KubeCon + CloudNativeCon North America 2019

7:30am PST

Registration + Badge Pick-up at San Diego Convention Center (Main Conference Venue)

Monday November 18, 2019 7:30am - 6:00pm PST
Foyer A & B - San Diego Convention Center Ground Level

8:00am PST

AWS Container Day 2019 San Diego hosted by AWS (Free Additional Registration Required)

Start off your KubeCon 2019 in San Diego with AWS! In this full-day event, we'll cover how Amazon EKS makes it easy to deploy, manage, and scale containerized applications using Kubernetes on AWS through talks, demos, and a workshop. We'll have team members hanging out all day to help answer questions!

The day will include:

Discussion of the EKS feature roadmap with the EKS team
Deep dive on machine learning and deep learning with EKS
Hands-on EKS workshop to help get you up in running
Partner discussions on how to use community and 3rd party tools with EKS

If you're interested in joining the workshop, please bring your laptop.

How to Register: Registration is now closed.

For questions regarding this event, please reach out to containers-pmm@amazon.com.

Monday November 18, 2019 8:00am - 5:00pm PST
Pacific Ballroom - Wyndham San Diego Bayside

8:00am PST

Cloud Native Security Day hosted by CNCF (Additional Registration + Fee Required)

Cloud Native Security is a multi-objective and multi-constrained problem space spanning many areas. Pretty much everything falls into security, from identity management to storage solutions. Cloud Native Security Day is intended to drive collaboration, discussion, and knowledge sharing of cloud native security accomplishments and roadblocks. Get connected with others that are passionate about security. Learn from practitioners about pitfalls to avoid, hurdles to jump, and how to integrate security into your cloud native project, architecture, and enhance team awareness on security.

How to register: Pre-registration is required. To register for Cloud Native Security Day Hosted by CNCF, add it on during your KubeCon + CloudNativeCon registration.

Monday November 18, 2019 8:00am - 5:00pm PST
San Diego A - Marriott Marquis San Diego Marina Hotel

8:00am PST

EnvoyCon 2019 hosted by CNCF (Additional Registration + Fee Required)

Originally built at Lyft and now a CNCF graduated project, Envoy is a cloud-native high-performance edge/middle/service proxy. In a short period of time, Envoy has been widely adopted throughout the industry in a variety of different deployment scenarios including edge proxy, “service mesh,” internal middle-proxy load balancer, etc. Envoy’s extensibility, performance, quality, API driven configuration, and community have all been drivers for the rapid growth of the project.

The Envoy maintainers are excited to announce the 2nd annual EnvoyCon, a practitioner-driven community conference that emphasizes end-user case studies as well as deep technical talks from vendors that have chosen to build offerings on top of Envoy (zero product pitches!). Come join us for an exciting day of technical content and networking (both the social and computing kind). Learn more about Envoy.

How to register: Pre-registration is required. To register for EnvoyCon 2019, add it on during your KubeCon + CloudNativeCon registration.

Monday November 18, 2019 8:00am - 5:00pm PST
Pacific Ballroom, Salon 16/17/19 - Marriott Marquis San Diego Marina Hotel

8:00am PST

Modern Service Mesh and API Management hosted by Kong (Additional Registration + Fee Required)

Breakfast & Registration
9am - 10am

API Gateway & Ingress Management
10am - 12pm
Ingress management is an important part of your configuration and operations. When services are exposed outside a cluster, one needs to take care of authentication, observability to maintain SLOs, auditing, encryption and integrations with other third-party vendors, amongst other things.
During this workshop, we'll go through the architecture and design of an Ingress layer, and set up Kong on Kubernetes.
We will interact and configure Kong via `kubectl` to expose the services running inside the cluster, perform transformations, traffic throttling, authentication, logging on traffic flowing through the cluster.

Lunch & Networking
12pm - 1pm

Service Mesh
1:00pm - 2:45pm
Service mesh is a new pattern to build reliable distributed and decoupled applications, but often too complicated to implement with 1st generation control planes. Kong takes a new approach to service mesh with Kuma in order to build modern architectures across a large variety of platforms, including Kubernetes and VMs. Kuma is a universal control plane that addresses limitations of 1st generation service mesh technologies by enabling seamless management of any service on the network.
We’ll walk you through easily setting up service mesh across multiple environments, and enabling security and observability – in any network – automatically. We will introduce new concepts and products along the way, and let developers and architects of any skillset being comfortable with service mesh.
Registrants may choose to attend morning or afternoon sessions. Light breakfast, lunch and refreshments will be provided.

How to register: Pre-registration is required. To register for Modern Service Mesh and API Management, add it on during your KubeCon + CloudNativeCon registration.
For questions regarding this event, please reach out to events@konghq.com.

Monday November 18, 2019 8:00am - 5:00pm PST
Room 3 - San Diego Convention Center Upper Level

8:00am PST

Registration + Badge Pick up at Embassy Suites

Monday November 18, 2019 8:00am - 6:00pm PST
Main Lobby - Embassy Suites

8:00am PST

Registration + Badge Pick-up at Hard Rock Hotel

Monday November 18, 2019 8:00am - 6:00pm PST
Main Lobby - Hard Rock Hotel

CNCF End User Partner Summit (Additional Registration + Fee Required)

The CNCF End User Partner Summit brings together cloud native users to share best practices and lessons learned. The day will start with stories from end users, and their journey to overcome the challenges of adopting cloud native across different industries. It will continue with an unconference, where attendees can meet peers and learn how to navigate and contribute to the cloud native community.

Tickets cost USD $100 which is donated to the diversity scholarship. Your organization must be a member of the CNCF End User Community (https://www.cncf.io/people/end-user-community/) to attend. End user members may purchase up to four tickets, and end user supporters may purchase up to two. Contact chung@linuxfoundation.org with any questions.

How to register: Pre-registration and approval is required. To apply for this event add it on during your KubeCon + CloudNativeCon registration.

Agenda

8:00 Registration and welcome - Cheryl Hung, CNCF
8:30 Jeff Brewer, TOC End User Representative - Jeff Brewer, Intuit
8:50 Testing your Kubernetes cluster for scalability - Federico Hernandez, Meltwater
9:00 APIs Mesh, the new landscape of API management in K8s - Jean-Christophe Counio, WeWork
9:10 ChubaoFS, a new distributed filesystem storage solution for K8s - Liying Zhang and Wei Ding, JD.com
9:30 Open sourcing Kruise Wizard, a tool to create repeatable and standardized Kustomized based deployments - Ken, Fabio and Ryan, Mastercard
10:00 Talk and demo about Keikoproj - Shri Javadekar, Intuit.
10:30 Unconference
- Cluster Lifecycle - When and how to upgrade Kubernetes - Federico Hernandez, Meltwater
  - In place upgrades vs new clusters.
  - Testing new versions (and self-developed tooling to support this).
  - Upgrade process (and self-developed tooling to support this).
  - Procedures and practices around the upgrade to guarantee zero-down time for the tenants.
- CNCF End User Case Studies - Julie Dam, CNCF
11:00 Maintainers panel - ask questions to Alexis Richardson, Michelle Noorali, Eduardo Silva, Torin Sandall, Derek Collison
11:30 Wrap up

How is cloud native security different than the cloud security you already know?
How do you do more than just “shift left” and really integrate runtime security intelligence back with developers?
How does a cloud-native, container-first approach change the traditional “firewall” model of security?
How do you build security that spans all your modern compute options - from VMs to containers to serverless and everything in between?

Interested in speaking? Submit a CFP here: https://www.papercall.io/cnl-kubecon-colo. Deadline: October 18

How to Register: Pre-registration is required. To register for Cloud Native Live: Evolving Security, add it on during your KubeCon + CloudNativeCon registration.

For questions regarding this event, please reach out to cloudnativelive@paloaltonetworks.com.

Monday November 18, 2019 9:00am - 5:00pm PST
Room 16AB - San Diego Convention Center Mezzanine Level

9:00am PST

Continuous Delivery Summit hosted by Continuous Delivery Foundation (Additional Registration + Fee Required)

The Continuous Delivery Summit is a one-day event that brings together the open source CI/CD community. Meet peers and drive the future direction of continuous delivery.

How to register: Pre-registration is required. To register for Continuous Delivery Summit, add it on during your KubeCon + CloudNativeCon registration.

For questions regarding this event, please reach out to eruf@linuxfoundation.org.

Monday November 18, 2019 9:00am - 5:00pm PST
Room 1AB - San Diego Convention Center Upper Level

Registration + Badge Pick-up at San Diego International Airport (Terminal 1)

Monday November 18, 2019 10:00am - 6:00pm PST
Terminal 1 Baggage Claim by Main Information Desk - San Diego Int'l. Airport

10:00am PST

Registration + Badge Pick-up at San Diego International Airport (Terminal 2)

Monday November 18, 2019 10:00am - 6:00pm PST
Terminal 2 Baggage Claim across from Carousel 6 - San Diego Int'l. Airport

Lightning Talk Sessions, Application + Development

Lightning Talk: What Makes a Good Multi-tenant Kubernetes Solution? - Victor Varza, Adobe

Multi-tenancy leads to sharing resources with hundreds of independent users or teams. Currently, Kubernetes primitives do not provide support for running production workloads in a multi-tenant architecture.

This talk is focused on how to glue together open-source technologies in order to achieve soft multi-tenancy requirements such as: self-management, access control, resource control and workload isolation.

You will learn how to build production ready cross-cloud multi-tenant clusters using Kubernetes primitives and other open-source technologies like Cilium, Heptio Contour, Kata Containers, Open Policy Agent and friends.

Speakers

Victor Varza

Sr. Cloud Software Engineer, Adobe

Victor Varza is a Senior Cloud Software Engineer at Adobe Romania, where he is currently working on running an enterprise cross-cloud multi-tenant microservices platform based on Kubernetes. He has over 8 years of experience in development of large-scale platforms based on Linux... Read More →

What Makes a Good Multi Tenant Kubernetes Solution pdf

Monday November 18, 2019 5:02pm - 5:07pm PST
Exhibit Hall AB - San Diego Convention Center Ground Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

5:08pm PST

Lightning Talk: Boosting Your kubectl Productivity - Mauricio Salatino, LearnK8s

If you work with Kubernetes, then kubectl is probably one of your most-used tools. Whenever you spend a lot of time working with a specific tool, it is worth to get to know it very well and learn how to use it efficiently. The goal of this lighting talk is not only to make your daily work with Kubernetes more efficient but also more enjoyable!

Speakers

Mauricio Salatino

Software Engineer, Diagrid

Mauricio works as an Open Source Software Engineer at @Diagrid, contributing to and driving initiatives for the Dapr OSS project. Mauricio also serves as a Steering Committee member for the Knative Project and Co-Leading the Knative Functions initiative. He published a book titled... Read More →

Monday November 18, 2019 5:08pm - 5:13pm PST
Exhibit Hall AB - San Diego Convention Center Ground Level

Lightning Talk Sessions, Customizing + Extending Kubernetes

Experience Level Beginner (Very basic information)

5:14pm PST

Lightning Talk: Get Started With Non-Code Contributions to Kubernetes - David Strebel, Microsoft

Want to contribute to contribute to the Kubernetes project, but not a coder? This lightning talk will focus on how you can contribute back to Kubernetes without writing a line of code.

There exists this notion of developers, developers, developers and that you need to write code to be able to contribute to open source. There are many different ways that you can help out in an open source project without being a developer. In quick talk we will show the different needs open source projects have for non-code contributions and the roles that fit in for non-code contributors.

Coming away from this lightning talk you will have a good understating of how you can get involved in the Kubernetes project and start contributing with no code at all!

Speakers

David Strebel

Open Source Architect, Microsoft

Dave Strebel is a Global Open Source Architect on the Microsoft Global Black Belt team. Dave focuses on containers, microservice architecture and the cloud-native ecosystem. Dave has been working in technology for over 15 years and has a mixed background across application development... Read More →

Monday November 18, 2019 5:14pm - 5:19pm PST
Exhibit Hall AB - San Diego Convention Center Ground Level

Lightning Talk Sessions, Community

Experience Level Beginner (Very basic information)

5:20pm PST

Lightning Talk: Kuber-What-Es?! Misadventures in Building UIs for K8s-Based ML Platforms - Alexandra Johnson, Independent

Last year, our team set out to build a machine learning platform for launching hyperparameter optimization jobs. However, after our launch, the kubernetes-based machine learning platform wasn't a hit with our internal users. This talk explains why, starting with our three critical user interface design decisions, the two problems these led to, and our one direction for future work. This talk is meant to be a very compact, but honest, look at some of the user experience challenges faced by teams building kubernetes-based ML platforms.

Speakers

Alexandra Johnson

Tech Lead, Independent

Alexandra loves creating simple and easy to use interfaces for complicated products. Until recently, she was the Platform Tech Lead at SigOpt, where she and her team worked on everything from machine learning infrastructure to web dashboards to API design. She is based out of San... Read More →

Kuber what es 2019 pdf

Monday November 18, 2019 5:20pm - 5:25pm PST
Exhibit Hall AB - San Diego Convention Center Ground Level

Lightning Talk Sessions, Machine Learning + Data

Experience Level Beginner (Very basic information)
Session Slides Included Yes

5:26pm PST

Lightning Talk: Code Kubernetes While You Are Using It - Mario Loriedo, Red Hat

This lightning talk is about deploying a development platform on a Kubernetes cluster and using it to code and rollout an Kubernetes component update. Without stopping coding.

To do so we are going to use Eclipse Che, a container based IDE that runs on Kubernetes and is particularly adapted for rapid cloud native development.

Speakers

Mario Loriedo

Senior Principal Software Engineer, Red Hat

Mario is a Senior Principal Software Engineer at Red Hat and a CNCF Ambassador. He works on container-based developer tools. He co-maintains the CNCF Devfile project and leads the Eclipse Che project. He has been a speaker at conferences such as KubeCon, LinuxCon, JavaOne and FOS... Read More →

Coding Kubernetes While You Are Using It pdf

Monday November 18, 2019 5:26pm - 5:31pm PST
Exhibit Hall AB - San Diego Convention Center Ground Level

Lightning Talk Sessions, Application + Development

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

5:32pm PST

Lightning Talk: Sharing a GPU Among Multiple Containers - Patrick McQuighan, Algorithmia

We’ve been sharing GPU resources across multiple containers since 2016, and we’ve learned a few lessons along the way. In this lightning talk, we’ll walk you through the work we’ve done and discuss some newer approaches to the same problem.

Specifically, this talk will address:

* Why GPUs matter
* What makes sharing GPUs across containers hard
* How we’ve managed to share GPUs in the past
* Recent solutions, including the GPUShare Scheduler Extender project (https://github.com/AliyunContainerService/gpushare-scheduler-extender)

Speakers

Patrick McQuighan

Senior Software Engineer, Algorithmia

Patrick joined Algorithmia in December 2015 and has focused on improving system performance and creating the Enterprise AI Layer Enterprise product, an ML deployment and management system that runs on multiple cloud providers and on-prem infrastructures. Previously, Patrick worked... Read More →

McQuighan Share GPUs pdf

Monday November 18, 2019 5:32pm - 5:37pm PST
Exhibit Hall AB - San Diego Convention Center Ground Level

Lightning Talk Sessions, Machine Learning + Data

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

5:38pm PST

Lightning Talk: How the Observability Team at Spotify Radically Decreased On-Call Alerts - Lauren Muhlhauser, Spotify

The Reliability team at Spotify took over the monitoring stack and decreased incident pages by 42% within 6 months. At first, they were devoting all their time to managing on-call alerts and tech debt. Now, on-call alerts are manageable and infrequent, and the team is on a path to using entirely open sourced products.

This stack was developed years prior, when there were few well-developed open source solutions available. Lauren describes how migrations to new tools (Grafana and Prometheus) decreased their backlog and on-call pages. She will also cover the improvements the team made to their own open source products (Heroic and FFWD) and why they chose to continue using and maintaining them. Lastly, she will discuss a new tool that the team will be repurposing and open sourcing in the near future.

Speakers

Lauren Muhlhauser

Site Reliability Engineer, Spotify

Lauren is a Site Reliability Engineer at Spotify on the Observability team. She is currently working on maintaining the monitoring and alerting stack, as well as implementing tracing.

How the Observability Team at Spotify Radically Decreased On Call Alerts pdf

Monday November 18, 2019 5:38pm - 5:43pm PST
Exhibit Hall AB - San Diego Convention Center Ground Level

Lightning Talk Sessions, Observability

Experience Level Beginner (Very basic information)
Session Slides Included Yes

5:44pm PST

Lightning Talk: CRDs All the Way Down – Using OPA for Complex CRD Validation and Defaulting - Puja Abbassi, Giant Swarm

Custom Resource Definitions (CRDs) and custom controllers (aka the operator pattern) are becoming the main way we extend Kubernetes. From etcd and Prometheus to full-on Kubernetes extensions a la Cluster API and Service Broker API - a lot of teams are building operators.

As the CRD concept is maturing SIG API machinery is adding useful features like validation, defaulting, structural schemas, etc. In more complex extensions with multiple CRDs and multiple controllers, we run into validation and defaulting use cases that can only be modeled with custom validation and mutation webhooks.

This talk will discuss use cases for complex CRD validation and defaulting, incl. common use cases like validating a CRD against another CRD. Furthermore, the speaker will make a point of why to use Open Policy Agent as a common agent to implement such use cases.

Speakers

Puja

VP Product, Giant Swarm

Puja Abbassi is the Vice President of Product at Giant Swarm, building a managed cloud native developer platform based on Kubernetes. In Kubernetes he focuses on extending Kubernetes with custom resources and controllers. With many years of Kubernetes experience and having been in... Read More →

Advanced CRD Validation and Defaulting with OPA pdf

Monday November 18, 2019 5:44pm - 5:49pm PST
Exhibit Hall AB - San Diego Convention Center Ground Level

Lightning Talk Sessions, Customizing + Extending Kubernetes

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

5:50pm PST

Lightning Talk: Easily Observing Operators - Lili Cosic, Red Hat

With everyone building their own operator, instrumenting them is an important piece of the puzzle. In this lighting talk, Lili will demonstrate how to implement operator observability by using kube-state-metrics as a library, to natively expose operator specific metrics.

Join this session to learn how to generate operator and custom resource metrics on the fly in just a few lines of code, by leveraging kube-state-metrics.

Speakers

Lili Cosic

Lili is a software engineer but her main focus for the past 7 years has been infrastrucure engienering. Her monitoring focus started at Red Hat where she worked on the OpenShift monitoring team, where she worked on OpenShift monitoring product as well as mantained various open source... Read More →

Monday November 18, 2019 5:50pm - 5:55pm PST
Exhibit Hall AB - San Diego Convention Center Ground Level

Lightning Talk Sessions, Observability

Experience Level Beginner (Very basic information)

5:56pm PST

Lightning Talk: Open Match - Matchmaking Framework - Robert Bailey, Google

Open Match is an open source game matchmaking framework that simplifies building a scalable and extensible Matchmaker. Open Match is designed to give the game developer full control over how to generate quality matches without having to deal with the challenges of building a scalable online production service. It enables the game developer to re-use the core framework code across games, and just focusing on the rebuilding the matchmaking logic custom to each game.

At its core, Open Match comprises of a set of services hosted in a Kubernetes cluster that manage Players, trigger custom matchmaking logic to generate match proposals and provides ability to evaluate these for quality. The framework also provides functionality such as monitoring, alerting, metrics analysis, autoscaling etc.

Speakers

Robert Bailey

Staff Software Engineer, Google

Robert is part of Google's Cloud Gaming team working on open source gaming infrastructure projects founded by Google such as Agones and Open Match. He was previously a lead for the Cluster Lifecycle SIG, worked on Kubernetes for more than 4 years, and was one of the founding members... Read More →

Lightning Talk Open Match pdf

Monday November 18, 2019 5:56pm - 6:01pm PST
Exhibit Hall AB - San Diego Convention Center Ground Level

Lightning Talk Sessions, Application + Development

Experience Level Beginner (Very basic information)
Session Slides Included Yes

6:02pm PST

Lightning Talk: Is Your Kubernetes Cluster's DNS Working? - Jonathan Perry, Flowmill

Your Kubernetes cluster is gaining traction and more and more developers are bringing up new services. That’s great news. But you’ve been getting reports of intermittent service failures that you haven’t been able to track down. It doesn’t seem to be anything else...could it be DNS? Maybe we’re not running enough DNS pods or they are restarting too frequently?

This talk will explain how to actually measure DNS health for your Kubernetes cluster and properly plan its capacity. We will share some specific mechanisms to gather DNS traffic information per service both with some standard Linux tools and systematically with eBPF.

Speakers

Jonathan Perry

Founder, Startup

Jonathan is an OpenTelemetry maintainer, currently working to reduce noisy neighbor in clusters, which should let operators increase workload density and reduce cost per impact. He was founder and CEO at Flowmill (acquired by Splunk), which developed the eBPF collector which became... Read More →

Is Your Kubernetes Cluster's DNS Working pdf

Monday November 18, 2019 6:02pm - 6:07pm PST
Exhibit Hall AB - San Diego Convention Center Ground Level

Lightning Talk Sessions, Networking

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

6:08pm PST

Lightning Talk: Want to Donate a Project to the CNCF? Here's How - Cheryl Hung, CNCF

From the very first open source project, Kubernetes, to over 30 now, the projects are the lifeblood of the CNCF. The most mature (aka graduated) projects have become de-facto industry standards, backed by thriving communities.

However, it's not always clear how new projects are chosen to enter the CNCF.

Cheryl explains how you can propose a project to join the CNCF, and what the Technical Oversight Committee is looking for.

Speakers

Cheryl Hung

Sr Director, Infrastructure Ecosystem, Arm

Cheryl brings engineers together to build the future of infrastructure, especially cloud native and open source.As Senior Director at Arm, Cheryl leads ecosystem strategy to drive adoption across cloud, 5G and networking. She also founded the Cloud Native London meetup with 8000... Read More →

Want to donate a project to the CNCF Here's how Cheryl Hung 18 November 2019.pptx pdf

Monday November 18, 2019 6:08pm - 6:13pm PST
Exhibit Hall AB - San Diego Convention Center Ground Level

Lightning Talk Sessions, Community

Experience Level Beginner (Very basic information)
Session Slides Included Yes

6:15am PST

Group Fun Run

Group Fun Run will meet at 6:15 am near the Grand Staircase outside Hall D of the San Diego Convention Center.

Join other runners each morning and see some local San Diego sights like the Gaslamp Quarter, the Embarcadero, Petco Park, and more! Please meet at the San Diego Convention Center Grand Staircase (outside hall D) at 6:15 am. Participants will be required to provide their own running attire and water.

Please sign up using the Google Form for updates.

Meet Time: 6:15 AM
Start Time: 6:30 AM

Tuesday November 19, 2019 6:15am - 6:30am PST
Grand Staircase, Outside Hall D - San Diego Convention Center

Experience Level Any

7:00am PST

Continental Breakfast (Main Conference Venue)

Tuesday November 19, 2019 7:00am - 9:00am PST
Foyer A & B - San Diego Convention Center Ground Level

7:00am PST

Registration + Badge Pick-up at San Diego Convention Center (Main Conference Venue)

Tuesday November 19, 2019 7:00am - 6:00pm PST
Foyer A & B - San Diego Convention Center Ground Level

7:30am PST

The New Stack Pancake Breakfast: Kubernetes and Cloud-Native Security - sponsored by Palo Alto Networks

Seating availability limited and on a first-come-first-serve basis. This event tends to fill up fast, so get in line early to secure your spot.

The reports are in — Kubernetes and cloud-native technologies open the attack surface far and wide. Come have a short stack with The New Stack for a Q&A with our expert panelists about the issues and options for managing security in cloud-native workloads. Be prepared and enjoy some pancakes at KubeCon + CloudNativeCon in San Diego!

Moderators

Joab Jackson

Reporter, The New Stack

Alex Williams

Founder and Publisher, The New Stack

Alex Williams is founder and publisher of The New Stack, a content platform for the people who build and manage software the world relies on. He was an editor at ReadWriteWeb and TechCrunch before leaving in 2014 to start The New Stack. Alex hosts The New Stack Makers pancake and... Read More →

Speakers

Sean Michael Kerner

Reporter, TechJournalist

Sean Michael Kerner is a technology journalist and his coverage of the technology industry appears in multiple publications around the world. Kerner is also an IT consultant, technology enthusiast and tinkerer, and has been known to spend his spare time immersed in the study of the... Read More →

John Morello

VP of product for Prisma, Palo Alto Networks

John Morello is the VP of Product at Palo Alto Networks, and the former Chief Technology Officer at Twistlock. Prior to that, John was a CISO at a Fortune 500 global chemical company. Before that, he spent 14 years at Microsoft, in both Microsoft Consulting Services and product... Read More →

Chenxi Wang, Ph.D.

Managing General Partner, Rain Capital

Chenxi Wang, Ph.D., founder of the Jane Bond Project. Dr. Wang also serves on the board of directors for the Open Web Application Security Project (OWASP) Foundation, as an investment advisor to ClearSky Cyber Security and SixThirty Cyber and a strategy advisor to various security... Read More →

Tuesday November 19, 2019 7:30am - 8:45am PST
Room 2 - San Diego Convention Center Upper Level

8:00am PST

Quiet Room

Tuesday November 19, 2019 8:00am - 6:00pm PST
Room 13 - San Diego Convention Center Mezzanine Level

9:00am PST

Keynote: Hiding in the Dark - Dan Kohn, Executive Director, Cloud Native Computing Foundation

What can Minecraft teach us about the adoption of cloud native technologies?

Speakers

Dan Kohn

General Manager, Linux Foundation Public Health, Linux Foundation

Dan leads Linux Foundation Public Health, a new initiative to use open source software to help public health authorities combat COVID-19 and serves as VP, Strategic Programs for the Cloud Native Computing Foundation, which sustains and integrates open source technologies like Kubernetes... Read More →

1 Dan Kohn pptx

Tuesday November 19, 2019 9:00am - 9:10am PST
Exhibit Hall AB - San Diego Convention Center Ground Level

Session Slides Included Yes

9:10am PST

Keynote: CNCF Updates - Cheryl Hung, Director of Ecosystem, Cloud Native Computing Foundation

Speakers

Cheryl Hung

Sr Director, Infrastructure Ecosystem, Arm

2 Cheryl Hung pdf

Tuesday November 19, 2019 9:10am - 9:20am PST
Exhibit Hall AB - San Diego Convention Center Ground Level

Session Slides Included Yes

9:20am PST

Keynote: CNCF Project Updates - Bryan Liles, KubeCon + CloudNativeCon North America 2019 Co-Chair & Senior Staff Engineer, VMware

Speakers

Bryan Liles

Senior Staff Engineer, VMware

Bryan Liles is a Senior Staff Engineer at VMware where he runs multiple projects, including Octant, a tool which allows you to view your Kubernetes in a graphical fashion. Over the past decade, Bryan has spoken on myriad topics from machine learning, developer health, programming... Read More →

3 Bryan Liles TuesdayMorning Fixed NEW.pptx pdf

Tuesday November 19, 2019 9:20am - 9:45am PST
Exhibit Hall AB - San Diego Convention Center Ground Level

Session Slides Included Yes

9:47am PST

Sponsored Keynote: Keep Kubernetes Caffeinated - Erin Boyd, Principal Software Engineer, Red Hat

Today, we have a whole host of amazing coffee makers that can take a pod of coffee, brew it, deploy it into your cup, add the milk and sweetener, and deliver it just how you like it. In the same way, Kubernetes Operators are taking the complexity out of producing, deploying, and operating applications.
One particular example of where Operators are making a big impact is Storage. Storage features in Kubernetes are evolving to solving more complex problems such as data replication and support for object storage. Come and see how the Rook project is extending these storage capabilities to deliver your applications—just like your favorite cup of coffee.

Speakers

Erin Boyd

Engineer, Red Hat

Erin is currently the Director of Emerging Technologies and Distinguished Engineer at Red Hat in the Office of the CTO. Erin was previously an Apple Cloud Services Engineer at Apple. Erin is a Kubernetes contributor and an Apache Ambari committer. Erin is an active contributor to... Read More →

4 Erin Boyd Red Hat R2 VB.pptx pdf

Tuesday November 19, 2019 9:47am - 9:52am PST
Exhibit Hall AB - San Diego Convention Center Ground Level

Session Slides Included Yes

9:54am PST

Keynote: NATS: Past, Present and the Future - Derek Collison, Founder and CEO, Synadia

A brief history of the NATS project, where it is today, how it fits into cloud-native architecture, and where it's going in the near future.

Speakers

Derek Collison

Founder and CEO, Synadia

Derek Collison is a 30 year industry veteran, entrepreneur, and pioneer in secure and large-scale distributed systems and cloud computing. He helped change the way financial, transportation, and logistics systems fundamentally worked while spending over a decade at TIBCO, designing... Read More →

5 Derek Collison.pptx pdf

Tuesday November 19, 2019 9:54am - 10:14am PST
Exhibit Hall AB - San Diego Convention Center Ground Level

Session Slides Included Yes

10:16am PST

Sponsored Keynote: Bringing Confidential Computing to Kubernetes - Lachlan Evenson, Principal Program Manager, Microsoft Azure

Speakers

Lachie Evenson

Principal Program Manager, Microsoft

Lachlan is a Principal Program Manager on the open source team at Azure. As a cloud native ambassador, emeritus Kubernetes steering committee member and release lead, Lachlan has deep operational knowledge of many Cloud Native projects. He spends his days building and contributing... Read More →

Bringing Confidential Computing to Kubernetes pdf

Tuesday November 19, 2019 10:16am - 10:21am PST
Exhibit Hall AB - San Diego Convention Center Ground Level

Session Slides Included Yes

10:20am PST

Keynote: Closing Remarks - Vicki Cheung, KubeCon + CloudNativeCon North America 2019 Co-Chair & Engineering Manager, Lyft

Speakers

Vicki Cheung

Staff Software Engineer, Lyft

10:25am PST

Coffee Break

Tuesday November 19, 2019 10:25am - 10:55am PST
Sponsor Showcase, Sails Pavillion - San Diego Convention Center Upper Level

10:25am PST

Sponsor Showcase

Tuesday November 19, 2019 10:25am - 8:40pm PST
Sails Pavilion + Ballroom 6AB - San Diego Convention Center Upper Level

Sponsor Showcase

10:55am PST

Containing the Container: Developer Experience vs Strict Security Posture - Brian Bagdzinski & Sharat Nellutla, Verizon

Within Verizon IT we manage multiple multi-tenant Kubernetes clusters across on-prem and multiple clouds hosting hundreds of applications. Containers, Kubernetes, and cloud-native are central pillars: both for our application modernization strategy, and for our north star architecture. However we operate in a highly regulated environment, and our security posture is such that our developers are not permitted to run tools locally that might be considered essential to deliver on this strategy: Docker and Minikube! In this talk we will candidly discuss how we are evolving the developer experience in this space, despite the security constraints, leveraging open source tooling such as Skaffold, Harbor, Kaniko, and Jib.

Speakers

Sharat Nellutla

Associate Director, Verizon

Sharat is an Associate Director at Verizon. With over 15 years of experience in platform engineering and leadership experience, Sharat leads Verizon's enterprise Kubernetes engineering and Gitops platform engineering teams. He is responsible for multi-cloud Kubernetes architecture... Read More →

Brian Bagdzinski

Cloud Engineer, Verizon

Brian Bagdzinski is a Senior Cloud Engineer at Verizon. As an application developer, as well as being part of a small team responsible for launching a Serverless platform, he is very familiar with how process can get in the way of innovation and creativity. This has instilled in him... Read More →

Containing the Container pdf

Tuesday November 19, 2019 10:55am - 11:30am PST
Room 29ABCD - San Diego Convention Center Upper Level

Kubernetes Multitenancy Karl Isenberg KubeCon NA 2019 pdf

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

10:55am PST

Kubernetes at Cruise: Two Years of Multitenancy - Karl Isenberg, Cruise

Cruise has been working on self-driving cars for six years and growing exponentially for most of that time. Two years ago they started using Kubernetes, betting on namespace-level multitenancy to provide isolation between teams and projects. Today they have over 40 internal tenants, 100,000 pods, 4,000 nodes, and… an embarrassing number of KubeDNS replicas.

This session will take you through the motivations, story, and results of migrating to multitenant Kubernetes, along with some hard-earned Pro Tips from the trenches.

You’ll also learn about the open source tooling they built around Spinnaker, Vault, Google Cloud, and Istio in order to integrate with our multitenant Kubernetes.

Come see how they went from barely isolated to very isolated and saved a few million dollars doing it!

Speakers

Karl Isenberg

Anthos Solutions Architect, Google

Karl Isenberg is on the Blueprint Solutions team at Google. Prior to Google Karl lead the PaaS team at Cruise. Before that, Karl worked on the vendor side on container platforms for more than 5 years as a committer on Kubernetes, DC/OS, and CloudFoundry at Mesosphere and Pivotal... Read More →

Tuesday November 19, 2019 10:55am - 11:30am PST
Room 6F - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

10:55am PST

Building Reusable DevSecOps Pipelines on a Secure Kubernetes Platform - Steven Terrana, Booz Allen Hamilton & Michael Ducy, Sysdig

Onboarding development teams can often be the critical point in determining if a team will adopt modern Cloud Native and DevSecOps practices. If there is too much friction for developers to build, scan, and test their applications or to secure their application environments then these best practices are often pushed aside. In this talk we’ll cover how we automated the creation of a trusted software supply chain. Through a live demonstration, we will show how this approach accelerates adoption by allowing developers to inherit a preconfigured pipeline performing various security tests (and underlying tooling) as well as safeguards (via the CNCF Sandbox project Falco) put in place to monitor production workloads for security problems.

Speakers

Steven Terrana

Chief Engineer, Booz Allen Hamilton

Steven is a Chief Engineer at Booz Allen Hamilton focused on building reusable capabilities for the Firm and industry. He uses these capabilities to help organizations adopt all things modern software delivery: DevSecOps, Cloud Infrastructure, Container Orchestration, and Microservice... Read More →

Michael Ducy

Director of Open Source, Sysdig

Michael Ducy started his technology journey at a young age. Always curious, he was once threatened that he’d never have toys bought for him again if he didn’t stop taking them apart to see how they worked. His first workbench was given to him at the age of 5. His first programming... Read More →

kubecon na ppt reg.pptx pdf

Tuesday November 19, 2019 10:55am - 11:30am PST
Ballroom Sec 20AB - San Diego Convention Center Upper Level

CI/CD

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

10:55am PST

Sharing is Caring: How to Begin Speaking at Conferences - Jenny Burcio & Ashlynn Polini, Docker

For many, the idea of speaking in front of a bunch of strangers can be enough to prevent you from ever responding to a CFP. But don't let it! Speaking at conferences, meetups, or even at your own company is a fantastic way to share you knowledge, meet others, advance your career, and give back. Whether you are on the fence, have decided to take the plunge and submit a CFP, or have already even a few talks, this session is for you. Jenny Burcio and Ashlynn Polini will outline tips and strategies for turning your idea into a winning proposal and ultimately a compelling talk. Drawing on their experience reviewing DockerCon CFPs and prepping speakers (including themselves) for a variety of conferences, they will share how to submit and prepare for your first - or next - conference talk.

Speakers

Jenny Burcio

Sr. Manager, Marketing, Docker

Jenny Burcio manages the Docker Community, including managing content for DockerCon and the Captains program, where she helps awesome Docker community members inspire and educate others. Prior to Docker, Jenny worked at Apigee helping to build their community programs and partner... Read More →

Ashlynn Polini

Sr Manager, Events, Docker

Ashlynn Polini runs the user conference known as DockerCon, where she helps awesome Docker community members inspire, connect and learn from each other. Prior to Docker, Ashlynn worked at startups helping to build marketing and operations programs. Ashlynn is a recovering soccer athlete... Read More →

Tuesday November 19, 2019 10:55am - 11:30am PST
Room 31ABC - San Diego Convention Center Upper Level

Kubecon Presentation Only Slightly Bent Uber’s Kubernetes Migration Journey Microservices pdf

Experience Level Beginner (Very basic information)

10:55am PST

Only Slightly Bent: Uber’s Kubernetes Migration Journey for Microservices - Yunpeng Liu, Uber

Uber started using docker containers at scale in 2015, and has gone through a few generations of cluster management and service discovery technologies. In early 2019, we started working on migration from Mesos to Kubernetes to support secure service mesh and machine learning workloads.

This is a complex problem - there are thousands of services, tens of millions of containers to be launched daily while maintaining high machine resource utilization. To that end, a lot of customizations are built into our Kubernetes stack including elastic resource sharing, oversubscription, fast rollback and deploy, changes to service discovery and attestation etc.

This talk will cover:
- Overview of Uber Compute Infra
- API server benchmark and tweaks
- Custom controller and scheduler logic
- CRI: resource, health check, logging, isolation
- SPIRE and service discovery setup at Uber

Speakers

Yunpeng Liu

Sr Software Engineer, Uber

Lead the compute cluster lifecycle management at Uber.Currently working on efficiency and federation projects in Uber Compute.

Tuesday November 19, 2019 10:55am - 11:30am PST
Room 30ABCDE - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

10:55am PST

Running Apache Samza on Kubernetes - Weiqing Yang, LinkedIn Corporation

Apache Samza is a distributed stream processing framework that allows you to process and analyze your data in real-time. It has been widely used at Linkedin and other companies on a large scale. Recently, we added Kubernetes as the new scheduler backend for Samza to run in distributed mode. In this talk, we will deep dive into the technical details about how Samza runs natively on Kubernetes by leveraging the primitives provided by Kubernetes for scheduling, storages, etc. We will also compare running Samza on Kubernetes with other existing solutions such as YARN and standalone mode. Finally, we will share some practices about running Kubernetes as a container orchestration framework for other big data processing engines.

Speakers

Weiqing Yang

Software Engineer, LinkedIn

Weiqing has been working in big data computation frameworks since 2015 and is an Apache Spark/HBase/Hadoop/Samza contributor. She is currently a software engineer in streaming infrastructure team at LinkedIn, working on Samza, Brooklin, etc. Before that, she worked in Spark team at... Read More →

RunningApacheSamzaOnK8s pdf

Tuesday November 19, 2019 10:55am - 11:30am PST
Room 1AB - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

10:55am PST

CNCF SIG-Security Intro - Sarah Allen, CNCF SIG-Security & Brandon Lum, IBM

“Cloud Native” is open source cloud computing for applications — a complete trusted toolkit for modern architectures (CNCF presentation). There are multiple proposed projects which address key parts of the problem of providing access controls and addressing safety concerns. Each of these adds value, yet for these technical solutions to be capable of working well together and manageable to operate they will need a minimal shared context of what defines a secure system architecture.

Speakers

Sarah Allen

Co-chair, CNCF SIG-Security

Sarah was a founding co-chaired the SAFE WG, now renamed to CNCF SIG-Security. She has been worrying about security concerns, since first building Shockwave in the mid-90s (Netscape plug-in and ActiveX control). In early 2000s, she started developing open source as part of the OpenLaszlo... Read More →

Brandon Lum

Software Engineer, Google

Brandon loves designing and implementing computer systems (with a focus on Security, Operating Systems, and Distributed/Parallel Systems). Brandon is a Co-chair of the CNCF Security TAG, and as a part of Google's Open Source Security Team, he works on improving the security of the... Read More →

CNCF Security SIG Intro 19 Nov 2019 pdf

Tuesday November 19, 2019 10:55am - 11:30am PST
Room 6D - San Diego Convention Center Upper Level

Experience Level Any
Session Slides Included Yes

10:55am PST

Intro to gRPC - Jayant Kolhe & Eric Anderson, Google

gRPC is a modern, open source remote procedure call (RPC) framework that can run anywhere. It enables client and server applications to communicate transparently, and makes it easier to build connected systems. Join us for this session to hear about the gRPC project, how you can use it in your applications, and how to get involved with contributing!

Speakers

Eric Anderson

Software Engineer, Google

Eric Anderson is the tech lead of gRPC Java as a software engineer at Google. He contributed to the gRPC wire protocol and is experienced with HTTP/2. Previously, he developed the Connectors 4 framework for the Google Search Appliance. Prior to Google, Eric maintained data-driven... Read More →

Jayant Kolhe

Engineering Director, Google

Jayant is Director of Engineering at Google working in Google Cloud Organization. He has been at Google for last 10 years. He manages teams that work in areas of Networking, distributed systems and APIs. He has led and managed multiple Open Source Projects such as gRPC and Protocol... Read More →

Intro to gRPC pdf

Tuesday November 19, 2019 10:55am - 11:30am PST
Room 14AB - San Diego Convention Center Mezzanine Level

Experience Level Any
Session Slides Included Yes

10:55am PST

Intro: Brigade - Matt Butcher & Radu Matei, Microsoft

Brigade is a lightweight, Kubernetes-native framework which allows the creation of event-driven workflows. Using JavaScript, Brigade chains together containers and controls their execution in an in-cluster scripting environment that enables easy error handling and data sharing. In this session, you will learn how to get started with Brigade, how to use the existing GitHub, CloudEvents and generic event support and integrate them in your workflow, and how different companies are using Brigade to automate their internal workflows (from code quality assessment and security scanning, to automatically generating preview environments for each pull request), and ultimately allow teams to build massively distributed workflows using a few lines of JavaScript.

Speakers

Radu Matei

Software Engineer, Microsoft Azure

Radu is a Software Engineer at Microsoft Azure, working on Kubernetes and open source developer tools for distributed systems. He is a core maintainer of Brigade, as well as of the Cloud Native Application Bundles (CNAB) project.When he is not working on open source, he loves playing... Read More →

Matt Butcher

Principal Software Development Engineer, Microsoft Azure

Matt does cloud native open source development at Microsoft, where he has worked on Brigade, Helm, Krustlet and others. Matt is the author of a bunch of books and articles, most recently O'Reilly's book "Learn Helm" (with Matt Farina and Josh Dolitsky). When not coding, Matt enjoys... Read More →

Matei butcher brigade intro pdf

Tuesday November 19, 2019 10:55am - 11:30am PST
Room 33ABC - San Diego Convention Center Upper Level

Experience Level Any
Session Slides Included Yes

10:55am PST

Intro: Kubernetes SIG PM - Stephen Augustus, VMware

Kubernetes is one of the most high-velocity open source projects in the world, and one of the most unique features of this community project - that it has it's own PM team and PM process. SIG PM, originally established as a Product Management Group, today covers multiple aspects of Product, Program and Project Management of Kubernetes. In this session, the SIG PM co-chairs will provide a brief overview of SIG PM history and basic principles, the areas of interaction with the Kubernetes community, together with the information on how to start contributing to Kubernetes as a PM.

Speakers

Stephen Augustus

Lead, Cloud Native Tools & Advocacy, VMware

Stephen Augustus is an active leader in the Kubernetes community. He currently serves as a Special Interest Group Chair (Release, PM), a Release Manager, and a subproject owner for Azure.Stephen leads the Cloud Native Developer Strategy team at VMware, driving meaningful interactions... Read More →

Tuesday November 19, 2019 10:55am - 11:30am PST
Room 32AB - San Diego Convention Center Upper Level

Experience Level Any

10:55am PST

KubeEdge – Kubernetes Native Edge Computing Framework - Jason Wu & Sean Wang, Futurewei

KubeEdge is an open source edge computing framework that extends the power of kubernetes from central cloud to edge. In this session attendees will learn about: - Why KubeEdge is useful for Edge Computing; - Architecture and major design considerations of KubeEdge; - Latest updates and challenges we faced getting there; - Where KubeEdge is headed. There will be an extended open Q&A at the end for attendees to ask questions. KubeEdge was accepted as the first edge computing project hosted under the Cloud Native Computing Foundation (CNCF) in March 2019.

Speakers

Jason Wu

VP of Product, Futurewei

Sean Wang

senior director, Futurewei

Sean Wang is a senior director at FutureWei Inc in Seattle. He was the founder of Intelligent EdgeFabric platform, a commercial edge computing service which was later on contributed to CNCF as KubeEdge. Sean has deep interest in large scale distributed systems, built and led various... Read More →

2019KubeConNA kubeedge intro pdf

Tuesday November 19, 2019 10:55am - 11:30am PST
Room 17AB - San Diego Convention Center Mezzanine Level

Experience Level Any
Session Slides Included Yes

10:55am PST

OPA Introduction & Community Update - Rita Zhang, Microsoft & Patrick East, Styra

Come to this session to learn about the Open Policy Agent (OPA) project. OPA is a general-purpose policy engine that solves a number of policy-related use cases in Kubernetes and the wider cloud native ecosystem. During this session the OPA maintainers will introduce the project and then provide updates on the latest and greatest features to land in OPA and OPA Gatekeeper.

Speakers

Rita Zhang

Principal Software Engineer, Microsoft

Rita Zhang is a software engineer at Microsoft, based in San Francisco. She leads the Azure Container Upstream team building features for Kubernetes upstream and various CNCF projects. Rita is a Kubernetes SIG Auth co-chair, a maintainer of the Secrets Store CSI Driver project, and... Read More →

Patrick East

Senior Software Engineer, Styra

OPA+Gatekeeper Intro & Update KubeCon 2019 pdf

Tuesday November 19, 2019 10:55am - 11:30am PST
Room 5AB - San Diego Convention Center Upper Level

Experience Level Any
Session Slides Included Yes

10:55am PST

Securing the Software Supply Chain with in-toto - Santiago Torres-Arias & Justin Cappos, NYU

The cloud native ecosystem and tooling allows for rapid development and delivery of applications using various services in different configurations in highly-automated software supply chains. Unfortunately, this supply chain has become an attractive target for attacks. An attacker that compromises any of the steps of the supply chain, compromises a dependency or alters the product in transit, can affect all users at once and with devastating consequences.

In this talk, we will talk about the current integrations of in-toto in the cloud/container space. In addition, we will cover the existing in-toto toolchains and how they can be used in various scenarios, from supply CI systems like Jenkins, to providers such as GitLab, and beyond. We will showcase these in different real-world use cases with concrete examples inspire attendees on how to secure their supply chain.

Speakers

Santiago Torres

PhD Student, New York University

Justin Cappos

Professor, NYU

Justin Cappos is a professor in the Computer Science and Engineering department at New York University, who strives to provide service to society through technology. Justin's research philosophy focuses on solving real world security problems in practice. He and his students often... Read More →

Tuesday November 19, 2019 10:55am - 11:30am PST
Room 23BC - San Diego Convention Center Upper Level

Experience Level Any

10:55am PST

SIG Cloud Provider Intro - Fabio Rapposelli, VMware & Nick Turner, Amazon

The long-term goal of SIG Cloud Provider is to promote a vendor-neutral ecosystem for our community. New vendors providing support for Kubernetes should feel equally empowered to do so as any of today’s existing cloud providers. More importantly, SIG Cloud Provider is focused on ensuring a consistent and high-quality user experience across providers. The SIG acts as a central group for developing the Kubernetes project in a way that ensures all providers share common privileges and responsibilities. This intro session will begin with an introduction to the SIG activities in representing the collective interests of all participating cloud providers in the Kubernetes ecosystem, and help guide participants in how to become involved with SIG and to transition from specific cloud SIGs to Cloud Provider Working Groups.

Speakers

Nicholas Turner

Senior Software Development Engineer, Amazon

Nick works at Amazon Web Services as a software development engineer for EKS where he works on building and operating a Kubernetes platform for customers who run their infrastructure on AWS. In the community, he is active in sig-cloud-provider and the provider-aws subproject, and... Read More →

Fabio Rapposelli

Staff Engineer 2, VMware

Purveyor of all things open source, loves distributed systems and solving complex problems. Renaissance man and human Rube Goldberg machine, Fabio has been working at the intersection between Kubernetes and VMware for the past 4 years. Frequent speaker at conferences such as dotGo... Read More →

KubeCon NA 2019 SIG Cloud Provider 2 pdf

Tuesday November 19, 2019 10:55am - 11:30am PST
Room 7AB - San Diego Convention Center Upper Level

The Release Team Shadow Program Mentoring For The Future pdf

Experience Level Any
Session Slides Included Yes

10:55am PST

The Release Team Shadow Program - Mentoring For the Future - Guinevere Saenger, GitHub & Lachlan Evenson, Microsoft

Each Kubernetes release is guided by a team of specialist community members to shepherd the process and to culminate in a new release of the world’s most popular container orchestration tool. After Release Day, the team members update some docs, and then disband to re-focus their efforts elsewhere in the project, giving room to others to fill their former roles. But have you ever wondered how the Kubernetes Release Team gets formed in the first place? Come to this talk to find out how YOU could be part of a future Kubernetes Release Team! This talk will discuss the purpose and implementation of the Kubernetes Release Team Shadow Program, give examples of success and areas of growth, and may help you decide if this is an area where you would like to start your journey as a Kubernetes contributor.

Speakers

Lachie Evenson

Principal Program Manager, Microsoft

Guinevere Saenger

Software Engineer, GitHub

Guinevere Saenger was a part of Ada Developers Academy Cohort 6, transitioning into tech from being a full-time professional pianist. Two years after graduating, Guinevere writes deployment automation tooling on the Moda platform at GitHub, and keeps GitHub’s Kubernetes infrastructure... Read More →

Tuesday November 19, 2019 10:55am - 11:30am PST
Room 6E - San Diego Convention Center Upper Level

Experience Level Any
Session Slides Included Yes

10:55am PST

Low Latency Multi-cluster Kubernetes Networking in AWS - Paul Fisher, Lyft

Lyft is migrating their entire service stack of hundreds of microservices to Kubernetes on AWS. A critical component to Lyft’s successful migration is their open source set of CNI plugins which implement a simple, fast, and low latency networking stack tying together multiple Kubernetes clusters into a flat network within AWS Virtual Private Clouds. Paul’s talk takes a deep dive into the design and implementation of Lyft’s multi-cluster Kubernetes platform from a network-centric perspective, including Envoy mesh integration and performance characteristics.

Speakers

Paul Fisher

Software Engineer, Lyft

Paul Fisher works on all things infrastructure related at Lyft, from monitoring software to the service provisioning stack. He’s currently leading the Lyft migration to Kubernetes. Paul tends toward work that lies at the intersection of systems programming and scale. He's previously... Read More →

Kubecon Lyft CNI 2019 pdf

Tuesday November 19, 2019 10:55am - 11:30am PST
Room 28ABCDE - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

10:55am PST

Blazin’ Fast PromQL - Tom Wilkie, Grafana Labs

PromQL, the Prometheus Query Language, is a concise, powerful and increasingly popular language for querying time series data. But PromQL queries can take a long time when they have to consider >100k series and months of data. Even with Prometheus’ compression, a 90 day query over 200k series can touch ~100GB of data.

In this talk we will present a series of techniques employed by Cortex (a CNCF project for clustered Prometheus) for accelerating PromQL queries -- namely query results caching, time slice parallelisation, aggregation sharding and automatic recoding rule substitutions.

But there’s more: we will show how you can use this technology to get these improvements with Thanos and Prometheus. Finally, we will cover optimisations to the PromQL engine by the Cortex team, and how these have already been merged upstream to benefit the whole community.

Speakers

Tom Wilkie

VP Product, Grafana Labs

Tom is VP Product at Grafana Labs, but really he is a software engineer. Tom is a maintainer on the Prometheus project and a maintainer and the original author of Cortex, both CNCF projects. Previously Tom founded Kausal, a company working on Prometheus, and worked at companies such... Read More →

2019 11 Blazin' Fast PromQL pdf

Tuesday November 19, 2019 10:55am - 11:30am PST
Room 11AB - San Diego Convention Center Upper Level

Experience Level Advanced (Expert level experience)

10:55am PST

Making the Most Out of Kubernetes Audit Logs - Laurent Bernaille & Robert Boll, Datadog

The Kubernetes audit logs are a rich source of information: all of the calls made to the API server are stored, along with additional metadata such as usernames, timings, and source IPs. They help to answer questions such as “What is overloading my control plane?” or “Which sequence of events led to this problematic situation?”. These questions are hard to answer otherwise—especially in large clusters. At Datadog, we have been running clusters with 1000+ nodes for more than a year and during that time, the audit logs have proved invaluable.

In this talk, we will first introduce the audit logs, explain how they are configured, and review the type of data they store. We will then demo a functioning setup and show a few different types of analysis techniques. Finally, we will describe in detail several scenarios where they have helped us to diagnose complex problems.

Speakers

Laurent Bernaille

Staff Engineer, Datadog

Laurent Bernaille worked several years as a consultant specializing in cloud, containers, and automation and helped organizations migrate to the public cloud and adopt containers. He is now Principal Engineer at Datadog and works closely with infrastructure teams, which are responsible... Read More →

Robert Boll

Senior Director of Engineering, Datadog

Making the Most out of Kubernetes Audit Logs pdf

Tuesday November 19, 2019 10:55am - 11:30am PST
Room 6C - San Diego Convention Center Upper Level

The Devil in the Details Kubernetes’ First Security Assessment updated pdf

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

10:55am PST

The Devil in the Details: Kubernetes’ First Security Assessment - Aaron Small, Google & Jay Beale, InGuardians

In October of last year, the Kubernetes project created a new Security Audit working group and began Kubernetes’ first comprehensive third-party security assessment. In the months that followed, we worked closely with Trail of Bits and Atredis Partners to assess and improve Kubernetes’ security posture. Through code review and penetration testing, we found and addressed 37 new vulnerabilities. With support from many Kubernetes contributors, the third party security firms and Kubernetes project produced a formal threat model covering eight critical components across six different trust zones. In this talk, we will share our findings, methodology, and vision for future security investments. We’ll discuss what the work uncovered, and what this means to Kubernetes security both now and for the future.

Speakers

Aaron Small

Product Manager, Google

Jay Beale

CEO and CTO, InGuardians

Jay Beale is CTO and CEO for InGuardians. He works on Kubernetes, Linux and Cloud-Native security, both as a professional threat actor and an Open Source maintainer and contributor. He's the architect of the open source Peirates attack tool for Kubernetes and Bustakube CTF Kubernetes... Read More →

Tuesday November 19, 2019 10:55am - 11:30am PST
Room 16AB - San Diego Convention Center Mezzanine Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

10:55am PST

Service Mesh: There and Back Again - Hema Lee & Cody Vandermyn, Nordstrom

You might have heard about service mesh and its amazing benefits. Maybe you believe it’s the next big thing, but will it truly meet expectations? As any start to a relationship, things look fun and easy but once we talk performance at scale, compliance with internal security policies, and seamless onboarding, you might reconsider taking it home to meet your parents!

With a highly distributed system that includes services running on Kubernetes clusters along with VM and Serverless workloads, vanilla service mesh would not work for us. In this talk, Hema & Cody will cover how Nordstrom’s relationship with service mesh evolved, what initial results revealed, what surprised us, and the open source contributions and adaptations we made to get to production readiness. We will share lessons learned and hopefully help with your service mesh relationship.

Speakers

Hema Lee

Senior Software Engineer, Nordstrom

Hema is a Senior Engineer at Nordstrom and a member of the Engineering Platform organization. Currently, she's deep in the world of securing service to service communications across all of Nordstrom's compute infrastructure. Previously, her work spanned developing components for distributed... Read More →

Cody Vandermyn

Sr. Software Engineer, Nordstrom

Cody Vandermyn works as a Senior Engineer at Nordstrom. He is an active contributor to open source including the Linkerd project. As an avid software geek, Cody enjoys building cloud native applications using new technology, ensuring they are easy to maintain and educating others... Read More →

TACO KubeCon19 pdf

Tuesday November 19, 2019 10:55am - 11:30am PST
Ballroom Sec 20CD - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

10:55am PST

Beyond Storage Management - Andrew Large & Yinan Li, Google

Kubernetes added alpha support for persistent volume snapshotting in 1.12 through the Container Storage Interface (CSI). While having some limitations, this feature is critical to stateful workloads and serves as one of the building blocks for developing advanced, enterprise-grade capabilities around data protection.
This talk provides an overview of standard enterprise data protection policies and practices and discusses how those might map into Kubernetes. We’ll discuss the full scope of what data protection might look like in Kubernetes and considerations that go into building an enterprise-grade data protection solution, placing the volume snapshot work in a larger context, and propose some explicit potential future standards activities.

Speakers

Yinan Li

Software Engineer, Google

Yinan Li is currently a Software Engineer at Google. He focuses on work that enriches Kubernetes with enterprise-grade data management capabilities and work that enables large-scale data processing on Kubernetes, including the Kubernetes scheduler backend for Apache Spark. Yinan is... Read More →

Andrew Large

Software Engineer, Google

Andrew Large is currently a software engineer at Google. He focuses on work that enriches Kubernetes with enterprise-grade data management capabilities in hybrid and multi-cloud environments. Prior to Google, Andrew led the cloud analytics teaocsm at Tintri - an enterprise storage... Read More →

Beyond Storage Management pdf

Tuesday November 19, 2019 10:55am - 11:30am PST
Room 15AB - San Diego Convention Center Mezzanine Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

11:50am PST

eBay Search On K8s - Mohnish Kodnani & Yashwanth Vempati, eBay

eBay currently has billions of items available for search. The search engine at any given time can get around 100K’s of queries per second for search within this inventory.
In order to support this scale of traffic and the size of the inventory we need thousands of servers. The inventory is sharded and then replicated across these servers to handle the traffic. In this talk we will go through how we migrated the application to kubernetes and its deployment architecture while meeting some of the business requirements for resiliency and availability. We will also go through our index distribution architecture that leverages kubernetes principles. At the end we will also share our challenges and learnings while deploying the application on kubernetes.

Speakers

Mohnish Kodnani

Sr MTS, Software Engineer, eBay

Mohnish works on eBay Search Engine’s Indexing and Data Acquisition domains. He is currently in-charge of migrating the Search Engine’s deployment on top of k8s. In his spare time he loves to travel, rock climb and spend time with his 5 year old son.

Yashwanth Vempati

MTS 1,Software Engineer, eBay

Yashwanth is a passionate engineer interested in solving complex business problems. Right now he is working on moving majority of traditional application into cloud native. He is also working on storing data from kubernetes clusters and use them for monitoring and machine learning... Read More →

ebay search on k8s pdf

Tuesday November 19, 2019 11:50am - 12:25pm PST
Room 6C - San Diego Convention Center Upper Level

Scaling resilient systems A journey into Slack's database service pdf

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

11:50am PST

Scaling Resilient Systems: A Journey into Slack's Database Service - Rafael Chacon & Guido Iaquinti, Slack

Monitoring and observability are important concepts, especially in complex and distributed systems. Redundancy and defensive programming are important as well, but sometimes they are not enough. Designing systems to minimize the blast radius when the unexpected happens is often the key.

In this talk, Rafael and Guido will share an overview about how Slack designed, built, scaled and then iterated to improve its distributed database service based on top of Vitess, now a CNCF project. The Databases team at Slack scaled a Vitess cluster from 0 to spikes of 2.7 Million queries per second. This journey has taught us how to operate a database cluster with more than 2000 nodes and expecting to growth to more than 3500 in the next 12 months.

Speakers

Guido Iaquinti

Site Reliability Engineer, Freelance

Guido is a system engineer with academic background and experience in high volume/high availability Internet architectures. He is a technology enthusiast excited about open source software. His passion is to develop, scale and automate complex systems.

Rafael Chacon

Engineer, Slack

Rafael Chacon is a Staff Software Engineer on the infrastructure team at Slack, where he is working on the MySQL database layer on top of Vitess. Rafael has been part of the team that has migrated more than 30% of Slack database traffic from MySQL to Vitess. He is also now a core... Read More →

Tuesday November 19, 2019 11:50am - 12:25pm PST
Ballroom Sec 20AB - San Diego Convention Center Upper Level

Applying Policy Throughout The Application Lifecycle with Open Policy Agent pdf

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

11:50am PST

Applying Policy Throughout The Application Lifecycle with Open Policy Agent - Gareth Rushgrove, Snyk

Open Policy Agent is built to be used as a library in other tools and there are already several open source projects using OPA as generic policy engine. This is powerful because it allows end users to invest in one use case, and reuse some of the same knowledge and tools, especially the Rego data assertion language, to solve other adjacent problems.

