Loading…

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Intermediate (Mid-level experience) [clear filter]
Monday, November 18
 

5:02pm PST

Lightning Talk: What Makes a Good Multi-tenant Kubernetes Solution? - Victor Varza, Adobe
Multi-tenancy leads to sharing resources with hundreds of independent users or teams. Currently, Kubernetes primitives do not provide support for running production workloads in a multi-tenant architecture.

This talk is focused on how to glue together open-source technologies in order to achieve soft multi-tenancy requirements such as: self-management, access control, resource control and workload isolation.

You will learn how to build production ready cross-cloud multi-tenant clusters using Kubernetes primitives and other open-source technologies like Cilium, Heptio Contour, Kata Containers, Open Policy Agent and friends.

Speakers
avatar for Victor Varza

Victor Varza

Sr. Cloud Software Engineer, Adobe
Victor Varza is a Senior Cloud Software Engineer at Adobe Romania, where he is currently working on running an enterprise cross-cloud multi-tenant microservices platform based on Kubernetes. He has over 8 years of experience in development of large-scale platforms based on Linux... Read More →



Monday November 18, 2019 5:02pm - 5:07pm PST
Exhibit Hall AB - San Diego Convention Center Ground Level

5:26pm PST

Lightning Talk: Code Kubernetes While You Are Using It - Mario Loriedo, Red Hat
This lightning talk is about deploying a development platform on a Kubernetes cluster and using it to code and rollout an Kubernetes component update. Without stopping coding.

To do so we are going to use Eclipse Che, a container based IDE that runs on Kubernetes and is particularly adapted for rapid cloud native development.

Speakers
avatar for Mario Loriedo

Mario Loriedo

Senior Principal Software Engineer, Red Hat
Mario is a Software Engineer at Red Hat and has been involved in various open source projects integrating containers and development tools. He is the principal architect of the open source project Eclipse Che.



Monday November 18, 2019 5:26pm - 5:31pm PST
Exhibit Hall AB - San Diego Convention Center Ground Level

5:32pm PST

Lightning Talk: Sharing a GPU Among Multiple Containers - Patrick McQuighan, Algorithmia
We’ve been sharing GPU resources across multiple containers since 2016, and we’ve learned a few lessons along the way. In this lightning talk, we’ll walk you through the work we’ve done and discuss some newer approaches to the same problem.

Specifically, this talk will address:

* Why GPUs matter
* What makes sharing GPUs across containers hard
* How we’ve managed to share GPUs in the past
* Recent solutions, including the GPUShare Scheduler Extender project (https://github.com/AliyunContainerService/gpushare-scheduler-extender)


Speakers
avatar for Patrick McQuighan

Patrick McQuighan

Senior Software Engineer, Algorithmia
Patrick joined Algorithmia in December 2015 and has focused on improving system performance and creating the Enterprise AI Layer Enterprise product, an ML deployment and management system that runs on multiple cloud providers and on-prem infrastructures. Previously, Patrick worked... Read More →



Monday November 18, 2019 5:32pm - 5:37pm PST
Exhibit Hall AB - San Diego Convention Center Ground Level

5:44pm PST

Lightning Talk: CRDs All the Way Down – Using OPA for Complex CRD Validation and Defaulting - Puja Abbassi, Giant Swarm
Custom Resource Definitions (CRDs) and custom controllers (aka the operator pattern) are becoming the main way we extend Kubernetes. From etcd and Prometheus to full-on Kubernetes extensions a la Cluster API and Service Broker API - a lot of teams are building operators.

As the CRD concept is maturing SIG API machinery is adding useful features like validation, defaulting, structural schemas, etc. In more complex extensions with multiple CRDs and multiple controllers, we run into validation and defaulting use cases that can only be modeled with custom validation and mutation webhooks.

This talk will discuss use cases for complex CRD validation and defaulting, incl. common use cases like validating a CRD against another CRD. Furthermore, the speaker will make a point of why to use Open Policy Agent as a common agent to implement such use cases.

Speakers
avatar for Puja

Puja

Developer Relations & Product, Giant Swarm
Puja Abbassi is a Developer Advocate and Product Owner at Giant Swarm. As a CNCF ambassador, he's passionate about bringing cloud native technologies to more developers and their companies around the globe. In Kubernetes he focuses on security and authentication as well as extending... Read More →



Monday November 18, 2019 5:44pm - 5:49pm PST
Exhibit Hall AB - San Diego Convention Center Ground Level

6:02pm PST

Lightning Talk: Is Your Kubernetes Cluster's DNS Working? - Jonathan Perry, Flowmill
Your Kubernetes cluster is gaining traction and more and more developers are bringing up new services. That’s great news. But you’ve been getting reports of intermittent service failures that you haven’t been able to track down. It doesn’t seem to be anything else...could it be DNS? Maybe we’re not running enough DNS pods or they are restarting too frequently?

This talk will explain how to actually measure DNS health for your Kubernetes cluster and properly plan its capacity. We will share some specific mechanisms to gather DNS traffic information per service both with some standard Linux tools and systematically with eBPF.

Speakers
avatar for Jonathan Perry

Jonathan Perry

CEO and Co-Founder, Flowmill
Jonathan is CEO at Flowmill. Jonathan was a Facebook fellow and previously worked for 7 years in communication systems R&D and HPC algorithm development in the Israeli Defense Force (IDF). Jonathan received his Ph.D. from MIT CSAIL’s Networks and Mobile Systems group, where his... Read More →



Monday November 18, 2019 6:02pm - 6:07pm PST
Exhibit Hall AB - San Diego Convention Center Ground Level
 
Tuesday, November 19
 

10:55am PST

Containing the Container: Developer Experience vs Strict Security Posture - Brian Bagdzinski & Sharat Nellutla, Verizon
Within Verizon IT we manage multiple multi-tenant Kubernetes clusters across on-prem and multiple clouds hosting hundreds of applications. Containers, Kubernetes, and cloud-native are central pillars: both for our application modernization strategy, and for our north star architecture. However we operate in a highly regulated environment, and our security posture is such that our developers are not permitted to run tools locally that might be considered essential to deliver on this strategy: Docker and Minikube! In this talk we will candidly discuss how we are evolving the developer experience in this space, despite the security constraints, leveraging open source tooling such as Skaffold, Harbor, Kaniko, and Jib.

Speakers
SN

Sharat Nellutla

Associate Director, Verizon
Sharat is an Associate Director at Verizon.  With over 15 years of experience in platform engineering and leadership experience, Sharat leads Verizon's enterprise Kubernetes engineering and Gitops platform engineering teams. He is responsible for multi-cloud Kubernetes architecture... Read More →
avatar for Brian Bagdzinski

Brian Bagdzinski

Cloud Engineer, Verizon
Brian Bagdzinski is a Senior Cloud Engineer at Verizon. As an application developer, as well as being part of a small team responsible for launching a Serverless platform, he is very familiar with how process can get in the way of innovation and creativity. This has instilled in him... Read More →



Tuesday November 19, 2019 10:55am - 11:30am PST
Room 29ABCD - San Diego Convention Center Upper Level
  Application + Development

10:55am PST

Kubernetes at Cruise: Two Years of Multitenancy - Karl Isenberg, Cruise
Cruise has been working on self-driving cars for six years and growing exponentially for most of that time. Two years ago they started using Kubernetes, betting on namespace-level multitenancy to provide isolation between teams and projects. Today they have over 40 internal tenants, 100,000 pods, 4,000 nodes, and… an embarrassing number of KubeDNS replicas.

This session will take you through the motivations, story, and results of migrating to multitenant Kubernetes, along with some hard-earned Pro Tips from the trenches.

You’ll also learn about the open source tooling they built around Spinnaker, Vault, Google Cloud, and Istio in order to integrate with our multitenant Kubernetes.

Come see how they went from barely isolated to very isolated and saved a few million dollars doing it!

Speakers
avatar for Karl Isenberg

Karl Isenberg

Anthos Solutions Architect, Google
Karl Isenberg is on the Blueprint Solutions team at Google. Prior to Google Karl lead the PaaS team at Cruise. Before that, Karl worked on the vendor side on container platforms for more than 5 years as a committer on Kubernetes, DC/OS, and CloudFoundry at Mesosphere and Pivotal... Read More →



Tuesday November 19, 2019 10:55am - 11:30am PST
Room 6F - San Diego Convention Center Upper Level
  Case Studies

10:55am PST

Building Reusable DevSecOps Pipelines on a Secure Kubernetes Platform - Steven Terrana, Booz Allen Hamilton & Michael Ducy, Sysdig
Onboarding development teams can often be the critical point in determining if a team will adopt modern Cloud Native and DevSecOps practices. If there is too much friction for developers to build, scan, and test their applications or to secure their application environments then these best practices are often pushed aside. In this talk we’ll cover how we automated the creation of a trusted software supply chain. Through a live demonstration, we will show how this approach accelerates adoption by allowing developers to inherit a preconfigured pipeline performing various security tests (and underlying tooling) as well as safeguards (via the CNCF Sandbox project Falco) put in place to monitor production workloads for security problems.

Speakers
avatar for Steven Terrana

Steven Terrana

Chief Engineer, Booz Allen Hamilton
Steven is a Chief Engineer at Booz Allen Hamilton focused on building reusable capabilities for the Firm and industry. He uses these capabilities to help organizations adopt all things modern software delivery: DevSecOps, Cloud Infrastructure, Container Orchestration, and Microservice... Read More →
avatar for Michael Ducy

Michael Ducy

Director of Open Source, Sysdig
Michael Ducy started his technology journey at a young age. Always curious, he was once threatened that he’d never have toys bought for him again if he didn’t stop taking them apart to see how they worked. His first workbench was given to him at the age of 5. His first programming... Read More →



Tuesday November 19, 2019 10:55am - 11:30am PST
Ballroom Sec 20AB - San Diego Convention Center Upper Level
  CI/CD

10:55am PST

Only Slightly Bent: Uber’s Kubernetes Migration Journey for Microservices - Yunpeng Liu, Uber
Uber started using docker containers at scale in 2015, and has gone through a few generations of cluster management and service discovery technologies. In early 2019, we started working on migration from Mesos to Kubernetes to support secure service mesh and machine learning workloads.

This is a complex problem - there are thousands of services, tens of millions of containers to be launched daily while maintaining high machine resource utilization. To that end, a lot of customizations are built into our Kubernetes stack including elastic resource sharing, oversubscription, fast rollback and deploy, changes to service discovery and attestation etc.

This talk will cover:
- Overview of Uber Compute Infra
- API server benchmark and tweaks
- Custom controller and scheduler logic
- CRI: resource, health check, logging, isolation
- SPIRE and service discovery setup at Uber

Speakers
avatar for Yunpeng Liu

Yunpeng Liu

Sr Software Engineer, Uber
Lead the compute cluster lifecycle management at Uber.Currently working on efficiency and federation projects in Uber Compute.



Tuesday November 19, 2019 10:55am - 11:30am PST
Room 30ABCDE - San Diego Convention Center Upper Level

10:55am PST

Running Apache Samza on Kubernetes - Weiqing Yang, LinkedIn Corporation
Apache Samza is a distributed stream processing framework that allows you to process and analyze your data in real-time. It has been widely used at Linkedin and other companies on a large scale. Recently, we added Kubernetes as the new scheduler backend for Samza to run in distributed mode. In this talk, we will deep dive into the technical details about how Samza runs natively on Kubernetes by leveraging the primitives provided by Kubernetes for scheduling, storages, etc. We will also compare running Samza on Kubernetes with other existing solutions such as YARN and standalone mode. Finally, we will share some practices about running Kubernetes as a container orchestration framework for other big data processing engines.

Speakers
avatar for Weiqing Yang

Weiqing Yang

Software Engineer, LinkedIn
Weiqing has been working in big data computation frameworks since 2015 and is an Apache Spark/HBase/Hadoop/Samza contributor. She is currently a software engineer in streaming infrastructure team at LinkedIn, working on Samza, Brooklin, etc. Before that, she worked in Spark team at... Read More →



Tuesday November 19, 2019 10:55am - 11:30am PST
Room 1AB - San Diego Convention Center Upper Level
  Machine Learning + Data

10:55am PST

Low Latency Multi-cluster Kubernetes Networking in AWS - Paul Fisher, Lyft
Lyft is migrating their entire service stack of hundreds of microservices to Kubernetes on AWS. A critical component to Lyft’s successful migration is their open source set of CNI plugins which implement a simple, fast, and low latency networking stack tying together multiple Kubernetes clusters into a flat network within AWS Virtual Private Clouds. Paul’s talk takes a deep dive into the design and implementation of Lyft’s multi-cluster Kubernetes platform from a network-centric perspective, including Envoy mesh integration and performance characteristics.

Speakers
avatar for Paul Fisher

Paul Fisher

Software Engineer, Lyft
Paul Fisher works on all things infrastructure related at Lyft, from monitoring software to the service provisioning stack. He’s currently leading the Lyft migration to Kubernetes. Paul tends toward work that lies at the intersection of systems programming and scale. He's previously... Read More →



Tuesday November 19, 2019 10:55am - 11:30am PST
Room 28ABCDE - San Diego Convention Center Upper Level
  Networking

10:55am PST

Making the Most Out of Kubernetes Audit Logs - Laurent Bernaille & Robert Boll, Datadog
The Kubernetes audit logs are a rich source of information: all of the calls made to the API server are stored, along with additional metadata such as usernames, timings, and source IPs. They help to answer questions such as “What is overloading my control plane?” or “Which sequence of events led to this problematic situation?”. These questions are hard to answer otherwise—especially in large clusters. At Datadog, we have been running clusters with 1000+ nodes for more than a year and during that time, the audit logs have proved invaluable.

In this talk, we will first introduce the audit logs, explain how they are configured, and review the type of data they store. We will then demo a functioning setup and show a few different types of analysis techniques. Finally, we will describe in detail several scenarios where they have helped us to diagnose complex problems.

Speakers
LB

Laurent Bernaille

Staff Engineer, Datadog
Laurent Bernaille worked several years as a consultant specialized in cloud, containers, and automation and helped organizations migrate to the public cloud, adopt containers and improve their deployment pipelines. He is now Staff Engineer at Datadog and works in the Compute team... Read More →
RB

Robert Boll

Engineering Manager, Runtime Platforms, Datadog
Rob is a software engineer with a keen interest in cloud infrastructure and delivery. He is currently an Engineering Manager at Datadog, working on the infrastructure platform and scaling global compute infrastructure built on Kubernetes.



Tuesday November 19, 2019 10:55am - 11:30am PST
Room 6C - San Diego Convention Center Upper Level
  Operations

10:55am PST

The Devil in the Details: Kubernetes’ First Security Assessment - Aaron Small, Google & Jay Beale, InGuardians
In October of last year, the Kubernetes project created a new Security Audit working group and began Kubernetes’ first comprehensive third-party security assessment. In the months that followed, we worked closely with Trail of Bits and Atredis Partners to assess and improve Kubernetes’ security posture.  Through code review and penetration testing, we found and addressed 37 new vulnerabilities.  With support from many Kubernetes contributors, the third party security firms and Kubernetes project produced a formal threat model covering eight critical components across six different trust zones.  In this talk, we will share our findings, methodology, and vision for future security investments.  We’ll discuss what the work uncovered, and what this means to Kubernetes security both now and for the future.

Speakers
avatar for Aaron Small

Aaron Small

Product Manager, Google
avatar for Jay Beale

Jay Beale

CTO, InGuardians
Jay Beale works on Kubernetes and cloud native security, both as a professional threat actor and as a member of the Kubernetes project, where he previously co-led the Security Audit working group. He's the architect of the Peirates attack tool for Kubernetes, as well as of the @Bustakube... Read More →



Tuesday November 19, 2019 10:55am - 11:30am PST
Room 16AB - San Diego Convention Center Mezzanine Level

10:55am PST

Service Mesh: There and Back Again - Hema Lee & Cody Vandermyn, Nordstrom
You might have heard about service mesh and its amazing benefits. Maybe you believe it’s the next big thing, but will it truly meet expectations? As any start to a relationship, things look fun and easy but once we talk performance at scale, compliance with internal security policies, and seamless onboarding, you might reconsider taking it home to meet your parents!

With a highly distributed system that includes services running on Kubernetes clusters along with VM and Serverless workloads, vanilla service mesh would not work for us. In this talk, Hema & Cody will cover how Nordstrom’s relationship with service mesh evolved, what initial results revealed, what surprised us, and the open source contributions and adaptations we made to get to production readiness. We will share lessons learned and hopefully help with your service mesh relationship.

Speakers
avatar for Hema Lee

Hema Lee

Software Engineer, Nordstrom
Hema is a Senior Engineer at Nordstrom and a member of the Engineering Platform organization. Currently, she's deep in the world of securing service to service communications across all of Nordstrom's compute infrastructure. Previously, her work spanned developing components for distributed... Read More →
avatar for Cody Vandermyn

Cody Vandermyn

Sr. Software Engineer, Nordstrom
Cody Vandermyn works as a Senior Engineer at Nordstrom. He is an active contributor to open source including the Linkerd project. As an avid software geek, Cody enjoys building cloud native applications using new technology, ensuring they are easy to maintain and educating others... Read More →



Tuesday November 19, 2019 10:55am - 11:30am PST
Ballroom Sec 20CD - San Diego Convention Center Upper Level
  Service Mesh

10:55am PST

Beyond Storage Management - Andrew Large & Yinan Li, Google
Kubernetes added alpha support for persistent volume snapshotting in 1.12 through the Container Storage Interface (CSI). While having some limitations, this feature is critical to stateful workloads and serves as one of the building blocks for developing advanced, enterprise-grade capabilities around data protection.
This talk provides an overview of standard enterprise data protection policies and practices and discusses how those might map into Kubernetes. We’ll discuss the full scope of what data protection might look like in Kubernetes and considerations that go into building an enterprise-grade data protection solution, placing the volume snapshot work in a larger context, and propose some explicit potential future standards activities.

Speakers
YL

Yinan Li

Software Engineer, Google
Yinan Li is currently a Software Engineer at Google. He focuses on work that enriches Kubernetes with enterprise-grade data management capabilities and work that enables large-scale data processing on Kubernetes, including the Kubernetes scheduler backend for Apache Spark. Yinan is... Read More →
AL

Andrew Large

Software Engineer, Google
Andrew Large is currently a software engineer at Google. He focuses on work that enriches Kubernetes with enterprise-grade data management capabilities in hybrid and multi-cloud environments. Prior to Google, Andrew led the cloud analytics teaocsm at Tintri - an enterprise storage... Read More →



Tuesday November 19, 2019 10:55am - 11:30am PST
Room 15AB - San Diego Convention Center Mezzanine Level
  Storage

11:50am PST

eBay Search On K8s - Mohnish Kodnani & Yashwanth Vempati, eBay
eBay currently has billions of items available for search. The search engine at any given time can get around 100K’s of queries per second for search within this inventory.
In order to support this scale of traffic and the size of the inventory we need thousands of servers. The inventory is sharded and then replicated across these servers to handle the traffic. In this talk we will go through how we migrated the application to kubernetes and its deployment architecture while meeting some of the business requirements for resiliency and availability. We will also go through our index distribution architecture that leverages kubernetes principles. At the end we will also share our challenges and learnings while deploying the application on kubernetes.

Speakers
avatar for Mohnish Kodnani

Mohnish Kodnani

Sr MTS, Software Engineer, eBay
Mohnish works on eBay Search Engine’s Indexing and Data Acquisition domains. He is currently in-charge of migrating the Search Engine’s deployment on top of k8s. In his spare time he loves to travel, rock climb and spend time with his 5 year old son.
YV

Yashwanth Vempati

MTS 1,Software Engineer, eBay
Yashwanth is a passionate engineer interested in solving complex business problems. Right now he is working on moving majority of traditional application into cloud native. He is also working on storing data from kubernetes clusters and use them for monitoring and machine learning... Read More →



Tuesday November 19, 2019 11:50am - 12:25pm PST
Room 6C - San Diego Convention Center Upper Level
  Application + Development

11:50am PST

Scaling Resilient Systems: A Journey into Slack's Database Service - Rafael Chacon & Guido Iaquinti, Slack
Monitoring and observability are important concepts, especially in complex and distributed systems. Redundancy and defensive programming are important as well, but sometimes they are not enough. Designing systems to minimize the blast radius when the unexpected happens is often the key.

In this talk, Rafael and Guido will share an overview about how Slack designed, built, scaled and then iterated to improve its distributed database service based on top of Vitess, now a CNCF project. The Databases team at Slack scaled a Vitess cluster from 0 to spikes of 2.7 Million queries per second. This journey has taught us how to operate a database cluster with more than 2000 nodes and expecting to growth to more than 3500 in the next 12 months.

Speakers
avatar for Guido Iaquinti

Guido Iaquinti

Site Reliability Engineer, Freelance
Guido is a system engineer with academic background and experience in high volume/high availability Internet architectures. He is a technology enthusiast excited about open source software. His passion is to develop, scale and automate complex systems.
avatar for Rafael Chacon

Rafael Chacon

Engineer, Slack
Rafael Chacon is a Staff Software Engineer on the infrastructure team at Slack, where he is working on the MySQL database layer on top of Vitess. Rafael has been part of the team that has migrated more than 30% of Slack database traffic from MySQL to Vitess. He is also now a core... Read More →



Tuesday November 19, 2019 11:50am - 12:25pm PST
Ballroom Sec 20AB - San Diego Convention Center Upper Level
  Case Studies

11:50am PST

Applying Policy Throughout The Application Lifecycle with Open Policy Agent - Gareth Rushgrove, Snyk
Open Policy Agent is built to be used as a library in other tools and there are already several open source projects using OPA as generic policy engine. This is powerful because it allows end users to invest in one use case, and reuse some of the same knowledge and tools, especially the Rego data assertion language, to solve other adjacent problems.

In this talk we will look at applying Open Policy Agent tools throughout the application lifecycle. We’ll explore:

* Writing unit tests for Kubernetes configuration (and Helm charts) using Conftest
* Defining a CI pipeline in code, and testing that using OPA
* Gating deployments to the cluster using Gatekeeper
* Auditing the cluster for security best practices, by porting the Kubesec ruleset to Rego
* Porting pod security policies to OPA
* Writing unit tests for the Rego policy code we wrote above

Speakers
avatar for Gareth Rushgrove

Gareth Rushgrove

VP Product, Snyk
Gareth Rushgrove is VP of Product at Snyk, working remotely from Cambridge, UK, helping to build interesting tools for people to better secure their applications. He has previously worked for the UK Government Digital Service focused on infrastructure, operations and information security... Read More →



Tuesday November 19, 2019 11:50am - 12:25pm PST
Room 29ABCD - San Diego Convention Center Upper Level
  CI/CD

11:50am PST

Panel: What’s Essential in an OSS Project Launch Playbook? - Betty Junod, Solo.io; Jian He, Alibaba; Karen Chu, Matt Butcher, & Ronan Flynn-Curran, Microsoft
Creating/developing a new OSS project is hard as is, but how can you go about successfully sharing your project with the community once you’re ready?

Collectively, this panel has launched/worked on multiple open source projects such as Helm, OpenKruise, CNAB, Docker, Gloo & Service Mesh Interface. From their experience, they've identified elements essential to any open source project launch, no matter how small/big your project is.

