cloud and Enterprise Solutions Group. He is responsible for developing software-defined storage strategy, architecture, and platform technology initiatives. He is a board member... Read More →

Steven Tan

VP & CTO Cloud Solution, Storage, Futurewei

Steven Tan is VP & CTO Cloud Solution, Storage at Futurewei where he is responsible for open source strategy and collaboration. Steven brought together leaders across industries and founded the SODA Foundation which he currently serves as chair. SODA Foundation is a transformation... Read More →

Tuesday November 19, 2019 4:25pm - 5:00pm PST
Room 6D - San Diego Convention Center Upper Level

Experience Level Any

4:25pm PST

Dragonfly Intro: Plugin Framework and New Distribution Strategy - Haibing Zhou, eBay & Ben Ye

In cloud native world, image distribution is never an easy problem when the number and size of container images scale up. It has to be fast and resource efficient and to be cloud native. This session shows how Dragonfly solves this problem, and how it can increase the speed of image distribution while keeping the operation effort as less as possible. Meanwhile, this session shares the latest update on Dragonfly project where plugin framework is coming into the picture, and how this can benefit dragonfly users, as an example, this sessions shares how this plugin framework gives a chance for new decentralized distribution strategy.

Speakers

Haibing Zhou

Software Engineer, eBay

Ben Ye

Software Development Engineer, Amazon Web Services

Ben Ye is a Software Development Engineer at AWS, working on observability and Kubernetes. He is one of the maintainer of Thanos and Chaos Mesh project.

KubeCon NA19 df intro pdf

Tuesday November 19, 2019 4:25pm - 5:00pm PST
Room 32AB - San Diego Convention Center Upper Level

Experience Level Any
Session Slides Included Yes

4:25pm PST

Intro to Cloud Provider Azure - Rita Zhang & Craig Peters, Microsoft

In this session, you'll learn about how Kubernetes runs on the Azure infrastructure. We will cover development in the cloud provider over recent Kubernetes releases with support for new features in Azure compute like VMSS, networking like Standard Load Balancer, and storage. We'll also cover how all of this is tested and developed, and help you get involved if you would like to contribute.

Speakers

Craig Peters

Product Manager, GitHub

I love building tools to help developers, and aspiring developers, do better work

Rita Zhang

Principal Software Engineer, Microsoft

2019 11 KubeCon NA Intro to CP Azure pdf

Tuesday November 19, 2019 4:25pm - 5:00pm PST
Room 11AB - San Diego Convention Center Upper Level

4:25pm PST

Intro to Kubernetes Sig-Architecture Subprojects - Davanum Srinivas, VMware & Jordan Liggitt, Google

SIG Architecture maintains and evolves the design principles of Kubernetes, and provides a consistent body of expertise necessary to ensure architectural consistency over time. The SIG takes care of evolution of Conformance definitions, API definitions/conventions, Deprecation Policy, Design principles, etc. To support these activities the SIG participants work on multiple subprojects.

They are as follows:

* Architecture and API governance - is largely oriented towards sub-project maintainers.
* Code organization - is oriented towards maintainers and distributions.
* Conformance - is oriented towards distributions and community/ISV ecosystems solutions.
* Production readiness - is oriented towards distributions, support organizations, and users.

In this talk, we will walk through what each of the subprojects does, how they work, how each of them benefit and influence work in the kubernetes community, and how you can get involved.

Speakers

Davanum Srinivas

Principal Engineer, Amazon Web Services

Principal Engineer, EKS & Co-Chair of SIG Architecture, Kubernetes

Jordan Liggitt

Software Engineer, Google

Jordan Liggitt is a software engineer at Google, and helps lead Kubernetes authentication, authorization, and API server efforts.

Intro to Kubernetes Sig Architecture Subprojects pdf

Tuesday November 19, 2019 4:25pm - 5:00pm PST
Room 33ABC - San Diego Convention Center Upper Level

Experience Level Any
Session Slides Included Yes

4:25pm PST

Intro: CNCF CI - Lucina Stricko & Denver Williams, Vulk Coop

The CNCF CI status dashboard -- cncf.ci -- provides a third party validation of builds, deployments and end-to-end testing for CNCF’s Graduated and Incubating projects. The CNCF CI status dashboard continually validates each CNCF project, for any commit on stable and head, running on Kubernetes clusters which are provisioned to a bare metal environment. The results of each testing stage are published to the cncf.ci status dashboard. An Intro session will give an overview of the cncf.ci status dashboard’s key features, goals, technologies used, and allow time for Q&A.

Speakers

Denver Williams

Project Co-Lead, cncf.ci, Vulk Coop & CNCF

Lucina Stricko

Sr. Product Owner, Vulk Coop

Lucina Stricko is a co-owner at Vulk Co-operative (vulk.coop), maintainer of the Cloud Native Network Function (CNF) Certification Program (https://www.cncf.io/certification/cnf/) and the CNF Test Suite (https://github.com/cncf/cnf-testsuite), and contributor to the CNF Working Group. Lucina uses her Product Owner skills and empathy to combine features, priorities, and project plans to best serve the end user. When Lucina’s not creating GitHub issues, prioritizing backlogs or planning new features, she enjoys practicing... Read More →

[KubeCon NA 2019] Intro cncf.ci (1) pdf

Tuesday November 19, 2019 4:25pm - 5:00pm PST
Room 7AB - San Diego Convention Center Upper Level

Experience Level Any
Session Slides Included Yes

4:25pm PST

Intro: Kubernetes SIG Apps - Adnan Abdulhussein, VMware & Matt Farina, Samsung SDS

Kubernetes SIG Apps covers developing, deploying, and operating applications on Kubernetes with a focus on the application developer and application operator experience. In this session we will focus on the Workloads API (e.g. Deployments, StatefulSet, DaemonSet, Job etc.), the Application CRD, and the supporting elements to make application developers and operators successful with Kubernetes. That includes using the Kubernetes API to run your workloads and leveraging Kubernetes resources to develop Kubernetes native applications.

Speakers

Matt Farina

Distinguished Engineer, SUSE

Adnan Abdulhussein

Software Engineer, VMware

Adnan Abdulhussein is a Software Engineer at VMware (previously at Bitnami), where he works on building tools to make apps easier to run on Kubernetes. He contributes to the Kubernetes community as a co-chair of SIG-Apps and a core maintainer of the Helm project. Adnan is passionate... Read More →

SIG Apps Intro pdf

Tuesday November 19, 2019 4:25pm - 5:00pm PST
Room 31ABC - San Diego Convention Center Upper Level

Experience Level Any
Session Slides Included Yes

4:25pm PST

Intro: OpenEBS - Amit Kumar Das & Vishnu Itta, MayaData

Recently OpenEBS was accepted as a CNCF sandbox project. OpenEBS is a block storage provider that is built on top of Kubernetes APIs as well as extends these APIs to let end users have granular control on persistent storage decisions. We welcome communities to join us and make innovations in Container Attached Storage space. In this talk, Amit Das & Vishnu Itta, the core maintainers of OpenEBS will share the background and design principles behind OpenEBS. Through real life use cases, Amit and Vishnu will share the experiences of various OpenEBS users on solving their persistent needs on Kubernetes environments ranging from home grown labs to managed cloud platforms to on premise solutions and other hybrids.

Speakers

Amit Kumar Das

Director Of Engineering, MayaData

Amit is the director of engineering at MayaData, where he works on various open source projects including OpenEBS and MetaController. In his earlier days, he was a contributor to openstack cinder and apache cloudstack projects. When not writing code or talking about it, Amit loves... Read More →

Vishnu Itta

Director Of Engineering, MayaData

Developer who always eager to learn, loves math, algorithms and programming. Have good experience in storage protocols, ZFS, FreeBSD internals, Linux, device drivers. Enjoys playing Table Tennis and doing travel.

KubeCon '19 Intro OpenEBS pdf

Tuesday November 19, 2019 4:25pm - 5:00pm PST
Room 1AB - San Diego Convention Center Upper Level

Experience Level Any
Session Slides Included Yes

4:25pm PST

Kubernetes SIG Instrumentation - Intro - Frederic Branczyk, Red Hat & Piotr Szczesniak, Google

Kubernetes SIG Instrumentation is responsible for ensuring high quality and consistent instrumentation across the Kubernetes project. This intro session will give an overview of the efforts the SIG Instrumentation has worked on in the past and is currently working on. Software engineering and operations are both disciplines practiced in SIG Instrumentation, and any experience will help the special interest group's mission. Join this session to learn how to get involved in SIG Instrumentation to make instrumentation even better!