In this talk we will look at applying Open Policy Agent tools throughout the application lifecycle. We’ll explore:

* Writing unit tests for Kubernetes configuration (and Helm charts) using Conftest
* Defining a CI pipeline in code, and testing that using OPA
* Gating deployments to the cluster using Gatekeeper
* Auditing the cluster for security best practices, by porting the Kubesec ruleset to Rego
* Porting pod security policies to OPA
* Writing unit tests for the Rego policy code we wrote above

Speakers

Gareth Rushgrove

VP Product, Snyk

Gareth Rushgrove is VP of Product at Snyk, working remotely from Cambridge, UK, helping to build interesting tools for people to better secure their applications. He has previously worked for the UK Government Digital Service focused on infrastructure, operations and information security... Read More →

Tuesday November 19, 2019 11:50am - 12:25pm PST
Room 29ABCD - San Diego Convention Center Upper Level

CI/CD

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

11:50am PST

Panel: What’s Essential in an OSS Project Launch Playbook? - Betty Junod, Solo.io; Jian He, Alibaba; Karen Chu, Matt Butcher, & Ronan Flynn-Curran, Microsoft

Creating/developing a new OSS project is hard as is, but how can you go about successfully sharing your project with the community once you’re ready?

Collectively, this panel has launched/worked on multiple open source projects such as Helm, OpenKruise, CNAB, Docker, Gloo & Service Mesh Interface. From their experience, they've identified elements essential to any open source project launch, no matter how small/big your project is.

In this panel, they'll discuss what should be in an OSS project launch playbook:
• Infrastructure: tools needed to create a public space for your project
• Communications: techniques for setting a tone, creating a brand & spreading the word
• Governance: what you need to create a protected but open space for your community
• Goal: purpose of open sourcing your project, rules of engagement
• Community: what you need to plan to grow, cultivate & engage members

Speakers

Matt Butcher

Principal Software Development Engineer, Microsoft Azure

Karen Chu

Community PM, Microsoft

Karen Chu is a Community PM on the Microsoft Azure Container Compute Upstream team with a focus on open source tools such as Helm, CNAB, Brigade, CNAB, and more. She is a CNCF Ambassador, meet-up organizer, and conference organizer. She has also worked The Illustrated Children’s... Read More →

Jian He

Staff Engineer, Alibaba

Jian He is a Staff Engineer at Alibaba where he works on container infrastructure to support Alibaba ecosystem. Prior to that, he worked at Hortonworks where he mainly works on Hadoop and is a Hadoop committer and PMC member. Jian He graduated from Brown University in Computer Sc... Read More →

Betty Junod

VP of Marketing, Solo.io

Betty Junod is the VP of Marketing at Solo.io focused on open source and commercial software tools in the Service Mesh and Kubernetes ecosystem including Gloo, SuperGloo, GlooShot, Squash and Service Mesh Hub. Previously Betty led product and partner marketing at Docker, the container... Read More →

Ronan Flynn-Curran

Designer/Software Engineer, Microsoft

Ronan is a designer and developer who brands, builds and works to boost open source projects at Microsoft Azure. He works within the Deis Labs team, whose goal is to make container-based developer tools accessible and friendly to all. Day-to-day he works on making sites, identity... Read More →

Tuesday November 19, 2019 11:50am - 12:25pm PST
Room 7AB - San Diego Convention Center Upper Level

TEE based KMS plugin for encryption of kubernetes secrets pdf

Experience Level Intermediate (Mid-level experience)

11:50am PST

Hardware-based KMS Plug-in to Protect Secrets in Kubernetes - Raghu Yeluri & Haidong Xia, Intel

Secrets are a key pillar of K8S security, and K8S 1.10+ enhanced the protection of secrets at-rest in the etcd, with support for an external KMS (via KMS plug-ins), and supporting envelope encryption. However, the secret encryption keys (DEKs/KEK) are in the clear in memory of the K8S Master in the KMS plug-ins (during execution). An attacker with privilege access to k8S master node/host, can read the keys from memory, access secrets, compromising data & k8s cluster. This session proposes a solution (with a quick demo) to add a new KMS plug-in that leverages hardware based TEE (Trusted execution environment – like Intel SGX) to ensure that the keys, and the encryption of the secrets, are protected by the CPU on the master, addressing the threat vector mentioned. It enumerates multiple options for the integration with KMS, articulating the the trade-offs of the approaches.

Speakers

Raghu Yeluri

Sr. Principal Engineer, Intel

Raghu Yeluri is a Sr. Principal Engineer and lead Security Architect in the Data Center Group at Intel Corporation with focus on confidential compute in cloud native, containerized deployments leveraging hardware-based security. In this role, he drives security solution architecture... Read More →

Haidong Xia

Sr. Solutions Architect, Intel

Haidong is a Sr. security solution architect in Data Center Group at Intel Corporation. He is also a seasoned developer working on Kubernetes/container security, OpenStack integration of h/w security features and controls, and micro-service/cloud native architecture development. He... Read More →

Tuesday November 19, 2019 11:50am - 12:25pm PST
Room 6E - San Diego Convention Center Upper Level

Enabling Kubeflow with Enterprise Grade Auth for On Premise Deployments pdf

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

11:50am PST

Enabling Kubeflow with Enterprise-Grade Auth for On-Prem Deployments - Yannis Zarkadas, Arrikto & Krishna Durai, Cisco

Kubeflow is an open source machine learning platform built on Kubernetes. Every service in Kubeflow is implemented either as a Custom Resource Definition (CRD) (e.g., TensorFlow Job) or as a standalone service (e.g., Kubeflow Pipelines).

As enterprises start to adopt Kubeflow, the need for access control, authentication, and authorization is emerging. An enterprise-grade solution to authenticate and authorize on two API layers: Kubernetes APIs and Kubeflow’s stand-alone services APIs. For better adoption, the solution should also integrate seamlessly with existing user management solutions in enterprises, such as LDAP or Active Directory (AD).

We present how we combined open-source, cloud-native technologies to design and implement a flexible, modular solution for enterprise authentication and authorization in Kubeflow. The talk will include a live demo.

Speakers

Yannis Zarkadas

Software Engineer, Arrikto

Yannis is a software engineer at Arrikto, working with Kubeflow and the Kubernetes sig-storage group. He loves contributing to open source projects and has authored the Cassandra Operator in Rook and the official Scylla Operator, which he is currently maintaining.

Krishna Durai

Software Engineer, Cisco

Krishna is a software engineer at Cisco, Bangalore and is a contributor to the Kubeflow open-source project. He has been designing and engineering AI platforms in enterprise domains like healthcare.

Enabling Kubeflow with Enterprise Grade Auth for On Premise Deployments pptx

Tuesday November 19, 2019 11:50am - 12:25pm PST
Room 16AB - San Diego Convention Center Mezzanine Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

11:50am PST

Cortex 101: Horizontally Scalable Long Term Storage for Prometheus - Chris Marchbanks, Splunk

Cortex provides horizontally scalable, highly available, multi-tenant, long term storage for Prometheus metrics, and a horizontally scalable, Prometheus-compatible query API. Cortex allows users to deploy a centralised, globally aggregated view of all their Prometheus instances, storing data indefinitely. In this talk we will discuss Cortex's history, Cortex's architecture, and how to get started with Cortex. Cortex is a CNCF sandbox project.

Speakers

Chris Marchbanks

Senior Software Engineer, Splunk

Chris is a Software Engineer at Splunk where he delivers observability for teams working on multiple internal Kubernetes clusters. He is a team member for two CNCF projects, Prometheus and Cortex. Outside of work, Chris enjoys skiing uphill in the mountains of Colorado.

cortex 101 pdf

Tuesday November 19, 2019 11:50am - 12:25pm PST
Room 15AB - San Diego Convention Center Mezzanine Level

Five things you didn’t know you could do with SPIFFE and SPIRE pdf

Experience Level Any
Session Slides Included Yes

11:50am PST

Five Things You Didn’t Know You Could Do with SPIFFE and SPIRE - Andrew Jessup & Andrés Vega, Scytale

Zero Trust networking and secure authentication are hot topics in security team meetings all over the world. But how do you actually get started? The open-source SPIFFE and SPIRE projects are your foundation for building ridiculously secure software, even between multiple clouds and clusters.

In this talk, we will guide you through five practical applications with the open-source SPIFFE and SPIRE projects, including automatic authentication and mutual TLS encryption between:

workloads on two different clouds,
a workload in a virtual machine and an Istio cluster,
a container in a Google Container Engine cluster and Amazon Web Services
a workload in a Kubernetes cluster and a MySQL database
a workload in a Kubernetes cluster and a Hashicorp Vault cluster
a workload in a Kubernetes cluster and an API gateway

And we’ll do all of this without any annoying passwords, API keys, or secrets.

This talk focuses on real, practical examples of the SPIFFE and SPIRE projects. It assumes no prior knowledge of them, though some passing familiarity with Kubernetes will be helpful.

Speakers

Andrew Jessup

Recovering Engineer, Scytale

I'm head of product at Scytale, where we're redefining Privileged Access Management for a multi-cloud, micro-services driven world. A significant part of that vision is working to drive the SPIFFE and SPIRE projects to help organisations securely connect un-trusted systems.

Andres Vega

Founder, M42

Tuesday November 19, 2019 11:50am - 12:25pm PST
Room 31ABC - San Diego Convention Center Upper Level

Experience Level Beginner (Very basic information)
Session Slides Included Yes

11:50am PST

How to Migrate a MySQL Database to Vitess - Sugu Sougoumarane & Morgan Tocker, PlanetScale

Vitess is a cloud-native storage solution that can scale indefinitely. This session will cover a high level overview of all the Vitess features, the architecture, and what database workloads are a good fit. We will then walk through a demo of live-migrating an existing MySQL installation into Vitess. Because Vitess also speaks the MySQL protocol, it is easy to retrofit scaling into your existing database systems.

Speakers

Sugu Sougoumarane

CTO, Planetscale, Inc.

Sugu is the co-creator of Vitess, and has been working on it since 2010. Prior to Vitess, Sugu worked on scalability at YouTube and was also part of PayPal in the early days. His recent interest is in distributed systems and consensus algorithms. He occasionally shares his thoughts... Read More →

Morgan Tocker

Community Development Manager, Planetscale, Inc.

Migrating MySQL to Vitess@SanDiego (1) pdf

Tuesday November 19, 2019 11:50am - 12:25pm PST
Room 6D - San Diego Convention Center Upper Level

Experience Level Any
Session Slides Included Yes

11:50am PST

Intro to Cloud Native Buildpacks - Terence Lee, Heroku & Emily Casey, Pivotal

You're great at running containers but you shouldn't have to be great at building them. In this talk, you'll learn about Cloud Native Buildpacks, a higher-level abstraction for building apps compared to Dockerfiles. Buildpacks are a standardized tool for creating images in a secure, reproducible, and efficient manner. As an app developer, you don't need to know best practices around ordering commands for layer reuse. As an operator, you don't need to worry about exposing developers to the responsibilities that come with Dockerfile. Come learn how buildpacks meet developers at their source code, automate the delivery of both OS-level and application-level dependency upgrades, and help you efficiently handle day-2 app operations

Speakers

Emily Casey

Cloud Native Buildpacks Lead Engineer, Pivotal

Terence Lee

Build & Languages Architect, Heroku/Salesforce

Terence leads Heroku’s Ruby Task Force curating the Ruby experience on the platform. He's worked on some OSS projects such as Ruby (the language), mruby, Bundler, Resque, as well as helping with the Rails Girls movement. When he’s not going to an awesome Heroku/Tech event he lives... Read More →

Tuesday November 19, 2019 11:50am - 12:25pm PST
Room 14AB - San Diego Convention Center Mezzanine Level

Experience Level Any
Session Slides Included Yes

11:50am PST

Intro to SIG Service Catalog - Jonathan Berkhahn, IBM & Mateusz Szostok, SAP

This is an introduction to the Kubernetes Service Catalog extension project. Service Catalog lets you provision cloud services directly from the comfort of native Kubernetes tooling, regardless of where the service is actually hosted. Service Catalog is a Kubernetes implementation of the Open Service Broker API, an open standard to provision and manage cloud services. Come learn how you can use Service Catalog to access third-party services from your Kubernetes applications or to offer your service to Kubernetes users. We will walk through provisioning a relational database through Service Catalog and and then connect to it from an application running on Kubernetes.

Speakers

Jonathan Berkhahn

Senior Software ENgineer, IBM

Jonathan is a member of the steering committee of Operator Framework, and a maintainer of Operator SDK. He's worked in the past on various open technologies in the cloud platform space, including Kubernetes and Cloud Foundry. His passions in open source include behavior driven development... Read More →

Mateusz Szostok

Senior Software Engineer, SAP

Mateusz Szostok works at SAP in an open-source project called Kyma. He is one of the co-chairs of the Service Catalog SIG. He specializes in such domains as Service Catalog, Brokers, and Controllers. Currently, he is in charge of the task to replace the Aggregated API Server with... Read More →

ServiceCatalog Intro KubeCon NA 2019 pdf

Tuesday November 19, 2019 11:50am - 12:25pm PST
Room 32AB - San Diego Convention Center Upper Level

Experience Level Any
Session Slides Included Yes

11:50am PST

Intro: Contributor Experience SIG - Elsie Phillips, Red Hat & Paris Pittman, Google

In this 30 minute session, we will explore the projects we have been working on with Contributor Experience and the future work we have on deck. We will provide an update to the following projects and have information on how to get involved.

Speakers

Paris Pittman

Kubernetes OSS Strategy, Google

Paris is a Developer Relations Program Manager on Google Cloud's Open Source Strategy team focusing on the Kubernetes Community. She is a co-chair of the special interest group for Contributor Experience and an organizer of Bay Area Kubernetes Meetup with 4,000 members. She has 14... Read More →

Elsie Phillips

Product Marketing Manager, Red Hat

Tuesday November 19, 2019 11:50am - 12:25pm PST
Room 23BC - San Diego Convention Center Upper Level

Experience Level Any

11:50am PST

Intro: Flux - Stefan Prodan & Alexis Richardson, Weaveworks

In this session, we will introduce the basics of Flux and its Helm Operator sub-project. Flux is an open source operator that makes GitOps happen in your cluster. It automatically ensures that the state of your Kubernetes cluster matches the configuration you’ve supplied in Git. We will explore the GitOps methodology and talk about the benefits of using Flux to do Kubernetes cluster management and application delivery. We shall compare Flux with other approaches like Spinnaker and talk about the differences between CiOps and GitOps. Flux joined CNCF in August 2019 as a sandbox project.

Speakers

Alexis Richardson

CEO & Founder, Weaveworks

Alexis is CEO and co-founder of Weaveworks, and was the first chair of the CNCF TOC. He is also known for popularising the terms and practices of GitOps.Previously, at Pivotal, as head of products for Spring, RabbitMQ, Redis and vFabric, he "rebooted" Spring and transitioned the... Read More →

Stefan Prodan

Principal Engineer, Weaveworks

Stefan is a Principal Engineer at Weaveworks and an open source contributor to cloud-native projects. He is the creator of Flagger the progressive delivery operator for Kubernetes, and a core maintainer of the CNCF's Flux project. Stefan has over 15 years of experience with software... Read More →

Tuesday November 19, 2019 11:50am - 12:25pm PST
Room 5AB - San Diego Convention Center Upper Level

Experience Level Any

11:50am PST

Introduction to CRI-O - Mrunal Patel & Peter Hunt, Red Hat, Inc.

You have a lot of complicated things to think about as a developer and Kubernetes admin. Your container runtime shouldn't be one of them. CRI-O is there to be your "no-worry" CRI option. Running distributed applications, even with kubernetes, is a challenging task, and ultimately a developer’s focus should be on providing value to their end-users. CRI-O is a container runtime designed to be secure and reliable and is developed exclusively for Kubernetes so that you can focus on what matters more. Join Mrunal Patel and Peter Hunt as they walk through the architecture and design of CRI-O and show you how to deploy and run with kubernetes, so you can choose it as your runtime, and promptly forget about it.

Speakers

Mrunal Patel

Senior Principal Software Engineer, Red Hat

Mrunal Patel is a Senior Principal Software Engineer at Red Hat working on containers for Openshift. He is a maintainer of runc/libcontainer and the OCI runtime specification. He started the CRI-O runtime. He is active across various projects in the kubernetes SIG Node. He has also... Read More →

Peter Hunt

Senior Software Engineer, Red Hat

Peter Hunt is a Senior Software Engineer working at Red Hat. Passionate about free software, Peter focuses on maintaining CRI-O, attending SIG node, and ~writing~ squashing bugs. Outside of the virtual world, Peter likes collecting floral-printed pants, gardening, and dancing.

kubecon 19 intro to CRI O pptx

Tuesday November 19, 2019 11:50am - 12:25pm PST
Room 33ABC - San Diego Convention Center Upper Level

Experience Level Any

11:50am PST

Introduction to Virtual Kubelet – Featuring Titus by Netflix - Ria Bhatia, Microsoft & Sargun Dhillon, Netflix

Virtual-kubelet can extend kubernetes in many interesting and unique ways. This talk will go through how providers are utilizing virtual-kubelet to extend Kubernetes either for their customers, or for the benefit of their platform. The talk will also go through how Netflix is using virtual-kubelet to aid in integration with their existing architecture. Virtual-kubelet is able to give them the best of both worlds. Netflix has been able to leverage the Kubernetes API Server and the controllers as a mechanism to accelerate their control plane, whilst being able to use their existing containerization and isolation technology that’s been in development under the guise of the Titus (https://medium.com/netflix-techblog/the-evolution-of-container-usage-at-netflix-3abfc096781b) project since December 2015. The flexibility of the project, has allowed them to introduce new southbound, and northbound concepts to their product, which is enabling greater efficiency, and scalability.

Speakers

Ria Bhatia

Program Manager, Independent

Ria Bhatia was a Program Manager for Upstream Azure Compute within Microsoft. She's been working with the community on different ways to scale in Kubernetes and operate Kubernetes. She actively maintains Virtual Kubelet and has spoken at multiple meetups and conferences, including... Read More →

Sargun Dhillon

Senior Software Engineer, Netflix

Sargun Dhillon is a software engineer. He's been working in the container ecosystem for a number of years, ranging from projects like LXC to Mesos. He currently works on the Netflix container platform, Titus as a member of the agent team.

Tuesday November 19, 2019 11:50am - 12:25pm PST
Room 6F - San Diego Convention Center Upper Level

Experience Level Any

11:50am PST

Rethinking the K8s DNS for the Modern Enterprise - Deepa Kalani & Venil Noronha, VMware

The Domain Name System (DNS) is the component that provides the most vital piece of information for one to locate and communicate with services running in a Kubernetes cluster. This technology provides a set of features for name resolution, service discovery, metrics collection, query tracing, etc. However, this is only sufficient to satisfy the requirements of traditional workloads, and modern enterprises demand more.

In this talk, we will discuss the state-of-the-art in the modern enterprise in the context of the Kubernetes DNS. We will present use-cases like extensive aliasing, multi-tenancy, security, etc. that stretch the capabilities of currently available DNS solutions like CoreDNS, Kube-DNS, etc. We will then examine possible approaches to solve these challenges and see where these technologies fall short and how they could be improved.

Speakers

Deepa Kalani

Staff Engineer 2, VMware

Deepa Kalani is a Staff Engineer at VMWare, responsible for development of service mesh technologies with a focus on Istio and Envoy integrations for the enterprise. Prior to VMware, Deepa held various engineering roles at PLUMgrid and Cisco Systems.

Venil Noronha

Sr. Member of Technical Staff, VMware, Inc.

Venil Noronha is an engineer with the Tanzu Service Mesh team at VMware. He also contributes upstream to open source projects in the service mesh domain, like Istio and Envoy proxy. In the past, he has contributed to several open source projects including Kubernetes, Spring, and... Read More →

Rethinking the K8s DNS for the Modern Enterprise pdf

Tuesday November 19, 2019 11:50am - 12:25pm PST
Room 30ABCDE - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

11:50am PST

No-Nonsense Observability Improvement - Cory Watson, SignalFx

Observability has gone from a thing you read about on Twitter or Medium thinkpieces to something your organization “has”. Maybe you’ve got a few new observability tools deployed. How is that working out for you?

Regardless of your adoption level – from logs on local boxes up to the highest cardinality traces and feature analysis – at the end of the day these are tools, not magic spells. How do you teach, train, use, evangelize, and measure the impact they have in your organization?

Cory has been a part of solo and large observability teams, in-house and vendor, and worked with dozens of companies. In this session he’ll explain some no-nonsense, tool agnostic methods for wringing more value out of what you have, identifying when to use new tools, how to handle migrations, how to measure value, and how to deal with “why does this cost so much?”

Speakers

Cory Watson

Technical Director, SignalFx

Cory Watson is Director of Technology at SignalFx, leading high impact, customer-focused projects around observability and monitoring. Cory started his journey as an SRE at Twitter, and continued on to found the observability team at Stripe. He is a strong voice in the observability... Read More →

No Nonsense Observability Improvement pdf

Tuesday November 19, 2019 11:50am - 12:25pm PST
Room 17AB - San Diego Convention Center Mezzanine Level

KubeCon NA 2019 Take Envoy beyond a K8s service mesh pdf

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

11:50am PST

Take Envoy Beyond a K8s Service Mesh - to Legacy Bare Metal and VMs + More - Steve Sloka & Steven Wong, VMware

Envoy’s mission is to extract network and communication security code from applications in a way that developers and users can deploy components that just work no matter where they run or what hosts them.

This session will show how to leverage Envoy to achieve interoperation of applications and services, split across Kubernetes and traditional VM or bare metal hosts. We’ll look at how to incrementally bring Kubernetes into an existing application architecture based on existing VM or bare metal applications and services.

Specific examples will demonstrate:
- Using Contour with Envoy as an Ingress and load balancer solution with a richer feature set than some common alternatives
- Sending requests from VM workloads to Kubernetes services
- Direct requests to services running on a VM from Kubernetes
- Dynamical traffic steering - K8s and VM workloads at the same time

Speakers

Steven Wong

Staff Engineer, VMware

Steve Wong has been active in the Kubernetes community since 2015. He is a co chair of the CNCF Working Group. Steve is co-chair of the VMware User Group on the Kubernetes project. He has implemented industrial control systems for many factories, pipelines, and process control systems... Read More →

Steve Sloka

Sr. Member of Technical Staff, VMware

Steve Sloka is a Sr. Member of Technical Staff at VMware based in Pittsburgh, PA dealing with all things Cloud, Containers, and Kubernetes. Steve is a maintainer of Contour & Gimbal and is a contributor to many other open source projects. Steve is also a Kubernetes contributor and... Read More →

Tuesday November 19, 2019 11:50am - 12:25pm PST
Room 28ABCDE - San Diego Convention Center Upper Level

Experience Level Beginner (Very basic information)
Session Slides Included Yes

11:50am PST

CAP_NET_RAW and ARP Spoofing in Your Cluster: It's Going Downhill From Here - Liz Rice, Aqua Security

Did you know that by default, your applications running in Kubernetes can open raw network sockets? This talk demonstrates how, in the right circumstances, the CAP_NET_RAW capability that allows this can be abused by a compromised application.

* ARP spoofing: pretending to represent the wrong IP address
* If the app can ARP spoof the IP address of the DNS service, this potentially lets it spoof DNS addresses: pretending to represent the wrong domain name

Sounds bad, doesn't it?

These attacks, and their consequences, will be demonstrated live, along with preventative measures that you can take to ensure they aren't happening on your cluster.

This talk explains CAP_NET_RAW and spoofing, but the audience is expected to be comfortable with Kubernetes concepts like pod specs and admission controllers.

Speakers

Liz Rice

Chief Open Source Officer, Isovalent

Liz Rice is Chief Open Source Officer with eBPF specialists Isovalent, creators of the Cilium project. She was chair of the CNCF's Technical Oversight Committee 2019-2022, and Co-Chair of KubeCon + CloudNativeCon in 2018. She is also the author of O'Reilly books "Learning eBPF" and... Read More →

ARP DNS spoof pdf

Tuesday November 19, 2019 11:50am - 12:25pm PST
Room 11AB - San Diego Convention Center Upper Level

Kubecon U.S Air Force Chief Software Officer Keynote v1.3 no video pptx

Experience Level Advanced (Expert level experience)
Session Slides Included Yes

11:50am PST

How the Department of Defense Moved to Kubernetes and Istio - Nicolas Chaillan, Department of Defense

This session will showcase the DoD Enterprise DevSecOps initiative and its architecture. It describes how the Department of Defense is securing OCI compliant containers, moving to Kubernetes and Istio, ensuring abstraction and scale across hundreds of environments, including Clouds, on-premise and classified environments. It will particularly focus on the sidecar security stack leveraging Envoy and sidecar containers to ensure zero trust security and baked-in multi-layer security.

Speakers

Nicolas Chaillan

Chief Software Officer, U.S. Air Force, USAF

Mr. Nicolas Chaillan, a highly qualified expert, is appointed as the first Air Force Chief Software Officer, under Dr. William Roper, the Assistant Secretary of the Air Force for Acquisition, Technology and Logistics, Arlington, Virginia. He is also the co-lead for the Department... Read More →

Tuesday November 19, 2019 11:50am - 12:25pm PST
Ballroom Sec 20CD - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

11:50am PST

Building Blocks: How Raw Block PVs Changed the Way We Look at Storage - Jose A. Rivera & Rohan Gupta, Red Hat

Raw block PersistentVolumes (PVs) allow applications to consume storage in a new way. In particular, Rook-Ceph now makes use of them to provide the backing store for its clustered storage in a more Kubernetes-like fashion and with improved security. Now we can rethink the notion of how we structure our storage clusters, moving the focus away from static nodes and basing them on more dynamic, resilient devices.

This talk will go over how we incorporated raw block PVs, how the operator manages them, and how we can now define storage cluster. It will also include a demo of the resiliency of these new types of devices. By the end of the talk, you'll not only know how to use raw block PVs but also why and when to use them.

Speakers

Jose A. Rivera

Senior Software Engineer, Red Hat

Jose Rivera is a Senior Software Engineer at Red Hat. He's worked in and around storage for over 10 years, with experiences spanning across multiple networked and software-defined storage projects such as Samba (SMB) and GlusterFS. Currently he works on OpenShift Container Storage... Read More →

Rohan Gupta

Software Engineer, Red Hat

Rohan Gupta currently serves as Software Engineer at Red Hat. He is in the Storage Team, and he works primarily on Rook-Ceph.

Building Blocks KubeCon NA 2019 pdf

Tuesday November 19, 2019 11:50am - 12:25pm PST
Room 1AB - San Diego Convention Center Upper Level

Experience Level Beginner (Very basic information)
Session Slides Included Yes

12:25pm PST

Attendee Headshots, sponsored by Codefresh (Reservation Required; Link in Description)

Get ready for your close up! We are proud to offer a limited number of complimentary headshots to attendees that are looking to spruce up their resume or LinkedIn profile. A reservation is required.
Thank you to our sponsor, Codefresh!

Tuesday November 19, 2019 12:25pm - 2:25pm PST
Room 21 - San Diego Convention Center Upper Level

1:15pm PST

Chair Yoga (RSVP Required)

Need to take a break and stretch after your session? Join one of our chair-yoga classes! Chair Yoga is a great way to reset without having to leave your seat. Just a quick 30-minute session focused on movement and flexibility is enough to revitalize meetings and event participants. All levels of fitness can benefit from chair yoga including those with disabilities or mobility issues.
Space is limited. Please sign up through the attached Google Form.

Tuesday November 19, 2019 1:15pm - 1:45pm PST
23A - San Diego Convention Center Upper Level

Experience Level Any

2:25pm PST

A Peek Inside the Enterprise Cloud at Salesforce - Xiao Zhou & Thomas Hargrove, Salesforce

This talk offers a peek inside the enterprise cloud infrastructure at Salesforce. Kubernetes is open source software which is becoming the de facto standard for running services as scale.
Enterprise data centers are aiming to be closely managed and very secure. At Salesforce, we are bringing these two together. We are using Kubernetes to manage 2600+ hosts across 20+ private data centers. In this talk, we’ll be looking at the challenges and our approaches for using Kubernetes as the management software from several perspectives: Multi-tenants and self-serving, Management tooling, Security, Testing, Monitoring/alerting, also Visibility.

Speakers

Thomas Hargrove

Software Engineering Senior Director, Salesforce

Thomas is a Software Engineering Senior Director at Salesforce on the infrastructure engineering team. He helped build the hosted Kubernetes offering for Salesforce 1st party data centers with many enhancements around security, visibility and integration to internal systems. Before... Read More →

Xiao Zhou

Director Software Engineering, Salesforce

Xiao is a Software Engineering Director in Salesforce. She has about 10 years of experiences in the large scale and distributed computing area. Xiao has led numerous cloud native efforts and projects at Salesforce, and previously VMware. She is very passionate about improving quality... Read More →

A Peek inside the Enterprise Cloud pdf

Tuesday November 19, 2019 2:25pm - 3:00pm PST
Room 14AB - San Diego Convention Center Mezzanine Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

2:25pm PST

Running Istio and Kubernetes On-prem at Yahoo Scale - Suresh Visvanathan & Mrunmayi Dhume, Verizon

At Yahoo!, there are 18+ production grade Kubernetes(K8s) clusters and my team operates one of the largest on-prem K8s clusters handling 150K+ containers, 500+ applications and serving 1Million+ request per second. Mission critical Applications, such as Yahoo! Sports/Finance/Home are deployed and enabled by K8s/Istio platforms. The journey started 2 years ago as a ‘proof of concept’ with K8s and signing up for ‘early engagement program’ with Istio team to adopt Istio/Envoy to modernize our stack and move towards micro service architecture. During this journey, 1.Build Identity platform which provide unique identity for workloads 2.Enabled workload with sidecar envoy proxy and integrated with in-house Custom CA & RBAC for authN/Z 3. Build tools to manage both Istio & K8s cluster at scale.This talk will detail how K8s and Istio/Envoy used to deploy/secure/connect workloads @ Yahoo Scale.

Speakers

Suresh Visvanathan

Sr Architect, Verizon Media

Suresh Visvanathan, Sr Architect, has over 13 years of experience in IT and Software. Suresh’s current responsibilities include the architecture, vision, strategy and design of cloud platform as-a-service (PaaS). Suresh has been architecting solutions and building products around... Read More →

Mrunmayi Dhume

Principal Software Engineer, Verizon Media (Yahoo)

Mrunmayi Dhume is a Principal Software Engineer in the Core Infrastructure team at Verizon Media. She is part of the team responsible for providing L3/L4 routing solutions and leads the design and implementation of the routing layer and identity provider system components for Kubernetes... Read More →

K8s & Istio @ Yahoo pdf

Tuesday November 19, 2019 2:25pm - 3:00pm PST
Ballroom Sec 20AB - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

2:25pm PST

Managing Helm Deployments with Gitops at CERN - Ricardo Rocha, CERN

Kubernetes has taken a key role at CERN both for physics analysis and core IT services, simplifying and accelerating deployments and allowing a much higher rate of updates and upgrades.

This session will describe how helm is used for managing the description and configuration of the services. How CERN uses chartmuseum to maintain its private chart repositories, and how a custom plugin is used to manage secrets in the configuration, safely pushing encrypted payloads into git repositories. How a well defined structure of umbrella charts (sometimes referred to as meta charts) is used to define high level applications with complex dependencies, and how the notion of service variants and environments is exposed.

A demo will show the full gitops lifecycle for both production and canary deployments, relying on weave flux to quickly propagate changes to clusters.

Speakers

Ricardo Rocha

Computing Engineer, CERN

Ricardo is a Computing Engineer at CERN IT focusing on containerized deployments, networking and more recently machine learning platforms. He has led for several years the internal effort to transition services and workloads to use cloud native technologies, as well as dissemination... Read More →

Managing Helm Deployments with GitOPS at CERN pdf

Tuesday November 19, 2019 2:25pm - 3:00pm PST
Ballroom Sec 20CD - San Diego Convention Center Upper Level

CI/CD

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

2:25pm PST

Mental Health in Tech - Dr. Jennifer Akullian, Growth Coaching Institute

According to research by Open Sourcing Mental Illness, 51% of individuals working in the tech community have been identified with a mental illness. This is disproportionate to the 20% prevalence in the general population. To compound the concern, many working in the tech community are at risk for burnout, a condition that often resembles mental illness. While lots of people in tech struggle with mental health, industry-specific research and advocacy in the community is disproportionately inadequate.

For organizations, awareness and advocacy around employee mental health is crucial, after all, happy employees are more productive and less likely to leave their job. For employees who are struggling, it is important they know that they are not alone and there is help. This talk is focused on reducing the stigma around mental illness and expanding education and awareness into how to help yourself and others in your community. Jennifer will provide mental health background as she reviews the research pertaining to the tech community. Industry-specific burnout will be discussed and strategies for improving one’s experience or helping a friend or colleague will be examined.

Speakers

Dr. Jennifer Akullian

Founder | Psychologist, Growth Coaching Institute

Jen is a former psychologist, focusing her work in technology since 2015. Founder and Executive Coach at Growth Coaching Institute, much of her work focuses on cognitive health and managing industry-specific challenges and burnout, to allow motivated top performers to excel and find... Read More →

MentalHealthinTech Kubecon DrAkullian pdf

Tuesday November 19, 2019 2:25pm - 3:00pm PST
Room 6E - San Diego Convention Center Upper Level

Experience Level Any
Session Slides Included Yes

2:25pm PST

Russian Doll: Extending Containers with Nested Processes - Christie Wilson & Jason Hall, Google

Kubernetes extensibility has gone mainstream. From CRDs to admission controllers to custom schedulers, as a platform builder you have access to a powerful toolbox! But what about the humble Pod and its hardworking containers? What if you want to extend them? What tools are at your disposal?

In this talk you’ll learn how to extend a container by overriding its binary. This inventive approach is used by Prow (the CI/CD system that tests Kubernetes itself) and systems built on Tekton Pipelines (a Kubernetes based CI/CD platform) like Jenkins X and OpenShift Pipelines.

You’ll see how you can control the order of container execution within a Pod, stream logs to a persistent store at scale, and gracefully handle the appearance and lifecycle of injected sidecars. You’ll learn some of the benefits and drawbacks, as well as how to overcome the hurdles.

Speakers

Jason Hall

Software Engineer, Google

Jason Hall (he/him) is a software engineer at Google, currently working on the Tekton project. Before Tekton, he helped launch Google Cloud Build (formery Google Cloud Container Builder), and before that helped launch Google Cloud Source Repositories.

Christie Wilson

Software Engineer, Google

Christie Wilson (she/her) is a software engineer at Google and co-creator of the Tekton project. Over the past decade+ she has worked in the mobile, financial and video game industries. Prior to working at Google she built load testing tools for AAA video game titles, and founded... Read More →

Russian Doll slides pdf

Tuesday November 19, 2019 2:25pm - 3:00pm PST
Room 6C - San Diego Convention Center Upper Level

Introducing KFServing Cloud Native Serverless Inferencing pdf

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

2:25pm PST

Introducing KFServing: Serverless Model Serving on Kubernetes - Ellis Bigelow, Google & Dan Sun, Bloomberg

Production-grade serving of ML models is a challenging task for data scientists. In this talk, we'll discuss how KFServing powers some real-world examples of inference in production at Bloomberg, which supports the business domains of NLP, computer vision, and time-series analysis. KFServing (https://github.com/kubeflow/kfserving) provides a Kubernetes CRD for serving ML models on arbitrary frameworks. It aims to solve 80% of model serving use cases by providing performant, high abstraction interfaces for common ML frameworks. It provides a consistent and richly featured abstraction that supports bleeding-edge serving features like CPU/GPU auto-scaling, scale to and from 0, and canary rollouts. KFServing's charter includes a rich roadmap to fulfill a complete story for mission critical ML, including inference graphs, model explainability, outlier detection, and payload logging.

Speakers

Dan Sun

Software Engineer Team Lead, Bloomberg

Dan Sun is a team lead of the Data Science Serverless Runtime team at Bloomberg. Focused on building mission-critical production ML inference managed solutions, he strives to understand and tackle data scientists' complex problems. He also has many years of experience at Bloomberg... Read More →

Ellis Bigelow

Software Engineer, Google

Ellis Bigelow is a software engineer at Google Cloud developing next generation systems for the AI Platform Prediction Service. In addition to his efforts on Google's managed product, he leads the open source project, Kubeflow/KFServing, a kubernetes-based serverless inferencing platform... Read More →

Tuesday November 19, 2019 2:25pm - 3:00pm PST
Room 15AB - San Diego Convention Center Mezzanine Level

Experience Level Beginner (Very basic information)
Session Slides Included Yes

2:25pm PST

Cloud Provider Subproject AWS / User Group AWS - Cheng Pan, Amazon & Justin SB, Google

SIG AWS is now a sub project of SIG Cloud provider. It is also a User Group. In this session, we will discuss what this means for you and our ongoing roadmap. We will also both demo and discuss features of the 7 projects (previously SIG AWS subprojects) that are part of Cloud Provider Subproject AWS. Bring details of your use cases and feature requests so you can define the future roadmap / feature ask. Also bring your priorities wrt documentation and testing. Finally we will gather together to discuss immediate contributions that folks can make to make these projects meaningful for all users of k8s on AWS.

Speakers

Justin Santa Barbara

Software Engineer, Google

Justin has been contributing to kubernetes since 2014, initially as the primary maintainer of the kubernetes AWS support, he also started the kOps project. He loves helping users adopt and grow their use of kubernetes, and believes that we have only scratched the surface of the kubernetes... Read More →

Tuesday November 19, 2019 2:25pm - 3:00pm PST
Room 6D - San Diego Convention Center Upper Level

Experience Level Any

2:25pm PST

Intro to Thanos: Scale Your Prometheus Monitoring With Ease - Lucas Serven, Red Hat & Dominic Green, Improbable

Thanos is an open-source CNCF Sandbox project that builds upon Prometheus components to create a global-scale highly available monitoring system. It seamlessly extends Prometheus in a few simple steps and it is already used in production by dozens of companies that aim for high multi-cloud scale for metrics while keeping low maintenance cost. During this talk, core maintainers of Thanos will explain basic concepts behind the project, its use cases, and tradeoffs. You will learn where to start and how to quickly deploy Thanos on Kubernetes without impacting your existing Prometheus setup. This talk is recommended for beginners that want to know more about running highly available Prometheus setup at scale with potentially unlimited metric retention with the lowest possible effort and cost.

Speakers

Dominic Green

Lead Engineer, Netspeak Games

Dom was the first cadet to outsmart the Kobiashi Maru, completed the Kessel Run in less than twelve parsecs, and beat Parzival to the First Gate. While not melting reality with fiction Dom works as an Engineer at Netspeak Games a London based game studio that is looking to push the... Read More →

Lucas Servén Marín

Principal Software Engineer, Red Hat

Lucas Servén Marín is a principal software engineer from Spain currently working for Red Hat in Berlin. By trade he is an electrical engineer, with a Masters in robotics. After two years at CoreOS, he joined Red Hat where he works on the OpenShift Monitoring team and contributes... Read More →

CNCFSanDiego IntroductionToThanos pdf

Tuesday November 19, 2019 2:25pm - 3:00pm PST
Room 6F - San Diego Convention Center Upper Level

Experience Level Any
Session Slides Included Yes

2:25pm PST

Intro: Linkerd - William Morgan, Buoyant

In this session, William Morgan will provide an introduction to Linkerd, the CNCF's service mesh project. Linkerd features blazing fast performance, an ultralight footprint, a Kubernetes-native design, and open governance. You'll learn what it does, why it's useful, differences with other service meshes, and finish with a brief Q&A.

Speakers

William Morgan

CEO, Buoyant

William Morgan is the CEO of Buoyant. Prior to founding Buoyant, he was an infrastructure engineer at Twitter, where he ran several teams building on product-facing backend infrastructure. He has worked at Powerset, Microsoft, adap.tv, and MITRE Corp, and has been contributing to... Read More →

Intro to Linkerd Kubecon NA 2019 (San Diego) pdf

Tuesday November 19, 2019 2:25pm - 3:00pm PST
Room 11AB - San Diego Convention Center Upper Level

Experience Level Any
Session Slides Included Yes

2:25pm PST

Introduction to Autoscaling - Marcin Wielgus & Vivek Bagade, Google

Come and see how to reduce the cost of your cluster and make your workloads more robust by dynamically adjusting them to the current traffic. During this talk members of SIG-Autoscaling will explain why you should be autoscaling both applications and clusters, and what tools Kubernetes provides to do that. You will learn the mechanics of Cluster, Horizontal Pod and Vertical Pod Autoscalers, their new features as well as the best practices for applying them in production.

Speakers

Marcin Wielgus

Staff Software Engineer, Google

Marcin Wielgus is a Staff Software Engineer at Google. Marcin joined the company in 2010 and since then he has been working on various projects, ranging from Android applications to recommendation engines. He started contributing to Kubernetes before the 1.0 release and currently... Read More →

Vivek Bagade

Software Engineer, Google Inc

Vivek works at Google developing Kubernetes Cluster Autoscaler and Node Autoprovisioning. In the past, Vivek worked on building a Kubernetes PaaS for cloud robotics with Rapyuta Robotics and building a contextual advertising platform with Media.net

Tuesday November 19, 2019 2:25pm - 3:00pm PST
Room 28ABCDE - San Diego Convention Center Upper Level

Experience Level Any

2:25pm PST

Introduction to CNI, the Container Network Interface Project - Bryan Boreham, Weaveworks & Dan Williams, Red Hat

CNI, the Container Network Interface, is a small but critical piece of infrastructure linking runtimes such as Kubernetes and CloudFoundry to dozens of different container network implementations. This session is aimed at users and developers who have little previous knowledge of container networking. Attendees will hear: - A broad overview of what CNI is - What the CNCF-hosted CNI project has delivered - How CNI relates to Kubernetes - How they can get more involved in the project

Speakers

Dan Williams

Manager, RHEL Networking, Red Hat

Dan is leading the OVN team. He is one of the architects of the OCP networking. Previously he has worked on Network Manager and made it ubiquitous for all linux distros like RHEL, Fedora, Ubuntu, Suse, Centos. Dan also lead the development of Multus, the plugin layer for Kubes, and... Read More →

Bryan Boreham

Distinguished Engineer, Grafana Labs

Bryan is a Distinguished Engineer at Grafana Labs, the observability company.After first getting into programming as a kid, creating a video game called "Splat", Bryan's career has ranged from charting pie sales at a bakery to real-time pricing of billion-dollar bond trades.At Grafana... Read More →

CNI Intro Nov 2019 pdf

Tuesday November 19, 2019 2:25pm - 3:00pm PST
Room 17AB - San Diego Convention Center Mezzanine Level

Experience Level Any
Session Slides Included Yes

2:25pm PST

Introduction to Windows Containers in Kubernetes - Michael Michael, VMware & Deep Debroy, Docker

The chairs for SIG-Windows will provide an update on the efforts to bring Windows to Kubernetes. This will concentrate on presenting an introduction of Windows Containers in Kubernetes and new features that are being delivered.

Speakers

Michael Michael

Director of Product Management, VMware

Michael Michael (or M2) is a Maintainer of Harbor and Contour, co-chairs Kubernetes' SIG-Windows, and is the product lead for Velero, Octant, and Sonobuoy. M2 is focused on cloud native technologies, delivering agility and simplicity to developers and accelerating the modernization... Read More →

Deep Debroy

Software Engineering Manager, Docker

Deep Debroy is a software Engineering Manager at Docker Inc. focussing on different aspects of enabling Windows workloads on Kubernetes as well as Persistent Storage in general. He is an active contributor to Kubernetes projects under SIG Windows and SIG Storage.

SIG Windows Intro KubeCon US 2019 pdf

Tuesday November 19, 2019 2:25pm - 3:00pm PST
Room 5AB - San Diego Convention Center Upper Level

Experience Level Any
Session Slides Included Yes

2:25pm PST

KubeVirt Intro: Virtual Machine Management on Kubernetes - Steve Gordon, Red Hat & Chandrakanth Jakkidi, F5

This session will provide an introduction to the KubeVirt project, which turns Kubernetes into an orchestration engine for not just application containers but virtual machine workloads as well. This provides a unified development platform where developers can build, modify, and deploy applications made up of both Application Containers as well as Virtual Machines in a common, shared environment.

In the session, you will learn more about why KubeVirt exists, how people are using it today, and how the project actually works from an architectural perspective. You will also see a short demo of the project in action!

Finally, you will hear about future plans for developing KubeVirt’s capabilities that are emerging from the community.

Speakers

Steve Gordon

Principal Product Manager, Red Hat

Geographically displaced Australian. Focused on building infrastructure solutions for compute use cases using a spectrum of virtualization, containerization, and bare-metal provisioning technologies. Stephen is currently a Principal Product Manager at Red Hat based in Toronto, Canada... Read More →

Chandrakanth Jakkidi

Senior Software Engineer, F5 Networks

Chandrakanth Reddy Jakkidi is an Active OpenSource Contributor. He is involved in CNCF and Open Infrastructure community projects. He is Contributed to Openstack , Kubernetes projects.Presently an active contributor to Kubevirt Project.Chandrakanth is having 14+ years experience... Read More →

Introduction to KubeVirt KUBECONNA19 pdf

Tuesday November 19, 2019 2:25pm - 3:00pm PST
Room 33ABC - San Diego Convention Center Upper Level

Experience Level Beginner (Very basic information)
Session Slides Included Yes

2:25pm PST

SIG Usability: Intro and How to Get Started - Tasha Drew, VMware

SIG Usability is a new SIG focused on the core end-user usability of the Kubernetes project. This covers topics like user experience and accessibility. The goal of SIG Usability is to facilitate adoption of the Kubernetes project by as diverse a community of end users as possible. We do this be ensuring that each end user’s interaction with Kubernetes, from discovery to successful production use is seamless and positive. Examples of efforts include user research, internationalization and accessibility. Join us at this session to learn about the SIG, what we've been up to, and how to get involved as a new contributor!

Speakers

Tasha Drew

Senior Director, xLabs, VMware

Tasha has been an innovative product leader in Silicon Valley for over a decade. She is Senior Director of xLabs in the Office of the CTO’s Advanced Technology Group at VMware. She is co-chair of the Kubernetes Working Group for Multi-Tenancy and co-chair of the Kubernetes SIG Usability... Read More →

2019 Intro to SIG Usability pdf

Tuesday November 19, 2019 2:25pm - 3:00pm PST
Room 23BC - San Diego Convention Center Upper Level

Adapting Kubernetes to Constrained IP Address Environments pdf

Experience Level Any
Session Slides Included Yes

2:25pm PST

Adapting Kubernetes to Constrained IP Address Environments - Mahesh Narayanan & Satyadeep Musuvathy, Google

When it comes to IP addresses, Kubernetes has a demand and supply issue.
On the Demand side, Kubernetes treats Pods as first class citizens with their own IPs. This makes port mappings and usage from a developer’s point of view much much simpler. But from an infrastructure perspective, this makes the whole cluster use IP addresses liberally.

On the Supply side, Kubernetes deployments generally run alongside incumbent networks. Therefore there are not enough IPs to allocate and have a production grade deployment.

Based on real world experience by our customers so far, we have found that there are a few ways to design your clusters to address these concerns:
-- Optimize the per node allocation so that the overall consumption can be optimized
-- re-use IP addresses for Infrastructure but have unique Services IPs.
-- Leverage a new IP addressing scheme through non-RFC 1918 ranges

Speakers

Mahesh Narayanan

Product Manager, Google

Mahesh Narayanan is a Cloud Networking Product Manager at Google Cloud. He works on GKE and drives its networking strategy and roadmap. Mahesh has also worked in sales and customer support roles and has a good understanding of customer perspective. Prior to Google, Mahesh worked in... Read More →

Satyadeep Musuvathy

Software Engineer, Google

Satya is a Software Engineer at Google. He lives and breathes GKE including GKE On-Prem. Satya has extensive Enterprise customer experience with stints at companies like Yahoo and Walmart.

Tuesday November 19, 2019 2:25pm - 3:00pm PST
Room 16AB - San Diego Convention Center Mezzanine Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

2:25pm PST

From Issue to PR Merged: A Fluentd “Tail” - Jordan Hamel, Amgen

Do you often find yourself opening an issue or looking for an alternative open-source project with support for your use case? Not sure where to start in contributing a fix for an issue?
Getting involved in the Fluentd ecosystem and submitting a PR helped make it possible for Amgen to effortlessly collect CloudTrail logs from hundreds of AWS accounts owned by separate teams.
We'll take a look at the details of how to collect and annotate logs stored in any format or account in AWS with Fluentd where hundreds or any number of accounts are in use. We'll also follow the details of contributing this now merged PR to the Fluentd S3 plugin that made it possible.
Whether you're a new or long-time user of Fluentd, come and be inspired to consider contributing back to observability related open-source projects like Fluentd and the benefits it can bring to your organization and the community.

Speakers

Jordan Hamel

Sr Mgr Software Development Engineering, Amgen

Jordan Hamel is a software engineer currently at Amgen who cares about making sure software and the users like each other. Having previously led E-commerce operations for years at Newegg.com, he is a huge fan and supporter of making the user experience as observable as possible and... Read More →

fluentd tail prezi convert compressed pdf

Tuesday November 19, 2019 2:25pm - 3:00pm PST
Room 7AB - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

2:25pm PST

Living with the Pathology of the Cloud: How AWS Runs Lots of Clusters - Micah Hausler, Amazon

Disk speed screeches to a crawl, packets get dropped, connections time out: welcome to the cloud! Most of the time the cloud "just works", but when it doesn’t, how does Kubernetes and etcd handle failure? In this talk Micah will discuss considerations for building and configuring cloud native systems for failure including how Amazon EKS’s architecture and design accounts for outages and dependency failures. Micah will also cover and lessons learned from managing lots and lots of Kubernetes and etcd for customers around the world.

Speakers

Micah Hausler

Principal Engineer, AWS

Micah is a Kubernetes contributor, a member of the Kubernetes Security Response Committee, and a Principal Engineer working on EKS at Amazon Web Services.

living with the pathology of the cloud pdf

Tuesday November 19, 2019 2:25pm - 3:00pm PST
Room 29ABCD - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

2:25pm PST

PodOverhead: Accounting for Greater Cluster Stability - Eric Ernst, Intel

Accounting is very important in Kubernetes. Better accounting leads to improved node stability, density, and more accurate charging users based on their actual resource utilization. Unfortunately, there are gaps in resource accounting in Kubernetes today, mostly based on the fact that running a pod is not actually free.

In Kubernetes 1.16, the PodOverhead feature is introduced to fix these issues.

We’ll dive into the details of a pod’s journey from client CLI to running on a node, touching on kubectl, API server, admission controllers, etcd, scheduler, kubelet, containerd/cri-o, and runtimes like Kata Containers and gVisor. Through this we will highlight the current gaps and how the PodOverhead feature addresses them.

Attend to get a basic understanding of the Pod creation process, and learn what the new PodOverhead feature is and how it can be used to improve cluster stability.

Speakers

Eric Ernst

Senior software engineer, Intel

Eric is a senior software engineer at Intel’s Open Source Technology Center, based out of Portland, Oregon. Eric has spent the last several years working on embedded firmware and the Linux kernel. Eric has been a developer and technical lead for the Intel Clear Containers project... Read More →

kubecon PodOverhead v2 pdf

Tuesday November 19, 2019 2:25pm - 3:00pm PST
Room 1AB - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)

2:25pm PST

Enforcing Automatic mTLS with Linkerd and OPA Gatekeeper - Ivan Sim, Buoyant & Rita Zhang, Microsoft

Whether you are operating a 5-node or a 500-node Kubernetes clusters, ensuring the integrity and security of the traffic among your workloads is something that should be taken seriously. As your team grows, it is important to automate the application and management of different mTLS policies.

In this talk, Ivan and Rita will share with you how Linkerd and Gatekeeper work together to automate and enforce mTLS policy in production. They will show you how easy it is to encrypt all east-west traffic using Linkerd’s zero config automatic mTLS feature. Then, you will see how Gatekeeper is used to define, enforce and audit every workload entering your cluster to ensure configuration is valid and conformant to policy.

Speakers

Rita Zhang

Principal Software Engineer, Microsoft

Ivan Sim

Software Engineer, Red Hat

slides v0.0.1 pdf

Tuesday November 19, 2019 2:25pm - 3:00pm PST
Room 31ABC - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

2:25pm PST

Porting Envoy to Windows; A Progress Report - Yechiel Kalmenson & William A. Rowe, Jr., Pivotal

Envoy is a high-performance open source edge and service proxy that makes the network transparent to applications. As of now Envoy is only available on Linux, and that’s a big blocker for Windows teams who want to migrate their monolithic apps to more service-oriented architectures.

Last year a team at Pivotal started working with Microsoft on making Envoy on Windows a reality. This talk will give a progress report on the work being done:

* An overview of the history of the project. Starting with the work done by Microsoft, contributions to upstream so far, and what we have left.

* Some of the challenges the team faced and how they overcame them. For example, the workarounds we employed to get a working Windows environment for Envoy, and some of the performance issues which still need to be solved.

* What the team is currently working on and what the outlook for the future is like.

Speakers

William A. Rowe, Jr.

Principal Software Engineer, Pivotal

William is a veteran of the Apache HTTP Server and APR projects, establishing Windows as a first class platform at these projects. He's applying this experience at Pivotal to help the Envoy Proxy project crew bring Envoy to native Windows OS.

Yechiel Kalmenson

Software Engineer, Pivotal

Yechiel Kalmenson was born and raised in Brooklyn. He got his rabbinical training in Israel and spent a few years teaching both children and adults. After a brief stint in Tech Support, he found his next calling and went on to study software development. He currently works as a... Read More →

Porting Envoy To Windows pdf

Tuesday November 19, 2019 2:25pm - 3:00pm PST
Room 32AB - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

2:25pm PST

Building a Database as a Service on Kubernetes - Abhi Vaidyanatha & Lucy Burns, PlanetScale

Stateful, scalable storage on Kubernetes is an unsolved problem. Creating it as a service is even more difficult. The cloud-native ecosystem offers many tools such as the operator-sdk, Prometheus, Grafana, etcd, Vitess, and much more, but integrating them isn't necessarily intuitive.

Two of PlanetScale's employees that have engineered and managed the project describe the journey of leveraging all of these open source technologies to build out a database as a service on Kubernetes.

Speakers

Lucy Burns

Product Manager, PlanetScale

Abhi Vaidyanatha

Software Engineer, PlanetScale

Abhi is a confused economist who enjoys writing backend code for various parts of PlanetScale's Vitess management software. In his spare time he is a DJ, podcast host, and competitive Super Smash Bros. player.

Building a Cloud Database pdf

Tuesday November 19, 2019 2:25pm - 3:00pm PST
Room 30ABCDE - San Diego Convention Center Upper Level

Managing Apache Flink on Kubernetes FlinkK8sOperator (1) pdf

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

3:20pm PST

Managing Apache Flink on Kubernetes - FlinkK8sOperator - Anand Swaminathan, Lyft

We have designed and built an open-source Kubernetes native operator that manages the complete lifecycle of Apache Flink applications from creation to execution. FlinkK8sOperator (https://github.com/lyft/flinkk8soperator) leverages Kubernetes CustomResourceDefinition to enable native management of Flink applications on Kubernetes. In this session, I will be presenting some of the unique challenges of running a complex, stateful application on Kubernetes, and the lessons we have learnt. I will also be providing an overview of how flink operator abstracts out the complexity of hosting, configuring, managing and operating 1000s of Flink clusters from application developers, and concluding with a demo.

Speakers

Anand Swaminathan

Software Engineer, Lyft

Anand currently works as a Software Engineer at Lyft building infrastructure for large scale streaming and batch processing systems. He is a major contributor and core maintainer of the open source project - FlinkK8sOperator. Prior to Lyft, Anand worked on DynamoDB (AWS), building... Read More →

Tuesday November 19, 2019 3:20pm - 3:55pm PST
Room 6D - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

3:20pm PST

10 Weird Ways to Blow Up Your Kubernetes - Melanie Cebula & Bruce Sherrod, Airbnb

It’s a brand new world in infrastructure with the advent of microservices, containerization, Kubernetes, and service mesh. And all is well. Or is it? Find out how easy it is to break container runtimes, abuse your service mesh, and take all of your production services down-- the results will surprise you! In the last year Airbnb scaled up to over 700 services in Kubernetes, running on all types of workloads across 1000s of nodes and dozens of clusters. We’ve learned a lot along the way and have some of our favorite stories to share-- from weird bugs, to hacky workarounds, to serious downtime. Favorites include:
- “Just what is the autoscaler doing”?
- “Knock knock, It’s Kube-DNS”
- “Whose PID is it anyway”?
and more!

Speakers

Melanie Cebula

Staff Software Engineer, Airbnb

Melanie Cebula is an expert in Cloud Infrastructure, where she is recognized worldwide for explaining radically new ways of thinking about cloud efficiency and usability. She is an international keynote speaker, presenting complex technical topics to a broad range of audiences, both... Read More →

Bruce Sherrod

Software Engineer, Airbnb

Bruce Sherrod is a software engineer on the service orchestration team at Airbnb.

kubecon 2019 preso pdf

Tuesday November 19, 2019 3:20pm - 3:55pm PST
Ballroom Sec 20AB - San Diego Convention Center Upper Level

Admission Webhooks Configuration and Debugging Best Practices pdf

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

3:20pm PST

Kubernetes in Your 4x4 – Continuous Deployment Directly to the Car - Rafal Kowalski, Grape Up

Automotive industry is getting more and more digitalized. Vehicles are not only a mean of transportation, but they pursue to be the drivers' control center with multiple software components onboard. To keep pace with evolving customer expectations and the newest technological solutions, vehicle's software requires frequent updates. However, the delivery process in a scaled up environment is not straightforward. Developers and operators have to face challenges, which are unusual in the typical Cloud Native world. Even basic service deployment may be complicated due to network performance or geographical considerations. During this talk, Rafał will show how to use Kubernetes, KubeEdge, k3s, Jenkins and RSocket for building continuous deployment pipelines, which ship software directly to the car, deals with rollbacks and connectivity issues.

Speakers

Rafał Kowalski

Cloud Solution Architect, Grape Up

Rafał Kowalski is a Cloud Solution Architect at Grape Up and a PhD student at the Complex Theory System Department at the Institute of Nuclear Physics Polish Academy of Science. His professional career, as well as scientific work, is related to delivering robust, scalable cloud-based... Read More →

Kubernetes in your 4x4 pdf

Tuesday November 19, 2019 3:20pm - 3:55pm PST
Room 6C - San Diego Convention Center Upper Level

CI/CD

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

3:20pm PST

Admission Webhooks: Configuration and Debugging Best Practices - Haowei Cai, Google

Admission (mutating and validating) webhooks have become popular mechanisms for extending Kubernetes API request admission. The admission webhook API is graduating GA in Kubernetes 1.16, where new features are introduced and debuggability improvements are made. In this talk, the audience will learn common pitfalls in admission webhook development, best practices in webhook configuration, and how to identify and debug failures caused by misconfigured or buggy admission webhooks.