In this panel, they'll discuss what should be in an OSS project launch playbook:
• Infrastructure: tools needed to create a public space for your project
• Communications: techniques for setting a tone, creating a brand & spreading the word
• Governance: what you need to create a protected but open space for your community
• Goal: purpose of open sourcing your project, rules of engagement
• Community: what you need to plan to grow, cultivate & engage members

Speakers
avatar for Matt Butcher

Matt Butcher

Principal Software Development Engineer, Microsoft Azure
Matt does cloud native open source development at Microsoft, where he has worked on Brigade, Helm, Krustlet and others. Matt is the author of a bunch of books and articles, most recently O'Reilly's book "Learn Helm" (with Matt Farina and Josh Dolitsky). When not coding, Matt enjoys... Read More →
avatar for Karen Chu

Karen Chu

Community PM, Microsoft
Karen Chu is a Community PM on the Microsoft Azure Container Compute Upstream team with a focus on open source tools such as Helm, CNAB, Brigade, CNAB, and more. She is a CNCF Ambassador, meet-up organizer, and conference organizer. She has also worked The Illustrated Children’s... Read More →
JH

Jian He

Staff Engineer, Alibaba
Jian He is a Staff Engineer at Alibaba where he works on container infrastructure to support Alibaba ecosystem. Prior to that, he worked at Hortonworks where he mainly works on Hadoop and is a Hadoop committer and PMC member. Jian He graduated from Brown University in Computer Sc... Read More →
avatar for Betty Junod

Betty Junod

VP of Marketing, Solo.io
Betty Junod is the VP of Marketing at Solo.io focused on open source and commercial software tools in the Service Mesh and Kubernetes ecosystem including Gloo, SuperGloo, GlooShot, Squash and Service Mesh Hub. Previously Betty led product and partner marketing at Docker, the container... Read More →
avatar for Ronan Flynn-Curran

Ronan Flynn-Curran

Designer/Software Engineer, Microsoft
Ronan is a designer and developer who brands, builds and works to boost open source projects at Microsoft Azure. He works within the Deis Labs team, whose goal is to make container-based developer tools accessible and friendly to all. Day-to-day he works on making sites, identity... Read More →


Tuesday November 19, 2019 11:50am - 12:25pm PST
Room 7AB - San Diego Convention Center Upper Level

11:50am PST

Hardware-based KMS Plug-in to Protect Secrets in Kubernetes - Raghu Yeluri & Haidong Xia, Intel
Secrets are a key pillar of K8S security, and K8S 1.10+ enhanced the protection of secrets at-rest in the etcd, with support for an external KMS (via KMS plug-ins), and supporting envelope encryption. However, the secret encryption keys (DEKs/KEK) are in the clear in memory of the K8S Master in the KMS plug-ins (during execution). An attacker with privilege access to k8S master node/host, can read the keys from memory, access secrets, compromising data & k8s cluster. This session proposes a solution (with a quick demo) to add a new KMS plug-in that leverages hardware based TEE (Trusted execution environment – like Intel SGX) to ensure that the keys, and the encryption of the secrets, are protected by the CPU on the master, addressing the threat vector mentioned. It enumerates multiple options for the integration with KMS, articulating the the trade-offs of the approaches.

Speakers
RY

Raghu Yeluri

Sr. Principal Engineer, Intel
Raghu Yeluri is a Sr. Principal Engineer and lead Security Architect in the Data Center Group at Intel Corporation with focus on confidential compute in cloud native, containerized deployments leveraging hardware-based security. In this role, he drives security solution architecture... Read More →
HX

Haidong Xia

Sr. Solutions Architect, Intel
Haidong is a Sr. security solution architect in Data Center Group at Intel Corporation. He is also a seasoned developer working on Kubernetes/container security, OpenStack integration of h/w security features and controls, and micro-service/cloud native architecture development. He... Read More →



Tuesday November 19, 2019 11:50am - 12:25pm PST
Room 6E - San Diego Convention Center Upper Level

11:50am PST

Enabling Kubeflow with Enterprise-Grade Auth for On-Prem Deployments - Yannis Zarkadas, Arrikto & Krishna Durai, Cisco
Kubeflow is an open source machine learning platform built on Kubernetes. Every service in Kubeflow is implemented either as a Custom Resource Definition (CRD) (e.g., TensorFlow Job) or as a standalone service (e.g., Kubeflow Pipelines).

As enterprises start to adopt Kubeflow, the need for access control, authentication, and authorization is emerging. An enterprise-grade solution to authenticate and authorize on two API layers: Kubernetes APIs and Kubeflow’s stand-alone services APIs. For better adoption, the solution should also integrate seamlessly with existing user management solutions in enterprises, such as LDAP or Active Directory (AD).

We present how we combined open-source, cloud-native technologies to design and implement a flexible, modular solution for enterprise authentication and authorization in Kubeflow. The talk will include a live demo.

Speakers
avatar for Yannis Zarkadas

Yannis Zarkadas

Software Engineer, Arrikto
Yannis is a software engineer at Arrikto, working with Kubeflow and the Kubernetes sig-storage group. He loves contributing to open source projects and has authored the Cassandra Operator in Rook and the official Scylla Operator, which he is currently maintaining.
avatar for Krishna Durai

Krishna Durai

Software Engineer, Cisco
Krishna is a software engineer at Cisco, Bangalore and is a contributor to the Kubeflow open-source project. He has been designing and engineering AI platforms in enterprise domains like healthcare.



Tuesday November 19, 2019 11:50am - 12:25pm PST
Room 16AB - San Diego Convention Center Mezzanine Level
  Machine Learning + Data

11:50am PST

Rethinking the K8s DNS for the Modern Enterprise - Deepa Kalani & Venil Noronha, VMware
The Domain Name System (DNS) is the component that provides the most vital piece of information for one to locate and communicate with services running in a Kubernetes cluster. This technology provides a set of features for name resolution, service discovery, metrics collection, query tracing, etc. However, this is only sufficient to satisfy the requirements of traditional workloads, and modern enterprises demand more.

In this talk, we will discuss the state-of-the-art in the modern enterprise in the context of the Kubernetes DNS. We will present use-cases like extensive aliasing, multi-tenancy, security, etc. that stretch the capabilities of currently available DNS solutions like CoreDNS, Kube-DNS, etc. We will then examine possible approaches to solve these challenges and see where these technologies fall short and how they could be improved.

Speakers
DK

Deepa Kalani

Staff Engineer 2, VMware
Deepa Kalani is a Staff Engineer at VMWare, responsible for development of service mesh technologies with a focus on Istio and Envoy integrations for the enterprise. Prior to VMware, Deepa held various engineering roles at PLUMgrid and Cisco Systems.
avatar for Venil Noronha

Venil Noronha

Sr. Member of Technical Staff, VMware, Inc.
Venil Noronha is an engineer with the Tanzu Service Mesh team at VMware. He also contributes upstream to open source projects in the service mesh domain, like Istio and Envoy proxy. In the past, he has contributed to several open source projects including Kubernetes, Spring, and... Read More →



Tuesday November 19, 2019 11:50am - 12:25pm PST
Room 30ABCDE - San Diego Convention Center Upper Level
  Networking

11:50am PST

No-Nonsense Observability Improvement - Cory Watson, SignalFx
Observability has gone from a thing you read about on Twitter or Medium thinkpieces to something your organization “has”. Maybe you’ve got a few new observability tools deployed. How is that working out for you?

Regardless of your adoption level – from logs on local boxes up to the highest cardinality traces and feature analysis – at the end of the day these are tools, not magic spells. How do you teach, train, use, evangelize, and measure the impact they have in your organization?

Cory has been a part of solo and large observability teams, in-house and vendor, and worked with dozens of companies. In this session he’ll explain some no-nonsense, tool agnostic methods for wringing more value out of what you have, identifying when to use new tools, how to handle migrations, how to measure value, and how to deal with “why does this cost so much?”

Speakers
avatar for Cory Watson

Cory Watson

Technical Director, SignalFx
Cory Watson is Director of Technology at SignalFx, leading high impact, customer-focused projects around observability and monitoring. Cory started his journey as an SRE at Twitter, and continued on to found the observability team at Stripe. He is a strong voice in the observability... Read More →



Tuesday November 19, 2019 11:50am - 12:25pm PST
Room 17AB - San Diego Convention Center Mezzanine Level
  Observability

11:50am PST

How the Department of Defense Moved to Kubernetes and Istio - Nicolas Chaillan, Department of Defense
This session will showcase the DoD Enterprise DevSecOps initiative and its architecture. It describes how the Department of Defense is securing OCI compliant containers, moving to Kubernetes and Istio, ensuring abstraction and scale across hundreds of environments, including Clouds, on-premise and classified environments. It will particularly focus on the sidecar security stack leveraging Envoy and sidecar containers to ensure zero trust security and baked-in multi-layer security.

Speakers
avatar for Nicolas Chaillan

Nicolas Chaillan

Chief Software Officer, U.S. Air Force, USAF
Mr. Nicolas Chaillan, a highly qualified expert, is appointed as the first Air Force Chief Software Officer, under Dr. William Roper, the Assistant Secretary of the Air Force for Acquisition, Technology and Logistics, Arlington, Virginia. He is also the co-lead for the Department... Read More →



Tuesday November 19, 2019 11:50am - 12:25pm PST
Ballroom Sec 20CD - San Diego Convention Center Upper Level
  Service Mesh

2:25pm PST

A Peek Inside the Enterprise Cloud at Salesforce - Xiao Zhou & Thomas Hargrove, Salesforce
This talk offers a peek inside the enterprise cloud infrastructure at Salesforce. Kubernetes is open source software which is becoming the de facto standard for running services as scale.
Enterprise data centers are aiming to be closely managed and very secure. At Salesforce, we are bringing these two together. We are using Kubernetes to manage 2600+ hosts across 20+ private data centers. In this talk, we’ll be looking at the challenges and our approaches for using Kubernetes as the management software from several perspectives: Multi-tenants and self-serving, Management tooling, Security, Testing, Monitoring/alerting, also Visibility.

Speakers
avatar for Thomas Hargrove

Thomas Hargrove

Software Engineering Senior Director, Salesforce
Thomas is a Software Engineering Senior Director at Salesforce on the infrastructure engineering team. He helped build the hosted Kubernetes offering for Salesforce 1st party data centers with many enhancements around security, visibility and integration to internal systems. Before... Read More →
avatar for Xiao Zhou

Xiao Zhou

Director Software Engineering, Salesforce
Xiao is a Software Engineering Director in Salesforce. She has about 10 years of experiences in the large scale and distributed computing area. Xiao has led numerous cloud native efforts and projects at Salesforce, and previously VMware. She is very passionate about improving quality... Read More →



Tuesday November 19, 2019 2:25pm - 3:00pm PST
Room 14AB - San Diego Convention Center Mezzanine Level
  Application + Development

2:25pm PST

Running Istio and Kubernetes On-prem at Yahoo Scale - Suresh Visvanathan & Mrunmayi Dhume, Verizon
At Yahoo!, there are 18+ production grade Kubernetes(K8s) clusters and my team operates one of the largest on-prem K8s clusters handling 150K+ containers, 500+ applications and serving 1Million+ request per second. Mission critical Applications, such as Yahoo! Sports/Finance/Home are deployed and enabled by K8s/Istio platforms. The journey started 2 years ago as a ‘proof of concept’ with K8s and signing up for ‘early engagement program’ with Istio team to adopt Istio/Envoy to modernize our stack and move towards micro service architecture. During this journey, 1.Build Identity platform which provide unique identity for workloads 2.Enabled workload with sidecar envoy proxy and integrated with in-house Custom CA & RBAC for authN/Z 3. Build tools to manage both Istio & K8s cluster at scale.This talk will detail how K8s and Istio/Envoy used to deploy/secure/connect workloads @ Yahoo Scale.

Speakers
SV

Suresh Visvanathan

Sr Architect, Verizon Media
Suresh Visvanathan, Sr Architect, has over 13 years of experience in IT and Software. Suresh’s current responsibilities include the architecture, vision, strategy and design of cloud platform as-a-service (PaaS). Suresh has been architecting solutions and building products around... Read More →
MD

Mrunmayi Dhume

Principal Software Engineer, Verizon Media (Yahoo)
Mrunmayi Dhume is a Principal Software Engineer in the Core Infrastructure team at Verizon Media. She is part of the team responsible for providing L3/L4 routing solutions and leads the design and implementation of the routing layer and identity provider system components for Kubernetes... Read More →



Tuesday November 19, 2019 2:25pm - 3:00pm PST
Ballroom Sec 20AB - San Diego Convention Center Upper Level
  Case Studies

2:25pm PST

Managing Helm Deployments with Gitops at CERN - Ricardo Rocha, CERN
Kubernetes has taken a key role at CERN both for physics analysis and core IT services, simplifying and accelerating deployments and allowing a much higher rate of updates and upgrades.

This session will describe how helm is used for managing the description and configuration of the services. How CERN uses chartmuseum to maintain its private chart repositories, and how a custom plugin is used to manage secrets in the configuration, safely pushing encrypted payloads into git repositories. How a well defined structure of umbrella charts (sometimes referred to as meta charts) is used to define high level applications with complex dependencies, and how the notion of service variants and environments is exposed.

A demo will show the full gitops lifecycle for both production and canary deployments, relying on weave flux to quickly propagate changes to clusters.

Speakers
avatar for Ricardo Rocha

Ricardo Rocha

Computing Engineer, CERN
Ricardo is a Computing Engineer in the CERN cloud team focusing on containerized deployments, networking and more recently machine learning platforms. He has pushed for several years the internal effort to transition services and workloads to use cloud native technologies, as well... Read More →



Tuesday November 19, 2019 2:25pm - 3:00pm PST
Ballroom Sec 20CD - San Diego Convention Center Upper Level
  CI/CD

2:25pm PST

Russian Doll: Extending Containers with Nested Processes - Christie Wilson & Jason Hall, Google
Kubernetes extensibility has gone mainstream. From CRDs to admission controllers to custom schedulers, as a platform builder you have access to a powerful toolbox! But what about the humble Pod and its hardworking containers? What if you want to extend them? What tools are at your disposal?

In this talk you’ll learn how to extend a container by overriding its binary. This inventive approach is used by Prow (the CI/CD system that tests Kubernetes itself) and systems built on Tekton Pipelines (a Kubernetes based CI/CD platform) like Jenkins X and OpenShift Pipelines.

You’ll see how you can control the order of container execution within a Pod, stream logs to a persistent store at scale, and gracefully handle the appearance and lifecycle of injected sidecars. You’ll learn some of the benefits and drawbacks, as well as how to overcome the hurdles.

Speakers
avatar for Jason Hall

Jason Hall

Software Engineer, Google
Jason Hall (he/him) is a software engineer at Google, currently working on the Tekton project. Before Tekton, he helped launch Google Cloud Build (formery Google Cloud Container Builder), and before that helped launch Google Cloud Source Repositories.
avatar for Christie Wilson

Christie Wilson

Software Engineer, Google
Christie Wilson (she/her) is a software engineer at Google and co-creator of the Tekton project. Over the past decade+ she has worked in the mobile, financial and video game industries. Prior to working at Google she built load testing tools for AAA video game titles, and founded... Read More →



Tuesday November 19, 2019 2:25pm - 3:00pm PST
Room 6C - San Diego Convention Center Upper Level

2:25pm PST

Adapting Kubernetes to Constrained IP Address Environments - Mahesh Narayanan & Satyadeep Musuvathy, Google
When it comes to IP addresses, Kubernetes has a demand and supply issue.
On the Demand side, Kubernetes treats Pods as first class citizens with their own IPs. This makes port mappings and usage from a developer’s point of view much much simpler. But from an infrastructure perspective, this makes the whole cluster use IP addresses liberally.

On the Supply side, Kubernetes deployments generally run alongside incumbent networks. Therefore there are not enough IPs to allocate and have a production grade deployment.

Based on real world experience by our customers so far, we have found that there are a few ways to design your clusters to address these concerns:
-- Optimize the per node allocation so that the overall consumption can be optimized
-- re-use IP addresses for Infrastructure but have unique Services IPs.
-- Leverage a new IP addressing scheme through non-RFC 1918 ranges





Speakers
avatar for Mahesh Narayanan

Mahesh Narayanan

Product Manager, Google
Mahesh Narayanan is a Cloud Networking Product Manager at Google Cloud. He works on GKE and drives its networking strategy and roadmap. Mahesh has also worked in sales and customer support roles and has a good understanding of customer perspective. Prior to Google, Mahesh worked in... Read More →
SM

Satyadeep Musuvathy

Software Engineer, Google
Satya is a Software Engineer at Google. He lives and breathes GKE including GKE On-Prem. Satya has extensive Enterprise customer experience with stints at companies like Yahoo and Walmart.



Tuesday November 19, 2019 2:25pm - 3:00pm PST
Room 16AB - San Diego Convention Center Mezzanine Level
  Networking

2:25pm PST

From Issue to PR Merged: A Fluentd “Tail” - Jordan Hamel, Amgen
Do you often find yourself opening an issue or looking for an alternative open-source project with support for your use case? Not sure where to start in contributing a fix for an issue?
Getting involved in the Fluentd ecosystem and submitting a PR helped make it possible for Amgen to effortlessly collect CloudTrail logs from hundreds of AWS accounts owned by separate teams.
We'll take a look at the details of how to collect and annotate logs stored in any format or account in AWS with Fluentd where hundreds or any number of accounts are in use. We'll also follow the details of contributing this now merged PR to the Fluentd S3 plugin that made it possible.
Whether you're a new or long-time user of Fluentd, come and be inspired to consider contributing back to observability related open-source projects like Fluentd and the benefits it can bring to your organization and the community.

Speakers
avatar for Jordan Hamel

Jordan Hamel

Sr Mgr Software Development Engineering, Amgen
Jordan Hamel is a software engineer currently at Amgen who cares about making sure software and the users like each other. Having previously led E-commerce operations for years at Newegg.com, he is a huge fan and supporter of making the user experience as observable as possible and... Read More →



Tuesday November 19, 2019 2:25pm - 3:00pm PST
Room 7AB - San Diego Convention Center Upper Level
  Observability

2:25pm PST

Living with the Pathology of the Cloud: How AWS Runs Lots of Clusters - Micah Hausler, Amazon
Disk speed screeches to a crawl, packets get dropped, connections time out: welcome to the cloud! Most of the time the cloud "just works", but when it doesn’t, how does Kubernetes and etcd handle failure? In this talk Micah will discuss considerations for building and configuring cloud native systems for failure including how Amazon EKS’s architecture and design accounts for outages and dependency failures. Micah will also cover and lessons learned from managing lots and lots of Kubernetes and etcd for customers around the world.

Speakers
avatar for Micah Hausler

Micah Hausler

Sr Software Engineer, Amazon Web Services
Micah is a Kubernetes contributor, a member of the Kubernetes Security Response Committee, and works on EKS at Amazon Web Services.



Tuesday November 19, 2019 2:25pm - 3:00pm PST
Room 29ABCD - San Diego Convention Center Upper Level
  Operations

2:25pm PST

PodOverhead: Accounting for Greater Cluster Stability - Eric Ernst, Intel
Accounting is very important in Kubernetes. Better accounting leads to improved node stability, density, and more accurate charging users based on their actual resource utilization. Unfortunately, there are gaps in resource accounting in Kubernetes today, mostly based on the fact that running a pod is not actually free.

In Kubernetes 1.16, the PodOverhead feature is introduced to fix these issues.

We’ll dive into the details of a pod’s journey from client CLI to running on a node, touching on kubectl, API server, admission controllers, etcd, scheduler, kubelet, containerd/cri-o, and runtimes like Kata Containers and gVisor. Through this we will highlight the current gaps and how the PodOverhead feature addresses them.

Attend to get a basic understanding of the Pod creation process, and learn what the new PodOverhead feature is and how it can be used to improve cluster stability.

Speakers
avatar for Eric	Ernst

Eric Ernst

Senior software engineer, Intel
Eric is a senior software engineer at Intel’s Open Source Technology Center, based out of Portland, Oregon. Eric has spent the last several years working on embedded firmware and the Linux kernel. Eric has been a developer and technical lead for the Intel Clear Containers project... Read More →



Tuesday November 19, 2019 2:25pm - 3:00pm PST
Room 1AB - San Diego Convention Center Upper Level

2:25pm PST

Enforcing Automatic mTLS with Linkerd and OPA Gatekeeper - Ivan Sim, Buoyant & Rita Zhang, Microsoft
Whether you are operating a 5-node or a 500-node Kubernetes clusters, ensuring the integrity and security of the traffic among your workloads is something that should be taken seriously. As your team grows, it is important to automate the application and management of different mTLS policies.

In this talk, Ivan and Rita will share with you how Linkerd and Gatekeeper work together to automate and enforce mTLS policy in production. They will show you how easy it is to encrypt all east-west traffic using Linkerd’s zero config automatic mTLS feature. Then, you will see how Gatekeeper is used to define, enforce and audit every workload entering your cluster to ensure configuration is valid and conformant to policy.

Speakers
avatar for Rita Zhang

Rita Zhang

Principal Software Engineer, Microsoft
Rita Zhang is a software engineer at Microsoft, based in San Francisco. She leads the Azure Container Upstream team building features for Kubernetes upstream and various CNCF projects. Rita is a Kubernetes SIG Auth co-chair, a maintainer of the Secrets Store CSI Driver project, and... Read More →
avatar for Ivan Sim

Ivan Sim

Software Engineer, Red Hat



Tuesday November 19, 2019 2:25pm - 3:00pm PST
Room 31ABC - San Diego Convention Center Upper Level

2:25pm PST

Porting Envoy to Windows; A Progress Report - Yechiel Kalmenson & William A. Rowe, Jr., Pivotal
Envoy is a high-performance open source edge and service proxy that makes the network transparent to applications. As of now Envoy is only available on Linux, and that’s a big blocker for Windows teams who want to migrate their monolithic apps to more service-oriented architectures.

Last year a team at Pivotal started working with Microsoft on making Envoy on Windows a reality. This talk will give a progress report on the work being done:

* An overview of the history of the project. Starting with the work done by Microsoft, contributions to upstream so far, and what we have left.

* Some of the challenges the team faced and how they overcame them. For example, the workarounds we employed to get a working Windows environment for Envoy, and some of the performance issues which still need to be solved.

* What the team is currently working on and what the outlook for the future is like.

Speakers
avatar for William A. Rowe, Jr.

William A. Rowe, Jr.

Principal Software Engineer, Pivotal
William is a veteran of the Apache HTTP Server and APR projects, establishing Windows as a first class platform at these projects. He's applying this experience at Pivotal to help the Envoy Proxy project crew bring Envoy to native Windows OS.
avatar for Yechiel Kalmenson

Yechiel Kalmenson

Software Engineer, Pivotal
Yechiel Kalmenson was born and raised in Brooklyn. He got his rabbinical training in Israel and spent a few years teaching both children and adults. After a brief stint in Tech Support, he found his next calling and went on to study software development. He currently works as a... Read More →



Tuesday November 19, 2019 2:25pm - 3:00pm PST
Room 32AB - San Diego Convention Center Upper Level
  Service Mesh

2:25pm PST

Building a Database as a Service on Kubernetes - Abhi Vaidyanatha & Lucy Burns, PlanetScale
Stateful, scalable storage on Kubernetes is an unsolved problem. Creating it as a service is even more difficult. The cloud-native ecosystem offers many tools such as the operator-sdk, Prometheus, Grafana, etcd, Vitess, and much more, but integrating them isn't necessarily intuitive.

Two of PlanetScale's employees that have engineered and managed the project describe the journey of leveraging all of these open source technologies to build out a database as a service on Kubernetes.

Speakers
avatar for Lucy Burns

Lucy Burns

Product Manager, PlanetScale
avatar for Abhi Vaidyanatha

Abhi Vaidyanatha

Software Engineer, PlanetScale
Abhi is a confused economist who enjoys writing backend code for various parts of PlanetScale's Vitess management software. In his spare time he is a DJ, podcast host, and competitive Super Smash Bros. player.



Tuesday November 19, 2019 2:25pm - 3:00pm PST
Room 30ABCDE - San Diego Convention Center Upper Level
  Storage

3:20pm PST

Managing Apache Flink on Kubernetes - FlinkK8sOperator - Anand Swaminathan, Lyft
We have designed and built an open-source Kubernetes native operator that manages the complete lifecycle of Apache Flink applications from creation to execution. FlinkK8sOperator (https://github.com/lyft/flinkk8soperator) leverages Kubernetes CustomResourceDefinition to enable native management of Flink applications on Kubernetes. In this session, I will be presenting some of the unique challenges of running a complex, stateful application on Kubernetes, and the lessons we have learnt. I will also be providing an overview of how flink operator abstracts out the complexity of hosting, configuring, managing and operating 1000s of Flink clusters from application developers, and concluding with a demo.

Speakers
avatar for Anand Swaminathan

Anand Swaminathan

Software Engineer, Lyft
Anand currently works as a Software Engineer at Lyft building infrastructure for large scale streaming and batch processing systems. He is a major contributor and core maintainer of the open source project - FlinkK8sOperator. Prior to Lyft, Anand worked on DynamoDB (AWS), building... Read More →



Tuesday November 19, 2019 3:20pm - 3:55pm PST
Room 6D - San Diego Convention Center Upper Level
  Application + Development

3:20pm PST

10 Weird Ways to Blow Up Your Kubernetes - Melanie Cebula & Bruce Sherrod, Airbnb
It’s a brand new world in infrastructure with the advent of microservices, containerization, Kubernetes, and service mesh. And all is well. Or is it? Find out how easy it is to break container runtimes, abuse your service mesh, and take all of your production services down-- the results will surprise you! In the last year Airbnb scaled up to over 700 services in Kubernetes, running on all types of workloads across 1000s of nodes and dozens of clusters. We’ve learned a lot along the way and have some of our favorite stories to share-- from weird bugs, to hacky workarounds, to serious downtime. Favorites include:
- “Just what is the autoscaler doing”?
- “Knock knock, It’s Kube-DNS”
- “Whose PID is it anyway”?
and more!