Speakers

Frederic Branczyk

Founder, Polar Signals

Frederic is the founder of Polar Signals. Before, he was a senior principal engineer and the main architect for all things Observability at Red Hat, which he joined through the CoreOS acquisition. Frederic is a Prometheus and Thanos maintainer and tenured as the tech lead for for... Read More →

Piotr Szczesniak

Engineering Manager, Google

Piotr is Engineering Manager working at Google since 2014. He works on GKE/Kubernetes for 8+ years, joining the project in its early days and was priviliged to observe its incredible growth from the front row. Piotr leads Kubernetes/GKE Networking teams in Warsaw office. Formerly... Read More →

Tuesday November 19, 2019 4:25pm - 5:00pm PST
Room 6E - San Diego Convention Center Upper Level

Experience Level Any

4:25pm PST

Understanding and Troubleshooting the eBPF Datapath in Cilium - Nathan Sweet, DigitalOcean

The advent of eBPF (extended Berkeley Packet Filters) has contributed significantly to container networking progress. However, the tooling for diagnosing and troubleshooting eBPF issues is nascent, and most members of the K8s and Linux communities are unfamiliar with it.

This talk will help demystify eBPF and cover its history. We'll present the default network datapath of the Linux kernel and contrast it in depth with how various eBPF program types diverge from this datapath. In addition, we'll match up the ways in which cilium implements various CNI and K8s constructs/objects with their eBPF program type, so that you'll be able to identify the right troubleshooting methods easily. Finally, we'll match appropriate methods and tools to the various eBPF program types.

Speakers

Nathan Sweet

Senior Software Engineer, DigitalOcean

Nathan Sweet is a Senior Software Engineer at DigitalOcean that works on the managed Kubernetes team. He has been working on managed cloud products for the past 5 years, and managed Kubernetes products for the past 3 years. He focuses specifically on system and network performance... Read More →

eBPF and the Cilium Datapath pdf

Tuesday November 19, 2019 4:25pm - 5:00pm PST
Room 15AB - San Diego Convention Center Mezzanine Level

KubeCon 2019 Scaling Kubernetes to Thousands of Nodes pdf

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

4:25pm PST

Scaling Kubernetes to Thousands of Nodes Across Multiple Clusters, Calmly - Ben Hughes, Airbnb

In under a year, Airbnb went from 600 Kubernetes nodes across a couple handcrafted clusters to over 5000 nodes on tens of clusters. Successful adoption of Kubernetes by services led to more and faster adoption leading to challenges of scale. Facing this, Airbnb switched to a multiple production cluster architecture to get around single cluster scalability limits and ensure ample capacity for services.

This process increased the consistency of the cluster configurations while reducing manual operations. This talk will discuss the problems that were faced during scaling, the shape of the solutions, specific approaches that worked well (and didn’t), and how this was accomplished without a drastic shift away from existing pre-Kubernetes infrastructure tooling. A key result was reducing the time to create a new, production-ready cluster from over a week to under an hour.

Speakers

Ben Hughes

Software Engineer, Airbnb

Ben Hughes has worked on database scaling, Ruby and Node.js performance, incident response, and Kubernetes at Airbnb. He has previously spoken about [Scaling Airbnb](https://www.oreilly.com/library/view/velocity-conference-new/9781491900406/video191370.html) at VelocityConf NY, [Alerting](https://www.youtube.com/watch?v=MYmVu_IMC20... Read More →

Tuesday November 19, 2019 4:25pm - 5:00pm PST
Ballroom Sec 20CD - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

4:25pm PST

Extending containerd - Samuel Karp & Maksym Pavlenko, Amazon

containerd, a graduated CNCF project, is a widely used container runtime that provides core functionality for Docker. containerd was designed to be small and simple, but also very modular and extensible. This talk covers the architecture of containerd, explains the responsibilities of each component, and dives deep into containerd’s facility for extension. We’ll cover the individual gRPC services that make up containerd and show how they can be extended with proxy plugins, Go plugins, process interfaces (OCI runtimes and process-based logging), thick client implementations, and build-your-own containerd for compiled-in extension. These extension mechanisms can be shown with simple examples and real-world use in the firecracker-containerd project.

Speakers

Samuel Karp

Senior Software Development Engineer, Amazon Web Services

Samuel Karp is a Senior Software Development Engineer at AWS working on containers and helping to build core components behind AWS Fargate, Amazon EKS, and Amazon ECS. Sam has been a contributor to Docker/Moby since 2015 and to containerd since 2017, and is currently building the... Read More →

Maksym Pavlenko

Software Development Engineer, Amazon Web Services

Maksym Pavlenko is a Software Development Engineer at AWS working on containers and helping to build core components behind AWS Fargate, Amazon EKS, and Amazon ECS. Maksym is a maintainer in containerd, and is currently building the firecracker-containerd project to run containers... Read More →

extending containerd kubecon pdf

Tuesday November 19, 2019 4:25pm - 5:00pm PST
Room 5AB - San Diego Convention Center Upper Level

Runtimes

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

4:25pm PST

Panel: Control Plane vs Data Plane: Untangling the Tenets of Multitenancy - Tasha Drew, VMware; Sanjeev Rampal, Cisco; Ryan Bezdicek, Cray Inc.; Adrian Ludwin, Google; & Fei Guo, Alibaba

Virtually every organization over a certain size wants to be able to share their clusters between different sets of users. As a result, the Multi-tenancy Working Group is seeing increasingly high demand for higher-level features to support Kubernetes multi-tenancy. Unfortunately, each organization has different and often unspoken assumptions about what tenancy means to them, so different use cases and needs often get conflated. In this discussion, our panelists will share their proposals for the principles of multi-tenancy, according to both the type of concerns (control plane vs data plane) as well as the type of tenants (such as dev teams, production teams and third-party users).

Speakers

Tasha Drew

Senior Director, xLabs, VMware

Sanjeev Rampal

Principal Engineer, Cisco

Sanjeev Rampal, PhD, is a Principal Engineer in the Cloud Platforms and Solutions group at Cisco Systems where he works on the Cisco Container Platform, an enterprise multi-cloud platform based on Kubernetes and cloud native technologies. He has over 20 years of experience in development... Read More →

Ryan Bezdicek

Principle Software Engineer, Twilio

Ryan Bezdicek is using Kubernetes to build the next generation of supercomputer at Cray Inc. He’s active in several Kubernetes working groups including multi-tenancy and conformance. A tester and DevOps consultant by background, Ryan has experienced first hand the benefits of adding... Read More →

Adrian Ludwin

Senior Software Engineer, Google

Adrian is a software engineer on the Google Kubernetes Engine (GKE) in Kitchener, Ontario, and created the Hierarchical Namespace Controller (HNC). Before Google, he was a developer at Intel’s Programmable Solutions Group (formerly Altera) in Toronto, and specialized in parallel... Read More →

Fei Guo

Senior Staff Engineer, Alibaba

Fei Guo is currently a senior staff engineer in Alibaba Container Platform Group. He has more than 10 years of experience in compute resource management and performance optimization for virtualized and containerized environments. His work focuses on providing workload automation and... Read More →

Tuesday November 19, 2019 4:25pm - 5:00pm PST
Room 29ABCD - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)

4:25pm PST

KubeFlow’s Serverless Component: 10x Faster, a 1/10 of the Effort - Orit Nissan-Messing, Iguazio

Serverless simplifies data science by automating the process of code to container and enables users to add instrumentation and auto-scaling with minimum overhead. However, serverless has many limitations involving performance, lack of concurrency, lack of GPU support, limited application patterns and limited debugging possibilities. Orit Nissan-Messing will introduce Nuclio, a KubeFlow open source component which is 10x faster when compared to alternatives at a 1/10 of the effort. She will explain how to use Nuclio to extend KubeFlow pipelines, accelerating and automating each step of the workflow. This includes parallel processing, automated code building/deployment, stream processing and artifact tracking. Orit will demonstrate how to achieve devops automation involving auto-scaling, automated logging and monitoring, security hardening, CI/CD and workload mobility.

Speakers

Orit Nissan-Messing

VP R&D, Iguazio

Orit Nissan-Messing has vast experience in cloud architectures, storage, AI and big data. Prior to Iguazio, Orit was Chief Architect at XIV (acquired by IBM) and held management roles in various companies from startups to corporations. Orit is a CNCF contributor and a member of the... Read More →

Serverless Kubeflow Orit NM pdf

Tuesday November 19, 2019 4:25pm - 5:00pm PST
Room 6F - San Diego Convention Center Upper Level

Serverless

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

4:25pm PST

Panel: Is Service Mesh Ready for Edge-Native Applications? - Wendy Cartee, Ramki Krishnan, VMware; Srini Addepalli, Intel; Parveen Patel, Google; & Ravi Chunduru, Verizon

Edge deployments, in contrast to large public clouds, pose interesting demands since they are physically insecure & capacity constrained. Also, Edge Computing Apps such as AR-VR, have low-latency characteristics with RTT typically few msec and pose further demands to edge deployments.