Speakers

Haowei Cai

Software Engineer, Google

Haowei Cai is a Software Engineer for Google Cloud. He is one of the owners of Kubernetes Python client library and an active Kubernetes SIG API Machinery contributor. He has been contributing to Kubernetes Extensibility (Admission Webhooks and CRD) to GA working group in the past... Read More →

Tuesday November 19, 2019 3:20pm - 3:55pm PST
Room 29ABCD - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

3:20pm PST

Towards Continuous Computer Vision Model Improvement with Kubeflow - Derek Hao Hu & Yanjia Li, Snap Inc.

With deep learning gaining popularity in industry, there is a lot of material focusing on model training and serving. However, in production machine learning typically isn't complete after a single round of training. Model owners need to find ways to improve trained models regularly, and good machine learning pipelines achieve this by leveraging continuous feedback.

In this talk, we will demonstrate how Kubeflow and Kubeflow Pipelines are being used to continuously improve computer vision models at Snapchat. We will walkthrough how we orchestrate multiple components with Kubeflow Pipelines to extract data, label images, and (re)train machine learning models. We will also discuss best practices for authoring Kubeflow Pipeline components based on our experiences from developing and deploying these components for production use.

Speakers

Derek Hao Hu

Software Engineer, Snap Inc.

Derek Hao Hu is a software engineer at Snap on the Perception team. He's been working on building machine learning infrastructure, components, pipelines and tools that power different types of computer vision experiences inside Snapchat.

Yanjia Li

Software Engineer, Snap Inc.

Yanjia Li is a Software Engineer on the Perception team of Snap. He has been working on the algorithms and systems behind various computer vision products in Snapchat. One of his focus areas is building the software to handle large-scale deep learning model training and inference... Read More →

Tuesday November 19, 2019 3:20pm - 3:55pm PST
Room 31ABC - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)

3:20pm PST

An Introduction to Helm - Matt Farina, Samsung SDS & Josh Dolitsky, Blood Orange

CNCF Helm is a package manager that provides the tools to find, share, and install and manage software in Kubernetes. In this session you will learn the basics about using Helm. We will look at the makeup of charts, the packages for Helm. From there we will explore the ways to share and consume charts. To complete the lifecycle, we will look at installing and managing charts in a Kubernetes cluster. Helm is a project that was first introduced in 2015 and was part of Kubernetes prior to the creation of the CNCF. It entered the CNCF as part of Kubernetes and grew to eventually became a sister project, alongside Kubernetes, in the CNCF.

Speakers

Matt Farina

Distinguished Engineer, SUSE

Matt works as a Distinguished Engineer at SUSE, where he works on Rancher, focusing on cloud native technologies. He is also a member of the CNCF Technical Oversight Committee. Matt is an author, speaker, and regular contributor to open source.

Josh Dolitsky

Founder & Chief Engineer, bloodorange.io

Helm Intro pdf

Tuesday November 19, 2019 3:20pm - 3:55pm PST
Ballroom Sec 20CD - San Diego Convention Center Upper Level

Experience Level Any
Session Slides Included Yes

3:20pm PST

CNCF Network SIG Intro & Deep-Dive - Lee Calcote, Layer5 & Matt Klein, Lyft

“It’s the network!” is the cry of every system administrator, every developer. With the increased prevalence of microservice-based distributed systems, it’s true - networking as a discipline has never been more critical in the efficient operation of cloud native deployments. Networking primitives, including load balancing, observability, authentication, authorization, policy, rate limiting, QoS, mesh networks, legacy infrastructure bridging, and so on are now receiving substantial development and investment throughout the industry and are the subject of focus of the CNCF Network SIG.

Join this talk for an intro to the SIG, its charter and a deeper discussion of current cloud native networking topics being advanced in this SIG. Current CNCF projects in-scope: CNI, CoreDNS, Envoy, gRPC, Linkerd, NATS, Network Service Mesh.

Speakers

Matt Klein

Software Engineer, Lyft

Matt Klein is a software engineer at Lyft and the creator of Envoy. He has been working on operating systems, virtualization, distributed systems, networking, and making systems easy to operate for nearly 20 years across a variety of companies. Some highlights include leading the... Read More →

Lee Calcote

Founder and CEO, Layer5

Lee Calcote is an innovative product and technology leader, passionate about empowering engineers and enabling organizations. As Founder and CEO of Layer5, he is at the forefront of the cloud native movement. Open source, advanced and emerging technologies have been a consistent focus... Read More →

Tuesday November 19, 2019 3:20pm - 3:55pm PST
Room 6E - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)

3:20pm PST

Community Bridge BoF - Ihor Dvoretskyi, Cloud Native Computing Foundation & Shubhra Kar, Linux Foundation

CommunityBridge is a platform Developed by the Linux Foundation, which accelerates the adoption, innovation, and sustainability of open source software. This year, CNCF is participating in the Community Bridge, sponsoring three students to work on Kubernetes and CoreDNS projects during the foundations’ pilot stage. This BoF is an opportunity to meet in person and discuss the areas of collaboration between Community Bridge and the Cloud Native Community.

Speakers

Shubhra Kar

CTO and GM of Product & IT, Linux Foundation

Ihor Dvoretskyi

Developer Advocate, Cloud Native Computing Foundation

Tuesday November 19, 2019 3:20pm - 3:55pm PST
Room 23BC - San Diego Convention Center Upper Level

Experience Level Any

3:20pm PST

Fluentd: Cloud Native Logging - Yuta Iwama & Masahiro Nakagawa, Arm Treasure Data

Logging for cloud-native applications and environments is a continuous challenge from an operational perspective. Fluentd offers a full logging layer than can be accommodated and extended as required to solve any logging need. In this Fluentd session, you will learn about its administration and log processing from a general perspective.

Speakers

Masahiro Nakagawa

Principal Engineer, Treasure Data

Fluentd maintainer

Yuta Iwama

Software Engineer, Arm Treasure Data

Fluentd maintainer

CNCFCon KubeCon NA 2019 pdf

Tuesday November 19, 2019 3:20pm - 3:55pm PST
Room 17AB - San Diego Convention Center Mezzanine Level

Experience Level Any
Session Slides Included Yes

3:20pm PST

Intro to the Kubernetes Working Group for Multi-tenancy - Tasha Drew, VMware

This introduction will go over what the multi-tenancy working group has been working on and how new contributors can become engaged. New users and contributors are encouraged to attend if multi-tenancy in core Kubernetes is something you are interested in or are working on implementing at your own organization.

Speakers

Tasha Drew

Senior Director, xLabs, VMware

2019 Intro to Multi tenancy WG pdf

Tuesday November 19, 2019 3:20pm - 3:55pm PST
Room 5AB - San Diego Convention Center Upper Level

Experience Level Any
Session Slides Included Yes

3:20pm PST

Intro: Harbor - Enterprise Cloud Native Artifact Registry - Steven Ren & Alex Xu, VMware

As container technology becomes widely adopted in the industry, how to manage containerized applications poses new challenges to platform engineers. One of the challenges is to securely and efficiently manage containerized application packages with either container image or Helm Chart format. Project Harbor is an open-source trusted cloud native registry project that stores, manages, signs, and scans content, thus resolving common image or Helm Chart management challenges. In this presentation, we will focus on the management of container images and Helm Charts through Harbor. We will review and provide solutions to the challenges faced by organizations, including RBAC (Role-Based Access Control), vulnerability scanning, large scale content distribution, content replication, content trust (notary), webhook, tag retention, and DevOps integrations, etc.. Real-world use cases will be discussed in the session. Of course, fantastic demos will be shown to let you easily understand the related use cases.

Speakers

Steven Ren

Senior Manager, VMware

Alex Xu

Product Manager, VMware

Tuesday November 19, 2019 3:20pm - 3:55pm PST
Room 14AB - San Diego Convention Center Mezzanine Level

Experience Level Any

3:20pm PST

Jaeger Intro - Yuri Shkuro, Uber Technologies & Pavol Loffay, Red Hat

This session is an introduction to Jaeger and distributed tracing. We will do a demo of the current Jaeger features, talk about the roadmap, and finish with a Q&A. After this session the attendees should better understand how Jaeger fits in the observability space for cloud native applications. For more information on the project everybody is welcome to attend the Jaeger Deep Dive Session.

Speakers

Pavol Loffay

Principal Software Engineer, Red Hat

Pavol Loffay is a principal software engineer at Red Hat working on open-source observability technology for modern cloud-native applications. Pavol contributes and maintains Cloud Native Computing Foundation (CNCF) projects OpenTelemetry and Jaeger. In his free time, Pavol likes... Read More →

Yuri Shkuro

Software Engineer, Uber Technologies

Yuri Shkuro is a software engineer at Uber Technologies, working on distributed tracing, observability, reliability, and performance problems; author of the book ["Mastering Distributed Tracing"](https://www.shkuro.com/books/2019-mastering-distributed-tracing/); creator of Jaeger... Read More →

KCCNCNA19 Jaeger Intro pdf

Tuesday November 19, 2019 3:20pm - 3:55pm PST
Room 16AB - San Diego Convention Center Mezzanine Level

Experience Level Any
Session Slides Included Yes

3:20pm PST

Service Discovery With Hybrid and Multi-Cloud: Introduction to CoreDNS - Yong Tang, MobileIron

CoreDNS is a flexible and extensible DNS server with a focus on service discovery. While best known for its ability to serve as the cluster DNS of Kubernetes, CoreDNS is also capable of service discovery in hybrid or multi-cloud environments. The flexibility and extensibility of CoreDNS comes from its unique plugin-based architecture. With plugins such as Route53, Azure, or Google Cloud DNS, CoreDNS exposes services from Kubernetes clusters and cloud service providers in similar fashion. In this Intro session, the focus is it to discuss service discovery in a hybrid environment. Several interesting Corefile configurations will be shared, which are very useful in production usage. The updates on the current state and the road map of CoreDNS, and how CoreDNS as a project could be extended for usages beyond DNS, will be discussed as well.

Speakers

Yong Tang

Senior Director of Engineering, Ivanti

Yong Tang is Senior Director of Engineering at Ivanti. He is a core maintainer of CoreDNS and contributes to many container, cloud-native, and machine learning projects for the open source community. In addition to CoreDNS, he is a maintainer of Docker/Moby. He is also a maintainer... Read More →

KubeCon San Diego CoreDNS pdf

Tuesday November 19, 2019 3:20pm - 3:55pm PST
Room 33ABC - San Diego Convention Center Upper Level

Experience Level Any
Session Slides Included Yes

3:20pm PST

Using TUF to Mitigate Repository Compromises - Marina Moore, NYU & Justin Cappos, NYU

The secure distribution of software is critical to the overall security of a system. In this talk, Justin Cappos and Marina Moore will provide an introduction to The Update Framework (TUF), a CNCF project that has been used throughout the cloud native community for compromise resilient software updates. TUF provides a flexible framework for secure updates even through a compromise of signing keys or the update repository. You will come away from this talk with an understanding of why secure distribution of software is important and how TUF can be used to achieve this goal.

Speakers

Justin Cappos

Professor, NYU

Marina Moore

PhD Candidate, New York University

Marina Moore is a PhD candidate at NYU Tandon’s Secure Systems Lab researching secure software updates and software supply chain security. She is a maintainer of The Update Framework (TUF), a CNCF graduated project, as well as in-toto, an incubating project. She contributed to the... Read More →

Tuesday November 19, 2019 3:20pm - 3:55pm PST
Room 32AB - San Diego Convention Center Upper Level

CNCon NA 2019 Design Decisions for Communication Systems pdf

Experience Level Any

3:20pm PST

Design Decisions for Communication Systems - Eric Anderson, Google

When hearing about a new programming language, one might learn it is imperative, strongly-typed, dynamically-type-checked, object-oriented, and garbage-collected. If they have used multiple languages in the past, they now have a pretty good view of the basic constraints of the language.

When it comes to communication systems, it's not as much common knowledge the design choices made and the impact they have. Come hear Eric Anderson discuss a variety of communication systems, from IPC to message queues to REST, modern and historical, and the various features they provide and some trade-offs involved. Learn where gRPC fits and how its design choices impact your service design.

Speakers

Eric Anderson

Software Engineer, Google

Tuesday November 19, 2019 3:20pm - 3:55pm PST
Room 15AB - San Diego Convention Center Mezzanine Level

Experience Level Beginner (Very basic information)
Session Slides Included Yes

3:20pm PST

Weighing a Cloud: Measuring Your Kubernetes Clusters - Han Kang, Google & Elana Hashman, Red Hat

Kubernetes is complicated. Instrumenting it can be worse. Measuring the components of a distributed system shouldn't be as daunting as being asked to weigh a literal cloud.

In this talk, we'll go over the components of a Kubernetes control-plane and show you where to look to figure out what is actually happening. We will show you common cluster issues and how they would look in your instrumentation, so that you can more effectively diagnose clusters.

Starting in version 1.14, Kubernetes metrics were overhauled to provide consistent, high quality metrics. Han Kang and Elana Hashman will go over the changes and the potential ingestion implications of this overhaul and how it may affect you.

Speakers

Han Kang

Senior Staff Software Engineer, Google

Han Kang is a Senior Staff Software Engineer at Google. Han co-chairs SIG instrumentation while also participating in SIG API Machinery, focusing on operational aspects of managing Kubernetes clusters.

Elana Hashman

Principal Software Engineer, Red Hat

Elana Hashman currently works for Red Hat as a Principal Software Engineer on the OpenShift Container Platform Node Team, working upstream in Kubernetes SIG Node. Previously, she served as an SRE and technical lead on Azure Red Hat OpenShift. She is a subproject lead for the SIG Node... Read More →

Weighing a Cloud: Measuring Your Kubernetes Clusters pdf

Tuesday November 19, 2019 3:20pm - 3:55pm PST
Room 30ABCDE - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

3:20pm PST

Building the Cloud Native Kernel: Kubernetes Release Engineering - Tim Pepper & Stephen Augustus, VMware

Is Kubernetes a kernel or distribution? Yes! It is necessarily both!

CRD’s, out-of-tree cloud providers, and CNI/CSI/CRI abstractions evolve Kubernetes’ core toward an extensible kernel.

At 2017, KubeCon NA Tim Hockin and Michael Rubin started a conversation on formalizing “Kubernetes upstream as a distro”, proposing we clean up thinking/processes, define tools/standards, incentivize distros to stay close. They argued for a Kubernetes reference distribution focused on correctness and stability.

So where is it?

After a slow start, we have momentum in 2019 to improve conformance, API stability, and better documented support stances. However to understand why we don’t (yet) have an upstream reference distro, we need to dive deep on build/release/test tooling.

This talk will summarize Kubernetes distro issues/advances and potential contribution areas for individuals and companies.

Speakers

Stephen Augustus

Lead, Cloud Native Tools & Advocacy, VMware

Tim Pepper

Principal Engineer, VMware

Tim Pepper is a Principal Engineer in VMware's Open Source Technology Center with over 25 years in open source, working as an open source developer advocate and contributor to Kubernetes (emeritus Steering Committee elected member, emeritus Code of Conduct Committee elected member... Read More →

KubeCon NA 2019 Building the Cloud Native Kernel pptx

Tuesday November 19, 2019 3:20pm - 3:55pm PST
Room 1AB - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

3:20pm PST

Superpowers for Windows Containers - Deep Debroy & Jean Rouge, Docker

The Windows Operating System does not support privileged operations from inside a container today. Daemon-sets on Windows nodes in Kubernetes clusters that need to perform configuration actions on the node are significantly impacted by the absence of privileged mode support on Windows. In this talk we:
1. Explore the pros and cons of the options the SIG Windows community brainstormed to provide containers running on Windows the ability to perform privileged operations while being managed by Kubernetes.
2. Delve into the specific characteristics of the privileged proxy approach we decided to adopt.
3. Demonstrate how the privileged proxy approach is used to support privileged operations that need to be executed by daemon-sets associated with CSI plugins running on Windows nodes in a Kubernetes cluster.

Speakers

Deep Debroy

Software Engineering Manager, Docker

Jean Rouge

Senior Software Engineer, Docker

Jean is a Senior Software Engineer at Docker and an active contributor in kubernetes and various Docker open-source projects. Most recently he has led the work around GMSA support in Windows on Kubernetes. He's been passionate about DevOps since the beginning of his career: he's worked... Read More →

WindowsSuperpowers pdf

Tuesday November 19, 2019 3:20pm - 3:55pm PST
Room 7AB - San Diego Convention Center Upper Level

Experience Level Advanced (Expert level experience)
Session Slides Included Yes

3:20pm PST

Walls Within Walls: What if Your Attacker Knows Parkour? - Tim Allclair & Greg Castle, Google

What happens if an attacker escapes a container and compromises your node? Is it game over for the whole cluster, or can you limit the blast radius? Whether it be for defense in depth or multi-tenancy, it is important to understand the security boundaries in your cluster. In this talk, we’ll discuss various isolation approaches and evaluate them through the eyes of an attacker who has compromised a node and is looking to propagate.

We’ll deep dive on ‘node isolation’: using Kubernetes scheduling to execute workloads on separate nodes, and demonstrate live attacks and defences to educate about strengths and weaknesses of this strategy. We’ll also discuss progress made by SIG-Auth in this area over the past few releases. After this talk you will understand when node isolation is or isn't an appropriate security mechanism, the steps to implement it, and what some alternatives are.

Speakers

Greg Castle

Kubernetes/GKE Security Tech Lead, Google

Greg is the tech lead for the Kubernetes and Google Kubernetes Engine (GKE) security team at Google, and is a regular at SIG-Auth. Greg has 15 years of experience in a number of security roles including product security, penetration testing, incident response, platform hardening... Read More →

Tim Allclair

Software Engineer, Google

Tim Allclair joined the Kubernetes project just after the 1.0 launch in 2015, and currently works on the GKE Control Plane team. He is a member of the Kubernetes Security Response Committee, and a SIG Auth maintainer (previous co-chair). He has led development of several Kubernetes... Read More →

walls within walls castle tallclair kubeconUSA2019 pdf

Tuesday November 19, 2019 3:20pm - 3:55pm PST
Room 6F - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

3:20pm PST

Airbnb Service Discovery: Past, Present, Future (Challenges of Change) - Chase Childers, Airbnb

In 2013, Airbnb released an open source service discovery solution (SmartStack) and has functioned on the same framework for years. Historically our infrastructure ran on AWS EC2 instances and utilized HAProxy (within Smartstack) for proxying traffic. With a migration to Service Oriented Architecture and Kubernetes, our service discovery must also change. In this presentation we will cover the evolution of our service discovery framework starting with where we started, where we’ve been, where we’ve failed, and where we’re going (hint: Envoy) at Airbnb. This includes both our missteps and our learnings from migrating within a hybrid EC2/Kubernetes world. We’ll dive deep into topics such as challenges of managing and migrating your own service discovery stack, migrating ingress and egress traffic independently, and rolling out infrastructure changes across a massive fleet of services.

Speakers

Chase Childers

Site Reliability Engineer, Airbnb

Chase Childers is on the Site Reliability Engineering Team at Airbnb. He has collaborated with the Service Orchestration and Traffic teams to focus on service discovery migrations in the EC2 and Kubernetes context. Outside of this collaboration, his related work includes preparing... Read More →

Airbnb Service Discovery KubeCon 2019 pdf

Tuesday November 19, 2019 3:20pm - 3:55pm PST
Room 28ABCDE - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

3:20pm PST

Vitess: Stateless Storage in the Cloud - Sugu Sougoumarane, PlanetScale

When Vitess was migrated to run from bare-metal into Google's cloud, it was deployed as a regular stateless application. This meant that a process reschedule resulted in all the local data being wiped.

The property of Vitess to survive in such an unforgiving environment made it naturally suited to run on Kubernetes.

How did Vitess manage to run on such an environment without losing data, and providing High Availability, Scale and Performance? How are other organizations running Vitess?

This session will answer these questions, as well as go into the design principles that prepared Vitess to be cloud-native.

Speakers

Sugu Sougoumarane

CTO, Planetscale, Inc.

Vitess@SanDiego pdf

Tuesday November 19, 2019 3:20pm - 3:55pm PST
Room 11AB - San Diego Convention Center Upper Level

Experience Level Beginner (Very basic information)
Session Slides Included Yes

Dejan Bosanac

Principal Software Engineer, Red Hat

I’m a software engineer at Red Hat with an interest in open source and integrating systems. Over the years I’ve been involved in various open source communities tackling problems like: Software supply chain security, IoT cloud platforms and Edge computing, Enterprise messaging... Read More →

Ted Ross

Senior Principal Software Engineer, Red Hat

Ted Ross has been with Red Hat Engineering since 2007 working on messaging products like MRG and A-MQ. He is currently working on the Skupper project. His background is in embedded systems and Networking. One of his primary interests is in bringing the performance, scale, and reliability... Read More →

Developing Edge with Kubernetes pdf

Tuesday November 19, 2019 4:25pm - 5:00pm PST
Room 28ABCDE - San Diego Convention Center Upper Level

Making an Internal Kubernetes Offering Generally Available pdf

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

4:25pm PST

Making an Internal Kubernetes Offering Generally Available - James Wen, Spotify

In the span of two years, Spotify went from two developers investigating what a potential migration to Kubernetes might involve to having an internal, multi-tenant offering of Kubernetes become generally available for all its developers as the new, primary runtime offering.

Spotify has previously given talks on the earlier bootstrapping, experimentation, alpha, and beta phases of this migration process. However, this talk will focus on the latter work involved in bringing the internal offering of Kubernetes “across the finish line.” The talk will cover what was required to bring the offering to general availability, including work shoring up scalability and reliability via a multicluster strategy, DIRT testing, operational metrics and alerts. This talk will also cover the technical and process elements involved in designing a successful self-service migration experience for developers.

Speakers

James Wen

Senior Site Reliability Engineer, Spotify

James Wen is a senior site reliability engineer at Spotify, where he’s currently focused on revamping Spotify’s runtime infrastructure. Previously, James was the team lead (anchor) of the Cloud Foundry Buildpacks team at Pivotal and served as a core contributor and maintainer... Read More →

Tuesday November 19, 2019 4:25pm - 5:00pm PST
Room 30ABCDE - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

4:25pm PST

Mario’s Adventures in Tekton Land - Vincent Demeester, Red Hat & Andrea Frittoli, IBM

Tekton is a Kubernetes-native, lightweight, easy to manage CI/CD pipelines engine. Pipeline building blocks can be reused, version controlled and curated in a catalogue that embeds best practices. Tekton, hosted by the CD Foundation, aspires to be the common denominator in CI/CD. The Tekton team wanted to make sure that the project is going in the right direction by "dogfooding" i.e. by using Tekton to run its own automation "plumbing". The initial continuous integration setup embedded most of the testing pipelines in bash scripts. The speakers replaced this with Tekton, hence improving the readability of the pipelines and the reproducibility of CI runs. Eventually, they moved onto continuously delivering Tekton and its pipelines via Tekton. In this talk, the speakers will tell their experiences about using a cloud-native pipeline system to test, release and continuously deploy itself.

Speakers

Andrea Frittoli

Open Source Developer Advocate, IBM

Andrea Frittoli is a Developer Advocate at IBM and an open source enthusiast. He is the co-founder of the CDEvents project and member of the project Governing Board. He is the chair of the CDF TOC and member of the Governing Board. He's a strong advocate for transparency in open source... Read More →

Vincent Demeester

Principal Sofware Engineer, Red Hat

I'm a french developer, Gopher, sysadmin, factotum, free-software fan and unicode lover ; tektoncd, docker/moby maintainer, knative contributor amongst other project.

Mario's Adventures in Tekton Land(2) pdf

Tuesday November 19, 2019 4:25pm - 5:00pm PST
Room 17AB - San Diego Convention Center Mezzanine Level

CI/CD

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

4:25pm PST

Polymorphic Reconcilers in Kubernetes - Advanced DuckTyping - Scott Nichols & Matt Moore, Google

The explosion of Custom Resources in Kubernetes has lead to the development of new techniques to reference and reconcile objects in Kubernetes. Come learn how we are leveraging some simple patterns to produce complex systems within Kubernetes in the Knative project, and how you can adapt these methods to your applications.

Speakers

Matthew Moore

Software Engineer, VMware

Matt is a member of the Technical Oversight Committee for Knative, leads Knative Serving, and started Knative Build. Previously as Google, Matt was Uber TL of container tools, and was the original TL for Google's Container Registry (gcr.io).

Scott Nichols

Founder Chainguard, Chainguard, Inc

Scott Nichols is a focused on making it easy to create and understand portable event driven serverless workloads. This work is done through Kubernetes, Knative and CloudEvents.

duck talk 2 pdf

Tuesday November 19, 2019 4:25pm - 5:00pm PST
Room 16AB - San Diego Convention Center Mezzanine Level

Kubecon San Diego — Measuring and Optimizing Kubernetes Usage at Lyft pdf

Experience Level Advanced (Expert level experience)
Session Slides Included Yes

4:25pm PST

Measuring and Optimizing Kubeflow Clusters at Lyft - Konstantin Gizdarski, Lyft & Richard Liu, Google

Machine learning workloads are often resource-intensive operations. As companies adopt more of these workloads, tracking resource consumption and optimizing spending becomes more challenging.

At Lyft, we developed a system which scrapes metrics from Kubernetes clusters and persists them in data warehouses. We then built a pipeline that transforms snapshots into cluster utilization metrics along the dimensions of CPU, memory, and GPU. Finally we join these metrics into our cost and usage dataset, so teams can budget resources accordingly and reduce spending.

In this talk, we will give an overview of Infraspend - our infrastructure for tracking Kubernetes usage. Attendees will learn how the data we collected helped Lyft reduce spending for Kubeflow clusters. The audience will also gain insights into how Kubernetes clusters can be optimized without performance or stability compromises.

Speakers

Richard Liu

Senior Software Engineer, Google

Richard Liu is a Senior Software Engineer at Google Cloud. He is currently an owner and maintainer of the TensorFlow operator and Katib projects in Kubeflow. Previously he had worked as a software developer at Microsoft Azure.

Konstantin Gizdarski

Software Engineer, Lyft

Konstantin Gizdarski is a Software Engineer at Lyft, where he has been working on — among other things — surfacing the utilization and efficiency of Kubernetes infrastructure. Previously, he has worked on machine learning and product at both Facebook and Stripe.

Tuesday November 19, 2019 4:25pm - 5:00pm PST
Room 6C - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

4:25pm PST

Birds of a Feather: CNCF Project Maintainers - Amye Scavarda, Cloud Native Computing Foundation

Speakers

ascavarda

Director of Developer Programs, CNCF, The Linux Foundation

Tuesday November 19, 2019 4:25pm - 5:00pm PST
Room 23BC - San Diego Convention Center Upper Level

4:25pm PST

Birds of a Feather: SODA: The Path To Data Autonomy - Steven Tan, Futurewei & Anjaneya "Reddy" Chagam, Intel

Data autonomy is the ability to control data anywhere, anytime. It is about storing, running and managing data for cloud native, virtualization, and legacy environments both on-premise and in the cloud. The SODA Foundation is embarking on a mission to deliver open data autonomy for end users. To tackle this formidable task, SODA has brought together a community of global innovators to collaborate and contribute to this open source project.

Speakers

Reddy Chagam

Senior Principal Engineer and Lead Cloud Storage Architect, Intel

Anjaneya “Reddy” Chagam is a Senior Principal Engineer and Lead Cloud Storage Architect in Intel’s Cloud and Enterprise Solutions Group. He is responsible for developing software-defined storage strategy, architecture, and platform technology initiatives. He is a board member... Read More →

Steven Tan

VP & CTO Cloud Solution, Storage, Futurewei

Steven Tan is VP & CTO Cloud Solution, Storage at Futurewei where he is responsible for open source strategy and collaboration. Steven brought together leaders across industries and founded the SODA Foundation which he currently serves as chair. SODA Foundation is a transformation... Read More →

Tuesday November 19, 2019 4:25pm - 5:00pm PST
Room 6D - San Diego Convention Center Upper Level

Experience Level Any

4:25pm PST

Dragonfly Intro: Plugin Framework and New Distribution Strategy - Haibing Zhou, eBay & Ben Ye

In cloud native world, image distribution is never an easy problem when the number and size of container images scale up. It has to be fast and resource efficient and to be cloud native. This session shows how Dragonfly solves this problem, and how it can increase the speed of image distribution while keeping the operation effort as less as possible. Meanwhile, this session shares the latest update on Dragonfly project where plugin framework is coming into the picture, and how this can benefit dragonfly users, as an example, this sessions shares how this plugin framework gives a chance for new decentralized distribution strategy.

Speakers

Haibing Zhou

Software Engineer, eBay

Ben Ye

Software Development Engineer, Amazon Web Services

Ben Ye is a software development engineer at AWS. He is a maintainer of Thanos and Cortex, and contributor to many CNCF and Prometheus ecosystem projects, such as Prometheus itself, Prometheus operator, Kubernetes, etc. His interests include observability, distributed systems, storage... Read More →

KubeCon NA19 df intro pdf

Tuesday November 19, 2019 4:25pm - 5:00pm PST
Room 32AB - San Diego Convention Center Upper Level

Experience Level Any
Session Slides Included Yes

4:25pm PST

Intro to Cloud Provider Azure - Rita Zhang & Craig Peters, Microsoft

In this session, you'll learn about how Kubernetes runs on the Azure infrastructure. We will cover development in the cloud provider over recent Kubernetes releases with support for new features in Azure compute like VMSS, networking like Standard Load Balancer, and storage. We'll also cover how all of this is tested and developed, and help you get involved if you would like to contribute.

Speakers

Craig Peters

Product Manager, GitHub

I love building tools to help developers, and aspiring developers, do better work

Rita Zhang

Principal Software Engineer, Microsoft

2019 11 KubeCon NA Intro to CP Azure pdf

Tuesday November 19, 2019 4:25pm - 5:00pm PST
Room 11AB - San Diego Convention Center Upper Level

4:25pm PST

Intro to Kubernetes Sig-Architecture Subprojects - Davanum Srinivas, VMware & Jordan Liggitt, Google

SIG Architecture maintains and evolves the design principles of Kubernetes, and provides a consistent body of expertise necessary to ensure architectural consistency over time. The SIG takes care of evolution of Conformance definitions, API definitions/conventions, Deprecation Policy, Design principles, etc. To support these activities the SIG participants work on multiple subprojects.

They are as follows:

* Architecture and API governance - is largely oriented towards sub-project maintainers.
* Code organization - is oriented towards maintainers and distributions.
* Conformance - is oriented towards distributions and community/ISV ecosystems solutions.
* Production readiness - is oriented towards distributions, support organizations, and users.

In this talk, we will walk through what each of the subprojects does, how they work, how each of them benefit and influence work in the kubernetes community, and how you can get involved.

Speakers

Dims

Principal Engineer, AWS

Davanum Srinivas (a.k.a Dims) is a Principal Engineer with AWS working full time on Kubernetes and related projects at CNCF. At CNCF, Dims has served as a member of the Technical Oversight Committee and as the chair and represented the TOC on the CNCF Governing Board. In Kubernetes... Read More →

Jordan Liggitt

Software Engineer, Google

Jordan Liggitt is a software engineer at Google, and helps lead Kubernetes authentication, authorization, and API server efforts.

Intro to Kubernetes Sig Architecture Subprojects pdf

Tuesday November 19, 2019 4:25pm - 5:00pm PST
Room 33ABC - San Diego Convention Center Upper Level

Experience Level Any
Session Slides Included Yes

4:25pm PST

Intro: CNCF CI - Lucina Stricko & Denver Williams, Vulk Coop

The CNCF CI status dashboard -- cncf.ci -- provides a third party validation of builds, deployments and end-to-end testing for CNCF’s Graduated and Incubating projects. The CNCF CI status dashboard continually validates each CNCF project, for any commit on stable and head, running on Kubernetes clusters which are provisioned to a bare metal environment. The results of each testing stage are published to the cncf.ci status dashboard. An Intro session will give an overview of the cncf.ci status dashboard’s key features, goals, technologies used, and allow time for Q&A.

Speakers

Denver Williams

Project Co-Lead, cncf.ci, Vulk Coop & CNCF

Lucina Stricko

Sr. Product Owner, Vulk Coop

Lucina Stricko is a co-owner at Vulk Co-operative (vulk.coop), maintainer of the Cloud Native Network Function (CNF) Certification Program (https://www.cncf.io/certification/cnf/) and the CNF Test Suite (https://github.com/cncf/cnf-testsuite), and contributor to the CNF Working Group. Lucina uses her Product Owner skills and empathy to combine features, priorities, and project plans to best serve the end user. When Lucina’s not creating GitHub issues, prioritizing backlogs or planning new features, she enjoys practicing... Read More →

[KubeCon NA 2019] Intro cncf.ci (1) pdf

Tuesday November 19, 2019 4:25pm - 5:00pm PST
Room 7AB - San Diego Convention Center Upper Level

Experience Level Any
Session Slides Included Yes

4:25pm PST

Intro: Kubernetes SIG Apps - Adnan Abdulhussein, VMware & Matt Farina, Samsung SDS

Kubernetes SIG Apps covers developing, deploying, and operating applications on Kubernetes with a focus on the application developer and application operator experience. In this session we will focus on the Workloads API (e.g. Deployments, StatefulSet, DaemonSet, Job etc.), the Application CRD, and the supporting elements to make application developers and operators successful with Kubernetes. That includes using the Kubernetes API to run your workloads and leveraging Kubernetes resources to develop Kubernetes native applications.

Speakers

Matt Farina

Distinguished Engineer, SUSE

Adnan Abdulhussein

Software Engineer, VMware

Adnan Abdulhussein is a Software Engineer at VMware (previously at Bitnami), where he works on building tools to make apps easier to run on Kubernetes. He contributes to the Kubernetes community as a co-chair of SIG-Apps and a core maintainer of the Helm project. Adnan is passionate... Read More →

SIG Apps Intro pdf

Tuesday November 19, 2019 4:25pm - 5:00pm PST
Room 31ABC - San Diego Convention Center Upper Level

Experience Level Any
Session Slides Included Yes

4:25pm PST

Intro: OpenEBS - Amit Kumar Das & Vishnu Itta, MayaData

Recently OpenEBS was accepted as a CNCF sandbox project. OpenEBS is a block storage provider that is built on top of Kubernetes APIs as well as extends these APIs to let end users have granular control on persistent storage decisions. We welcome communities to join us and make innovations in Container Attached Storage space. In this talk, Amit Das & Vishnu Itta, the core maintainers of OpenEBS will share the background and design principles behind OpenEBS. Through real life use cases, Amit and Vishnu will share the experiences of various OpenEBS users on solving their persistent needs on Kubernetes environments ranging from home grown labs to managed cloud platforms to on premise solutions and other hybrids.

Speakers

Amit Kumar Das

Director Of Engineering, MayaData

Amit is the director of engineering at MayaData, where he works on various open source projects including OpenEBS and MetaController. In his earlier days, he was a contributor to openstack cinder and apache cloudstack projects. When not writing code or talking about it, Amit loves... Read More →

Vishnu Itta

Director Of Engineering, MayaData

Developer who always eager to learn, loves math, algorithms and programming. Have good experience in storage protocols, ZFS, FreeBSD internals, Linux, device drivers. Enjoys playing Table Tennis and doing travel.

KubeCon '19 Intro OpenEBS pdf

Tuesday November 19, 2019 4:25pm - 5:00pm PST
Room 1AB - San Diego Convention Center Upper Level

Experience Level Any
Session Slides Included Yes

4:25pm PST

Kubernetes SIG Instrumentation - Intro - Frederic Branczyk, Red Hat & Piotr Szczesniak, Google

Kubernetes SIG Instrumentation is responsible for ensuring high quality and consistent instrumentation across the Kubernetes project. This intro session will give an overview of the efforts the SIG Instrumentation has worked on in the past and is currently working on. Software engineering and operations are both disciplines practiced in SIG Instrumentation, and any experience will help the special interest group's mission. Join this session to learn how to get involved in SIG Instrumentation to make instrumentation even better!

Speakers

Frederic Branczyk

Founder, Polar Signals

Frederic is the founder of Polar Signals. Before, he was a senior principal engineer and the main architect for all things Observability at Red Hat, which he joined through the CoreOS acquisition. Frederic is a Prometheus and Thanos maintainer and tenured as the tech lead for for... Read More →

Piotr Szczesniak

Engineering Manager, Google

Piotr is Engineering Manager working at Google since 2014. He works on GKE/Kubernetes for 8+ years, joining the project in its early days and was priviliged to observe its incredible growth from the front row. Piotr leads Kubernetes/GKE Networking teams in Warsaw office. Formerly... Read More →

Tuesday November 19, 2019 4:25pm - 5:00pm PST
Room 6E - San Diego Convention Center Upper Level

Experience Level Any

4:25pm PST

Understanding and Troubleshooting the eBPF Datapath in Cilium - Nathan Sweet, DigitalOcean

The advent of eBPF (extended Berkeley Packet Filters) has contributed significantly to container networking progress. However, the tooling for diagnosing and troubleshooting eBPF issues is nascent, and most members of the K8s and Linux communities are unfamiliar with it.

This talk will help demystify eBPF and cover its history. We'll present the default network datapath of the Linux kernel and contrast it in depth with how various eBPF program types diverge from this datapath. In addition, we'll match up the ways in which cilium implements various CNI and K8s constructs/objects with their eBPF program type, so that you'll be able to identify the right troubleshooting methods easily. Finally, we'll match appropriate methods and tools to the various eBPF program types.

Speakers

Nathan Sweet

Senior Software Engineer, DigitalOcean

Nathan Sweet is a Senior Software Engineer at DigitalOcean that works on the managed Kubernetes team. He has been working on managed cloud products for the past 5 years, and managed Kubernetes products for the past 3 years. He focuses specifically on system and network performance... Read More →

eBPF and the Cilium Datapath pdf

Tuesday November 19, 2019 4:25pm - 5:00pm PST
Room 15AB - San Diego Convention Center Mezzanine Level

KubeCon 2019 Scaling Kubernetes to Thousands of Nodes pdf

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

4:25pm PST

Scaling Kubernetes to Thousands of Nodes Across Multiple Clusters, Calmly - Ben Hughes, Airbnb

In under a year, Airbnb went from 600 Kubernetes nodes across a couple handcrafted clusters to over 5000 nodes on tens of clusters. Successful adoption of Kubernetes by services led to more and faster adoption leading to challenges of scale. Facing this, Airbnb switched to a multiple production cluster architecture to get around single cluster scalability limits and ensure ample capacity for services.

This process increased the consistency of the cluster configurations while reducing manual operations. This talk will discuss the problems that were faced during scaling, the shape of the solutions, specific approaches that worked well (and didn’t), and how this was accomplished without a drastic shift away from existing pre-Kubernetes infrastructure tooling. A key result was reducing the time to create a new, production-ready cluster from over a week to under an hour.

Speakers

Ben Hughes

Software Engineer, Airbnb

Ben Hughes has worked on database scaling, Ruby and Node.js performance, incident response, and Kubernetes at Airbnb. He has previously spoken about [Scaling Airbnb](https://www.oreilly.com/library/view/velocity-conference-new/9781491900406/video191370.html) at VelocityConf NY, [Alerting](https://www.youtube.com/watch?v=MYmVu_IMC20... Read More →

Tuesday November 19, 2019 4:25pm - 5:00pm PST
Ballroom Sec 20CD - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

4:25pm PST

Extending containerd - Samuel Karp & Maksym Pavlenko, Amazon

containerd, a graduated CNCF project, is a widely used container runtime that provides core functionality for Docker. containerd was designed to be small and simple, but also very modular and extensible. This talk covers the architecture of containerd, explains the responsibilities of each component, and dives deep into containerd’s facility for extension. We’ll cover the individual gRPC services that make up containerd and show how they can be extended with proxy plugins, Go plugins, process interfaces (OCI runtimes and process-based logging), thick client implementations, and build-your-own containerd for compiled-in extension. These extension mechanisms can be shown with simple examples and real-world use in the firecracker-containerd project.

Speakers

Samuel Karp

Senior Software Development Engineer, Amazon Web Services

Samuel Karp is a Senior Software Development Engineer at AWS working on containers and helping to build core components behind AWS Fargate, Amazon EKS, and Amazon ECS. Sam has been a contributor to Docker/Moby since 2015 and to containerd since 2017, and is currently building the... Read More →

Maksym Pavlenko

Software Development Engineer, Amazon Web Services

Maksym Pavlenko is a Software Development Engineer at AWS working on containers and helping to build core components behind AWS Fargate, Amazon EKS, and Amazon ECS. Maksym is a maintainer in containerd, and is currently building the firecracker-containerd project to run containers... Read More →

extending containerd kubecon pdf

Tuesday November 19, 2019 4:25pm - 5:00pm PST
Room 5AB - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

4:25pm PST

Panel: Control Plane vs Data Plane: Untangling the Tenets of Multitenancy - Tasha Drew, VMware; Sanjeev Rampal, Cisco; Ryan Bezdicek, Cray Inc.; Adrian Ludwin, Google; & Fei Guo, Alibaba

Virtually every organization over a certain size wants to be able to share their clusters between different sets of users. As a result, the Multi-tenancy Working Group is seeing increasingly high demand for higher-level features to support Kubernetes multi-tenancy. Unfortunately, each organization has different and often unspoken assumptions about what tenancy means to them, so different use cases and needs often get conflated. In this discussion, our panelists will share their proposals for the principles of multi-tenancy, according to both the type of concerns (control plane vs data plane) as well as the type of tenants (such as dev teams, production teams and third-party users).

Speakers

Tasha Drew

Senior Director, xLabs, VMware

Sanjeev Rampal

Principal Engineer, Cisco

Sanjeev Rampal, PhD, is a Principal Engineer in the Cloud Platforms and Solutions group at Cisco Systems where he works on the Cisco Container Platform, an enterprise multi-cloud platform based on Kubernetes and cloud native technologies. He has over 20 years of experience in development... Read More →

Ryan Bezdicek

Principle Software Engineer, Twilio

Ryan Bezdicek is a Principal Software Engineer on Twilio's K8s Platform Team

Adrian Ludwin

Senior Software Engineer, Google

Adrian is a software engineer on the Google Kubernetes Engine (GKE) in Kitchener, Ontario, and created the Hierarchical Namespace Controller (HNC). Before Google, he was a developer at Intel’s Programmable Solutions Group (formerly Altera) in Toronto, and specialized in parallel... Read More →

Fei Guo

Senior Staff Engineer, Alibaba

Fei Guo is currently a senior staff engineer in Alibaba Container Platform Group. He has more than 10 years of experience in compute resource management and performance optimization for virtualized and containerized environments. His work focuses on providing workload automation and... Read More →

Tuesday November 19, 2019 4:25pm - 5:00pm PST
Room 29ABCD - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)

4:25pm PST

KubeFlow’s Serverless Component: 10x Faster, a 1/10 of the Effort - Orit Nissan-Messing, Iguazio

Serverless simplifies data science by automating the process of code to container and enables users to add instrumentation and auto-scaling with minimum overhead. However, serverless has many limitations involving performance, lack of concurrency, lack of GPU support, limited application patterns and limited debugging possibilities. Orit Nissan-Messing will introduce Nuclio, a KubeFlow open source component which is 10x faster when compared to alternatives at a 1/10 of the effort. She will explain how to use Nuclio to extend KubeFlow pipelines, accelerating and automating each step of the workflow. This includes parallel processing, automated code building/deployment, stream processing and artifact tracking. Orit will demonstrate how to achieve devops automation involving auto-scaling, automated logging and monitoring, security hardening, CI/CD and workload mobility.

Speakers

Orit Nissan-Messing

VP R&D, Iguazio

Orit Nissan-Messing has vast experience in cloud architectures, storage, AI and big data. Prior to Iguazio, Orit was Chief Architect at XIV (acquired by IBM) and held management roles in various companies from startups to corporations. Orit is a CNCF contributor and a member of the... Read More →

Serverless Kubeflow Orit NM pdf

Tuesday November 19, 2019 4:25pm - 5:00pm PST
Room 6F - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

4:25pm PST

Panel: Is Service Mesh Ready for Edge-Native Applications? - Wendy Cartee, Ramki Krishnan, VMware; Srini Addepalli, Intel; Parveen Patel, Google; & Ravi Chunduru, Verizon

Edge deployments, in contrast to large public clouds, pose interesting demands since they are physically insecure & capacity constrained. Also, Edge Computing Apps such as AR-VR, have low-latency characteristics with RTT typically few msec and pose further demands to edge deployments.

Edge Computing Apps like to use Service Meshes (SM) such as Istio/Envoy, Linkerd etc. to offload infrastructure related activities such as security.

In this panel, we first examine the unique challenges in using SM technologies for Edge Computing Apps - especially the additional latency and resource usage to due to Kernel Networking. Next, we will explore software techniques such as Kernel Bypass, QUIC as an alternative to TCP/IP etc. to alleviate the performance bottlenecks introduced by SM technologies including early results. Last, we will touch upon hardware acceleration techniques for the above.

Speakers

Ramki Krishnan

Lead Technologist, Open Source, VMware

Ramki, with 20+ years of industry experience, has a deep understanding of various technologies and strong business acumen to lead and transform innovation into customer-winning products. Currently, at VMware, he is responsible for Telco/Enterprise open source technology vision, strategy... Read More →

Wendy Cartee

Senior Director of Marketing, VMware

Wendy Cartee is senior director of product marketing for service mesh, cloud and container networking at VMware. She works on products and open source projects to drive enterprise user adoption. Wendy has been in open source for over a decade and helped form the Linux Foundation’s... Read More →

Srinivasa Addepalli

Sr. Principal Engineer, Intel Corporation

Srini Addepalli is a Sr. Principal Engineer in NEX/NPG business unit of Intel Corporation. He is one of the principal architects of networking, security & Edge technologies for the Network Function Virtualization/Containerization (NFV/NFC) and Software Defined Networks (SDN). Srini... Read More →

Ravi Chunduru

Associate Fellow, Verizon

Ravi Chunduru is a Senior Architect at Verizon responsible for Product strategy and thought leadership in the domain of Virtual Network Services and MEC solutions. Ravi has been a key player in conceptualizing and delivering various products at Verizon such as VNS Application Edge... Read More →

Parveen Patel

Senior Director Engineering, Google Cloud

Parveen Patel is Senior Director of Engineering at Google Cloud. Parveen leads the Host Networking team responsible for building high-performance networking and distributed systems. These systems enable a wide range of Google workloads such as Google Search and Ads, YouTube and Google... Read More →

service mesh edge native panel v3 pdf

Tuesday November 19, 2019 4:25pm - 5:00pm PST
Room 14AB - San Diego Convention Center Mezzanine Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

4:25pm PST

How to Backup and Restore Your Kubernetes Cluster - Annette Clewett & Dylan Murray, Red Hat

Operating Kubernetes clusters introduces many new practices, but does not change the need to be able to backup and recover your applications and data. Yet traditional methods of server backup work poorly with Kubernetes clusters. How can you make sure your cluster is protected? How can persistent data get saved in a manner so there is minimal or no corruption to the application if recovery is required?

In this session we will explore how to use open-source disaster recovery tools you can use today such as Velero and Restic. We’ll also discuss how to use the Noobaa S3 API to reliably save and store backups for all resources including snapshots housed in Rook-Ceph. To prove this is not just smoke and mirrors, we will demonstrate in a live Kubernetes cluster deleting everything in a namespace and then continue on to show complete recovery of all resources and data.

Speakers

Annette Clewett

Principal Architect, Red Hat

Red Hat Storage Architect with broad knowledge across a spectrum of technologies – network, storage, virtual, and platform. Have successfully delivered countless studies that improved end-user experience and created a more efficient and available infrastructure. Current projects... Read More →

Dylan Murray

Senior Software Engineer, Red Hat

Red Hat Software Engineer

How to Backup and Recover Your Kubernetes Cluster pdf

Tuesday November 19, 2019 4:25pm - 5:00pm PST
Ballroom Sec 20AB - San Diego Convention Center Upper Level

Experience Level Beginner (Very basic information)
Session Slides Included Yes

5:21pm PST

Keynote: Opening Remarks - Bryan Liles, KubeCon + CloudNativeCon North America 2019 Co-Chair & Senior Staff Engineer, VMware

Speakers

Bryan Liles

Senior Staff Engineer, VMware

Tuesday November 19, 2019 5:21pm - 5:21pm PST
Exhibit Hall AB - San Diego Convention Center Ground Level

5:21pm PST

Keynote: Kubernetes Project Update - Vicki Cheung, KubeCon + CloudNativeCon North America 2019 Co-Chair & Engineering Manager, Lyft

Speakers

Vicki Cheung

Staff Software Engineer, Lyft

1 Vicki Cheung NEW tues pm.pptx pdf

Tuesday November 19, 2019 5:21pm - 5:41pm PST
Exhibit Hall AB - San Diego Convention Center Ground Level

Session Slides Included Yes

5:41pm PST

Sponsored Keynote: Modernizing Virtualization Technology for Cloud Native Computing - Arjan van de Ven, Intel Fellow, Intel

Fifteen years of virtualized system software has led increasingly powerful capabilities, from containers to FaaS stacks, offering increasing levels of density and agility to application developers. These modern solutions, however, build on top of legacy layers that predate cloud computing as we now know it. Rethinking and reinventing these lower layers of the system stack can offer even greater improvements in density, performance, and security.

One such example is at the VMM layer, which commonly depends on software that includes emulation and other unnecessary features. The rust-vmm project provides an alternative approach: a toolkit to build workload-specific virtual machine monitors. This keynote will discuss new developments in that project, from support of lightweight virtual machines to FaaS, and why you’d want to use different VMMs for these different delivery models.

Speakers

Arjan van de Ven

Intel Fellow, Intell

Arjan van de Ven is an Intel Fellow as well as Linux and data-centric software architect in SystemSoftware Products at Intel Corp. He drives pathfinding and advanced engineering includingperformance, security, and secure containers. Van de Ven’s passion is addressing the seeminglyimpossible... Read More →

2 ArjanVanDeVin Intel.pptx pdf

Tuesday November 19, 2019 5:41pm - 5:46pm PST
Exhibit Hall AB - San Diego Convention Center Ground Level

Session Slides Included Yes

5:46pm PST

Keynote: (Open)Telemetry Makes Observability Simple - Sarah Novotny, Open Source Wonk, Azure OCTO, Microsoft & Liz Fong-Jones, Principal Developer Advocate, Honeycomb.io

Observability is a fundamental requirement for sustainably developing and operating cloud native applications. It must be accessible to a diversity of users and support a robust ecosystem of tooling around these common needs.

Liz and Sarah explain how OpenTracing and OpenCensus merging benefits the entire cloud native ecosystem. With OpenTelemetry, users and vendors alike can focus on distilling insights out of their data rather than duplicating instrumentation work. Sarah and Liz will show the progress so far, integrations with peer CNCF projects, and how you can participate!

Speakers

Liz Fong-Jones

Field CTO, Honeycomb

Liz is a developer advocate, labor and ethics organizer, and Site Reliability Engineer (SRE) with 18+ years of experience. She is currently the Field CTO at Honeycomb, and previously was an SRE working on products ranging from the Google Cloud Load Balancer to Google Flights.

Sarah Novotny

Director of Open Source Ecosystem, Microsoft

Sarah Novotny has long been an Open Source champion in projects such as Kubernetes, NGINX and MySQL. She is part of the Microsoft Azure Office of the CTO, sits on the Linux Foundation Board of Directors, previously led an Open Source Strategy group at Google and ran large scale technology... Read More →

3 Sarah and Liz 2NEW V3.pptx pdf

Tuesday November 19, 2019 5:46pm - 6:06pm PST
Exhibit Hall AB - San Diego Convention Center Ground Level

Session Slides Included Yes

6:06pm PST

Sponsored Keynote: Beyond Badges—How Inclusive Communities Accelerate Innovation - Kostadis Roussos, Principal Engineer, VMware

This talk is an expression of gratitude. The energy and innovation of this community is transforming our company. Our first forays into the world of containers were inward-looking and produced some false starts. As we have engaged more with the community around Kubernetes, you have flipped our perspective from infrastructure up to developer down.

Now we’re moving with the ecosystem and making our biggest technology bet in a decade—embedding Kubernetes in our flagship product, vSphere. Kubernetes has the power to be a uniting force for IT operators and developers, and this community is the catalyst.

Speakers

Kostadis Roussos

Principal Engineer, VMware

Kostadis Roussos (he/him) is a Principal Engineer at VMware, working on vCenter since 2015. His current major effort is the integration of K8s into vSphere, recently announced as Project Pacific. Before VMware, Roussos was Chief Engineer at Zynga where he led the AppOps/DevOps... Read More →

4 Kostadis Roussos.pptx pdf

Tuesday November 19, 2019 6:06pm - 6:11pm PST
Exhibit Hall AB - San Diego Convention Center Ground Level

Session Slides Included Yes

6:11pm PST

Keynote: Reflections - Kelsey Hightower, Staff Developer Advocate, Google

Reflecting on KubeCon + CloudNativeCon from the beginning to where we are now.

Speakers

Kelsey Hightower

Distinguished Software Engineer

Kelsey Hightower has worn every hat possible throughout his career in tech, and enjoys leadership roles focused on making things happen and shipping software. Kelsey is a strong open source advocate focused on building simple tools that make people smile. When he is not slinging Go... Read More →

Tuesday November 19, 2019 6:11pm - 6:23pm PST
Exhibit Hall AB - San Diego Convention Center Ground Level

6:25pm PST

Keynote: CNCF Maintainer + Ambassador Awards

6 CNCF Community Awards 2019.pptx pdf

Tuesday November 19, 2019 6:25pm - 6:35pm PST
Exhibit Hall AB - San Diego Convention Center Ground Level

Session Slides Included Yes

6:35pm PST

Keynote: Closing Remarks - Bryan Liles, KubeCon + CloudNativeCon North America 2019 Co-Chair & Senior Staff Engineer, VMware

Speakers

Bryan Liles

Senior Staff Engineer, VMware

Tuesday November 19, 2019 6:35pm - 6:40pm PST
Exhibit Hall AB - San Diego Convention Center Ground Level

6:40pm PST

Taco Tuesday Welcome Reception + Sponsor Booth Crawl, sponsored by SAIC

Holy guacamole - this may turn out to be the most specTACOlar booth crawl yet! Don’t miss a night of fun and games with new and old friends, sponsor conversations, and entertainment all while enjoying fantasTACO south of the border favorites.

Tuesday November 19, 2019 6:40pm - 8:40pm PST
Sails Pavilion + Ballroom 6AB - San Diego Convention Center Upper Level

6:40pm PST

Puppy Pawlooza / Paw Therapy

We are excited to bring Puppy Pawlooza / Paw Therapy to KubeCon+CloudNativeCon North America 2019 and have partnered with the San Diego Humane Society & Love on a Leash to bring some of these amazing therapy dogs to interact with attendees throughout.

The San Diego Humane Society offers a wide range of programs and services that strengthen the human-animal bond, prevent cruelty/neglect, provide medical care, educate the community on the humane treatment of animals, and provide services for families needing assistance keeping their pets.

Tuesday November 19, 2019 6:40pm - 8:40pm PST
Sponsor Showcase, Sails Pavillion - San Diego Convention Center Upper Level

Experience Level Any

6:15am PST

Group Fun Run

Wednesday November 20, 2019 6:15am - 6:30am PST
Grand Staircase, Outside Hall D - San Diego Convention Center

Experience Level Any

7:30am PST

The New Stack Pancake Breakfast: Microservices Security with Service Mesh - sponsored by VMware

Seating availability limited and on a first-come-first-serve basis. This event tends to fill up fast, so get in line early to secure your spot.

It’s time for pancakes in San Diego! Come have a short stack with The New Stack for a Q&A with our expert panelists about the issues and options for managing identity in service mesh environments. Cloud native security and how it affects the pace of enterprise adoption will be the mainstay of our conversation for this latest stop on the pancake breakfast circuit.

Moderators

Joab Jackson

Reporter, The New Stack

Alex Williams

Founder and Publisher, The New Stack

Speakers

Lita Cho

Software Engineer, Lyft

Lita is a senior software engineer on the Networking team, building out the service mesh to handle both Kubernetes and legacy systems at Lyft. Before that, she worked on building out the API infrastructure using Protocol Buffers, creating systems that would generate code and bring... Read More →

Fuyuan Bie

Software Engineer, Pinterest

Fuyuan is a software engineer from Pinterest. He dedicates most of his time on modernizing Pinterest services infrastructures with service mesh.

Ines Envid

Group Product Manager, Google

Ines is a Group Product Manager at Google and leads the product team for Google Cloud networking, including Virtual Private Cloud, network security, hybrid and Anthos networking. Ines has launched over the last 5 years at Google Cloud, multiple solutions for VPC, network security... Read More →

Wei Fu

Engineering Manager, Uber

Wei Fu is an accomplished software engineer with over 10 years of comprehensive experience in software architecture, design, coding and testing. She has strong skills in large-scale distributed system, identity and security problem solving, and can deliver enterprise-grade software... Read More →

Pere Monclus

CTO Networking & Security Business, VMware

Pere Monclus is the CTO in the Networking and Security Business Unit at VMware. Pere is responsible for defining strategy and leading an innovation team driving the evolution of networking in the currentcloud native application and multi-cloud world. Before that, he was the CTO and... Read More →

Wednesday November 20, 2019 7:30am - 8:45am PST
Room 2 - San Diego Convention Center Upper Level

Experience Level Any

7:30am PST

Continental Breakfast (Main Conference Venue)

Wednesday November 20, 2019 7:30am - 9:00am PST
Foyer A & B - San Diego Convention Center Ground Level

7:30am PST

Registration + Badge Pick-up at San Diego Convention Center (Main Conference Venue)

Wednesday November 20, 2019 7:30am - 6:00pm PST
Foyer A & B - San Diego Convention Center Ground Level

8:00am PST

Quiet Room

Wednesday November 20, 2019 8:00am - 6:00pm PST
Room 13 - San Diego Convention Center Mezzanine Level

9:00am PST

Keynote: Opening Remarks - Bryan Liles, KubeCon + CloudNativeCon North America 2019 Co-Chair & Senior Staff Engineer, VMware

Speakers

Bryan Liles

Senior Staff Engineer, VMware

Wednesday November 20, 2019 9:00am - 9:03am PST
Exhibit Hall AB - San Diego Convention Center Ground Level

9:05am PST

Keynote: Everything Worked Before Kubernetes - Vicki Cheung, KubeCon + CloudNativeCon North America 2019 Co-Chair & Engineering Manager, Lyft

Speakers

Vicki Cheung

Staff Software Engineer, Lyft

1 Vicki FINAL.pptx pdf

Wednesday November 20, 2019 9:05am - 9:25am PST
Exhibit Hall AB - San Diego Convention Center Ground Level

Session Slides Included Yes

9:27am PST

Sponsored Keynote: Network, Please Evolve – Chapter 2 - Vijoy Pandey, Vice President/CTO Cloud, Cisco

Connectivity, security, and observability are critical to developer productivity and application velocity. The Network Service Mesh (or NSM) Project attempts to simplify how multi-cluster networking is consumed in Kubernetes by extending the core concepts that are already familiar to the K8s community. This talk will demonstrate how easy it is becoming for developers to consume networking via NSM, when we change our 35-year old view of IP networking.

Speakers

Vijoy Pandey

Vice President, Engineering for Emerging Technologies and Incubation, Cisco

Vijoy Pandey is Vice President, Emerging Technologies and Incubation (ET&I) at Cisco. ET&I is chartered to create and drive the next Bold Bets for Cisco in an agile, ambitious, and entrepreneurial manner. Vijoy runs both engineering and a global framework of customer-focused co-innovation... Read More →

2 Vijoy Pandey NEW.pptx pdf

Wednesday November 20, 2019 9:27am - 9:32am PST
Exhibit Hall AB - San Diego Convention Center Ground Level

Session Slides Included Yes

9:34am PST

Keynote: The Long Road to IPv4/IPv6 Dual-stack Kubernetes - Tim Hockin, Principal Software Engineer, Google & Khaled (Kal) Henidak, Principal Software Engineer, Microsoft Azure

Prepare yourself - IPv4/IPv6 dual-stack Kubernetes is almost here! In this session, we will share the journey of how this enhancement has progressed over the years and how the community has banded together to land such a massive change that touches almost every part of Kubernetes. We will also cover the new opportunities that dual-stack provides to the Kubernetes ecosystem including larger cluster size, IoT edge and even dual-stack enabled hosted environments.