Speakers
MC

Melanie Cebula

Software Engineer, Airbnb
Melanie Cebula is a software engineer on the service orchestration team at Airbnb, where she empowers thousands of engineers to create and operate hundreds of production Kubernetes services. She's previously spoken about Airbnb's journey to microservices and developing Kubernetes... Read More →
BS

Bruce Sherrod

Software Engineer, Airbnb
Bruce Sherrod is a software engineer on the service orchestration team at Airbnb.



Tuesday November 19, 2019 3:20pm - 3:55pm PST
Ballroom Sec 20AB - San Diego Convention Center Upper Level
  Case Studies

3:20pm PST

Kubernetes in Your 4x4 – Continuous Deployment Directly to the Car - Rafal Kowalski, Grape Up
Automotive industry is getting more and more digitalized. Vehicles are not only a mean of transportation, but they pursue to be the drivers' control center with multiple software components onboard. To keep pace with evolving customer expectations and the newest technological solutions, vehicle's software requires frequent updates. However, the delivery process in a scaled up environment is not straightforward. Developers and operators have to face challenges, which are unusual in the typical Cloud Native world. Even basic service deployment may be complicated due to network performance or geographical considerations. During this talk, Rafał will show how to use Kubernetes, KubeEdge, k3s, Jenkins and RSocket for building continuous deployment pipelines, which ship software directly to the car, deals with rollbacks and connectivity issues.

Speakers
avatar for Rafał Kowalski

Rafał Kowalski

Cloud Solution Architect, Grape Up
Rafał Kowalski is a Cloud Solution Architect at Grape Up and a PhD student at the Complex Theory System Department at the Institute of Nuclear Physics Polish Academy of Science. His professional career, as well as scientific work, is related to delivering robust, scalable cloud-based... Read More →



Tuesday November 19, 2019 3:20pm - 3:55pm PST
Room 6C - San Diego Convention Center Upper Level
  CI/CD

3:20pm PST

Admission Webhooks: Configuration and Debugging Best Practices - Haowei Cai, Google
Admission (mutating and validating) webhooks have become popular mechanisms for extending Kubernetes API request admission. The admission webhook API is graduating GA in Kubernetes 1.16, where new features are introduced and debuggability improvements are made. In this talk, the audience will learn common pitfalls in admission webhook development, best practices in webhook configuration, and how to identify and debug failures caused by misconfigured or buggy admission webhooks.

Speakers
avatar for Haowei Cai

Haowei Cai

Software Engineer, Google
Haowei Cai is a Software Engineer for Google Cloud. He is one of the owners of Kubernetes Python client library and an active Kubernetes SIG API Machinery contributor. He has been contributing to Kubernetes Extensibility (Admission Webhooks and CRD) to GA working group in the past... Read More →



Tuesday November 19, 2019 3:20pm - 3:55pm PST
Room 29ABCD - San Diego Convention Center Upper Level

3:20pm PST

Towards Continuous Computer Vision Model Improvement with Kubeflow - Derek Hao Hu & Yanjia Li, Snap Inc.
With deep learning gaining popularity in industry, there is a lot of material focusing on model training and serving. However, in production machine learning typically isn't complete after a single round of training. Model owners need to find ways to improve trained models regularly, and good machine learning pipelines achieve this by leveraging continuous feedback.

In this talk, we will demonstrate how Kubeflow and Kubeflow Pipelines are being used to continuously improve computer vision models at Snapchat. We will walkthrough how we orchestrate multiple components with Kubeflow Pipelines to extract data, label images, and (re)train machine learning models. We will also discuss best practices for authoring Kubeflow Pipeline components based on our experiences from developing and deploying these components for production use.

Speakers
DH

Derek Hao Hu

Software Engineer, Snap Inc.
Derek Hao Hu is a software engineer at Snap on the Perception team. He's been working on building machine learning infrastructure, components, pipelines and tools that power different types of computer vision experiences inside Snapchat.
YL

Yanjia Li

Software Engineer, Snap Inc.
Yanjia Li is a Software Engineer on the Perception team of Snap. He has been working on the algorithms and systems behind various computer vision products in Snapchat. One of his focus areas is building the software to handle large-scale deep learning model training and inference... Read More →


Tuesday November 19, 2019 3:20pm - 3:55pm PST
Room 31ABC - San Diego Convention Center Upper Level

3:20pm PST

CNCF Network SIG Intro & Deep-Dive - Lee Calcote, Layer5 & Matt Klein, Lyft
“It’s the network!” is the cry of every system administrator, every developer. With the increased prevalence of microservice-based distributed systems, it’s true - networking as a discipline has never been more critical in the efficient operation of cloud native deployments. Networking primitives, including load balancing, observability, authentication, authorization, policy, rate limiting, QoS, mesh networks, legacy infrastructure bridging, and so on are now receiving substantial development and investment throughout the industry and are the subject of focus of the CNCF Network SIG.

Join this talk for an intro to the SIG, its charter and a deeper discussion of current cloud native networking topics being advanced in this SIG. Current CNCF projects in-scope: CNI, CoreDNS, Envoy, gRPC, Linkerd, NATS, Network Service Mesh.

Speakers
MK

Matt Klein

Software Engineer, Lyft
Matt Klein is a software engineer at Lyft and the creator of Envoy. He has been working on operating systems, virtualization, distributed systems, networking, and making systems easy to operate for nearly 20 years across a variety of companies. Some highlights include leading the... Read More →
avatar for Lee Calcote

Lee Calcote

Founder, Layer5
Lee Calcote is an innovative product and technology leader, passionate about empowering engineers with efficient and effective solutions. As Founder of Layer5, he is at the forefront of the cloud native movement. Open source, advanced and emerging technologies have been a consistent... Read More →


Tuesday November 19, 2019 3:20pm - 3:55pm PST
Room 6E - San Diego Convention Center Upper Level

3:20pm PST

Weighing a Cloud: Measuring Your Kubernetes Clusters - Han Kang, Google & Elana Hashman, Red Hat
Kubernetes is complicated. Instrumenting it can be worse. Measuring the components of a distributed system shouldn't be as daunting as being asked to weigh a literal cloud.

In this talk, we'll go over the components of a Kubernetes control-plane and show you where to look to figure out what is actually happening. We will show you common cluster issues and how they would look in your instrumentation, so that you can more effectively diagnose clusters.

Starting in version 1.14, Kubernetes metrics were overhauled to provide consistent, high quality metrics. Han Kang and Elana Hashman will go over the changes and the potential ingestion implications of this overhaul and how it may affect you.

Speakers
avatar for Han Kang

Han Kang

Senior Software Engineer, Google
Han Kang is a Senior Software Engineer at Google. Han co-chairs SIG instrumentation, where he focuses on efforts to improve metric quality. He also participates in SIG API Machinery, where he works on things related to control-plane boot-sequences and health-checking.
EH

Elana Hashman

Principal Software Engineer, Red Hat
Elana Hashman currently works for Red Hat as a Principal Software Engineer on the OpenShift Container Platform Node Team, working upstream in Kubernetes SIG Node. Previously, she served as an SRE and technical lead on Azure Red Hat OpenShift. She also chairs the Kubernetes Instrumentation... Read More →



Tuesday November 19, 2019 3:20pm - 3:55pm PST
Room 30ABCDE - San Diego Convention Center Upper Level
  Observability

3:20pm PST

Building the Cloud Native Kernel: Kubernetes Release Engineering - Tim Pepper & Stephen Augustus, VMware
Is Kubernetes a kernel or distribution? Yes! It is necessarily both!

CRD’s, out-of-tree cloud providers, and CNI/CSI/CRI abstractions evolve Kubernetes’ core toward an extensible kernel.

At 2017, KubeCon NA Tim Hockin and Michael Rubin started a conversation on formalizing “Kubernetes upstream as a distro”, proposing we clean up thinking/processes, define tools/standards, incentivize distros to stay close. They argued for a Kubernetes reference distribution focused on correctness and stability.

So where is it?

After a slow start, we have momentum in 2019 to improve conformance, API stability, and better documented support stances. However to understand why we don’t (yet) have an upstream reference distro, we need to dive deep on build/release/test tooling.

This talk will summarize Kubernetes distro issues/advances and potential contribution areas for individuals and companies.

Speakers
avatar for Stephen Augustus

Stephen Augustus

Lead, Cloud Native Tools & Advocacy, VMware
Stephen Augustus is an active leader in the Kubernetes community. He currently serves as a Special Interest Group Chair (Release, PM), a Release Manager, and a subproject owner for Azure.Stephen leads the Cloud Native Developer Strategy team at VMware, driving meaningful interactions... Read More →
avatar for Tim Pepper

Tim Pepper

Software Engineer, VMware
Tim is a Senior Staff Engineer in VMware's Open Source Technology Center with over 20 years in open source. He works as an open source developer advocate and contributor to Kubernetes (SIG Release chair; WG LTS organizer). Prior work includes Linux kernel/drivers/distributions, software... Read More →



Tuesday November 19, 2019 3:20pm - 3:55pm PST
Room 1AB - San Diego Convention Center Upper Level
  Operations

3:20pm PST

Walls Within Walls: What if Your Attacker Knows Parkour? - Tim Allclair & Greg Castle, Google
What happens if an attacker escapes a container and compromises your node? Is it game over for the whole cluster, or can you limit the blast radius? Whether it be for defense in depth or multi-tenancy, it is important to understand the security boundaries in your cluster. In this talk, we’ll discuss various isolation approaches and evaluate them through the eyes of an attacker who has compromised a node and is looking to propagate.

We’ll deep dive on ‘node isolation’: using Kubernetes scheduling to execute workloads on separate nodes, and demonstrate live attacks and defences to educate about strengths and weaknesses of this strategy. We’ll also discuss progress made by SIG-Auth in this area over the past few releases. After this talk you will understand when node isolation is or isn't an appropriate security mechanism, the steps to implement it, and what some alternatives are.

Speakers
avatar for Greg Castle

Greg Castle

Kubernetes/GKE Security Tech Lead, Google
Greg is the tech lead for the Kubernetes and Google Kubernetes Engine (GKE) security team at Google, and is a regular at SIG-Auth. Greg has 15 years of experience in a number of security roles including product security, penetration testing, incident response, platform hardening... Read More →
avatar for Tim Allclair

Tim Allclair

Software Engineer, Apple
Tim Allclair joined the Kubernetes project just after the 1.0 launch in 2015, and now leads a Kubernetes security engineering team at Apple. He is a member of the Kubernetes Security Response Committee, and a SIG Auth maintainer (previous co-chair). He has led development of several... Read More →



Tuesday November 19, 2019 3:20pm - 3:55pm PST
Room 6F - San Diego Convention Center Upper Level

3:20pm PST

Airbnb Service Discovery: Past, Present, Future (Challenges of Change) - Chase Childers, Airbnb
In 2013, Airbnb released an open source service discovery solution (SmartStack) and has functioned on the same framework for years. Historically our infrastructure ran on AWS EC2 instances and utilized HAProxy (within Smartstack) for proxying traffic. With a migration to Service Oriented Architecture and Kubernetes, our service discovery must also change. In this presentation we will cover the evolution of our service discovery framework starting with where we started, where we’ve been, where we’ve failed, and where we’re going (hint: Envoy) at Airbnb. This includes both our missteps and our learnings from migrating within a hybrid EC2/Kubernetes world. We’ll dive deep into topics such as challenges of managing and migrating your own service discovery stack, migrating ingress and egress traffic independently, and rolling out infrastructure changes across a massive fleet of services.

Speakers
avatar for Chase Childers

Chase Childers

Site Reliability Engineer, Airbnb
Chase Childers is on the Site Reliability Engineering Team at Airbnb. He has collaborated with the Service Orchestration and Traffic teams to focus on service discovery migrations in the EC2 and Kubernetes context. Outside of this collaboration, his related work includes preparing... Read More →



Tuesday November 19, 2019 3:20pm - 3:55pm PST
Room 28ABCDE - San Diego Convention Center Upper Level
  Service Mesh

4:25pm PST

Developing Edge with Kubernetes - Dejan Bosanac & Ted Ross, Red Hat
While its original intent was to solve cloud-centric architecture challenges, Kubernetes can be used as a platform for developing Edge and IoT applications.
The session will take a look at this topic from the developer's point of view. It'll focus on special aspects of developing services for IoT and Edge environments, like autonomy, locality and secure communication to name some.
What Kubernetes features can be used to address IoT and Edge aspects of developing microservices?
What other projects in the ecosystem can developers use to achieve their goals?
We'll try to answer those questions and demonstrate the flexibility of the platform by demoing an Edge application consisting of services deployed into various environments (like Edge clusters and Edge nodes) working autonomously and communicating securely with each others and the central cloud services.

Speakers
avatar for Dejan Bosanac

Dejan Bosanac

Software Engineer, Red Hat
I’m a software engineer at Red Hat with an interest in open source and integrating systems. Over the years I’ve been involved in various open source communities tackling problems like: Enterprise messaging and integration, IoT cloud platforms and Edge computing.
avatar for Ted Ross

Ted Ross

Senior Principal Software Engineer, Red Hat
Ted Ross has been with Red Hat Engineering since 2007 working on messaging products like MRG and A-MQ. He is currently working on the Skupper project. His background is in embedded systems and Networking. One of his primary interests is in bringing the performance, scale, and reliability... Read More →



Tuesday November 19, 2019 4:25pm - 5:00pm PST
Room 28ABCDE - San Diego Convention Center Upper Level
  Application + Development

4:25pm PST

Making an Internal Kubernetes Offering Generally Available - James Wen, Spotify
In the span of two years, Spotify went from two developers investigating what a potential migration to Kubernetes might involve to having an internal, multi-tenant offering of Kubernetes become generally available for all its developers as the new, primary runtime offering.

Spotify has previously given talks on the earlier bootstrapping, experimentation, alpha, and beta phases of this migration process. However, this talk will focus on the latter work involved in bringing the internal offering of Kubernetes “across the finish line.” The talk will cover what was required to bring the offering to general availability, including work shoring up scalability and reliability via a multicluster strategy, DIRT testing, operational metrics and alerts. This talk will also cover the technical and process elements involved in designing a successful self-service migration experience for developers.

Speakers
avatar for James Wen

James Wen

Senior Site Reliability Engineer, Spotify
James Wen is a senior site reliability engineer at Spotify, where he’s currently focused on revamping Spotify’s runtime infrastructure. Previously, James was the team lead (anchor) of the Cloud Foundry Buildpacks team at Pivotal and served as a core contributor and maintainer... Read More →



Tuesday November 19, 2019 4:25pm - 5:00pm PST
Room 30ABCDE - San Diego Convention Center Upper Level
  Case Studies

4:25pm PST

Mario’s Adventures in Tekton Land - Vincent Demeester, Red Hat & Andrea Frittoli, IBM
Tekton is a Kubernetes-native, lightweight, easy to manage CI/CD pipelines engine. Pipeline building blocks can be reused, version controlled and curated in a catalogue that embeds best practices. Tekton, hosted by the CD Foundation, aspires to be the common denominator in CI/CD. The Tekton team wanted to make sure that the project is going in the right direction by "dogfooding" i.e. by using Tekton to run its own automation "plumbing". The initial continuous integration setup embedded most of the testing pipelines in bash scripts. The speakers replaced this with Tekton, hence improving the readability of the pipelines and the reproducibility of CI runs. Eventually, they moved onto continuously delivering Tekton and its pipelines via Tekton. In this talk, the speakers will tell their experiences about using a cloud-native pipeline system to test, release and continuously deploy itself.

Speakers
avatar for Andrea Frittoli

Andrea Frittoli

Open Source Developer Advocate, IBM
Andrea Frittoli is a Developer Advocate at IBM and an open source enthusiast. He is one of the maintainers of the Tekton project and a member of its governance team. Before Tekton, he contributed to OpenStack for several years, focusing on testing and CI/CD, serving as the QA project... Read More →
avatar for Vincent Demeester

Vincent Demeester

Principal Sofware Engineer, Red Hat
I'm a french developer, Gopher, sysadmin, factotum, free-software fan and unicode lover ; tektoncd, docker/moby maintainer, knative contributor amongst other project.



Tuesday November 19, 2019 4:25pm - 5:00pm PST
Room 17AB - San Diego Convention Center Mezzanine Level
  CI/CD

4:25pm PST

Measuring and Optimizing Kubeflow Clusters at Lyft - Konstantin Gizdarski, Lyft & Richard Liu, Google
Machine learning workloads are often resource-intensive operations. As companies adopt more of these workloads, tracking resource consumption and optimizing spending becomes more challenging.

At Lyft, we developed a system which scrapes metrics from Kubernetes clusters and persists them in data warehouses. We then built a pipeline that transforms snapshots into cluster utilization metrics along the dimensions of CPU, memory, and GPU. Finally we join these metrics into our cost and usage dataset, so teams can budget resources accordingly and reduce spending.

In this talk, we will give an overview of Infraspend - our infrastructure for tracking Kubernetes usage. Attendees will learn how the data we collected helped Lyft reduce spending for Kubeflow clusters. The audience will also gain insights into how Kubernetes clusters can be optimized without performance or stability compromises.

Speakers
avatar for Richard Liu

Richard Liu

Senior Software Engineer, Google
Richard Liu is a Senior Software Engineer at Google Cloud. He is currently an owner and maintainer of the TensorFlow operator and Katib projects in Kubeflow. Previously he had worked as a software developer at Microsoft Azure.
avatar for Konstantin Gizdarski

Konstantin Gizdarski

Software Engineer, Lyft
Konstantin Gizdarski is a Software Engineer at Lyft, where he has been working on — among other things — surfacing the utilization and efficiency of Kubernetes infrastructure. Previously, he has worked on machine learning and product at both Facebook and Stripe.



Tuesday November 19, 2019 4:25pm - 5:00pm PST
Room 6C - San Diego Convention Center Upper Level
  Machine Learning + Data

4:25pm PST

Understanding and Troubleshooting the eBPF Datapath in Cilium - Nathan Sweet, DigitalOcean
The advent of eBPF (extended Berkeley Packet Filters) has contributed significantly to container networking progress. However, the tooling for diagnosing and troubleshooting eBPF issues is nascent, and most members of the K8s and Linux communities are unfamiliar with it.

This talk will help demystify eBPF and cover its history. We'll present the default network datapath of the Linux kernel and contrast it in depth with how various eBPF program types diverge from this datapath. In addition, we'll match up the ways in which cilium implements various CNI and K8s constructs/objects with their eBPF program type, so that you'll be able to identify the right troubleshooting methods easily. Finally, we'll match appropriate methods and tools to the various eBPF program types.

Speakers
avatar for Nathan Sweet

Nathan Sweet

Senior Software Engineer, DigitalOcean
Nathan Sweet is a Senior Software Engineer at DigitalOcean that works on the managed Kubernetes team. He has been working on managed cloud products for the past 5 years, and managed Kubernetes products for the past 3 years. He focuses specifically on system and network performance... Read More →



Tuesday November 19, 2019 4:25pm - 5:00pm PST
Room 15AB - San Diego Convention Center Mezzanine Level
  Networking

4:25pm PST

Scaling Kubernetes to Thousands of Nodes Across Multiple Clusters, Calmly - Ben Hughes, Airbnb
In under a year, Airbnb went from 600 Kubernetes nodes across a couple handcrafted clusters to over 5000 nodes on tens of clusters. Successful adoption of Kubernetes by services led to more and faster adoption leading to challenges of scale. Facing this, Airbnb switched to a multiple production cluster architecture to get around single cluster scalability limits and ensure ample capacity for services.

This process increased the consistency of the cluster configurations while reducing manual operations. This talk will discuss the problems that were faced during scaling, the shape of the solutions, specific approaches that worked well (and didn’t), and how this was accomplished without a drastic shift away from existing pre-Kubernetes infrastructure tooling. A key result was reducing the time to create a new, production-ready cluster from over a week to under an hour.

Speakers
BH

Ben Hughes

Software Engineer, Airbnb
Ben Hughes has worked on database scaling, Ruby and Node.js performance, incident response, and Kubernetes at Airbnb. He has previously spoken about [Scaling Airbnb](https://www.oreilly.com/library/view/velocity-conference-new/9781491900406/video191370.html) at VelocityConf NY, [Alerting](https://www.youtube.com/watch?v=MYmVu_IMC20... Read More →



Tuesday November 19, 2019 4:25pm - 5:00pm PST
Ballroom Sec 20CD - San Diego Convention Center Upper Level
  Operations

4:25pm PST

Extending containerd - Samuel Karp & Maksym Pavlenko, Amazon
containerd, a graduated CNCF project, is a widely used container runtime that provides core functionality for Docker. containerd was designed to be small and simple, but also very modular and extensible. This talk covers the architecture of containerd, explains the responsibilities of each component, and dives deep into containerd’s facility for extension. We’ll cover the individual gRPC services that make up containerd and show how they can be extended with proxy plugins, Go plugins, process interfaces (OCI runtimes and process-based logging), thick client implementations, and build-your-own containerd for compiled-in extension. These extension mechanisms can be shown with simple examples and real-world use in the firecracker-containerd project.

Speakers
avatar for Samuel Karp

Samuel Karp

Senior Software Development Engineer, Amazon Web Services
Samuel Karp is a Senior Software Development Engineer at AWS working on containers and helping to build core components behind AWS Fargate, Amazon EKS, and Amazon ECS. Sam has been a contributor to Docker/Moby since 2015 and to containerd since 2017, and is currently building the... Read More →
avatar for Maksym Pavlenko

Maksym Pavlenko

Software Development Engineer, Amazon Web Services
Maksym Pavlenko is a Software Development Engineer at AWS working on containers and helping to build core components behind AWS Fargate, Amazon EKS, and Amazon ECS. Maksym is a maintainer in containerd, and is currently building the firecracker-containerd project to run containers... Read More →



Tuesday November 19, 2019 4:25pm - 5:00pm PST
Room 5AB - San Diego Convention Center Upper Level
  Runtimes

4:25pm PST

Panel: Control Plane vs Data Plane: Untangling the Tenets of Multitenancy - Tasha Drew, VMware; Sanjeev Rampal, Cisco; Ryan Bezdicek, Cray Inc.; Adrian Ludwin, Google; & Fei Guo, Alibaba
Virtually every organization over a certain size wants to be able to share their clusters between different sets of users. As a result, the Multi-tenancy Working Group is seeing increasingly high demand for higher-level features to support Kubernetes multi-tenancy. Unfortunately, each organization has different and often unspoken assumptions about what tenancy means to them, so different use cases and needs often get conflated. In this discussion, our panelists will share their proposals for the principles of multi-tenancy, according to both the type of concerns (control plane vs data plane) as well as the type of tenants (such as dev teams, production teams and third-party users).

Speakers
avatar for Tasha Drew

Tasha Drew

Director of Product Incubation, Advanced Technologies Group, VMware
Tasha Drew leads product strategy for product incubation and innovation at VMware as part of the Office of the CTO. She also launched Tanzu Kubernetes Grid for vSphere and was part of the team that launched Project Pacific on vSphere. She is the co-chair for the Kubernetes Multi-tenancy... Read More →
avatar for Sanjeev Rampal

Sanjeev Rampal

Principal Engineer, Cisco
Sanjeev Rampal, PhD, is a Principal Engineer in the Cloud Platforms and Solutions group at Cisco Systems where he works on the Cisco Container Platform, an enterprise multi-cloud platform based on Kubernetes and cloud native technologies. He has over 20 years of experience in development... Read More →
avatar for Ryan Bezdicek

Ryan Bezdicek

Software Engineer, Cray Inc.
Ryan Bezdicek is using Kubernetes to build the next generation of supercomputer at Cray Inc. He’s active in several Kubernetes working groups including multi-tenancy and conformance. A tester and DevOps consultant by background, Ryan has experienced first hand the benefits of adding... Read More →
avatar for Adrian Ludwin

Adrian Ludwin

Senior Software Engineer, Google
Adrian is a software engineer on the Google Kubernetes Engine (GKE) in Kitchener, Ontario, and created the Hierarchical Namespace Controller (HNC). Before Google, he was a developer at Intel’s Programmable Solutions Group (formerly Altera) in Toronto, and specialized in parallel... Read More →
FG

Fei Guo

Senior Staff Engineer, Alibaba
Fei Guo is currently a senior staff engineer in Alibaba Container Platform Group. He has more than 10 years of experience in compute resource management and performance optimization for virtualized and containerized environments. His work focuses on providing workload automation and... Read More →


Tuesday November 19, 2019 4:25pm - 5:00pm PST
Room 29ABCD - San Diego Convention Center Upper Level

4:25pm PST

KubeFlow’s Serverless Component: 10x Faster, a 1/10 of the Effort - Orit Nissan-Messing, Iguazio
Serverless simplifies data science by automating the process of code to container and enables users to add instrumentation and auto-scaling with minimum overhead. However, serverless has many limitations involving performance, lack of concurrency, lack of GPU support, limited application patterns and limited debugging possibilities. Orit Nissan-Messing will introduce Nuclio, a KubeFlow open source component which is 10x faster when compared to alternatives at a 1/10 of the effort. She will explain how to use Nuclio to extend KubeFlow pipelines, accelerating and automating each step of the workflow. This includes parallel processing, automated code building/deployment, stream processing and artifact tracking. Orit will demonstrate how to achieve devops automation involving auto-scaling, automated logging and monitoring, security hardening, CI/CD and workload mobility.