Edge Computing Apps like to use Service Meshes (SM) such as Istio/Envoy, Linkerd etc. to offload infrastructure related activities such as security.

In this panel, we first examine the unique challenges in using SM technologies for Edge Computing Apps - especially the additional latency and resource usage to due to Kernel Networking. Next, we will explore software techniques such as Kernel Bypass, QUIC as an alternative to TCP/IP etc. to alleviate the performance bottlenecks introduced by SM technologies including early results. Last, we will touch upon hardware acceleration techniques for the above.

Speakers

Ramki Krishnan

Lead Technologist, Open Source, VMware

Ramki, with 20+ years of industry experience, has a deep understanding of various technologies and strong business acumen to lead and transform innovation into customer-winning products. Currently, at VMware, he is responsible for Telco/Enterprise open source technology vision, strategy... Read More →

Wendy Cartee

Senior Director of Marketing, VMware

Wendy Cartee is senior director of product marketing for service mesh, cloud and container networking at VMware. She works on products and open source projects to drive enterprise user adoption. Wendy has been in open source for over a decade and helped form the Linux Foundation’s... Read More →

Srinivasa Addepalli

Sr. Principal Engineer, Intel Corporation

Srini Addepalli is a Sr. Principal Engineer in NEX/NPG business unit of Intel Corporation. He is one of the principal architects of networking, security & Edge technologies for the Network Function Virtualization/Containerization (NFV/NFC) and Software Defined Networks (SDN). Srini... Read More →

Ravi Chunduru

Associate Fellow, Verizon

Ravi Chunduru is a Senior Architect at Verizon responsible for Product strategy and thought leadership in the domain of Virtual Network Services and MEC solutions. Ravi has been a key player in conceptualizing and delivering various products at Verizon such as VNS Application Edge... Read More →

Parveen Patel

Senior Director Engineering, Google Cloud

Parveen Patel is Senior Director of Engineering at Google Cloud. Parveen leads the Host Networking team responsible for building high-performance networking and distributed systems. These systems enable a wide range of Google workloads such as Google Search and Ads, YouTube and Google... Read More →

service mesh edge native panel v3 pdf

Tuesday November 19, 2019 4:25pm - 5:00pm PST
Room 14AB - San Diego Convention Center Mezzanine Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

4:25pm PST

How to Backup and Restore Your Kubernetes Cluster - Annette Clewett & Dylan Murray, Red Hat

Operating Kubernetes clusters introduces many new practices, but does not change the need to be able to backup and recover your applications and data. Yet traditional methods of server backup work poorly with Kubernetes clusters. How can you make sure your cluster is protected? How can persistent data get saved in a manner so there is minimal or no corruption to the application if recovery is required?

In this session we will explore how to use open-source disaster recovery tools you can use today such as Velero and Restic. We’ll also discuss how to use the Noobaa S3 API to reliably save and store backups for all resources including snapshots housed in Rook-Ceph. To prove this is not just smoke and mirrors, we will demonstrate in a live Kubernetes cluster deleting everything in a namespace and then continue on to show complete recovery of all resources and data.

Speakers

Annette Clewett

Principal Architect, Red Hat

Red Hat Storage Architect with broad knowledge across a spectrum of technologies – network, storage, virtual, and platform. Have successfully delivered countless studies that improved end-user experience and created a more efficient and available infrastructure. Current projects... Read More →

Dylan Murray

Senior Software Engineer, Red Hat

Red Hat Software Engineer

How to Backup and Recover Your Kubernetes Cluster pdf

Tuesday November 19, 2019 4:25pm - 5:00pm PST
Ballroom Sec 20AB - San Diego Convention Center Upper Level

Experience Level Beginner (Very basic information)
Session Slides Included Yes

5:21pm PST

Keynote: Opening Remarks - Bryan Liles, KubeCon + CloudNativeCon North America 2019 Co-Chair & Senior Staff Engineer, VMware

Speakers

Bryan Liles

Senior Staff Engineer, VMware

Tuesday November 19, 2019 5:21pm - 5:21pm PST
Exhibit Hall AB - San Diego Convention Center Ground Level

5:21pm PST

Keynote: Kubernetes Project Update - Vicki Cheung, KubeCon + CloudNativeCon North America 2019 Co-Chair & Engineering Manager, Lyft

Speakers

Vicki Cheung

Staff Software Engineer, Lyft

1 Vicki Cheung NEW tues pm.pptx pdf

Tuesday November 19, 2019 5:21pm - 5:41pm PST
Exhibit Hall AB - San Diego Convention Center Ground Level

Session Slides Included Yes

5:41pm PST

Sponsored Keynote: Modernizing Virtualization Technology for Cloud Native Computing - Arjan van de Ven, Intel Fellow, Intel

Fifteen years of virtualized system software has led increasingly powerful capabilities, from containers to FaaS stacks, offering increasing levels of density and agility to application developers. These modern solutions, however, build on top of legacy layers that predate cloud computing as we now know it. Rethinking and reinventing these lower layers of the system stack can offer even greater improvements in density, performance, and security.

One such example is at the VMM layer, which commonly depends on software that includes emulation and other unnecessary features. The rust-vmm project provides an alternative approach: a toolkit to build workload-specific virtual machine monitors. This keynote will discuss new developments in that project, from support of lightweight virtual machines to FaaS, and why you’d want to use different VMMs for these different delivery models.

Speakers

Arjan van de Ven

Intel Fellow, Intell

Arjan van de Ven is an Intel Fellow as well as Linux and data-centric software architect in SystemSoftware Products at Intel Corp. He drives pathfinding and advanced engineering includingperformance, security, and secure containers. Van de Ven’s passion is addressing the seeminglyimpossible... Read More →

2 ArjanVanDeVin Intel.pptx pdf

Tuesday November 19, 2019 5:41pm - 5:46pm PST
Exhibit Hall AB - San Diego Convention Center Ground Level

Session Slides Included Yes

5:46pm PST

Keynote: (Open)Telemetry Makes Observability Simple - Sarah Novotny, Open Source Wonk, Azure OCTO, Microsoft & Liz Fong-Jones, Principal Developer Advocate, Honeycomb.io

Observability is a fundamental requirement for sustainably developing and operating cloud native applications. It must be accessible to a diversity of users and support a robust ecosystem of tooling around these common needs.

Liz and Sarah explain how OpenTracing and OpenCensus merging benefits the entire cloud native ecosystem. With OpenTelemetry, users and vendors alike can focus on distilling insights out of their data rather than duplicating instrumentation work. Sarah and Liz will show the progress so far, integrations with peer CNCF projects, and how you can participate!

Speakers

Liz Fong-Jones

Field CTO, Honeycomb

Liz is a developer advocate, labor and ethics organizer, and Site Reliability Engineer (SRE) with 18+ years of experience. She is currently the Field CTO at Honeycomb, and previously was an SRE working on products ranging from the Google Cloud Load Balancer to Google Flights.

Sara Novotny

Open Source Wonk, Microsoft, Azure Office of the CTO, OSS Ecosystems Team

Sarah Novotny is a technology executive leader in open source, cloud computing, infrastructure automation and big data. Her 25+ year career demonstrates entrepreneurial spirit – consistently leading technical operations and development teams as well as engaged in external facing... Read More →

3 Sarah and Liz 2NEW V3.pptx pdf

Tuesday November 19, 2019 5:46pm - 6:06pm PST
Exhibit Hall AB - San Diego Convention Center Ground Level

Session Slides Included Yes

6:06pm PST

Sponsored Keynote: Beyond Badges—How Inclusive Communities Accelerate Innovation - Kostadis Roussos, Principal Engineer, VMware

This talk is an expression of gratitude. The energy and innovation of this community is transforming our company. Our first forays into the world of containers were inward-looking and produced some false starts. As we have engaged more with the community around Kubernetes, you have flipped our perspective from infrastructure up to developer down.

Now we’re moving with the ecosystem and making our biggest technology bet in a decade—embedding Kubernetes in our flagship product, vSphere. Kubernetes has the power to be a uniting force for IT operators and developers, and this community is the catalyst.

Speakers

Kostadis Roussos

Principal Engineer, VMware

Kostadis Roussos (he/him) is a Principal Engineer at VMware, working on vCenter since 2015. His current major effort is the integration of K8s into vSphere, recently announced as Project Pacific. Before VMware, Roussos was Chief Engineer at Zynga where he led the AppOps/DevOps... Read More →

4 Kostadis Roussos.pptx pdf

Tuesday November 19, 2019 6:06pm - 6:11pm PST
Exhibit Hall AB - San Diego Convention Center Ground Level

Session Slides Included Yes

6:11pm PST

Keynote: Reflections - Kelsey Hightower, Staff Developer Advocate, Google

Reflecting on KubeCon + CloudNativeCon from the beginning to where we are now.