Speakers

Tim Hockin

Distinguished Engineer, Google

Tim has spent most of his career at Google, where he works on Kubernetes and Google Kubernetes Engine (GKE). He is one of the technical leads of the Kubernetes project, and has been part of it since before it was publicly announced. He mostly pays attention to topics like APIs, networking... Read More →

Khaled (Kal) Henidak

Principal Software Engineer, Microsoft Azure

Kal is a Software Engineer at Azure. Kal enjoys working on core compute and networking projects. He loves them almost as much as he does coffee.

3 Tim Hockin Kal Henidak.pptx pdf

Wednesday November 20, 2019 9:34am - 9:54am PST
Exhibit Hall AB - San Diego Convention Center Ground Level

4 Rae Wang Google Cloud Making the impossible possible with K8s pdf

Session Slides Included Yes

9:54am PST

Sponsored Keynote: Making the Impossible Possible with Kubernetes - Rae Wang, Group Product Manager, Google Cloud

At KubeCon + CloudNativeCon Europe in Barcelona earlier this year, we saw physicists from CERN recreate an incredible feat of engineering identifying the Higgs boson with Kubernetes. Around the world, every day, Kubernetes and open source tools built on top of it are transforming the impossible into the possible. In this presentation, we share some of those stories.

Speakers

Rae Wang

Group Product Manager, Google Cloud

Rae is a Group Product Manager at Google and leads the product team for GCP Identity, Config and Policy Management. Passionate about helping enterprise customers adopt Cloud and OSS tools, Rae has launched products in security, CI/CD, cost management and config management. She has... Read More →

Wednesday November 20, 2019 9:54am - 9:59am PST
Exhibit Hall AB - San Diego Convention Center Ground Level

Session Slides Included Yes

9:59am PST

Keynote: E2E 5G Cloud Native Network - Heather Kirksey, VP, Community and Ecosystem Development, Linux Foundation; Azhar Sayeed, Chief Architect, Red Hat; & Fu Qiao, Project Manager, China Mobile

It’s no secret that Kubernetes has gained significant traction in the cloud and enterprise software ecosystem, but less widely known is how this momentum is now moving into global telco networks as the next major area of adoption. Building on the momentum from a live keynote demo In Amsterdam last fall (See the demo here: https://www.youtube.com/watch?v=ClQ7nBKfL5I&t=385s), a team made up of volunteers from several project communities, companies, and network operators has taken a cloud native approach to developing an E2E 5G network demonstration built on open source infrastructure. The demo will use a live prototype running in labs around the world using k8s and other open source technologies to deliver a fully containerized 5G network on stage in San Diego. The demo will showcase both how the telecom industry is using cloud native software to build out their next gen networks, and also show solution providers what’s possible in this exciting new space.

Speakers

Heather Kirksey

Vice President of NFV, The Linux Foundation

Heather Kirksey works with the community to advance the adoption and implementation of open source NFV platforms.Before joining The Linux Foundation, she led strategic technology alliances for MongoDB. Earlier in her career she held various leadership positions in the telecom industry... Read More →

Fu Qiao

Project Manager, China Mobile

Qiao Fu is a project manager at China Mobile Research Institute, working on research of network technology. Qiao Fu is responsible for the China Mobile National Experiment Network of NFV, and is also engaged in technical research of edge cloud, hardware acceleration and NFV system... Read More →

Azhar Sayeed

Sr. Director, Solution Architecture, Red Hat

Azhar Syeed is the global solution architect for Telco (5G) for RH. He has decades of experience with networking and telcos. Azhar was instruemental in our current startegy of OCP on BM for Telcos

5 HEATHER KIRKSEY V3.pptx pdf

Wednesday November 20, 2019 9:59am - 10:24am PST
Exhibit Hall AB - San Diego Convention Center Ground Level

Session Slides Included Yes

Senior Staff Engineer, VMware

Wednesday November 20, 2019 10:24am - 10:25am PST
Exhibit Hall AB - San Diego Convention Center Ground Level

10:25am PST

Coffee Break

Wednesday November 20, 2019 10:25am - 10:55am PST
Sponsor Showcase, Sails Pavillion - San Diego Convention Center Upper Level

10:25am PST

Sponsor Showcase

Wednesday November 20, 2019 10:25am - 5:20pm PST
Sails Pavilion + Ballroom 6AB - San Diego Convention Center Upper Level

Sponsor Showcase

10:55am PST

Are You About to Break Prod? Acceptance Testing with Ephemeral Environments - Erin Krengel, Pulumi & Sean Holung, Nordstrom

How confident are you that the changes you’re about to make won’t break production? In a world of Continuous Delivery, we need to be prepared for the fact that our code is going to production. K8s makes it easy to quickly deploy applications, so building pipelines with robust quality gates is vital. There’s a lot of emphasis on this, yet how to create a solid deployment strategy isn’t clearcut.

Erin and Sean will demonstrate a pattern for acceptance testing complex architectures, which verifies a K8s app properly interacts with its infrastructure. Leveraging ephemeral environments, these tests will validate as well as document the app’s business and functional requirements.

Utilizing infrastructure as code and K8s Jobs, they will demo how to create a comprehensive acceptance test suite that allows you to continuously deploy to production.

Speakers

Erin Krengel

Software Engineer, Pulumi

Erin is a Software Engineer at Pulumi, where she works on their SaaS product. Previously she worked at Nordstrom on number of DevOps teams responsible for Go microservices, their infrastructure, CI/CD pipelines and production support. Most recently, she developed and architected key... Read More →

Sean Holung

Software Engineer, Nordstrom

Sean is a Software Engineer at Nordstrom where he works on their event-driven Order Management System. Prior to Nordstrom, Sean worked as a Software Engineer at CenturyLink Cloud. There he worked on their internal monitoring product used to monitor infrastructure and applications... Read More →

KubeCon Are you about to break prod pdf

Wednesday November 20, 2019 10:55am - 11:30am PST
Ballroom Sec 20CD - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

10:55am PST

How Spotify Migrated Ingress HTTP Systems to Envoy - Erica Manno & Vladimir Shakhov, Spotify

Erica and Vladimir are on the team responsible for perimeter systems that sit between Spotify’s clients and its backend services. They started unifying those systems from a range of different technologies and protocols to a solution based on Envoy proxies and a unified control plane.

This talk introduces Spotify’s vision for the next-gen perimeter. However, it will mainly focus on the migration of all HTTP ingress traffic, handled by a brittle, custom Nginx/HAProxy setup to an Envoy-based solution.

The speakers will discuss how they’re migrating multiple high volume web services, serving millions of requests/sec, with minimum disruptions and zero-downtime for the feature teams that maintain Spotify’s backend services.

This talk will also illustrate how Spotify’s engineering culture of loosely coupled but highly aligned teams has informed the decisions taken during the migration.

Speakers

Erica Manno

Senior Engineer, Spotify

Erica Manno is a Software Engineer on Spotify's Infrastructure and Operations department in Stockholm, Sweden. Her team maintains and operates critical infrastructure that handles all ingress and egress traffic at the edge of Spotify's network. Apart from that Erica is a dedicated... Read More →

Vladimir Shakhov

Software engineer, Spotify

Vladimir is a software engineer. He works on Spotify's Infrastructure and Operations team in Stockholm, mainly focused on clients to backend messaging. Vladimir previously worked at Yandex, where he helped develop task tracking product offering. He is a geek and has a dog.

EnvoySpotifyPerimeter pdf

Wednesday November 20, 2019 10:55am - 11:30am PST
Exhibit Hall AB - San Diego Convention Center Ground Level

Experience Level Beginner (Very basic information)
Session Slides Included Yes

10:55am PST

A Series of Fortunate CloudEvents - Ian Coffey, Salesforce

Serverless and Eventing are two ultra-popular areas of tech right now, describing a broad set of ideas and capabilities that can service a range of possible systems. We are told that these concepts will expand and help define the next generation of web services.

That’s all well and good, but what is really going on inside these systems? What technology do those terms rely on and what does an Eventing workflow look like under the hood? Given the complexity and size of these projects’ codebases, it can be difficult to drill down and see what’s happening on a micro scale.

Together, we will discuss, operate and modify a running distributed system built with CloudEvents and Knative Eventing. The system will be based around the concept of an automated conversation between kubernetes services.

Speakers

Ian Coffey

OSS ML Engineer, VMware

Ian Coffey has been in the platform and infrastructure business for 16 years and currently works on open source machine learning software at VMware. Away from work, Ian’s free time is usually spent adventuring with his wife and two little girls. He has an affinity for old amps and... Read More →

AFSOCE export pdf

Wednesday November 20, 2019 10:55am - 11:30am PST
Room 5AB - San Diego Convention Center Upper Level

CI/CD

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

10:55am PST

A Week in the Life of the Kubernetes Community - Dawn Foster, Pivotal & Jorge Castro, VMware

You’re new to Kubernetes and interested in contributing, but when you start poking through the community pages, you find a bunch of SIGs and so many meetings. What’s a SIG? Where should you start? Which meetings should you attend? How can you participate?

In this talk, Jorge and Dawn from SIG Contributor Experience will live out a week within the Kubernetes community by walking the audience through what happens in this busy community. As part of the day by day tour of the community, we will cover:
* Getting started and locating meeting calendars
* Finding and participating in SIGs
* Attending meetings and what to expect
* How to get involved
* Where to get help

New contributors, users interested in contributing, engineering managers whose teams are contributing, and anyone interested in learning about new ways to get involved in the Kubernetes community will benefit from attending.

Speakers

Dawn Foster

Director of Open Source Community Strategy, VMware

Dawn is the Director of Open Source Community Strategy at VMware within the Open Source Program Office. She has 20+ years of experience at companies like Intel and Puppet with expertise in community building, strategy, open source software, metrics, and more. She is passionate about... Read More →

Jorge Castro

Community Manager, VMware

Jorge is a Community Manager at VMware where he helps to support and advance the open Kubernetes ecosystem. He works in SIG Contributor Experience on the Kubernetes Office Hours, running the YouTube channel, forums admin, and a bunch of miscellaneous programs. He resides in Ann Arbor... Read More →

A Week in the Life of Kubernetes pdf

Wednesday November 20, 2019 10:55am - 11:30am PST
Room 15AB - San Diego Convention Center Mezzanine Level

Experience Level Beginner (Very basic information)
Session Slides Included Yes

10:55am PST

Practical Way to Build Kubernetes Native Java Controller - Zibo He & Min Jin, Ant Financial

The controller pattern has been proven as an effective way for managing Kubernetes workloads. However, for other languages, there are still many challenges remained in developing third-party controllers for Kubernetes. In this talk, we will discuss how to implement reflector, internal store, working queue and leader election in native Java style, and demonstrate controller runtime that makes it easier to develop Java controllers from scratch. We will also discuss different operators that we build to integrate with micro-service framework for cloud native application development.

Speakers

Tony He

Senior SW Engineer, Ant Financial

Zibo(Tony) He, Senior Engineer of Ant Financial. Tony is a co-maintainer of Kubernetes community, mainly focus on CLI, controller runtime, multi-tenancy and secure container runtime. Tony is now co-leading engineering effort on Ant Financial's Cafe Standard Product(the cloud native... Read More →

Min Jin

Software Engineer, Ant Financial

Min Jin/Kim, yue9944882, Kubernetes maintainer, subproject-owner. Actively contributing (mostly SIG API-Machinery) in the Kubernetes community for about 2 years. He is not real orange cat.

java controlller pdf

Wednesday November 20, 2019 10:55am - 11:30am PST
Pacific Ballroom, Salon 23-24 - Marriott Marquis San Diego Marina Hotel

Experience Level Beginner (Very basic information)
Session Slides Included Yes

10:55am PST

Advanced Model Inferencing Leveraging KNative, Istio and Kubeflow Serving - Animesh Singh, IBM & Clive Cox, Seldon

Model Inferencing use cases are becoming a requirement for models moving into the next phase of production deployments. More and more users are now encountering use cases around canary deployments, scale-to-zero or serverless characteristics. And then there are also advanced use cases coming around model explainability, including A/B tests, ensemble models, multi-armed bandits, etc.

In this talk, the speakers are going to detail how to handle these use cases using Kubeflow Serving and the native Kubernetes stack which is Istio and Knative. Knative and Istio help with autoscaling, scale-to-zero, canary deployments to be implemented, and scenarios where traffic is optimized to the best performing models. This can be combined with KNative eventing, Istio observability stack, KFServing Transformer to handle pre/post-processing and payload logging which consequentially can enable drift and outlier detection to be deployed. We will demonstrate where currently KFServing is, and where it's heading towards.

Speakers

Animesh Singh

Distinguished Engineer and CTO - Watson Data and AI OSS Platform, IBM

Animesh Singh is CTO and Director for IBM Watson Data and AI Open Technology, responsible for Data and AI Open Technology strategy. Creating, designing and implementing IBM’s Data and AI engine for AI and ML platform, leading IBM`s Trusted AI efforts, driving the strategy and execution... Read More →

Clive Cox

CTO, Seldon

Clive is CTO of Seldon. Seldon helps enterprises put machine learning into production. Clive developed Seldon's open source Kubernetes based machine learning deployment platform Seldon Core. He is also a core contributor to the Kubeflow and KFServing projects.

KubeCon ML Serving pdf

Wednesday November 20, 2019 10:55am - 11:30am PST
Room 17AB - San Diego Convention Center Mezzanine Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

10:55am PST

Cloud Provider OpenStack Community Session - Kendall Nelson, OpenStack Foundation & Aditi Sharma, NEC

In this session, the Cloud Provider OpenStack team will give a brief overview of OpenStack cloud integration projects, including the: * OpenStack cloud controller manager. * Cinder and Manilla storage providers. * Cluster API provider. * Keystone identity integrations. * Other provider interfaces. In addition to this overview, they will also engage the community to plan future development efforts and priorities. Both OpenStack beginners and experts are encouraged to join the session, and the community content will be tailored to fit audience interests.

Speakers

Kendall Nelson

Senior Upstream Developer Advocate, The OpenInfra Foundation

Kendall is a Senior Upstream Developer Advocate at the OpenInfra Foundation based in Minnesota. She first started working in open source in 2015 and has since evolved in focus to integrate open source projects like OpenStack and Kubernetes. When she is not bringing people into open... Read More →

aditi sharma

Software Engineer, NEC

Aditi works as a Software Enginner at NEC, She primarily works on cloud native technologies, she contributes to opensource projects like Kubernetes, OpenStack. She is also approver/reviewer for provider-openstack subproject under SIG-Cloud-Provider.

Provider OpenStack KubeCon NA 2019 pdf

Wednesday November 20, 2019 10:55am - 11:30am PST
Room 6E - San Diego Convention Center Upper Level

Experience Level Any
Session Slides Included Yes

10:55am PST

Day 2 Operations with Windows Containers - Michael Michael, VMware & Patrick Lang, Microsoft

The chairs for SIG-Windows will provide an update on the efforts to bring Windows to Kubernetes. This session will concentrate on presenting new features and capabilities as well as focus on day 2 operations and troubleshooting. We will also have a detailed discussion on our future roadmap, key functionality that we want to enable, and open the floor for Q&A with customers and members of the SIG-Windows community. Some familiarity with Windows on Kubernetes is required for the deep dive part since we will have an in-depth discussion on key features that are in the pipeline for Windows, explain their implementation and have a discussion on trade-offs with the community.

Speakers

Patrick Lang

Software Engineer, Microsoft

Patrick Lang is a Software Engineer at Microsoft building and teaching how to use Kubernetes and Windows container technologies. He is a regular speaker on Windows Server Container development and management that helped launch the tech at MS Ignite and Build conferences along with... Read More →

Michael Michael

Director of Product Management, VMware

Day 2 Operations Windows Containers pdf

Wednesday November 20, 2019 10:55am - 11:30am PST
Room 14AB - San Diego Convention Center Mezzanine Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

10:55am PST

Deep Dive: CNCF CI - W. Watson & Denver Williams, Vulk Coop

The CNCF CI status dashboard -- cncf.ci -- provides a third party validation of builds, deployments and end-to-end testing for CNCF’s Graduated and Incubating projects. The newest iteration of the cncf.ci status dashboard focuses on supporting a sustainable and scalable project ecosystem. To accelerate adding & maintaining projects on cncf.ci, the status dashboard can integrate with a project’s existing CI System and accept contributions from CNCF project maintainers. This Deep Dive session will include a walk-through of integrating a CNCF project with Travis CI to utilize the Travis CI build status and artifacts in the cncf.ci dashboard and allow time for Q&A.

Speakers

Denver Williams

Project Co-Lead, cncf.ci, Vulk Coop & CNCF

W. Watson

Principal, Vulk Cooperative

W. Watson has been professionally developing software for 30 years. He has spent numerous years studying game theory and other business expertise in pursuit of the perfect organizational structure for software co-operatives. He also founded the Austin Software Cooperatives meetup... Read More →

[KubeCon NA 2019] Deep Dive cncf.ci (1) pdf

[KubeCon NA 2019] Deep Dive cncf.ci (1) pptx

Wednesday November 20, 2019 10:55am - 11:30am PST
Room 6D - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

10:55am PST

KubeEdge Deep Dive - Sean Wang, FutureWei

KubeEdge is an open source project extending native containerized application orchestration and device management to from central cloud to Edge. It is built upon Kubernetes and provides core infrastructure support for networking, application deployment and metadata synchronization across cloud and edge. In this session, Kevin will deep dive details of KubeEdge architecture and some advanced features. The future roadmap and current pain points will also be discussed.

Speakers

Sean Wang

senior director, Futurewei

2019KubeConNA kubeedge deepdive pdf

Wednesday November 20, 2019 10:55am - 11:30am PST
Pacific Ballroom, Salon 14-15 - Marriott Marquis San Diego Marina Hotel

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

10:55am PST

KubeVirt Deep Dive: Virtualized GPU Workloads on KubeVirt - David Vossel, Red Hat & Vishesh Tanksale, NVIDIA

KubeVirt is a Kubernetes extension that supports running traditional Virtual Machine workloads side by side with containers.

In this session we will explore the architecture behind KubeVirt and how NVIDIA is leveraging that architecture to power GPU workloads on Kubernetes. Using NVIDIA’s GPU workloads as a case study, we’ll provide a focused view on how host device passthrough is accomplished with KubeVirt as well as providing some performance metrics comparing KubeVirt to standalone KVM. You’ll come away with a high level understanding of what KubeVirt is capable of and the general design principles that drive the project.

Speakers

David Vossel

Principal Software Engineer, Red Hat

Vishesh Tanksale

Sr. Software Engineer, NVIDIA

Vishesh is a Software Engineer at Nvidia. He is focussing on different aspects of enabling VM workload management on Kubernetes Cluster. He is specifically interested in GPU workloads on VMs. He is a active contributor to Kubevirt, a CNCF Sanbox Project.

KubeCon 2019 Virtualized GPU Workloads on KubeVirt pdf

Wednesday November 20, 2019 10:55am - 11:30am PST
Room 1AB - San Diego Convention Center Upper Level

Taming Cortex Configuring for maximum performance(1) pdf

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

10:55am PST

Performance Tuning and Day 2 Operations - Goutham Veeramachaneni, Grafana Labs

Cortex is a distributed version of Prometheus with a lot of moving parts. We have a pretty good getting started guide with enough information to get a working cortex cluster that can ingest data and answer queries. But there is limited material on the day 2 operations: Capacity planning, query performance debugging, and general health monitoring. In this talk, we will take you through the debugging workflow, the typical knobs that should be tweaked for optimal performance, the mixin for cortex that covers the dashboards and alerts, and in general how to approach debugging and maintaining an existing cortex cluster.

Speakers

Gouthan Veeramachaneni

Senior Software Engineer, Grafana Labs

Goutham is a developer from India who started his journey as an infra intern at a large company where he worked on deploying Prometheus. After the initial encounter, he started contributing to Prometheus and interned with CoreOS, working on Prometheus's new storage engine. He is now... Read More →

Wednesday November 20, 2019 10:55am - 11:30am PST
Room 6C - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

10:55am PST

SIG Testing Intro - Sean Chase & Erick Fejta, Google

This session will provide an overview of the testing infrastructure and automation used by the kubernetes project. We manage over 180 GitHub repos, generate test results from over 10,000 jobs per day. We'll walk through some of the improvements we've made to enable contributor self-service since last KubeCon.

Speakers

Erick Fejta

Staff Software Engineer, Google

Erick works at Google. He writes tooling for the kubernetes community and helps chair sig-testing. He helps create and maintain a lot of community infrastructure such as peribolos, prow, testgrid, kubetest and gubernator. He is also the lesser-known human face behind fejta-bot, which... Read More →

Sean Chase

Software Engineer, Google

Sean Chase is a Engineering Productivity Developer at Google who has worked with the Kubernetes community for 3 years. He maintains and develops TestGrid and Prow, to keep the PRs and tests flowing. Sean has years of experience with both tests and grids.

Sig Testing Intro Presentation pdf

Wednesday November 20, 2019 10:55am - 11:30am PST
Pacific Ballroom, Salon 25-26 - Marriott Marquis San Diego Marina Hotel

Experience Level Any
Session Slides Included Yes

10:55am PST

Using TUF and in-toto to Tighten the Release Process - Santiago Torres-Arias, NYU & Justin Cappos, NYU

As enterprise companies move to Cloud Native, the supply chain has become a very attractive target for attacks. An attacker who compromises a project's supply chain can greatly increase the blast radius of their attack to all users of the system. In some cases the exploit is an unintended bug (e.g. Equifax); in others, it is more insidious. In this talk, Santiago and Justin will show you how you can use TUF and in-toto to create a tightly-secured software supply chain. Starting from secure container delivery using TUF, and moving towards the left to tools like build farms, vulnerability scanners, and version control systems. The talk will be grounded in real business delivery values by pointing out common software supply chain misconfiguration pitfalls and through an integration example on one of the largest open source operating systems.

Speakers

Santiago Torres

PhD Student, New York University

Justin Cappos

Professor, NYU

Wednesday November 20, 2019 10:55am - 11:30am PST
San Diego Ballroom A - Marriott Marquis San Diego Marina Hotel

Experience Level Intermediate (Mid-level experience)

10:55am PST

Multiple Networks for Kubernetes Workloads - Piotr Skamruk, CodiLime & Doug Smith, Red Hat

Embark on a tour of CNI multiplexers -- an adventure in attaching multiple network interfaces to pods. We'll show the advantages of each and provide examples to get you started using them. We'll also talk about the history and future of multiple network attachments in Kubernetes.
Kubernetes is based on simplicity, and Kubernetes networking is no different-- simplicity is king. Each pod is given a single IP address, and a single network in which “everything sees everything”.
This model is not always what consumers expect, especially for high performance networking. In this world we need to have network isolation (to isolate traffic between control & data planes) or to have multiple interfaces in pods. This provides operators better control over functionality, latency and throughput.
We'll make sure you're geared up for the adventure with CNI multiplexers and multiple network attachments!

Speakers

Doug Smith

Principal Software Engineer, Red Hat, Inc

Doug Smith is a Principal Software Engineer for OpenShift Engineering at Red Hat. Focusing on Network Function Virtualization and container technologies, Doug integrates new networking technologies with container systems like Kubernetes and OpenShift. He is a member of the Network... Read More →

Piotr Skamruk

Software Engineer, Travelping

Piotr is a long-time GNU/Linux and Forth language enthusiast, sys administrator and sys developer. He has worked on kernel sources, backend apps and even on frontends in a wide variety of languages. At Intel he did the kvm flavor for CoreOS RKT, enabling it to run containers on VMs... Read More →

Multiple Networks for Kubernetes Workloads pdf

Wednesday November 20, 2019 10:55am - 11:30am PST
Pacific Ballroom, Salon 20-22 - Marriott Marquis San Diego Marina Hotel

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

10:55am PST

Running Large-Scale Stateful Workloads On Kubernetes at Lyft - Surinder Singh & Anmol Khurana, Lyft

Along with core services, K8s at Lyft also forms the base to run a large variety of data processing stateful data processing jobs which includes Spark, Flink and other jobs via various ML and Data processing pipelines.

At Lyft, K8s has become the driver for the majority of our data processing needs running 10s of thousands of concurrent jobs. Operating the platform at this scale presents an unique set of challenges which get more complex with highly variable load pattern.

In this talk, the speakers will share their journey through some of these challenges and learnings.
- Potential pitfalls of running stateful jobs on K8s.
- Knobs/tweaks to optimize K8s for stateful jobs.
- Running k8s in a cloud environment.
- Building a fault-tolerant self-healing system with multiple K8s clusters underneath.

Talk will also focus on optimizations done to support the widely used workloads at Lyft.

Speakers

Surinder Singh

Software Engineer, Lyft

Surinder Singh is a software engineer at Lyft in Seattle. He led execution plane for Flyte, Lyft’s open-source Machine learning and Data processing pipelines platform. Before Lyft, Surinder was at Microsoft where he worked on Azure Storage and SQL Server Query Optimizer.

Anmol Khurana

Software Engineer, Lyft

Anmol Khurana is a software engineer at Lyft. He is part of Data Platform team responsible for leading effort on Containerized Spark on K8s. Before Lyft, Anmol was at Amazon for 5+ years mostly with AWS Elastic Block Store team.

Stateful workloads lyft kubecon pdf

Wednesday November 20, 2019 10:55am - 11:30am PST
Ballroom Sec 20AB - San Diego Convention Center Upper Level

Implementing a Customer Focused SLA for a Kubernetes Based PaaS pdf

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

10:55am PST

Implementing a Consumer Focused SLA for a Kubernetes Based PaaS - Shrenik Dedhia, Box

Box's (internal) Platform as a Service empowers other Box teams to deliver 100's of micro services, on 1000's of hosts, across 10,000's of pods. As they scaled to support a large number of micro services and clusters, they ran into several scaling challenges around both the control and data planes. In order to deliver a production-grade platform, they realized the need for a Service Level Agreement (SLA) for their platform to not only demonstrate availability for infrastructure, but also "value" for a consumer, and serve as a benchmark to prioritize those challenges.

In this talk, Shrenik Dedhia will present how their team approached the problem of defining a SLA, principles used, options explored, path chosen, and future work to improve the platform's availability from ~99.4% to ~99.99%, thereby improving the overall availability of micro services that power Box.com.

Speakers

Shrenik Dedhia

Sr. Staff Engineer / TLM, Box

Shrenik has been at Box for about 2yrs as a Sr. Staff Engineer, with total 10+ years of experience in designing and implementing secure and scalable platforms. Shrenik is currently leading the Platform As A Service team at Box.

Wednesday November 20, 2019 10:55am - 11:30am PST
Room 11AB - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

10:55am PST

Binary Authorization in Kubernetes - Aysylu Greenberg, Google & Liron Levin, Palo Alto Networks

Kritis is an open-source solution for securing your software supply chain for Kubernetes applications. Kritis enforces deploy-time security policies that ensures only trusted container images are deployed on kubernetes to your cluster. With Kritis, you can require images to be signed by trusted authorities during the development process and then enforce signature validation when deploying. Kritis enables tighter control over your container environment by ensuring only verified images are integrated into production.
Talk outline:
- Introduction to the concept of binary authorization
- Live demo of using Kritis and Grafeas for deploying images with confidence in Kubernetes
- Grafeas and Kritis roadmap
At the end, attendees will gain solid understanding on the process of binary authorization and how to incorporate it in their build and deployment pipelines

Speakers

Liron Levin

Chief software architect, Palo alto networks

Liron is the Chief Software Architect at Twistlock, where he focus on scaling, engineering methodologies and security . Before that, he worked as a tech lead at Microsoft on cloud computing and machine learning projects. He is an active contributor to popular open source go projects... Read More →

Aysylu Greenberg

Senior Software Engineer, Google

Aysylu Greenberg is the Tech Lead of GCP Container Analysis, focusing on the software supply chain integrity and security. In her spare time, she ponders the design of systems that deal with inaccuracies, enthusiastically reads CS research papers, and paints.

KubeCon 2019 grafeas kritis.pptx pdf

Wednesday November 20, 2019 10:55am - 11:30am PST
Room 16AB - San Diego Convention Center Mezzanine Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

10:55am PST

Stitching a Service Mesh Across Hundreds of Discrete Networks - Jason Webb & Anil Attuluri, Intuit

Intuit has experienced large growth in its microservices ecosystem over the last few years, which was primarily using a hub and spoke API Gateway for service communication. As the ecosystem expanded, the increased latency and data transfer costs became significant. To facilitate future growth efficiently, Intuit needed a better model. Moving to a distributed Service Mesh running on k8s to enable secure service-to-service communication was the solution. As Intuit was building a migration path for hundreds of services communicating across discrete networks, they faced a host of challenges. While developing a platform to provide end-to-end encryption, they defined a pattern for federated workload identities and learned to manage a federated set of mesh control planes. Jason and Anil will share these learnings and Admiral, a project they are open-sourcing that enabled the migration path.

Speakers

AnilKumar Attuluri

Software Engineer, Intuit, Inc.

Anil is a Software Engineer at Intuit working on some of the key challenges to move Intuit's microservices onto Service Mesh. His other areas of work at Intuit include distributed and scalable rate limiting algorithm, orchestration layer in API Gateway for Graphql and designing OSGi... Read More →

Jason Webb

Principle Engineer, Intuit

Jason is the Services Fabric Chief Architect at Intuit. Where he works on building tools and platforms to enable Intuit’s microservices ecosystem. Jason is passionate about cloud-native infrastructure, developer tools & experience, and open source. Prior to Intuit, Jason worked... Read More →

admiral v3 KUBECON2019 pdf

Wednesday November 20, 2019 10:55am - 11:30am PST
Room 6F - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

Terin Stock

Software Engineer, Cloudflare

Software engineer working on scaling bare-metal Kuberentes clusters by day. Builds experiments with esoteric 90s technology by night. Previous talks include an introduction to Kubernetes controllers at KubeCon EU 2018 and Building a Go-based MIDI Player at FOSDEM 2019.

KubeCon NA 2019 K9P v2 pdf

Wednesday November 20, 2019 11:50am - 12:25pm PST
Room 1AB - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

11:50am PST

Case Study: AI-as-a-Service on Kubernetes at Scale and In Production - Itay Gabbay, Israel Ministry of Defense (MOD) & Tushar Katarki, Red Hat

AI is popular and yet faces two big challenges in the industry: 1) self-service and automation 2) Use in real production.

At the Israel Ministry of Defense we are taking on the challenges with containers and Kubernetes. We have built AI-as-a-service with open source tools and Kuberentes. Our Data Scientists use the service for data, experimentation and to deliver models into production iteratively with self-service and automation.

Using Kubernetes, we are able to run massive machine learning pipelines automatically, and improve our machine learning models. We implemented several principles of AutoML - a wide research area nowadays. Using AutoML & Kubernetes, we can further improve our machine learning models and pipelines - automatically.

Come find out how we built our AI service on Kubernetes, issues we ran into and best practices with a live demo and supporting slides.

Speakers

Tushar Katarki

Product Manager, Red Hat

Tushar Katarki is a senior technology professional with experience in cloud architecture, product management and engineering. He is currently at Red Hat as a product manager for OpenShift with focus on AI/ML on OpenShift . Tushar is involved with several open source projects around... Read More →

Itay Gabbay

Machine Learning Engineer, MOD Israel

Itay Gabbay is a software engineer specialized in machine learning and AutoML. He is currently at the Israeli ministry of defense, responsible for a machine learning platform he designed and implemented, based on OpenShift.

AI ML Case Study Kubecon SD 2019 pdf

Wednesday November 20, 2019 11:50am - 12:25pm PST
Room 6C - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

11:50am PST

Leveling Up Your CD: Unlocking Progressive Delivery on Kubernetes - Daniel Thomson & Jesse Suen, Intuit

Kubernetes Continuous Delivery methods have continued to evolve to more advanced strategies such as canary, A/B testing, and blue-green. Progressive delivery is the next step of CD, enabling service promotion for a subset of users in an automated fashion backed by metrics.

There’s no one-size-fits-all on what are the appropriate metrics to drive promotions. Often, the four golden signals (latency, traffic, errors, saturation) are used, but what if this isn’t enough? More sophisticated techniques might use algorithmic or even AI-driven analysis.
The Argo Experiment and Analysis CRDs provides simple constructs to drive automated promotion in an extensible fashion.

This session discusses how Intuit leverages experimentation and analysis, the challenges in providing an automatic but generic approach to analyzing experiments, and envisioning the future of declarative progressive delivery.

Speakers

Jesse Suen

CTO, Akuity

Jesse Suen is the CTO and co-founder of Akuity. He is a co-creator and a project lead on the Argo project. Prior to founding Akuity, Jesse was a Principal Software Engineer and lead for the Argo team at Intuit, leading the design and architecture for Workflows, CD, and Rollouts. Jesse... Read More →

Daniel Thomson

Software Engineer, Stytch

Danny Thomson is a software engineer at Stytch working to build the future of user authentication through passwordless options. Previously, Danny worked at Intuit on their Modern Saas platform and contributed to their open-source project: Argoproj. He believes that developer services... Read More →

Progressive Delivery & Argo Rollouts pdf

Wednesday November 20, 2019 11:50am - 12:25pm PST
Ballroom Sec 20CD - San Diego Convention Center Upper Level

CI/CD

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

11:50am PST

Panel: Beyond Codes of Conduct: Igniting Diversity in Your Community - Jemma Bolland, The Scale Factory; Lara Owen, Github; Shanis Windland, VMware; & Kevin Stewart, Independent

There’s diversity – and then there’s inclusion. The difference between being invited and being a valued participant is vast. The Kubernetes and KubeCon community have made significant strides on both the diversity and inclusion front – but should not be satisfied with progress to date. Join this panel of thought leaders to learn how to turn a diverse community into an inclusive one, hear the challenges of building versus changing a culture, and how to ignite the power of diversity where you contribute.
How does the KubeCon/K8s community continue to lead the way in both diversity AND inclusion? Time to fill the dance floor. It's still too empty.

Speakers

Shanis Windland

VP, Diversity & Inclusion, VMware

Shanis Windland is the new VP of Diversity & Inclusion at VMware. Shanis joined VMware in December, coming from the Heptio acquisition. Shanis is a vigorous advocate of diversity AND inclusion - and will be a strong leader for VMware on this journey. Shanis lead a panel discussion... Read More →

Jemma Bolland

COO, The Scale Factory

Jemma is in charge of operations, marketing, people and finance at The Scale Factory. Her 15+ years’ experience in operational, strategic and marketing roles with start-ups and SMEs in the UK and Australia brings a wealth of insight to her role. Jemma's experience in the start-up... Read More →

Kevin Stewart

Kevin Stewart is an engineering leader on sabbatical. Previously, he held VP Engineering positions at Fastly, Heptio (now VMware) and NodeSource and was a Director of Engineering at Adobe.

Lara Owen

Director, Global Workplace Experience, GitHub

An instructor at Remote-How Academy, a speaker at the first-ever Running Remote Conference, and honored as one of 2018’s Bisnow Bay Area Thought Leaders, Lara Owen is the Director of Global Workplace Experience at GitHub and is responsible for ensuring 1200+ employees, scattered... Read More →

Wednesday November 20, 2019 11:50am - 12:25pm PST
Room 6D - San Diego Convention Center Upper Level

Experience Level Beginner (Very basic information)

11:50am PST

Growth and Design Patterns in the Extensions Ecosystem - Eric Tune, Google

How big is the Kubernetes Extensions ecosystem today and how quickly has it grown? How many CNCF projects does it touch? Data gathered from Github over 2 years by the speaker provides detailed answers.

Based on experience as a Kubernetes contributor and API reviewer, and from analyzing hundreds of extensions, the speaker has identified recurring Design Patterns, like: Provisioner, Composition, Enforcer, Claim, and Class. End users will learn to recognize the patterns, and API authors will learn when to apply them.

The talk will be accessible to a general audience. However, experts on Kubernetes Extensions will still find ideas and data not presented anywhere before. Illustrative examples will be used from various CNCF projects, such as Vitess, Jaeger, OpenEBS, and Rook.

Speakers

Eric Tune

Senior Staff Software Engineer, Google

Eric is a Senior Staff Software Engineer at Google, where he is an overall lead technical lead on Google Container Engine (GKE). He started contributing to Kubernetes in 2014. Before Kubernetes, he worked on Google's Borg project, and was a co-author of the Borg paper.

eric tune kcon slides final pdf

Wednesday November 20, 2019 11:50am - 12:25pm PST
Pacific Ballroom, Salon 23-24 - Marriott Marquis San Diego Marina Hotel

Kubeflow at Spotify Building and Managing a Centralized Platform pdf

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

11:50am PST

Building and Managing a Centralized Kubeflow Platform at Spotify - Keshi Dai & Ryan Clough, Spotify

Machine learning workflows within Spotify have been migrated to Kubernetes by adopting Kubeflow and Kubeflow Pipelines. It helps teams increase model development speed and reduce the time to productionize a machine learning model.

In this talk, we will demonstrate some best practices Spotify has learned from managing Kubernetes for backend services and apply them to building a centralized Kubeflow platform. We treat infrastructure as code. We establish customizable and repeatable deployment process. Even with a handful of machine learning/data engineers, we are successfully able to manage multiple Kubernetes clusters and machine learning workloads at scale.

We will also show how teams at Spotify use Kubeflow platform as a one-stop shop for their machine learning development, which helps them build better products to improve user listening experience.

Speakers

Keshi Dai

ML Infra Engineer, Spotify

Keshi Dai is a Senior ML Engineer on the Spotify Machine Learning platform team. He has been working on building and managing a centralized Kubeflow platform to help Machine Learning engineers at Spotify to adopt Kubernetes. Recently, he is also leading the effort to evaluate managed... Read More →

Ryan Clough

Senior ML Engineer, Spotify

Ryan Clough is a Senior Engineer on Spotify's Machine Learning Infrastructure team. Alongside his colleagues, he is responsible for designing and building the platform and tools that ML practitioners all across Spotify use to bring ML solutions from an idea all the way to production... Read More →

Wednesday November 20, 2019 11:50am - 12:25pm PST
Pacific Ballroom, Salon 20-22 - Marriott Marquis San Diego Marina Hotel

Experience Level Beginner (Very basic information)
Session Slides Included Yes

11:50am PST

CNCF Research User Group - Bob Killen, University of Michigan

This session is open to those interested in running Kubernetes and cloud native platforms in a research context. The CNCF Research User Group’s purpose is to function as a focal point for the discussion and advancement of Research Computing using “Cloud Native” technologies. This includes enumerating current practices, identifying gaps, and directing effort to improve the Research Cloud Computing ecosystem. Mission statement: https://github.com/cncf/research-user-group

Speakers

Bob Killen

Research Cloud Administrator, University of Michigan

Bob is a Research Cloud Administrator with the Advanced Research Computing Technology Services (ARC-TS) group at the University of Michigan. He has been with the University for more than 15 years, serving in various capacities within the Health System and ARC-TS. As a CNCF Ambassador... Read More →

KubeConNA 2019 CNCF RUG pdf

Wednesday November 20, 2019 11:50am - 12:25pm PST
San Diego Ballroom A - Marriott Marquis San Diego Marina Hotel

Experience Level Any
Session Slides Included Yes

11:50am PST

Deep Dive into Autoscaling - Marcin Wielgus & Vivek Bagade, Google

Come and see how to debug and optimize your autoscalers and decrease your monthly infrastructure costs even further. During this talk members of SIG-Autoscaling will discuss the internals of HPA, VPA and Cluster Autoscaler, their peculiar features, and ways to fine tune them across dimensions like cost and availability. After this talk you will know where to look for information about the autoscaler activity, what settings can be changed and which flags should probably be left alone.

Speakers

Marcin Wielgus

Staff Software Engineer, Google

Vivek Bagade

Software Engineer, Google Inc

Autoscaling Deep Dive Kubecon SD '19 (2) pptx

Wednesday November 20, 2019 11:50am - 12:25pm PST
Exhibit Hall AB - San Diego Convention Center Ground Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

11:50am PST

Deep Dive into Cloud Provider Azure - Pengfei Ni & Brendan Burns, Microsoft

In this session, we'll dig into the implementation of the Azure cloud provider, and current work to enhance the operations of Kubernetes. Work for Kubernetes 1.17 and designs for the next versions will be discussed. There will be demos of the newest capabilities. You will also learn how the maintainers set up their development environments so you can contribute easily too.

Speakers

Brendan Burns

Microsoft, Corporate Vice President, Azure OSS and Cloud Native

Brendan Burns is a co-founder of the Kubernetes open source project and corporate vice president for Azure cloud-native open source and the Azure management platform including Azure Arc. He is also the author and co-author of several books on Kubernetes and distributed systems. Prior... Read More →

Pengfei Ni

Senior Software Engineer, Microsoft

Pengfei Ni is a senior software engineer at Microsoft Azure and maintainer of the kubernetes project. He has extensive experience in Cloud Computing, Kubernetes and Software Defined Networking (SDN). He has given presentations on KubeCon China 2018, ArchSummit 2018, LC3 2018, and... Read More →

KubeCon NA Deep Dive Azure pdf

Wednesday November 20, 2019 11:50am - 12:25pm PST
Pacific Ballroom, Salon 14-15 - Marriott Marquis San Diego Marina Hotel

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

11:50am PST

Deep Dive: Flux the GitOps Operator for Kubernetes - Stefan Prodan, Weaveworks

In this session, Stefan will talk about the GitOps principles governing Flux, its main features and roadmap. Stefan will do a deep dive into Flux’s Kustomize support and show how you can leverage Flux to manage a multi-tenant Kubernetes cluster. We will continue with Flux Helm Operator deep dive to showcase app delivery automation with Git operations.

Speakers

Stefan Prodan

Principal Engineer, Weaveworks

flux cd deep dive pdf

Wednesday November 20, 2019 11:50am - 12:25pm PST
Room 16AB - San Diego Convention Center Mezzanine Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

11:50am PST

Deep Dive: Harbor - Enterprise Cloud-native Artifact Registry - Steven Zou & Daniel Jiang, VMware

Harbor is an open-source trusted cloud-native registry project that stores, signs, and scans content. It has been widely used by organizations large and small around the world to resolve both the container image and Helm Chart management challenges. In this session, we will cover some advanced features of using Harbor, such as OIDC support, improved content replication among Harbor and other non-Harbor registries, content management in a cloud environment, unified management of Helm Chart and container images, quota management, webhooks, tag retention, highly-available deployments and more. Our guest speaker and fellow Harbor maintainer, Daniel Pacak from Aqua Security, will show you how to utilize the pluggable scanning framework in Harbor to increase confidence in your compliance policies.

Additionally, we'd like to share some Harbor community-related things like the governance model and contributing guide to encourage more participation in the Harbor community. Furthermore, the team would love to get feedback from users and contributors to current features and future roadmap.

Speakers

Steven Zou

Staff II Engineer, VMware, VMware

Steven Zou is a senior engineer with years of experience in cloud computing and cloud-native technology. He is currently working as a Staff II engineer at VMware, focusing on cloud-native and Kubernetes-related platform services. In addition, he is a core maintainer of the CNCF open-source... Read More →

Daniel Jiang

Harbor Maintainer, VMware

I'm a software engineer from VMware, who joined the company around the end of 2015. Currently working on a open source registry project called Harbor. I'm one of the founding member of this project.I have been giving speech in different meet-ups talking about docker image management... Read More →

harbor deep dive#kubecon sandiego2019 v3 pdf

Wednesday November 20, 2019 11:50am - 12:25pm PST
Room 5AB - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

11:50am PST

Deep Dive: Prow - Steve Kuznetsov, Red Hat & Alvaro Aleman, Loodse

This session will dive into some of the major features we have added to prow, including how they are implemented, and the challenges we faced. Examples include the new prow monitoring stack, hooking up prow to other bug tracking systems than github, and refactoring prow to support in-repo config to enable better self-service.

Speakers

Steve Kuznetsov

Software Engineer, Red Hat

Steve has been involved in open source and Kubernetes since 2014, joining the Testing SIG and becoming a co-lead in 2017.He has contributed to Kubernetes core since the 1.0 days but these days spends most of his focus on improving the testing infrastructure with the Testing SIG. Steve... Read More →

Alvaro Aleman

Software Engineer, Loodse

Alvaro is working on products related to Kubernetes cluster lifecycle management. A year ago, Loodse adopted Prow as its CI/CD platform of choice. In the process, Alvaro started to get involved into its upstream development and stayed active there ever since.

Wednesday November 20, 2019 11:50am - 12:25pm PST
Room 7AB - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)

11:50am PST

gRPC Deep Dive: Prevent Your Service From Overtaking Itself - Lidi Zheng, Google

In any distributed system, it is very common to have mismatched processing power on sending (client) and receiving (server) side. This can result in failures or excessive buffering of messages on either side leading to out-of-memory situation. Fortunately, gRPC has a flow control mechanism that transparently throttles the traffic to protect both services. In this presentation, we will dive into how does networking protocols (like TCP, HTTP, gRPC) control traffic, and how gRPC flow control facilitate your usage of the bandwidth between your services.

Speakers

Lidi Zheng

Software Engineer, Google

Lidi Zheng is a Software Engineer at Google under the Tech Infra Network Systems area. He is an active maintainer of gRPC repo, and mostly contributing to gRPC Python. He focuses on the API design, distributed system and tooling. Prior to Google, he completed his Master degree from... Read More →

gRPC Deep Dive Flow Control Slides pdf

Wednesday November 20, 2019 11:50am - 12:25pm PST
Room 14AB - San Diego Convention Center Mezzanine Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

11:50am PST

Intro: Telepresence - Daniel Bryant & Rafael Schloming, Datawire

This session will provide an intro to Telepresence, a CNCF Sandbox tool. We’ll talk about development workflows for Kubernetes. We’ll discuss the differences between traditional development, and different approaches people take to building Kubernetes services. We’ll then introduce Telepresence and discuss how it integrates with different organizational development workflows. Finally, we’ll talk about the evolution of Telepresence and how we are actively moving Telepresence forward from its heritage as a VPN-type approach into a more sophisticated L7 routing layer for developers.

Speakers

Rafael Schloming

Co-founder and Chief Architect, Datawire

Rafael Schloming is Co-founder and Chief Architect of Datawire. He is a globally recognized expert on messaging and distributed systems and a spec author of the AMQP specification. He has spoken on microservices at numerous technical conferences including ApacheCon, the O’Reilly... Read More →

Daniel Bryant

Independent Tech Consultant, Big Picture Tech

Daniel Bryant currently works as an independent technical consultant. His expertise focuses on ‘DevOps’ tooling, cloud/container platforms, and microservice implementations. Daniel is a Java Champion who contributes to several open source projects. He also writes for InfoQ, O’Reilly... Read More →

KubeCon NA 19 Intro to Telepresence pdf

Wednesday November 20, 2019 11:50am - 12:25pm PST
Room 6E - San Diego Convention Center Upper Level

Experience Level Any
Session Slides Included Yes

11:50am PST

Scaling SPIRE for Performance and Availability - Tyler Julian, Uber

SPIRE, the community-supported implementation of SPIFFE, enables users to take advantage of workload identity primitives like X.509s and JWTs without needing a deep understanding of complex topics like trust bootstrap, secure introduction, and credential provisioning/rotation.

But implementing the SPIFFE standard is not without its difficulties. SPIRE must scale to meet the needs of hundreds of thousands of workloads in today's hybrid cloud architectures. And, despite a requirement for high, efficient throughout, the system must remain resilient in the face of failure.

In this deep dive, we will study the challenges encountered during the implementation of SPIRE, design considerations and philosophy, and production use cases.

Speakers

Tyler Julian

Security Engineer, Uber

Security Engineer at Uber focused on authentication and distributed systems, with a background in cryptocurrency protocols.

Wednesday November 20, 2019 11:50am - 12:25pm PST
Pacific Ballroom, Salon 25-26 - Marriott Marquis San Diego Marina Hotel

Experience Level Intermediate (Mid-level experience)

11:50am PST

Build Your Own Private 5G Network on Kubernetes - Frank Zdarsky, Red Hat & Raymond Knopp, Eurecom

Private 5G networks are dedicated cellular networks, confined to user premises and tailored to a specific use case. In smart factories, for instance, they may soon enable remote control of robots, augmented reality-enhanced maintenance, and other use cases for which ultra-low latency, high bandwidth, and reliable radio connectivity to local edge computing services is a must.

Did you know you can build your own private 5G network purely from open source software and off the shelf hardware? This session will introduce OpenAirInterface, an open source 5G radio and core network implementation, and how to pick and set up hardware for it. Participants will learn how the latest Kubernetes technologies like Multus, SR/IOV CNI, real-time workers, device plugins, etc. need to come together to support these exigent Containerized Network Functions on Kubernetes and to manage them using Operators.

Speakers

Raymond Knopp

Professor, EURECOM and President, OpenAirInterface Software Alliance (OSA)

Raymond Knopp is currently serving as Professor in the Communication Systems Department at EURECOM. He received his PhD degree in Communication Systems from the Swiss Federal Institute of Technology (EPFL), Lausanne. His current research and teaching interests are in Digital Communications... Read More →

Frank Zdarsky

Senior Principal Software Engineer, Red Hat

In the old days, long before NFV had its name, Frank was leading mobile network research at a large telco equipment provider and running mobile network services on public cloud. He later joined Red Hat's Office of the CTO to build and lead a team of great engineers that worked with... Read More →

KubeCon 2019 BYO 5G Network pdf

Wednesday November 20, 2019 11:50am - 12:25pm PST
Room 17AB - San Diego Convention Center Mezzanine Level

Doing Things Prometheus Can't Do With Prometheus FINAL pdf

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

11:50am PST

Doing Things Prometheus Can’t Do with Prometheus - Tim Simmons, DigitalOcean

The current Cloud Native Observability dogma is that metrics (and logs and traces) are “not good enough” and that this brave new world needs brave new Observability tools. This is false.

This session will focus on how to utilize Prometheus and friends to solve problems that are typically cited as limitations. This talk is for anyone interested in learning how Prometheus can solve the majority of your Observability problems, no vendor required.

An outline of this talk is:
- How to thoughtfully utilize existing Observability tools
- Deploying High Availability Prometheus
- Effectively interacting with high-cardinality data
- Long-term metrics storage
- Doing “machine learning” on metrics
- Handling thousands of alerts in a sane way (https://twitter.com/timsimlol/status/1145790451129167872)
- How to measure *everything* with Prometheus
- Fostering a healthy Observability culture with SLOs

Speakers

Tim Simmons

Senior Engineer, DigitalOcean

Tim Simmons is a Senior Engineer on the Observability Platforms team at DigitalOcean. He primarily cares for DigitalOcean's internal Prometheus infrastructure. On a normal day, he helps his colleagues with PromQL queries, writes custom Prometheus exporters, and builds tools around... Read More →

Wednesday November 20, 2019 11:50am - 12:25pm PST
Ballroom Sec 20AB - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

11:50am PST

Shipping Metrics From the Edge - Matthias Loibl, Red Hat

Computing is getting pushed to the edge, it may be your car, TV, washing machine, or your toaster. All these devices have a lot of computing power these days. While extending the cloud to the edge is getting solved with projects like KubeEdge or k3s, in this talk we want to take a closer look at how to run Prometheus on them. We want to configure Prometheus in a way that we can replicate its data to a central collecting point, that is running Thanos on Kubernetes in a replicated setup, and then make use of all the shipped metrics to efficiently query across the entire fleet.

Speakers

Matthias Loibl

Senior Software Engineer, Polar Signals

Shipping Metrics from the Edge pdf

Wednesday November 20, 2019 11:50am - 12:25pm PST
Room 11AB - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

11:50am PST

Don’t Catch Feelings, Catch Issues With Kuberhealthy - Joshulyne Park & Shilla Saebi, Comcast

Kuberhealthy is a synthetic monitoring operator for both apps and Kubernetes clusters. Learn how to increase application and cluster observability by replicating real workflow and carefully checking for the expected behavior to occur. With Kuberhealthy, our team has been able to reliably monitor all critical Kubernetes cluster functionality in order to catch issues before our developers do. With Kuberhealthy, you can write your own tests of any kind in your own container and Kuberhealthy will manage everything else, including the creation of Prometheus metrics.

As we’ve transitioned more and more cloud workloads to elastic, self-healing Kubernetes clusters, the job of keeping the clusters running smoothly has become more challenging and important. That’s why we’re so excited to share Kuberhealthy, a new open-source tool we built at Comcast to keep our Kubernetes clusters running at their best.

Speakers

Joshulyne Park

Cloud Engineer, Comcast Technology Solutions

Joshulyne Park is a Cloud Engineer working on building a highly scalable and reliable Kubernetes platform to support all of Comcast Technology Solutions products and services. She is a graduate of Comcast's Career Opportunities and Rotational Experiences (CORE) technology program... Read More →

Shilla Saebi

Program Manager, Open Source, Comcast

Shilla Saebi is an Open Source Program Manager who focuses on community and has been with Comcast for almost a decade. She has worked in many diverse roles within the tech industry in positions ranging from operations engineering, system administration, customer service, and network... Read More →

Kuberhealthy KubeCon pdf

Wednesday November 20, 2019 11:50am - 12:25pm PST
Room 6F - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

11:50am PST

Did Kubernetes Make My p95s Worse? - Jian Cheung & Stephen Chan, Airbnb

When Airbnb first evaluated Kubernetes, they explicitly tested for performance and saw no significant differences. Then in 2019, as Airbnb’s migration of services from EC2/Chef to Kubernetes went into full swing, performance problems started cropping up. Service owners noticed significant latency increases which threatened to halt the overall move to Kubernetes. This talk will share Airbnb’s journey on performance gains and losses in its mass migration to Kubernetes. It will dive into the investigations Airbnb has done, from hardware differences, to cluster settings, to container configurations, to service language problems, and more.

Speakers

Stephen Chan

Software Engineer, Airbnb

Stephen has worked on Airbnb during much of its Kubernetes migration, from the first production service to hundreds of services running across many clusters and different environments. He previously spoke about a few custom controllers in use at Airbnb at Kubecon 2018.

Jian Cheung

Software Engineer, Airbnb

Jian Cheung is a software engineer on the Compute Infrastructure Team at Airbnb. He works on supporting application and infrastructure service abstractions running on Kubernetes. He has previously spoken about [performance gotchas on Kubernetes](https://kccncna19.sched.com/event/UaXm/did-kubernetes-make-my-p95s-worse-jian-cheung-stephen-chan-airbnb... Read More →

[kubecon 2019] Did Kubernetes make my p95s worse pdf

Wednesday November 20, 2019 11:50am - 12:25pm PST
Room 15AB - San Diego Convention Center Mezzanine Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

11:50am PST

From Brownfield to Greenfield: Istio Service Mesh Journey at Freddie Mac - Shriram Rajagopalan, Tetrate & Lixun Qi, Freddie Mac

Freddie Mac is one of the two mortgage loan corporations in the United States managing trillions of dollars of assets across the country. Our infrastructure is spread across different Kubernetes providers, hardware load balancers, and large swaths of virtual machines. In this talk, we describe our service mesh adoption journey in a highly regulated financial compliance environment. We will discuss both greenfield and brownfield environments, to gain full visibility and traffic management capabilities using Istio/Envoy. We will highlight the changes to our GitOps development workflow, changes to our age old organizational practices, and how the service mesh journey forced us to foster deeper co-operation between traditionally siloed security, platform and application development teams as we tried to weave a mesh over the old and new.

Speakers

Shriram Rajagopalan

Unprincipled Engineer, Tetrate

Shriram Rajagopalan is one of the founding engineers behind the Istio service mesh project, and an early contributor to Envoy. He currently maintains the networking subsystem within Istio. Prior to working on Istio/Envoy, he worked on the Xen hypervisor, the Linux kernel, network... Read More →

Lixun Qi

Sr Tech Lead, Freddie Mac

Lixun Qi is a Sr Tech Lead at Freddie Mac, focused on building company-wide cloud native computing platforms. His responsibilities include Kubernetes, service mesh, software defined networking, information security and all the automation through GitOps. Much of time these days is... Read More →

Tetrate Freddie Mac Istio Service Mesh pdf

Wednesday November 20, 2019 11:50am - 12:25pm PST
Hall D - San Diego Convention Center

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

12:25pm PST

Attendee Headshots, sponsored by Codefresh (Reservation Required; Link in Description)

Wednesday November 20, 2019 12:25pm - 2:25pm PST
Room 21 - San Diego Convention Center Upper Level

12:30pm PST

Diversity Lunch + Hack - sponsored by Google Cloud (RSVP required; see description for details)

The luncheon agenda will feature round table discussions, opportunities to get hands on with Kubernetes, and pair programming; all in a safe, judgement-free zone. There’s something for everyone - newcomers, experts, women, non-binary, female-identifying individuals, and male allies welcomed.

Space is limited and completion of the official RSVP form is required. Adding this event to your schedule, does not count as an official RSVP.

Thank you to our sponsor, Google Cloud!

Date: Wednesday, November 20
Time: 12:30 PM - 2:15 PM
Location: Marriott Marquis San Diego Marina Hotel - Ballroom BC

Wednesday November 20, 2019 12:30pm - 2:15pm PST
Ballroom BC - Marriott Marquis San Diego Marina Hotel

1:15pm PST

Chair Yoga (RSVP Required)

Wednesday November 20, 2019 1:15pm - 1:35pm PST
23A - San Diego Convention Center Upper Level

Experience Level Any

Justin Cormack

Chief Technology Officer, Docker, Inc

Justin is the CTO at Docker, and a member of the CNCF TOC. He has spent a lot of time working on security in the container ecosystem. He is a maintainer on the Notary project for container security.

Gareth Rushgrove

VP Product, Snyk

Avi Deitcher

Consultant, Atomic Inc.

Avi Deitcher has been an engineer and businessman for over 20 years, designing and implementing technology, strategy and operations. He loves technology, but most importantly he loves what it enables us to do as individuals and businesses. He has run operations for global businesses... Read More →

Roman Shaposhnik

ZEDEDA Inc.

Wednesday November 20, 2019 1:30pm - 3:00pm PST
Room 22 - San Diego Convention Center

1:40pm PST

Chair Yoga (RSVP Required)

Wednesday November 20, 2019 1:40pm - 2:00pm PST
23A - San Diego Convention Center Upper Level

Experience Level Any

2:00pm PST

Puppy Pawlooza / Paw Therapy

Wednesday November 20, 2019 2:00pm - 4:00pm PST
Sponsor Showcase, Sails Pavillion - San Diego Convention Center Upper Level

Experience Level Any

2:25pm PST

Cloud Native Architecture: Monoliths or Microservices? - Goutham Veeramachaneni & Edward Welch, Grafana Labs

Microservices are the rage right now and for very good reasons. But microservices are not without drawbacks, requiring a complicated configuration and deployment, increasing the barrier to entry for both developers and users alike. This poor user experience can slow the rate of adoption for a project and hinder developers.

There is a solution to this problem seeing a lot of success. A single binary app which can act as a monolith but can also be scaled as microservices. Thanos being a great example, where the kickstart is super simple yet can be scaled out as required. The Loki project was patterned after a similar model and we’ve since re-architected Cortex as well. In the talk we will explore how an application can be architected to be both a monolith and microservices, improving both adoption and ease of use while still allowing to scale as a cloud native microservices application.