Speakers
ON

Orit Nissan-Messing

VP R&D, Iguazio
Orit Nissan-Messing has vast experience in cloud architectures, storage, AI and big data. Prior to Iguazio, Orit was Chief Architect at XIV (acquired by IBM) and held management roles in various companies from startups to corporations. Orit is a CNCF contributor and a member of the... Read More →



Tuesday November 19, 2019 4:25pm - 5:00pm PST
Room 6F - San Diego Convention Center Upper Level
  Serverless

4:25pm PST

Panel: Is Service Mesh Ready for Edge-Native Applications? - Wendy Cartee, Ramki Krishnan, VMware; Srini Addepalli, Intel; Parveen Patel, Google; & Ravi Chunduru, Verizon
Edge deployments, in contrast to large public clouds, pose interesting demands since they are physically insecure & capacity constrained. Also, Edge Computing Apps such as AR-VR, have low-latency characteristics with RTT typically few msec and pose further demands to edge deployments.

Edge Computing Apps like to use Service Meshes (SM) such as Istio/Envoy, Linkerd etc. to offload infrastructure related activities such as security.

In this panel, we first examine the unique challenges in using SM technologies for Edge Computing Apps - especially the additional latency and resource usage to due to Kernel Networking. Next, we will explore software techniques such as Kernel Bypass, QUIC as an alternative to TCP/IP etc. to alleviate the performance bottlenecks introduced by SM technologies including early results. Last, we will touch upon hardware acceleration techniques for the above.

Speakers
avatar for Ramki Krishnan

Ramki Krishnan

Lead Technologist, Open Source, VMware
Ramki, with 20+ years of industry experience, has a deep understanding of various technologies and strong business acumen to lead and transform innovation into customer-winning products. Currently, at VMware, he is responsible for Telco/Enterprise open source technology vision, strategy... Read More →
avatar for Wendy Cartee

Wendy Cartee

Senior Director of Marketing, VMware
Wendy Cartee is senior director of product marketing for service mesh, cloud and container networking at VMware. She works on products and open source projects to drive enterprise user adoption. Wendy has been in open source for over a decade and helped form the Linux Foundation’s... Read More →
avatar for Srinivasa Addepalli

Srinivasa Addepalli

Sr. Principal Engineer, Intel Corporation
Srini Addepalli is a Sr. Principal Engineer in NEX/NPG business unit of Intel Corporation. He is one of the principal architects of networking, security & Edge technologies for the Network Function Virtualization/Containerization (NFV/NFC) and Software Defined Networks (SDN). Srini... Read More →
avatar for Ravi Chunduru

Ravi Chunduru

Associate Fellow, Systems Engineering and Tech Strategy, Verizon
Ravi Chunduru is a Senior Architect at Verizon responsible for Product strategy and thought leadership in the domain of Virtual Network Services and MEC solutions. Ravi has been a key player in conceptualizing and delivering various products at Verizon such as VNS Application Edge... Read More →
PK

Parveen K Patel

Director, Cloud Software Engineering, Google



Tuesday November 19, 2019 4:25pm - 5:00pm PST
Room 14AB - San Diego Convention Center Mezzanine Level
  Service Mesh
 
Wednesday, November 20
 

10:55am PST

Are You About to Break Prod? Acceptance Testing with Ephemeral Environments - Erin Krengel, Pulumi & Sean Holung, Nordstrom
How confident are you that the changes you’re about to make won’t break production? In a world of Continuous Delivery, we need to be prepared for the fact that our code is going to production. K8s makes it easy to quickly deploy applications, so building pipelines with robust quality gates is vital. There’s a lot of emphasis on this, yet how to create a solid deployment strategy isn’t clearcut.

Erin and Sean will demonstrate a pattern for acceptance testing complex architectures, which verifies a K8s app properly interacts with its infrastructure. Leveraging ephemeral environments, these tests will validate as well as document the app’s business and functional requirements.

Utilizing infrastructure as code and K8s Jobs, they will demo how to create a comprehensive acceptance test suite that allows you to continuously deploy to production.

Speakers
avatar for Erin Krengel

Erin Krengel

Software Engineer, Pulumi
Erin is a Software Engineer at Pulumi, where she works on their SaaS product. Previously she worked at Nordstrom on number of DevOps teams responsible for Go microservices, their infrastructure, CI/CD pipelines and production support. Most recently, she developed and architected key... Read More →
avatar for Sean Holung

Sean Holung

Software Engineer, Nordstrom
Sean is a Software Engineer at Nordstrom where he works on their event-driven Order Management System. Prior to Nordstrom, Sean worked as a Software Engineer at CenturyLink Cloud. There he worked on their internal monitoring product used to monitor infrastructure and applications... Read More →



Wednesday November 20, 2019 10:55am - 11:30am PST
Ballroom Sec 20CD - San Diego Convention Center Upper Level
  Application + Development

10:55am PST

A Series of Fortunate CloudEvents - Ian Coffey, Salesforce
Serverless and Eventing are two ultra-popular areas of tech right now, describing a broad set of ideas and capabilities that can service a range of possible systems. We are told that these concepts will expand and help define the next generation of web services.

That’s all well and good, but what is really going on inside these systems? What technology do those terms rely on and what does an Eventing workflow look like under the hood? Given the complexity and size of these projects’ codebases, it can be difficult to drill down and see what’s happening on a micro scale.

Together, we will discuss, operate and modify a running distributed system built with CloudEvents and Knative Eventing. The system will be based around the concept of an automated conversation between kubernetes services.

Speakers
avatar for Ian Coffey

Ian Coffey

OSS ML Engineer, VMware
Ian Coffey has been in the platform and infrastructure business for 16 years and currently works on open source machine learning software at VMware. Away from work, Ian’s free time is usually spent adventuring with his wife and two little girls. He has an affinity for old amps and... Read More →



Wednesday November 20, 2019 10:55am - 11:30am PST
Room 5AB - San Diego Convention Center Upper Level
  CI/CD

10:55am PST

Advanced Model Inferencing Leveraging KNative, Istio and Kubeflow Serving - Animesh Singh, IBM & Clive Cox, Seldon
Model Inferencing use cases are becoming a requirement for models moving into the next phase of production deployments. More and more users are now encountering use cases around canary deployments, scale-to-zero or serverless characteristics. And then there are also advanced use cases coming around model explainability, including A/B tests, ensemble models, multi-armed bandits, etc.

In this talk, the speakers are going to detail how to handle these use cases using Kubeflow Serving and the native Kubernetes stack which is Istio and Knative. Knative and Istio help with autoscaling, scale-to-zero, canary deployments to be implemented, and scenarios where traffic is optimized to the best performing models. This can be combined with KNative eventing, Istio observability stack, KFServing Transformer to handle pre/post-processing and payload logging which consequentially can enable drift and outlier detection to be deployed. We will demonstrate where currently KFServing is, and where it's heading towards.

Speakers
avatar for Animesh Singh

Animesh Singh

CTO and Distinguished Engineer, Watson AI/ ML Open Tech, IBM
IBM Watson Distinguished Engineer, CTO and Executive, with experience in product development and product management, technical leadership and people management. Led globally dispersed teams, managed globally distributed projects, and served as a trusted adviser to Fortune 500 firms. Played... Read More →
avatar for Clive Cox

Clive Cox

CTO, Seldon
Clive is CTO of Seldon. Seldon helps enterprises put machine learning into production. Clive developed Seldon's open source Kubernetes based machine learning deployment platform Seldon Core. He is also a core contributor to the Kubeflow and KFServing projects.



Wednesday November 20, 2019 10:55am - 11:30am PST
Room 17AB - San Diego Convention Center Mezzanine Level
  Machine Learning + Data

10:55am PST

Day 2 Operations with Windows Containers - Michael Michael, VMware & Patrick Lang, Microsoft
The chairs for SIG-Windows will provide an update on the efforts to bring Windows to Kubernetes. This session will concentrate on presenting new features and capabilities as well as focus on day 2 operations and troubleshooting. We will also have a detailed discussion on our future roadmap, key functionality that we want to enable, and open the floor for Q&A with customers and members of the SIG-Windows community. Some familiarity with Windows on Kubernetes is required for the deep dive part since we will have an in-depth discussion on key features that are in the pipeline for Windows, explain their implementation and have a discussion on trade-offs with the community.

Speakers
avatar for Patrick Lang

Patrick Lang

Software Engineer, Microsoft
Patrick Lang is a Software Engineer at Microsoft building and teaching how to use Kubernetes and Windows container technologies. He is a regular speaker on Windows Server Container development and management that helped launch the tech at MS Ignite and Build conferences along with... Read More →
avatar for Michael Michael

Michael Michael

Director of Product Management, VMware
Michael Michael (or M2) is a Maintainer of Harbor and Contour, co-chairs Kubernetes' SIG-Windows, and is the product lead for Velero, Octant, and Sonobuoy. M2 is focused on cloud native technologies, delivering agility and simplicity to developers and accelerating the modernization... Read More →



Wednesday November 20, 2019 10:55am - 11:30am PST
Room 14AB - San Diego Convention Center Mezzanine Level
  Maintainer Track Sessions

10:55am PST

Deep Dive: CNCF CI - W. Watson & Denver Williams, Vulk Coop
The CNCF CI status dashboard -- cncf.ci -- provides a third party validation of builds, deployments and end-to-end testing for CNCF’s Graduated and Incubating projects. The newest iteration of the cncf.ci status dashboard focuses on supporting a sustainable and scalable project ecosystem. To accelerate adding & maintaining projects on cncf.ci, the status dashboard can integrate with a project’s existing CI System and accept contributions from CNCF project maintainers. This Deep Dive session will include a walk-through of integrating a CNCF project with Travis CI to utilize the Travis CI build status and artifacts in the cncf.ci dashboard and allow time for Q&A.

Speakers
DW

Denver Williams

Project Co-Lead, cncf.ci, Vulk Coop & CNCF
avatar for W. Watson

W. Watson

Principal Developer, Vulk Cooperative
W. Watson has been professionally developing software for 25 years. He has spent the numerous years studying game theory and other business expertise in pursuit of the perfect organizational structure for software co-operatives. He also founded the Austin Software Cooperatives meetup... Read More →



Wednesday November 20, 2019 10:55am - 11:30am PST
Room 6D - San Diego Convention Center Upper Level
  Maintainer Track Sessions

10:55am PST

KubeEdge Deep Dive - Sean Wang, FutureWei
KubeEdge is an open source project extending native containerized application orchestration and device management to from central cloud to Edge. It is built upon Kubernetes and provides core infrastructure support for networking, application deployment and metadata synchronization across cloud and edge. In this session, Kevin will deep dive details of KubeEdge architecture and some advanced features. The future roadmap and current pain points will also be discussed.

Speakers
avatar for Sean Wang

Sean Wang

senior director, Futurewei
Sean Wang is a senior director at FutureWei Inc in Seattle. He was the founder of Intelligent EdgeFabric platform, a commercial edge computing service which was later on contributed to CNCF as KubeEdge. Sean has deep interest in large scale distributed systems, built and led various... Read More →



Wednesday November 20, 2019 10:55am - 11:30am PST
Pacific Ballroom, Salon 14-15 - Marriott Marquis San Diego Marina Hotel
  Maintainer Track Sessions

10:55am PST

KubeVirt Deep Dive: Virtualized GPU Workloads on KubeVirt - David Vossel, Red Hat & Vishesh Tanksale, NVIDIA
KubeVirt is a Kubernetes extension that supports running traditional Virtual Machine workloads side by side with containers.

In this session we will explore the architecture behind KubeVirt and how NVIDIA is leveraging that architecture to power GPU workloads on Kubernetes. Using NVIDIA’s GPU workloads as a case study, we’ll provide a focused view on how host device passthrough is accomplished with KubeVirt as well as providing some performance metrics comparing KubeVirt to standalone KVM. You’ll come away with a high level understanding of what KubeVirt is capable of and the general design principles that drive the project.

Speakers
avatar for David Vossel

David Vossel

Principal Software Engineer, Red Hat
avatar for Vishesh Tanksale

Vishesh Tanksale

Sr. Software Engineer, NVIDIA
Vishesh is a Software Engineer at Nvidia. He is focussing on different aspects of enabling VM workload management on Kubernetes Cluster. He is specifically interested in GPU workloads on VMs. He is a active contributor to Kubevirt, a CNCF Sanbox Project.



Wednesday November 20, 2019 10:55am - 11:30am PST
Room 1AB - San Diego Convention Center Upper Level
  Maintainer Track Sessions

10:55am PST

Performance Tuning and Day 2 Operations - Goutham Veeramachaneni, Grafana Labs
Cortex is a distributed version of Prometheus with a lot of moving parts. We have a pretty good getting started guide with enough information to get a working cortex cluster that can ingest data and answer queries. But there is limited material on the day 2 operations: Capacity planning, query performance debugging, and general health monitoring. In this talk, we will take you through the debugging workflow, the typical knobs that should be tweaked for optimal performance, the mixin for cortex that covers the dashboards and alerts, and in general how to approach debugging and maintaining an existing cortex cluster.

Speakers
avatar for Goutham Veeramachaneni

Goutham Veeramachaneni

Senior Software Engineer, Grafana Labs
Goutham is a maintainer of Prometheus and Cortex monitoring systems and a senior software engineer at Grafana Labs.He spent most of his coding career working with and contributing to OSS software. After an internship and a gap semester contributing to OSS software, he now works at... Read More →



Wednesday November 20, 2019 10:55am - 11:30am PST
Room 6C - San Diego Convention Center Upper Level
  Maintainer Track Sessions

10:55am PST

Using TUF and in-toto to Tighten the Release Process - Santiago Torres-Arias, NYU & Justin Cappos, NYU
As enterprise companies move to Cloud Native, the supply chain has become a very attractive target for attacks. An attacker who compromises a project's supply chain can greatly increase the blast radius of their attack to all users of the system. In some cases the exploit is an unintended bug (e.g. Equifax); in others, it is more insidious. In this talk, Santiago and Justin will show you how you can use TUF and in-toto to create a tightly-secured software supply chain. Starting from secure container delivery using TUF, and moving towards the left to tools like build farms, vulnerability scanners, and version control systems. The talk will be grounded in real business delivery values by pointing out common software supply chain misconfiguration pitfalls and through an integration example on one of the largest open source operating systems.

Speakers
avatar for Santiago Torres

Santiago Torres

PhD Student, New York University
avatar for Justin Cappos

Justin Cappos

Professor, NYU
Justin Cappos is a professor in the Computer Science and Engineering department at New York University, who strives to provide service to society through technology. Justin's research philosophy focuses on solving real world security problems in practice. He and his students often... Read More →


Wednesday November 20, 2019 10:55am - 11:30am PST
San Diego Ballroom A - Marriott Marquis San Diego Marina Hotel

10:55am PST

Multiple Networks for Kubernetes Workloads - Piotr Skamruk, CodiLime & Doug Smith, Red Hat
Embark on a tour of CNI multiplexers -- an adventure in attaching multiple network interfaces to pods. We'll show the advantages of each and provide examples to get you started using them. We'll also talk about the history and future of multiple network attachments in Kubernetes.
Kubernetes is based on simplicity, and Kubernetes networking is no different-- simplicity is king. Each pod is given a single IP address, and a single network in which “everything sees everything”.
This model is not always what consumers expect, especially for high performance networking. In this world we need to have network isolation (to isolate traffic between control & data planes) or to have multiple interfaces in pods. This provides operators better control over functionality, latency and throughput.
We'll make sure you're geared up for the adventure with CNI multiplexers and multiple network attachments!

Speakers
avatar for Doug Smith

Doug Smith

Principal Software Engineer, Red Hat, Inc.
Doug Smith is a Principal Software Engineer with Red Hat's Office of the CTO. Focusing on Network Function Virtualization and container technologies, Doug integrates new networking technologies with container systems like Kubernetes and OpenShift. He is a member of the Network Plumbing... Read More →
avatar for Piotr Skamruk

Piotr Skamruk

Software Engineer, Travelping
Piotr is a long-time GNU/Linux and Forth language enthusiast, sys administrator and sys developer. He has worked on kernel sources, backend apps and even on frontends in a wide variety of languages. At Intel he did the kvm flavor for CoreOS RKT, enabling it to run containers on VMs... Read More →



Wednesday November 20, 2019 10:55am - 11:30am PST
Pacific Ballroom, Salon 20-22 - Marriott Marquis San Diego Marina Hotel
  Networking

10:55am PST

Running Large-Scale Stateful Workloads On Kubernetes at Lyft - Surinder Singh & Anmol Khurana, Lyft
Along with core services, K8s at Lyft also forms the base to run a large variety of data processing stateful data processing jobs which includes Spark, Flink and other jobs via various ML and Data processing pipelines.

At Lyft, K8s has become the driver for the majority of our data processing needs running 10s of thousands of concurrent jobs. Operating the platform at this scale presents an unique set of challenges which get more complex with highly variable load pattern.

In this talk, the speakers will share their journey through some of these challenges and learnings.
- Potential pitfalls of running stateful jobs on K8s.
- Knobs/tweaks to optimize K8s for stateful jobs.
- Running k8s in a cloud environment.
- Building a fault-tolerant self-healing system with multiple K8s clusters underneath.

Talk will also focus on optimizations done to support the widely used workloads at Lyft.

Speakers
avatar for Surinder Singh

Surinder Singh

Software Engineer, Lyft
Surinder Singh is a software engineer at Lyft in Seattle. He led execution plane for Flyte, Lyft’s open-source Machine learning and Data processing pipelines platform. Before Lyft, Surinder was at Microsoft where he worked on Azure Storage and SQL Server Query Optimizer.
AK

Anmol Khurana

Software Engineer, Lyft
Anmol Khurana is a software engineer at Lyft. He is part of Data Platform team responsible for leading effort on Containerized Spark on K8s. Before Lyft, Anmol was at Amazon for 5+ years mostly with AWS Elastic Block Store team.



Wednesday November 20, 2019 10:55am - 11:30am PST
Ballroom Sec 20AB - San Diego Convention Center Upper Level
  Operations

10:55am PST

Implementing a Consumer Focused SLA for a Kubernetes Based PaaS - Shrenik Dedhia, Box
Box's (internal) Platform as a Service empowers other Box teams to deliver 100's of micro services, on 1000's of hosts, across 10,000's of pods. As they scaled to support a large number of micro services and clusters, they ran into several scaling challenges around both the control and data planes. In order to deliver a production-grade platform, they realized the need for a Service Level Agreement (SLA) for their platform to not only demonstrate availability for infrastructure, but also "value" for a consumer, and serve as a benchmark to prioritize those challenges.


In this talk, Shrenik Dedhia will present how their team approached the problem of defining a SLA, principles used, options explored, path chosen, and future work to improve the platform's availability from ~99.4% to ~99.99%, thereby improving the overall availability of micro services that power Box.com.

Speakers
avatar for Shrenik Dedhia

Shrenik Dedhia

Sr. Staff Engineer / TLM, Box
Shrenik has been at Box for about 2yrs as a Sr. Staff Engineer, with total 10+ years of experience in designing and implementing secure and scalable platforms. Shrenik is currently leading the Platform As A Service team at Box.



Wednesday November 20, 2019 10:55am - 11:30am PST
Room 11AB - San Diego Convention Center Upper Level
  Performance

10:55am PST

Binary Authorization in Kubernetes - Aysylu Greenberg, Google & Liron Levin, Palo Alto Networks
Kritis is an open-source solution for securing your software supply chain for Kubernetes applications. Kritis enforces deploy-time security policies that ensures only trusted container images are deployed on kubernetes to your cluster. With Kritis, you can require images to be signed by trusted authorities during the development process and then enforce signature validation when deploying. Kritis enables tighter control over your container environment by ensuring only verified images are integrated into production.
Talk outline:
- Introduction to the concept of binary authorization
- Live demo of using Kritis and Grafeas for deploying images with confidence in Kubernetes
- Grafeas and Kritis roadmap
At the end, attendees will gain solid understanding on the process of binary authorization and how to incorporate it in their build and deployment pipelines

Speakers
avatar for Liron Levin

Liron Levin

Chief software architect, Palo alto networks
Liron is the Chief Software Architect at Twistlock, where he focus on scaling, engineering methodologies and security . Before that, he worked as a tech lead at Microsoft on cloud computing and machine learning projects. He is an active contributor to popular open source go projects... Read More →
avatar for Aysylu Greenberg

Aysylu Greenberg

Senior Software Engineer, Google
Aysylu Greenberg is the Tech Lead of GCP Container Analysis, focusing on the software supply chain integrity and security. In her spare time, she ponders the design of systems that deal with inaccuracies, enthusiastically reads CS research papers, and paints.



Wednesday November 20, 2019 10:55am - 11:30am PST
Room 16AB - San Diego Convention Center Mezzanine Level

10:55am PST

Stitching a Service Mesh Across Hundreds of Discrete Networks - Jason Webb & Anil Attuluri, Intuit
Intuit has experienced large growth in its microservices ecosystem over the last few years, which was primarily using a hub and spoke API Gateway for service communication. As the ecosystem expanded, the increased latency and data transfer costs became significant. To facilitate future growth efficiently, Intuit needed a better model. Moving to a distributed Service Mesh running on k8s to enable secure service-to-service communication was the solution. As Intuit was building a migration path for hundreds of services communicating across discrete networks, they faced a host of challenges. While developing a platform to provide end-to-end encryption, they defined a pattern for federated workload identities and learned to manage a federated set of mesh control planes. Jason and Anil will share these learnings and Admiral, a project they are open-sourcing that enabled the migration path.

Speakers
AA

AnilKumar Attuluri

Software Engineer, Intuit, Inc.
Anil is a Software Engineer at Intuit working on some of the key challenges to move Intuit's microservices onto Service Mesh. His other areas of work at Intuit include distributed and scalable rate limiting algorithm, orchestration layer in API Gateway for Graphql and designing OSGi... Read More →
avatar for Jason Webb

Jason Webb

Principle Engineer, Intuit
Jason is the Services Fabric Chief Architect at Intuit. Where he works on building tools and platforms to enable Intuit’s microservices ecosystem. Jason is passionate about cloud-native infrastructure, developer tools & experience, and open source. Prior to Intuit, Jason worked... Read More →



Wednesday November 20, 2019 10:55am - 11:30am PST
Room 6F - San Diego Convention Center Upper Level
  Service Mesh

11:50am PST

K9P: Kubernetes as 9P Files - Terin Stock, Cloudflare
K9P, a virtual file system, exposes the state of a Kubernetes cluster as files. Our terminals have been optimized over the last 40 years towards working with files, kubectl not so much. K9P allows us to carry the mantra of "everything is a file" to the distributed computing extreme.

K9P allows you to integrate Kubernetes resources into an existing workflow, or create new ones. Scale a Deployment by writing to a file. Locate failing Pods with grep. Update configuration in ConfigMaps with sed.

Speakers
avatar for Terin Stock

Terin Stock

Software Engineer, Cloudflare
Software engineer working on scaling bare-metal Kuberentes clusters by day. Builds experiments with esoteric 90s technology by night. Previous talks include an introduction to Kubernetes controllers at KubeCon EU 2018 and Building a Go-based MIDI Player at FOSDEM 2019.



Wednesday November 20, 2019 11:50am - 12:25pm PST
Room 1AB - San Diego Convention Center Upper Level
  Application + Development

11:50am PST

Case Study: AI-as-a-Service on Kubernetes at Scale and In Production - Itay Gabbay, Israel Ministry of Defense (MOD) & Tushar Katarki, Red Hat
AI is popular and yet faces two big challenges in the industry: 1) self-service and automation 2) Use in real production.

At the Israel Ministry of Defense we are taking on the challenges with containers and Kubernetes. We have built AI-as-a-service with open source tools and Kuberentes. Our Data Scientists use the service for data, experimentation and to deliver models into production iteratively with self-service and automation.

Using Kubernetes, we are able to run massive machine learning pipelines automatically, and improve our machine learning models. We implemented several principles of AutoML - a wide research area nowadays. Using AutoML & Kubernetes, we can further improve our machine learning models and pipelines - automatically.

Come find out how we built our AI service on Kubernetes, issues we ran into and best practices with a live demo and supporting slides.