Speakers

Kelsey Hightower

Distinguished Engineer, Google Cloud

Kelsey Hightower has worn every hat possible throughout his career in tech, and enjoys leadership roles focused on making things happen and shipping software. Kelsey is a strong open source advocate focused on building simple tools that make people smile. When he is not slinging Go... Read More →

Tuesday November 19, 2019 6:11pm - 6:23pm PST
Exhibit Hall AB - San Diego Convention Center Ground Level

6:25pm PST

Keynote: CNCF Maintainer + Ambassador Awards

6 CNCF Community Awards 2019.pptx pdf

Tuesday November 19, 2019 6:25pm - 6:35pm PST
Exhibit Hall AB - San Diego Convention Center Ground Level

Session Slides Included Yes

6:35pm PST

Keynote: Closing Remarks - Bryan Liles, KubeCon + CloudNativeCon North America 2019 Co-Chair & Senior Staff Engineer, VMware

Speakers

Bryan Liles

Senior Staff Engineer, VMware

Tuesday November 19, 2019 6:35pm - 6:40pm PST
Exhibit Hall AB - San Diego Convention Center Ground Level

6:40pm PST

Taco Tuesday Welcome Reception + Sponsor Booth Crawl, sponsored by SAIC

Holy guacamole - this may turn out to be the most specTACOlar booth crawl yet! Don’t miss a night of fun and games with new and old friends, sponsor conversations, and entertainment all while enjoying fantasTACO south of the border favorites.

Tuesday November 19, 2019 6:40pm - 8:40pm PST
Sails Pavilion + Ballroom 6AB - San Diego Convention Center Upper Level

Social Events

6:40pm PST

Puppy Pawlooza / Paw Therapy

We are excited to bring Puppy Pawlooza / Paw Therapy to KubeCon+CloudNativeCon North America 2019 and have partnered with the San Diego Humane Society & Love on a Leash to bring some of these amazing therapy dogs to interact with attendees throughout.

The San Diego Humane Society offers a wide range of programs and services that strengthen the human-animal bond, prevent cruelty/neglect, provide medical care, educate the community on the humane treatment of animals, and provide services for families needing assistance keeping their pets.

Tuesday November 19, 2019 6:40pm - 8:40pm PST
Sponsor Showcase, Sails Pavillion - San Diego Convention Center Upper Level

Experience Level Any

6:15am PST

Group Fun Run

Wednesday November 20, 2019 6:15am - 6:30am PST
Grand Staircase, Outside Hall D - San Diego Convention Center

Experience Level Any

7:30am PST

The New Stack Pancake Breakfast: Microservices Security with Service Mesh - sponsored by VMware

Seating availability limited and on a first-come-first-serve basis. This event tends to fill up fast, so get in line early to secure your spot.

It’s time for pancakes in San Diego! Come have a short stack with The New Stack for a Q&A with our expert panelists about the issues and options for managing identity in service mesh environments. Cloud native security and how it affects the pace of enterprise adoption will be the mainstay of our conversation for this latest stop on the pancake breakfast circuit.

Moderators

Joab Jackson

Reporter, The New Stack

Alex Williams

Founder and Publisher, The New Stack

Speakers

Lita Cho

Software Engineer, Lyft

Lita is a senior software engineer on the Networking team, building out the service mesh to handle both Kubernetes and legacy systems at Lyft. Before that, she worked on building out the API infrastructure using Protocol Buffers, creating systems that would generate code and bring... Read More →

Fuyuan Bie

Software Engineer, Pinterest

Fuyuan is a software engineer from Pinterest. He dedicates most of his time on modernizing Pinterest services infrastructures with service mesh.

Ines Envid

Group Product Manager, Google

Ines is a Group Product Manager at Google and leads the product team for Google Cloud networking, including Virtual Private Cloud, network security, hybrid and Anthos networking. Ines has launched over the last 5 years at Google Cloud, multiple solutions for VPC, network security... Read More →

Wei Fu

Engineering Manager, Uber

Wei Fu is an accomplished software engineer with over 10 years of comprehensive experience in software architecture, design, coding and testing. She has strong skills in large-scale distributed system, identity and security problem solving, and can deliver enterprise-grade software... Read More →

Pere Monclus

CTO Networking & Security Business, VMware

Pere Monclus is the CTO in the Networking and Security Business Unit at VMware. Pere is responsible for defining strategy and leading an innovation team driving the evolution of networking in the currentcloud native application and multi-cloud world. Before that, he was the CTO and... Read More →

Wednesday November 20, 2019 7:30am - 8:45am PST
Room 2 - San Diego Convention Center Upper Level

Experience Level Any

7:30am PST

Continental Breakfast (Main Conference Venue)

Wednesday November 20, 2019 7:30am - 9:00am PST
Foyer A & B - San Diego Convention Center Ground Level

7:30am PST

Registration + Badge Pick-up at San Diego Convention Center (Main Conference Venue)

Wednesday November 20, 2019 7:30am - 6:00pm PST
Foyer A & B - San Diego Convention Center Ground Level

8:00am PST

Quiet Room

Wednesday November 20, 2019 8:00am - 6:00pm PST
Room 13 - San Diego Convention Center Mezzanine Level

9:00am PST

Keynote: Opening Remarks - Bryan Liles, KubeCon + CloudNativeCon North America 2019 Co-Chair & Senior Staff Engineer, VMware

Speakers

Bryan Liles

Senior Staff Engineer, VMware

Wednesday November 20, 2019 9:00am - 9:03am PST
Exhibit Hall AB - San Diego Convention Center Ground Level

9:05am PST

Keynote: Everything Worked Before Kubernetes - Vicki Cheung, KubeCon + CloudNativeCon North America 2019 Co-Chair & Engineering Manager, Lyft

Speakers

Vicki Cheung

Staff Software Engineer, Lyft

1 Vicki FINAL.pptx pdf

Wednesday November 20, 2019 9:05am - 9:25am PST
Exhibit Hall AB - San Diego Convention Center Ground Level

Session Slides Included Yes

9:27am PST

Sponsored Keynote: Network, Please Evolve – Chapter 2 - Vijoy Pandey, Vice President/CTO Cloud, Cisco

Connectivity, security, and observability are critical to developer productivity and application velocity. The Network Service Mesh (or NSM) Project attempts to simplify how multi-cluster networking is consumed in Kubernetes by extending the core concepts that are already familiar to the K8s community. This talk will demonstrate how easy it is becoming for developers to consume networking via NSM, when we change our 35-year old view of IP networking.

Speakers

Vijoy Pandey

Vice President, Engineering for Emerging Technologies and Incubation, Cisco

Vijoy Pandey is Vice President, Emerging Technologies and Incubation (ET&I) at Cisco. ET&I is chartered to create and drive the next Bold Bets for Cisco in an agile, ambitious, and entrepreneurial manner. Vijoy runs both engineering and a global framework of customer-focused co-innovation... Read More →

2 Vijoy Pandey NEW.pptx pdf

Wednesday November 20, 2019 9:27am - 9:32am PST
Exhibit Hall AB - San Diego Convention Center Ground Level

Session Slides Included Yes

9:34am PST

Keynote: The Long Road to IPv4/IPv6 Dual-stack Kubernetes - Tim Hockin, Principal Software Engineer, Google & Khaled (Kal) Henidak, Principal Software Engineer, Microsoft Azure

Prepare yourself - IPv4/IPv6 dual-stack Kubernetes is almost here! In this session, we will share the journey of how this enhancement has progressed over the years and how the community has banded together to land such a massive change that touches almost every part of Kubernetes. We will also cover the new opportunities that dual-stack provides to the Kubernetes ecosystem including larger cluster size, IoT edge and even dual-stack enabled hosted environments.

Speakers

Tim Hockin

Distinguished Engineer, Google

Tim has spent most of his career at Google, where he works on Kubernetes and Google Kubernetes Engine (GKE). He is one of the technical leads of the Kubernetes project, and has been part of it since before it was publicly announced. He mostly pays attention to topics like APIs, networking... Read More →

Khaled (Kal) Henidak

Principal Software Engineer, Microsoft Azure

Kal is a Software Engineer at Azure. Kal enjoys working on core compute and networking projects. He loves them almost as much as he does coffee.

3 Tim Hockin Kal Henidak.pptx pdf

Wednesday November 20, 2019 9:34am - 9:54am PST
Exhibit Hall AB - San Diego Convention Center Ground Level

4 Rae Wang Google Cloud Making the impossible possible with K8s pdf

Session Slides Included Yes

9:54am PST

Sponsored Keynote: Making the Impossible Possible with Kubernetes - Rae Wang, Group Product Manager, Google Cloud

At KubeCon + CloudNativeCon Europe in Barcelona earlier this year, we saw physicists from CERN recreate an incredible feat of engineering identifying the Higgs boson with Kubernetes. Around the world, every day, Kubernetes and open source tools built on top of it are transforming the impossible into the possible. In this presentation, we share some of those stories.