Speakers

Edward Welch

Software Engineer, Grafana Labs

Ed is a newbie to the CNCF community but has a long history of software development from robotic control systems to telecom middleware. He has worked in both startups and large enterprises, and currently works at Grafana Labs where he focuses mainly on the Loki project, an open source... Read More →

Gouthan Veeramachaneni

Senior Software Engineer, Grafana Labs

2019 Kubecon NA Microservices vs Monoliths pdf

Wednesday November 20, 2019 2:25pm - 3:00pm PST
Ballroom Sec 20CD - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

2:25pm PST

Moving from Legacy Infrastructure to the Cloud in a Government Organization - Chris Carty, City Of Ottawa

Cloud native tech isn’t just for start-ups. But, if you’re in a government organization looking to go cloud native, you can expect to face extra challenges. How can you select the best tools that will work with the processes you already have? What new skills are needed? How do you train staff? How to get anyone to actually use the framework once it’s in place? How to even start?

The City of Ottawa (yes the capital of Canada) was an organization that started applying DevOps practices just a few years ago. It now has a Kubernetes platform with fully automated CICD pipelines being used by multiple teams and growing. Using The City as a case study, we will examine the common issues faced by government organizations and how The City developed workable solutions on its cloud native journey.

Speakers

Chris Carty

Customer Engineer, Google Cloud

He is a Certified Kubernetes Administrator, Certified Kubernetes Application Developer, panelist for the Kubernetes Office Hours and a member of the Kubernetes 1.16 /1.17 Release Notes teams.

kubecon pres pdf

Wednesday November 20, 2019 2:25pm - 3:00pm PST
Room 6F - San Diego Convention Center Upper Level

Experience Level Beginner (Very basic information)
Session Slides Included Yes

2:25pm PST

Krane: A Developer-Centric Deploy Tool - Daniel Turner & Katrina Verey, Shopify

Have you ever shipped changes to a Kubernetes app and found yourself wondering what actually happened? Krane is an open-source command-line tool created to solve this problem: it helps developers, especially those who may be new to Kubernetes, deploy with confidence.

Krane translates Kubernetes’ asynchronous convergence process into a clear pass/fail result for each deploy. It detects unsuccessful rollouts and shows developers the information they need to take corrective action. Krane also helps ensure dependencies are rolled out in a sane order, it natively supports custom resources, it allows developers to run scripts as part of their deploys, and more! Come find out what Krane can do, learn how its design makes it resilient and scalable, and discover how it may help your organization provide a better developer experience for Kubernetes apps.

Speakers

Daniel Turner

Senior Software Developer, Shopify

Daniel Turner is a senior software developer at Shopify. He is part of the team building Shopify’s Kubernetes-based platform-as-a-service. He came to the team after working on deploying and running Kubernetes in Shopify’s data centers. Daniel is an experienced speaker and currently... Read More →

Katrina Verey

Senior Staff Software Developer, Production Engineering, Shopify

Katrina is a senior staff software developer working in Production Engineering at Shopify. She is passionate about upstream participation, and is delighted to be serving the Kubernetes community by co-leading SIG-CLI and its Kustomize and KRM Functions subprojects. She has been working... Read More →

Krane Kubecon 2019 pdf

Wednesday November 20, 2019 2:25pm - 3:00pm PST
Room 17AB - San Diego Convention Center Mezzanine Level

CI/CD

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

2:25pm PST

Panel: Tech Community Share Out: Maintaining a Healthy Balance with Work - Chris Lentricchia, SUSE; David McAllister, Scalyr; PJ Hagerty, DevRelate.io, OSMIhelp.org; Nanci Lancaster, Linux Foundation; & Amanda Brazzell, Brazzell Business

The digital age has brought us multitudes of advancements - from cost and convenience to connectivity - but those advancements have also left us fundamentally unbalanced, and often, unhealthy. As we advance further into an always-on culture that has developed through over-connectivity, overwork, and constant sensory overload, it has become essential to maintain a healthy balance with both work and technology.

At KubeCon + CloudNativeCon in Barcelona, the OSMI Handbook did a great job of outlining some tips that attendees can use to maintain their mental health at such large events. We’d like to take that conversation a step further by talking about some techniques that the Cloud Native Community can use in their lives, both personally and professionally. Join us for a diverse panel discussion to share ideas on maintaining a healthy and balanced mental state.

Moderators

David McAllister

Head of Community, Scalyr

Speakers

Nanci Lancaster

Senior Event Planner, Content, Linux Foundation

Nanci is the Senior Event Planner, Content, for Linux Foundation, managing content communications and development between speakers, co-chairs, and program committees for KubeCon + CloudNativeCon and Kubernetes Forum events. She brings 10 years of experience from a similar role at... Read More →

PJ Hagerty

Developer Advocate, Spotify

PJ is the founder of DevRelate.io and a board member of Open Sourcing Mental Illness (OSMIhelp.org). He is an organizer of DevOps Days Buffalo, CodeDaze, and ElixirDaze. PJ is a developer, writer, speaker, musician, and Community Advocate. He is known to travel the world speaking... Read More →

Chris Lentricchia

Global Product Marketing - SUSE CaaS Platform, SUSE

Succinctly, Chris Lentricchia is a guy with a dog, a truck, and a motorcycle. By day he works as the Product Marketing Manager for SUSE CaaS Platform. When he’s not at work, Chris has responsibilities as a member of the Board of Directors at The Greater Lowell YMCA and as a volunteer... Read More →

Amanda Brazzell

Co-Creator, Brazzell Business

Amanda is a wellness loving creative who worked in the tech community at DigitalOcean for ~4 years. There, she immersed herself within remote culture, developing a commitment to caring for people and wellness in the workplace. Through yoga, meditation, and care packages, she developed... Read More →

Wednesday November 20, 2019 2:25pm - 3:00pm PST
Pacific Ballroom, Salon 23-24 - Marriott Marquis San Diego Marina Hotel

Experience Level Beginner (Very basic information)

2:25pm PST

Emitting, Consuming, and Presenting: The Event Lifecycle - Jesse Dearing, VMware

You’re building a suite of operators and processes that will run in your cluster to make your job easier. You’ve written CRDs to manage cluster and out of cluster resources, you’ve set up your monitoring with Prometheus, and set up horizontal pod autoscaling. How do you know what’s happening in your cluster? In this talk we’ll cover different ways to emit events related to cluster objects using Kubernetes events, using metrics to drive events, different techniques for consuming events, and ways for folks to create events without touching a command line. After attending this talk, you should be able to take advantage of events and metrics occurring inside the cluster and be able to produce your own events relevant to your cluster.

Speakers

Jesse Dearing

Senior SRE, VMware

Jesse is a senior site reliability engineer at VMware with over a decade of professional experience. Jesse's primary focus is building platforms to support running resilient software in production. Jesse loves taking existing services and writing code to support the operations of... Read More →

Kubecon Events pdf

Wednesday November 20, 2019 2:25pm - 3:00pm PST
Room 11AB - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

2:25pm PST

Panel: Enterprise-grade, On-prem Kubeflow in the Financial Sector - Laura Schornack, JPMorgan Chase; Jeff Fogarty, US Bank; Josh Bottum, Arrikto; & Thea Lamkin, Google

This presentation will explore the journeys of two ML architects from JPMorgan Chase and US Bank, who have deployed Kubeflow into their on-premise environments. These subject matter experts will review their pre-installation checklists, their software architectures, and their operating expectations. They will pinpoint the critical features for an enterprise-grade deployment like authentication and authorization, data management, credentials management, and support for air gapped environments. They will also discuss their collaboration with the Kubeflow code contributors to define requirements and develop new functionality. The talk will include a review of planned Kubeflow enhancements, and a roadmap for those deliveries by code contributors to the Kubeflow On-Prem Special Interest Group (SIG).

Speakers

Josh Bottum

Vice President, Arrikto

I am a Kubeflow Community Product Manager and VP at Arrikto. We simplify storage architectures and operations for K8s platforms.

Jeff Fogarty

Innovation Engineer,, US Bank

Jeff Fogarty is an Innovation Engineer at US Bank Supporting a team of Data Scientists. He participates with the Kubeflow open source community focusing on On-Prem functionality. Jeff speaks at technical events and conferences including the Kubeflow Contributors Summit and Cloud Native... Read More →

Thea Lamkin

Open Source Developer Relations Program Manager, Google

Thea Lamkin leads Google's Open Source Developer Relations Program for Kubeflow. Thea sets the developer program strategy for Kubeflow and executes on the tactical work items and events necessary to make Kubeflow a success. Thea specializes in Open Source Community Architecture, Developer... Read More →

Laura Schornack

Sr. Architect, JPMorgan Chase

Laura Schornack is a JPMorgan Chase lead design architect and expert engineer for shared services. Previously, she worked for other leading tech organizations such as IBM and Nokia. She holds a degree in computer science from the University of Illinois at Urbana-Champaign. Laura presents... Read More →

KubeCon US Bank & JPMorgan (4) pdf

Wednesday November 20, 2019 2:25pm - 3:00pm PST
Room 14AB - San Diego Convention Center Mezzanine Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

2:25pm PST

CRI-O: Under the Hood - Mrunal Patel, Red Hat, Inc. & Sascha Grunert, SUSE

CRI-O is an open-source container runtime created for Kubernetes. The project was recently added to the CNCF incubator and has a very active user and contributor community established around it. In this session, Mrunal Patel and Sascha Grunert will show how CRI-O works under the hood. The talk will cover in-depth how the life cycle of Kubernetes workloads is managed by CRI-O in conjunction with the kubelet. They will demonstrate how CRI-O utilizes lower level runtimes like runc to manage the lifecycle of containers, how networking is setup for pods and how system utilities can be used to get a system view of a node using CRI-O. The talk will also cover recent features added to CRI-O for production use cases such as dual-stack IPv6 support and repository mirroring to be able to run kubernetes clusters in a disconnected environment. Attendees will gain a deeper understanding of CRI-O and how to use it for advanced use cases.

Speakers

Mrunal Patel

Senior Principal Software Engineer, Red Hat

kubecon19 cri o pdf

Wednesday November 20, 2019 2:25pm - 3:00pm PST
Room 5AB - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

2:25pm PST

Deep Dive Into API Machinery - Antoine Pelisse, Google & Stefan Schimanski, Red Hat

SIG API Machinery is responsible for all generic API topics in Kubernetes, i.e. for the generic API server implementation, API CRUD semantics, discovery, the admission control mechanism, conversion, defaulting, persistence with etcd, general controllers like garbage collection, Go client libraries, code generation and extension points like CustomResourceDefinitions, aggregation & admission. This session will have two parts: A deep dive into a selection for API Machinery topics, probably: defining API types in Golang, groups+versions+kinds+resources, tags, code-generation, schemes, different variants of codecs – and how to use all this with CustomResourceDefinitions and a custom client-go client. time for general discussion and opportunity for API machinery questions. This session is targetted especially at: People using the Kubernetes APIs with client-go and wanting to understand what is going on behind the scenes People extending Kubernetes with APIs using aggregated API servers or CustomResourceDefinitions

Speakers

Stefan Schimanski

Senior Principal Engineer, Upbound

Stefan is a Senior Principal Engineer at Upbound working on control planes, Kubernetes, kcp, with a focus on API machinery. He contributed a major part of the CRD feature set. Stefan is a 2nd time GoogleSummer of Code mentor with CNCF, loves to teach and help people to learn. Before... Read More →

Antoine Pelisse

Software Engineer, Google

KubeCon NA 19 Sig API Machinery Deep Dive pdf

Wednesday November 20, 2019 2:25pm - 3:00pm PST
Room 1AB - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

2:25pm PST

Deep Dive: CNI - Bryan Boreham, Weaveworks & Dan Williams, Red Hat

CNI, the Container Network Interface, is a small but critical piece of infrastructure linking runtimes such as Kubernetes and CloudFoundry to dozens of different container network implementations. This session is aimed at implementers of network plugins and runtimes using CNI, as well as anyone interested in contributing to the project or becoming a maintainer. We will recap recent changes, look at the roadmap ahead, and have plenty of time for discussion and Q&A.

Speakers

Dan Williams

Manager, RHEL Networking, Red Hat

Bryan Boreham

Distinguished Engineer, Grafana Labs

CNI Deep Dive 2019 pdf

Wednesday November 20, 2019 2:25pm - 3:00pm PST
Room 15AB - San Diego Convention Center Mezzanine Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

2:25pm PST

Geo-partitioning with Vitess - Deepthi Sigireddi & Jitendra Vaidya, PlanetScale

Geo-partitioning is an emerging requirement for multinational corporations. Laws such as the GDPR in Europe stipulate where a user’s data needs to be physically located, as well as when it can be transferred out of the EU. We expect additional legal jurisdictions to pass similar laws in the coming years, and that database management systems will require native functionality to assist in compliance. In the case of Vitess, one of its distinguishing features is support for flexible sharding schemes. This can easily be extended to support a custom sharding scheme that respects geo-partitioning requirements. In this deep dive we will first explore how and then demonstrate a database cluster built using the custom sharding scheme that solves data residency at the database layer obviating the need for any change at the application layer.

Speakers

Jiten Vaidya

CEO - ama Vitess and PlanetScale, PlanetScale

Jitendra (Jiten) Vaidya is co-founder and CEO at PlanetScale (https://planetscale.com), a company that supports Vitess (https://vitess.io). For most of his career, he worked as a backend infrastructure engineer and manager at companies such as Dropbox, YouTube and Google. It was at... Read More →

Deepthi Sigireddi

Software Engineer, PlanetScale

Deepthi is the Technical lead for Vitess, a CNCF graduated open source project. She also leads the Vitess engineering team at PlanetScale which offers a database service built on Vitess. She brings over 20 years of experience building scalable systems to this role. She enjoys speaking... Read More →

VitessDeepDive@KubeconNA19 pdf

Wednesday November 20, 2019 2:25pm - 3:00pm PST
Room 6D - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

2:25pm PST

Intro: Scheduling SIG - Wei Huang, IBM & RaviSantosh Gudimetla, Red Hat

Kubernetes Scheduler is a critical component of Kubernetes that finds the best nodes for running pods based the configured scheduling requirements. In this talk, we will cover the scheduling workflow and the life of a Pod during a scheduling cycle. Then we will talk about recent SIG Scheduling projects and features, including the development of the scheduling framework, batch scheduling, descheduler, even pods spreading, and scalability improvements. We will also dedicate some time of the presentation to audience questions and users' feedback.

Speakers

Wei Huang

Software Engineer, Apple

Wei Huang is a Software Engineer at Apple, focusing on Kube scheduling and control plane. He has served as a co-chair of Kubernetes SIG-Scheduling for years. He is also the founder of two Kubernetes sub-projects, scheduler-plugins, and kwok.

Ravi Santosh Gudimetla

Senior Software Engineer, Red Hat

Software Engineer working on Kubernetes and Windows Containers

SIG Scheduling Intro pdf

Wednesday November 20, 2019 2:25pm - 3:00pm PST
Room 7AB - San Diego Convention Center Upper Level

Experience Level Any
Session Slides Included Yes

2:25pm PST

Intro: SIG Cluster Lifecycle - Timothy St. Clair, VMware

The Cluster Lifecycle SIG is the Special Interest Group that is responsible for building the user experience for deploying and upgrading Kubernetes clusters. Our mission is examining how we should change Kubernetes to make it easier to operate. Since the group's formation we have focused on creating kubeadm, a streamlined installer tool and building block to simplify the installation and upgrade experience, and building a Cluster API to provide an abstraction of machines across different deployment environments and a common control plane configuration. In this introduction session, we will present the SIG's mission statement, review recent accomplishments, and discuss our future plans, where you are very welcome to contribute to the discussion. We will also focus on how new contributors can get involved in helping shape the future of Kubernetes' cluster lifecycle management.

Speakers

Timothy St. Clair

Principal SW Engineer, VMware

Timothy St. Clair is a Principal Software Engineer at VMware and is a core contributor to the Kubernetes project, a Steering Committee member, and a lead on SIG-Cluster-Lifecycle. Timothy has worked on the development and integration of various open source distributed systems projects... Read More →

Intro to SIG Cluster Lifecycle KubeconNA 2019 pdf

Wednesday November 20, 2019 2:25pm - 3:00pm PST
Room 6E - San Diego Convention Center Upper Level

Experience Level Any
Session Slides Included Yes

2:25pm PST

Introduction to the CNCF App Delivery SIG - Alois Reitbauer, Dynatrace & Lei Zhang, Alibaba

The CNCF App Delivery SIG focusses on all aspects of delivery and operations of cloud-native applications from a developer and operations perspective. Current working topics include application definition, packaging, and distribution, as well as the application delivery workflow. Key deliverables of the working group are guidelines and reference material for these topics.
In this intro session, we will walk through the detailed goals of the SIG and present an overview of current work items and intermediary results. This will be followed by a discussion of the current roadmap and potential future contributions. If you are developing or managing cloud-native applications or defining company best practices you should get engaged with the application delivery SIG.

Speakers

Lei Zhang

Partner Software Engineer, Microsoft

Lei is a Partner Software Engineer in Microsoft Azure and was leading the engineering effort in Alibaba including its Kubernetes infrastructure and serverless application platform. Lei has been working as a maintainer on Kubernetes upstream since its beginning.

Alois Reitbauer

Chief Technology Strategist/Head of Open Source, Dynatrace

Alois works as Chief Technology Strategist at Dynatrace, where he is response for all open source activities and research. He is currently heavily engaged in the cloud-native ecosystem as a maintainer and founder of several open source projects and as co-chair and founder of TAG App... Read More →

Wednesday November 20, 2019 2:25pm - 3:00pm PST
San Diego Ballroom A - Marriott Marquis San Diego Marina Hotel

2:25pm PST

Jaeger Deep Dive - Yuri Shkuro, Uber Technologies & Pavol Loffay, Red Hat

This session is dedicated to an in-depth understanding of the Jaeger project. We will give a short demo of the recently added features, talk about various topics including the architecture, adaptive sampling, multi-tenancy, and configuration, and review the roadmap. After this session the attendees should better understand the Jaeger architecture, how to deploy it and get the best benefits, and to make contributions to the project.

Speakers

Pavol Loffay

Principal Software Engineer, Red Hat

Yuri Shkuro

Software Engineer, Uber Technologies

KCCNCNA19 Jaeger Deep Dive pdf

Wednesday November 20, 2019 2:25pm - 3:00pm PST
Room 16AB - San Diego Convention Center Mezzanine Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

2:25pm PST

SIG Release - Deep Dive: Release Engineering Subproject - Stephen Augustus, VMware & Hannes Hörl, Pivotal

The Kubernetes SIG Release is chartered with producing project releases on a reliable schedule. A key component of this is release automation and build tooling. The process/procedures and tools used to create and maintain Kubernetes release artifacts are the responsibility of SIG Release’s recently created Release Engineering subproject. In the early days of the project this code was heavily dependent on a Google presence and is one of (if not _the_) final remnants of that historical connection to the project’s origination. As SIG Release work to shift these last pieces into a community led process and community maintained code, we need your assistance. This deep dive will present an overview of the major moving pieces in the release pipeline, detail the code/process enhancements and improvements currently underway, and share opportunities where you can join in the Release Engineering subproject to assist in making its code more robust and community sustainable.

Speakers

Stephen Augustus

Lead, Cloud Native Tools & Advocacy, VMware

Hannes Hörl

Staff Software Engineer, Pivotal

KubeCon US 2019 DeepDive RelEng pdf

Wednesday November 20, 2019 2:25pm - 3:00pm PST
Pacific Ballroom, Salon 25-26 - Marriott Marquis San Diego Marina Hotel

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

2:25pm PST

Liberating Kubernetes From Kube-proxy and Iptables - Martynas Pumputis, Cilium

iptables and Netfilter are the two foundational technologies of kube-proxy for implementing a Service abstraction. They carry legacy accumulated over 20 years of development grounded in a more traditional networking environment that is typically far more static than your average Kubernetes cluster. In the age of containers, they are no longer the best tool for the job, especially in terms of performance, reliability, scalability, and operations.

Companies like Google, Facebook and Cloudflare have long realised this and therefore embraced eBPF as technology, which lets one to dynamically reprogram the kernel. Can we replicate the same success story in Kubernetes?

In this talk, the audience will learn about running a fully functioning Kubernetes cluster without iptables, Netfilter and thus without kube-proxy in a scalable and secure way with the help of eBPF and Cilium.

Speakers

Martynas Pumputis

Software Engineer, Isovalent

Martynas Pumputis is a Software Engineer at Isovalent working on Cilium, eBPF and Linux kernel.

Liberating k8s from kube proxy and iptables pdf

Wednesday November 20, 2019 2:25pm - 3:00pm PST
Ballroom Sec 20AB - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

2:25pm PST

Beyond Getting Started: Using OpenTelemetry to Its Full Potential - Sergey Kanzhelev, Microsoft & Morgan McLean, Google

OpenTelemetry is a cloud-native set of APIs and libraries used to generate, collect, and export telemetry from distributed systems. This session goes beyond a basic introduction, and demonstrates how you can customize OpenTelemetry’s components and architecture for the unique needs of your app. Attendees will learn how to set up and configure built-in data collectors, how to write their own instrumentation, how to extend and enrich automatically collected telemetry with app-specific information, and how to send this data to Prometheus and Jaeger for analysis.

Speakers

Morgan McLean

Product Manager, Google

Morgan is a co-founder of OpenCensus and OpenTelemetry, and has spent much of his career as an engineer and product manager working on distributed systems and developer tools. Morgan is responsible for Google's distributed tracing, profiling, and debugging tools, including Stackdriver... Read More →

Sergey Kanzhelev

Staff Software Engineer, Google

Sergey Kanzhelev is a seasoned open source and cloud native maintainer working actively on Kubernetes. Sergey is actively involved in Kubernetes, serving as chair of SIG node. He is working on both - engineering aspect of software and its practical application. With the Kubernetes... Read More →

kubecon na 2019 ot beyond getting started pdf

Wednesday November 20, 2019 2:25pm - 3:00pm PST
Room 6C - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

2:25pm PST

Fidelity’s Move to “Finance Grade” Kubernetes with GitOps - Alexis Richardson, Weaveworks & Rajarajan Pudupatti SJ, Fidelity Investments

At Fidelity Investments, every application must meet a unique mix of regulatory, security and governance requirements to protect millions of customers.

When Fidelity adopted Kubernetes for cloud application delivery, they teamed up with AWS and Weaveworks to use GitOps as a tool to analyze and implement a compliant platform. In this session, Rajan Pudupatti, Cloud Platforms Architect at Fidelity Investments and Alexis Richardson, CEO of Weaveworks will present the story. They’ll share when to automate, how to secure your CD pipeline, the process for adding deployment policy for clusters and applications, and connecting enterprise development tools to cloud automation services.

The session covers challenges and lessons learned implementing the Kubernetes platform with GitOps best practices, to operate efficiently and securely at scale.

Speakers

Alexis Richardson

CEO & Founder, Weaveworks

Rajarajan Pudupatti SJ

Director, Cloud Platform Architecture, Fidelity Investments

Rajarajan is a Cloud Platform Architect at Fidelity Investments. At Fidelity, he drives the engineering behind implementing various container & serverless platforms at enterprise scale. His current focus is on building an ecosystem of frameworks, tools and design patterns that will... Read More →

Wednesday November 20, 2019 2:25pm - 3:00pm PST
Exhibit Hall AB - San Diego Convention Center Ground Level

Experience Level Intermediate (Mid-level experience)

2:25pm PST

NHD - A Topology-Aware Scheduler for K8s for Low-Latency & HPC Applications - Cliff Burdick, ViaSat

With an increasing number of HPC, NFV, and other low-latency applications moving to containers, the ability to schedule these workloads efficiently is important for increasing user adoption. The default scheduler in Kubernetes does an excellent job at scheduling cloud-native workloads, but is lacking the ability to schedule low-latency workloads properly. NHD attempts to bridge this gap by introducing a custom scheduler for Kubernetes that’s aware of hardware topology, CPU characteristics, and the application’s threading model. In this talk, we’ll go over the ways NHD integrates with Kubernetes, how it’s used, and the features it offers.

Speakers

Cliff Burdick

Senior DevTech Engineer, NVIDIA

Cliff is working at NVIDIA where he focuses on optimizing GPU code for signal processing, numerical computing, and GPU/networking IO. Previously he worked at ViaSat designing the ground system software for high-throughput satellites. At ViaSat he developed an open-source Kubernetes... Read More →

nhd kubecon final brief pptx

Wednesday November 20, 2019 2:25pm - 3:00pm PST
Pacific Ballroom, Salon 14-15 - Marriott Marquis San Diego Marina Hotel

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

2:25pm PST

Piloting Around the Rocks: Avoiding Threats in Kubernetes - Robert Tonic & Stefan Edwards, Trail of Bits

Over three months in 2019, Trail of Bits completed the first-ever security review of Kubernetes, consisting of source review, dynamic testing, and threat modeling. One artifact, the threat model, lets users understand the risks of any given feature or deployment. We’ll show attendees how to make the most of this invaluable resource.

First, we’ll break down the architecture of Kubernetes into trust zones. These are security boundaries where controls should be enforced. Incorrectly implemented controls can result in catastrophic security failures.

After we describe the trust zones, you’ll find the architectural issues are easy to identify. We’ll discuss a few! We’ll also situate vulnerabilities we found in our code review into each trust zone.

Finally, we’ll teach you how to review your own Kubernetes environment using our threat model to get simple answers to your security questions.

Speakers

Robert Tonic

Security Engineer, Trail of Bits

Robert performs audits and assessments of blockchain and web-related technologies in our assurance practice. He most enjoys client interactions, especially those that help clients uncover deep-rooted design flaws and correctness issues. Prior to joining Trail of Bits, Robert worked... Read More →

Stefan Edwards

Principal Security Engineer, Trail of Bits

Stefan performs assurance work across a variety of verticals, from blockchain to IoT to Defense. In addition, he’s heavily involved in our infrastructure and architecture review work, and makes discerning comments in our reports. Prior to Trail of Bits, Stefan worked at nVisium... Read More →

KubeCon 2019 Presentation pdf

Wednesday November 20, 2019 2:25pm - 3:00pm PST
Pacific Ballroom, Salon 20-22 - Marriott Marquis San Diego Marina Hotel

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

2:25pm PST

There's a Bug in My Service Mesh! What Do You Do When the Mesh is At Fault? - Ana Calin, Paybase & Risha Mars, Buoyant

A service mesh is an increasingly necessary tool when running and debugging modern applications. But what do you do when there’s a bug in the mesh itself?

Paybase offers the most flexible, developer-native, API-driven solution for payments, compliance and risk. They use the Linkerd service mesh to process all requests that come through their complex system of microservices, where it is highly useful for out of the box gRPC load balancing which allows Paybase to scale their application.

In this talk, Ana and Risha will talk about different Linkerd bugs that Paybase encountered after deploying Linkerd to their staging environment, and how they worked with the Linkerd maintainers to track them down and squash them.

This talk also explores the relationship between companies that rely on open source software and their interactions with maintainers in the path to getting bugs fixed.

Speakers

Ana Calin

Systems Engineer, Paybase

Ana is a Systems Engineer at Paybase, an emerging London FinTech. As a Systems Engineer Ana builds the infrastructure of Paybase’s service oriented platform, creates, updates and maintains monitoring and logging systems and incident response management systems. Previously Ana has... Read More →

Risha Mars

Software Engineer, Buoyant

Risha is a Software Engineer at Buoyant, and is a core contributor to the Linkerd project. She worked on the CLI and controller (Golang) as well as the Linkerd dashboard (React). Currently Risha is working on Dive, Buoyant’s newest product. Previously, Risha worked on the Ads team... Read More →

There's a bug in my service mesh pdf

Wednesday November 20, 2019 2:25pm - 3:00pm PST
Hall D - San Diego Convention Center

Writing a Kubernetes operator the Hard Parts KubeCon 2019 pdf

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

3:20pm PST

Writing a Kubernetes Operator: the Hard Parts - Sebastien Guilloux, Elastic

Building a custom controller or operator to manage your Kubernetes applications is becoming easier, with the help of libraries and tools such as controller-runtime and Kubebuilder. Putting together an initial working prototype is fairly straightforward, but devil is in the details.

This talk focuses on lessons learned while writing Kubernetes controllers for stateful workloads with the help of controller-runtime. It covers some of the "hard parts".

The operator lives in the past: how to deal with resources cache inconsistencies? Why does idempotency matter? What can you do when StatefulSets are not good enough for the orchestration you need? How to empower advanced users but still provide good defaults? What namespace(s) should the operator have access to? How to test that monster you ended up building? These are questions engineers at Elastic had to answer.

Speakers

Sebastien Guilloux

Software Engineer, Elastic

Sébastien is a backend software engineer at Elastic. In the past few years he has focused on designing and building the platform backing Elastic Cloud, a large scale multi-cloud multi-region platform based on Kubernetes to deploy the Elastic stack and Elastic solutions.

Wednesday November 20, 2019 3:20pm - 3:55pm PST
Ballroom Sec 20CD - San Diego Convention Center Upper Level

Experience Level Advanced (Expert level experience)
Session Slides Included Yes

3:20pm PST

Panel: Improving and Managing Kubernetes at Scale - Xiang Li, Alibaba; Corin Dwyer, Netflix; Amit Bose, Uber; June Liu & Harry Zhang, Pinterest

Companies like Alibaba, Uber, and Pinterest are managing a huge fleet of machines with demanding and complicated workload. To evolve our infrastructure and adopt Kubernetes, we faced many challenges around scalability, reliability, flexibility and operationality. And today, after overcame those difficulties, we are running some of the largest Kubernetes clusters in the world.

In this panel, we would like to share our real world experience on improving and managing Kubernetes with harsh requirements. We believe the stories are interesting themselves, and many of the lessons we learned also apply to small-mid size cluster operators and users.

Speakers

Amit Bose

Senior Software Engineer II, Uber

June Liu

Staff Software Engineer, Pinterest Inc

After spending years in large organization, June joined Pinterest to explore the vast ocean of open source and start up spirit. Her interests focus on container orchestration, large scale cluster operations and developer tools. She currently works on the compute platform team at Pinterest... Read More →

Xiang Li

Senior Staff Engineer, Alibaba

李响，阿里云智能资深技术专家，负责阿里巴巴大规模集群调度与管理系统，帮助阿里巴巴通过云原生技术初步完成了基础架构的转型，实现了资源利用率与软件的开发和部署效率的大幅提升，并同步支撑了云产品的技术演进。CNCF... Read More →

Harry Zhang

Software Engineer, Pinterest

Harry is a Software Engineer from Pinterest working on its Kubernetes based next generation container cloud. Harry is interested in large scale cluster management solutions and related technologies. Harry is currently a Kubernetes contributor and a CNCF Certified Kubernetes Administrator... Read More →

Corin Dwyer

Senior Software Engineer, Netflix

Corin Dwyer is a senior software engineer within the Netflix compute platform development team. Before working on Titus, Netflix's container platform, he worked on infrastructure engineering for the Netflix content organization and before that in healthcare. He has worked across the... Read More →

Wednesday November 20, 2019 3:20pm - 3:55pm PST
Room 6C - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)

3:20pm PST

Panel: GitOps User Stories - Tamao Nakahara, Weaveworks; Javeria Khan, Palo Alto Networks; Hubert Chen, Branch; Stefan Prodan, Weaveworks; & Edward Lee, Intuit

The expression, GitOps, has taken off and resonated in the Kubernetes community since its launch by Weaveworks in 2017. GitOps is a way to do Continuous Delivery by using git as a single source of truth for declarative infrastructure and applications.
Meet actual GitOps practitioners in this panel, hear their use cases, challenges, constraints, and which tools they use to execute GitOps. If you’ve been wanting to get started, learn from these actual solutions:

*Automated Helm-based deployments for code and infrastructure changes through Jenkins and GitLab at Palo Alto Networks
*Simplified access control for Kubernetes clusters using Weave Flux at Branch
*Flux, Terraform and Vault, oh my! Unique ways Under Armour leverages GitOps
*GitOps at Scale: Patterns and processes enabling Intuit to manage thousands of applications and repositories, across 100+ clusters using Jenkins and Argo CD

Moderators

Tamao Nakahara

Weaveworks

Juozas Gaigalas is a Developer Experience Engineer at Weaveworks, the creator of GitOps. Juozas works on extensions for the CNCF graduated project, Flux (and its subproject, Flagger).

Speakers

Stefan Prodan

Principal Engineer, Weaveworks

Hubert Chen

Infrastructure Manager, Branch

Hubert manages infrastructure at Branch and has been a long time system administrator. Branch has run Kubernetes in production for three years and uses it as a primary processing platform for ten billion API requests per day. His interests include Kubernetes, distributed systems and... Read More →

Ed Lee

Fellow and Chief Architect of Development Platforms, Intuit

Ed is a Fellow and Chief Architect of Development Platforms at Intuit. Over the past three years, Intuit has increased its development velocity by six fold by platformizing kubernetes, observability and operational excellence, and has plans to increase it by another six fold in the... Read More →

Javeria Khan

Senior Site Reliability Engineer, Palo Alto Networks

Javeria Khan is a Senior SRE, and has been working with Kubernetes for the past 3 years. In her current position, she supports building and maintaining multiple on-prem Kubernetes clusters, along with their CI/CD pipelines. As a part of different infrastructure teams, she has experience... Read More →

KubeCon 2019 GitOps User Stories Panel pdf

Wednesday November 20, 2019 3:20pm - 3:55pm PST
Exhibit Hall AB - San Diego Convention Center Ground Level

CI/CD

Experience Level Beginner (Very basic information)
Session Slides Included Yes

3:20pm PST

Public Technical Oversight Committee (TOC) Meeting – Liz Rice, Aqua Security; Alexis Richardson, Weaveworks; Joe Beda, VMware; Jeff Brewer, Intuit; Michelle Noorali, Microsoft; Matt Klein, Lyft

The Technical Oversight Committee (TOC) provides technical leadership to the cloud-native community. The CNCF will host a public TOC meeting, inviting the community to discuss various agenda items along with holding an open Q&A for the community with TOC members.

Moderators

Chris Anisczcyk

CTO, Linux Foundation (CNCF)

Chris Aniszczyk is an open source executive and engineer with a passion for building a better world through open collaboration. He's currently a CTO at the Linux Foundation focused on developer relations and running the Open Container Initiative (OCI) / Cloud Native Computing Foundation... Read More →

Speakers

Liz Rice

Chief Open Source Officer, Isovalent

Alexis Richardson

CEO & Founder, Weaveworks

Brian Grant

Principal Engineer, Google

Brian is the co-Technical Lead of Google Kubernetes Engine, former co-Chair of Kubernetes SIG Architecture, Kubernetes Steering Committee Emeritus, and CNCF Technical Oversight Committee member. His experience while technical lead of Google's internal container platform, Borg, motivated... Read More →

Michelle Noorali

Senior Software Engineer, Microsoft

Michelle Noorali is a Sr. Software Engineer at Microsoft and was Co-Chair for KubeCon+CloudNativeCon 2017. She is a member of the CNCF Technical Oversight Committee and serves as a developer representative on the CNCF Governing Board. Michelle is also a core maintainer of several... Read More →

Jeff Brewer

Vice President, Chief Architect of the Small Business and Self Employed Group, Intuit

Jeff is Vice President, Chief Architect of the Small Business and Self Employed Group at Intuit. This group is responsible for QuickBooks and its ecosystem. As Vice President, Chief Architect of QuickBooks, Jeff is responsible for the technology strategy of the small business and... Read More →

Matt Klein

Software Engineer, Lyft

Joe Beda

Unemployed Bum

Semi-retired technologist

Wednesday November 20, 2019 3:20pm - 3:55pm PST
Room 5AB - San Diego Convention Center Upper Level

Kale Csatari Is There a Place for Performance Sensitive Workloads in Kubernetes V2 pdf

Experience Level Any

3:20pm PST

Is There a Place for Performance Sensitive Workloads in Kubernetes? - Gergely Csatari & Levente Kale, Nokia

Kubernetes and its ecosystem is used to manage the workload of several big web facing services, serving billions of users every day. But, the same stack is not quite ready to serve the "other" industry delivering the packets to the web-scale users: telecommunication. Due to the nature of the TelCo industry these applications are highly reliable and they must handle realtime media for a high amount of subscribers. There are some areas in the current Kubernetes architecture which are not -yet- ready to fulfill these requirements. This presentation lists these shortcomings, and also proposes various already existing, or new open-source projects needed to build a production-grade, Kubernetes based infrastructure for the edge - like it was done with Akraino Radio Edge cloud.

Speakers

Gergely Csatari

Senior Open Source Specialist, Nokia

Working in the telecom industry in the last two decades it was possible for Gergely to see the evolution from vendor specific hardware to virtualisation and cloud and a to cloud native. Currently Gergely is part of the OSPO team of Nokia CTO which is reponsible for open source. In... Read More →

Levente Kálé

Product architect, Nokia

Passionate cloud architect tirelessly working on marrying 5G with open source, containerization, and cloud-native; both within Nokia and Akraino.Always up for a chat regarding networking and resource management in Kubernetes, or the many challenges of putting TelCo stuff on everyone's... Read More →

Wednesday November 20, 2019 3:20pm - 3:55pm PST
Room 15AB - San Diego Convention Center Mezzanine Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

3:20pm PST

Kubeflow: Multi-Tenant, Self-Serve, Accelerated Platform for Practitioners - Kam Kasravi, Intel & Kunming Qu, Google

The kubeflow platform provides a self-serve multi-tenant platform on k8s for ML developers. Users can train their models using accelerated hardware in an isolated environment. Jobs can be configured and triggered from a notebook with no devops involvement. We leverage optimized libraries such as Intel® DAAL, Intel® MKL-DNN now included in tensorflow 1.14.+. Models can be monitored using Application CR deployed with kubeflow. All attendees can join the demo, create their own workspace and try out features. Attendees will walk away understanding how to run multi-tenancy on Kubernetes with kubeflow.

Highlights:
Self-serve multi-tenant workplace
Workspace owners can share / revoke access
System admin can reset access policy & resource quota per workspace
Multi-tenancy service is transparent to other apps.
A UI is available to simplify user experience.

Speakers

Kunming Qu

Software Engineer, Google

Kunming Qu is a software engineer at Google working on Kubeflow project, a k8s based platform to help developers and enterprises deploy and use ML cloud-natively everywhere. He's been focusing on Kubeflow deployment experience; Identity-Aware integration; multi-tenancy cluster; enabling... Read More →

Kam Kasravi

Senior Software Engineer, Intel

Kam works at Intel and is an early contributor to kubeflow. His focus has been on multi-tenancy, the kfctl/kustomize cli, device/hardware integration and application CR composition. Kam speaking history includes Scala conferences and a number of Kubernetes/Kubeflow related user meetings... Read More →

Kubeflow Multi Tenant, Self Serve, ML Platform pdf

Wednesday November 20, 2019 3:20pm - 3:55pm PST
Room 17AB - San Diego Convention Center Mezzanine Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

3:20pm PST

Birds of a Feather: Telecom User Group - Cheryl Hung & Dan Kohn, Cloud Native Computing Foundation; Taylor Carpenter, Vulk Coop

CNCF hosts the Telecom User Group (TUG) for service providers and their vendors to discuss the adoption of cloud native technologies. The community is invited to join this birds-of-a-feather (BoF) session to discuss the status of various initiatives and white papers in this space as well as ideas, requirements and best practices to continue moving forward.

Speakers

Dan Kohn

General Manager, Linux Foundation Public Health, Linux Foundation

Cheryl Hung

Sr Director, Infrastructure Ecosystem, Arm

Taylor Carpenter

Partner + Factotum, Vulk Coop

Partner at Vulk Cooperative - http://vulk.coop | Lead on CNCF CNF Testbed, Telecom User Group and CNF Conformance initiatives. OpenSource advocate, using Linux since 1994 with the 1.0 release and gnu tools on other unix systems before that. OpsDev geek. Elixir and Ruby programmer... Read More →

CNCF Telecom User Group Kickoff (1) pdf

Wednesday November 20, 2019 3:20pm - 3:55pm PST
Pacific Ballroom, Salon 14-15 - Marriott Marquis San Diego Marina Hotel

Experience Level Any
Session Slides Included Yes

3:20pm PST

Deep Dive: Apps SIG - Janet Kuo, Google & Kenneth Owens, Brex

Kubernetes SIG Apps covers developing, deploying, and operating applications on Kubernetes with a focus on the application developer and application operator experience. In this deep dive, we will look at the general experience for application developers and operators along with specifics of the Workloads API (Deployment, StatefulSet, DaemonSet, Jobs, etc.) and Application CRD. We will also do Workloads controller code walk-through. https://github.com/kubernetes/community/tree/master/sig-apps

Speakers

Janet Kuo

Staff Software Engineer, Google

Janet Kuo is a Staff Software Engineer at Google. She's joined the Kubernetes project since before the 1.0 launch in 2015. She is Kubernetes project maintainer, SIG Apps chair, and KubeCon co-chair emeritus. In her free time, she enjoys traveling and taking photos.

Kenneth Owens

Software Engineer, Snowflake

SIG Chair for SIG Apps. Xoogler. Current FinTech enthusiast. Has been working with containers since Mesos was cutting edge in OSS.

SIG Apps Deep Dive KubeCon NA 2019 pdf

Wednesday November 20, 2019 3:20pm - 3:55pm PST
Pacific Ballroom, Salon 23-24 - Marriott Marquis San Diego Marina Hotel

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

3:20pm PST

Deep Dive: Brigade - Matt Butcher & Kent Rancourt, Microsoft

In this session, we will explore the Brigade architecture, and how it is built to chain together containers and share data between them. We will deep dive on how external events are routed and transformed into jobs, and how Brigade uses JavaScript for more complex scripting and error handling, and differentiate itself to enable scenarios that are extremely difficult to achieve in a purely declarative framework. In the end, we will take a look at how to build custom event gateways, and have a look at the future roadmap.

Speakers

Kent Rancourt

Sr. Software Engineer, Microsoft

Kent is a Senior Software Engineer at Microsoft working primarily on Brigade and various other open source projects within the Kubernetes ecosystem. When he's not coding, Kent enjoys being a dad, hiking, comic books, teaching martial arts, and pub trivia.

Matt Butcher

Principal Software Development Engineer, Microsoft Azure

Butcher rancourt kubecon brigade advanced pdf

Wednesday November 20, 2019 3:20pm - 3:55pm PST
Room 7AB - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

3:20pm PST

Going Beyond the Node – Using VK to Realize Crazy Ideas - Brian Goff & Deep Kapur , Microsoft

Virtual-kubelet is an open source kubelet implementation that allows users to extend Kuberentes in multiple, crazy ways. A couple examples include, a provider to order Dominos pizza, or to spin out workloads to a satellite in space. This talk will go through the inner workings of virtual-kubelet (vk) and how users can build their own providers to leverage the flexibility that vk offers. Contributors to the virtual-kubelet have been working on new features past 1.0, this talk will also give a roadmap of what’s to come. Azure will also share their experiences with writing a provider for virtual-kubelet and the use-cases associated with it.

Speakers

Brian Goff

Senior Software Engineer, Microsoft

Core maintainer on the Moby project.Love GoLove ContainersKube Noob.

Deep Kapur

Program Manager, Microsoft

PM in Azure focused on ACI and serverless container experiences. Talk to me about Virtual Kubelet and Virtual Nodes for AKS clusters!

vk deep dive 2019 pdf

Wednesday November 20, 2019 3:20pm - 3:55pm PST
Room 1AB - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

3:20pm PST

Kubernetes SIG Instrumentation - Deep Dive - Han Kang & David Ashpole, Google

Kubernetes SIG Instrumentation is responsible for ensuring high quality and consistent instrumentation across the Kubernetes project. This deep dive session will go in detail currently ongoing efforts happening within SIG Instrumentation to share with the audience concrete pieces of work to encourage future collaboration. Specifically, we go into our ongoing efforts with the Kubernetes metrics stability framework and discuss our current exploration into adding distributed tracing to Kubernetes objects and their lifecycles. Software engineering and operations are both disciplines practiced in SIG Instrumentation, and any experience will help the special interest group's mission. Join this session to learn how to get involved in SIG Instrumentation to make instrumentation even better!

Speakers

Han Kang

Senior Staff Software Engineer, Google

David Ashpole

Senior Software Engineer, Google

David Ashpole currently works for Google on Kubernetes and OpenTelemetry. He was previously deeply involved in Sig-Node, and drove many enhancements around monitoring and resource management. He is currently co-Tech Lead for Sig-Instrumentation, and is working on adding Distributed... Read More →

SIG Instrumentation Deep Dive pdf

Wednesday November 20, 2019 3:20pm - 3:55pm PST
Room 6D - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

3:20pm PST

Meet the Gears Behind Kubernetes APIs: Introduction to SIG API-Machinery - Federico Bongiovanni, Google

It will be a big overview of the SIG. We will go through several sections, including: - the charter of the SIG, - current SIG structure, - the areas of ownership and the different components that fall under the SIG domain - the regular meetings - places where you could get involved - plans for onboarding programs

Speakers

Federico Bongiovanni

Senior Engineering Manager, Google

Engineering Manager who is passionate about people development and growth, building diverse and inclusive teams, and solving large scale technical challenges. With a large technical background in development, cloud computing at scale, building and running successful teams, and operating... Read More →

KubeCon NA 2019 Intro to SIG API Machinery pdf

Wednesday November 20, 2019 3:20pm - 3:55pm PST
Room 6E - San Diego Convention Center Upper Level

Experience Level Any
Session Slides Included Yes

3:20pm PST

SIG Service Catalog Deep-Dive - Jonathan Berkhahn, IBM & Mateusz Szostok, SAP

Join us for a deep dive into how Kubernetes Service Catalog works behind the scenes. Starting with a quick overview of the architecture of Service Catalog, we'll also cover the operation of the Open Service Broker API that underpins Service Catalog. We'll cover some of the challenges we faced while bridging the different processing models between Kubernetes and the Open Service Broker API, and we will then look at more advanced scenarios and new features from the perspective of cluster operators, application developers and helm chart authors. You’ll come away with a solid understanding of how Service Catalog works and recommended workflows and practices for using it. Finally, if you're interested in contributing or using Service Catalog, come meet the maintainers and learn how!

Speakers

Jonathan Berkhahn

Senior Software ENgineer, IBM

Mateusz Szostok

Senior Software Engineer, SAP

Service Catalog Deep Dive pdf

Wednesday November 20, 2019 3:20pm - 3:55pm PST
Pacific Ballroom, Salon 25-26 - Marriott Marquis San Diego Marina Hotel

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

3:20pm PST

SIG Usability: Deep Dive - Vallery Lancey, Lyft

SIG Usability is a new Kubernetes special interest group focused on the end user experience of using Kubernetes, from initial adoption to day to day ops. Join us at this session to do a deep dive into what we've been up to, and where we're going.

Speakers

Vallery Lancey

Infrastucture Software Engineer, Lyft

KubeCon NA2019 SIG Usability Deep Dive 2 pdf

Wednesday November 20, 2019 3:20pm - 3:55pm PST
San Diego Ballroom A - Marriott Marquis San Diego Marina Hotel

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

3:20pm PST

How to Include Latency in SLO-based Alerting - Björn Rabenstein, Grafana Labs

Chapter 5 of “The Site Reliability Workbook” is an excellent study of how to create meaningful alerts based on SLOs by measuring the rate at which the error budget is burned over different time windows. This rather complex approach is blissfully straight-forward to implement in Prometheus, as demonstrated in the chapter itself. However, all of it is based on error rates, leaving latency concerns out of scope. Björn “Beorn” Rabenstein will explore various options of applying the same ideas to latency-based SLOs. The foundation is a precise and meaningful definition of the SLO. From there, Beorn will explore various techniques to translate the SLO into an error budget and how to measure its burn rate with Prometheus. Once that is done, creating error-budget-based alerts is relatively simple. There are, however, pitfalls and trade-offs along the way, which Beorn will help cope with.

Speakers

Björn Rabenstein

Engineer, Grafana Labs

Björn “Beorn” Rabenstein is an engineer at Grafana Labs and a Prometheus developer. Previously, he was a Production Engineer at SoundCloud, a Site Reliability Engineer at Google, and a number cruncher for science.

slides pdf

Wednesday November 20, 2019 3:20pm - 3:55pm PST
Room 16AB - San Diego Convention Center Mezzanine Level

[KubeCon San Diego 2019] To Infinite Scale and Beyond Operating Kubernetes Past the Steady State pdf

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

3:20pm PST

To Infinite Scale and Beyond: Operating Kubernetes Past the Steady State - Austin Lamon, Spotify & Jago Macleod, Google

Operating large distributed systems at significant scale is challenging. Most discussions focus on scalability either at a single point in time under sustained load, or explore challenges related to changes in incoming traffic.

But running distributed systems at scale is about more than steady states and transitions between them. What is equally challenging and tends to get overlooked are the operational challenges of running at scale: upgrading many and/or large clusters; deploying applications to and across multiple clusters in a reasonable way; balancing freedom and consistency across multiple teams. In this case study, Google and Spotify share some of the challenges of running Kubernetes at Scale, together with concrete solutions, patterns, and common pitfalls we have found together. Intended for cluster operators and developers from organizations of any size and on any provider.

Speakers

Jago Macleod

Engineering Director, Google

Jago Macleod is an Engineering Director at Google, where he is responsible for much of Google’s investment in Kubernetes, including productization through GKE, GDC, and Anthos. In this role since 2017, Jago has had the privilege of leading the ‘Kubernetes Kernel’ team, including... Read More →

Austin Lamon

Group Product Manager, Spotify

Austin Lamon is a software engineer turned product manager who is passionate about building scalable & resilient products that delight developers & customers. He currently leads product for Spotify's Core Infrastructure team in Stockholm and New York building the service platform... Read More →

Wednesday November 20, 2019 3:20pm - 3:55pm PST
Pacific Ballroom, Salon 20-22 - Marriott Marquis San Diego Marina Hotel

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

3:20pm PST

How Container Networking Affects Database Performance - Tyler Duzan & Vadim Tkachenko, Percona

Through benchmarks, Percona Labs explores the effects of different container networking drivers used in Kubernetes when hosting database workloads. For this talk, we will perform benchmarks using Percona's PXC Operator deploying a 3-member PXC MySQL cluster on top of Kubernetes and use our standard database benchmarking stack with TPCC and Sysbench to analyze query throughput and replication performance as affected by our choice of networking driver. Drivers we'll test will be CNI core plugins, Flannel, Cilium, Calico, Kube-Router, and the new Red Hat SR-IOV driver. This Dual Presentation (35 minutes) will address our benchmark methodology and results, as well as recommendations regarding networking and tuning database performance on Kubernetes with a focus on MySQL. Both speakers are experts on this topic, and Vadim co-authored "High Performance MySQL", now in its 3rd Edition.

Speakers

Vadim Tkachenko

CTO, Percona

Vadim Tkachenko co-founded Percona in 2006 and serves as its Chief Technology Ocer. He leads Percona CTO Labs, which focuses on technology research and performance evaluations of Percona and third-party products, designing hardware, lesystems, storage engines, and databases that surpass... Read More →

Tyler Duzan

Product Manager, Percona

Tyler Duzan joined Percona in 2017 as a Product Manager and has lead their MySQL software and Cloud technology initiatives since, including the recent GA launch of Percona's Kubernetes operators for their Percona Server for MongoDB and Percona XtraDB Cluster database server products... Read More →

KubeCon NetworkingDatabasesBenchmark edited pdf

Wednesday November 20, 2019 3:20pm - 3:55pm PST
Room 6F - San Diego Convention Center Upper Level

Mitigating Noisy Neighbors Advanced Container Resource Management 2019 11 11 v0.9 pdf

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

3:20pm PST

Mitigating Noisy Neighbours: Advanced Container Resource Management - Alexander Kanevskiy, Intel

In large clusters, some applications attempt to consume a majority of shared resources. These "noisy neighbours" cause performance degradation for other workloads in the cluster. At this time, Kubernetes has mechanisms to mitigate this behaviour for CPU and memory only. This talk discusses methods for extending fine-grained resource control on other shared resources, such as block and PCIe I/O, shared CPU caches, and others. It demonstrates how to utilize extensibility points of CRI-O and containerd runtimes to achieve fine-grained resource control. The talk also presents an approach for evolving this method into an extensive and fully dynamic resource management solution for Kubernetes.

Agenda
- Problem Statement: different types of "noisy neighbours"
- Resource management on kernel, OCI, and Kubernetes levels
- Stitching the pieces together: dynamic container resource management

Speakers

Alexander Kanevskiy

Principal Engineer, Cloud Software, Intel

Alexander is currently employed by Intel as Principal Engineer, Cloud Software, focusing on various aspects in Kubernetes: Resource Management, Device plugins for hardware accelerators, Cluster Lifecycle and Cluster APIs. Alexander has over 25+ years of experience in areas of Linux... Read More →

Wednesday November 20, 2019 3:20pm - 3:55pm PST
Hall D - San Diego Convention Center

On the Security of Copying From and To Containers (KubeCon US) pdf

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

3:20pm PST

On the Security of Copying To and From Live Containers - Ariel Zelivansky & Yuval Avrahami, Palo Alto Networks

Nowadays mature container platforms (such as Docker, Kubernetes and LXD) provide users a way to extract files from a running container. There are several different design approaches for implementing such a copy feature. In this talk, Yuval and Ariel will present the ups and downs of the different implementations with a focus on security and possible vulnerabilities.

Throughout the presentation, different vulnerabilities that affected the major container engines will be reviewed. A live proof of concept of a vulnerability in the Docker copy command will be presented.

Speakers

Ariel Z

Director, Security Research, Palo Alto Networks

Ariel is a security researcher and the head of research at Twistlock, dealing with hacking and securing anything related to containers.

Yuval Avrahami

Principal Security Researcher, Palo Alto Networks

Yuval Avrahami is a principal security researcher at Palo Alto Networks, dealing with hacking and securing anything related to containers and cloud. Yuval found and disclosed numerous vulnerabliites across the cloud-native landscape, including container breakouts, Kubernetes CVEs... Read More →

Wednesday November 20, 2019 3:20pm - 3:55pm PST
Room 11AB - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

3:20pm PST

OpenFaaS Cloud + Linkerd: A Secure, Multi-Tenant Serverless Platform - Charles Pretzer, Buoyant & Alex Ellis, OpenFaaS, LTD

In this talk, maintainers of the OSS projects OpenFaaS and Linkerd discuss and demonstrate combining the features of each to build a scalable and secure multitenant serverless platform.
OpenFaaS is a lightweight serverless platform built on Docker and k8s. Linkerd is an ultralight service mesh for k8s. The projects share philosophy around simplicity, ease of use, speed, and low resource impact. OpenFaaS was designed for small teams and tackled multitenancy by creating OpenFaaS Cloud to layer on top. Scaling for multitenancy requires more robust networking, encryption, detailed metrics, and load-balancing strategies than Kubernetes L4 can offer.
Linkerd fits because it provides the features listed above required for scaling multitenancy while remaining focused on simplicity, security, and performance as a part of a modular platform built around OpenFaaS.

Speakers

Alex Ellis

Founder, OpenFaaS Ltd

Alex is a respected expert on serverless and cloud native computing. He founded OpenFaaS, one of the most popular open-source serverless projects, where he has built the community via writing, speaking, and extensive personal engagement. As a consultant and CNCF Ambassador, he helps... Read More →

Charles Pretzer

Field Engineer, Buoyant, Inc.

Charles Pretzer is a field engineer at Buoyant, where he spends his time collaborating and engaging with the open source community of the CNCF service mesh, Linkerd. He also enables production level adoption by helping companies integrate Linkerd into their Kubernetes based applications... Read More →

openfaas cloud linkerd 19 nov pdf pdf

Wednesday November 20, 2019 3:20pm - 3:55pm PST
Room 14AB - San Diego Convention Center Mezzanine Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

3:20pm PST

Storage on Kubernetes - Learning From Failures - Hemant Kumar & Jan Šafránek, Red Hat

Using persistent storage with Kubernetes has been continuously improved with each release, but getting where we are was not easy. In this talk, we are going to cover a series of war stories and failure scenarios. We will talk about bugs (or design) that resulted in data loss, file system corruption, or storage simply refusing to come up. The limitations of storage subsystems, both what it can and can not do, will also be discussed

These failures have led to numerous enhancements in Kubernetes. We will review the lessons these failures have provided, and discuss how they have been vital to improving our handling of the storage subsystem.

Speakers

Jan Šafránek

Software Engineer, Red Hat

Jan is a Senior Principal Software Engineer at Red Hat working on storage aspects of Kubernetes. He started developing Kubernetes more than 8 years ago, and is one of the founding members of SIG-Storage. He’s the author of PersistentVolume controller, dynamic provisioning and StorageClass... Read More →

Hemant Kumar

Principal Software Engineer, Red Hat

Hemant is a Principal Software Engineer at Red Hat working on storage subsystem of Kubernetes. He is a member of SIG-Storage and author of persistent volume expansion, volume limits, mount options and various instrumentation bits in storage subsystems of Kubernetes. He is also a maintainer... Read More →

slides pdf

Wednesday November 20, 2019 3:20pm - 3:55pm PST
Ballroom Sec 20AB - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

Sergey Vasilyev

Senior Backend Engineer, Zalando SE

Sergey is a Senior Backend Engineer working at Zalando SE. His experience with Kubernetes includes migrating the data processing and sales forecasting pipelines from raw AWS and Zalando STUPS to Kubernetes (including the Kubernetes operators and custom resources to orchestrate in... Read More →

KubeCon San Diego 2019 Kopf FINAL pdf

Wednesday November 20, 2019 4:25pm - 5:00pm PST
Hall D - San Diego Convention Center

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

4:25pm PST

Cruise’s Self-Driving Networking Journey - Bernard Van De Walle & Can Yucel, Cruise

Through its exponential growth, the Platform team at Cruise experienced a networking self-driving journey. We scaled our network across numerous clusters, multiple tenants, and multiple thousands of new pods instances a day.

We will take you on a tour of our architecture and you will get a better understanding of how we choose to configure our network and security in order to support Kubernetes loads across multiple regions and multiple environments. We will specifically showcase how we do this on a public cloud (GCP) even though similar results could be achieved on-prem.

You will come out of this session with concrete examples on what it takes to build your network and security needs for internal tenants at scale while keeping internal stakeholders happy (Platform, security and networking).

Speakers

Can “Jon” Yucel

Senior Software Engineer, Cruise

Can “Jon” Yucel is a software engineer and technical lead of the PaaS Traffic team at Cruise with the primary focus of internal/external/multi-cluster load balancers, service meshes, hybrid DNS and platform level networking.

Bernard Van De Walle

Principal traffic engineer, Splunk

Bernard is a traffic engineer at Splunk. He is leading the Istio and service Mesh efforts as part of the traffic engineering team. Before this, Bernard had experiences with operations for large scale deployments of Kubernetes and reverse proxies such as Envoy and Nginx.