Speakers
avatar for Tushar Katarki

Tushar Katarki

Product Manager, Red Hat
Tushar Katarki is a senior technology professional with experience in cloud architecture, product management and engineering. He is currently at Red Hat as a product manager for OpenShift with focus on AI/ML on OpenShift . Tushar is involved with several open source projects around... Read More →
IG

Itay Gabbay

Machine Learning Engineer, MOD Israel
Itay Gabbay is a software engineer specialized in machine learning and AutoML. He is currently at the Israeli ministry of defense, responsible for a machine learning platform he designed and implemented, based on OpenShift.



Wednesday November 20, 2019 11:50am - 12:25pm PST
Room 6C - San Diego Convention Center Upper Level
  Case Studies

11:50am PST

Leveling Up Your CD: Unlocking Progressive Delivery on Kubernetes - Daniel Thomson & Jesse Suen, Intuit
Kubernetes Continuous Delivery methods have continued to evolve to more advanced strategies such as canary, A/B testing, and blue-green. Progressive delivery is the next step of CD, enabling service promotion for a subset of users in an automated fashion backed by metrics.

There’s no one-size-fits-all on what are the appropriate metrics to drive promotions. Often, the four golden signals (latency, traffic, errors, saturation) are used, but what if this isn’t enough? More sophisticated techniques might use algorithmic or even AI-driven analysis.
The Argo Experiment and Analysis CRDs provides simple constructs to drive automated promotion in an extensible fashion.

This session discusses how Intuit leverages experimentation and analysis, the challenges in providing an automatic but generic approach to analyzing experiments, and envisioning the future of declarative progressive delivery.

Speakers
avatar for Jesse Suen

Jesse Suen

Principal Engineer, Intuit
Jesse is a Principal Engineer at Intuit and a core contributor and technical lead of the open-source Argo suite of projects (Workflows, CD, Rollouts). He has spent the past five years developing microservices-based, distributed applications, and controllers for Kubernetes. He was... Read More →
avatar for Daniel Thomson

Daniel Thomson

Software Engineer, Stytch
Danny Thomson is a software engineer at Stytch working to build the future of user authentication through passwordless options. Previously, Danny worked at Intuit on their Modern Saas platform and contributed to their open-source project: Argoproj. He believes that developer services... Read More →



Wednesday November 20, 2019 11:50am - 12:25pm PST
Ballroom Sec 20CD - San Diego Convention Center Upper Level
  CI/CD

11:50am PST

Growth and Design Patterns in the Extensions Ecosystem - Eric Tune, Google
How big is the Kubernetes Extensions ecosystem today and how quickly has it grown? How many CNCF projects does it touch?  Data gathered from Github over 2 years by the speaker provides detailed answers.  

Based on experience as a Kubernetes contributor and API reviewer, and from analyzing hundreds of extensions, the speaker has identified recurring Design Patterns, like: Provisioner, Composition, Enforcer, Claim, and Class.  End users will learn to recognize the patterns, and API authors will learn when to apply them.
 
The talk will be accessible to a general audience. However, experts on Kubernetes Extensions will still find ideas and data not presented anywhere before. Illustrative examples will be used from various CNCF projects, such as Vitess, Jaeger, OpenEBS, and Rook.


Speakers
avatar for Eric Tune

Eric Tune

Senior Staff Software Engineer, Google
Eric is a Senior Staff Software Engineer at Google, where he is an overall lead technical lead on Google Container Engine (GKE). He started contributing to Kubernetes in 2014. Before Kubernetes, he worked on Google's Borg project, and was a co-author of the Borg paper.



Wednesday November 20, 2019 11:50am - 12:25pm PST
Pacific Ballroom, Salon 23-24 - Marriott Marquis San Diego Marina Hotel

11:50am PST

Deep Dive into Autoscaling - Marcin Wielgus & Vivek Bagade, Google
Come and see how to debug and optimize your autoscalers and decrease your monthly infrastructure costs even further. During this talk members of SIG-Autoscaling will discuss the internals of HPA, VPA and Cluster Autoscaler, their peculiar features, and ways to fine tune them across dimensions like cost and availability. After this talk you will know where to look for information about the autoscaler activity, what settings can be changed and which flags should probably be left alone.

Speakers
avatar for Marcin Wielgus

Marcin Wielgus

Staff Software Engineer, Google
Marcin Wielgus is a Staff Software Engineer at Google. Marcin joined the internet search giant in 2010 and since then he has been working on various projects, ranging from Android applications to recommendation engines. He started contributing to Kuberentes before the 1.0 release... Read More →
avatar for Vivek Bagade

Vivek Bagade

Software Engineer, Google Inc
Vivek works at Google developing Kubernetes Cluster Autoscaler and Node Autoprovisioning. In the past, Vivek worked on building a Kubernetes PaaS for cloud robotics with Rapyuta Robotics and building a contextual advertising platform with Media.net



Wednesday November 20, 2019 11:50am - 12:25pm PST
Exhibit Hall AB - San Diego Convention Center Ground Level
  Maintainer Track Sessions

11:50am PST

Deep Dive into Cloud Provider Azure - Pengfei Ni & Brendan Burns, Microsoft
In this session, we'll dig into the implementation of the Azure cloud provider, and current work to enhance the operations of Kubernetes. Work for Kubernetes 1.17 and designs for the next versions will be discussed. There will be demos of the newest capabilities. You will also learn how the maintainers set up their development environments so you can contribute easily too.

Speakers
avatar for Brendan Burns

Brendan Burns

Distinguished Engineer, Microsoft
Brendan Burns is a co-founder of the Kubernetes open source project and a Distinguished Engineer at Microsoft Azure where he focuses on containers, Kubernetes and DevOps. He has a PhD in Computer Science from the University of Massachusetts and a BA in Computer Science and Studio... Read More →
avatar for Pengfei Ni

Pengfei Ni

Senior Software Engineer, Microsoft
Pengfei Ni is a senior software engineer at Microsoft Azure and maintainer of the kubernetes project. He has extensive experience in Cloud Computing, Kubernetes and Software Defined Networking (SDN). He has given presentations on KubeCon China 2018, ArchSummit 2018, LC3 2018, and... Read More →



Wednesday November 20, 2019 11:50am - 12:25pm PST
Pacific Ballroom, Salon 14-15 - Marriott Marquis San Diego Marina Hotel
  Maintainer Track Sessions

11:50am PST

Deep Dive: Flux the GitOps Operator for Kubernetes - Stefan Prodan, Weaveworks
In this session, Stefan will talk about the GitOps principles governing Flux, its main features and roadmap. Stefan will do a deep dive into Flux’s Kustomize support and show how you can leverage Flux to manage a multi-tenant Kubernetes cluster. We will continue with Flux Helm Operator deep dive to showcase app delivery automation with Git operations.

Speakers
avatar for Stefan Prodan

Stefan Prodan

Developer Experience Engineer, Weaveworks
Stefan is a Developer Experience engineer at Weaveworks and an open source contributor to cloud-native projects like Flagger, FluxCD, Helm Operator, SMI and others. He worked as a software architect and a DevOps consultant, helping companies embrace DevOps and the SRE movement. Stefan... Read More →



Wednesday November 20, 2019 11:50am - 12:25pm PST
Room 16AB - San Diego Convention Center Mezzanine Level
  Maintainer Track Sessions

11:50am PST

Deep Dive: Harbor - Enterprise Cloud-native Artifact Registry - Steven Zou & Daniel Jiang, VMware
Harbor is an open-source trusted cloud-native registry project that stores, signs, and scans content. It has been widely used by organizations large and small around the world to resolve both the container image and Helm Chart management challenges. In this session, we will cover some advanced features of using Harbor, such as OIDC support, improved content replication among Harbor and other non-Harbor registries, content management in a cloud environment, unified management of Helm Chart and container images, quota management, webhooks, tag retention, highly-available deployments and more. Our guest speaker and fellow Harbor maintainer, Daniel Pacak from Aqua Security, will show you how to utilize the pluggable scanning framework in Harbor to increase confidence in your compliance policies.
 
Additionally, we'd like to share some Harbor community-related things like the governance model and contributing guide to encourage more participation in the Harbor community. Furthermore, the team would love to get feedback from users and contributors to current features and future roadmap.

Speakers
avatar for Steven Zou

Steven Zou

Harbor Maintainer, VMware
Jia Zou (Steven) is a staff engineer of VMware China R&D. He is now working on the open-source Project Harbor that is an enterprise-class cloud-native artifact registry as a core maintainer and architect. He previously has worked in HPE, IBM, and Agilent as software engineer for many... Read More →
avatar for Daniel Jiang

Daniel Jiang

Harbor Maintainer, VMware
I'm a software engineer from VMware, who joined the company around the end of 2015. Currently working on a open source registry project called Harbor. I'm one of the founding member of this project.I have been giving speech in different meet-ups talking about docker image management... Read More →



Wednesday November 20, 2019 11:50am - 12:25pm PST
Room 5AB - San Diego Convention Center Upper Level
  Maintainer Track Sessions

11:50am PST

Deep Dive: Prow - Steve Kuznetsov, Red Hat & Alvaro Aleman, Loodse
This session will dive into some of the major features we have added to prow, including how they are implemented, and the challenges we faced. Examples include the new prow monitoring stack, hooking up prow to other bug tracking systems than github, and refactoring prow to support in-repo config to enable better self-service.

Speakers
avatar for Steve Kuznetsov

Steve Kuznetsov

Software Engineer, Red Hat
Steve has been involved in open source and Kubernetes since 2014, joining the Testing SIG and becoming a co-lead in 2017.He has contributed to Kubernetes core since the 1.0 days but these days spends most of his focus on improving the testing infrastructure with the Testing SIG. Steve... Read More →
avatar for Alvaro Aleman

Alvaro Aleman

Software Engineer, Loodse
Alvaro is working on products related to Kubernetes cluster lifecycle management. A year ago, Loodse adopted Prow as its CI/CD platform of choice. In the process, Alvaro started to get involved into its upstream development and stayed active there ever since.


Wednesday November 20, 2019 11:50am - 12:25pm PST
Room 7AB - San Diego Convention Center Upper Level

11:50am PST

gRPC Deep Dive: Prevent Your Service From Overtaking Itself - Lidi Zheng, Google
In any distributed system, it is very common to have mismatched processing power on sending (client) and receiving (server) side. This can result in failures or excessive buffering of messages on either side leading to out-of-memory situation. Fortunately, gRPC has a flow control mechanism that transparently throttles the traffic to protect both services. In this presentation, we will dive into how does networking protocols (like TCP, HTTP, gRPC) control traffic, and how gRPC flow control facilitate your usage of the bandwidth between your services.

Speakers
avatar for Lidi Zheng

Lidi Zheng

Software Engineer, Google
Lidi Zheng is a Software Engineer at Google under the Tech Infra Network Systems area. He is an active maintainer of gRPC repo, and mostly contributing to gRPC Python. He focuses on the API design, distributed system and tooling. Prior to Google, he completed his Master degree from... Read More →



Wednesday November 20, 2019 11:50am - 12:25pm PST
Room 14AB - San Diego Convention Center Mezzanine Level
  Maintainer Track Sessions

11:50am PST

Scaling SPIRE for Performance and Availability - Tyler Julian, Uber
SPIRE, the community-supported implementation of SPIFFE, enables users to take advantage of workload identity primitives like X.509s and JWTs without needing a deep understanding of complex topics like trust bootstrap, secure introduction, and credential provisioning/rotation.

But implementing the SPIFFE standard is not without its difficulties. SPIRE must scale to meet the needs of hundreds of thousands of workloads in today's hybrid cloud architectures. And, despite a requirement for high, efficient throughout, the system must remain resilient in the face of failure.

In this deep dive, we will study the challenges encountered during the implementation of SPIRE, design considerations and philosophy, and production use cases.

Speakers
avatar for Tyler Julian

Tyler Julian

Security Engineer, Uber
Security Engineer at Uber focused on authentication and distributed systems, with a background in cryptocurrency protocols.


Wednesday November 20, 2019 11:50am - 12:25pm PST
Pacific Ballroom, Salon 25-26 - Marriott Marquis San Diego Marina Hotel

11:50am PST

Build Your Own Private 5G Network on Kubernetes - Frank Zdarsky, Red Hat & Raymond Knopp, Eurecom
Private 5G networks are dedicated cellular networks, confined to user premises and tailored to a specific use case. In smart factories, for instance, they may soon enable remote control of robots, augmented reality-enhanced maintenance, and other use cases for which ultra-low latency, high bandwidth, and reliable radio connectivity to local edge computing services is a must.

Did you know you can build your own private 5G network purely from open source software and off the shelf hardware? This session will introduce OpenAirInterface, an open source 5G radio and core network implementation, and how to pick and set up hardware for it. Participants will learn how the latest Kubernetes technologies like Multus, SR/IOV CNI, real-time workers, device plugins, etc. need to come together to support these exigent Containerized Network Functions on Kubernetes and to manage them using Operators.

Speakers
avatar for Raymond Knopp

Raymond Knopp

Professor, EURECOM and President, OpenAirInterface Software Alliance (OSA)
Raymond Knopp is currently serving as Professor in the Communication Systems Department at EURECOM. He received his PhD degree in Communication Systems from the Swiss Federal Institute of Technology (EPFL), Lausanne. His current research and teaching interests are in Digital Communications... Read More →
avatar for Frank Zdarsky

Frank Zdarsky

Senior Principal Software Engineer, Red Hat
In the old days, long before NFV had its name, Frank was leading mobile network research at a large telco equipment provider and running mobile network services on public cloud. He later joined Red Hat's Office of the CTO to build and lead a team of great engineers that worked with... Read More →



Wednesday November 20, 2019 11:50am - 12:25pm PST
Room 17AB - San Diego Convention Center Mezzanine Level
  Networking

11:50am PST

Doing Things Prometheus Can’t Do with Prometheus - Tim Simmons, DigitalOcean
The current Cloud Native Observability dogma is that metrics (and logs and traces) are “not good enough” and that this brave new world needs brave new Observability tools. This is false.

This session will focus on how to utilize Prometheus and friends to solve problems that are typically cited as limitations. This talk is for anyone interested in learning how Prometheus can solve the majority of your Observability problems, no vendor required.

An outline of this talk is:
- How to thoughtfully utilize existing Observability tools
- Deploying High Availability Prometheus
- Effectively interacting with high-cardinality data
- Long-term metrics storage
- Doing “machine learning” on metrics
- Handling thousands of alerts in a sane way (https://twitter.com/timsimlol/status/1145790451129167872)
- How to measure *everything* with Prometheus
- Fostering a healthy Observability culture with SLOs

Speakers
avatar for Tim Simmons

Tim Simmons

Senior Engineer, DigitalOcean
Tim Simmons is a Senior Engineer on the Observability Platforms team at DigitalOcean. He primarily cares for DigitalOcean's internal Prometheus infrastructure. On a normal day, he helps his colleagues with PromQL queries, writes custom Prometheus exporters, and builds tools around... Read More →



Wednesday November 20, 2019 11:50am - 12:25pm PST
Ballroom Sec 20AB - San Diego Convention Center Upper Level
  Observability

11:50am PST

Shipping Metrics From the Edge - Matthias Loibl, Red Hat
Computing is getting pushed to the edge, it may be your car, TV, washing machine, or your toaster. All these devices have a lot of computing power these days. While extending the cloud to the edge is getting solved with projects like KubeEdge or k3s, in this talk we want to take a closer look at how to run Prometheus on them. We want to configure Prometheus in a way that we can replicate its data to a central collecting point, that is running Thanos on Kubernetes in a replicated setup, and then make use of all the shipped metrics to efficiently query across the entire fleet.

Speakers
avatar for Matthias Loibl

Matthias Loibl

Senior Software Engineer, Polar Signals



Wednesday November 20, 2019 11:50am - 12:25pm PST
Room 11AB - San Diego Convention Center Upper Level
  Observability

11:50am PST

Don’t Catch Feelings, Catch Issues With Kuberhealthy - Joshulyne Park & Shilla Saebi, Comcast
Kuberhealthy is a synthetic monitoring operator for both apps and Kubernetes clusters. Learn how to increase application and cluster observability by replicating real workflow and carefully checking for the expected behavior to occur. With Kuberhealthy, our team has been able to reliably monitor all critical Kubernetes cluster functionality in order to catch issues before our developers do. With Kuberhealthy, you can write your own tests of any kind in your own container and Kuberhealthy will manage everything else, including the creation of Prometheus metrics.

As we’ve transitioned more and more cloud workloads to elastic, self-healing Kubernetes clusters, the job of keeping the clusters running smoothly has become more challenging and important. That’s why we’re so excited to share Kuberhealthy, a new open-source tool we built at Comcast to keep our Kubernetes clusters running at their best.

Speakers
avatar for Joshulyne Park

Joshulyne Park

Cloud Engineer, Comcast Technology Solutions
Joshulyne Park is a Cloud Engineer working on building a highly scalable and reliable Kubernetes platform to support all of Comcast Technology Solutions products and services. She is a graduate of Comcast's Career Opportunities and Rotational Experiences (CORE) technology program... Read More →
avatar for Shilla Saebi

Shilla Saebi

Program Manager, Open Source, Comcast
Shilla Saebi is an Open Source Program Manager who focuses on community and has been with Comcast for almost a decade. She has worked in many diverse roles within the tech industry in positions ranging from operations engineering, system administration, customer service, and network... Read More →



Wednesday November 20, 2019 11:50am - 12:25pm PST
Room 6F - San Diego Convention Center Upper Level
  Operations

11:50am PST

Did Kubernetes Make My p95s Worse? - Jian Cheung & Stephen Chan, Airbnb
When Airbnb first evaluated Kubernetes, they explicitly tested for performance and saw no significant differences. Then in 2019, as Airbnb’s migration of services from EC2/Chef to Kubernetes went into full swing, performance problems started cropping up. Service owners noticed significant latency increases which threatened to halt the overall move to Kubernetes. This talk will share Airbnb’s journey on performance gains and losses in its mass migration to Kubernetes. It will dive into the investigations Airbnb has done, from hardware differences, to cluster settings, to container configurations, to service language problems, and more.

Speakers
SC

Stephen Chan

Software Engineer, Airbnb
Stephen has worked on Airbnb during much of its Kubernetes migration, from the first production service to hundreds of services running across many clusters and different environments. He previously spoke about a few custom controllers in use at Airbnb at Kubecon 2018.
avatar for Jian Cheung

Jian Cheung

Software Engineer, Airbnb
Jian Cheung is a software engineer on the Compute Infrastructure Team at Airbnb. He works on supporting application and infrastructure service abstractions running on Kubernetes. He has previously spoken about [performance gotchas on Kubernetes](https://kccncna19.sched.com/event/UaXm/did-kubernetes-make-my-p95s-worse-jian-cheung-stephen-chan-airbnb... Read More →



Wednesday November 20, 2019 11:50am - 12:25pm PST
Room 15AB - San Diego Convention Center Mezzanine Level
  Performance

11:50am PST

From Brownfield to Greenfield: Istio Service Mesh Journey at Freddie Mac - Shriram Rajagopalan, Tetrate & Lixun Qi, Freddie Mac
Freddie Mac is one of the two mortgage loan corporations in the United States managing trillions of dollars of assets across the country. Our infrastructure is spread across different Kubernetes providers, hardware load balancers, and large swaths of virtual machines. In this talk, we describe our service mesh adoption journey in a highly regulated financial compliance environment. We will discuss both greenfield and brownfield environments, to gain full visibility and traffic management capabilities using Istio/Envoy. We will highlight the changes to our GitOps development workflow, changes to our age old organizational practices, and how the service mesh journey forced us to foster deeper co-operation between traditionally siloed security, platform and application development teams as we tried to weave a mesh over the old and new.

Speakers
avatar for Shriram Rajagopalan

Shriram Rajagopalan

Unprincipled Engineer, Tetrate
Shriram Rajagopalan is one of the founding engineers behind the Istio service mesh project, and an early contributor to Envoy. He currently maintains the networking subsystem within Istio. Prior to working on Istio/Envoy, he worked on the Xen hypervisor, the Linux kernel, network... Read More →
avatar for Lixun Qi

Lixun Qi

Sr Tech Lead, Freddie Mac
Lixun Qi is a Sr Tech Lead at Freddie Mac, focused on building company-wide cloud native computing platforms. His responsibilities include Kubernetes, service mesh, software defined networking, information security and all the automation through GitOps. Much of time these days is... Read More →



Wednesday November 20, 2019 11:50am - 12:25pm PST
Hall D - San Diego Convention Center
  Service Mesh

2:25pm PST

Cloud Native Architecture: Monoliths or Microservices? - Goutham Veeramachaneni & Edward Welch, Grafana Labs
Microservices are the rage right now and for very good reasons. But microservices are not without drawbacks, requiring a complicated configuration and deployment, increasing the barrier to entry for both developers and users alike. This poor user experience can slow the rate of adoption for a project and hinder developers.

There is a solution to this problem seeing a lot of success. A single binary app which can act as a monolith but can also be scaled as microservices. Thanos being a great example, where the kickstart is super simple yet can be scaled out as required. The Loki project was patterned after a similar model and we’ve since re-architected Cortex as well. In the talk we will explore how an application can be architected to be both a monolith and microservices, improving both adoption and ease of use while still allowing to scale as a cloud native microservices application.

Speakers
avatar for Edward Welch

Edward Welch

Software Engineer, Grafana Labs
Ed is a newbie to the CNCF community but has a long history of software development from robotic control systems to telecom middleware. He has worked in both startups and large enterprises, and currently works at Grafana Labs where he focuses mainly on the Loki project, an open source... Read More →
avatar for Goutham Veeramachaneni

Goutham Veeramachaneni

Senior Software Engineer, Grafana Labs
Goutham is a maintainer of Prometheus and Cortex monitoring systems and a senior software engineer at Grafana Labs.He spent most of his coding career working with and contributing to OSS software. After an internship and a gap semester contributing to OSS software, he now works at... Read More →



Wednesday November 20, 2019 2:25pm - 3:00pm PST
Ballroom Sec 20CD - San Diego Convention Center Upper Level
  Application + Development

2:25pm PST

Krane: A Developer-Centric Deploy Tool - Daniel Turner & Katrina Verey, Shopify
Have you ever shipped changes to a Kubernetes app and found yourself wondering what actually happened? Krane is an open-source command-line tool created to solve this problem: it helps developers, especially those who may be new to Kubernetes, deploy with confidence.

Krane translates Kubernetes’ asynchronous convergence process into a clear pass/fail result for each deploy. It detects unsuccessful rollouts and shows developers the information they need to take corrective action. Krane also helps ensure dependencies are rolled out in a sane order, it natively supports custom resources, it allows developers to run scripts as part of their deploys, and more! Come find out what Krane can do, learn how its design makes it resilient and scalable, and discover how it may help your organization provide a better developer experience for Kubernetes apps.

Speakers
avatar for Daniel Turner

Daniel Turner

Senior Software Developer, Shopify
Daniel Turner is a senior software developer at Shopify. He is part of the team building Shopify’s Kubernetes-based platform-as-a-service. He came to the team after working on deploying and running Kubernetes in Shopify’s data centers. Daniel is an experienced speaker and currently... Read More →
avatar for Katrina Verey

Katrina Verey

Staff Software Developer, Shopify
Katrina Verey is a staff software developer who has been working on Shopify’s Kubernetes-based platform-as-a-service since its inception as an experiment in early 2016. She has championed and contributed to projects in many areas, from CI/CD tooling to controller frameworks to user... Read More →



Wednesday November 20, 2019 2:25pm - 3:00pm PST
Room 17AB - San Diego Convention Center Mezzanine Level
  CI/CD

2:25pm PST

Emitting, Consuming, and Presenting: The Event Lifecycle - Jesse Dearing, VMware
You’re building a suite of operators and processes that will run in your cluster to make your job easier. You’ve written CRDs to manage cluster and out of cluster resources, you’ve set up your monitoring with Prometheus, and set up horizontal pod autoscaling. How do you know what’s happening in your cluster? In this talk we’ll cover different ways to emit events related to cluster objects using Kubernetes events, using metrics to drive events, different techniques for consuming events, and ways for folks to create events without touching a command line. After attending this talk, you should be able to take advantage of events and metrics occurring inside the cluster and be able to produce your own events relevant to your cluster.

Speakers
avatar for Jesse Dearing

Jesse Dearing

Senior SRE, VMware
Jesse is a senior site reliability engineer at VMware with over a decade of professional experience. Jesse's primary focus is building platforms to support running resilient software in production. Jesse loves taking existing services and writing code to support the operations of... Read More →



Wednesday November 20, 2019 2:25pm - 3:00pm PST
Room 11AB - San Diego Convention Center Upper Level

2:25pm PST

Panel: Enterprise-grade, On-prem Kubeflow in the Financial Sector - Laura Schornack, JPMorgan Chase; Jeff Fogarty, US Bank; Josh Bottum, Arrikto; & Thea Lamkin, Google
This presentation will explore the journeys of two ML architects from JPMorgan Chase and US Bank, who have deployed Kubeflow into their on-premise environments. These subject matter experts will review their pre-installation checklists, their software architectures, and their operating expectations. They will pinpoint the critical features for an enterprise-grade deployment like authentication and authorization, data management, credentials management, and support for air gapped environments. They will also discuss their collaboration with the Kubeflow code contributors to define requirements and develop new functionality. The talk will include a review of planned Kubeflow enhancements, and a roadmap for those deliveries by code contributors to the Kubeflow On-Prem Special Interest Group (SIG).