Speakers

Rae Wang

Group Product Manager, Google Cloud

Rae is a Group Product Manager at Google and leads the product team for GCP Identity, Config and Policy Management. Passionate about helping enterprise customers adopt Cloud and OSS tools, Rae has launched products in security, CI/CD, cost management and config management. She has... Read More →

Wednesday November 20, 2019 9:54am - 9:59am PST
Exhibit Hall AB - San Diego Convention Center Ground Level

Session Slides Included Yes

9:59am PST

Keynote: E2E 5G Cloud Native Network - Heather Kirksey, VP, Community and Ecosystem Development, Linux Foundation; Azhar Sayeed, Chief Architect, Red Hat; & Fu Qiao, Project Manager, China Mobile

It’s no secret that Kubernetes has gained significant traction in the cloud and enterprise software ecosystem, but less widely known is how this momentum is now moving into global telco networks as the next major area of adoption. Building on the momentum from a live keynote demo In Amsterdam last fall (See the demo here: https://www.youtube.com/watch?v=ClQ7nBKfL5I&t=385s), a team made up of volunteers from several project communities, companies, and network operators has taken a cloud native approach to developing an E2E 5G network demonstration built on open source infrastructure. The demo will use a live prototype running in labs around the world using k8s and other open source technologies to deliver a fully containerized 5G network on stage in San Diego. The demo will showcase both how the telecom industry is using cloud native software to build out their next gen networks, and also show solution providers what’s possible in this exciting new space.

Speakers

Heather Kirksey

Vice President of NFV, The Linux Foundation

Heather Kirksey works with the community to advance the adoption and implementation of open source NFV platforms.Before joining The Linux Foundation, she led strategic technology alliances for MongoDB. Earlier in her career she held various leadership positions in the telecom industry... Read More →

Fu Qiao

Project Manager, China Mobile

Qiao Fu is a project manager at China Mobile Research Institute, working on research of network technology. Qiao Fu is responsible for the China Mobile National Experiment Network of NFV, and is also engaged in technical research of edge cloud, hardware acceleration and NFV system... Read More →

Azhar Sayeed

Sr. Director, Solution Architecture, Red Hat

Azhar Syeed is the global solution architect for Telco (5G) for RH. He has decades of experience with networking and telcos. Azhar was instruemental in our current startegy of OCP on BM for Telcos

5 HEATHER KIRKSEY V3.pptx pdf

Wednesday November 20, 2019 9:59am - 10:24am PST
Exhibit Hall AB - San Diego Convention Center Ground Level

Session Slides Included Yes

Senior Staff Engineer, VMware

Wednesday November 20, 2019 10:24am - 10:25am PST
Exhibit Hall AB - San Diego Convention Center Ground Level

10:25am PST

Coffee Break

Wednesday November 20, 2019 10:25am - 10:55am PST
Sponsor Showcase, Sails Pavillion - San Diego Convention Center Upper Level

10:25am PST

Sponsor Showcase

Wednesday November 20, 2019 10:25am - 5:20pm PST
Sails Pavilion + Ballroom 6AB - San Diego Convention Center Upper Level

Sponsor Showcase

10:55am PST

Are You About to Break Prod? Acceptance Testing with Ephemeral Environments - Erin Krengel, Pulumi & Sean Holung, Nordstrom

How confident are you that the changes you’re about to make won’t break production? In a world of Continuous Delivery, we need to be prepared for the fact that our code is going to production. K8s makes it easy to quickly deploy applications, so building pipelines with robust quality gates is vital. There’s a lot of emphasis on this, yet how to create a solid deployment strategy isn’t clearcut.

Erin and Sean will demonstrate a pattern for acceptance testing complex architectures, which verifies a K8s app properly interacts with its infrastructure. Leveraging ephemeral environments, these tests will validate as well as document the app’s business and functional requirements.

Utilizing infrastructure as code and K8s Jobs, they will demo how to create a comprehensive acceptance test suite that allows you to continuously deploy to production.

Speakers

Erin Krengel

Software Engineer, Pulumi

Erin is a Software Engineer at Pulumi, where she works on their SaaS product. Previously she worked at Nordstrom on number of DevOps teams responsible for Go microservices, their infrastructure, CI/CD pipelines and production support. Most recently, she developed and architected key... Read More →

Sean Holung

Software Engineer, Nordstrom

Sean is a Software Engineer at Nordstrom where he works on their event-driven Order Management System. Prior to Nordstrom, Sean worked as a Software Engineer at CenturyLink Cloud. There he worked on their internal monitoring product used to monitor infrastructure and applications... Read More →

KubeCon Are you about to break prod pdf

Wednesday November 20, 2019 10:55am - 11:30am PST
Ballroom Sec 20CD - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

10:55am PST

How Spotify Migrated Ingress HTTP Systems to Envoy - Erica Manno & Vladimir Shakhov, Spotify

Erica and Vladimir are on the team responsible for perimeter systems that sit between Spotify’s clients and its backend services. They started unifying those systems from a range of different technologies and protocols to a solution based on Envoy proxies and a unified control plane.

This talk introduces Spotify’s vision for the next-gen perimeter. However, it will mainly focus on the migration of all HTTP ingress traffic, handled by a brittle, custom Nginx/HAProxy setup to an Envoy-based solution.

The speakers will discuss how they’re migrating multiple high volume web services, serving millions of requests/sec, with minimum disruptions and zero-downtime for the feature teams that maintain Spotify’s backend services.

This talk will also illustrate how Spotify’s engineering culture of loosely coupled but highly aligned teams has informed the decisions taken during the migration.

Speakers

Erica Manno

Senior Engineer, Spotify

Erica Manno is a Software Engineer on Spotify's Infrastructure and Operations department in Stockholm, Sweden. Her team maintains and operates critical infrastructure that handles all ingress and egress traffic at the edge of Spotify's network. Apart from that Erica is a dedicated... Read More →

Vladimir Shakhov

Software engineer, Spotify

Vladimir is a software engineer. He works on Spotify's Infrastructure and Operations team in Stockholm, mainly focused on clients to backend messaging. Vladimir previously worked at Yandex, where he helped develop task tracking product offering. He is a geek and has a dog.

EnvoySpotifyPerimeter pdf

Wednesday November 20, 2019 10:55am - 11:30am PST
Exhibit Hall AB - San Diego Convention Center Ground Level

Experience Level Beginner (Very basic information)
Session Slides Included Yes

10:55am PST

A Series of Fortunate CloudEvents - Ian Coffey, Salesforce

Serverless and Eventing are two ultra-popular areas of tech right now, describing a broad set of ideas and capabilities that can service a range of possible systems. We are told that these concepts will expand and help define the next generation of web services.

That’s all well and good, but what is really going on inside these systems? What technology do those terms rely on and what does an Eventing workflow look like under the hood? Given the complexity and size of these projects’ codebases, it can be difficult to drill down and see what’s happening on a micro scale.

Together, we will discuss, operate and modify a running distributed system built with CloudEvents and Knative Eventing. The system will be based around the concept of an automated conversation between kubernetes services.

Speakers

Ian Coffey

OSS ML Engineer, VMware

Ian Coffey has been in the platform and infrastructure business for 16 years and currently works on open source machine learning software at VMware. Away from work, Ian’s free time is usually spent adventuring with his wife and two little girls. He has an affinity for old amps and... Read More →

AFSOCE export pdf

Wednesday November 20, 2019 10:55am - 11:30am PST
Room 5AB - San Diego Convention Center Upper Level

CI/CD

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

10:55am PST

A Week in the Life of the Kubernetes Community - Dawn Foster, Pivotal & Jorge Castro, VMware

You’re new to Kubernetes and interested in contributing, but when you start poking through the community pages, you find a bunch of SIGs and so many meetings. What’s a SIG? Where should you start? Which meetings should you attend? How can you participate?

In this talk, Jorge and Dawn from SIG Contributor Experience will live out a week within the Kubernetes community by walking the audience through what happens in this busy community. As part of the day by day tour of the community, we will cover:
* Getting started and locating meeting calendars
* Finding and participating in SIGs
* Attending meetings and what to expect
* How to get involved
* Where to get help

New contributors, users interested in contributing, engineering managers whose teams are contributing, and anyone interested in learning about new ways to get involved in the Kubernetes community will benefit from attending.