KubeCon networking Jon Bernard (1) pdf

Wednesday November 20, 2019 4:25pm - 5:00pm PST
Room 11AB - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

4:25pm PST

Developer Experience on CD: Build a CD Platform to K8s that Developers Love - Euccas Chen & Tobi Ogunnaike, Pinterest

Application Deployment on K8S can be quite convoluted, especially for an organization that operates thousands of microservices. Pinterest is a visual discovery engine that serves over 250MM users.
For successful adoption of K8S, it is imperative to provide a well integrated self-serve CI/CD platform that abstracts K8S complexities & offers a simple path of migration for existing workloads. This talk will discuss how we build a Continuous Delivery system for Kubernetes at Pinterest, and how we help engineering teams to deploy and migrate their services onto Kubernetes.
Topics include:

Kubernetes and deployments at Pinterest
Introducing Hermez and the Continuous Delivery experience on K8S
How do we design and build the CD system, and lessons we learned
Our journey of onboarding and migrating services to the new CD system and K8S

Speakers

Euccas Chen

Software Engineer, Pinterest

Euccas Chen is a software engineer at Pinterest. As an engineer on the core infrastructure team, she worked on the design and implementation of Pinterest’s continuous delivery platforms, including Teletraan and Hermez. She is passionate about cloud native development and improving... Read More →

Tobi Ogunnaike

Software Engineer, Pinterest

Product engineer building the future of CI/CD at Pinterest. Previously, I designed and built core features on the foundational systems at Pinterest that solve the problems of infrastructure ownership and infrastructure governance. I'm thrilled whenever I see web apps with intuitive... Read More →

CDonK8sAtPinterest pdf

Wednesday November 20, 2019 4:25pm - 5:00pm PST
Ballroom Sec 20CD - San Diego Convention Center Upper Level

CI/CD

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

4:25pm PST

A Toolkit for Simulating Kubernetes Scheduling at Scale - Yuan Chen, JD.com

As Kubernetes becomes the de facto standard for container orchestration, new scheduling algorithms and systems are made for different scenarios and workloads. Unfortunately, it is very time and cost consuming to evaluate new schedulers or features in real K8S clusters at scale. We present a simulation toolkit, which can simulate large-scale K8S clusters and scheduling using a single machine plus a small number of containers. The simulator runs a real K8S master and schedules pods according to event traces generated from real K8S clusters. It provides a complete set of metrics, including resource utilization, detailed scheduling trace and performance metrics, enabling developers to evaluate the scheduling behavior and performance with a reasonable amount of confidence. We have used the toolkit extensively to optimize the scheduler for large scale K8S clusters (~10K nodes) at JD.com.

Speakers

Yuan Chen

Principal Software Engineer, NVIDIA

Yuan Chen is a Principal Software Engineer at Nvidia. Before joining Nvidia, Yuan served as a staff software engineer at Apple, where he contributed to the development of Apple's Kubernetes infrastructure beginning in 2019. Yuan has actively contributed to the Kubernetes projects... Read More →

KubeCon JoySim pdf

Wednesday November 20, 2019 4:25pm - 5:00pm PST
Room 15AB - San Diego Convention Center Mezzanine Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

4:25pm PST

Realizing End to End Reproducible Machine Learning on Kubernetes - Suneeta Mall, Nearmap

Industry adaptation of data-science has grown rapidly in the last few years. The probabilistic nature of this space requires the right tools and techniques to ensure that the answers produced are reliable. Models are derived from data, which is almost always evolving, massive (as in deep-learning), and requiring clean-up and pre-processing before use. Reproducibility, reporting, tracking and management around the tasks of 1) data - collection, pre-processing, often feature engineering and 2) model – training, tuning, evaluation and serving are essential.

With tools such as Pachyderm, Kubeflow, Katib, ModelDB, Seldon and Argo, an automated end-to-end reproducible machine learning framework can be built on Kubernetes. This talk will detail how the aforementioned tools can be used to build an automated, reproducible machine learning framework.

Speakers

Suneeta Mall

Head of AI Engineering, Harrison.ai

Reproducible ML on k8s Suneeta Mall KubeCon US 2019 pdf

Wednesday November 20, 2019 4:25pm - 5:00pm PST
Room 16AB - San Diego Convention Center Mezzanine Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

4:25pm PST

Deep Dive: Contributor Experience SIG - Christoph Blecker, Red Hat & Nikhita Raghunath, Loodse

In this 30 minute session, we will speak about our automation and contributor flow roadmap and highlight ways for you to get involved with creating a smooth experience for contributors of all levels.

Speakers

Nikhita Raghunath

Software Engineer, Loodse

Nikhita is a software engineer at Loodse and is a core contributor to Kubernetes. She is on the Kubernetes Steering Committee, a CNCF Ambassador, and the technical lead for SIG Contributor Experience.

Wednesday November 20, 2019 4:25pm - 5:00pm PST
San Diego Ballroom A - Marriott Marquis San Diego Marina Hotel

Experience Level Intermediate (Mid-level experience)

4:25pm PST

Deep Dive: Kind - Benjamin Elder, Google & Antonio Ojea Garcia, SUSE

Kind makes running kubernetes in docker look and feel as easy and simple as you would hope it to be. Our relentless focus on speed and simplicity to optimize for the local developer experience has taught us a number of things about the internals of kubernetes and its many components as we work toward 1.0. Let's look back at some of the challenges we've had to tackle, and discuss the challenges ahead on the road to 1.0.

Speakers

Benjamin Elder

Software Engineer, Google

Ben first worked on Kubernetes around the 1.0 launch, implementing the initial version of the iptables kube-proxy for Google Summer of Code 2015. He later started working full time on Kubernetes in the summer of 2017, focusing on the test-infra, local clusters, build, and test with... Read More →

Antonio Ojea

Software Engineer, Google

Antonio Ojea is a Software Engineer at Google, where he works on Kubernetes. He is one of the top contributors of the Kubernetes project, with a stronger presence on the areas of networking and reliability. He has a vast experience in Open Source, networking and distributed systems... Read More →

Wednesday November 20, 2019 4:25pm - 5:00pm PST
Room 5AB - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)

4:25pm PST

Deep Dive: Linkerd - Oliver Gould, Buoyant

In this session, Oliver Gould, will focus on lessons learned, how to's, and what the future of Linkerd holds.

Speakers

Oliver Gould

CTO, Buoyant, Inc.

Oliver is the CTO & co-founder of Buoyant, where he leads engineering. Prior to founding Buoyant, he was a staff infrastructure engineer at Twitter, where he led the Observability, Traffic, and Configuration & Coordination teams---projects essential to Twitter's adoption of a modern... Read More →

Linkerd Deep Dive 2019 pdf

Wednesday November 20, 2019 4:25pm - 5:00pm PST
Room 14AB - San Diego Convention Center Mezzanine Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

4:25pm PST

Fluent Bit: Logging and Data Processing on the Edge - Eduardo Silva, Arm Treasure Data & Masoud Koleini, Arm

Fluent Bit is a Fluentd sub-project that aims to solve hard data challenges in the cloud space. On this deep dive session, we will talk about its architecture, how data workflows operate and the ability to perform advanced data transformation. Also, we will demonstrate the new ability to perform Stream Processing on the Edge.

Speakers

Eduardo Silva

Principal Engineer, Arm Treasure Data

Eduardo is a Principal Engineer at Arm Treasure Data, he is the author and maintainer of Fluent Bit Log Processor, a CNCF sub-project under the umbrella of Fluentd. He is an international speaker in Open Source conferences, he has participated in Scale California, LinuxConf AU, Linux... Read More →

Masoud Koleini

Research Software Engineer, Arm

Wednesday November 20, 2019 4:25pm - 5:00pm PST
Pacific Ballroom, Salon 23-24 - Marriott Marquis San Diego Marina Hotel

Experience Level Intermediate (Mid-level experience)

4:25pm PST

Helm 3 Deep Dive - Taylor Thomas, Microsoft Azure & Martin Hickey, IBM

It has landed. Helm v3 has released! For many people this has been a highly anticipated release, longing for the removal of Tiller. Helm v3 however is more than just this. In this session, you will learn about the new features and the new architecture to support these features. We will discuss the architecture and how the CLI and library has changed to improve usability We will also look at other features like the additions to charts and the new client security model. Worried about migration? That’s covered too!

If this whets your appetite then this is the talk for you, especially if you are deep down the highway to Helm. Come along and join the discussion about the new Helm release.

Speakers

Martin Hickey

Senior Technical Staff Member, Open Technologies, IBM

Martin Hickey is a Senior Technical Staff Member and an Open Source strategic leader at IBM. He has been contributing to various Open Source projects, most notably, Kubernetes, Helm, OpenTelemetry, OpenStack, and the Elastic community. Martin is a core maintainer of the Helm project... Read More →

Taylor Thomas

Director of Engineering, Cosmonic

Taylor Thomas is an Engineering Director working on WebAssembly platforms at Cosmonic. He actively participates in the open source community and is one of the creators of Krustlet and Bindle. He is currently core maintainer of wasmCloud, Bindle, and Krustlet. He is a regular speaker... Read More →

helm3 deep dive pdf

Wednesday November 20, 2019 4:25pm - 5:00pm PST
Exhibit Hall AB - San Diego Convention Center Ground Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

4:25pm PST

Intro to the CNCF SIG Storage - Quinton Hoole, Futurewei & Alex Chircop, StorageOS

The CNCF SIG Storage (https://github.com/cncf/sig-storage) collaborates to explore and understand how different storage technologies are used in cloud-native environments. Topics include block stores, file systems, object stores, key-value stores and databases, amongst others. Different architectural approaches (centralized, distributed, sharded etc) are compared in terms of key attributes like availability, scalability, performance, data consistency, durability, fault tolerance, ease of development and operational complexity.

In the intro, we'll provide an overview of the work currently underway and on the roadmap. You'll get the meet the people leading these efforts, and find out how best to get involved and contribute.

We'll present our work thus far, and host discussions around the findings of our recent end-user surveys covering how cloud native storage is approached in the real world, including some representative successes and failures. Our hope is that others can learn from, and expand upon those experiences.

Speakers

Alex Chircop

Chief Product Architect, Akamai

Chief Product Architect at Akamai. Previously a founder and CTO of Ondat (formerly StoraeOS), building software defined solutions for cloud native environments. Alex is also a co-chair of the CNCF Storage TAG (previously SIG). Before embarking on the startup adventure he spent over... Read More →

Quinton Hoole

Technical Vice President, FutureWei

Quinton is currently Technical Vice President of Cloud Computing at FutureWei. Previously he spend five years at Google, where he was an Engineering Lead on the Kubernetes team, and Technical Lead and Manager of Ads Serving SRE. He was also the founding engineer of the Amazon EC2... Read More →

Wednesday November 20, 2019 4:25pm - 5:00pm PST
Room 7AB - San Diego Convention Center Upper Level

Monitoring, the Prometheus Way KubeCon San Diego, November 2019 pdf

Experience Level Any

4:25pm PST

Intro: Prometheus - Matt Layher, Fastly & Ganesh Vernekar, Grafana Labs

Prometheus is an open-source monitoring system and time series database. It features a multi-dimensional data model with a powerful query language and integrates many aspects of systems and service monitoring: from the instrumentation of services over the collection and storage of metrics data, all the way to dashboarding and alerting. Native support for various service discovery mechanisms also make it particularly suitable for dynamic cloud-based environments. In this introduction, members of the Prometheus team explain the architecture of Prometheus and show its advantages over traditional monitoring systems.

Speakers

Matt Layher

Software Engineer, Fastly

Matt Layher is a Distributed Systems Engineer at Fastly, a member of the Prometheus team, and a regular contributor to a wide variety of open source networking applications and libraries written in Go.

Ganesh Vernekar

Software Engineer, Grafana Labs

Ganesh Vernekar is a Prometheus team member and recently graduated from IIT Hyderabad on Aug 2019. He started his dev journey with web at IITH in his early years and has been with Prometheus since he did GSoC in 2018. Currently hacking with Prometheus and Cortex at Grafana Labs. In... Read More →

Wednesday November 20, 2019 4:25pm - 5:00pm PST
Pacific Ballroom, Salon 20-22 - Marriott Marquis San Diego Marina Hotel

Session Slides Included Yes

4:25pm PST

SIG Cloud Provider Deep Dive - Walter Fender, Google & Yassine Tijani, VMware

The long-term goal of SIG Cloud Provider is to promote a vendor-neutral ecosystem for our community. New vendors providing support for Kubernetes should feel equally empowered to do so as any of today’s existing cloud providers. More importantly, SIG Cloud Provider is focused on ensuring a consistent and high-quality user experience across providers. This deep dive will focus on the efforts to finalize the removal of cloud-specific code from the Kubernetes code base and develop a migration strategy for in-tree to external providers. This session will also cover the evolving SIG governance structure following from the merging of individual cloud provider SIGs as working groups under SIG Cloud Provider, as well as any other major topics raised by the cloud provider community.

Speakers

Yassine TIJANI

Member of Technical Staff, VMware

Yassine is a Member of Technical Staff at VMware. He's been working on kubernetes since 2017 as an active member on several SIGs and author of several design proposals. He’s also been operating Kubernetes clusters ranging from small to large sizes for years.

Walter Fender

Software Developer, Google

Graduated from U.C. Berkeley. Working at Google and on Kubernetes API Machinery, Cloud Provider and Node for three years.

San Diego 2019 SIG CP Deep Dive pdf

Wednesday November 20, 2019 4:25pm - 5:00pm PST
Pacific Ballroom, Salon 25-26 - Marriott Marquis San Diego Marina Hotel

2019 11 NA Kubecon Debugging Live Applications in Kubernetes pdf

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

4:25pm PST

Debugging Live Applications the Kubernetes Way: From a Sidecar - Joe Elliott, Grafana Labs

Linux features a number of powerful debugging tools that give us insight into how our applications run in a real environment. Through live demonstration this session will present a straightforward way to begin debugging applications in a Kubernetes native way: from a sidecar. Sidecars offer a low impact way of profiling applications without installing packages or making messy changes to your nodes.

The techniques demonstrated will include recording LTTng events, cpu profiling, generating Flame Graphs and dynamic tracing with BCC. These techniques will be performed against a .NET Core sample application, but that will not be the focus of the session.

Speakers

Joe Elliott

Backend Engineer, Grafana Labs

Joe Elliott is a Backend Engineer at Grafana Labs. Since Kubernetes 1.5 he has been building and maintaining microservice platforms on AWS for development teams to deploy their applications. Joe maintains several open source applications in github that publish metrics, manage Grafana... Read More →

Wednesday November 20, 2019 4:25pm - 5:00pm PST
Ballroom Sec 20AB - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

4:25pm PST

Wait, People Run Kubernetes on Mainframes? - Elizabeth K. Joseph, IBM

When you think of container orchestration mainframes probably aren't the first thing that come to mind.

But modern mainframes run Linux as a first class citizen and KVM can be used for virtualization, opening a whole world of open source tooling integration via libvirt and related virtualization tooling. The careful observer may have already discovered that the mainframe architecture (s390x) is one of the architectures that's built for every Kubernetes release.

How did this come to be? Who uses these mainframe builds of Kubernetes? Why would you run a distributed container orchestration service on a platform that's a symbol of the monolith we're looking to leave? Drawing upon my work with distributed systems and containers, including time spent on OpenStack, Apache Mesos and Kubernetes, and my new experience with mainframes, this talk answers all of those questions and more.

Speakers

Elizabeth Joseph

Developer Advocate, IBM

Elizabeth K. Joseph is a Linux systems administrator turned developer advocate for IBM Z where she works with the community to explore Linux workloads on mainframes. She has previously worked on distributed systems, including OpenStack and Apache Mesos, and has written books on Ubuntu... Read More →

Kubernetes on Mainframes KubeCon NA 2019 pdf

Wednesday November 20, 2019 4:25pm - 5:00pm PST
Pacific Ballroom, Salon 14-15 - Marriott Marquis San Diego Marina Hotel

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

4:25pm PST

Throttling: New Developments in Application Performance with CPU Limits - Dave Chiluk, Indeed

Are you seeing excessively long tail response times from your applications running on containerized clouds (Kubernetes, Docker, Marathon)? Have you ever seen an application be throttled even though it’s no where near its CPU limit?

Up till now, the answer has always been simply turn off hard-limits, but that has potentially nasty performance implications in shared environments. Now there's another option! This session will explain the real root cause of what has been happening. We'll introduce the kernel mechanisms that Kubernetes and other Container Orchestrators rely on to enforce CPU limits. We'll then show how they were broken, how we fixed them, and what those changes mean for you and your clouds.

By the end of this session you'll understand exactly what you are getting when you set the CPU limits on your pods.

Speakers

Dave Chiluk

Linux Platform Software Engineer, Indeed

Dave is a Linux Platform Software Engineer at Indeed. He works closely with the DevOps and Site Reliability teams improving reliability, scalability, and performance across Indeed’s hybrid cloud. He has commits in the mainline kernel and has numerous fixes to stable kernels. He’s... Read More →

Kubecon Throttling pdf

Wednesday November 20, 2019 4:25pm - 5:00pm PST
Room 17AB - San Diego Convention Center Mezzanine Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

4:25pm PST

Let's Try All the CRI Runtimes: Part 2: Answering the Why Question! - Phil Estes, IBM

In Barcelona, we raced through seven different container runtime setups from Docker to cri-o to containerd--including interesting projects like AWS's Firecracker, Kata containers and gVisor. For each we demonstrated how to allow Kubernetes to use each one of them using either RuntimeClass or standard kubelet CRI configuration parameters and then gave a quick highlight of their feature set, maturity, and usage in the ecosystem.

While we successfully demo'd each runtime, we didn't have time to assess each of them with regards to the "why?" question: why would an operator or user choose one of these runtimes? In this "Part 2" talk we will take the time to walk back through each runtime, cover updates to the project since May, look at performance and security characteristics, and answer the why question for each one!

Speakers

Phil Estes

Principal Engineer, AWS

Phil is a Principal Engineer for Amazon Web Services (AWS), focused on core container technologies that power AWS container offerings like Fargate, EKS, and ECS.Phil is currently an active contributor and maintainer for the CNCF containerd runtime project, and participates in the... Read More →

All The CRI Runtimes KubeCon Part 2 pdf

Wednesday November 20, 2019 4:25pm - 5:00pm PST
Room 1AB - San Diego Convention Center Upper Level

Redesigning Notary in a Multi Registry World Kubecon 2019 pdf

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

4:25pm PST

Redesigning Notary in a Multi-registry World - Justin Cormack, Docker

Notary, used to secure container image updates, is the most widely adopted implementation of the TUF protocol. However, since Notary’s design around Docker Hub in 2015, container registries have proliferated and some of the design decisions don’t support the needs of a multi-registry world. This talk looks at redesigning the model to allow portability of container images between registries with signature data stored alongside the image data allowing it to be pushed and pulled alongside the image. This reworking of Notary will enable easier portability of images, and improve supply chain security by enabling mirrors and users of mirrors to validate image data, allowing users to easily work with cloud and local registries, offline caches and other common architectures.

Speakers

Justin Cormack

Chief Technology Officer, Docker, Inc

Justin is the CTO at Docker, and a member of the CNCF TOC. He has spent a lot of time working on security in the container ecosystem. He is a maintainer on the Notary project for container security.

Wednesday November 20, 2019 4:25pm - 5:00pm PST
Room 6E - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

4:25pm PST

Scaling Your Cluster (Both Ways) - Scott Coulton & Patrick Chanezon, Microsoft

Kubernetes has many ways to scale your workloads, most of what we hear about is scaling our cluster up with either with vm sets or autoscaling groups. There is another way, in this talk we will look at virtual kubelet. Virual Kubelet will allow us to talk to a cloud providers container as a service platform like ACI, fargate or ECI. We will deep dive into how you can scale your applications across virtual kubelet. One issue is the kubernetes service type has is scaling to zero due to the way routing to the pod happens if there is no pod for the service to route too. Scaling our applications to zero is just as important and scaling up. We will look at projects that integrate with the horizontal pod autoscaler that fix this issue. Allowing us to not only scale our applications up but as easily down to make our cluster truly elastic.

Speakers

Patrick Chanezon

Principal Cloud Advocate, Microsoft

Patrick Chanezon is Principal Cloud Advocate at Microsoft, helping Azure be the cloud you love. Previously, at Docker Inc., he helped to build Docker, the world’s leading software container platform, for developers and sysadmins. Software developer and storyteller, he spent 10 years... Read More →

Scott Coulton

Cloud Developer Advocate, Microsoft

Cloud Developer Advocate at Microsoft

Wednesday November 20, 2019 4:25pm - 5:00pm PST
Room 6F - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)

4:25pm PST

Kubernetes Storage Cheat Sheet for VM Administrators - Manu Batra & Jing Xu, Google

Getting started in containers and Kubernetes can be daunting, especially when coming from the Virtual Machines world. The differences in storage models adds to the confusion. This session will explain the storage and data management differences between Virtual Machines and Containers. Specifically we will focus on:

- Translating the VM terminology and challenges to the Kubernetes container world.
- Drawing architectural parallels between the two approaches including storage operations and communication fundamentals.
- Discouraging the impulse to tackle storage problems the same way on Kubernetes as was done in the VM world.

You will leave this talk with an understanding of how storage works in Kubernetes ecosystem, with parallels to VM/hosts storage terminology, architecture, and operations.

Speakers

Jing Xu

Software Engineer, Google

Jing Xu obtained her Ph.D. from Electrical and Computer Engineering Department, University of Florida in May 2011. After graduation, she had been a lecturer in School of Computer Science in Florida International University for about 4 years. She moved to Bay area in late 2014 and... Read More →

Manu Batra

Product Manager, Google

Manu Batra is Product Manager at Google driving product strategy and delivery for Anthos, Kubernetes Storage and Container Data Protection. In prior roles he’s working across startup and enterprise companies building storage & infrastructure management software.

Wednesday November 20, 2019 4:25pm - 5:00pm PST
Room 6C - San Diego Convention Center Upper Level

Experience Level Beginner (Very basic information)

5:20pm PST

Use Your Favorite Developer Tools in Kubernetes With Telepresence - Abhay Saxena, Datawire

Are you new to building cloud-native applications? As an engineer, it can be a tough transition if you're used to a quick inner development loop. With the overhead of image build/push/pull, the ability to see your code changes in action immediately probably seems impossible. But Telepresence can help! And it works well with many of the tools you're using already.

In this talk Abhay Saxena will demonstrate how to use Telepresence with some popular IDEs and debuggers, including VSCode for Node and Rust services, IntelliJ for a Java service, as well as some command-line examples with Delve for a Go service and Pdb for a Python service. Abhay will also look at how to get Telepresence to play well with Kubernetes client libraries and sidecar containers.

Speakers

Abhay Saxena

Principal Software Engineer, Datawire

Abhay Saxena is a Principal Software Engineer at Datawire where he is working on building open source tools for developers that are adopting or using microservices. He is currently the lead engineer on Telepresence, an open source tool for local development of Kubernetes microservices... Read More →

Use Your Favorite Developer Tools With Telepresence pdf

Wednesday November 20, 2019 5:20pm - 5:55pm PST
Exhibit Hall AB - San Diego Convention Center Ground Level

Experience Level Beginner (Very basic information)
Session Slides Included Yes

5:20pm PST

Education as a Service: Containerization and Orchestration of CS50 IDE - Kareem Zidane & David J. Malan, Harvard University

CS50 is Harvard University's introductory course in computer science, freely available as OpenCourseWare, with hundreds of students on campus and more than one million registrants online. So that students have a uniform environment with which to begin programming (without client-side technical difficulties in the way), the course provides CS50 IDE, a free, cloud-based solution.

To minimize cost and avoid homegrown orchestration of VMs, the course transitioned to pods, one container per student. But the migration was not without challenges. How to provide users with ephemeral containers but persistent storage? How to proxy arbitrary ports to students' own web services? And, ultimately, how to provide students with the abstraction of their own machine, without k8s-specific implementation details clouding their own understanding thereof? In this talk, CS50's own solutions thereto.

Speakers

David J. Malan

Gordon McKay Professor of the Practice of Computer Science, Harvard University

Dr. David J. Malan is Gordon McKay Professor of the Practice of Computer Science at Harvard University. He teaches Computer Science 50, otherwise known as CS50, which is Harvard University's largest course, one of Yale University's largest courses, and edX's largest MOOC. He also... Read More →

Kareem Zidane

Software Engineer, Harvard University

Kareem Zidane is a software developer, system administrator, and teaching fellow for CS50 at Harvard University. He is a self-taught programmer from Egypt who discovered computer science, including CS50 itself, online. He is the chief architect of CS50 IDE.

Containerization and Orchestration of CS50 IDE pdf

Wednesday November 20, 2019 5:20pm - 5:55pm PST
Pacific Ballroom, Salon 14-15 - Marriott Marquis San Diego Marina Hotel

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

5:20pm PST

Are We There Yet? My Experience Leading a Kubernetes Release Team - Claire Laurence, Pivotal

9 months, 3 releases, 3 roles, and countless new faces - here’s a story about how I went from a brand new community member to release lead in less than a year and what I discovered along the way. Over 9 months I dove into the Kubernetes release world and dealt with the challenges of shipping a release, the tough decisions that need to be made, and how to adapt our release plan to stay on target.

The Kubernetes release is at the core of the community. Managing an open source release requires flexibility, transparency, and radical collaboration. As the size of the contributors grows, how does the release process adapt? How are decisions made? How do we react when plans change? How did I quickly move from a shadow to the release lead role? In this talk I plan on addressing these questions and my experience leading the 1.15 release team

Speakers

Claire Laurence

Senior Technical Program Manager, Pivotal

Claire is a Senior Technical Program Manager at Pivotal Software. Claire helps manage releases for the Pivotal Container Service (PKS) offering. In the open source community, Claire is a member of SIG-Release and has participated on 3 Kubernetes release teams as an enhancements shadow... Read More →

KubeCon Preso (1) pdf

Wednesday November 20, 2019 5:20pm - 5:55pm PST
Room 16AB - San Diego Convention Center Mezzanine Level

Experience Level Beginner (Very basic information)
Session Slides Included Yes

5:20pm PST

Introducing Metal³: Kubernetes Native Bare Metal Host Management - Russell Bryant & Doug Hellmann, Red Hat

Metal³ (“metal kubed”) is a new open source bare metal host provisioning tool created to enable Kubernetes-native infrastructure management. Metal³ enables the management of bare metal hosts via custom resources managed through the Kubernetes API as well as the monitoring of bare metal host metrics to Prometheus. This presentation will explain the motivations behind creating the project and what has been accomplished so far. This will be followed by an architectural overview and description of the Custom Resource Definitions (CRDs) for describing bare metal hosts, leading to a demonstration of using Metal³ in a Kubernetes cluster.

Speakers

Russell Bryant

Distinguished Engineer, Red Hat

Russell is a Distinguished Engineer in Service Delivery, leading SD's adoption of OVN across our managed services. Russell also has a long history with OVN, having helped create the project back in 2015 and leading the planning for product teams to take over ownership of OVN by 2... Read More →

Doug Hellmann

Senior Principal Software Engineer, Red Hat

Doug Hellmann is a Senior Principal Software Engineer at Red Hat. He has been a professional developer since the mid 1990s and has worked on a variety of projects in fields such as mapping, medical news publishing, banking, data center automation, and hardware provisioning. He has... Read More →

Introducing Metal3 KubeCon NA 2019 pdf

Wednesday November 20, 2019 5:20pm - 5:55pm PST
Ballroom Sec 20AB - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

5:20pm PST

Flyte: Cloud Native Machine Learning & Data Processing Platform - Ketan Umare & Haytham AbuelFutuh, Lyft

Flyte is the backbone for large-scale Machine Learning and Data Processing (ETL) pipelines at Lyft. It is used across business critical applications ranging from ETA, Pricing, Mapping, Autonomous, etc. At its core is a Kubernetes native workflow engine that executes 10M+ containers per month as part of thousands of workflows. The talk will focus on,
- Architecture of Flyte and its specification language to orchestrate compute and manage data flow across disparate systems like Spark, Flink, Tensorflow, Hive, etc.
- Deploying highly scalable and fault tolerant Kubernetes Operators
- Learnings from operating Flyte across multiple Kubernetes clusters and using other CNCF technologies like gRPC, Envoy, FluentD, Kustomize and Prometheus.
- Use-cases where Flyte can be leveraged
The talk will conclude with a demo of a machine learning pipeline built using the open source version of Flyte.

Speakers

Haytham AbuelFutuh

Software Engineer, Lyft

Haytham Abuelfutuh is a software engineer at Lyft and leads the Flyte backend team. During his tenure at Lyft, Haytham has helped build Flyte from the ground up, built and shipped Kubernetes operators and investigated and optimized Flyte system performance on k8s. Before Lyft, Haytham... Read More →

Ketan Umare

Chief Software Architect, Union.ai

Ketan Umare is the TSC Chair for Flyte (incubating under LF AI & Data). He is also currently the Chief Software Architect at Union.ai. Previously he had multiple Senior Lead roles at Lyft, Oracle and Amazon ranging from Cloud, Distributed storage, Mapping (map making) and machine... Read More →

Flyte Kubecon pdf

Wednesday November 20, 2019 5:20pm - 5:55pm PST
Room 14AB - San Diego Convention Center Mezzanine Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

5:20pm PST

CNCF SIG-Security Deep Dive - Jeyappragash Jeyakeerthi, CNCF SIG-Security & Zhipeng Huang, Huawei

Speakers

Zhipeng Huang

Director of Open Source, Huawei

Zhipeng Huang currently serve as Director of Open Source for Huawei Compute Product line, in charge of openEuler, MindSpore and openGauss community operation. Zhipeng is now the TAC member of LFAI, TAC and Outreach member of the Confidential Computing Consortium, co-lead of the Kubernetes... Read More →

Jeyappragash Jeyakeerthi

Co-chair, Tetrate

Wednesday November 20, 2019 5:20pm - 5:55pm PST
Pacific Ballroom, Salon 25-26 - Marriott Marquis San Diego Marina Hotel

Experience Level Intermediate (Mid-level experience)

5:20pm PST

CoreDNS Deep Dive - John Belamaric, Google

A close look at the CoreDNS extension points for developers. Learn how to customize build custom DNS applications based on CoreDNS, including: * Building a custom CoreDNS binary that includes external plugins * Building a specialized binary that uses CoreDNS as a library * Building your own CoreDNS plugin

Speakers

John Belamaric

Senior Staff Software Engineer, Google

John Belamaric is a Senior Staff Software Engineer at Google with over 25 years of software design and development experience. As a co-chair of Kubernetes SIG Architecture, he provides leadership on production readiness, conformance, and overall software architecture for the Kubernetes... Read More →

CoreDNS Deep Dive KubeCon NA 2019 pdf

Wednesday November 20, 2019 5:20pm - 5:55pm PST
Hall D - San Diego Convention Center

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

5:20pm PST

Deep Dive: Cloud Native Buildpacks - Joe Kutner, Heroku & Stephen Levine, Pivotal

Learn why you need a buildpack and how to create one. We'll take advantage of caching and Docker layers to speed up rebuilds and deploys. Unlike Dockerfiles, buildpacks are composable. Finally, you'll learn how to rebase your application layers on a new image. This allow operators to efficiently handle the delivery of OS-level dependency upgrades.

Speakers

Stephen Levine

Engineering Lead / Principal Software Engineer, Pivotal

Stephen Levine is an Engineering Lead at Pivotal. He is the Cloud Foundry Project Lead for CF Local, CF Dev, and the core CF Buildpacks, as well as a co-owner of the Cloud Native Buildpacks project in the CNCF's Cloud Native Sandbox.

Joe Kutner

Architect, Heroku

Wednesday November 20, 2019 5:20pm - 5:55pm PST
Room 6D - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)

5:20pm PST

Deep Dive: Kubernetes Working Group for Multi-tenancy - Sanjeev Rampal, Cisco & Adrian Ludwin, Google

This deep dive of the working group for Multi-tenancy will include an in-depth technical exploration of multi-tenancy in core Kubernetes and the tooling and services the multi-tenancy working group has been developing to mainstream how users of Kubernetes can achieve multi-tenancy.

Speakers

Adrian Ludwin

Senior Software Engineer, Google

Sanjeev Rampal

Principal Engineer, Cisco

kubecon us 2019 mt wg deep dive pdf

Wednesday November 20, 2019 5:20pm - 5:55pm PST
Room 1AB - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

5:20pm PST

Intro to Longhorn: Open Source Cloud-Native Distributed Block Storage Built On and For K8s - Sheng Yang, Rancher Labs

Longhorn is an Open Source Cloud-Native distributed block storage built on and for Kubernetes. It provides persistent storage support for any Kubernetes cluster with one-click installation. It also supports advanced features like the built-in incremental backup and across cluster disaster recovery of the data. Longhorn leverages Kubernetes to build an easy to use, reliable and powerful storage experience for the users. Join us to learn about the architecture of Longhorn, how it was built on Kubernetes, how to use it with your stateful applications, and see a live demo of the latest release!

Speakers

Sheng Yang

Engineering Director, SUSE

Sheng Yang is an Engineering Director at SUSE. He is currently responsible for Harvester and Longhorn in the company. He joined SUSE through the Rancher Labs acquisition, where he worked on Longhorn, Harvester, local path provisioner, and other projects. Before Rancher Labs, he joined... Read More →

Longhorn KubeCon NA ppt 2019 pdf

Wednesday November 20, 2019 5:20pm - 5:55pm PST
San Diego Ballroom A - Marriott Marquis San Diego Marina Hotel

Experience Level Any
Session Slides Included Yes

5:20pm PST

Intro: vSphere Cloud Provider and CSI - Fabio Rapposelli, VMware

Kubernetes cloud providers and volume plugins used to be "in-tree" meaning that their source code is included in the main Kubernetes repo. They were compiled in, and shipped only in a Kubernetes release. The drawbacks of this monolithic approach were that Kubernetes was larger than needed, and feature + patch activity was locked to Kubernetes release schedules. Going forward, new features are exclusive to the new replacements: an out-of-tree vSphere cloud provider + a CSI storage plugin. Legacy implementations remain for the short term but are destined for deprecation.

Speakers

Fabio Rapposelli

Staff Engineer 2, VMware

KubeCon NA 2019 Provider vSphere pdf

Wednesday November 20, 2019 5:20pm - 5:55pm PST
Room 7AB - San Diego Convention Center Upper Level

Experience Level Any
Session Slides Included Yes

5:20pm PST

Minikube - Thomas Strömberg & Medya Ghazizadeh, Google

If you want to develop applications for kubernetes and try them out locally first, minikube is going to be your best bet. Come and explore the functionality of minikube via an introductory session from minikube maintainers from Google. We will cover the basics of getting started with minikube, how the local environment compares to a full kubernetes cluster and what customizations you can do to bring the maximum out of your local experience.

Speakers

Medya Ghazizadeh

Technical Lead Manager, Google

Medya Ghazizadeh is a tech lead at Google's container tools team. holds masters degree from DePaul University. one of the minikube maintainers.loves open source, poetry and human languages.

Thomas Strömberg

Senior Software Annihilator, Google, Inc

Thomas is a minikube maintainer, and manages the Container Developer Experience team at Google. Thomas has over 20 years of experience automating complex computing environments, and has spoken at KubeCon North America & KubeCon China.Thomas previously worked on production simulations... Read More →

draft pdf

Wednesday November 20, 2019 5:20pm - 5:55pm PST
Room 5AB - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

5:20pm PST

OPA Deep Dive - Tim Hinrichs & Torin Sandall, Styra

Come to this session for a deep dive on some exciting new features in the OPA project presented by the co-creators. This session will have plenty of time for Q&A!

Speakers

Tim Hinrichs

CTO, Styra

Tim Hinrichs is a co-founder and CTO of Styra, the cloud-native authorization company, and he is a co-creator of the open source CNCF Open Policy Agent project. Before that, he worked at VMware and co-founded the OpenStack Congress project. Tim has 20+ years of experience developing... Read More →

Torin Sandall

VP of Open Source, Styra

Torin Sandall is a co-founder of the Open Policy Agent (OPA) project. Torin has spent 10 years as a software engineer working on large-scale distributed systems projects. Torin is a frequent speaker at events like KubeCon, DockerCon, Velocity, and more. Prior to working on OPA, Torin... Read More →

Deep dive Kubecon San Diego 2019 pdf

Wednesday November 20, 2019 5:20pm - 5:55pm PST
Pacific Ballroom, Salon 23-24 - Marriott Marquis San Diego Marina Hotel

Thanos Deep Dive Inside a Distributed Monitoring System pdf

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

5:20pm PST

Thanos Deep Dive: Inside a Distributed Monitoring System - Bartlomiej Plotka & Frederic Branczyk, Red Hat

Thanos is an open-source CNCF Sandbox project that builds upon Prometheus components to create a global-scale highly available monitoring system. It seamlessly extends Prometheus in a few simple steps and it is already used in production by dozens of companies that aim for high multi-cloud scale for metrics while keeping low maintenance cost. During this talk, Frederic Branczyk and Bartek Plotka, core maintainers of Thanos and Prometheus projects, will explain advanced concepts behind the Thanos project. This talk will cover: - Possible deployment models - Integration points with other systems - Important advanced features e.g discovery, multi-label HA, query load balancing - Example solutions for multi-tenancy, authentication and cross-cluster communication in Thanos. Join this session to learn about advanced concepts and operational models of Thanos!

Speakers

Bartłomiej Płotka

Senior Software Engineer, Google

Bartek Płotka is a Senior Software Engineer at Google. SWE by heart, with an SRE background, currently working on Cloud Observability. Previously Principal Software Engineer at Red Hat. Author of "Efficient Go" book with O'Reilly. As the co-founder of the CNCF Thanos project and... Read More →

Frederic Branczyk

Founder, Polar Signals

Wednesday November 20, 2019 5:20pm - 5:55pm PST
Room 6C - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

5:20pm PST

The Great Cardinality Disasters of Our Time - Bryan Boreham, Weaveworks & Chris Marchbanks, Splunk

Many Cloud Native tools generate Prometheus metrics; together they form a great combination to operate and monitor your infrastructure. But sometimes things go wrong: a quirk in the metric labels can make the volume of data explode, and, soon after, your Prometheus will explode too.

Chris and Bryan will share their war-stories such as receiving 46,000 simultaneous alerts or squashing the source of 100kB label values. Then, they will provide top tips to avoid this happening to your tools in the future.

Speakers

Bryan Boreham

Distinguished Engineer, Grafana Labs

Chris Marchbanks

Senior Software Engineer, Splunk

great cardinality disasters of our time pdf

Wednesday November 20, 2019 5:20pm - 5:55pm PST
Room 17AB - San Diego Convention Center Mezzanine Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

5:20pm PST

The Myth of the Monocluster - Matt Silverlock, Google

Building out a single monolithic Kubernetes cluster and trying to migrate all the things rarely, if ever, works out, and Kubernetes doesn't change that. It becomes harder to gather non-conflicting requirements, or avoid scope creep as new teams have what seem like reasonable asks (to them). Not to mention the technical challenges & increased blast radius of a big cluster.

How can we start with smaller teams, help them migrate and operationalize their clusters, learn from the inevitable mistakes, document the shortcuts, and use that as the framework for future teams?

Let's talk through what we need to ask ourselves in order to migrate to Kubernetes, how to divide & conquer (our clusters), and some lessons learnt from working with large organizations.

Speakers

Matt Silverlock

Customer Engineer, Google

Matt is a customer-facing engineer at Google, and regularly works with organizations actively moving to Kubernetes, from DIY on-prem, unmanaged on VMs, or managed platforms like GKE (and sometimes, a mix of all three). This gives him first-hand insight into how organizations are building... Read More →

KubeCon NA 2019 The Myth of the Monocluster pdf

Wednesday November 20, 2019 5:20pm - 5:55pm PST
Ballroom Sec 20CD - San Diego Convention Center Upper Level

KubeCon Ancestry Continuous Optimization Hard Copy pdf

Experience Level Beginner (Very basic information)
Session Slides Included Yes

5:20pm PST

How Ancestry Got Kubernetes to Run 2x Better Per Dollar Using AI - Darek Gajewski, Ancestry

Darek Gajewski, Principal Infrastructure Analyst for Ancestry.com, relies on Kubernetes to quickly integrate and deploy applications across Ancestry’s website, which receives 50-million visitors a month, and generates more than a billion dollars in revenue.

To get optimum performance out of Ancestry’s cloud applications, Ancestry employed artificial intelligence for continuous optimization of the application runtime environment. AI brings continuous optimization (CO) to the CI/CD process. In a PoC, Ancestry used AI to cut the resources of one application by more than 50 percent, with zero drop in performance. In this instance, Ancestry has been able to get two times the performance out of Kubernetes for every dollar spent.

AI-powered CO delivers a well-optimized infrastructure personalized to the workload and delivers better reliability, at higher performance, for much lower costs.

Speakers

Darek Gajewski

Principal Infrastructure Analyst, Ancestry

Darek has spent 10 years in the role of capacity planning and management, cost governance, optimizing infrastructure at both BlackBerry and Ancestry operations. He has successfully saved millions in infrastructure spend at both Ancestry and BlackBerry. With a background in development... Read More →

Wednesday November 20, 2019 5:20pm - 5:55pm PST
Room 15AB - San Diego Convention Center Mezzanine Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

5:20pm PST

Open Source Weave Ignite - The GitOps VM - Mark Emeis, Weaveworks

Weave Ignite is a new open source tool that combines Firecracker microVMs with OCI images, containerd and CNI to unify containers and VMs. It integrates with Kubernetes and GitOps operators so it can be managed declaratively like Kubernetes itself and Terraform.

Ignite is fast and secure because of Firecracker, AWS’ oss KVM implementation that is optimised for speed, low resource consumption, high security, and isolation. With Ignite, users can:
*Launch and manage entire “app ready” stacks from Git
*Run legacy or special apps in lightweight VMs (eg for multi-tenancy)
*Run a cloud of VMs ‘anywhere’ using Kubernetes for orchestration, Ignite for virtualization, GitOps for management, and supporting cloud native tools and APIs.

Ignite contributor Mark Emeis will share why Kubernetes SIG Lead and Weaveworks DX Engineer, Lucas Käldström, created Ignite, how it works, and how to get started.

Speakers

Mark Emeis

Engineering Manager, Weaveworks

Mark has nearly 30 years of experience in the software industry. He has written software at all layers of the software stack, in numerous languages, from direct to consumer to enterprise software products. He leads the development for the WKP project at Weaveworks and is a member... Read More →

Weave Ignite kubecon na 19 pdf

Wednesday November 20, 2019 5:20pm - 5:55pm PST
Room 6E - San Diego Convention Center Upper Level

Experience Level Beginner (Very basic information)
Session Slides Included Yes

5:20pm PST

Knative - The Security Platypus? - Ariel Shuper, Aqua Security

Knative provides a way to extend Kubernetes to run serverless workloads. Although it runs as pods, given the nature of those workloads it requires an approach to security that is distinct from standard Kubernetes security practices. As 18th century explorers were wondering when they first encountered the platypus, is it a duck? an otter? or something else?
In this talk Ariel reviews the serverless threat landscape, which is quite differentiated from the container equivalent, using examples of how coding mistakes may expose applications despite the extremely ephemeral workloads.
This talk will show how combining preventative methods and more "offensive" methods such as tripwires can provide much better visibility and reduce the risk of Knative workloads being used as attack vehicles to reach other areas of the cluster or application.
Finally, the platypus question will be resolved.

Speakers

Ariel Shuper

VP, Product Management, Portshift

Ariel Shuper is Vice President of proudct management at Portshift Security, specializing in cloud native identity based security for micro services. He specialized in serverless environments as an entrepreneur prior to joining Aqua. He also focuses on other innovative cloud native... Read More →

Knative Security kubecon na 2019 pdf

Wednesday November 20, 2019 5:20pm - 5:55pm PST
Pacific Ballroom, Salon 20-22 - Marriott Marquis San Diego Marina Hotel

Experience Level Advanced (Expert level experience)
Session Slides Included Yes

5:20pm PST

Serverless Platform for Large Scale Mini-Apps: From Knative to Production - Yitao Dong & Ke Wang, Ant Financial

Serverless architecture is getting increasingly popular. However, developers are still experiencing pain points that hold them back from using it in production, like portability, interoperability and debugging. At Ant, Ke and Yitao are committed to building a mission-critical serverless platform that reduces those frictions, which is now supporting large scale mini-apps.

Ke and Yitao will share the key workloads they are building with serverless and how they address pain points in production by expanding Knative. They will introduce technical details of adopting Knative with secure container runtime and reinventing Knative control/data plane, which largely saves deployment and operation efforts to enable serverless in Kubernetes clusters. The chat will also cover a quick demo to illustrate improved serverless app lifecycle management, 0-M-N-0 autoscaling performance and operation workflow.

Speakers

Yitao Dong

Product Manager, Ant Financial

Yitao is a Product Manager at Ant Financial. He drives products of Ant Financial cloud, including cloud native PaaS for container and serverless. He works closely with end customers on solutions to adopt cloud native technologies for scalable financial scenarios.

Ke Wang

Software Engineer, Ant Financial

Ke is a Software Engineer at AntFinancial, where he works on building an enterprise serverless product based on Knative. He is an early adopter of Knative and has been working on ingenious ways to improve / make better use of it for a long time. He is also an open-source enthusia... Read More →

kubecon 20191119(1) 62 pptx

Wednesday November 20, 2019 5:20pm - 5:55pm PST
Room 6F - San Diego Convention Center Upper Level

CSI Volume Snapshots On the Way to Faster and Better Backups pdf

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

5:20pm PST

CSI Volume Snapshots: On the Way to Faster and Better Backups - Adnan Abdulhussein & Nolan Brubaker, VMware

Users need persistent data to support their business goals, and regular backups are critical to business continuity. The CSI Snapshot API provides users a consistent way of creating volume snapshots within Kubernetes, regardless of their storage provider. This is a big improvement over the prior, provider-specific methods for creating snapshots.

This session will first cover the basic CSI Snapshot CRDs, as well as demo snapshotting and restoring a stateful application. Additionally, we'll share how disaster recovery tools, such as the open-source Velero, can build on CSI Snapshots, as well as future enhancements coming to CSI, and what migrations from current in-tree cloud provider implementations will look like.

Agenda:
- Overview of the CSI Snapshot CRDs
- Demo of snapshot and restore workflow
- Future direction for application snapshotting and quiescing in CSI

Speakers

Adnan Abdulhussein

Software Engineer, VMware

Nolan Brubaker

Principal Software Engineer, Red Hat

Nolan has been working on cloud infrastructure technologies since 2014, starting with OpenStack, then Velero, and now OpenShift and Cluster API.

Wednesday November 20, 2019 5:20pm - 5:55pm PST
Room 11AB - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

6:00pm PST

All-Attendee Block Party (Name Badge Required to Attend)

Join the whole crew for the block party of the year (name badge required to attend)! Cap off an amazing week at KubeCon + CloudNativeCon and a wonderful year with a celebration that will take over San Diego's famed Gaslamp Quarter. The evening will be filled with music, lights, entertainment, food and fun spilling from dozens of restaurants into the streets.

The Gaslamp Quarter is just a hop, skip and a jump across the street from the San Diego Convention Center - you won't be able to miss us! See you there!

Wednesday November 20, 2019 6:00pm - 9:00pm PST
Gaslamp Quarter

6:15am PST

Group Fun Run

Thursday November 21, 2019 6:15am - 6:30am PST
Grand Staircase, Outside Hall D - San Diego Convention Center

Experience Level Any

7:30am PST

Continental Breakfast (Main Conference Venue)

Thursday November 21, 2019 7:30am - 9:00am PST
Foyer A & B - San Diego Convention Center Ground Level

7:30am PST

Registration + Badge Pick-up at San Diego Convention Center (Main Conference Venue)

Thursday November 21, 2019 7:30am - 4:00pm PST
Foyer A & B - San Diego Convention Center Ground Level

7:45am PST

Mentoring + Networking (Signup to be a Mentee or a Mentor)

The community collectively has an immense depth of knowledge and expertise which we can explore and learn from at this collaborative event. Whether you’re new, or not so new, to open source and the cloud native community, we invite you to register to attend the KubeCon Networking + Mentoring Session. You’ll have the chance to meet with experienced open source veterans across many CNCF projects. You will be paired with two other people in a pod like setting to explore technical and community questions together.

Sign Up to Be A Mentee

Are you part of a SIG? An ambassador of a cloud native project and want to help others with using or contributing to your project? Are you a code committer? An issue opener? A documentation writer? We’re looking for mentors of all backgrounds and experience levels (including new folks!) across the entire ecosystem with technical, community, and career experience to sign up for one or both sessions. Even if you’re a new comer, if you’ve even successfully navigated the PR process you have skills and insights to share! We will provide you with FAQs of attendees upfront so you know what to expect. Sign up here to be a mentor and help hundreds.

Sign Up to Be a Mentor

Thursday November 21, 2019 7:45am - 8:45am PST
Room 3 - San Diego Convention Center Upper Level

Networking + Mentoring

Experience Level Any

8:00am PST

Quiet Room

Thursday November 21, 2019 8:00am - 6:00pm PST
Room 13 - San Diego Convention Center Mezzanine Level

9:00am PST

Keynote: Opening Remarks - Vicki Cheung, KubeCon + CloudNativeCon North America 2019 Co-Chair & Engineering Manager, Lyft

Speakers

Vicki Cheung

Staff Software Engineer, Lyft

Thursday November 21, 2019 9:00am - 9:01am PST
Exhibit Hall AB - San Diego Convention Center Ground Level

9:01am PST

Keynote: In Search of the Kubernetes "Rails" Moment - Bryan Liles, KubeCon + CloudNativeCon North America 2019 Co-Chair & Senior Staff Engineer, VMware

Back in 2005, David Heinemeier Hansson wowed the web programming world with his demonstration of creating a blog in 15 minutes. Rails' secret trick was convention over configuration or decreasing the decisions a developer has to initially make.
Five years in, Kubernetes could benefit from a Rails moment. What could that moment look like, and what could it mean for developers who have to engage with Kubernetes? In this keynote, Bryan will explore what the landscape could look like with more developer-friendly tools and systems.

Speakers

Bryan Liles

Senior Staff Engineer, VMware

1 Bryan Liles NEW.pptx pdf

Thursday November 21, 2019 9:01am - 9:21am PST
Exhibit Hall AB - San Diego Convention Center Ground Level

Session Slides Included Yes

9:22am PST

Keynote: Hello From the Other Side: Dispatches From a Kubernetes Attacker - Ian Coldwater, Lead Platform Security Engineer, Heroku

Attackers have user stories too. Are you designing with them in mind?

As an attacker, Ian Coldwater would like to help you understand these users and their stories. What do their mindsets, motivations and methodologies look like? What do attackers look for when they look at a Kubernetes context, what do they do when they get in there, and what can you do to protect your clusters and code against them?

Being able to understand these perspectives can help you broaden your own. Let’s explore them together, and learn how to build stronger, more secure systems accordingly.

Speakers

Ian Coldwater

Security Researcher, Independent

Ian Coldwater is co-chair of Kubernetes SIG Security, a longtime community organizer, and a security researcher specializing in hacking and hardening Kubernetes, containers, and cloud native infrastructure. When they're not busy making good trouble, they like to read all the docs... Read More →

Ian Coldwater Hello From the Other Side pdf

Thursday November 21, 2019 9:22am - 9:42am PST
Exhibit Hall AB - San Diego Convention Center Ground Level

Session Slides Included Yes

9:43am PST

Keynote: Seamless Customer Experience at Walmart Stores Powered by Kubernetes@Edge - Maneesh Vittolia, Principal Architect & Sriram Komma, Principal Product Owner, Walmart

At Walmart, while major application software can and does operate in the cloud, stores or any client edge compute cannot avoid the intermittent network events that can create less than ideal availability and performance of the software during those times. This can lead to poor customer experience and/or failed transactions during checkout.
Because of Walmart's scale of serving around 265 million customer every week, the comnbined effect on customer experience as well as the loss of revenue is pretty huge.

To overcome the issue between Stores and cloud, Walmart is building and rolling out the next generation of Point of Sale (POS) systems on highly resource constraint edge computing environment using modern service mesh based technologies designed to allow maximum business flexibility, extreme performance and rapid deployment and powered by Kubernetes.

Speakers

Maneesh Vittolia

Principal Architect, Walmart

Maneesh Vittolia is a Principal Architect at Walmart helping build Next Gen Customer facing application using modern technologies like Docker Container, Kubernetes, Prometheus, Istio ServiceMesh to provide Seamless Experience to customer shopping at Walmart.He has been working on... Read More →

Sriram Komma

Principal Product Owner, Walmart

Sriram Komma is a Principal product owner for Walmart cloud native platform & Container cluster automation and resiliency team lead at Walmart helping build Next Gen infrastructure as service (iaas) platform using various orchestrator built in house and other open source tools. He... Read More →

3 Manesh and Siram New V2.pptx pdf

Thursday November 21, 2019 9:43am - 10:03am PST
Exhibit Hall AB - San Diego Convention Center Ground Level

Session Slides Included Yes

10:04am PST

Keynote: Finding the Joy in Chaos Engineering - Ana Medina, Chaos Engineer, Gremlin & Lenny Sharpe, Director of Engineering, Target

Learn how Target and Gremlin have built a resiliency engineering capability that enables teams to build more reliable systems. Hear how developing a strong culture around Chaos Engineering has paid off at Target. We'll share our journey from experimenting locally to running multi-team GameDays.

Chaos Engineering is a disciplined approach to identifying failures before they become outages. By proactively testing how a system responds under stress, you can identify and fix failures before they end up in the news. Chaos Engineering lets you compare what you think will happen to what actually happens in your systems. You literally break things on purpose to learn how to build more reliable systems.

Lenny Sharpe walks you through Chaos Engineering at Target, covering the tools and practices you need to implement Chaos Engineering with Kubernetes in your organization. Even if you’re already using Chaos Engineering, you’ll learn to identify new ways to use the practice to improve the reliability of your network and services.

Ana Medina will share a demonstration of how you can practice Chaos Engineering on Kubernetes and use it to improve the reliability of your systems. She gets you started using Chaos Engineering with your own team and gives you the tools to measure success. She will also demonstrate how GameDay environments can be used to learn about Chaos Engineering. She explains how to practice Chaos Engineering on AWS EKS, GCP GKE, Azure AKS and your own homegrown Kubernetes environments.

Some advanced topics you’ll cover include how to use monitoring tools combined with Chaos Engineering to help you create reliable distributed systems, where you can learn more, and how to join the Chaos Engineering community.

Speakers

Ana Margarita Medina

Senior Staff Developer Advocate, Lightstep from ServiceNow

Ana Margarita Medina is a Senior Staff Developer Advocate, she speaks on SRE, DevOps, and Reliability. She is a self-taught engineer with over 13 years of experience, focusing on cloud infrastructure & reliability. She has been part of the Kubernetes Release Team since v1.25, serves... Read More →

Lenny Sharpe

Director of Engineering, Target

4 Ana and Lenny NEW V4 pdf

Thursday November 21, 2019 10:04am - 10:24am PST
Exhibit Hall AB - San Diego Convention Center Ground Level

Session Slides Included Yes

10:24am PST

Keynote: Closing Remarks - KubeCon + CloudNativeCon North America 2019 Co-Chairs: Vicki Cheung, Engineering Manager, Lyft & Bryan Liles, Senior Staff Engineer, VMware

Puppy Pawlooza / Paw Therapy

Thursday November 21, 2019 10:30am - 12:30pm PST
Sponsor Showcase, Sails Pavillion - San Diego Convention Center Upper Level

Experience Level Any

10:55am PST

Building a Dev/Test Loop for a Kubernetes Edge Gateway with Envoy Proxy - Flynn, Datawire

As we worked with the community to build the open source Ambassador API gateway on top of Envoy Proxy we learned a bunch of lessons about our dev/test loop. One of the more unpleasant realities that we’ve had to come to terms with is that writing code is easy. What's hard is making sure it's working, and making sure that it keeps working as changes are made.

Over the life of Ambassador we've gone through multiple cycles of adding tests to increase confidence, from simple unit tests to larger integration suites, such as our Kubernetes Acceptance Test (KAT) framework. Several times these tests have become too slow, and then we had to work to speed them up so our velocity doesn't suffer.

Join Flynn to learn what we would do again in regard to our dev/test loop if we chose to build another open source tool, and also (more critically), what we would change.

Speakers

Flynn

Technical Evangelist, Buoyant

Flynn is a technology evangelist at Buoyant, spreading the good word and educating developers about the Linkerd service mesh, Kubernetes, and cloud-native development in general. He has spent four decades in software engineering from the kernel up through distributed applications... Read More →

Thursday November 21, 2019 10:55am - 11:30am PST
Room 6C - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)

10:55am PST

Balancing Power and Pain: Moving a Startup From a PaaS to Kubernetes - David Sudia, GoSpotCheck & Toni Rib, Gusto

By hiding a lot of complexity and allowing a team to move fast and simply "heroku push" applications, PaaS solutions like Heroku are a perfect fit when you are early stage startup. However, what do you do when your business starts to get traction, and your scale or use case begins to stretch the limitations of a PaaS? This talk will share the story of a startup's successful migration away from a PaaS to a self-built platform powered by CNCF technology.

We'll share the highlights of our journey, such as how we translated PaaS concepts to our new infrastructure, and explain the series of choices we made, like assembling our platform from Kubernetes and other CNCF components. We will also share some of our difficulties, with the goal that other organisations can avoid making the same mistakes.

Speakers

David Sudia

Senior DevOps Engineer, GoSpotCheck

David Sudia is a former educator turned developer turned DevOps Engineer. He's passionate about supporting other developers in doing their best work by making sure they have the right tools and environments. In his day to day he's responsible for managing Kubernetes clusters, deploying... Read More →

Toni Rib

Software Engineer, Gusto

Toni Rib is a Software Engineer at Gusto. While she focuses mainly on application development, she isn't happy unless she understands not only the application she's developing, but also the database and infrastructure it relies on. This resulted in her being named "honorary DevOps... Read More →

Balancing Power & Pain pdf

Thursday November 21, 2019 10:55am - 11:30am PST
Room 14AB - San Diego Convention Center Mezzanine Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

10:55am PST

Panel: State of the Operators: Hubs, Frameworks, SDKs, and Beyond - Diane Mueller, Red Hat, Sonam Saxena, Google, & Andre Tost, IBM

Kubernetes developers have embraced the Operator Pattern and there are now many production-ready operators available via a number of hubs and marketplaces. Operators allow developers to create some powerful tools that can be used on any infrastructure where Kubernetes is installed. Operators take all of that knowledge about an application’s lifecycle that a DevOps team practices manually and systematize it. Operators can be used to provision multiple applications in a consistent manner while adhering to best practices for that particular installation.

To discuss the future of the operator pattern and why are operators have become so valuable to organizations working with containers, we've assembled some key project leads, engineers, and builders of operators to help demystify the concepts, share lessons learned and best practices for building operators and grow the operator community.

Speakers

Diane Mueller

Director, Community Development, Red Hat

Director, Community Development, Red Hat (https://redhat.com) ; Co-Chair, OKD Working Group, the Community Distribution of Kubernetes that powers Red Hat OpenShift (https://okd.io) and founder/organizer of OpenShift Commons (https://commons.openshift.org)

Sonam Saxena

Product Manager, Google Cloud, Google

Sonam is Head of Product for Google Cloud Deployment Manager and focuses on the CI/CD and DevOps space. He has over 17 years of experience as a PM in startups and enterprises as a PM and lives in Seattle with his wife and 2 daughters. Over weekends he likes to climb mountains and... Read More →

Andre Tost

IBM Distinguished Engineer, IBM

André is a Distinguished Engineer in IBM's Software organization and one of IBM's leading technical experts on Hybrid Cloud, IT Architecture and Software Engineering. He currently works as an AI Engineer in the Worldwide watsonx Client Engineering team, focusing on bringing Generative... Read More →

Thursday November 21, 2019 10:55am - 11:30am PST
Room 17AB - San Diego Convention Center Mezzanine Level

Experience Level Beginner (Very basic information)

10:55am PST

Improving Performance of Deep Learning Workloads With Volcano - Ti Zhou, Baidu Inc

Baidu internally has improved the performance of large-scale deep learning workloads by using the Volcano project. The CRD-based computing resource model makes it possible to use resources more efficiently and configure computing models more flexibly. The Volcano project has unified abstraction of the underlying capabilities of group scheduling, fair share, priority queue, job suspend/resume, etc., which makes up for the lack of functionality of the native job based training operator.