Speakers
avatar for Josh Bottum

Josh Bottum

Vice President, Arrikto
I am a Kubeflow Community Product Manager and VP at Arrikto. We simplify storage architectures and operations for K8s platforms.
JF

Jeff Fogarty

Innovation Engineer,, US Bank
Jeff Fogarty is an Innovation Engineer at US Bank Supporting a team of Data Scientists. He participates with the Kubeflow open source community focusing on On-Prem functionality. Jeff speaks at technical events and conferences including the Kubeflow Contributors Summit and Cloud Native... Read More →
avatar for Thea Lamkin

Thea Lamkin

Open Source Developer Relations Program Manager, Google
Thea Lamkin leads Google's Open Source Developer Relations Program for Kubeflow. Thea sets the developer program strategy for Kubeflow and executes on the tactical work items and events necessary to make Kubeflow a success. Thea specializes in Open Source Community Architecture, Developer... Read More →
LS

Laura Schornack

Sr. Architect, JPMorgan Chase
Laura Schornack is a JPMorgan Chase lead design architect and expert engineer for shared services. Previously, she worked for other leading tech organizations such as IBM and Nokia. She holds a degree in computer science from the University of Illinois at Urbana-Champaign. Laura presents... Read More →



Wednesday November 20, 2019 2:25pm - 3:00pm PST
Room 14AB - San Diego Convention Center Mezzanine Level
  Machine Learning + Data

2:25pm PST

CRI-O: Under the Hood - Mrunal Patel, Red Hat, Inc. & Sascha Grunert, SUSE
CRI-O is an open-source container runtime created for Kubernetes. The project was recently added to the CNCF incubator and has a very active user and contributor community established around it. In this session, Mrunal Patel and Sascha Grunert will show how CRI-O works under the hood. The talk will cover in-depth how the life cycle of Kubernetes workloads is managed by CRI-O in conjunction with the kubelet. They will demonstrate how CRI-O utilizes lower level runtimes like runc to manage the lifecycle of containers, how networking is setup for pods and how system utilities can be used to get a system view of a node using CRI-O. The talk will also cover recent features added to CRI-O for production use cases such as dual-stack IPv6 support and repository mirroring to be able to run kubernetes clusters in a disconnected environment. Attendees will gain a deeper understanding of CRI-O and how to use it for advanced use cases.

Speakers
MP

Mrunal Patel

Senior Principle Software Engineer, Red Hat
Mrunal Patel is a Principal Software Engineer at Red Hat working on containers for Openshift. He is a maintainer of runc/libcontainer and the OCI runtime specification. He is the lead developer of CRI-O. He has helped contribute support for user namespaces to the Go programming language... Read More →
avatar for Sascha Grunert

Sascha Grunert

Senior Software Engineer, SUSE
Sascha is a Senior Software Engineer at SUSE, where he works on many different container related open-source projects like Kubernetes and CRI-O. He joined the open-source community in November 2018, having gained container experience before joining SUSE. Sascha's passions include... Read More →



Wednesday November 20, 2019 2:25pm - 3:00pm PST
Room 5AB - San Diego Convention Center Upper Level
  Maintainer Track Sessions

2:25pm PST

Deep Dive Into API Machinery - Antoine Pelisse, Google & Stefan Schimanski, Red Hat
SIG API Machinery is responsible for all generic API topics in Kubernetes, i.e. for the generic API server implementation, API CRUD semantics, discovery, the admission control mechanism, conversion, defaulting, persistence with etcd, general controllers like garbage collection, Go client libraries, code generation and extension points like CustomResourceDefinitions, aggregation & admission. This session will have two parts: A deep dive into a selection for API Machinery topics, probably: defining API types in Golang, groups+versions+kinds+resources, tags, code-generation, schemes, different variants of codecs – and how to use all this with CustomResourceDefinitions and a custom client-go client. time for general discussion and opportunity for API machinery questions. This session is targetted especially at: People using the Kubernetes APIs with client-go and wanting to understand what is going on behind the scenes People extending Kubernetes with APIs using aggregated API servers or CustomResourceDefinitions

Speakers
avatar for Stefan Schimanski

Stefan Schimanski

Senior Prinicpal Software Engineer, Red Hat
Stefan is a Senior Principal Software Developer at Red Hat working on Kubernetes and OpenShift, with a focus on API machinery, extension points and developer tools as part of Sig API Machinery. He contributed a major part of the CRD feature set. Stefan is a 2nd time GoogleSummer of... Read More →
AP

Antoine Pelisse

Software Engineer, Google



Wednesday November 20, 2019 2:25pm - 3:00pm PST
Room 1AB - San Diego Convention Center Upper Level
  Maintainer Track Sessions

2:25pm PST

Deep Dive: CNI - Bryan Boreham, Weaveworks & Dan Williams, Red Hat
CNI, the Container Network Interface, is a small but critical piece of infrastructure linking runtimes such as Kubernetes and CloudFoundry to dozens of different container network implementations. This session is aimed at implementers of network plugins and runtimes using CNI, as well as anyone interested in contributing to the project or becoming a maintainer. We will recap recent changes, look at the roadmap ahead, and have plenty of time for discussion and Q&A.

Speakers
avatar for Dan Williams

Dan Williams

Principal Software Engineer, Red Hat
Daniel C. B. Williams is a Principal Software Engineer at Red Hat, with a focus on container networking and orchestration, specifically with OpenShift, Kubernetes, CNI, and related projects. As co-lead of the Kubernetes SIG Network group, lead of the Network Plumbing Working Group... Read More →
avatar for Bryan Boreham

Bryan Boreham

Distinguished Engineer, Weaveworks
Bryan is a Distinguished Engineer at Weaveworks, the GitOps company. After first getting into programming as a kid, creating a video game called "Splat", Bryan's career has ranged from charting pie sales at a bakery to real-time pricing of billion-dollar bond trades. At Weaveworks... Read More →



Wednesday November 20, 2019 2:25pm - 3:00pm PST
Room 15AB - San Diego Convention Center Mezzanine Level
  Maintainer Track Sessions

2:25pm PST

Geo-partitioning with Vitess - Deepthi Sigireddi & Jitendra Vaidya, PlanetScale
Geo-partitioning is an emerging requirement for multinational corporations. Laws such as the GDPR in Europe stipulate where a user’s data needs to be physically located, as well as when it can be transferred out of the EU. We expect additional legal jurisdictions to pass similar laws in the coming years, and that database management systems will require native functionality to assist in compliance. In the case of Vitess, one of its distinguishing features is support for flexible sharding schemes. This can easily be extended to support a custom sharding scheme that respects geo-partitioning requirements. In this deep dive we will first explore how and then demonstrate a database cluster built using the custom sharding scheme that solves data residency at the database layer obviating the need for any change at the application layer.

Speakers
avatar for Jiten Vaidya

Jiten Vaidya

CEO - ama Vitess and PlanetScale, PlanetScale
Jitendra (Jiten) Vaidya is co-founder and CEO at PlanetScale (https://planetscale.com), a company that supports Vitess (https://vitess.io). For most of his career, he worked as a backend infrastructure engineer and manager at companies such as Dropbox, YouTube and Google. It was at... Read More →
avatar for Deepthi Sigireddi

Deepthi Sigireddi

Software Engineer, Planetscale, Inc.
Deepthi is a Software Engineer at PlanetScale, where she leads the open source engineering team for Vitess, a CNCF project. She is also the Technical Lead for Vitess in the open source community. She brings over 20 years of experience building scalable systems to this role. She enjoys... Read More →



Wednesday November 20, 2019 2:25pm - 3:00pm PST
Room 6D - San Diego Convention Center Upper Level
  Maintainer Track Sessions

2:25pm PST

Jaeger Deep Dive - Yuri Shkuro, Uber Technologies & Pavol Loffay, Red Hat
This session is dedicated to an in-depth understanding of the Jaeger project. We will give a short demo of the recently added features, talk about various topics including the architecture, adaptive sampling, multi-tenancy, and configuration, and review the roadmap. After this session the attendees should better understand the Jaeger architecture, how to deploy it and get the best benefits, and to make contributions to the project.

Speakers
avatar for Pavol Loffay

Pavol Loffay

Senior Software Engineer, Red Hat
avatar for Yuri Shkuro

Yuri Shkuro

Software Engineer, Uber Technologies
Yuri Shkuro is a software engineer at Uber Technologies, working on distributed tracing, observability, reliability, and performance problems; author of the book ["Mastering Distributed Tracing"](https://www.shkuro.com/books/2019-mastering-distributed-tracing/); creator of Jaeger... Read More →



Wednesday November 20, 2019 2:25pm - 3:00pm PST
Room 16AB - San Diego Convention Center Mezzanine Level
  Maintainer Track Sessions

2:25pm PST

SIG Release - Deep Dive: Release Engineering Subproject - Stephen Augustus, VMware & Hannes Hörl, Pivotal
The Kubernetes SIG Release is chartered with producing project releases on a reliable schedule. A key component of this is release automation and build tooling. The process/procedures and tools used to create and maintain Kubernetes release artifacts are the responsibility of SIG Release’s recently created Release Engineering subproject. In the early days of the project this code was heavily dependent on a Google presence and is one of (if not _the_) final remnants of that historical connection to the project’s origination. As SIG Release work to shift these last pieces into a community led process and community maintained code, we need your assistance. This deep dive will present an overview of the major moving pieces in the release pipeline, detail the code/process enhancements and improvements currently underway, and share opportunities where you can join in the Release Engineering subproject to assist in making its code more robust and community sustainable.

Speakers
avatar for Stephen Augustus

Stephen Augustus

Lead, Cloud Native Tools & Advocacy, VMware
Stephen Augustus is an active leader in the Kubernetes community. He currently serves as a Special Interest Group Chair (Release, PM), a Release Manager, and a subproject owner for Azure.Stephen leads the Cloud Native Developer Strategy team at VMware, driving meaningful interactions... Read More →
avatar for Hannes Hörl

Hannes Hörl

Staff Software Engineer, Pivotal



Wednesday November 20, 2019 2:25pm - 3:00pm PST
Pacific Ballroom, Salon 25-26 - Marriott Marquis San Diego Marina Hotel
  Maintainer Track Sessions

2:25pm PST

Liberating Kubernetes From Kube-proxy and Iptables - Martynas Pumputis, Cilium
iptables and Netfilter are the two foundational technologies of kube-proxy for implementing a Service abstraction. They carry legacy accumulated over 20 years of development grounded in a more traditional networking environment that is typically far more static than your average Kubernetes cluster. In the age of containers, they are no longer the best tool for the job, especially in terms of performance, reliability, scalability, and operations.

Companies like Google, Facebook and Cloudflare have long realised this and therefore embraced eBPF as technology, which lets one to dynamically reprogram the kernel. Can we replicate the same success story in Kubernetes?

In this talk, the audience will learn about running a fully functioning Kubernetes cluster without iptables, Netfilter and thus without kube-proxy in a scalable and secure way with the help of eBPF and Cilium.

Speakers
avatar for Martynas Pumputis

Martynas Pumputis

Software Engineer, Isovalent
Martynas Pumputis is a Software Engineer at Isovalent working on Cilium, eBPF and Linux kernel.



Wednesday November 20, 2019 2:25pm - 3:00pm PST
Ballroom Sec 20AB - San Diego Convention Center Upper Level
  Networking

2:25pm PST

Beyond Getting Started: Using OpenTelemetry to Its Full Potential - Sergey Kanzhelev, Microsoft & Morgan McLean, Google
OpenTelemetry is a cloud-native set of APIs and libraries used to generate, collect, and export telemetry from distributed systems. This session goes beyond a basic introduction, and demonstrates how you can customize OpenTelemetry’s components and architecture for the unique needs of your app. Attendees will learn how to set up and configure built-in data collectors, how to write their own instrumentation, how to extend and enrich automatically collected telemetry with app-specific information, and how to send this data to Prometheus and Jaeger for analysis.

Speakers
avatar for Morgan McLean

Morgan McLean

Product Manager, Google
Morgan is a co-founder of OpenCensus and OpenTelemetry, and has spent much of his career as an engineer and product manager working on distributed systems and developer tools. Morgan is responsible for Google's distributed tracing, profiling, and debugging tools, including Stackdriver... Read More →
avatar for Sergey Kanzhelev

Sergey Kanzhelev

Staff Software Engineer, Google
I'm working in Microsoft in Azure Monitor team and was involved over years in all sorts of app monitoring initiatives and products like SCOP APM and Application Insights. Currently I'm working on making the world a better observable world by contributing to OpenTelemetry success... Read More →



Wednesday November 20, 2019 2:25pm - 3:00pm PST
Room 6C - San Diego Convention Center Upper Level
  Observability

2:25pm PST

Fidelity’s Move to “Finance Grade” Kubernetes with GitOps - Alexis Richardson, Weaveworks & Rajarajan Pudupatti SJ, Fidelity Investments
At Fidelity Investments, every application must meet a unique mix of regulatory, security and governance requirements to protect millions of customers.

When Fidelity adopted Kubernetes for cloud application delivery, they teamed up with AWS and Weaveworks to use GitOps as a tool to analyze and implement a compliant platform. In this session, Rajan Pudupatti, Cloud Platforms Architect at Fidelity Investments and Alexis Richardson, CEO of Weaveworks will present the story. They’ll share when to automate, how to secure your CD pipeline, the process for adding deployment policy for clusters and applications, and connecting enterprise development tools to cloud automation services.

The session covers challenges and lessons learned implementing the Kubernetes platform with GitOps best practices, to operate efficiently and securely at scale.

Speakers
avatar for Alexis Richardson

Alexis Richardson

Founder & CEO, Weaveworks
Alexis is the CEO of Weaveworks and the chairman of the TOC for CNCF. Previously he was at Pivotal, as head of products for Spring, RabbitMQ, Redis, Apache Tomcat and vFabric. Alexis was responsible for resetting the product direction of Spring and transitioning the vFabric business... Read More →
avatar for Rajarajan Pudupatti SJ

Rajarajan Pudupatti SJ

Director, Cloud Platform Architecture, Fidelity Investments
Rajarajan is a Cloud Platform Architect at Fidelity Investments. At Fidelity, he drives the engineering behind implementing various container & serverless platforms at enterprise scale. His current focus is on building an ecosystem of frameworks, tools and design patterns that will... Read More →


Wednesday November 20, 2019 2:25pm - 3:00pm PST
Exhibit Hall AB - San Diego Convention Center Ground Level

2:25pm PST

NHD - A Topology-Aware Scheduler for K8s for Low-Latency & HPC Applications - Cliff Burdick, ViaSat
With an increasing number of HPC, NFV, and other low-latency applications moving to containers, the ability to schedule these workloads efficiently is important for increasing user adoption. The default scheduler in Kubernetes does an excellent job at scheduling cloud-native workloads, but is lacking the ability to schedule low-latency workloads properly. NHD attempts to bridge this gap by introducing a custom scheduler for Kubernetes that’s aware of hardware topology, CPU characteristics, and the application’s threading model. In this talk, we’ll go over the ways NHD integrates with Kubernetes, how it’s used, and the features it offers.

Speakers
avatar for Cliff Burdick

Cliff Burdick

Senior DevTech Engineer, NVIDIA
Cliff is working at NVIDIA where he focuses on optimizing GPU code for signal processing, numerical computing, and GPU/networking IO. Previously he worked at ViaSat designing the ground system software for high-throughput satellites. At ViaSat he developed an open-source Kubernetes... Read More →



Wednesday November 20, 2019 2:25pm - 3:00pm PST
Pacific Ballroom, Salon 14-15 - Marriott Marquis San Diego Marina Hotel
  Performance

2:25pm PST

Piloting Around the Rocks: Avoiding Threats in Kubernetes - Robert Tonic & Stefan Edwards, Trail of Bits
Over three months in 2019, Trail of Bits completed the first-ever security review of Kubernetes, consisting of source review, dynamic testing, and threat modeling. One artifact, the threat model, lets users understand the risks of any given feature or deployment. We’ll show attendees how to make the most of this invaluable resource.

First, we’ll break down the architecture of Kubernetes into trust zones. These are security boundaries where controls should be enforced. Incorrectly implemented controls can result in catastrophic security failures.

After we describe the trust zones, you’ll find the architectural issues are easy to identify. We’ll discuss a few! We’ll also situate vulnerabilities we found in our code review into each trust zone.

Finally, we’ll teach you how to review your own Kubernetes environment using our threat model to get simple answers to your security questions.

Speakers
avatar for Robert Tonic

Robert Tonic

Security Engineer, Trail of Bits
Robert performs audits and assessments of blockchain and web-related technologies in our assurance practice. He most enjoys client interactions, especially those that help clients uncover deep-rooted design flaws and correctness issues. Prior to joining Trail of Bits, Robert worked... Read More →
SE

Stefan Edwards

Principal Security Engineer, Trail of Bits
Stefan performs assurance work across a variety of verticals, from blockchain to IoT to Defense. In addition, he’s heavily involved in our infrastructure and architecture review work, and makes discerning comments in our reports. Prior to Trail of Bits, Stefan worked at nVisium... Read More →



Wednesday November 20, 2019 2:25pm - 3:00pm PST
Pacific Ballroom, Salon 20-22 - Marriott Marquis San Diego Marina Hotel

2:25pm PST

There's a Bug in My Service Mesh! What Do You Do When the Mesh is At Fault? - Ana Calin, Paybase & Risha Mars, Buoyant
A service mesh is an increasingly necessary tool when running and debugging modern applications. But what do you do when there’s a bug in the mesh itself?

Paybase offers the most flexible, developer-native, API-driven solution for payments, compliance and risk. They use the Linkerd service mesh to process all requests that come through their complex system of microservices, where it is highly useful for out of the box gRPC load balancing which allows Paybase to scale their application.

In this talk, Ana and Risha will talk about different Linkerd bugs that Paybase encountered after deploying Linkerd to their staging environment, and how they worked with the Linkerd maintainers to track them down and squash them.

This talk also explores the relationship between companies that rely on open source software and their interactions with maintainers in the path to getting bugs fixed.

Speakers
avatar for Ana Calin

Ana Calin

Systems Engineer, Paybase
Ana is a Systems Engineer at Paybase, an emerging London FinTech. As a Systems Engineer Ana builds the infrastructure of Paybase’s service oriented platform, creates, updates and maintains monitoring and logging systems and incident response management systems. Previously Ana has... Read More →
avatar for Risha Mars

Risha Mars

Software Engineer, Buoyant
Risha is a Software Engineer at Buoyant, and is a core contributor to the Linkerd project. She worked on the CLI and controller (Golang) as well as the Linkerd dashboard (React). Currently Risha is working on Dive, Buoyant’s newest product. Previously, Risha worked on the Ads team... Read More →



Wednesday November 20, 2019 2:25pm - 3:00pm PST
Hall D - San Diego Convention Center
  Service Mesh

3:20pm PST

Panel: Improving and Managing Kubernetes at Scale - Xiang Li, Alibaba; Corin Dwyer, Netflix; Amit Bose, Uber; June Liu & Harry Zhang, Pinterest
Companies like Alibaba, Uber, and Pinterest are managing a huge fleet of machines with demanding and complicated workload. To evolve our infrastructure and adopt Kubernetes, we faced many challenges around scalability, reliability, flexibility and operationality. And today, after overcame those difficulties, we are running some of the largest Kubernetes clusters in the world.

In this panel, we would like to share our real world experience on improving and managing Kubernetes with harsh requirements. We believe the stories are interesting themselves, and many of the lessons we learned also apply to small-mid size cluster operators and users.

Speakers
AB

Amit Bose

Senior Software Engineer II, Uber
JL

June Liu

Staff Software Engineer, Pinterest Inc
After spending years in large organization, June joined Pinterest to explore the vast ocean of open source and start up spirit. Her interests focus on container orchestration, large scale cluster operations and developer tools. She currently works on the compute platform team at Pinterest... Read More →
avatar for Xiang Li

Xiang Li

Senior Staff Engineer, Alibaba
李响,阿里云智能资深技术专家,负责阿里巴巴大规模集群调度与管理系统,帮助阿里巴巴通过云原生技术初步完成了基础架构的转型,实现了资源利用率与软件的开发和部署效率的大幅提升,并同步支撑了云产品的技术演进。CNCF... Read More →
HZ

Harry Zhang

Software Engineer, Pinterest
Harry is a Software Engineer from Pinterest working on its Kubernetes based next generation container cloud. Harry is interested in large scale cluster management solutions and related technologies. Harry is currently a Kubernetes contributor and a CNCF Certified Kubernetes Administrator... Read More →
CD

Corin Dwyer

Senior Software Engineer, Netflix
Corin Dwyer is a senior software engineer within the Netflix compute platform development team. Before working on Titus, Netflix's container platform, he worked on infrastructure engineering for the Netflix content organization and before that in healthcare. He has worked across the... Read More →


Wednesday November 20, 2019 3:20pm - 3:55pm PST
Room 6C - San Diego Convention Center Upper Level

3:20pm PST

Is There a Place for Performance Sensitive Workloads in Kubernetes? - Gergely Csatari & Levente Kale, Nokia
Kubernetes and its ecosystem is used to manage the workload of several big web facing services, serving billions of users every day. But, the same stack is not quite ready to serve the "other" industry delivering the packets to the web-scale users: telecommunication. Due to the nature of the TelCo industry these applications are highly reliable and they must handle realtime media for a high amount of subscribers. There are some areas in the current Kubernetes architecture which are not -yet- ready to fulfill these requirements. This presentation lists these shortcomings, and also proposes various already existing, or new open-source projects needed to build a production-grade, Kubernetes based infrastructure for the edge - like it was done with Akraino Radio Edge cloud.

Speakers
avatar for Gergely Csatari

Gergely Csatari

Senior Open Source Specialist, Nokia
Gergely is working in the central part of Nokia-s OSPO and partially responsible for the outgoing contributions. He is a contributor for cloud infrastructure to Anuket, the OpenInfra ECG and the CNCF TUG communities. Speaker experiences cover several presentations in OpenStack and... Read More →
avatar for Levente Kálé

Levente Kálé

Product architect, Nokia
Passionate cloud architect tirelessly working on marrying 5G with open source, containerization, and cloud-native; both within Nokia and Akraino.Always up for a chat regarding networking and resource management in Kubernetes, or the many challenges of putting TelCo stuff on everyone's... Read More →



Wednesday November 20, 2019 3:20pm - 3:55pm PST
Room 15AB - San Diego Convention Center Mezzanine Level

3:20pm PST

Kubeflow: Multi-Tenant, Self-Serve, Accelerated Platform for Practitioners - Kam Kasravi, Intel & Kunming Qu, Google
The kubeflow platform provides a self-serve multi-tenant platform on k8s for ML developers. Users can train their models using accelerated hardware in an isolated environment. Jobs can be configured and triggered from a notebook with no devops involvement. We leverage optimized libraries such as Intel® DAAL, Intel® MKL-DNN now included in tensorflow 1.14.+. Models can be monitored using Application CR deployed with kubeflow. All attendees can join the demo, create their own workspace and try out features. Attendees will walk away understanding how to run multi-tenancy on Kubernetes with kubeflow.

Highlights:
Self-serve multi-tenant workplace
Workspace owners can share / revoke access
System admin can reset access policy & resource quota per workspace
Multi-tenancy service is transparent to other apps.
A UI is available to simplify user experience.