Speakers

Dawn Foster

Director of Open Source Community Strategy, VMware

Dawn is the Director of Open Source Community Strategy at VMware within the Open Source Program Office. She has 20+ years of experience at companies like Intel and Puppet with expertise in community building, strategy, open source software, metrics, and more. She is passionate about... Read More →

Jorge Castro

Community Manager, VMware

Jorge is a Community Manager at VMware where he helps to support and advance the open Kubernetes ecosystem. He works in SIG Contributor Experience on the Kubernetes Office Hours, running the YouTube channel, forums admin, and a bunch of miscellaneous programs. He resides in Ann Arbor... Read More →

A Week in the Life of Kubernetes pdf

Wednesday November 20, 2019 10:55am - 11:30am PST
Room 15AB - San Diego Convention Center Mezzanine Level

Experience Level Beginner (Very basic information)
Session Slides Included Yes

10:55am PST

Practical Way to Build Kubernetes Native Java Controller - Zibo He & Min Jin, Ant Financial

The controller pattern has been proven as an effective way for managing Kubernetes workloads. However, for other languages, there are still many challenges remained in developing third-party controllers for Kubernetes. In this talk, we will discuss how to implement reflector, internal store, working queue and leader election in native Java style, and demonstrate controller runtime that makes it easier to develop Java controllers from scratch. We will also discuss different operators that we build to integrate with micro-service framework for cloud native application development.

Speakers

Tony He

Senior SW Engineer, Ant Financial

Zibo(Tony) He, Senior Engineer of Ant Financial. Tony is a co-maintainer of Kubernetes community, mainly focus on CLI, controller runtime, multi-tenancy and secure container runtime. Tony is now co-leading engineering effort on Ant Financial's Cafe Standard Product(the cloud native... Read More →

Min Jin

Software Engineer, Ant Financial

Min Jin/Kim, yue9944882, Kubernetes maintainer, subproject-owner. Actively contributing (mostly SIG API-Machinery) in the Kubernetes community for about 2 years. He is not real orange cat.

java controlller pdf

Wednesday November 20, 2019 10:55am - 11:30am PST
Pacific Ballroom, Salon 23-24 - Marriott Marquis San Diego Marina Hotel

Experience Level Beginner (Very basic information)
Session Slides Included Yes

10:55am PST

Advanced Model Inferencing Leveraging KNative, Istio and Kubeflow Serving - Animesh Singh, IBM & Clive Cox, Seldon

Model Inferencing use cases are becoming a requirement for models moving into the next phase of production deployments. More and more users are now encountering use cases around canary deployments, scale-to-zero or serverless characteristics. And then there are also advanced use cases coming around model explainability, including A/B tests, ensemble models, multi-armed bandits, etc.

In this talk, the speakers are going to detail how to handle these use cases using Kubeflow Serving and the native Kubernetes stack which is Istio and Knative. Knative and Istio help with autoscaling, scale-to-zero, canary deployments to be implemented, and scenarios where traffic is optimized to the best performing models. This can be combined with KNative eventing, Istio observability stack, KFServing Transformer to handle pre/post-processing and payload logging which consequentially can enable drift and outlier detection to be deployed. We will demonstrate where currently KFServing is, and where it's heading towards.

Speakers

Animesh Singh

Distinguished Engineer and CTO - Watson Data and AI OSS Platform, IBM

Animesh Singh is CTO and Director for IBM Watson Data and AI Open Technology, responsible for Data and AI Open Technology strategy. Creating, designing and implementing IBM’s Data and AI engine for AI and ML platform, leading IBM`s Trusted AI efforts, driving the strategy and execution... Read More →

Clive Cox

CTO, Seldon

Clive is CTO of Seldon. Seldon helps enterprises put machine learning into production. Clive developed Seldon's open source Kubernetes based machine learning deployment platform Seldon Core. He is also a core contributor to the Kubeflow and KFServing projects.

KubeCon ML Serving pdf

Wednesday November 20, 2019 10:55am - 11:30am PST
Room 17AB - San Diego Convention Center Mezzanine Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

10:55am PST

Cloud Provider OpenStack Community Session - Kendall Nelson, OpenStack Foundation & Aditi Sharma, NEC

In this session, the Cloud Provider OpenStack team will give a brief overview of OpenStack cloud integration projects, including the: * OpenStack cloud controller manager. * Cinder and Manilla storage providers. * Cluster API provider. * Keystone identity integrations. * Other provider interfaces. In addition to this overview, they will also engage the community to plan future development efforts and priorities. Both OpenStack beginners and experts are encouraged to join the session, and the community content will be tailored to fit audience interests.

Speakers

Kendall Nelson

Senior Upstream Developer Advocate, The Open Infrastructure Foundation

Kendall is a Senior Upstream Developer Advocate at the Open Infrastructure Foundation based in St. Paul, MN. She first started working on OpenStack during the Liberty release (2015) on a single project and since then gotten involved in Release Management, the Diversity and Inclusion... Read More →

aditi sharma

Software Engineer, NEC

Aditi works as a Software Enginner at NEC, She primarily works on cloud native technologies, she contributes to opensource projects like Kubernetes, OpenStack. She is also approver/reviewer for provider-openstack subproject under SIG-Cloud-Provider.

Provider OpenStack KubeCon NA 2019 pdf

Wednesday November 20, 2019 10:55am - 11:30am PST
Room 6E - San Diego Convention Center Upper Level

Experience Level Any
Session Slides Included Yes

10:55am PST

Day 2 Operations with Windows Containers - Michael Michael, VMware & Patrick Lang, Microsoft

The chairs for SIG-Windows will provide an update on the efforts to bring Windows to Kubernetes. This session will concentrate on presenting new features and capabilities as well as focus on day 2 operations and troubleshooting. We will also have a detailed discussion on our future roadmap, key functionality that we want to enable, and open the floor for Q&A with customers and members of the SIG-Windows community. Some familiarity with Windows on Kubernetes is required for the deep dive part since we will have an in-depth discussion on key features that are in the pipeline for Windows, explain their implementation and have a discussion on trade-offs with the community.

Speakers

Patrick Lang

Software Engineer, Microsoft

Patrick Lang is a Software Engineer at Microsoft building and teaching how to use Kubernetes and Windows container technologies. He is a regular speaker on Windows Server Container development and management that helped launch the tech at MS Ignite and Build conferences along with... Read More →

Michael Michael

Director of Product Management, VMware

Day 2 Operations Windows Containers pdf

Wednesday November 20, 2019 10:55am - 11:30am PST
Room 14AB - San Diego Convention Center Mezzanine Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

10:55am PST

Deep Dive: CNCF CI - W. Watson & Denver Williams, Vulk Coop

The CNCF CI status dashboard -- cncf.ci -- provides a third party validation of builds, deployments and end-to-end testing for CNCF’s Graduated and Incubating projects. The newest iteration of the cncf.ci status dashboard focuses on supporting a sustainable and scalable project ecosystem. To accelerate adding & maintaining projects on cncf.ci, the status dashboard can integrate with a project’s existing CI System and accept contributions from CNCF project maintainers. This Deep Dive session will include a walk-through of integrating a CNCF project with Travis CI to utilize the Travis CI build status and artifacts in the cncf.ci dashboard and allow time for Q&A.

Speakers

Denver Williams

Project Co-Lead, cncf.ci, Vulk Coop & CNCF

W. Watson

Principal of Principles, Vulk Cooperative

W. Watson has been professionally developing software for 30 years. He has spent numerous years studying game theory and other business expertise in pursuit of the perfect organizational structure for software co-operatives. He also founded the Austin Software Cooperatives meetup... Read More →

[KubeCon NA 2019] Deep Dive cncf.ci (1) pdf

[KubeCon NA 2019] Deep Dive cncf.ci (1) pptx

Wednesday November 20, 2019 10:55am - 11:30am PST
Room 6D - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

10:55am PST

KubeEdge Deep Dive - Sean Wang, FutureWei

KubeEdge is an open source project extending native containerized application orchestration and device management to from central cloud to Edge. It is built upon Kubernetes and provides core infrastructure support for networking, application deployment and metadata synchronization across cloud and edge. In this session, Kevin will deep dive details of KubeEdge architecture and some advanced features. The future roadmap and current pain points will also be discussed.

Speakers

Sean Wang

senior director, Futurewei

2019KubeConNA kubeedge deepdive pdf

Wednesday November 20, 2019 10:55am - 11:30am PST
Pacific Ballroom, Salon 14-15 - Marriott Marquis San Diego Marina Hotel

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

10:55am PST

KubeVirt Deep Dive: Virtualized GPU Workloads on KubeVirt - David Vossel, Red Hat & Vishesh Tanksale, NVIDIA

KubeVirt is a Kubernetes extension that supports running traditional Virtual Machine workloads side by side with containers.

In this session we will explore the architecture behind KubeVirt and how NVIDIA is leveraging that architecture to power GPU workloads on Kubernetes. Using NVIDIA’s GPU workloads as a case study, we’ll provide a focused view on how host device passthrough is accomplished with KubeVirt as well as providing some performance metrics comparing KubeVirt to standalone KVM. You’ll come away with a high level understanding of what KubeVirt is capable of and the general design principles that drive the project.