After using Volcano, Baidu's internal resource utilization increased by 15%, and the training task completion speed increased by 10%. This talk will introduce the overall function of Volcano, transformation of the old operator to support Volcano, and the comparison of the performance of deep learning training tasks before and after using Volcano.

Speakers

Ti Zhou

Senior Architect, Baidu

Ti Zhou, Kubernetes member, LF AI & Data TAC member, currently serves as senior architect in Baidu Inc, focusing on PaddlePaddle Deep Learning Framework and Baidu Cloud Container Engine, helps developers to deploy cloud-native machine learning on private and public cloud.

DLP with Volcano KubeConNA 2019 v1.3.0 pdf

Thursday November 21, 2019 10:55am - 11:30am PST
Room 1AB - San Diego Convention Center Upper Level

Experience Level Beginner (Very basic information)
Session Slides Included Yes

10:55am PST

Prometheus Deep Dive - Ben Kochie, GitLab

After the Intro session we will go into a mix of advanced use cases, news, and open Q&A with all Prometheus maintainers who are at CloudNativeCon.

Speakers

Ben Kochie

Principal Engineer, Reddit

Ben Kochie is a long time Prometheus contributor and Site Reliability Engineer.

Prometheus Deep Dive KubeCon San Diego 2019 pdf

Thursday November 21, 2019 10:55am - 11:30am PST
Ballroom Sec 20AB - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

10:55am PST

Workshop on Defining a Reference Model for Cloud-Native Application Delivery - Alois Reitbauer, Dynatrace & Lei Zhang, Alibaba

The application delivery SIG has started to define a reference model for cloud-native application delivery and operations. In this deep dive session, we will start a journey from questions like “What is the Application?” to “The layers and phases through application delivery”, then all the way to the typical model and pattern of application delivery. We will use certain open source projects as concrete examples to explain how they fit into this model, their maturity level in each layer, what’s missing, and the direction the application delivery SIG is trying to pursue. The session will help audiences figure out not only “what project X is doing”, but also “in what layer project X is working” and “how it performs there.”

Speakers

Lei Zhang

Partner Software Engineer, Microsoft

Alois Reitbauer

Chief Technology Strategist/Head of Open Source, Dynatrace

Deep Dive CNCF App Delivery SIG (1) pdf

Thursday November 21, 2019 10:55am - 11:30am PST
Room 7AB - San Diego Convention Center Upper Level

Deep Linking Metrics and Traces with OpenTelemetry, OpenMetrics, Prometheus and M3 (1) pdf

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

10:55am PST

Deep Linking Metrics and Traces with OpenTelemetry, OpenMetrics and M3 - Rob Skillington, Chronosphere

Metrics and traces are two pillars of Observability and are often used in a complementary fashion. Metrics can give you a high level view of application’s responses and performance and tracing can give you a detailed view of requests through applications. Often when using metrics in graphs or alerts you want be able to jump to an example of a request represented by a given metric datapoint which is difficult to do today. In this talk we show an example of this using an OpenTelemetry exporter to publish trace IDs as exemplars using the OpenMetrics exposition format.

We then walk through configuring Jaeger as a tracing backend and M3 as a metrics backend to store the trace ID alongside a datapoint. We show how it is then possible to go from a metrics graph that visualizes the latency of your application to a trace that fell into a latency bucket using the deep link of the trace ID.

Speakers

Rob Skillington

CTO, Chronosphere

Rob Skillington is the CTO at Chronosphere and creator of open source M3 which is a Prometheus long term storage metrics platform. He is also a member of OpenMetrics, an open standard for transmitting metrics at scale.

Thursday November 21, 2019 10:55am - 11:30am PST
Room 11AB - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

10:55am PST

Handling Risky Business: Cluster Upgrades - Puneet Pruthi, Lyft

Have you ever had to upgrade your Kubernetes clusters to update to a new release version, push new features or patch critical security vulnerabilities? Did it ever feel daunting to live update API masters or etcds? Can you automate such an operation?

We hope to share our musings at Lyft in solving the complexity of automating cluster upgrades and how that is incorporated into the design for - k8srotator - a Kubernetes custom controller.

As multiple components operating in cohesion make a cluster healthy, there are numerous points of failure that can occur during an upgrade cycle. Although there are varied ways of operating a Kubernetes cluster, the issues encountered during the process are common.

Attendees will walk away with knowledge about different cluster upgrade failures scenarios and ways to automate such operations without being in constant fear of losing the cluster state.

Speakers

Puneet Pruthi

Engineering Manager, Lyft

Puneet is the Engineering Manager for Cloud Orchestration Team at Lyft which maintains the platform for microservices to interact with cloud providers. Previously he was a Senior Software Engineer on the Compute Team where he worked on supporting the Kubernetes Infrastructure and... Read More →

Handling Cluster Upgrades K8srotator pdf

Thursday November 21, 2019 10:55am - 11:30am PST
Ballroom Sec 20CD - San Diego Convention Center Upper Level

kubecon 2019 how yelp moved security from the app to the mesh with envoy and opa pdf

Experience Level Advanced (Expert level experience)
Session Slides Included Yes

10:55am PST

How Yelp Moved Security From the App to the Mesh with Envoy and OPA - Daniel Popescu, Yelp & Ben Plotnick, Cruise

From its inception, Yelp's service infrastructure has treated security as a fundamental component. For many years, developers carried the burden of building security features directly into their services. By using standard cloud native building blocks, the service infrastructure now provides security features by default; this enables hundreds of developers to focus on shipping features for more than 100M monthly active Yelp users.

This talk will cover Yelp’s journey from a legacy service proxy to a modern, secure service mesh based on Envoy and Open Policy Agent. It will discuss

-Authn and Authz mechanisms using mTLS and JWT with Envoy and OPA
-Migration from using an in-house policy decision engine to standardized open source tools (OPA)
-Transpiling legacy policy data to rego and other best practices for policy maintenance
-Strategies for quickly and safely rolling out policy changes

Speakers

Daniel Popescu

Security Engineer, Yelp

Daniel Popescu works at Yelp where he is responsible for security infrastructure and operations. Previously he worked at Microsoft on non-security products, but has maintained a passion for security since his undergrad years at the University of California, Santa Barbara. Professionally... Read More →

Ben Plotnick

a Senior Software Enginee, Cruise Automation

Ben Plotnick is a Senior Software Engineer at Cruise Automation, leading the Platform Services team in moving the bytes around in Kubernetes. Prior to this, he was a member of the Engineering Effectiveness group at Yelp, working to redesign Yelp's service infrastructure with Envoy... Read More →

Thursday November 21, 2019 10:55am - 11:30am PST
Room 6F - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

10:55am PST

KEDA: Event Driven and Serverless Containers in Kubernetes - Jeff Hollan, Microsoft

Event driven and serverless architectures are defining a new generation of apps. However, to take full advantage of the serverless benefits of event driven, your application needs to scale and react to those events instantly - scaling from zero to potentially thousands of instances. These events may come in the form of queue and Kafka messages, or events from a cloud provider like AWS SQS or Azure Event Hubs. KEDA 1.0 is an open sourced component created in partnership with Red Hat and Microsoft Azure that provides event driven autoscaling for your Kubernetes workloads. In this demo-filled session, learn how to get started with KEDA, how customers are using it to efficiently scale and run event-driven apps, and how everything from a simple container to a serverless function can integrate seamlessly and scale natively in an event-driven and Kubernetes world.

Speakers

Jeff Hollan

Principal PM Manager, Microsoft

Jeff Hollan is Principal PM Manager for Azure Functions and KEDA. He is a spokesperson for serverless and cloud native for Microsoft and presented at keynotes and conferences around the world. His team focuses on building capabilities for serverless both in the cloud and on-premises... Read More →

KubeCon 2019 KEDA pptx

Thursday November 21, 2019 10:55am - 11:30am PST
Room 16AB - San Diego Convention Center Mezzanine Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

10:55am PST

Life Outside the Cluster: Adding Virtual Machines to an Envoy Service Mesh - Megan O'Keefe & Ameer Abbas, Google

Service mesh tools add lots of functionality for Kubernetes-based applications, including policy automation and telemetry. But what if you're halfway through a migration to Kubernetes, and you still have applications running in virtual machines? In this talk, Megan O'Keefe and Ameer Abbas will demonstrate how to use Istio, an Envoy-based service mesh, to connect Kubernetes services with applications running in VMs. Demos will include: encrypting gRPC traffic between Pods and VMs, using Prometheus to view application metrics across both environments, and load balancing traffic between Kubernetes and VM instances. You will leave this talk understanding exactly how to integrate virtual machines with an Envoy-based service mesh.

Speakers

Megan O'Keefe

Developer Relations Engineer, Google Cloud

Megan O’Keefe is a Developer Relations Engineer at Google Cloud, where they help platform developers build on top of Kubernetes to accelerate app development and reduce toil. A graduate of Wellesley College, Megan began their career at Cisco, where they built edge computing platforms... Read More →

Ameer Abbas

Product Manager, Google

Ameer Abbas is a Google product manager focused on application modernization and cloud native platforms. He is also part of the Istio steering committee.

Life Outside the Cluster Kubecon NA '19 pdf

Thursday November 21, 2019 10:55am - 11:30am PST
Room 15AB - San Diego Convention Center Mezzanine Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

10:55am PST

CloudEvents - Intro, Deep-Dive and More! - Doug Davis, IBM; Clemens Vasters, Microsoft; Klaus Deissner, SAP; & Vladimir Bacvanski, PayPal

In this session the we'll summarize the history and status of the CloudEvents project. We may even have a major announcment! We'll then talk about what our future plans are. Finally, there's will be a more indepth discussion around how people are using CloudEvents in production and how it has helped address the pain points people were experiencing.

Speakers

Doug Davis

PM Microservices, Microsoft

Doug is currently focusing on improving the developer experience for cloud native computing in Azure Cloud. He’s been working on Cloud related technologies for many years and has worked on many of the most popular OSS projects, including OpenStack, CloudFoundry, Docker, Kubernetes... Read More →

Klaus Deissner

Development Architect, SAP

Klaus is an architect at SAP focusing on event-driven architecture. He has over 20 years of experience in architecting and engineering software and has spent a large portion of his career with technology topics such as building messaging infrastructures, developer tools, as well as... Read More →

Clemens Vasters

Principal Architect, Microsoft

Clemens Vasters is Lead Architect in Microsoft’s Azure Messaging team that builds and operates a fleet of hyper-scale messaging services, including Event Grid, Service Bus, and Event Hubs. Clemens represents Microsoft in messaging standardization in OASIS (AMQP) and CNCF (CloudEvents... Read More →

Vladimir Bacvanski

Distinguished Architect, PayPal

Dr. Vladimir Bacvanski is a Principal Architect with Strategic Architecture at PayPal. He is the lead architect for Privacy and the lead architect for Developer Experience, which includes variety of tools in the DevOps arena. Before joining PayPal, Vladimir was the CTO and founder... Read More →

KubeCon NA 2019 CloudEvents pdf

Thursday November 21, 2019 10:55am - 12:25pm PST
Room 31ABC - San Diego Convention Center Upper Level

Experience Level Any
Session Slides Included Yes

10:55am PST

Deploy Secure and Scalable Services Across Kubernetes Clusters with NATS - Derek Collison, Colin Sullivan, Waldemar Quevedo, & Jaime Piña, Synadia

Services and Streams are the cornerstones of any modern distributed architecture. Communications and observability of modern systems have become just as important as the deployment of the components themselves. In this talk maintainers of the NATS projectwill create a service using NATS as the communication technology. They will show how NATS allows a service application to utilize cutting edge security with the ability to scale up and down, across multiple Kubernetes clusters and cloud deployments. This will be completely observable, with no code changes from the demo code base to global deployment. NATS allows cutting edge modern systems to be built without the additional complexity of load balancers, proxies or sidecars. NATS allows radically easy yet secure deployments across multiple k8s clusters, in any cloud or on-premise environment.

Speakers

Colin Sullivan

Product Manager, Synadia

Colin is the product manager of NATS (https://nats.io). He has extensive experience developing messaging products and designing distributed systems. Prior to Synadia, Colin worked at Apcera and TIBCO software.

Wally Quevedo

Software Developer, Synadia

Waldemar Quevedo is a core maintainer of the NATS.io project working at Synadia and author of the 'Practical NATS' book.

Derek Collison

Founder and CEO, Synadia

Jaime Piña

Software Engineer, Synadia Communications, Inc

Jaime was a self-driving car whisperer at Cruise Automation before joining Synadia. He worked on systems that helped distressed vehicles when making challenging maneuvers on San Francisco streets. During off-hours, Jaime is always tinkering with something.

NATS KubeCon NA 2019 V2 pdf

Thursday November 21, 2019 10:55am - 12:25pm PST
Room 6E - San Diego Convention Center Upper Level

Experience Level Any
Session Slides Included Yes

10:55am PST

Intro + Deep Dive - Provider IBM Cloud - Sahdev P. Zala, Brad Topol, Richard Theis & Ian Watts, IBM

Recently the Kubernetes community reached an important milestone of moving individual cloud provider SIGs as sub-projects under the Cloud Provider SIG. The SIG IBM Cloud is now a sub-project called Provider IBM Cloud. In this session, the Provider IBM Cloud leads will discuss these recent developments and brief about the activities of the sub-project. This will be followed by a deep dive into the Kubernetes Cluster API Provider IBM Cloud and the recent development activities. We will then provide the current status of the IBM Cloud Provider. Everyone --active contributors, new contributors, and conference attendees -- with interest in the Provider IBM Cloud sub-project are welcome to attend. During the session, the project leads will be available all the time for discussions.

Speakers

Ian Watts

Program Director, IBM

Wondering what the future of automation will bring? Let me walk you through IBM's journey of Automation in the CloudPak for Multicloud Management, the possibilities are endless.

Brad Topol

Distinguished Engineer, IBM

Dr. Brad Topol is an IBM Distinguished Engineer leading efforts focused on Open Technologies and Developer Advocacy. In his current role, Brad leads a development team focused on contributing to and improving Kubernetes and several other cloud native open source projects. Brad is... Read More →

Richard Theis

Senior Software Engineer, IBM

Richard Theis is a Senior Software Engineer in the IBM Cloud division. In his current role, Richard leads Kubernetes and OpenShift update development and support for IBM Cloud Kubernetes Service and Red Hat OpenShift on IBM Cloud. He is a co-chair of the Kubernetes provider IBM Cloud... Read More →

Sahdev P. Zala

Senior Technical Staff Member, Open Source Developer, IBM

Sahdev Zala is a Senior Technical Staff Member at IBM Research. He is an open source developer for over a decade and currently contributes to the PyTorch and Kubernetes. He serves as a maintainer for the CNCF etcd project. Previously, Sahdev was a maintainer in the OpenStack project... Read More →

kubecon sandiego 19 provideribmcloud pdf

Thursday November 21, 2019 10:55am - 12:25pm PST
Room 32AB - San Diego Convention Center Upper Level

Experience Level Any
Session Slides Included Yes

10:55am PST

K8s Conformance & SIG Architecture Conformance Subgroup - Hippie Hacker, ii.coop; Dan Kohn, CNCF; & John Belamaric, Google

Speakers

Dan Kohn

General Manager, Linux Foundation Public Health, Linux Foundation

Hippie Hacker

Chief Executive Hippie, ii.coop

Hippie Hacker's unique approach to storytelling includes practical application of technology with a focus on humanity as a whole. He has a lifelong interest in the creation of vehicles of viral generosity that everyone can ride.His travels starting in an avocado green Volkswagen took... Read More →

John Belamaric

Senior Staff Software Engineer, Google

Thursday November 21, 2019 10:55am - 12:25pm PST
Room 6D - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)

10:55am PST

OpenTelemetry: The First Release, What’s Next, and How to Get Involved - Morgan McLean, Google; Tristan Sloughter, Postmates; Sergey Kanzhelev, Microsoft; & Chris Kleinknecht, Google

Earlier this year, the OpenCensus and OpenTracing communities merged to form OpenTelemetry, the first version of which will be released at Kubecon. OpenTelemetry provides libraries and agents that capture metrics and distributed traces from your applications and send them to backends like Prometheus, Zipkin, and Jaeger. The project is backed by a large community of end-user developers and the majority of cloud and APM vendors. We’re always interested in welcoming more people to the project! In this session we will cover: - What’s included in the v1 release, the project’s overall status and production readiness - Community structure, including governance, SIGs, and how to get involved - Recent integrations with various frameworks, clients, and Kubernetes itself! - Related projects like W3C TraceContext - What we’re working on next, including more languages, more integrations, and logs

Speakers

Morgan McLean

Product Manager, Google

Chris Kleinknecht

Software Engineer, Google

I work on OpenTelemetry, an open source distributed tracing and metrics client. Let's talk monitoring!

Sergey Kanzhelev

Staff Software Engineer, Google

Tristan Sloughter

Software Engineer, Postmates

OpenTelemetry Kubecon NA 2020 Maintainers Track pdf

Thursday November 21, 2019 10:55am - 12:25pm PST
Room 5AB - San Diego Convention Center Upper Level

Experience Level Any
Session Slides Included Yes

10:55am PST

SIG-Network Intro & Deep-Dive - Tim Hockin, Google & Vallery Lancey, Lyft

Networking is hard! This talk will start with some background on Kubernetes networking. Attendees who are not already comfortable with the "hows and whys" of basic networking in Kubernetes can get a bit of a primer before we dive deep on a few of the more recent developments and efforts in the networking space.

Speakers

Tim Hockin

Distinguished Engineer, Google

Vallery Lancey

Infrastucture Software Engineer, Lyft

SIG Network Intro 2 pdf

Thursday November 21, 2019 10:55am - 12:25pm PST
Room 33ABC - San Diego Convention Center Upper Level

Kubecon 2019 San Diego Tutorial Debug your Kubernetes apps pdf

Experience Level Any
Session Slides Included Yes

10:55am PST

Tutorial: Debug Your Kubernetes Apps - Arun Gupta & Re Alvarez Parmar, Amazon (Limited Available Seating; First-Come, First-Served Basis)

Please bring your laptop fully charged as we will have limited charging stations available in the room.

Your Kubernetes application is running well, and then all of a sudden the service stops responding. How do you debug? You created a deployment but its not coming up. Is your pod status shown as pending? How do you debug deployments and pods, get their logs, see the filesystem layout? Horizontal Pod Autoscaler is not scaling pods. Is your cluster running out of capacity? Or are the metrics not available? Having DNS lookup failures for services? Is your PVC status shown pending? Is kubectl not able to find nodes? This session will be loaded with different ways your applications on k8s crash and burn, and more importantly to recover from them.

Speakers

Arun Gupta

Vice President/General Manager, Intel

Arun Gupta is vice president and general manager of Open Ecosystem Initiatives at Intel Corporation. He is an open source strategist, advocate, and practitioner for over two decades. He has taken companies such as Apple, Amazon, and Sun through systemic changes to embrace open source... Read More →

Re Alvarez Parmar

Containers Specialist Solutions Architect, Amazon

Thursday November 21, 2019 10:55am - 12:25pm PST
Room 30ABCDE - San Diego Convention Center Upper Level

Tutorials, Application + Development

Experience Level Beginner (Very basic information)
Session Slides Included Yes

10:55am PST

Tutorial: Everything You Need To Become a GitOps Ninja - Alex Collins & Alexander Matyushentsev, Intuit (Limited Available Seating; First-Come, First-Served Basis)

Please bring your laptop fully charged as we will have limited charging stations available in the room.

A deep-dive on GitOps which will help you, even if you only have minimal GitOps experience, to get a total understanding of everything GitOps.

Firstly you’ll get an introduction into what is GitOps and it’s key benefits, then we’ll walk through foundational techniques, such as tools and strategies, then we’ll take it to the next level with advanced techniques and best practices. Finally, you’ll get a chance to get your hands dirty with an accelerated GitOps lab.

Parts:

- Introduction
- Foundations
- Advanced Techniques
- Hands On Argo CD Lab

Prerequisites:
Audience members should be familiar with core Kubernetes concepts, as well as comfortable using Git. Those interested in the lab should have a laptop with git and minikube installed.

What to Bring: A laptop on which you can clone and push code to github.com

Speakers

Alexander Matyushentsev

Principal Software Engineer, Intuit

Alexander Matyushentsev is a Principal Engineer in the Intuit Modern SaaS team. Alexander is focused on building tools which makes it easier to use Kubernetes. He is one of the core contributors to "Argo Workflows" and "Argo CD" projects. Alexander is passionate about open source... Read More →

Alex Collins

Principle Software Engineer, Intuit

Alex Collins is a Principal Engineer working on Intuit’s Kubernetes platform. He’s the lead engineer for Argo Workflows and Events, and one of the core contributors to Argo CD. He’s a dedicated Open Source advocate. Previously he was the EMEA Software Architect on QuickBooks... Read More →

Everything You Need To Become a GitOps Ninja pdf

Thursday November 21, 2019 10:55am - 12:25pm PST
Room 29ABCD - San Diego Convention Center Upper Level

Tutorials, CI/CD

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

10:55am PST

Tutorial: Zero to Operator in 90 Minutes! - Solly Ross, Google (Limited Available Seating; First-Come, First-Served Basis)

Please bring your laptop fully charged as we will have limited charging stations available in the room.

Please complete the following steps ahead of time to make your tutorial easier: https://gist.github.com/DirectXMan12/ad7b35327c2816125a45cdc11ff78476

Come learn how to quickly get off the ground running with building an operator using KubeBuilder v2!

Come write a Kubernetes-style API to manage a bespoke application, complete with declarative validation and defaulting. Discover what kind of requirements go into an API type, and how to write API types that work and feel like they're part of Kubernetes, and can be easily consumed as part of a larger system.

Once you've got an API type, you'll make use of the new server-side apply functionality to make implementing your core logic a breeze, and learn how to think about writing well-behaved controller logic that deals with different interactions with other parts of Kubernetes.

Finally, you'll learn how to actually run your controller locally for development and on a remote cluster for production.

Speakers

Solly Ross

Software Engineer, Google

Solly is one of the leads of the Kubebuilder project, and works on Kubernetes at Google with a focus on custom controller tooling. Solly previously worked on metrics and autoscaling, and has been hacking on various parts of Kubernetes since Kubernetes 1.2. When not writing PRs or... Read More →

presentation.rendered pdf

Thursday November 21, 2019 10:55am - 12:25pm PST
Hall D - San Diego Convention Center

Tutorials, Customizing + Extending Kubernetes

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

Joshua Lock

Distinguished Engineer, Verizon

Joshua is Open Source Architect in Verizon's Open Source Program Office, where he leads efforts to improve consistency around how Verizon uses open source. As part of his work at Verizon he works upstream on software supply chain security standards and tools; he is a steering committee... Read More →

Linux distro tools for building container images pdf

Thursday November 21, 2019 11:50am - 12:25pm PST
Room 6C - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

11:50am PST

Security Beyond Buzzwords: How to Secure Kubernetes with Empathy? - Pushkar Joglekar, Visa

Your developers are excited about containerizing their apps for elastic scaling. Your operations team is busy drooling over resource optimizations and cost savings that are predicted with a move away from giant VMs to tiny containers. The security person assigned to review this is, utterly clueless when words like multi-tenancy, service meshes, CRI, CNI and kubectl are thrown around.
In this presentation, Pushkar Joglekar will share his real world experience of being that security person four years ago, to becoming the "go-to" security person for his Ops & Dev teams today. By using a simple formula of risk = likelihood * severity, we will prove that not all vulnerabilities are created equal and how “secure by design” Kubernetes deployments, can reduce the likelihood and surface area of a possible attack exploiting any vulnerabilities.

Speakers

Pushkar Joglekar

Security Engineer, Visa

Pushkar Joglekar is a Security Engineer who is the first ever open source contributor for his current company. He has architected several “secure by design” large scale containerized deployments in the last four years. This is his first attempt to speak on a topic that he has... Read More →

kubecon na sbb visa pj 2019 11 11 pdf

Thursday November 21, 2019 11:50am - 12:25pm PST
Room 17AB - San Diego Convention Center Mezzanine Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

11:50am PST

Making Plugins Mainstream: Developing a Plugin Manager for Kubectl - Ahmet Alp Balkan, Google

Kubectl Plugins are an extension mechanism to add custom commands to Kubernetes developers’ favorite tool: kubectl. As the plugin mechanism became stable recently in Kubernetes 1.12 and people started to develop plugins, we realized a challenge is upon us: How to make these plugins easy to develop, package and distribute.

This talk is a Kubernetes SIG CLI subproject "krew" and how we have designed and built a "cross-platform package manager" that makes plugins accessible to vast amount of Kubernetes users easily.

This talk will go through:
* Kubernetes project’s emphasis on extensibility
* Introduction to kubectl plugins and writing a small plugin
* Designing Krew: how to write a plugin manager for kubernetes without writing a fully-fledged package manager
* Life of a kubectl plugin managed by Krew
* Challenges of building a curated catalog of plugins as Kubernetes OSS community

Speakers

Ahmet Alp Balkan

Software Engineer, Google

Ahmet Alp Balkan is a Software Engineer at Google, working on developer experiences for open source technologies like Kubernetes and Knative. He is the maintainer of developer tooling like kubectx.dev and krew.dev, which is a Kubernetes SIG CLI sub-project. At Google, he works on... Read More →

Making kubectl plugins mainstream @ KubeCon SD (1) pdf

Thursday November 21, 2019 11:50am - 12:25pm PST
Room 14AB - San Diego Convention Center Mezzanine Level

Experience Level Beginner (Very basic information)
Session Slides Included Yes

11:50am PST

Kubernetizing Big Data and ML Workloads at Uber - Mayank Bansal & Min Cai, Uber

Uber relies on Big Data and ML to make business critical decisions such as pricing, trip ETA, etc. Today, those workloads such as Hive and Spark are running on YARN. To save millions of dollars by efficient use of cluster resources, Uber is planning to use Kubernetes to co-locate BigData/ML and micro-service workloads.

Kubernetes is the de-facto standard for running micro-services. However, in comparison to YARN, it still lacks many features like hierarchical resource pools, elastic resource sharing, gang scheduling etc. To bridge this gap, we have re-architected Peloton to be a set of Kubernetes scheduler and controller plugins so that we can provide feature parity with YARN.

This talk will cover:
- Learnings of running large-scale BigData/ML on Kubernetes with Peloton
- Colocation of mixed workloads
- Federation across zones
- Feature and API parity with YARN

Speakers

Min Cai

Sr. Staff Engineer, Uber

Min Cai is a Sr. Staff Engineer in Compute Platform team at Uber working on all-active datacenters, cluster management and micro-service deployment systems. He received his Ph.D. degree in Computer Science from Univ. of Southern California. Before joining Uber, he was a Sr. Staff... Read More →

Mayank Bansal

Staff Engineer, Uber

Mayank Bansal is currently working as a Staff engineer at Uber in data infrastructure team. He is co-author of Peloton. He is Apache Hadoop Committer and Oozie PMC and Committer. Previously he was working at ebay in hadoop platform team leading YARN and MapReduce effort. Prior to... Read More →

KubeCon 2019 Kubernatize Big Data and ML Workloads pdf

Thursday November 21, 2019 11:50am - 12:25pm PST
Room 15AB - San Diego Convention Center Mezzanine Level

Experience Level Advanced (Expert level experience)
Session Slides Included Yes

11:50am PST

SIG Cluster Lifecycle (kops) - Justin Santa Barbara, Google

We'll dig into the recent progress in kops: etcd-manager and etcdadm getting us to etcd3; support for CRDs and the server mode; starting to move to cluster API and our future plans here; starting to adopt bundles to allow for richer upgrades. Also kops is now a conformant kubernetes distribution! We'll discuss the status of our support for more clouds, including the recent OpenStack work. We'll also talk about some of our general initiatives e.g. secure by default. But most importantly let's talk about your pain points and figure out what you would like to see, and let's discuss how you can get involved.

Speakers

Justin Santa Barbara

Software Engineer, Google

Thursday November 21, 2019 11:50am - 12:25pm PST
Room 7AB - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)

11:50am PST

Exporting Kubernetes Event Objects for Better Observability - Mustafa Akın & Ahmet Şeker, Atlassian

Objects in Kubernetes, such as Pod, Deployment, Ingress, Service publish events to indicate status updates or problems. Most of the time, these events are overlooked and their 1 hour lifespan might cause missing important updates. They are also not searchable and cannot be aggregated.

We are open-sourcing our internal tool for publishing the events in Kubernetes to Opsgenie, Slack, Elasticsearch, Webhooks, Kinesis, Pub/Sub. It has a configuration language for matching events based on various criteria, such as the content and the related object’s labels. It also has the capability to route the events intelligently, inspired by Prometheus Alertmanager.

For instance, you can notify an owner of Pod for runtime OCI failures, you can aggregate how many times the images are pulled, how many times container sandbox changes for various resource labels.

Speakers

Mustafa Akın

SRE, Atlassian

Mustafa works at Atlassian Opsgenie as a Senior Site Reliability Engineer. He works on Kubernetes and Golang to keep Opsgenie up all the times and works on observability and tracing. In his free time, he works on scheduling algorithms for Kubernetes for his PhD studies.

Ahmet Şeker

SRE, Atlassian

Ahmet is Engineering Manager at Atlassian Opsgenie SRE Team. Besides his management and SRE tasks, he tries to construct unified build system in Opsgenie. He and his team is the main driver for Opsgenie's K8s journey

Exporting K8s Events pdf

Thursday November 21, 2019 11:50am - 12:25pm PST
Room 16AB - San Diego Convention Center Mezzanine Level

Experience Level Beginner (Very basic information)
Session Slides Included Yes

11:50am PST

Am I Using It Right? Checking Best Practices on Live Kubernetes Clusters - Varsha Varadarajan & Adam Wolfe Gordon, DigitalOcean

While Kubernetes is stable, best practices for using it are a moving target. Some are generally applicable, others unique to a particular configuration or platform. Following best practices helps ensure workloads stay running as expected through cluster maintenance and upgrades, but checking them can feel like playing whack-a-mole in the dark.

This talk introduces a new open source tool, clusterlint, that checks compliance with best practices. Unlike other linters that work on deployment manifests, clusterlint identifies risks and problems in running Kubernetes clusters, making it useful for finding potential problems before performing cluster maintenance.

We'll discuss what clusterlint checks, why, how it works, how we use it in DigitalOcean's managed Kubernetes product to warn users of danger, and future plans for the tool.

Speakers

Adam Wolfe Gordon

Senior Engineer II, DigitalOcean

Adam Wolfe Gordon is a senior engineer focused on product strategy at DigitalOcean. Among other things, he previously worked as the tech lead for DigitalOcean's Kubernetes and container registry products. Adam is interested in infrastructure products, and likes to spend as much time... Read More →

Varsha Varadarajan

Engineering Intern, DigitalOcean

Varsha is a software engineer currently pursuing a Master's degree in Computer Science. She previously worked at ThoughtWorks in the continuous delivery domain; and as an intern at DigitalOcean on managed Kubernetes, where clusterlint was created. She likes working on Kubernetes related... Read More →

clusterlint slides pdf

Thursday November 21, 2019 11:50am - 12:25pm PST
Ballroom Sec 20AB - San Diego Convention Center Upper Level

KubeCon NA 2019 How Kubernetes components communicate securely in your cluster 20191121 pdf

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

11:50am PST

How Kubernetes Components Communicate Securely in Your Cluster - Maya Kaczorowski, Google

How *do* your cluster components talk to each other?

In this expository talk, we'll first cover the main Kubernetes components that need trusted communication - that is, the API server, kubelet, and etcd, and how this communication is protected. Then, we'll go over how the cluster certificate authority (CA) works, and how this grants certificates to Kubernetes components. Furthermore, we'll explain what authentication, integrity, and encryption means, and what options are available in Kubernetes, and what you need to configure to address these pieces of CIS benchmarks. Lastly, we'll explain how you can protect other communications within your cluster, if needed for your workload - like node to node and pod to pod.

You'll come away with a better understanding of how communications in Kubernetes work, cluster trust, and default protections.

Speakers

Maya Kaczorowski

Product Manager, Software Supply Chain Security, N/A

Maya has worked in enterprise security for over a decade. She was mostly recently the Chief Product Officer at Tailscale. Previously, she was at GitHub in software supply chain security, and at Google working on container security, encryption at rest and encryption key management... Read More →

Thursday November 21, 2019 11:50am - 12:25pm PST
Ballroom Sec 20CD - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

11:50am PST

Cloud Native Smart Contract with Knative - Jay Guo & Ying Chun Guo, IBM

Smart contract in blockchain carries out business logics by manipulating data in ledger. Hyperledger Fabric, a permissioned blockchain technology, manages lifecycle of smart contracts by building and running them in Docker containers. However, alleviated privilege is required to access Docker daemon, which is normally against security principal in enterprise. It is not scalable to co-locate smart contracts with Fabric on same host. Also, idle contracts can be waste of resource.

This session will cover in depth why smart contracts should be ran in cloud native fashion, and how this can benefit deployment, operation and performance. This talk will demonstrate the changes made to Fabric to offload smart contract lifecycle management to Knative, a Kubernetes native serverless platform. This talk will also walk through steps that deploy smart contract as Knative service exposed to Fabric.

Speakers

Ying Chun Guo

Software Engineer, IBM

Ying Chun Guo, known as “Daisy”, is an open source developer in IBM China development lab. She has several years experiences in open source communities, starting from OpenOffice, then OpenStack, and recently serverless platforms Apache OpenWhisk and Knative. Now she concentrates... Read More →

Jay Guo

Software Engineer, IBM

Jiannan (Jay) Guo is working for IBM China as software engineer. His main job is to contribute and advocate open source projects and he is currently maintainer of Hyperledger Fabric, a permissioned blockchain technology. He used to contribute to Apache Mesos, a container orchestration... Read More →

Smart Contract on Knative KubeCon pdf

Thursday November 21, 2019 11:50am - 12:25pm PST
Room 11AB - San Diego Convention Center Upper Level

Experience Level Beginner (Very basic information)
Session Slides Included Yes

11:50am PST

Walk-through: Debugging an RBAC Problem in Istio (But Without the Swearing) - Matt Turner, Native Wave

A few months ago, I lost a whole day to debugging a problem with RBAC in Istio. I swore a lot, but I also learned a lot. I learned new tools, new interfaces, and the rabbit hole took me past most major parts of Istio.

Today I'll recreate that debugging session live, to show you the mental models and techniques I used to methodically follow this issue through a complex distributed system. We'll learn about systems debugging techniques in general, and operating Istio in particular.

Speakers

Matt Turner

Software Engineer, Tetrate

Matt is a software engineer at Tetrate, working on Istio-related products, and loves sharing the latest tech and trends with everyone. He's been doing Dev, sometimes with added Ops, for over a decade. His idea of "full-stack" is Linux, Kubernetes, and now Istio too. He's given many... Read More →

20191119 Kubecon NA 19 pdf

Thursday November 21, 2019 11:50am - 12:25pm PST
Room 6F - San Diego Convention Center Upper Level

Experience Level Advanced (Expert level experience)
Session Slides Included Yes

12:25pm PST

Lunch (Provided)

Lunches will be served in Hall C, the West Terrace and the 20 Foyer at the San Diego Convention Center. Specialty meals (if requested) can be picked up at the Cafe Express in Hall C.

Thursday November 21, 2019 12:25pm - 2:25pm PST
Hall C + West Terrace + 20 Foyer - San Diego Convention Center

12:45pm PST

Luis Pabón

MTS, Portworx

Luis Pabón is a CNCF Storage Technical Lead working at Portworx and also a member of Kubernetes and CSI storage communities. Prior to joining Portworx in September of 2017, he worked at CoreOS, Red Hat Storage, NetApp Advanced Technology Group, and EMC on various storage product... Read More →

luis pabon securing your gRPC service pdf

Thursday November 21, 2019 2:25pm - 3:00pm PST
Ballroom Sec 20CD - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

2:25pm PST

Gone in 60 Minutes: Migrating 20 TB from AKS to GKE in an Hour with Vitess - Derek Perkins, Nozzle

The holy grail of Cloud Native tech is to have zero vendor lock-in. That becomes extra challenging when dealing with stateful applications. By leveraging out of the box Kubernetes and Vitess features, Derek and his team were able to migrate a high throughput production workload of 20 TB from Azure (AKS) to Google (GKE) in under an hour. This workload consisted of dozens of services writing to MySQL, including heavy usage of the under-marketed pub/sub style message queue feature of Vitess. Derek will go into detail about the public Helm charts that were used to set up these workloads and how Kubernetes and Vitess were configured. We will also touch on a few ecosystem projects like external-dns, cert-manager that helped make the transition low-touch and seamless.

Speakers

Derek Perkins

Founder & CEO, Nozzle

Derek is the Founder and CEO of Nozzle, an enterprise rank tracking solution that helps companies understand where they and their competitors rank on Google and other search engines. He has been an evangelist for Vitess since it was open sourced, speaking about it often and was responsible... Read More →

Thursday November 21, 2019 2:25pm - 3:00pm PST
Room 14AB - San Diego Convention Center Mezzanine Level

Experience Level Intermediate (Mid-level experience)

2:25pm PST

Panel: State of the Kubernetes Union - Steering Committee Discussion - Davanum Srinivas, Timothy St. Clair, Jorge Castro, VMware; Paris Pittman, Google; Derek Carr, Christoph Blecker, Red Hat; & Nikhita Raghunath, Loodse

The steering committee[1] is tasked with decision-making and oversight with all things related to Kubernetes. This panel discussion is a chance for some navel gazing on where we are today, what got us here and where we are headed to next. This will also be a chance for the newly elected steering committee (October `19 election) to meet face to face with their constituents in the community and wider ecosystem.

[1] https://github.com/kubernetes/steering

Moderators

Jorge Castro

Community Manager, VMware

Speakers

Derek Carr

Distinguished Engineer, Ancestry

Nikhita Raghunath

Software Engineer, Loodse

Paris Pittman

Kubernetes OSS Strategy, Google

Timothy St. Clair

Principal SW Engineer, VMware

Dims

Principal Engineer, AWS

Thursday November 21, 2019 2:25pm - 3:00pm PST
Room 16AB - San Diego Convention Center Mezzanine Level

Experience Level Beginner (Very basic information)

2:25pm PST

K3s Under the Hood: Building a Product-grade Lightweight Kubernetes Distro - Darren Shepherd, Rancher Labs

K3s is a lightweight distribution of Kubernetes originally designed for the edge. Due to its size, simplicity, and fast spin up, thousands of users are currently running k3s in various use cases besides the edge. Darren Shepherd will cover in depth how k3s is built, what changes are made, and how the benefits of k3s are achieved. The technical details about how k3s is packaged as a single binary, how sqlite was added as a data source, how certs are managed, how HA is achieved, how agent tunneling works and much more. Finally, Darren will discuss how these changes are made while still being a fully certified CNCF Kubernetes distribution.

Speakers

Darren Shepherd

Co-founder and CTO, Rancher Labs

Darren Shepherd is a co-founder and the chief architect at Rancher Labs where he has led the development and creation of numerous open source software projects such as k3s, RancherOS, Longhorn, and Rio. His goal is to provide the container industry with reliable tools that ease deployment... Read More →

k3s deep dive pdf

Thursday November 21, 2019 2:25pm - 3:00pm PST
Room 6F - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

2:25pm PST

Networking Optimizations for Multi-Node Deep Learning on Kubernetes - Rajat Chopra, NVIDIA & Erez Cohen, Mellanox

Training a Neural Network may take days or weeks, even on a top of the line GPU. To reduce training time, distributed computation is often employed to spread the work across multiple GPUs and multiple nodes. Horovod is the best example of such a scalable architecture. At NVIDIA, in collaboration with the community, we have configured Kubernetes and multi-node infrastructure to deliver performance that scales as we add more GPUs and nodes. This talk presents the problems and solutions related to networking discovered during this journey.

The inexhaustive list includes solutions like CNI for multiple networks using SRIOV, enabling RDMA over IB and Ethernet (RoCE) to provide low latency, high throughput and direct GPU to NIC connectivity (GPUDirect), enforcing PCI affinity of GPUs with respect to Network Interfaces, using Source-Based routing within pods for L3 networks and much more.

Speakers

Erez Cohen

Vice President for CloudX & AI Program, Mellanox

Erez Cohen acts as Mellanox Vice President for CloudX & AI Programs, responsible for strategy, architecture and implementation. The CloudX program span across multiple cloud solutions including OpenStack, Kubernetes, Microsoft and VMware and incorporate Mellanox state of the art network... Read More →

Rajat Chopra

Principal Engineer, Nvidia

Rajat Chopra is currently working at NVIDIA on AI/Deep-Learning infrastructure projects, which include kubernetes on edge-devices, multi-node multi-rail RDMA for deep learning jobs, layer 4 packet handling for a GPU cloud etc. He is also an expert in container networking with founding... Read More →

Networking Optimizations for Deep Learning pptx

Thursday November 21, 2019 2:25pm - 3:00pm PST
Room 5AB - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

2:25pm PST

SIG Cluster Lifecycle (Cluster API) - Vince Prignano, VMware & Ashish Amarnath, Salesforce

The Cluster Lifecycle SIG is the Special Interest Group that is responsible for building the user experience for deploying and upgrading Kubernetes clusters. Our mission is examining how we should change Kubernetes to make it easier to operate. In this deep dive, we will examine how the Cluster API simplifies the cluster management experience for cluster operators by enabling consistent machine management across environments, and bringing declarative upgrades to Kubernetes clusters.

Speakers

Ashish Amarnath

Senior Software Engineer, Salesforce

Ashish Amarnath is a Senior Member of Technical Staff at Salesforce.Kubernetes community contributor, working mostly in the cluster-api ecosystem.

Vince Prignano

Staff Engineer 2, VMware

Vince is a co-Chair for SIG Cluster Lifecycle, has been with the Cluster API project for 5 years. As a Staff Engineer and Tech Lead for the cluster lifecycle group at VMware, Vince has been exposed to all sorts of requirements on where and how to run Kubernetes.

Cluster API Deep Dive KubeCon 2019 pdf

Thursday November 21, 2019 2:25pm - 3:00pm PST
Room 6E - San Diego Convention Center Upper Level

Running High Performance User space Packet Processing Apps in K8s Kubecon NA 2019 pdf

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

2:25pm PST

Running High-performance User-space Packet Processing Apps in Kubernetes - Abdul Halim, Intel & Peng Liu, Red Hat

With 5G on the horizon, networking is transforming around us. Network functions have already found their way from proprietary blackbox into servers running in Linux. The Linux networking stack simply cannot keep up with increasing demands for higher throughput and lower latency of these packet flows. The packet processing pipeline is now run in userspace instead, bypassing the kernel. DPDK provides an environment and API to run high-intensive packet processing in userspace. Many CNFs are developed using DPDK. A DPDK application requires specific resources from a host for guaranteed performance. Deploying and running such applications in K8s is always a challenging task.

In this presentation & demo, users will learn about open source technologies and components and how to leverage them to deploy workloads that requires high performance networking infrastructure in a Kubernetes cluster.

Speakers

Abdul Halim

Cloud Software Engineer, Intel

Abdul Halim is a Cloud Software Engineer working with Cloud Native Orchestration team at Intel R&D based in Shannon, Ireland. Currently he is focused on enabling high-performance networking solutions for NFV use-cases. He is a maintainer of SR-IOV network device plugin and SR-IOV... Read More →

Peng Liu

NFV Partner Engineer, Red Hat

Peng Liu is a NFV partner engineer of the office of the CTO at Red Hat. He works in the areas of high performance networking and other NFV features on open source cloud platform, like Kubernetes and Openstack. Currently he is focussing on facilitating the Kubernetes integration with... Read More →

Thursday November 21, 2019 2:25pm - 3:00pm PST
Room 11AB - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

2:25pm PST

The Gotchas of Zero-Downtime Traffic /w Kubernetes - Leigh Capili, Weaveworks

Noticing your customers receive 503's every now-and-then?
Do they spike when you're updating your app or rotating your k8s cluster nodes?
Maybe you used to have this problem -- then you added some strange settings and it's mostly working now…

What most people need from Kubernetes regarding web-traffic is a repeatable but under-documented combo of esoteric, non-default options.

We'll walk through the basic needs of shaping traffic and apply that knowledge to the states of compute, rollout, and canonical networking we see with k8s.
Expect tidbits about CRI, CNI, Ingress, and the design trade-offs present in Kubernetes and its API's.

You’ll leave this session knowing how to keep your apps serving successful requests for a myriad of edge-cases.

Speakers

Leigh Capili

Developer Experience Engineer, Weaveworks

Leigh is a Kubernetes Contributor and works in Developer Experience with Weaveworks. :wheel_of_dharma: He authored kubeadm's etcd mTLS implementation and is currently working toward k8s component-standards and cluster-addons. Previously, he helped design a functional state-store for... Read More →

The Gotchas of Zero Downtime Traffic pdf

Thursday November 21, 2019 2:25pm - 3:00pm PST
Ballroom Sec 20AB - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

2:25pm PST

Securing Communication Between Meshes and Beyond with SPIFFE Federation - Evan Gilman, Scytale & Oliver Liu, Google

One of the hottest features that Istio brings to the table is transparent, mutually-authenticated TLS between all workloads running on it. Under the covers, it relies on SPIFFE to provide the cryptographic identity that is used to perform this mutual authentication.

SPIFFE relies on an authority to issue identity. In an Istio mesh, Istio Citadel (CA) issues certificates to workloads by default... but, what happens when you have more than one Istio mesh, and hence more than one Citadel? Or Istio workloads talking to external services?

Enter SPIFFE federation. It allows SPIFFE identity issuers to peer with each other, enabling workloads in disparate domains to securely authenticate and communicate with each other. In this talk, we will describe the challenges involved here and how SPIFFE addresses them, as well as demonstrate SPIFFE federation between Istio mesh and SPIRE.

Speakers

Evan Gilman

Staff Engineer, VMware

Evan Gilman is an engineer with a background in computer networks. With roots in academia, and currently working on the SPIFFE project, he has been building and operating systems in hostile environments his entire professional career. An open source contributor, speaker, and author... Read More →

Oliver Liu

Senior Software Engineer, Google

Dr. Oliver (Yonggang) Liu is a senior software engineer in Google. He is one of the early developers and core engineers of Istio. Oliver has 10 years of experience in research and development of distributed systems and service mesh. Oliver received his PhD degree from University of... Read More →

Evan Oliver KubeCon 2019 Talk pdf

Thursday November 21, 2019 2:25pm - 3:00pm PST
Room 6C - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

2:25pm PST

Bringing the Envoy Service Mesh to Mobile - Jose Nino & Michael Schore, Lyft

99.999% reliability on the server is meaningless if mobile apps are only able to complete the desired product flows a fraction of the time. Learn how Lyft built, and deployed Envoy Mobile (envoy-mobile.github.io) in their Swift/Kotlin apps and is benefitting from a single, consistent Envoy-based network stack across every platform.

Envoy Mobile was created to provide apps with the same network configurability, observability, and transport technologies that Envoy Proxy enables for the server - as if apps are simply another node on a service mesh. This unlocked a new tier of reliability on mobile and paved the way for many enhancements such as QUIC, request prioritization, and low connectivity handling. This talk will cover how this library was built, how Lyft tested it in their mobile apps, and what benefits they’ve already started to see.

Speakers

Michael Schore

Software Engineer, Lyft

Michael Schore has nearly a decade of experience working on server and client networking technologies. He was an early implementer of SPDY, and wrote and deployed production stacks for both iOS and Android. Drawing from this experience, he participated in IETF working group discussion... Read More →

Jose Nino

Senior Software Engineer, Lyft

Jose Nino worked on Lyft’s Networking team for 2+ years building out infrastructure that enabled Lyft to scale technically and socially as it developed and rolled out an Envoy-based service-oriented architecture. He was instrumental in building control plane technologies, and resilience... Read More →

EnvoyMobile KubeCon2019 pdf

Thursday November 21, 2019 2:25pm - 3:00pm PST
Room 33ABC - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

2:25pm PST

Cloud Native Runtime Security with Falco - Kris Nova, Sysdig & Abhinav Srivastava, Frame.io

Falco is a CNCF Sandbox project focused on Container Runtime Security. In this maintainers track session the Falco maintainers will focus on what runtime security is and how it differs from other layers of security for Kubernetes. They will show how to enable system call abnormality detection using Falco’s eBPF integration, as well as how to detect abnormal behavior in the Kubernetes API server. Lastly, the Falco maintainers will walk through various implementation examples from end users of Falco, and how to integrate Falco in with cloud based event processing services to build security event pipelines. Attendees will leave with a better understanding of Falco and runtime security, how to get started writing their own Falco rules, and how to contribute improvements to the project.

Speakers

Kris Nóva

Chief OSS, Sysdig

Kris Nova, Chief Open Source Advocate at Sysdig, focuses on security, intrusion detection, and the Linux kernel with Kubernetes and eBPF. As an active advocate for open source, Nova is an ambassador for the CNCF and the creator of kubicorn, a successful Kubernetes infrastructure management... Read More →

Abhinav Srivastava

VP and Head of Information Security, Frame.io

Abhinav Srivastava is the Head of Information Security at Frame.io, where he leads infrastructure, security, and compliance initiatives. Before joining Frame.io, Abhinav spent 6 years in AT&T Shannon Labs as a Principal Researcher working on systems, cloud, IoT, and network security... Read More →

Thursday November 21, 2019 2:25pm - 3:55pm PST
Room 31ABC - San Diego Convention Center Upper Level

Experience Level Any

2:25pm PST

Containerd Mini-Summit - Phil Estes, IBM; Lantao Liu, Google; Derek McGowan, Docker; & Yu-Ju Hong, Google

Join containerd maintainers in this mini-summit to discuss the latest work happening on containerd. They will provide an overview of the state of the project, deep dive into recent changes, and discuss ongoing work for Windows support in containerd and Kubernetes CRI. At the end, maintainers will participate in a panel discussion and Q&A with attendees. The moderated panel will discuss topics related to various uses of containerd, from isolated runtimes like Firecracker, high performance environments like serverless, and user focused workflows like build.

Speakers

Lantao Liu

Software Engineer, Google

Lantao Liu is Software Engineer from Google Kubernetes Team. He is a maintainer of Kubernetes and containerd. He received M.S. and B.S. degree in Peking University. He has been working on Kubernetes for 3 years, and mainly focus on the node area.

Yu-Ju Hong

Software Engineer, Google

Derek McGowan

Software Engineer, Docker

Open source maintainer working on container technology for the last 9 years.

Phil Estes

Principal Engineer, AWS

Kubernetes Containerd Windows Support pdf

containerd deep dive 2019 pdf

Thursday November 21, 2019 2:25pm - 3:55pm PST
Room 6D - San Diego Convention Center Upper Level

Experience Level Any
Session Slides Included Yes

2:25pm PST

Everything You Always Wanted to Know About SIG-CLI but Were Afraid to Ask - Phillip Wittrock, Google; Maciej Szulik, Red Hat; & Sean Sullivan, Google

This session is intended for all interested in what SIG-CLI is and what it does. Whether you're fresh to Kubernetes or an old-timer you are more than welcome. This session will be fully interactive, and its contents will entirely rely on the expectations of the attendees. Depending on audience interest, Phil, Maciej, and Sean will address several topics, including: - Kubectl code tour which will provide basic knowledge for working on kubectl itself, as well as how to write kubectl plugins. - The main initiatives SIG-CLI is undertaking, including but not limited to: splitting kubectl out of main Kubernetes repository, plugins - its development and management, resource configuration with kustomize, dynamic commands, etc. - Gathering feedback and discussing problems people struggle the most with kubectl.

Speakers

Sean Sullivan

Software Engineer, Google

Sean Sullivan is a Software Engineer at Google, a co-chair of the SIG CLI (Command Line Interface), and an active SIG CLI and Kubernetes contributor since 2017. Sean has presented at a Kubecon conference every year since 2018. In his free time, Sean likes to surf and read.

Phillip Wittrock

Software Engineer, Google

Phillip Wittrock is Staff Software Engineer at Google, a member of the Kubernetes Steering Committee, and a Kubernetes SIG CLI Technical Lead. Phillip’s hobbies include debating how kubectl is pronounced and talking about Kubernetes at social events. Positions Held: Kubernetes... Read More →

Maciej Szulik

Senior Principal Software Engineer, Red Hat

Maciej is a passionate developer with almost 2 decades of experience in many languages. Currently he's working on OpenShift and Kubernetes for Red Hat. Whereas at night he is hacking on side projects with python. In his spare time he enjoys reading a good book or taking photos.

Thursday November 21, 2019 2:25pm - 3:55pm PST
Room 7AB - San Diego Convention Center Upper Level

Kubecon NA 2019 Five Cool Things you can do with Network Service Mesh pdf

Experience Level Any

2:25pm PST

Five Cool Things You Can Do with Network Service Mesh - Ed Warnicke, Cisco Systems; Nikolay Nikolaev, VMware; & Frederick Kautz, Doc.ai

Network Service Mesh enables hybrid/multi-cloud IP Service Mesh at the granularity of individual workloads. This expands the realm of connectivity options to include things never before possible. After seven months in the CNFC Sandbox, the core project contributors are gathering together to share their insights on the status and future plans of the project They will provide a brief grounding in Network Service Mesh followed by a tour of five of these new possibilities. The session will include sharing concepts and ideas as well as showing Kubernetes deployment strategies, excerpts of Go code and lots of console typing.

Speakers

Ed Warnicke

Distinguished Engineer, Cisco Systems

Ed Warnicke is a Distinguished Engineer at Cisco Systems. He has been working for two decades in many areas of networking and Open Source. Ed is currently a co-founder of and active contributor to the OmniBOR and Network Service Mesh projects. Ed has a masters in Physics (String Theory... Read More →

Nikolay Nikolaev

Engineering Manager, Isovalent

Nikolay Nikolaev is an Engineering Manager at Isovalent's Datapath team. For more than 20 years, he has been implementing networking software ranging from hardware boxes to powerful server applications and virtualized data planes. He spent some time in the virtualization world using... Read More →

Frederick Kautz

Director of R&D, TestifySec

Frederick collaborates on security and networking. He is on the SPIFFE Steering Committee, focusing on providing Zero Trust Workload Identity to compute workloads and resources. Frederick co-authored Solving the Bottom Turtle. He is a co-founder of OmniBOR and maintains the reference... Read More →

Thursday November 21, 2019 2:25pm - 3:55pm PST
Room 17AB - San Diego Convention Center Mezzanine Level

Experience Level Any
Session Slides Included Yes

2:25pm PST

Intro + Deep Dive: Kubernetes Storage SIG - Saad Ali, Google

Join Kubernetes SIG Storage to learn about the areas of our focus, what we are working on currently, and how you can get involved. Veteran SIG Storage members will also present details on projects the SIG is actively working on, and help answer any questions you may have.

Speakers

Saad Ali

Senior Engineering Manager, Google

Saad Ali is a Senior Engineering Manager at Google. He works on the open-source Kubernetes project, and has led the development of the Kubernetes storage and volume subsystem. He serves as a lead of the Kubernetes Storage SIG, has served as member of the CNCF Technical Oversight Committee... Read More →

2019 11 12 Intro + Deep Dive Kubernetes Storage SIG pdf

Thursday November 21, 2019 2:25pm - 3:55pm PST
Room 1AB - San Diego Convention Center Upper Level

Experience Level Any
Session Slides Included Yes

2:25pm PST

Rook: Cloud-Native Storage Orchestration (Introduction and Deep Dive) - Jared Watts, Upbound; Bassam Tabbara, Upbound; Travis Nielsen, Red Hat; & Alexander Trost, Cloudical

Rook is an open source cloud-native storage orchestrator for Kubernetes, providing the platform, framework, and support for a diverse set of storage solutions to natively integrate with cloud-native environments. In this session, the maintainers of Rook will be presenting a variety of topics that are aimed at all attendees with differing levels of experience. We will begin with an introduction to the project that is suitable for newcomers to learn what problems Rook solves. Then we will be showcasing multiple demos of the various storage providers supported by Rook, providing attendees with a practical and diverse exposure of Rook in action. We will conclude with an exploration of the longer term goals and roadmap of the project, inviting participation and feedback from the community to help steer the project direction and continue solving real problems with storage in the Kubernetes ecosystem.

Speakers

Bassam Tabbara

CEO and Founder, Upbound

Bassam Tabbara is the CEO and Founder of Upbound, the cloud control plane company, and the creator of the Crossplane CNCF projects. Prior to Upbound, he was the CTO of Quantum, and CTO and co-founder of Symform, a P2P storage startup acquired by Quantum. Earlier he was a Partner Software... Read More →

Jared Watts

Founding Engineer, Upbound

Jared Watts is a Founding Engineer at Upbound, where he is working on advancing cloud-native computing by enabling anyone to build their own cloud platform. He is also a co-creator of the open source Crossplane (https://crossplane.io) and Rook (https://rook.io) projects. Prior to... Read More →

Alexander Trost

Founding Engineer, Koor Technologies, Inc

I'm Alexander Trost, Founding Engineer of Koor Technologies, Inc. and maintainer of the Rook project. I'm happy to talk about anything container, storage and container storage related.

Travis Nielsen

Senior Technical Staff Member, IBM

Travis Nielsen is a Senior Technical Staff Member for IBM where he is a maintainer on Rook and member of the ODF and Ceph engineering team. Prior to IBM and Red Hat, Travis worked in storage at Quantum and Symform, a P2P storage startup, and was an engineering lead for the Windows... Read More →

Kubecon San Diego Rook Project Intro pdf

Kubecon San Diego EdgeFS Project Intro pdf

YugabyteDB Rook KubeCon pdf

Kubecon San Diego Rook Cassandra Operator pdf

KubeCon San Diego Ceph Deep Dive pdf

Thursday November 21, 2019 2:25pm - 3:55pm PST
Room 15AB - San Diego Convention Center Mezzanine Level

Experience Level Any
Session Slides Included Yes

2:25pm PST

SIG Auth Update and Deep Dive - Mo Khan, Red Hat; Mike Danese, Google; & Tim Allclair, Google

This session will cover the inner workings of SIG Auth and its sub projects. The SIG is looking to expand contributors and attending this session is a great way to get involved. An update of the SIG's activities in the last six months will be provided. Based on community feedback, three deep dive topics will be covered: 1. The future of pod security policies Various limitations and structural problems have prevented the PSP API from GA. Possible paths forward will be explored. 2. Open Policy Agent and Gatekeeper Gatekeeper is an early stage project that aims to support policy enforcement via a Kubernetes style, custom resource definition based API. 3. Bound service account tokens, audiences and the future of container identity Asserting identity of Kubernetes workloads to external components is an essential part of access control. Bound SA tokens make this task easier and more secure.

Speakers

Mike Danese

Software Engineer, Google

Mike is a software engineer at Google. He has worked on Kubernetes and GKE for over 7 years and is currently the lead of the GKE Identity, Policy Enforcement, and Regulated and Compliance teams. He is a chair and TL of the Kubernetes Auth Special Interest Group. He develops and maintains... Read More →

Tim Allclair

Software Engineer, Google

Mo Khan

Software Engineer, Microsoft

Mo Khan is a software engineer who is passionate about open source and security. He started working on Kubernetes in 2016, and currently serves as a chair, technical lead and subproject owner for Kubernetes SIG Auth, a member of the Kubernetes Security Response Committee and a contributor... Read More →

sig auth kubecon na 2019 pdf

Thursday November 21, 2019 2:25pm - 3:55pm PST
Room 32AB - San Diego Convention Center Upper Level

Tutorials, Customizing + Extending Kubernetes

Experience Level Any
Session Slides Included Yes

2:25pm PST

Tutorial: A Kind Workflow for Contributing to Kubernetes - Benjamin Elder, Google; Duffie Cooley, VMware; James Munnelly, Jetstack; & Patrick Lang, Microsoft (Limited Available Seating; First-Come, First-Served Basis)

Please bring your laptop fully charged as we will have limited charging stations available in the room.