Speakers
avatar for Kunming Qu

Kunming Qu

Software Engineer, Google
Kunming Qu is a software engineer at Google working on Kubeflow project, a k8s based platform to help developers and enterprises deploy and use ML cloud-natively everywhere. He's been focusing on Kubeflow deployment experience; Identity-Aware integration; multi-tenancy cluster; enabling... Read More →
avatar for Kam Kasravi

Kam Kasravi

Senior Software Engineer, Intel
Kam works at Intel and is an early contributor to kubeflow. His focus has been on multi-tenancy, the kfctl/kustomize cli, device/hardware integration and application CR composition. Kam speaking history includes Scala conferences and a number of Kubernetes/Kubeflow related user meetings... Read More →



Wednesday November 20, 2019 3:20pm - 3:55pm PST
Room 17AB - San Diego Convention Center Mezzanine Level
  Machine Learning + Data

3:20pm PST

Deep Dive: Apps SIG - Janet Kuo, Google & Kenneth Owens, Brex
Kubernetes SIG Apps covers developing, deploying, and operating applications on Kubernetes with a focus on the application developer and application operator experience. In this deep dive, we will look at the general experience for application developers and operators along with specifics of the Workloads API (Deployment, StatefulSet, DaemonSet, Jobs, etc.) and Application CRD. We will also do Workloads controller code walk-through. https://github.com/kubernetes/community/tree/master/sig-apps

Speakers
avatar for Janet Kuo

Janet Kuo

Senior Software Engineer, Google
Janet Kuo is a Senior Software Engineer at Google. She's joined the Kubernetes project since before the 1.0 launch in 2015. She is Kubernetes project maintainer, SIG Apps chair, and KubeCon co-chair emeritus. In her free time, she enjoys traveling and taking photos.
avatar for Kenneth Owens

Kenneth Owens

Software Engineer, Brex



Wednesday November 20, 2019 3:20pm - 3:55pm PST
Pacific Ballroom, Salon 23-24 - Marriott Marquis San Diego Marina Hotel
  Maintainer Track Sessions

3:20pm PST

Deep Dive: Brigade - Matt Butcher & Kent Rancourt, Microsoft
In this session, we will explore the Brigade architecture, and how it is built to chain together containers and share data between them. We will deep dive on how external events are routed and transformed into jobs, and how Brigade uses JavaScript for more complex scripting and error handling, and differentiate itself to enable scenarios that are extremely difficult to achieve in a purely declarative framework. In the end, we will take a look at how to build custom event gateways, and have a look at the future roadmap.

Speakers
avatar for Kent Rancourt

Kent Rancourt

Sr. Software Engineer, Microsoft
Kent is a Senior Software Engineer at Microsoft working primarily on Brigade and various other open source projects within the Kubernetes ecosystem. When he's not coding, Kent enjoys being a dad, hiking, comic books, teaching martial arts, and pub trivia.
avatar for Matt Butcher

Matt Butcher

Principal Software Development Engineer, Microsoft Azure
Matt does cloud native open source development at Microsoft, where he has worked on Brigade, Helm, Krustlet and others. Matt is the author of a bunch of books and articles, most recently O'Reilly's book "Learn Helm" (with Matt Farina and Josh Dolitsky). When not coding, Matt enjoys... Read More →



Wednesday November 20, 2019 3:20pm - 3:55pm PST
Room 7AB - San Diego Convention Center Upper Level
  Maintainer Track Sessions

3:20pm PST

Going Beyond the Node – Using VK to Realize Crazy Ideas - Brian Goff & Deep Kapur , Microsoft
Virtual-kubelet is an open source kubelet implementation that allows users to extend Kuberentes in multiple, crazy ways. A couple examples include, a provider to order Dominos pizza, or to spin out workloads to a satellite in space. This talk will go through the inner workings of virtual-kubelet (vk) and how users can build their own providers to leverage the flexibility that vk offers. Contributors to the virtual-kubelet have been working on new features past 1.0, this talk will also give a roadmap of what’s to come. Azure will also share their experiences with writing a provider for virtual-kubelet and the use-cases associated with it.

Speakers
avatar for Brian Goff

Brian Goff

Senior Software Engineer, Microsoft
Core maintainer on the Moby project.Love GoLove ContainersKube Noob.
avatar for Deep Kapur

Deep Kapur

Program Manager, Microsoft
PM in Azure focused on ACI and serverless container experiences. Talk to me about Virtual Kubelet and Virtual Nodes for AKS clusters!



Wednesday November 20, 2019 3:20pm - 3:55pm PST
Room 1AB - San Diego Convention Center Upper Level
  Maintainer Track Sessions

3:20pm PST

Kubernetes SIG Instrumentation - Deep Dive - Han Kang & David Ashpole, Google
Kubernetes SIG Instrumentation is responsible for ensuring high quality and consistent instrumentation across the Kubernetes project. This deep dive session will go in detail currently ongoing efforts happening within SIG Instrumentation to share with the audience concrete pieces of work to encourage future collaboration. Specifically, we go into our ongoing efforts with the Kubernetes metrics stability framework and discuss our current exploration into adding distributed tracing to Kubernetes objects and their lifecycles. Software engineering and operations are both disciplines practiced in SIG Instrumentation, and any experience will help the special interest group's mission. Join this session to learn how to get involved in SIG Instrumentation to make instrumentation even better!

Speakers
avatar for Han Kang

Han Kang

Senior Software Engineer, Google
Han Kang is a Senior Software Engineer at Google. Han co-chairs SIG instrumentation, where he focuses on efforts to improve metric quality. He also participates in SIG API Machinery, where he works on things related to control-plane boot-sequences and health-checking.
avatar for David Ashpole

David Ashpole

Senior Software Engineer, Google
David Ashpole currently works for Google on Kubernetes and OpenTelemetry.  He was previously deeply involved in Sig-Node, and drove many enhancements around monitoring and resource management. He is currently co-Tech Lead for Sig-Instrumentation, and is working on adding Distributed... Read More →



Wednesday November 20, 2019 3:20pm - 3:55pm PST
Room 6D - San Diego Convention Center Upper Level
  Maintainer Track Sessions

3:20pm PST

SIG Service Catalog Deep-Dive - Jonathan Berkhahn, IBM & Mateusz Szostok, SAP
Join us for a deep dive into how Kubernetes Service Catalog works behind the scenes. Starting with a quick overview of the architecture of Service Catalog, we'll also cover the operation of the Open Service Broker API that underpins Service Catalog. We'll cover some of the challenges we faced while bridging the different processing models between Kubernetes and the Open Service Broker API, and we will then look at more advanced scenarios and new features from the perspective of cluster operators, application developers and helm chart authors. You’ll come away with a solid understanding of how Service Catalog works and recommended workflows and practices for using it. Finally, if you're interested in contributing or using Service Catalog, come meet the maintainers and learn how!

Speakers
JB

Jonathan Berkhahn

Open Source Contributor, IBM
Jonathan is a contributor to various OSS projects in the Kubernetes space, currently working as a contributor to the Operator-Framework project. His passions include test-driven-development and tabletop roleplaying games. He's spoken at numerous KubeCons and other Linux Foundation... Read More →
avatar for Mateusz Szostok

Mateusz Szostok

Senior Software Engineer, SAP
Mateusz Szostok works at SAP in an open-source project called Kyma. He is one of the co-chairs of the Service Catalog SIG. He specializes in such domains as Service Catalog, Brokers, and Controllers. Currently, he is in charge of the task to replace the Aggregated API Server with... Read More →



Wednesday November 20, 2019 3:20pm - 3:55pm PST
Pacific Ballroom, Salon 25-26 - Marriott Marquis San Diego Marina Hotel
  Maintainer Track Sessions

3:20pm PST

SIG Usability: Deep Dive - Vallery Lancey, Lyft
SIG Usability is a new Kubernetes special interest group focused on the end user experience of using Kubernetes, from initial adoption to day to day ops. Join us at this session to do a deep dive into what we've been up to, and where we're going.

Speakers
avatar for Vallery Lancey

Vallery Lancey

Infrastucture Software Engineer, Lyft



Wednesday November 20, 2019 3:20pm - 3:55pm PST
San Diego Ballroom A - Marriott Marquis San Diego Marina Hotel
  Maintainer Track Sessions

3:20pm PST

How to Include Latency in SLO-based Alerting - Björn Rabenstein, Grafana Labs
Chapter 5 of “The Site Reliability Workbook” is an excellent study of how to create meaningful alerts based on SLOs by measuring the rate at which the error budget is burned over different time windows. This rather complex approach is blissfully straight-forward to implement in Prometheus, as demonstrated in the chapter itself. However, all of it is based on error rates, leaving latency concerns out of scope. Björn “Beorn” Rabenstein will explore various options of applying the same ideas to latency-based SLOs. The foundation is a precise and meaningful definition of the SLO. From there, Beorn will explore various techniques to translate the SLO into an error budget and how to measure its burn rate with Prometheus. Once that is done, creating error-budget-based alerts is relatively simple. There are, however, pitfalls and trade-offs along the way, which Beorn will help cope with.

Speakers
avatar for Björn Rabenstein

Björn Rabenstein

Engineer, Grafana Labs
Björn “Beorn” Rabenstein is an engineer at Grafana and a Prometheus developer. Previously, he was a Production Engineer at SoundCloud, a Site Reliability Engineer at Google, and a number cruncher for science.


slides pdf

Wednesday November 20, 2019 3:20pm - 3:55pm PST
Room 16AB - San Diego Convention Center Mezzanine Level
  Observability

3:20pm PST

To Infinite Scale and Beyond: Operating Kubernetes Past the Steady State - Austin Lamon, Spotify & Jago Macleod, Google
Operating large distributed systems at significant scale is challenging. Most discussions focus on scalability either at a single point in time under sustained load, or explore challenges related to changes in incoming traffic.

But running distributed systems at scale is about more than steady states and transitions between them. What is equally challenging and tends to get overlooked are the operational challenges of running at scale: upgrading many and/or large clusters; deploying applications to and across multiple clusters in a reasonable way; balancing freedom and consistency across multiple teams. In this case study, Google and Spotify share some of the challenges of running Kubernetes at Scale, together with concrete solutions, patterns, and common pitfalls we have found together. Intended for cluster operators and developers from organizations of any size and on any provider.

Speakers
JM

Jago Macleod

Engineering Director, Kubernetes & GKE, Google
Jago Macleod is an Engineering Director at Google, where he leads much of the Kubernetes and Google Kubernetes Engine (GKE) team. He also works closely with GKE’s largest customers, sophisticated Kubernetes users pushing the limits in every dimension. Prior to working at Google... Read More →
avatar for Austin Lamon

Austin Lamon

Group Product Manager, Spotify
Austin Lamon is a software engineer turned product manager who is passionate about building scalable & resilient products that delight developers & customers. He currently leads product for Spotify's Core Infrastructure team in Stockholm and New York building the service platform... Read More →



Wednesday November 20, 2019 3:20pm - 3:55pm PST
Pacific Ballroom, Salon 20-22 - Marriott Marquis San Diego Marina Hotel
  Operations

3:20pm PST

How Container Networking Affects Database Performance - Tyler Duzan & Vadim Tkachenko, Percona
Through benchmarks, Percona Labs explores the effects of different container networking drivers used in Kubernetes when hosting database workloads. For this talk, we will perform benchmarks using Percona's PXC Operator deploying a 3-member PXC MySQL cluster on top of Kubernetes and use our standard database benchmarking stack with TPCC and Sysbench to analyze query throughput and replication performance as affected by our choice of networking driver. Drivers we'll test will be CNI core plugins, Flannel, Cilium, Calico, Kube-Router, and the new Red Hat SR-IOV driver. This Dual Presentation (35 minutes) will address our benchmark methodology and results, as well as recommendations regarding networking and tuning database performance on Kubernetes with a focus on MySQL. Both speakers are experts on this topic, and Vadim co-authored "High Performance MySQL", now in its 3rd Edition.

Speakers
avatar for Vadim Tkachenko

Vadim Tkachenko

CTO, Percona
Vadim Tkachenko co-founded Percona in 2006 and serves as its Chief Technology Ocer. He leads Percona CTO Labs, which focuses on technology research and performance evaluations of Percona and third-party products, designing hardware, lesystems, storage engines, and databases that surpass... Read More →
avatar for Tyler Duzan

Tyler Duzan

Product Manager, Percona
Tyler Duzan joined Percona in 2017 as a Product Manager and has lead their MySQL software and Cloud technology initiatives since, including the recent GA launch of Percona's Kubernetes operators for their Percona Server for MongoDB and Percona XtraDB Cluster database server products... Read More →



Wednesday November 20, 2019 3:20pm - 3:55pm PST
Room 6F - San Diego Convention Center Upper Level
  Performance

3:20pm PST

Mitigating Noisy Neighbours: Advanced Container Resource Management - Alexander Kanevskiy, Intel
In large clusters, some applications attempt to consume a majority of shared resources. These "noisy neighbours" cause performance degradation for other workloads in the cluster. At this time, Kubernetes has mechanisms to mitigate this behaviour for CPU and memory only. This talk discusses methods for extending fine-grained resource control on other shared resources, such as block and PCIe I/O, shared CPU caches, and others. It demonstrates how to utilize extensibility points of CRI-O and containerd runtimes to achieve fine-grained resource control. The talk also presents an approach for evolving this method into an extensive and fully dynamic resource management solution for Kubernetes.

Agenda
- Problem Statement: different types of "noisy neighbours"
- Resource management on kernel, OCI, and Kubernetes levels
- Stitching the pieces together: dynamic container resource management

Speakers
avatar for Alexander Kanevskiy

Alexander Kanevskiy

Cloud Software Architect, Intel
Alexander is currently employed by Intel as Cloud Software Architect, focusing on various aspects in Kubernetes: Resource Management, Device plugins for hardware accelerators, Cluster Lifecycle and Cluster APIs. Alexander has over 20+ years of experience in areas of Linux distributions... Read More →



Wednesday November 20, 2019 3:20pm - 3:55pm PST
Hall D - San Diego Convention Center
  Runtimes

3:20pm PST

On the Security of Copying To and From Live Containers - Ariel Zelivansky & Yuval Avrahami, Palo Alto Networks
Nowadays mature container platforms (such as Docker, Kubernetes and LXD) provide users a way to extract files from a running container. There are several different design approaches for implementing such a copy feature. In this talk, Yuval and Ariel will present the ups and downs of the different implementations with a focus on security and possible vulnerabilities.

Throughout the presentation, different vulnerabilities that affected the major container engines will be reviewed. A live proof of concept of a vulnerability in the Docker copy command will be presented.

Speakers
AZ

Ariel Z

Security Research Team Lead, Palo Alto Networks
Ariel is a security researcher and the head of research at Twistlock, dealing with hacking and securing anything related to containers.
avatar for Yuval Avrahami

Yuval Avrahami

Security Researcher, Palo Alto Networks



Wednesday November 20, 2019 3:20pm - 3:55pm PST
Room 11AB - San Diego Convention Center Upper Level

3:20pm PST

OpenFaaS Cloud + Linkerd: A Secure, Multi-Tenant Serverless Platform - Charles Pretzer, Buoyant & Alex Ellis, OpenFaaS, LTD
In this talk, maintainers of the OSS projects OpenFaaS and Linkerd discuss and demonstrate combining the features of each to build a scalable and secure multitenant serverless platform.
OpenFaaS is a lightweight serverless platform built on Docker and k8s. Linkerd is an ultralight service mesh for k8s. The projects share philosophy around simplicity, ease of use, speed, and low resource impact. OpenFaaS was designed for small teams and tackled multitenancy by creating OpenFaaS Cloud to layer on top. Scaling for multitenancy requires more robust networking, encryption, detailed metrics, and load-balancing strategies than Kubernetes L4 can offer.
Linkerd fits because it provides the features listed above required for scaling multitenancy while remaining focused on simplicity, security, and performance as a part of a modular platform built around OpenFaaS.

Speakers
avatar for Alex Ellis

Alex Ellis

Founder, OpenFaaS Ltd
Alex is a respected expert on serverless and cloud native computing. He founded OpenFaaS, one of the most popular open-source serverless projects, where he has built the community via writing, speaking, and extensive personal engagement. As a consultant and CNCF Ambassador, he helps... Read More →
avatar for Charles Pretzer

Charles Pretzer

Field Engineer, Buoyant, Inc.
Charles Pretzer is a field engineer at Buoyant, where he spends his time collaborating and engaging with the open source community of the CNCF service mesh, Linkerd. He also enables production level adoption by helping companies integrate Linkerd into their Kubernetes based applications... Read More →



Wednesday November 20, 2019 3:20pm - 3:55pm PST
Room 14AB - San Diego Convention Center Mezzanine Level
  Serverless

3:20pm PST

Storage on Kubernetes - Learning From Failures - Hemant Kumar & Jan Šafránek, Red Hat
Using persistent storage with Kubernetes has been continuously improved with each release, but getting where we are was not easy. In this talk, we are going to cover a series of war stories and failure scenarios. We will talk about bugs (or design) that resulted in data loss, file system corruption, or storage simply refusing to come up. The limitations of storage subsystems, both what it can and can not do, will also be discussed

These failures have led to numerous enhancements in Kubernetes. We will review the lessons these failures have provided, and discuss how they have been vital to improving our handling of the storage subsystem.

Speakers
avatar for Jan Šafránek

Jan Šafránek

Principal Software Engineer, Red Hat
Jan is a Principal Software Engineer at Red Hat working on storage aspects of Kubernetes. He started developing Kubernetes more than 4 years ago, and is one of the founding members of SIG-Storage. He’s the author of PersistentVolume controller, dynamic provisioning and StorageClass... Read More →
HK

Hemant Kumar

Principal Software Engineer, Red Hat
Hemant is a Principal Software Engineer at Red Hat working on storage subsystem of Kubernetes. He is a member of SIG-Storage and author of persistent volume expansion, volume limits, mount options and various instrumentation bits in storage subsystems of Kubernetes. He is also a maintainer... Read More →


slides pdf

Wednesday November 20, 2019 3:20pm - 3:55pm PST
Ballroom Sec 20AB - San Diego Convention Center Upper Level
  Storage

4:25pm PST

Developing Operators with the Kubernetes Operator Pythonic Framework (kopf) - Sergey Vasilyev, Zalando SE
The Kubernetes operator pattern has revolutionized the way applications are deployed and managed in Kubernetes, but much of the tooling around building operators has focused on easing development in Golang. The Kubernetes Operator Pythonic Framework (kopf) levels the playing field, bringing much of the tooling to the Python ecosystem, and expanding it in several areas. Kopf provides powerful, high-level abstractions that make it simple to write Kubernetes operators in Python, allowing you to focus on your application logic without needing to dive headfirst into Kubernetes internals. In this talk, you will learn how to make your own Kubernetes operators in a few lines of Python code, and how to bring your own domain entities directly to Kubernetes.

Speakers
avatar for Sergey Vasilyev

Sergey Vasilyev

Senior Backend Engineer, Zalando SE
Sergey is a Senior Backend Engineer working at Zalando SE. His experience with Kubernetes includes migrating the data processing and sales forecasting pipelines from raw AWS and Zalando STUPS to Kubernetes (including the Kubernetes operators and custom resources to orchestrate in... Read More →



Wednesday November 20, 2019 4:25pm - 5:00pm PST
Hall D - San Diego Convention Center
  Application + Development

4:25pm PST

Cruise’s Self-Driving Networking Journey - Bernard Van De Walle & Can Yucel, Cruise
Through its exponential growth, the Platform team at Cruise experienced a networking self-driving journey. We scaled our network across numerous clusters, multiple tenants, and multiple thousands of new pods instances a day.

We will take you on a tour of our architecture and you will get a better understanding of how we choose to configure our network and security in order to support Kubernetes loads across multiple regions and multiple environments. We will specifically showcase how we do this on a public cloud (GCP) even though similar results could be achieved on-prem.

You will come out of this session with concrete examples on what it takes to build your network and security needs for internal tenants at scale while keeping internal stakeholders happy (Platform, security and networking).

Speakers
avatar for Can “Jon” Yucel

Can “Jon” Yucel

Senior Software Engineer, Cruise
Can “Jon” Yucel is a software engineer and technical lead of the PaaS Traffic team at Cruise with the primary focus of internal/external/multi-cluster load balancers, service meshes, hybrid DNS and platform level networking.
avatar for Bernard Van De Walle

Bernard Van De Walle

Senior software engineer, Cruise
Bernard is working on network automation as part of the Kubernetes platform team at Cruise. Previously, Bernard worked on Kubernetes security and zero trust networking at Aporeto and before that, he worked on network automation as a technical product manager at Nuage Networks (Nokia... Read More →



Wednesday November 20, 2019 4:25pm - 5:00pm PST
Room 11AB - San Diego Convention Center Upper Level
  Case Studies

4:25pm PST

Developer Experience on CD: Build a CD Platform to K8s that Developers Love - Euccas Chen & Tobi Ogunnaike, Pinterest
Application Deployment on K8S can be quite convoluted, especially for an organization that operates thousands of microservices. Pinterest is a visual discovery engine that serves over 250MM users.
For successful adoption of K8S, it is imperative to provide a well integrated self-serve CI/CD platform that abstracts K8S complexities & offers a simple path of migration for existing workloads. This talk will discuss how we build a Continuous Delivery system for Kubernetes at Pinterest, and how we help engineering teams to deploy and migrate their services onto Kubernetes.
Topics include:
  1. Kubernetes and deployments at Pinterest
  2. Introducing Hermez and the Continuous Delivery experience on K8S
  3. How do we design and build the CD system, and lessons we learned
  4. Our journey of onboarding and migrating services to the new CD system and K8S

Speakers
avatar for Euccas Chen

Euccas Chen

Software Engineer, Pinterest
Euccas Chen is a software engineer at Pinterest. As an engineer on the core infrastructure team, she worked on the design and implementation of Pinterest’s continuous delivery platforms, including Teletraan and Hermez. She is passionate about cloud native development and improving... Read More →
avatar for Tobi Ogunnaike

Tobi Ogunnaike

Software Engineer, Pinterest
Product engineer building the future of CI/CD at Pinterest. Previously, I designed and built core features on the foundational systems at Pinterest that solve the problems of infrastructure ownership and infrastructure governance. I'm thrilled whenever I see web apps with intuitive... Read More →



Wednesday November 20, 2019 4:25pm - 5:00pm PST
Ballroom Sec 20CD - San Diego Convention Center Upper Level
  CI/CD

4:25pm PST

A Toolkit for Simulating Kubernetes Scheduling at Scale - Yuan Chen, JD.com
As Kubernetes becomes the de facto standard for container orchestration, new scheduling algorithms and systems are made for different scenarios and workloads. Unfortunately, it is very time and cost consuming to evaluate new schedulers or features in real K8S clusters at scale. We present a simulation toolkit, which can simulate large-scale K8S clusters and scheduling using a single machine plus a small number of containers. The simulator runs a real K8S master and schedules pods according to event traces generated from real K8S clusters. It provides a complete set of metrics, including resource utilization, detailed scheduling trace and performance metrics, enabling developers to evaluate the scheduling behavior and performance with a reasonable amount of confidence. We have used the toolkit extensively to optimize the scheduler for large scale K8S clusters (~10K nodes) at JD.com.

Speakers
avatar for Yuan Chen

Yuan Chen

Software Engineer, Apple
Yuan Chen is a software engineer at Apple. His current work focuses on Kubernetes scheduling and scalability. At Apple, he has been working on building cloud-native infrastructure and platforms for Apple software products and services. As a Kubernetes community member, Yuan has made... Read More →



Wednesday November 20, 2019 4:25pm - 5:00pm PST
Room 15AB - San Diego Convention Center Mezzanine Level

4:25pm PST

Realizing End to End Reproducible Machine Learning on Kubernetes - Suneeta Mall, Nearmap
Industry adaptation of data-science has grown rapidly in the last few years. The probabilistic nature of this space requires the right tools and techniques to ensure that the answers produced are reliable. Models are derived from data, which is almost always evolving, massive (as in deep-learning), and requiring clean-up and pre-processing before use. Reproducibility, reporting, tracking and management around the tasks of 1) data - collection, pre-processing, often feature engineering and 2) model – training, tuning, evaluation and serving are essential.

With tools such as Pachyderm, Kubeflow, Katib, ModelDB, Seldon and Argo, an automated end-to-end reproducible machine learning framework can be built on Kubernetes. This talk will detail how the aforementioned tools can be used to build an automated, reproducible machine learning framework.

Speakers
avatar for Suneeta Mall

Suneeta Mall

Director of AI Model Systems, Nearmap
Suneeta Mall is the Director of AI Model Systems at Nearmap. She is leading the ML Engineering efforts of Artificial Intelligence division at Nearmap. In the past, she has led the efforts of migrating Nearmap's engineering framework to Kubernetes. In her 12 years of software industry... Read More →



Wednesday November 20, 2019 4:25pm - 5:00pm PST
Room 16AB - San Diego Convention Center Mezzanine Level
  Machine Learning + Data

4:25pm PST

Deep Dive: Contributor Experience SIG - Christoph Blecker, Red Hat & Nikhita Raghunath, Loodse
In this 30 minute session, we will speak about our automation and contributor flow roadmap and highlight ways for you to get involved with creating a smooth experience for contributors of all levels.