Speakers

David Vossel

Principal Software Engineer, Red Hat

Vishesh Tanksale

Sr. Software Engineer, NVIDIA

Vishesh is a Software Engineer at Nvidia. He is focussing on different aspects of enabling VM workload management on Kubernetes Cluster. He is specifically interested in GPU workloads on VMs. He is a active contributor to Kubevirt, a CNCF Sanbox Project.

KubeCon 2019 Virtualized GPU Workloads on KubeVirt pdf

Wednesday November 20, 2019 10:55am - 11:30am PST
Room 1AB - San Diego Convention Center Upper Level

Taming Cortex Configuring for maximum performance(1) pdf

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

10:55am PST

Performance Tuning and Day 2 Operations - Goutham Veeramachaneni, Grafana Labs

Cortex is a distributed version of Prometheus with a lot of moving parts. We have a pretty good getting started guide with enough information to get a working cortex cluster that can ingest data and answer queries. But there is limited material on the day 2 operations: Capacity planning, query performance debugging, and general health monitoring. In this talk, we will take you through the debugging workflow, the typical knobs that should be tweaked for optimal performance, the mixin for cortex that covers the dashboards and alerts, and in general how to approach debugging and maintaining an existing cortex cluster.

Speakers

Gouthan Veeramachaneni

Senior Software Engineer, Grafana Labs

Goutham is a developer from India who started his journey as an infra intern at a large company where he worked on deploying Prometheus. After the initial encounter, he started contributing to Prometheus and interned with CoreOS, working on Prometheus's new storage engine. He is now... Read More →

Wednesday November 20, 2019 10:55am - 11:30am PST
Room 6C - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

10:55am PST

SIG Testing Intro - Sean Chase & Erick Fejta, Google

This session will provide an overview of the testing infrastructure and automation used by the kubernetes project. We manage over 180 GitHub repos, generate test results from over 10,000 jobs per day. We'll walk through some of the improvements we've made to enable contributor self-service since last KubeCon.

Speakers

Erick Fejta

Staff Software Engineer, Google

Erick works at Google. He writes tooling for the kubernetes community and helps chair sig-testing. He helps create and maintain a lot of community infrastructure such as peribolos, prow, testgrid, kubetest and gubernator. He is also the lesser-known human face behind fejta-bot, which... Read More →

Sean Chase

Software Engineer, Google

Sean Chase is a Engineering Productivity Developer at Google who has worked with the Kubernetes community for 3 years. He maintains and develops TestGrid and Prow, to keep the PRs and tests flowing. Sean has years of experience with both tests and grids.

Sig Testing Intro Presentation pdf

Wednesday November 20, 2019 10:55am - 11:30am PST
Pacific Ballroom, Salon 25-26 - Marriott Marquis San Diego Marina Hotel

Experience Level Any
Session Slides Included Yes

10:55am PST

Using TUF and in-toto to Tighten the Release Process - Santiago Torres-Arias, NYU & Justin Cappos, NYU

As enterprise companies move to Cloud Native, the supply chain has become a very attractive target for attacks. An attacker who compromises a project's supply chain can greatly increase the blast radius of their attack to all users of the system. In some cases the exploit is an unintended bug (e.g. Equifax); in others, it is more insidious. In this talk, Santiago and Justin will show you how you can use TUF and in-toto to create a tightly-secured software supply chain. Starting from secure container delivery using TUF, and moving towards the left to tools like build farms, vulnerability scanners, and version control systems. The talk will be grounded in real business delivery values by pointing out common software supply chain misconfiguration pitfalls and through an integration example on one of the largest open source operating systems.

Speakers

Santiago Torres

PhD Student, New York University

Justin Cappos

Professor, NYU

Wednesday November 20, 2019 10:55am - 11:30am PST
San Diego Ballroom A - Marriott Marquis San Diego Marina Hotel

Experience Level Intermediate (Mid-level experience)

10:55am PST

Multiple Networks for Kubernetes Workloads - Piotr Skamruk, CodiLime & Doug Smith, Red Hat

Embark on a tour of CNI multiplexers -- an adventure in attaching multiple network interfaces to pods. We'll show the advantages of each and provide examples to get you started using them. We'll also talk about the history and future of multiple network attachments in Kubernetes.
Kubernetes is based on simplicity, and Kubernetes networking is no different-- simplicity is king. Each pod is given a single IP address, and a single network in which “everything sees everything”.
This model is not always what consumers expect, especially for high performance networking. In this world we need to have network isolation (to isolate traffic between control & data planes) or to have multiple interfaces in pods. This provides operators better control over functionality, latency and throughput.
We'll make sure you're geared up for the adventure with CNI multiplexers and multiple network attachments!

Speakers

Doug Smith

Prinicipal Software Engineer, Red Hat, Inc.

Doug Smith is a Principal Software Engineer for OpenShift Engineering at Red Hat. Focusing on Network Function Virtualization and container technologies, Doug integrates new networking technologies with container systems like Kubernetes and OpenShift. He is a member of the Network... Read More →

Piotr Skamruk

Software Engineer, Travelping

Piotr is a long-time GNU/Linux and Forth language enthusiast, sys administrator and sys developer. He has worked on kernel sources, backend apps and even on frontends in a wide variety of languages. At Intel he did the kvm flavor for CoreOS RKT, enabling it to run containers on VMs... Read More →

Multiple Networks for Kubernetes Workloads pdf

Wednesday November 20, 2019 10:55am - 11:30am PST
Pacific Ballroom, Salon 20-22 - Marriott Marquis San Diego Marina Hotel

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

10:55am PST

Running Large-Scale Stateful Workloads On Kubernetes at Lyft - Surinder Singh & Anmol Khurana, Lyft

Along with core services, K8s at Lyft also forms the base to run a large variety of data processing stateful data processing jobs which includes Spark, Flink and other jobs via various ML and Data processing pipelines.

At Lyft, K8s has become the driver for the majority of our data processing needs running 10s of thousands of concurrent jobs. Operating the platform at this scale presents an unique set of challenges which get more complex with highly variable load pattern.

In this talk, the speakers will share their journey through some of these challenges and learnings.
- Potential pitfalls of running stateful jobs on K8s.
- Knobs/tweaks to optimize K8s for stateful jobs.
- Running k8s in a cloud environment.
- Building a fault-tolerant self-healing system with multiple K8s clusters underneath.

Talk will also focus on optimizations done to support the widely used workloads at Lyft.

Speakers

Surinder Singh

Software Engineer, Lyft

Surinder Singh is a software engineer at Lyft in Seattle. He led execution plane for Flyte, Lyft’s open-source Machine learning and Data processing pipelines platform. Before Lyft, Surinder was at Microsoft where he worked on Azure Storage and SQL Server Query Optimizer.

Anmol Khurana

Software Engineer, Lyft

Anmol Khurana is a software engineer at Lyft. He is part of Data Platform team responsible for leading effort on Containerized Spark on K8s. Before Lyft, Anmol was at Amazon for 5+ years mostly with AWS Elastic Block Store team.

Stateful workloads lyft kubecon pdf

Wednesday November 20, 2019 10:55am - 11:30am PST
Ballroom Sec 20AB - San Diego Convention Center Upper Level

Implementing a Customer Focused SLA for a Kubernetes Based PaaS pdf

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

10:55am PST

Implementing a Consumer Focused SLA for a Kubernetes Based PaaS - Shrenik Dedhia, Box

Box's (internal) Platform as a Service empowers other Box teams to deliver 100's of micro services, on 1000's of hosts, across 10,000's of pods. As they scaled to support a large number of micro services and clusters, they ran into several scaling challenges around both the control and data planes. In order to deliver a production-grade platform, they realized the need for a Service Level Agreement (SLA) for their platform to not only demonstrate availability for infrastructure, but also "value" for a consumer, and serve as a benchmark to prioritize those challenges.

In this talk, Shrenik Dedhia will present how their team approached the problem of defining a SLA, principles used, options explored, path chosen, and future work to improve the platform's availability from ~99.4% to ~99.99%, thereby improving the overall availability of micro services that power Box.com.

Speakers

Shrenik Dedhia

Sr. Staff Engineer / TLM, Box

Shrenik has been at Box for about 2yrs as a Sr. Staff Engineer, with total 10+ years of experience in designing and implementing secure and scalable platforms. Shrenik is currently leading the Platform As A Service team at Box.