How can you be confident that the change you make is functioning as you expect *before* you submit that PR?

Many contributors to the Kubernetes code base want to increase the confidence they have in their code prior to pushing that code upstream. This workflow will simplify this process for you!

Bring your Mac, Windows or Linux laptop to this session! We will show how to install the tools you need - Docker, golang and Kind.

We will guide you through a great workflow for contributing and testing your code. We will be leveraging sigs.k8s.io/kind to show you how to build Kubernetes locally and test your code. Then we’ll use Kind to run e2e tests against your local build.

Together, these new skills will enable you to feel more confident in the changes you are introducing to the existing code base and enable you to contribute more frequently!

Speakers

James Munnelly

Solutions Engineer, Independent

James is a Solutions Engineer at Jetstack, which involves helping customers bend and break Kubernetes to their will. He helps maintain a number of extensions to Kubernetes, including cert-manager (a Kubernetes native x509 certificates platform), kubernetes-sigs/kind (Kubernetes-in-Docker... Read More →

Benjamin Elder

Software Engineer, Google

Patrick Lang

Software Engineer, Microsoft

Duffie Cooley

Duffie Cooley, VMware

Duffie is a Staff Cloud Native Architect at VMware focused on helping enterprises find success with technologies like Kubernetes. Duffie has been working with all things virtualization and networking for 20 years and remembers most of it. He likes to present on topics ranging from... Read More →

Thursday November 21, 2019 2:25pm - 3:55pm PST
Room 29ABCD - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)

2:25pm PST

Tutorial: From Notebook to Kubeflow Pipelines: An End-to-End Data Science Workflow - Michelle Casbon, Google, Stefano Fioravanzo, Fondazione Bruno Kessler, & Ilias Katsakioris, Arrikto (Limited Available Seating; First-Come, First-Served Basis)

Please bring your laptop fully charged as we will have limited charging stations available in the room.

This session targets data scientists and ML engineers who want to leverage Kubernetes to scale up their Machine Learning experiments. Attendees will learn a) the basics of Kubeflow, the ML toolkit for K8s, and b) how to build and deploy complex data science pipelines on-prem and on the Cloud with Kubeflow Pipelines.

The tutorial will focus on two essential aspects:
1. Low barrier to entry: deploy a Jupyter Notebook to Kubeflow Pipelines on the cloud using a fully GUI-based approach. This workflow enables data scientists to exploit the scaling potential of K8s - no CLI commands, SDKs, or K8s knowledge required.
2. Reproducibility: automatic data versioning and volume snapshots will enable full reproducibility and collaborative development, as well as fine grained analysis and visualizations after pipeline executions.

Setup: must bring own laptop. Qwiklab/GCP credits will be provided

Speakers

Michelle Casbon

Senior Engineer, Google

Michelle Casbon is a Senior Engineer at Google, where she focuses on open source for machine learning and big data tools. Prior to joining Google, she was at Qordoba as Director of Data Science and Idibon as a Senior Data Science Engineer. Within these roles, she built and shipped... Read More →

Stefano Fioravanzo

Product Manager

Stefano Fioravanzo is a Research Software Engineer at Fondazione Bruno Kessler, an ICT research center leading AI research in Italy for 40 years. His interests lie in building AI platforms based on Cloud Native technologies, empowering local communities and producers with smart tools... Read More →

Ilias Katsakioris

Software Engineer, Arrikto

Ilias Katsakioris is a Software Engineer at Arrikto. He holds a Diploma in Electrical and Computer Engineering from the National Technical University of Athens. He is a Kubernetes and Kubeflow enthusiast, and he has been contributing to the Kubeflow project for almost a year. His... Read More →

From Notebook to Kubeflow Pipelines pdf

Thursday November 21, 2019 2:25pm - 3:55pm PST
Hall D - San Diego Convention Center

Tutorials, Machine Learning + Data

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

2:25pm PST

Tutorial: Service Mesh for the Developer Workflow - Christian Posta, Solo.io & Nic Jackson, Hashicorp (Limited Available Seating; First-Come, First-Served Basis)

Please bring your laptop fully charged as we will have limited charging stations available in the room.

Service mesh is often presented as a solution for network engineering and system operability, increasing security, reliability, and observability. However, service mesh is also an incredibly useful tool for developers, and understanding how to leverage this technology can dramatically simplify your day to day workflow.

By leveraging free and open-source tools and a scenario-based approach, we will illustrate how a service mesh can help with application resilience, observability, and debugging.

By the end of this workshop you will understand:
How to use metrics and distributed tracing effectively
Reliability patterns like retries, timeouts, and circuit breaking
How to leverage Canary deployments
How you can effectively debug distributed systems

The cloud-native, open-source technology used in this tutorial include:
Envoy
Prometheus
Gloo shot
Consul Service Mesh
Loop
Squash
Open Census

Speakers

Nic Jackson

Developer Advocate, Hashicorp

Nic Jackson is a developer advocate at HashiCorp, and the author of “Building Microservices in Go”, a book which examines the best patterns and practices for building microservices with the Go,

Christian Posta

Global Field CTO, Solo.io

Christian Posta (@christianposta) is VP, Global Field CTO at Solo.io. He is the author of Istio in Action as well as many other books on cloud-native architecture and is well known in the cloud-native community for being a speaker, blogger (https://blog.christianposta.com) and contributor... Read More →

Thursday November 21, 2019 2:25pm - 3:55pm PST
Room 30ABCDE - San Diego Convention Center Upper Level

Tutorials, Application + Development

Experience Level Intermediate (Mid-level experience)

3:15pm PST

Mentoring + Networking (Signup to be a Mentee or a Mentor)

Thursday November 21, 2019 3:15pm - 4:30pm PST
Room 3 - San Diego Convention Center Upper Level

Networking + Mentoring

Experience Level Any

3:20pm PST

Serving HTC Users in Kubernetes by Leveraging HTCondor - Igor Sfiligoi, University of California San Diego

High Throughput Computing (HTC), sometimes also called batch computing, has long been and still is the major workhorse for most R&D organizations. Typical workloads include parameter sweeps, Monte Carlo simulations and partitionable dataset processing. Kubernetes by itself is not very well suited for such workloads, which are submitted by hundreds of concurrent users and rely on the execution of thousands, or even millions of small tasks. This presentation will provide an overview of how HTCondor, a prominent HTC system, can be used to effectively and efficiently manage such workloads. The author has been running such a system on a Kubernetes cluster operated out of the University of California San Diego, and will share his experience and issues he encountered during that time.

Speakers

Igor Sfiligoi

Lead Scientific Software Developer and Researcher, University of California San Diego

Igor has been active in distributed computing for over 20 years. He has started in real-time systems, moved to local clusters, worked with leadership HPC systems, but spent most of his career in computing spanning continents. For about 10 years, he has been working on one such world-wide... Read More →

kubecon19 htcondor v2 pdf

Thursday November 21, 2019 3:20pm - 3:55pm PST
Room 6E - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

3:20pm PST

Kubernetes at Reddit: Tales from Production - Greg Taylor, Reddit, Inc

This talk is the EAGERLY-anticipated sequel to last year's "Kubernetes at Reddit: An Origin story". Whereas the saga's first installment focused on early results, thoughts, and a rough higher-level vision, this year's edition serves as a retrospective for how it all shook out over Reddit's last year of rapid Kubernetes adoption.

The audience will hear of successes, share in the heartbreak of production explosions, and gain insight into what has and hasn't worked well for one of the world's busiest web properties. Topics covered include:

* A brief recap of InfraRed, our internal Infrastructure product
* How org-wide adoption has progressed
* Scaling challenges (Infrastructure and Inter/Intra-team)
* Fires, near-misses, and outages, oh my!
* Successes and celebration
* Lingering questions and challenges
* The impact of Kubernetes at Reddit

Speakers

Greg Taylor

Engineering Manager, Reddit, Inc

Greg Taylor leads the Release Engineering team within the Reddit's Infrastructure division. He and his team steward the internal Kubernetes-based infrastructure product (InfraRed) and build tooling and process to empower service owners to get their ideas to production. Greg has recently... Read More →

Kubernetes at Reddit Tales from Production pdf

Thursday November 21, 2019 3:20pm - 3:55pm PST
Ballroom Sec 20AB - San Diego Convention Center Upper Level

Building and Scaling Cloud Native Nordics; Tips, Tricks, and Lessons Learned (CloudNativeCon+KubeCon NA 2019) pdf

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

3:20pm PST

Building and Scaling Cloud Native Nordics; Tips, Tricks, and Lessons Learned - Lucas Käldström, Independent & Kasper Nissen, Lunar

In this talk, Lucas and Kasper will share their experiences building a Cloud Native Community in the Nordic countries; Finland, Denmark, Sweden and Norway.

Bootstrapping a decentralized community of meetup speakers, enthusiasts, organizers, and companies can be challenging to get right. Key issues to solve on a community-level includes aggregation of data, standardizing common patterns and practices on running meetings, documenting how to start new groups, collaborating with CNCF, setting up communication channels and organizing monthly calls.

Lucas and Kasper will share their stories on organizing Meetups and similar events, scaling this community, and becoming CNCF Ambassadors. They will give practical tips and tricks for the audience to apply to their local community in turn. After this talk you’ll know how to get 10 meetup groups with 4600 members in total to collaborate.

Speakers

Lucas Käldström

Senior Software Engineer, Upbound

Lucas is a Kubernetes and cloud native expert who has been serving the CNCF community in lead positions for 6 years. He’s awarded Top CNCF Ambassador 2017 with Sarah Novotny. Lucas was a co-lead for SIG Cluster Lifecycle, co-created kubeadm, Weave Ignite, and ported Kubernetes to... Read More →

Kasper Borg Nissen

Lead Platform Architect, Lunar

Kasper is a Cloud Native Computing Foundation Ambassador, and co-founder of the Nordic meetup alliance, Cloud Native Nordics, where he serves as Community Lead. He works as Lead Platform Architect at Lunar. He has worked at Lunar for 6 years, and is one of the architects behind the... Read More →

Thursday November 21, 2019 3:20pm - 3:55pm PST
Room 33ABC - San Diego Convention Center Upper Level

Kubecon San Diego 2019 Evolving the Kubernetes Ingress APIs to GA and Beyond [PUBLIC] pdf

Experience Level Beginner (Very basic information)
Session Slides Included Yes

3:20pm PST

Evolving the Kubernetes Ingress APIs to GA and Beyond - Christopher M Luciano, IBM & Bowei Du, Google

The Ingress API has existed as beta type since early 2016 release in Kubernetes 1.2. Since its inception, it has been fairly lightweight and additions remained infrequent in attempts to maintain portability within the Kubernetes ecosystem. In response, Ingress API implementations commonly leverage a different internal API or extend the Ingress API by heavily decorating the resource with annotations.

In this session, we will present the Ingress enhancements for the GA/v1 Ingress API and what factors went into these decisions. Furthermore, we'll explore several possible directions for what a v2 API could entail and walk through several examples including existing non-Kubernetes implementations.

Speakers

Christopher Luciano

Advisory Software Engineer, IBM

Christopher M Luciano is an advisory software developer for IBM’s Digital Business Group, where he works on Kubernetes, Istio, and Envoy. Previously, Christopher was the lead on the Watson container runtime squad. He is a frequent speaker about Istio and Kubernetes and has recently... Read More →

Bowei Du

Senior Staff Engineer, Google

Bowei is a lead on Kubernetes Networking at Google. He has worked on various topics in SIG-NETWORK, the most recent being helping shepard the new Gateway APIs (https://gateway-api.sigs.k8s.io/)

Thursday November 21, 2019 3:20pm - 3:55pm PST
Room 16AB - San Diego Convention Center Mezzanine Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

3:20pm PST

Building a Medical AI with Kubernetes and Kubeflow - Jeremie Vallee, Babylon Health

Engineering AI systems at scale can be difficult, especially in highly regulated environments like healthcare. Many challenges arise, such as ensuring reproducibility, controlling data access policies, and running highly secure infrastructure. But with some planning and meticulous engineering, this can be achieved.

At Babylon Health, we've leveraged Kubernetes, Kubeflow, Argo, Istio, OPA, and many other Cloud Native technologies to provide a secure research platform for building and scaling medical AI models across the world.

In this talk, we will share our experience so far, give an overview of how these components fit together, and explain our vision for the future of our platform. We will demonstrate how using open-source CNCF technologies can help you achieve your goal of experimenting, training and serving your AI models at scale, while operating in a regulated environment.

Speakers

Jeremie Vallee

AI Infrastructure Lead, Babylon Health

Jeremie is a Cloud Infrastructure Engineer working at Babylon Health, using Cloud Native technologies to scale AI model training. When he's not writing YAML, you can find him running in one of London's many parks, or being lost in a music festival somewhere in France. But mostly... Read More →

Building Medical AI With Kubernetes Kubeflow KubeCon pdf

Thursday November 21, 2019 3:20pm - 3:55pm PST
Room 11AB - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

3:20pm PST

Kubeadm Deep Dive (SIG Cluster Lifecycle) - Fabrizio Pandini, VMware & Yago Nobre, Nubank

What a year for kubeadm! After reaching GA at the very beginning of this year, the kubeadm project growth never stopped, and now it is time to start defining the roadmap for the next big milestone of this project.
Don’t miss this talk if you want to understand what are the driving forces for kubeadm evolution, if you want to take your first opportunity to influence the roadmap, or, least but not last, if you are considering to step up as a new contributor helping making this happen. We’ll reserve time to talk about how to get involved with SIG Cluster Lifecycle and kubeadm, for all your questions, concerns, and feature requests!

Speakers

Yago Nobre

Software Engineer, Nubank

Software engineer at Nubank, managing Kubernetes Clusters in production since 2016. Contributor on kubeadm.

Fabrizio Pandini

Staff Engineer, VMware

A Kubernetes contributor obsessed with making Kubernetes lifecycle simple and consistent across all types of infrastructures, so everyone can build amazing applications on top of it. When I’m not busy as a SIG Cluster Lifecycle tech lead or as a project maintainer in Cluster API... Read More →

Kubeadm Deep Dive pdf

Thursday November 21, 2019 3:20pm - 3:55pm PST
Room 5AB - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

3:20pm PST

CoreDNS: Beyond the Basics - Cricket Liu, Infoblox & John Belamaric, Google

This session will cover aspects of CoreDNS's configuration beyond the basics, including signing DNS data with DNSSEC, supporting DNS over TLS (DoT), manipulating queries and responses, managing zone data with Git, running a full recursive DNS server with the unbound plugin, configuring CoreDNS to perform multi-cluster service discovery. The session is intended for people with a solid understanding of basic CoreDNS configuration who wish to support more advanced use cases or to extend CoreDNS's functionality.

Speakers

Cricket Liu

Chief DNS Architect, Infoblox

Cricket Liu is an authority on the Domain Name System and the co-author of all of O'Reilly Media’s books on DNS, including the classic DNS and BIND. As Infoblox’s Chief DNS Architect, Cricket guides the development of Infoblox’s product and business strategy, and serves as a... Read More →

John Belamaric

Senior Staff Software Engineer, Google

CoreDNS Beyond the Basics KubeCon NA 2019 pdf

Thursday November 21, 2019 3:20pm - 3:55pm PST
Room 6C - San Diego Convention Center Upper Level

2019.11.21 KubeCon North America Manuel Pais The Elephant in the Kubernetes Room Team Interactions at Scale pdf

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

3:20pm PST

The Elephant in the Kubernetes Room: Team Interactions at Scale - Manuel Pais, Independent

Kubernetes helps us tame sprawling microservices architectures and address increased operational complexity. Kubernetes gives developers abstractions and APIs to deploy and run their services.

Yet, the elephant in the room is that to run, maintain and evolve Kubernetes clusters, we need more ops expertise and most likely a dedicated team to do so.

The question that begs to be asked is if we risk going back to pre-DevOps isolation between Dev and Ops teams? Is the tradeoff between better operational tools and introducing a new dependency layer on the path to production for application teams worthwhile? Are we making life easier for application teams or instead reducing their end-to-end ownership?

Manuel will then introduce Team Topologies, a balanced approach for thinking about teams responsibilities and interactions which can help get the most value out of your Kubernetes adoption.

Speakers

Manuel Pais

Co-Author, "Team Topologies"

Manuel Pais is co-author of Team Topologies: Organizing Business and Technology Teams for Fast Flow. Recognized by TechBeacon as a DevOps thought leader, Manuel is an independent IT organizational consultant and trainer, focused on team interactions, delivery practices, and accel... Read More →

Thursday November 21, 2019 3:20pm - 3:55pm PST
Room 6F - San Diego Convention Center Upper Level

James Condon Prepare to Be Boarded! A Tale of Kubernetes, Plunder, and Cryptobooty KubeCon 2019 pdf

Experience Level Beginner (Very basic information)
Session Slides Included Yes

3:20pm PST

Prepare to Be Boarded! A Tale of Kubernetes, Plunder, and Cryptobooty - James Condon, Lacework

How are Kubernetes cluster’s being compromised in the wild? There aren’t a whole lot of public reports detailing successful attacks against Kubernetes clusters. The goal of this talk is to demystify these attacks and provide recommendations to prevent them.

In this talk, a successful attack on a Kubernetes honeypot is analyzed. The amount of time it took for this to occur is quite surprising. Next, using this information, the scope of research is widened to survey other clusters that have fallen victim to the same attacks. Multiple cryptojacking campaigns emerge and details behind the methods of the attackers are shared. After providing statistics on these attacks, recommendations for prevention along with indicators of compromise are provided.

Speakers

James Condon

Director of Research, Lacework

James Condon is Director of Research at Lacework. James is a security veteran with over 10 years of experience in incident response, intelligence analysis, and automated threat detection. James was previously Director of Threat Research at ProtectWise (acquired by Verizon), an Incident... Read More →

Thursday November 21, 2019 3:20pm - 3:55pm PST
Room 14AB - San Diego Convention Center Mezzanine Level

Supercharge your Microservices CICD with Service Mesh and Kubernetes pdf

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

3:20pm PST

Supercharge Your Microservices CI/CD with Service Mesh and Kubernetes - Brian Redmond, Microsoft

We all know by now that Service Mesh provides many benefits to containers on Kubernetes. Linkerd, Istio, and Consul are some great examples. With Service Mesh Interface (SMI), adoption is becoming much easier.

Along with a lot of other features, Service Meshes are great at traffic shifting and observability which are helpful for microservice deployment and CI/CD platforms. Testing new versions in production with strategies such as Blue/Green, A/B, and canary rollouts are key in ensuring that deployments are error-free.

In this session, I will dig deep into how you can integrate Service Mesh into deployment pipelines and automate these kinds of CI/CD methods. I will talk about observability using projects such as Prometheus and how it is key to validate candidate releases with real time latency statistics down to specific paths/methods.

As always, I will include lots of demos!

Speakers

Brian Redmond

Principal Product Manager, Microsoft

I am a Principal Product Manager working on our Cloud Native Platforms and AKS. My role is to support our customer and community efforts. I have been working in technology for over 28 years and have a mixed background from application development to infrastructure. I am based in Denver... Read More →

Thursday November 21, 2019 3:20pm - 3:55pm PST
Ballroom Sec 20CD - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

Thomas Phelan

Fellow, HPE

Tom is an HPE Fellow. He joined Hewlett Packard Enterprise when BlueData, Inc. was acquired by HPE in November of 2018. Tom was the Co-Founder and Chief Architect of BlueData and led the team that developed the EPIC platform for automating and managing AI/ML/DL/Big Data containerized... Read More →

KubeCon KubeDirector Final pdf

Thursday November 21, 2019 4:25pm - 5:00pm PST
Ballroom Sec 20CD - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

4:25pm PST

Tinder's Move to Kubernetes - Chris O'Brien & Chris Thomas, Tinder

Almost 2 years ago, Tinder decided to move its platform to Kubernetes. Kubernetes afforded us an opportunity to drive Tinder Engineering toward containerization and low-touch operation through immutable deployment. Application build, deployment, and infrastructure would be defined as code.

We were also looking to address challenges of scale and stability. When scaling became critical, we often suffered through several minutes of waiting for new EC2 instances to come online. The idea of containers scheduling and serving traffic within seconds as opposed to minutes was appealing to us.

During our migration in early 2019, we reached critical mass within our Kubernetes cluster and began encountering various challenges due to traffic volume, cluster size, and DNS. We solved interesting challenges to migrate 200 services and run a Kubernetes cluster at scale.

Speakers

Chris O'Brien

Senior Engineering Manager, Tinder

Chris is a Software Engineer who works in Cloud Infrastructure—Kubernetes, CI/CD, AWS, Linux, Automation and Configuration Management (Terraform, Ansible, Chef, Puppet), and other open source technologies.

Chris Thomas

Engineering Manager, Tinder

Chris is an Engineering Manager for Tinder Cloud Infrastructure. He leads the Resiliency team, which is responsible for much of the infrastructure powering the Tinder backend platform, as well as Observability.

Tinder KubeCon 2019 pdf

Thursday November 21, 2019 4:25pm - 5:00pm PST
Ballroom Sec 20AB - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

4:25pm PST

WIGM and Why You Want an Operator - Carson Anderson, Weave

Operators are amazing! At least that is what what they say. But what is the actual value they provide? Are they really better than just managing things with yaml? Yes, this is yet another presentation about operators. But with a twist: this presentation takes a new service from yaml, to templates, to two different operators.

The presentation will introduce WIGM. A very simple piece of software deployed in Kubernetes that has one job: download and serve a single GIF. But even the simplest software comes with operational concerns: How to deploy many copies with different configurations? How to update them reliably? How to change configuration without breaking everything?

This is a different kind of operator talk: One that covers the why of operators instead of just the how.

Speakers

Carson Anderson

DevX-O, Weave

Carson has a deep passion for CICD, Kubernetes, Docker, and Distributed systems. Not just for building and managing these systems, but for finding ways to make them accessible and useful. Carson loves being a cloud native and open source liaison to Weave and the hundreds of developers... Read More →

WGIM And Operators KubeCon19 Carson Anderson pdf

Thursday November 21, 2019 4:25pm - 5:00pm PST
Room 15AB - San Diego Convention Center Mezzanine Level

Experience Level Beginner (Very basic information)
Session Slides Included Yes

4:25pm PST

GPU as a Service Over K8s: Drive Productivity and Increase Utilization - Yaron Haviv, Iguazio

Building machine learning applications is hard. Surprisingly enough, it’s not the data science that’s hard, but all the operations around it. GPUs accelerate performance, but pose challenges such as GPU resource sharing, software dependencies and data bottlenecks. In a cloud-native era, data scientists are looking for a GPU-powered machine learning PaaS like AWS Sagemaker or Google AI, only based on open source technologies, without vendor lock-ins and/or on-premises. Yaron Haviv will demonstrate how to integrate Kubernetes, KubeFlow, high-speed data layers and GPU-powered servers to build self-service machine learning platforms. He will show how GPU resources can be pooled to maximize utilization and increase scalability, how to use RAPIDS for 10x faster data processing and how to integrate GPUs with the rest of the machine learning stack.

Speakers

Yaron Haviv

CTO, Iguazio

Yaron Haviv is a serial entrepreneur who has deep technological experience in the fields of ML, big data, cloud, storage and networking. Prior to Iguazio, Yaron was the Vice President of Datacenter Solutions at Mellanox, where he led technology innovation, software development and... Read More →

GPU as a Service Yaron Haviv pdf

Thursday November 21, 2019 4:25pm - 5:00pm PST
Room 17AB - San Diego Convention Center Mezzanine Level

SIG Scheduling Deep Dive, KubeCon 2019 NorthAmerica (2) pdf

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

4:25pm PST

Deep Dive Into the Latest Kubernetes Scheduler Features - Abdullah Gharaibeh, Google Inc.

Kubernetes Scheduler is the component of Kubernetes that assigns pods to nodes based on the configured scheduling requirements. Users can choose to run their clusters with high resource efficiency, high reliability, or other custom policies. The scheduler also implements a number of critical Kubernetes features, such as "Node Affinity", "Inter-pod affinity and anti-affinity" and the new "Even pod spreading" features. This talk will provide information on recent SIG Scheduling projects and features, including the the scheduling framework and even pod spreading. We will dedicate about half of the time of the presentation to audience questions and users' feedback.

Speakers

Abdullah Gharaibeh

Staff Software Engineer, Google

Abdullah is a staff software engineer at Google and sig-scheduling and working group batch co-chair. He works on Kubernetes and Google Kubernetes Engine, focusing on scheduling and batch workloads.

Thursday November 21, 2019 4:25pm - 5:00pm PST
Room 6C - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

4:25pm PST

Introduction to Notary - Justin Cappos & Santiago Torres Arias, NYU

This talk introduces the Notary project, an implementation of The Update Framework for container applications. This is the major project for container image signing, and is used by Docker Hub, Azure Container Registry, Harbor and others. This talk will give an overview of how Notary works, how to use it and integrate it with other projects, ongoing work on the project, and how to contribute.

Speakers

Santiago Torres

PhD Student, New York University

Justin Cappos

Professor, NYU

Thursday November 21, 2019 4:25pm - 5:00pm PST
Room 32AB - San Diego Convention Center Upper Level

Experience Level Any

4:25pm PST

RDMA Enabled Kubernetes for High Performance Computing - Jacob Anders, CSIRO & Feng Pan, Red Hat

Adoption of Kubernetes in scientific workloads has been hampered by limited support for high speed interconnects used in HPC clusters. Fortunately, we can now solve this problem by enabling RDMA in Kubernetes.

In this session, we will describe the HPC use case and requirements from an end user's perspective. We will discuss how RDMA, a highly efficient network transport protocol, can be used to address this challenge. We will then provide an overview of a community driven RDMA implementation for Kubernetes using CNI plugins and SR-IOV.

Finally, we will demonstrate real-world applications running in RDMA-enabled Kubernetes environment and provide a performance comparison between standard and RDMA-enabled networking.

You will leave this session understanding the state of the art for HPC networking on Kubernetes.

Speakers

Feng Pan

Sr. Manager, Software Engineering, OpenShift, Red Hat

Feng leads the OpenShift network engineering organization, responsible for all networking related features and roadmaps for OpenShift platform. Previously, Feng led Office of The CTO Networking team.

Jacob Anders

HPC Technical Lead, CSIRO

Jacob Anders is a Linux and Cloud architect with strong focus on High Performance Computing. He is a pioneer of using high performance interconnects in Cloud Computing, starting with OpenStack in 2012, currently working on RDMA support in Kubernetes. Jacob is interested in large scale... Read More →

RDMA HPC KubeCon NA 2019 FINAL pdf

Thursday November 21, 2019 4:25pm - 5:00pm PST
Room 33ABC - San Diego Convention Center Upper Level

KubeCon NA 2019 Enforcing Service Mesh Structure using Gatekeeper pdf

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

4:25pm PST

Enforcing Service Mesh Structure using OPA Gatekeeper - Sandeep Parikh, Google

Organizations need the ability to apply rules to their workloads and services, at scale and distinct from the development of those services. Policies and policy enablement provide those governance capabilities with declarative approaches. OPA Gatekeeper integrates with Kubernetes and is able to provide the right guardrails to enforce structure and keep your deployments running smoothly. In this session we'll talk about policy management and how OPA Gatekeeper can help manage policies at scale. We'll walkthrough the high-level architecture of Gatekeeper along with applied examples and demonstrate how it can be used to manage security and traffic management mechanisms found in service mesh deployments.

Speakers

Sandeep Parikh

DevRel Engineer, Google Cloud

Sandeep is a DevRel Engineer for Google Cloud, where he focuses on making it easier for developers & operators to adopt DevOps and cloud native tools and processes. Sandeep’s background is in software engineering and he's worked for Google, VMware, Apple, MongoDB, and many others... Read More →

Thursday November 21, 2019 4:25pm - 5:00pm PST
Room 6F - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

4:25pm PST

Ready to Serve! Speeding-Up Startup Time of Istio-Powered Workloads - Michal Malka & Etai Lev-Ran, IBM

Pod startup time has long been a focus area for cloud-native platforms. Optimizing startup time is critical to support use cases such as autoscaling, upgrades, and failure recovery. The recent rise of the serverless model, along with its key value proposition of scale-to-zero of idle workloads, has made pod startup time important than ever: The platform must be able to start the pod fairly quick, such that the latency of request-triggered scale-from-zero is acceptable.

In this talk, we'll analyze the latency contributed by Istio service mesh to pod startup time, right from pod creation and up to the pod becoming ready to service requests. We'll also examine various techniques to reduce it, including using Istio CNI to bootstrap the pod's network, launching the sidecar proxy with an initial routing configuration, and using manual sidecar injection.

Speakers

Etai Lev Ran

System Architect, IBM Research

Etai works for the IBM research lab in Haifa and is responsible for application networking research efforts. He has previously worked on cloud infrastructure services, distributed file systems and high performance networked systems.

Michal Malka

Manager, IBM Cloud Foundations, IBM

Michal is working as a manager of the Cloud Foundations group at the IBM Haifa Research Lab, focusing on several projects in the area of Hybrid Cloud. Michal has deep knowledge in microservices technologies and is currently working on new directions for Istio as the microservices... Read More →

ReadyToServe pdf

Thursday November 21, 2019 4:25pm - 5:00pm PST
Room 11AB - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

4:25pm PST

Identity Bootstrapping in Multi-tenant Multi-cluster Kubernetes - Manish Mehta, Volterra & Derek Suzuki, The Voleon Group

With the increasing popularity of Kubernetes, providing managed K8s has been a great way to convert enthusiasts into adopters. However, current solutions mainly focus on providing isolated clusters and adopters are responsible for making workload identities work across clusters. If multi-tenancy is added to the mix, the challenges of bootstrapping identities that work across clusters - but within tenancy - are even greater.

In this presentation, the speakers will share challenges of securely bootstrapping identities in such a setup (especially when the individual clusters could be running in untrusted environments), the tradeoffs, and possible solutions. Manish will also introduce planned open-source components of a solution used by Volterra Edge Services for identity bootstrapping and other security services.

Speakers

Derek Suzuki

Director of DevOps, The Voleon Group

Derek Suzuki is Director of DevOps at The Voleon Group. Previously he was Senior Director of Information Technology and Business Applications at Outbrain and has held a variety of technology management roles at Redwood Systems, ZipRealty, Wine.com, Juno Online Services, and other... Read More →

Manish Mehta

Chief Security Architect, Volterra

Manish Mehta is Chief Security Architect at Volterra Edge Services, CA. In the past, he has worked at Netflix, Cryptography Research Inc., and other SF bay area companies designing and developing solutions around secure bootstrapping, authentication (service and user), and authorization... Read More →

IdentityBootstrapping v4 pdf

Thursday November 21, 2019 4:25pm - 5:00pm PST
Room 14AB - San Diego Convention Center Mezzanine Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

4:25pm PST

Fine Grained Mesh Metrics for Better Visibility With Native Performance - Mandar Jog & Kuat Yessenov, Google

Knowing granular traffic patterns is crucial in understanding the functioning and health of a service mesh. The existing Envoy extensions collecting metrics are either not granular enough or can consume too many resources.

In this session, attendees will learn about an efficient way of producing granular metrics. This method introduces a new metadata exchange protocol between peer workloads and uses the new Envoy/WASM metrics API to produce richly dimensioned metrics based on the exchanged metadata.

The operator can add arbitrary peer dimensions like availability zones and locality to get additional insights into the traffic. Istio will use this technique to efficiently produce highly dimensioned Istio standard telemetry.

Attendees will see a demo of rich telemetry collection to Prometheus at near native performance.

Speakers

Mandar Jog

Istio TL/M, Google

Mandar is a co-lead of the Istio extensions and the Istio performance and scalability workgroups. He would like to see adoption of service meshes everywhere so as to realize the full promise of micro services architecture. Mandar has been working on the Isio project since its inception... Read More →

Kuat Yessenov

software engineer, google

Kuat is a maintainer of the envoyproxy/go-control-plane and a contributor to envoy. He has been an integral part of the Istio team at google since the beginning.

mesh metrics istio v2 (2) pptx

Thursday November 21, 2019 4:25pm - 5:00pm PST
Room 16AB - San Diego Convention Center Mezzanine Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

4:25pm PST

CNCF's Serverless WG - Tell Me Where it Hurts - Doug Davis, IBM; Mark Peek, VMware; & Ruben Romero Montes, Red Hat

In this session the CNCF Serverless Working Group will provide an update to the community on the state of Serverless since we produced our whitepaper and landscape document over a year ago. We'll overview what's changed in the community and what the new, and exciting, developments are - such as new open source projects and trends. Then we'll turn this into a BoF session where we'd like to hear from the community about where they would like the CNCF, and our WG, to go: e.g. what are the pain points people are seeing with respect to interoperability and portability of their Serverless workloads.

Speakers

Doug Davis

PM Microservices, Microsoft

Mark Peek

Principal Engineer, VMware

Mark is a Principal Engineer at VMware working across areas of interest such as cloud management, cloud native applications, and open source. Currently, he is leading the work on serverless within VMware. Mark contributes to a wide range of open source projects and is the VMware representative... Read More →

Ruben Romero Montes

Principal Software Engineer, Red Hat

Ruben is a member of the OpenShift Middleware Solutions Engineering Team at Red Hat. During this time he has been collaborating on improving the integration of Red Hat Business Automation on OpenShift.

KubeCon NA 2019 Serverless WG pdf

Thursday November 21, 2019 4:25pm - 5:55pm PST
Room 6D - San Diego Convention Center Upper Level

Experience Level Any
Session Slides Included Yes

4:25pm PST

Envoy Overview and Maintainer Q&A - Harvey Tuch, Google; Lizan Zhou, Tetrate; Stephan Zuercher, Slack; & Snow Pettersen , Square

A general overview of Envoy (https://www.envoyproxy.io/) as well as an opportunity to ask Q&A to maintainers in attendance.

Speakers

Snow Pettersen

Software Engineer, Square

Snow works on Square's Traffic & Observability team, focusing on service discovery and all things software proxies. In addition to this, he is also an Envoy maintainer.

Harvey Tuch

Software Engineer, Google

Harvey Tuch is a Staff Software Engineer at Google where he leads the Envoy Platform team. He is an Envoy senior maintainer and is a driver of the Universal Dataplane API (UDPA) initiative. His Envoy interests include xDS APIs, security, fuzzing and performance.

Lizan Zhou

Founding Engineer, Tetrate

Lizan Zhou is a Founding Engineer at Tetrate leading mesh backend team. He is a senior maintainer of Envoy and one of the core contributors of Istio. Previously he was working at Google Cloud, during his time at Google he worked on security and networking on Istio and Cloud Endpoints... Read More →

Stephan Zuercher

Slack, Software Engineer

Thursday November 21, 2019 4:25pm - 5:55pm PST
Room 1AB - San Diego Convention Center Upper Level

Experience Level Any

4:25pm PST

Intro + Deep Dive: Cloud Native Network Function (CNF) Testbed - Taylor Carpenter & Denver Williams, Vulk Coop

The Cloud Native Network Function (CNF) Testbed is a CNCF initiative to provide a neutral space for exploring and evaluating open source networking technologies and their interoperability. The initiative fosters cross-community collaboration and includes contributors from FD.io CSIT, Network Service Mesh and OpenStack among others. This intro + deep dive session will walk through how users can provision the hardware and cluster infrastructure on Packet bare-metal machines as well as the deployment of various telecom-focused use cases onto those clusters. There will be time for Q/A as well as looking at the implementation for some components of the CNF Testbed. Attendees should leave this session with an understanding of how to deploy the CNF Testbed with their own Packet accounts and to contribute to the CNF Testbed initiative.

Speakers

Denver Williams

Project Co-Lead, cncf.ci, Vulk Coop & CNCF

Taylor Carpenter

Partner + Factotum, Vulk Coop

[KubeCon NA 2019] CNF Testbed Intro + Deep Dive pdf

Thursday November 21, 2019 4:25pm - 5:55pm PST
Room 6E - San Diego Convention Center Upper Level

Experience Level Any
Session Slides Included Yes

4:25pm PST

Intro + Deep Dive: Multicluster SIG - Irfan Ur Rehman, Turbonomic; Paul Morie, Red Hat; & Quinton Hoole, FutureWei

SIG-Multicluster is focused on solving common challenges related to the management of many Kubernetes clusters, across multiple cloud providers (so-called hybrid cloud) and applications deployed across many clusters.

In the introduction, we'll give attendees an overview of the current status of the multicluster problem space in Kubernetes and of the SIG. Beyond the technical details, we'll also cover the results of an on-going survey to gather feedback relevant to and assess adoption of the current SIG subprojects.

Finally, we'll also be soliciting additional feedback from the community about the SIG's current efforts and future direction. This session will mostly be an open dialog; attendees will have the opportunity to ask questions in person as well as leave survey responses that the SIG will use to plan next steps.

Speakers

Paul Morie

Sr. Principal Software Engineer, Red Hat

Paul is a Principal Engineer at Red Hat and a Kubernetes maintainer. He's been working on Kubernetes since 2014, concentrating at different points on application development primitives, service catalog, container security, and multicluster problems. Before Kubernetes, he worked on... Read More →

Irfan Ur Rehman

Sr. Software Engineer, Turbonomic

Irfan is a senior engineer associated with the Advanced Engineering group at Turbonomic. In his current role he is tasked with drafting multi cluster capabilities for Turbonomic’s analytics platform. He has also been associated with SIG Multicluster, particularly Kubernetes Cluster... Read More →

Quinton Hoole

Technical Vice President, FutureWei

SIG Multicluster KubeCon NA 2019(2) pdf

Thursday November 21, 2019 4:25pm - 5:55pm PST
Room 5AB - San Diego Convention Center Upper Level

Experience Level Any
Session Slides Included Yes

4:25pm PST

Intro + Deep Dive: Specialized Network Protocols for IoT+Edge with Kubernetes - Steven Wong, VMware & Dejan Bosanac, Red Hat

This session will survey communication protocols and technologies used in the edge and IoT space. These use cases can call for specialized protocols and transports: -publish subscribe, multicast -protocols tolerant of intermittent connectivity -Protocols popular in industry verticals (vehicle bus, industrial automation, building automation) In some cases, support exists now for use with Kubernetes. If not, device gateways and protocol converters might be an option. Agenda: -survey of protocols and transport standards for IoT and edge -Intro to how a device gateway or protocol converter works -Intro to extending Kubernetes with CRDs to manage new device types -Deep Dive / Futures: Could the service mesh concept be extended beyond TCP, HTTP(s)? -Demonstration: Kubernetes management of an edge application using a specialized protocol -Demonstration: Use a device gateway with Kubernetes

Speakers

Dejan Bosanac

Principal Software Engineer, Red Hat

Steven Wong

Staff Engineer, VMware

Kubecon NA IoT Edge Intro and Deep Dive pdf

Thursday November 21, 2019 4:25pm - 5:55pm PST
Room 31ABC - San Diego Convention Center Upper Level

Experience Level Any
Session Slides Included Yes

4:25pm PST

Intro + DeepDive: SIG Scalability - Wojciech Tyczynski & Mateusz Matejczyk, Google

This session will focus on the different efforts that SIG Scalability is involved in: defining what scalability means for Kubernetes, driving improvements, infrastructure for scalability testing, tests and guarding Kubernetes against performance regressions. Each of those areas will first be described at the high level, followed up with deeper insight into concrete aspects and summarized with most recent achievements and a roadmap for future work. Time for Q&A will be reserved at the end of the session to understand how the SIG can better engage with the community as well as to allow the audience to provide the input about the roadmap.

Speakers

Wojciech Tyczyński

Senior Staff Software Engineer, Google

Wojciech is working on Google Technical Infrastructure & Cloud since 2012. Since 2015 he works on Kubernetes and GKE. With the main focus on scalability, performance and reliability, he gained experience and contributed to many Kubernetes features and most of its components. Before... Read More →

Matt Matejczyk

Senior Software Engineer, Google

Matt is a senior software engineer at Google, and helps lead Kubernetes scalability effort.

SIG Scalability Intro + Deep Dive (US 2019) pdf

Thursday November 21, 2019 4:25pm - 5:55pm PST
Room 7AB - San Diego Convention Center Upper Level

KubeCon NA 2019 Tutorial and CTF Attacking and Defending Kubernetes Clusters A Guided Tour pdf

Experience Level Any
Session Slides Included Yes

4:25pm PST

Tutorial: Attacking and Defending Kubernetes Clusters: A Guided Tour - Brad Geesaman, Brad Geesaman Consulting; Jimmy Mesta, KSOC, Inc.; Tabitha Sable, Independent; & Peter Benjamin, Teradata (Limited Available Seating; First-Come, First-Served Basis)

Please bring your laptop fully charged as we will have limited charging stations available in the room.

Is your Kubernetes cluster able to resist the most common attacks? And, are all the necessary detection mechanisms in place to know if a security issue did occur?

In this hands-on workshop, the instructors will dive into the art and science of Kubernetes security through a series of interactive attack and defense scenarios. Attendees will learn through instructor-led exercises how to identify and exploit realistic misconfigurations in Kubernetes clusters to achieve full cluster compromise. Each attack step will be matched with hardening measures and specific methods for detection and response workflows.

Each workshop attendee will be provided with a pre-configured Kubernetes cluster running realistic workloads in a cloud-based lab environment. The tools and methodologies covered by these exercises will directly help attendees secure their own organization's clusters.

Speakers

Peter Benjamin

Principal Security Engineer

Peter Benjamin is a Software Engineer with a background in Security and a co-organizer for the San Diego Kubernetes and Go meet-ups. He has a passion for enabling engineers to build secure and scalable applications, services, and platforms on modern distributed systems.

Brad Geesaman

Staff Security Engineer, Ghost Security

Brad Geesaman is a Staff Security Engineer at Ghost Security and focuses on researching and building cloud-native systems with a security practitioner's mindset. When he’s not hacking on containerized environments, he enjoys spending time with his family in Virginia, eating Mexican... Read More →

Jimmy Mesta

Co-Founder, KSOC

Jimmy Mesta is the Co-Founder and CTO at KSOC. He is a veteran security engineering leader focusing on building cloud-native security products. Prior to KSOC, Jimmy held senior leadership positions at a number of enterprises including Signal Sciences (acquired by Fastly) where he... Read More →

Tabitha Sable

Staff Engineer, Datadog

Tabitha Sable never met a system she didn't want to take apart. She serves the Kubernetes community as co-chair of SIG Security and a member of the Security Response Committee. At work, Tabitha leads Runtime Infrastructure Security at Datadog. She writes exploits, hardens infrastructure... Read More →

Thursday November 21, 2019 4:25pm - 5:55pm PST
Room 30ABCDE - San Diego Convention Center Upper Level

Tutorials, Security + Identity + Policy

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

4:25pm PST

Tutorial: Deep Dive into the Operator Framework for Kubernetes - Melvin Hillsman, Michael Hrivnak, & Matt Dorn, Red Hat (Limited Available Seating; First-Come, First-Served Basis)

Please bring your laptop fully charged as we will have limited charging stations available in the room.

This is an entry-level tutorial session for both application developers and system administrators interested in building and managing Operators for Kubernetes environments. It is designed for those who have a basic knowledge of Kubernetes and want to learn how to apply domain or application-specific knowledge to automate common operational tasks.

Attendees will understand the past difficulties with building Operators with existing client-libraries and discover how the Operator Framework can ease development workflow.

Step-by-step guidance will be given on the process of creating real-world Operators with Go, Ansible and Helm charts while mastering methodologies, design patterns, and strategies that can assist in avoiding common pitfalls.

Attendees will use the Operator Lifecycle Manager (OLM) to define, install and upgrade Operators as well.

Speakers

Michael Hrivnak

Senior Principal Software Engineer and Software Architect, Red Hat

Michael Hrivnak is a Senior Principal Software Engineer and Software Architect at Red Hat, where he’s been focused on container technology since 2014. He’s been a leader in developing early registry and distribution technology, the Operator SDK, and Kubernetes-native infrastructure... Read More →

Matt Dorn

Principal Engineer, Red Hat

Matt Dorn is a Principal Software Engineer at Red Hat and helps hundreds of IT teams around the world succeed with cloud native technology. He is the author of the “Preparing for the Certified OpenStack Administrator Exam” book, creator of the O’Reilly “Getting Starting with... Read More →

Melvin Hillsman

Senior SRE, Operator Enablement, Red Hat

Melvin Hillsman is a Senior SRE at Red Hat. He is passionate about user and developer collaboration and cross-community interaction and communication. Prior to Red Hat he helped launch OpenLab while working closely with members of the Kubernetes, OpenStack, CNCF, CloudFoundry, AdoptOpenJDK... Read More →

Thursday November 21, 2019 4:25pm - 5:55pm PST
Hall D - San Diego Convention Center

Tutorials, Operations

Experience Level Intermediate (Mid-level experience)

4:25pm PST

Tutorial: Mastering Multi-version CRDs: From YAML to a Serious Development Project - Stefan Schimanski, Red Hat & Joe Betz, Google (Limited Available Seating; First-Come, First-Served Basis)

Please bring your laptop fully charged as we will have limited charging stations available in the room.

To prepare for the session, follow the setup instructions at: https://bit.ly/2JWsbxC

CRDs have become the main vehicle to extend the Kubernetes API. They are ready to build serious products on-top of them. But with more and more features like admission and conversion they are no longer just a hundred lines of YAML, but involve real software development. In this talk/tutorial we will start with a YAML-only CRD project and step-by-step go through the development life-cycle towards a powerful multi-version CRD:

- add schema validation using OpenAPI schema generators
- enable pruning
- add defaulting
- add an admission webhook for powerful turing-complete validation
- evolve the CRD to a new version with a conversion webhook
- including comprehensive testing.

On this journey we will learn a lot of about the expected webhook behaviour, how they fit into API machinery, and about API compatibility and good & bad API practices.

Speakers

Stefan Schimanski

Senior Principal Engineer, Upbound

Joe Betz

Staff Software Engineer, Google

Joe Betz is a tech lead of the Kubernetes api-machinery SIG. Joe has contributed to extensibility features including custom resources, admission webhooks, and CEL. Joe has also contributed to etcd as a project maintainer.

KubeCon NA 19 Multi version CRDs pdf

Thursday November 21, 2019 4:25pm - 5:55pm PST
Room 29ABCD - San Diego Convention Center Upper Level

Tutorials, Customizing + Extending Kubernetes

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

5:20pm PST

Inside Kubernetes Services - Dominik Tornow, Cisco & Andrew Chen, Google

Kubernetes Services are a core abstraction of Kubernetes. In combination with Kubernetes Pods, Kubernetes Services provide the very foundation for scalable and reliable applications hosted on Kubernetes. However, even experienced Kubernetes users struggle to reason about Services end-to-end.

Using a systems modeling approach, this talk will explore the mechanics of Kubernetes Services, connect the dots between K8s Services, K8s Endpoints, and the KubeProxy, all the way to IP Tables and Network Filters. You will leave with a concise and accurate understanding how K8s Services enable scalable and reliable communication in the Kubernetes cluster. In addition, you will leave with a detailed understanding under what circumstances K8s Services DON’T work and how to mitigate the situation.

Speakers

Andrew Chen

Program Manager, Google

Andrew Chen is an Open Source Program Manager at Google Cloud. He has been working to improve the usability and conceptual content of open source documentation.

Dominik Tornow

Principal Engineer, Temporal

Dominik Tornow is a Principal Engineer at Temporal. He focuses on systems modeling, specifically conceptual and formal modeling, to support the design and documentation of complex software systems.

Thursday November 21, 2019 5:20pm - 5:55pm PST
Room 17AB - San Diego Convention Center Mezzanine Level

Experience Level Intermediate (Mid-level experience)

5:20pm PST

Creating a Micro Open-Source Community with Helm - Katie Gamanji, Condé Nast International

For over a century Condé Nast International has set the benchmark for print and digital publishing. Our portfolio is composed of luxury and fashion-oriented brands, like Vogue, GQ, Wired, Glamour and many more. Condé Nast International is a digital-first company, targeting to migrate 34 out of 62 existing websites to the Kubernetes clusters across the globe.

Kubernetes underpins Condé Nast International's entire infrastructure, and Helm is used as the de facto deployment package manager. These two components were critical for the delivery of the highest developer experience.

In time, the development teams became self-sufficient and started to contribute to the base Helm charts instead of going the feature requests route. This created a substantial and agile environment for developers, being able to instigate changes and contribute to the internal developer community.

Speakers

Katie Gamanji

Senior Field Engineer @ Apple, Apple

Katie is a cloud-native leader, practitioner, and contributor, currently in a Senior Field Engineer role at Apple and a TOC for CNCF. As a cloud platform engineer, Katie has contributed to the buildout of infrastructure at Conde Nast, and American Express, gravitating towards cloud-native... Read More →

KubeCon NA Micro Open Source Community with Helm pdf

Thursday November 21, 2019 5:20pm - 5:55pm PST
Room 14AB - San Diego Convention Center Mezzanine Level

Experience Level Beginner (Very basic information)
Session Slides Included Yes

5:20pm PST

Release the Kraken: Bring Sidecar Containers to Next Level - Di Xu, Ant Financial & Xiaoyu Zhang, Alibaba

Sidecar containers are well accepted and widely used nowadays. Sidecars are coupled with normal containers by sharing the same lifecycle and provide accessory features. This is a good pattern to enable applications to be composed of heterogeneous components and technologies by reducing coupling.

The demands of using sidecar containers in production environments are rapidly increasing, although sidecars have not formally identified. More issues and discussions have cropped up in Kubernetes community and slack channels.

Thus, we need a fine-grained way to manage the sidecars, including the starting/terminating order, the lifecycle of sidecars, etc. Also pre and post steps are introduced to better control the sidecars. Moreover, we will introduce some use scenarios on how we maximize the power of sidecars at a large scale in Alibaba Group and Ant Financial.

Speakers

Di Xu

Senior Engineer, Tencent

Currently, he is working at Tencent as a staff engineer, leading a small team working on open source cloud native projects and distributed cloud platform development. Also, he is a top 50 code contributor in Kubernetes community. He had spoken many times at open source conferences... Read More →

Xiaoyu Zhang

Senior Engineer, Alibaba

Xiaoyu Zhang is a senior software engineer in Alibaba Group. He's a member of the Kubernetes organization. He mainly works on Kubernetes project and focuses on docs, kubectl, controller-manager, storage and runtime areas. He had multiple speeches in Cloud Native End User Conference... Read More →

release the kraken pdf

Thursday November 21, 2019 5:20pm - 5:55pm PST
Room 6C - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

5:20pm PST

Supercharge Kubeflow Performance on GPU Clusters - Meenakshi Kaushik & Neelima Mukiri, Cisco

AI/ML applications on Kubernetes can be optimized for performance at many levels.

This presentation provides an overview of the optimizations such as:
- Distributed training on multiple GPUs with optimal selection of interconnects between the GPUs and CPUs.
- Utilizing different types of GPUs/Servers for different workloads like training and inference.
- OS level optimizations to get optimal performance on the hardware.
- Usage of GPU Passthrough for optimal utilization and performance.

This presentation will also cover how the selection of machine learning framework, like Kubeflow, can impact performance and hardware utilization.

Speakers

Meenakshi Kaushik

Leader, Product Manager, Cisco

Meenakshi Kaushik leads product management for Cisco Panoptica Security platform. Meenakshi is interested in the AI and ML space and is excited to see how the technology can enhance human well-being and productivity.

Neelima Mukiri

Principal Engineer, Cisco

Neelima Mukiri is a Principal Engineer in Cisco's Cloud Platform Solutions group working on the architecture and development of Cisco's Container Platform. Prior to this she worked on core virtualization layer at VMware and systems software in Samsung Electronics.

Kubecon Kubeflow Distributed ML pdf

Thursday November 21, 2019 5:20pm - 5:55pm PST
Room 11AB - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

5:20pm PST

Component Standard Working Group - Leigh Capili, Weaveworks & Michael Taufen, Google

The Component Standard Working group is charged to develop a standard foundation (philosophy and libraries) for core Kubernetes components to build on top of. Areas to standardize include configuration (flags, ComponentConfig APIs, ...), status endpoints (healthz, configz, ...), integration points (delegated authn/z, ...), and logging. In this talk we will outline current progress and challenges and how new contributors can get engaged.

Speakers

Michael Taufen

Software Engineer, Google

Michael Taufen is a software engineer at Google. He works on GKE, GKE On-prem, and open-source Kubernetes. He's an active maintainer, who has contributed to a number of projects related to the Kubelet, configuration APIs, release management, OS images, node lifecycle, and most recently... Read More →

Leigh Capili

Developer Experience Engineer, Weaveworks

WG Component Standard KubeCon 2019 pdf

Thursday November 21, 2019 5:20pm - 5:55pm PST
Room 32AB - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

5:20pm PST

Solving Multi-Cluster Network Connectivity With Submariner - Chris Kim, Rancher Labs & Miguel Angel Ajo, Red Hat

Today companies face the need to spread workloads across several clusters, leverage the capabilities of specific clouds, create more resilient services, or comply with GDPR by locating and securing specific data on specific geographic locations, but while that is possible today still communication between clusters is not solved in a transparent and secure way.

Currently the pods and services in two different kubernetes clusters are isolated from each other, network plugins in kubernetes don't have a common for way creating such connectivity. To connect two services in separate clusters the administrator needs to make the application endpoints public, some network plugins provide partial solutions to this problem and service meshes like Istio solve this and more at the cost of some level complexity and overhead.

https://submariner.io solves this problem connecting clusters at IP level

Speakers

Chris Kim

Field Engineer, Rancher Labs

Chris Kim is currently a field engineer at Rancher Labs. Chris originally developed Submariner as an open source project in response to the need he saw for cross cluster network connectivity while helping customers architect Kubernetes based solutions. He is an active contributor... Read More →

Miguel Angel Ajo Pelayo

Senior Principal Software Engineer, Red Hat

Miguel is currently working at the Red Hat CTO Office Emergent technologies / EDGE for the MicroShift project. Previously he worked on the Submariner project in the area of multi-cluster communication and security. He started contributing to OpenStack 7 years ago on the Neutron... Read More →

Submariner Kubecon NA 2019 (1) pdf

Thursday November 21, 2019 5:20pm - 5:55pm PST
Room 15AB - San Diego Convention Center Mezzanine Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

5:20pm PST

Governance on K8s: How to Solve Ownership, Metering & Capacity Planning - Micheal Benedict & Yongwen Xu, Pinterest

Pinterest is a cloud first visual discovery engine that serves over 250MM users. To support this scale, there are thousands of services running on tens of thousands of hosts, processing 300+PB of data. We operate large kubernetes clusters across several availability zones, across regions. The cluster is auto scaled with support for pod level auto-scaling. Finally,to effectively utilize resources within the clusters, we operate heterogeneous workloads on a kitchen sink of instance types. Given this,
1.Who owns what?
2.What is driving utilization?
3.How do we plan capacity effectively with minimal overhead?

In this talk, we will share how we built a governance platform to address the above through defining canonical ownership, metering resource utilization (at various granularities) + reporting and finally a policy enforcement mechanism (ex, pre-emption, placement, etc).

Speakers

Micheal Benedict

Head of Engineering Productivity, Pinterest

Micheal Benedict heads the Engineering Productivity organization at Pinterest that is responsible for languages strategy, source code management, build systems & CI/CD platform. Previously, Micheal led products for the Compute Platform at Twitter. Micheal holds a master's degree in... Read More →

Yongwen Xu

Technical Lead - Engineering Productivity, Pinterest

Yongwen Xu is the Tech Lead at Engineering Productivity Team at Pinterest. Previously, Yongwen worked as a staff engineer at Sun and Oracle developing large scale distributed system. He holds a PhD degree in computer science from the University of Hawaii at Manoa.

Thursday November 21, 2019 5:20pm - 5:55pm PST
Ballroom Sec 20CD - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)

5:20pm PST

Staying in Tune: Optimize Kubernetes for Stability and Utilization - Randy Johnson & Koushik Radhakrishnan, VMware

Kubernetes provides a number of primitives to manage resource consumption. Implementing resource limits, requests and quotas are often the first steps taken to solve this problem at the pod or namespace level. However, the behaviour of an overall Kubernetes cluster as it nears capacity and the parameters available to tune it are often overlooked. To ensure optimal stability and utilization of a cluster, users must learn how to implement, test and manage these parameters over time.

With their field engineering work done for healthcare and financial customers, Randy and Koushik have gathered valuable lessons on how one should approach this problem.This talk will illustrate how you should approach resource limits, resource requests, eviction policies and node allocatable constraints to get the most out of your Kubernetes clusters.

Speakers

Koushik Radhakrishnan

Cloud Native Architect, VMware

Koushik has helped build and rollout infrastructure for some of the largest service providers and enterprise customers. In his role as a Cloud Native Architect at VMware, he is passionate about helping organizations adopt and build solutions around the Kubernetes ecosystem and making... Read More →

Randy Johnson

Cloud Native Architect, VMware

Randy is a Cloud Native Architect on the Kubernetes Architecture team at VMware. He is passionate about container orchestration, distributed systems and solving hard problems. Prior to joining VMware, he was guiding organizations along their cloud modernization journey at Red Hat... Read More →

Staying in Tune (v3) pdf

Thursday November 21, 2019 5:20pm - 5:55pm PST
Room 6F - San Diego Convention Center Upper Level

Experience Level Intermediate (Mid-level experience)
Session Slides Included Yes

5:20pm PST

Kubernetes Policy Enforcement Using OPA At Goldman Sachs - Miguel Uzcategui, Goldman Sachs & Tim Hinrichs, Styra

Managing state on multiple shared Kubernetes clusters may sound scary. The Goldman Sachs Kubernetes team uses OPA to manage that state using two different applications of policy. The first is the validating admission control policies that prevent unsafe resources on the cluster. The second, and novel, application goes beyond simple yes/no decisions and uses OPA policy to provision new resources on the cluster to implement a common baseline, e.g. RBAC, Volumes, ResourceQuotas, and LimitRanges.

This talk focuses on the architectural design that allows GS to run OPA at scale in production. Along the way we discuss best practices and lessons learned, highlighting how GS reduced policy deployment times from days to under 10 minutes. The audience will learn how to create their own policy pipelines using popular open-source tools to enforce OPA policy across multiple Kubernetes clusters.

Speakers

Tim Hinrichs

CTO, Styra

Miguel Uzcategui

Associate, Goldman Sachs

Miguel Uzcategui is a Technology Associate in the Unix Engineering team at Goldman Sachs. He spends his time managing the compute infrastructure in areas such as configuration management, OS patching, and kubernetes. Miguel's team is currently responsible for engineering & maintaining... Read More →

OPA kubecon final pptx

Thursday November 21, 2019 5:20pm - 5:55pm PST
Room 16AB - San Diego Convention Center Mezzanine Level

Experience Level Beginner (Very basic information)
Session Slides Included Yes

5:20pm PST

Envoy on Fire: A Practical Look at Debugging a Service Mesh - Lita Cho & Ryan Cox, Lyft

In this talk, presenters will share lessons from several years of experience running Envoy in production at scale. They will explore practical techniques for triaging issues in a service mesh, along with the intuition behind them. The presenters will cover a broad range of topics including traffic capture, issues specific to GRPC, health checks, and techniques useful during incident mitigation. The talk will end with a deep dive into Envoy stats and their use in resolving issues.

Speakers

Lita Cho

Software Engineer, Lyft

Ryan Cox

Software Engineer, Lyft

Ryan Cox is a software engineer at Lyft focused on infrastructure resilience. His career includes the creation of large-scale ecommerce platforms and extensive time working on systems and infrastructure. He holds patents related to distributed filesystems and is an active member of... Read More →

Thursday November 21, 2019 5:20pm - 5:55pm PST
Ballroom Sec 20AB - San Diego Convention Center Upper Level