Wednesday November 20, 2019 10:55am - 11:30am PST
Room 11AB - San Diego Convention Center Upper Level

Performance

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

10:55am PST

Binary Authorization in Kubernetes - Aysylu Greenberg, Google & Liron Levin, Palo Alto Networks

Kritis is an open-source solution for securing your software supply chain for Kubernetes applications. Kritis enforces deploy-time security policies that ensures only trusted container images are deployed on kubernetes to your cluster. With Kritis, you can require images to be signed by trusted authorities during the development process and then enforce signature validation when deploying. Kritis enables tighter control over your container environment by ensuring only verified images are integrated into production.
Talk outline:
- Introduction to the concept of binary authorization
- Live demo of using Kritis and Grafeas for deploying images with confidence in Kubernetes
- Grafeas and Kritis roadmap
At the end, attendees will gain solid understanding on the process of binary authorization and how to incorporate it in their build and deployment pipelines

Speakers

Liron Levin

Chief software architect, Palo alto networks

Liron is the Chief Software Architect at Twistlock, where he focus on scaling, engineering methodologies and security . Before that, he worked as a tech lead at Microsoft on cloud computing and machine learning projects. He is an active contributor to popular open source go projects... Read More →

Aysylu Greenberg

Senior Software Engineer, Google

Aysylu Greenberg is the Tech Lead of GCP Container Analysis, focusing on the software supply chain integrity and security. In her spare time, she ponders the design of systems that deal with inaccuracies, enthusiastically reads CS research papers, and paints.

KubeCon 2019 grafeas kritis.pptx pdf

Wednesday November 20, 2019 10:55am - 11:30am PST
Room 16AB - San Diego Convention Center Mezzanine Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

10:55am PST

Stitching a Service Mesh Across Hundreds of Discrete Networks - Jason Webb & Anil Attuluri, Intuit

Intuit has experienced large growth in its microservices ecosystem over the last few years, which was primarily using a hub and spoke API Gateway for service communication. As the ecosystem expanded, the increased latency and data transfer costs became significant. To facilitate future growth efficiently, Intuit needed a better model. Moving to a distributed Service Mesh running on k8s to enable secure service-to-service communication was the solution. As Intuit was building a migration path for hundreds of services communicating across discrete networks, they faced a host of challenges. While developing a platform to provide end-to-end encryption, they defined a pattern for federated workload identities and learned to manage a federated set of mesh control planes. Jason and Anil will share these learnings and Admiral, a project they are open-sourcing that enabled the migration path.

Speakers

AnilKumar Attuluri

Software Engineer, Intuit, Inc.

Anil is a Software Engineer at Intuit working on some of the key challenges to move Intuit's microservices onto Service Mesh. His other areas of work at Intuit include distributed and scalable rate limiting algorithm, orchestration layer in API Gateway for Graphql and designing OSGi... Read More →

Jason Webb

Principle Engineer, Intuit

Jason is the Services Fabric Chief Architect at Intuit. Where he works on building tools and platforms to enable Intuit’s microservices ecosystem. Jason is passionate about cloud-native infrastructure, developer tools & experience, and open source. Prior to Intuit, Jason worked... Read More →

admiral v3 KUBECON2019 pdf

Wednesday November 20, 2019 10:55am - 11:30am PST
Room 6F - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

Terin Stock

Software Engineer, Cloudflare

Software engineer working on scaling bare-metal Kuberentes clusters by day. Builds experiments with esoteric 90s technology by night. Previous talks include an introduction to Kubernetes controllers at KubeCon EU 2018 and Building a Go-based MIDI Player at FOSDEM 2019.

KubeCon NA 2019 K9P v2 pdf

Wednesday November 20, 2019 11:50am - 12:25pm PST
Room 1AB - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

11:50am PST

Case Study: AI-as-a-Service on Kubernetes at Scale and In Production - Itay Gabbay, Israel Ministry of Defense (MOD) & Tushar Katarki, Red Hat

AI is popular and yet faces two big challenges in the industry: 1) self-service and automation 2) Use in real production.

At the Israel Ministry of Defense we are taking on the challenges with containers and Kubernetes. We have built AI-as-a-service with open source tools and Kuberentes. Our Data Scientists use the service for data, experimentation and to deliver models into production iteratively with self-service and automation.

Using Kubernetes, we are able to run massive machine learning pipelines automatically, and improve our machine learning models. We implemented several principles of AutoML - a wide research area nowadays. Using AutoML & Kubernetes, we can further improve our machine learning models and pipelines - automatically.

Come find out how we built our AI service on Kubernetes, issues we ran into and best practices with a live demo and supporting slides.

Speakers

Tushar Katarki

Product Manager, Red Hat

Tushar Katarki is a senior technology professional with experience in cloud architecture, product management and engineering. He is currently at Red Hat as a product manager for OpenShift with focus on AI/ML on OpenShift . Tushar is involved with several open source projects around... Read More →

Itay Gabbay

Machine Learning Engineer, MOD Israel

Itay Gabbay is a software engineer specialized in machine learning and AutoML. He is currently at the Israeli ministry of defense, responsible for a machine learning platform he designed and implemented, based on OpenShift.

AI ML Case Study Kubecon SD 2019 pdf

Wednesday November 20, 2019 11:50am - 12:25pm PST
Room 6C - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

11:50am PST

Leveling Up Your CD: Unlocking Progressive Delivery on Kubernetes - Daniel Thomson & Jesse Suen, Intuit

Kubernetes Continuous Delivery methods have continued to evolve to more advanced strategies such as canary, A/B testing, and blue-green. Progressive delivery is the next step of CD, enabling service promotion for a subset of users in an automated fashion backed by metrics.

There’s no one-size-fits-all on what are the appropriate metrics to drive promotions. Often, the four golden signals (latency, traffic, errors, saturation) are used, but what if this isn’t enough? More sophisticated techniques might use algorithmic or even AI-driven analysis.
The Argo Experiment and Analysis CRDs provides simple constructs to drive automated promotion in an extensible fashion.

This session discusses how Intuit leverages experimentation and analysis, the challenges in providing an automatic but generic approach to analyzing experiments, and envisioning the future of declarative progressive delivery.

Speakers

Jesse Suen

CTO, Akuity

The co-creator and a project lead on the Argo project. Prior to founding Akuity, Jesse was a Principal Software Engineer and technical lead for the Argo team at Intuit, leading the design and architecture for Workflows, CD, and Rollouts. Jesse was a founding engineer at Applatix (acquired... Read More →

Daniel Thomson

Software Engineer, Stytch

Danny Thomson is a software engineer at Stytch working to build the future of user authentication through passwordless options. Previously, Danny worked at Intuit on their Modern Saas platform and contributed to their open-source project: Argoproj. He believes that developer services... Read More →

Progressive Delivery & Argo Rollouts pdf

Wednesday November 20, 2019 11:50am - 12:25pm PST
Ballroom Sec 20CD - San Diego Convention Center Upper Level

CI/CD

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

11:50am PST

Panel: Beyond Codes of Conduct: Igniting Diversity in Your Community - Jemma Bolland, The Scale Factory; Lara Owen, Github; Shanis Windland, VMware; & Kevin Stewart, Independent

There’s diversity – and then there’s inclusion. The difference between being invited and being a valued participant is vast. The Kubernetes and KubeCon community have made significant strides on both the diversity and inclusion front – but should not be satisfied with progress to date. Join this panel of thought leaders to learn how to turn a diverse community into an inclusive one, hear the challenges of building versus changing a culture, and how to ignite the power of diversity where you contribute.
How does the KubeCon/K8s community continue to lead the way in both diversity AND inclusion? Time to fill the dance floor. It's still too empty.

Speakers

Shanis Windland

VP, Diversity & Inclusion, VMware

Shanis Windland is the new VP of Diversity & Inclusion at VMware. Shanis joined VMware in December, coming from the Heptio acquisition. Shanis is a vigorous advocate of diversity AND inclusion - and will be a strong leader for VMware on this journey. Shanis lead a panel discussion... Read More →

Jemma Bolland

COO, The Scale Factory

Jemma is in charge of operations, marketing, people and finance at The Scale Factory. Her 15+ years’ experience in operational, strategic and marketing roles with start-ups and SMEs in the UK and Australia brings a wealth of insight to her role. Jemma's experience in the start-up... Read More →

Kevin Stewart

Kevin Stewart is an engineering leader on sabbatical. Previously, he held VP Engineering positions at Fastly, Heptio (now VMware) and NodeSource and was a Director of Engineering at Adobe.

Lara Owen

Director, Global Workplace Experience, GitHub

An instructor at Remote-How Academy, a speaker at the first-ever Running Remote Conference, and honored as one of 2018’s Bisnow Bay Area Thought Leaders, Lara Owen is the Director of Global Workplace Experience at GitHub and is responsible for ensuring 1200+ employees, scattered... Read More →

Wednesday November 20, 2019 11:50am - 12:25pm PST
Room 6D - San Diego Convention Center Upper Level