Speakers
avatar for Nikhita Raghunath

Nikhita Raghunath

Software Engineer, Loodse
Nikhita is a software engineer at Loodse and is a core contributor to Kubernetes. She is on the Kubernetes Steering Committee, a CNCF Ambassador, and the technical lead for SIG Contributor Experience.
avatar for Christoph Blecker

Christoph Blecker

Senior Site Reliability Engineer, Red Hat
Christoph is an SRE on Red Hat's OpenShift team and a contributor to the Kubernetes project. He's a Technical Lead for SIG Contributor Experience, a member of the Kubernetes Steering Committee, and a regular contributor to SIG Architecture, SIG Testing, SIG Release, and the Kubernetes... Read More →


Wednesday November 20, 2019 4:25pm - 5:00pm PST
San Diego Ballroom A - Marriott Marquis San Diego Marina Hotel

4:25pm PST

Deep Dive: Kind - Benjamin Elder, Google & Antonio Ojea Garcia, SUSE
Kind makes running kubernetes in docker look and feel as easy and simple as you would hope it to be. Our relentless focus on speed and simplicity to optimize for the local developer experience has taught us a number of things about the internals of kubernetes and its many components as we work toward 1.0. Let's look back at some of the challenges we've had to tackle, and discuss the challenges ahead on the road to 1.0.

Speakers
avatar for Benjamin Elder

Benjamin Elder

Software Engineer, Google
Ben first worked on Kubernetes around the 1.0 launch, implementing the initial version of the iptables kube-proxy for Google Summer of Code 2015. He later started working full time on Kubernetes in the summer of 2017, focusing on the test-infra, local clusters, build, and test with... Read More →
avatar for Antonio Ojea Garcia

Antonio Ojea Garcia

Senior Software Engineer, RedHat
Antonio Ojea is a Software Engineer at RedHat, where he works on Kubernetes and other Open Source projects focused on cloud technologies, networking and containers. He is also a Kubernetes and KIND contributor, you can usually find him in the SIG-Network and SIG-testing groups.


Wednesday November 20, 2019 4:25pm - 5:00pm PST
Room 5AB - San Diego Convention Center Upper Level

4:25pm PST

Deep Dive: Linkerd - Oliver Gould, Buoyant
In this session, Oliver Gould, will focus on lessons learned, how to's, and what the future of Linkerd holds.

Speakers
avatar for Oliver Gould

Oliver Gould

CTO, Buoyant, Inc.
Oliver is the CTO & co-founder of Buoyant, where he leads engineering. Prior to founding Buoyant, he was a staff infrastructure engineer at Twitter, where he led the Observability, Traffic, and Configuration & Coordination teams---projects essential to Twitter's adoption of a modern... Read More →



Wednesday November 20, 2019 4:25pm - 5:00pm PST
Room 14AB - San Diego Convention Center Mezzanine Level
  Maintainer Track Sessions

4:25pm PST

Fluent Bit: Logging and Data Processing on the Edge - Eduardo Silva, Arm Treasure Data & Masoud Koleini, Arm
Fluent Bit is a Fluentd sub-project that aims to solve hard data challenges in the cloud space. On this deep dive session, we will talk about its architecture, how data workflows operate and the ability to perform advanced data transformation. Also, we will demonstrate the new ability to perform Stream Processing on the Edge.

Speakers
avatar for Eduardo Silva

Eduardo Silva

Principal Engineer, Arm Treasure Data
Eduardo is a Principal Engineer at Arm Treasure Data, he is the author and maintainer of Fluent Bit Log Processor, a CNCF sub-project under the umbrella of Fluentd. He is an international speaker in Open Source conferences, he has participated in Scale California, LinuxConf AU, Linux... Read More →
MK

Masoud Koleini

Research Software Engineer, Arm


Wednesday November 20, 2019 4:25pm - 5:00pm PST
Pacific Ballroom, Salon 23-24 - Marriott Marquis San Diego Marina Hotel

4:25pm PST

Helm 3 Deep Dive - Taylor Thomas, Microsoft Azure & Martin Hickey, IBM
It has landed. Helm v3 has released! For many people this has been a highly anticipated release, longing for the removal of Tiller. Helm v3 however is more than just this. In this session, you will learn about the new features and the new architecture to support these features. We will discuss the architecture and how the CLI and library has changed to improve usability We will also look at other features like the additions to charts and the new client security model. Worried about migration? That’s covered too!

If this whets your appetite then this is the talk for you, especially if you are deep down the highway to Helm. Come along and join the discussion about the new Helm release.

Speakers
avatar for Martin Hickey

Martin Hickey

Senior Software Engineer, IBM
Martin works on the Open Technology team at IBM focusing on open source software. He is a regular contributor to open source and a core maintainer for Helm. He has also contributed previously to the OpenStack and Elastic communities. Martin enjoys speaking at conferences and meet-ups... Read More →
avatar for Taylor Thomas

Taylor Thomas

Director, Cosmonic
Taylor Thomas is an Engineering Director working on WebAssembly platforms at Cosmonic. He is a core maintainer on Krustlet, Bindle, and Wagi, and contributes to many open source projects. He is a regular speaker at various open source conferences and meetups, including various KubeCons... Read More →



Wednesday November 20, 2019 4:25pm - 5:00pm PST
Exhibit Hall AB - San Diego Convention Center Ground Level
  Maintainer Track Sessions

4:25pm PST

SIG Cloud Provider Deep Dive - Walter Fender, Google & Yassine Tijani, VMware
The long-term goal of SIG Cloud Provider is to promote a vendor-neutral ecosystem for our community. New vendors providing support for Kubernetes should feel equally empowered to do so as any of today’s existing cloud providers. More importantly, SIG Cloud Provider is focused on ensuring a consistent and high-quality user experience across providers. This deep dive will focus on the efforts to finalize the removal of cloud-specific code from the Kubernetes code base and develop a migration strategy for in-tree to external providers. This session will also cover the evolving SIG governance structure following from the merging of individual cloud provider SIGs as working groups under SIG Cloud Provider, as well as any other major topics raised by the cloud provider community.

Speakers
avatar for Yassine TIJANI

Yassine TIJANI

Member of Technical Staff, VMware
Yassine is a Member of Technical Staff at VMware. He's been working on kubernetes since 2017 as an active member on several SIGs and author of several design proposals. He’s also been operating Kubernetes clusters ranging from small to large sizes for years.
WF

Walter Fender

Software Developer, Google
Graduated from U.C. Berkeley. Working at Google and on Kubernetes API Machinery, Cloud Provider and Node for three years.



Wednesday November 20, 2019 4:25pm - 5:00pm PST
Pacific Ballroom, Salon 25-26 - Marriott Marquis San Diego Marina Hotel
  Maintainer Track Sessions

4:25pm PST

Debugging Live Applications the Kubernetes Way: From a Sidecar - Joe Elliott, Grafana Labs
Linux features a number of powerful debugging tools that give us insight into how our applications run in a real environment. Through live demonstration this session will present a straightforward way to begin debugging applications in a Kubernetes native way: from a sidecar. Sidecars offer a low impact way of profiling applications without installing packages or making messy changes to your nodes.

The techniques demonstrated will include recording LTTng events, cpu profiling, generating Flame Graphs and dynamic tracing with BCC. These techniques will be performed against a .NET Core sample application, but that will not be the focus of the session.

Speakers
avatar for Joe Elliott

Joe Elliott

Backend Engineer, Grafana Labs
Joe Elliott is a Backend Engineer at Grafana Labs. Since Kubernetes 1.5 he has been building and maintaining microservice platforms on AWS for development teams to deploy their applications. Joe maintains several open source applications in github that publish metrics, manage Grafana... Read More →



Wednesday November 20, 2019 4:25pm - 5:00pm PST
Ballroom Sec 20AB - San Diego Convention Center Upper Level
  Observability

4:25pm PST

Wait, People Run Kubernetes on Mainframes? - Elizabeth K. Joseph, IBM
When you think of container orchestration mainframes probably aren't the first thing that come to mind.

But modern mainframes run Linux as a first class citizen and KVM can be used for virtualization, opening a whole world of open source tooling integration via libvirt and related virtualization tooling. The careful observer may have already discovered that the mainframe architecture (s390x) is one of the architectures that's built for every Kubernetes release.

How did this come to be? Who uses these mainframe builds of Kubernetes? Why would you run a distributed container orchestration service on a platform that's a symbol of the monolith we're looking to leave? Drawing upon my work with distributed systems and containers, including time spent on OpenStack, Apache Mesos and Kubernetes, and my new experience with mainframes, this talk answers all of those questions and more.

Speakers
avatar for Elizabeth Joseph

Elizabeth Joseph

Developer Advocate, IBM
Elizabeth K. Joseph is a Linux systems administrator turned developer advocate for IBM Z where she works with the community to explore Linux workloads on mainframes. She has previously worked on distributed systems, including OpenStack and Apache Mesos, and has written books on Ubuntu... Read More →



Wednesday November 20, 2019 4:25pm - 5:00pm PST
Pacific Ballroom, Salon 14-15 - Marriott Marquis San Diego Marina Hotel
  Operations

4:25pm PST

Throttling: New Developments in Application Performance with CPU Limits - Dave Chiluk, Indeed
Are you seeing excessively long tail response times from your applications running on containerized clouds (Kubernetes, Docker, Marathon)? Have you ever seen an application be throttled even though it’s no where near its CPU limit?

Up till now, the answer has always been simply turn off hard-limits, but that has potentially nasty performance implications in shared environments. Now there's another option! This session will explain the real root cause of what has been happening. We'll introduce the kernel mechanisms that Kubernetes and other Container Orchestrators rely on to enforce CPU limits. We'll then show how they were broken, how we fixed them, and what those changes mean for you and your clouds.

By the end of this session you'll understand exactly what you are getting when you set the CPU limits on your pods.

Speakers
avatar for Dave Chiluk

Dave Chiluk

Linux Platform Software Engineer, Indeed
Dave is a Linux Platform Software Engineer at Indeed. He works closely with the DevOps and Site Reliability teams improving reliability, scalability, and performance across Indeed’s hybrid cloud. He has commits in the mainline kernel and has numerous fixes to stable kernels. He’s... Read More →



Wednesday November 20, 2019 4:25pm - 5:00pm PST
Room 17AB - San Diego Convention Center Mezzanine Level
  Performance

4:25pm PST

Let's Try All the CRI Runtimes: Part 2: Answering the Why Question! - Phil Estes, IBM
In Barcelona, we raced through seven different container runtime setups from Docker to cri-o to containerd--including interesting projects like AWS's Firecracker, Kata containers and gVisor. For each we demonstrated how to allow Kubernetes to use each one of them using either RuntimeClass or standard kubelet CRI configuration parameters and then gave a quick highlight of their feature set, maturity, and usage in the ecosystem.

While we successfully demo'd each runtime, we didn't have time to assess each of them with regards to the "why?" question: why would an operator or user choose one of these runtimes? In this "Part 2" talk we will take the time to walk back through each runtime, cover updates to the project since May, look at performance and security characteristics, and answer the why question for each one!

Speakers
avatar for Phil Estes

Phil Estes

Principal Engineer, AWS
Phil is a Principal Engineer in the container compute organization at Amazon Web Services (AWS). Phil is a founding maintainer of the CNCF containerd runtime project, and participates in the Open Container Initiative (OCI) as the chairperson of the Technical Oversight Board (TOB).Phil... Read More →



Wednesday November 20, 2019 4:25pm - 5:00pm PST
Room 1AB - San Diego Convention Center Upper Level
  Runtimes

4:25pm PST

Redesigning Notary in a Multi-registry World - Justin Cormack, Docker
Notary, used to secure container image updates, is the most widely adopted implementation of the TUF protocol. However, since Notary’s design around Docker Hub in 2015, container registries have proliferated and some of the design decisions don’t support the needs of a multi-registry world. This talk looks at redesigning the model to allow portability of container images between registries with signature data stored alongside the image data allowing it to be pushed and pulled alongside the image. This reworking of Notary will enable easier portability of images, and improve supply chain security by enabling mirrors and users of mirrors to validate image data, allowing users to easily work with cloud and local registries, offline caches and other common architectures.

Speakers
avatar for Justin Cormack

Justin Cormack

CTO, Docker
Justin is a senior engineer and security lead at Docker. He is a maintainer of the Notary project, and a member of the CNCF TOC and SIG Security. He has been working in container security for five years.



Wednesday November 20, 2019 4:25pm - 5:00pm PST
Room 6E - San Diego Convention Center Upper Level

4:25pm PST

Scaling Your Cluster (Both Ways) - Scott Coulton & Patrick Chanezon, Microsoft
Kubernetes has many ways to scale your workloads, most of what we hear about is scaling our cluster up with either with vm sets or autoscaling groups. There is another way, in this talk we will look at virtual kubelet. Virual Kubelet will allow us to talk to a cloud providers container as a service platform like ACI, fargate or ECI. We will deep dive into how you can scale your applications across virtual kubelet. One issue is the kubernetes service type has is scaling to zero due to the way routing to the pod happens if there is no pod for the service to route too. Scaling our applications to zero is just as important and scaling up. We will look at projects that integrate with the horizontal pod autoscaler that fix this issue. Allowing us to not only scale our applications up but as easily down to make our cluster truly elastic.

Speakers
avatar for Patrick Chanezon

Patrick Chanezon

Principal Cloud Advocate, Microsoft
Patrick Chanezon is Principal Cloud Advocate at Microsoft, helping Azure be the cloud you love. Previously, at Docker Inc., he helped to build Docker, the world’s leading software container platform, for developers and sysadmins. Software developer and storyteller, he spent 10 years... Read More →
avatar for Scott Coulton

Scott Coulton

Cloud Developer Advocate, Microsoft
Cloud Developer Advocate at Microsoft


Wednesday November 20, 2019 4:25pm - 5:00pm PST
Room 6F - San Diego Convention Center Upper Level

5:20pm PST

Education as a Service: Containerization and Orchestration of CS50 IDE - Kareem Zidane & David J. Malan, Harvard University
CS50 is Harvard University's introductory course in computer science, freely available as OpenCourseWare, with hundreds of students on campus and more than one million registrants online. So that students have a uniform environment with which to begin programming (without client-side technical difficulties in the way), the course provides CS50 IDE, a free, cloud-based solution.

To minimize cost and avoid homegrown orchestration of VMs, the course transitioned to pods, one container per student. But the migration was not without challenges. How to provide users with ephemeral containers but persistent storage? How to proxy arbitrary ports to students' own web services? And, ultimately, how to provide students with the abstraction of their own machine, without k8s-specific implementation details clouding their own understanding thereof? In this talk, CS50's own solutions thereto.

Speakers
avatar for David J. Malan

David J. Malan

Gordon McKay Professor of the Practice of Computer Science, Harvard University
Dr. David J. Malan is Gordon McKay Professor of the Practice of Computer Science at Harvard University. He teaches Computer Science 50, otherwise known as CS50, which is Harvard University's largest course, one of Yale University's largest courses, and edX's largest MOOC. He also... Read More →
avatar for Kareem Zidane

Kareem Zidane

Software Engineer, Harvard University
Kareem Zidane is a software developer, system administrator, and teaching fellow for CS50 at Harvard University. He is a self-taught programmer from Egypt who discovered computer science, including CS50 itself, online. He is the chief architect of CS50 IDE.



Wednesday November 20, 2019 5:20pm - 5:55pm PST
Pacific Ballroom, Salon 14-15 - Marriott Marquis San Diego Marina Hotel
  Case Studies

5:20pm PST

Introducing Metal³: Kubernetes Native Bare Metal Host Management - Russell Bryant & Doug Hellmann, Red Hat
Metal³ (“metal kubed”) is a new open source bare metal host provisioning tool created to enable Kubernetes-native infrastructure management. Metal³ enables the management of bare metal hosts via custom resources managed through the Kubernetes API as well as the monitoring of bare metal host metrics to Prometheus. This presentation will explain the motivations behind creating the project and what has been accomplished so far. This will be followed by an architectural overview and description of the Custom Resource Definitions (CRDs) for describing bare metal hosts, leading to a demonstration of using Metal³ in a Kubernetes cluster.

Speakers
avatar for Russell Bryant

Russell Bryant

Distinguished Engineer, Red Hat
Russell Bryant is a Distinguished Engineer at Red Hat, where he works on infrastructure management to support Kubernetes clusters. Prior to working on the Metal³ project, Russell has worked on other open infrastructure projects. Russell worked in Software Defined Networking with... Read More →
avatar for Doug Hellmann

Doug Hellmann

Senior Principal Software Engineer, Red Hat
Doug Hellmann is a Senior Principal Software Engineer at Red Hat. He has been a professional developer since the mid 1990s and has worked on a variety of projects in fields such as mapping, medical news publishing, banking, data center automation, and hardware provisioning. He has... Read More →



Wednesday November 20, 2019 5:20pm - 5:55pm PST
Ballroom Sec 20AB - San Diego Convention Center Upper Level

5:20pm PST

Flyte: Cloud Native Machine Learning & Data Processing Platform - Ketan Umare & Haytham AbuelFutuh, Lyft
Flyte is the backbone for large-scale Machine Learning and Data Processing (ETL) pipelines at Lyft. It is used across business critical applications ranging from ETA, Pricing, Mapping, Autonomous, etc. At its core is a Kubernetes native workflow engine that executes 10M+ containers per month as part of thousands of workflows. The talk will focus on,
- Architecture of Flyte and its specification language to orchestrate compute and manage data flow across disparate systems like Spark, Flink, Tensorflow, Hive, etc.
- Deploying highly scalable and fault tolerant Kubernetes Operators
- Learnings from operating Flyte across multiple Kubernetes clusters and using other CNCF technologies like gRPC, Envoy, FluentD, Kustomize and Prometheus.
- Use-cases where Flyte can be leveraged
The talk will conclude with a demo of a machine learning pipeline built using the open source version of Flyte.

Speakers
avatar for Haytham AbuelFutuh

Haytham AbuelFutuh

Software Engineer, Lyft
Haytham Abuelfutuh is a software engineer at Lyft and leads the Flyte backend team. During his tenure at Lyft, Haytham has helped build Flyte from the ground up, built and shipped Kubernetes operators and investigated and optimized Flyte system performance on k8s. Before Lyft, Haytham... Read More →
avatar for Ketan Umare

Ketan Umare

Chief Software Architect, Union.ai
Ketan Umare is the TSC Chair for Flyte (incubating under LF AI & Data). He is also currently the Chief Software Architect at Union.ai. Previously he had multiple Senior Lead roles at Lyft, Oracle and Amazon ranging from Cloud, Distributed storage, Mapping (map making) and machine... Read More →



Wednesday November 20, 2019 5:20pm - 5:55pm PST
Room 14AB - San Diego Convention Center Mezzanine Level
  Machine Learning + Data

5:20pm PST

CNCF SIG-Security Deep Dive - Jeyappragash Jeyakeerthi, CNCF SIG-Security & Zhipeng Huang, Huawei
“Cloud Native” is open source cloud computing for applications — a complete trusted toolkit for modern architectures (CNCF presentation). There are multiple proposed projects which address key parts of the problem of providing access controls and addressing safety concerns. Each of these adds value, yet for these technical solutions to be capable of working well together and manageable to operate they will need a minimal shared context of what defines a secure system architecture.

Speakers
avatar for Zhipeng Huang

Zhipeng Huang

MindSpore Community Manager, Huawei
Zhipeng Huang currently serves as the open source community manager for MindSpore. He is also the TAC member of LFAI, TAC and Outreach member of the Confidential Computing Consortium, co-lead of the Kubernetes Policy WG, project lead of CNCF Security SIG, founder of the OpenStack... Read More →
JJ

Jeyappragash Jeyakeerthi

Co-chair, Tetrate


Wednesday November 20, 2019 5:20pm - 5:55pm PST
Pacific Ballroom, Salon 25-26 - Marriott Marquis San Diego Marina Hotel

5:20pm PST

CoreDNS Deep Dive - John Belamaric, Google
A close look at the CoreDNS extension points for developers. Learn how to customize build custom DNS applications based on CoreDNS, including: * Building a custom CoreDNS binary that includes external plugins * Building a specialized binary that uses CoreDNS as a library * Building your own CoreDNS plugin

Speakers
avatar for John Belamaric

John Belamaric

Senior Staff Software Engineer, Google
John Belamaric is a Senior Staff Software Engineer at Google with over 25 years of software design and development experience. As a co-chair of Kubernetes SIG Architecture, he provides leadership on production readiness, conformance, and overall software architecture for the Kubernetes... Read More →



Wednesday November 20, 2019 5:20pm - 5:55pm PST
Hall D - San Diego Convention Center
  Maintainer Track Sessions

5:20pm PST

Deep Dive: Cloud Native Buildpacks - Joe Kutner, Heroku & Stephen Levine, Pivotal
Learn why you need a buildpack and how to create one. We'll take advantage of caching and Docker layers to speed up rebuilds and deploys. Unlike Dockerfiles, buildpacks are composable. Finally, you'll learn how to rebase your application layers on a new image. This allow operators to efficiently handle the delivery of OS-level dependency upgrades.

Speakers
SL

Stephen Levine

Engineering Lead / Principal Software Engineer, Pivotal
Stephen Levine is an Engineering Lead at Pivotal. He is the Cloud Foundry Project Lead for CF Local, CF Dev, and the core CF Buildpacks, as well as a co-owner of the Cloud Native Buildpacks project in the CNCF's Cloud Native Sandbox.
avatar for Joe Kutner

Joe Kutner

Architect, Heroku


Wednesday November 20, 2019 5:20pm - 5:55pm PST
Room 6D - San Diego Convention Center Upper Level

5:20pm PST

Deep Dive: Kubernetes Working Group for Multi-tenancy - Sanjeev Rampal, Cisco & Adrian Ludwin, Google
This deep dive of the working group for Multi-tenancy will include an in-depth technical exploration of multi-tenancy in core Kubernetes and the tooling and services the multi-tenancy working group has been developing to mainstream how users of Kubernetes can achieve multi-tenancy.

Speakers
avatar for Adrian Ludwin

Adrian Ludwin

Senior Software Engineer, Google
Adrian is a software engineer on the Google Kubernetes Engine (GKE) in Kitchener, Ontario, and created the Hierarchical Namespace Controller (HNC). Before Google, he was a developer at Intel’s Programmable Solutions Group (formerly Altera) in Toronto, and specialized in parallel... Read More →
avatar for Sanjeev Rampal

Sanjeev Rampal

Principal Engineer, Cisco
Sanjeev Rampal, PhD, is a Principal Engineer in the Cloud Platforms and Solutions group at Cisco Systems where he works on the Cisco Container Platform, an enterprise multi-cloud platform based on Kubernetes and cloud native technologies. He has over 20 years of experience in development... Read More →



Wednesday November 20, 2019 5:20pm - 5:55pm PST
Room 1AB - San Diego Convention Center Upper Level
  Maintainer Track Sessions

5:20pm PST

Minikube - Thomas Strömberg & Medya Ghazizadeh, Google
If you want to develop applications for kubernetes and try them out locally first, minikube is going to be your best bet. Come and explore the functionality of minikube via an introductory session from minikube maintainers from Google. We will cover the basics of getting started with minikube, how the local environment compares to a full kubernetes cluster and what customizations you can do to bring the maximum out of your local experience.

Speakers
avatar for Medya Ghazizadeh

Medya Ghazizadeh

Technical Lead Manager, Google
Medya Ghazizadeh is a tech lead at Google's container tools team. holds masters degree from DePaul University. one of the minikube maintainers.loves open source, poetry and human languages.
avatar for Thomas Strömberg

Thomas Strömberg

Senior Software Annihilator, Google, Inc
Thomas is a minikube maintainer, and manages the Container Developer Experience team at Google. Thomas has over 20 years of experience automating complex computing environments, and has spoken at KubeCon North America & KubeCon China.Thomas previously worked on production simulations... Read More →


draft pdf

Wednesday November 20, 2019 5:20pm - 5:55pm PST
Room 5AB - San Diego Convention Center Upper Level
  Maintainer Track Sessions

5:20pm PST

OPA Deep Dive - Tim Hinrichs & Torin Sandall, Styra
Come to this session for a deep dive on some exciting new features in the OPA project presented by the co-creators. This session will have plenty of time for Q&A!

Speakers
avatar for Tim Hinrichs

Tim Hinrichs

CTO, Styra
Tim Hinrichs is the CTO and Co-founder of Styra. For the last 15 years, he designed and built policy languages across different domains, most recently the CNCF Open Policy Agent and prior to that OpenStack Congress. Before Styra he worked as a software developer at VMware on Nicira's... Read More →
avatar for Torin Sandall

Torin Sandall

VP of Open Source, Styra
Torin Sandall is a co-founder of the Open Policy Agent (OPA) project. Torin has spent 10 years as a software engineer working on large-scale distributed systems projects. Torin is a frequent speaker at events like KubeCon, DockerCon, Velocity, and more. Prior to working on OPA, Torin... Read More →



Wednesday November 20, 2019 5:20pm - 5:55pm PST
Pacific Ballroom, Salon 23-24 - Marriott Marquis San Diego Marina Hotel
  Maintainer Track Sessions

5:20pm PST

Thanos Deep Dive: Inside a Distributed Monitoring System - Bartlomiej Plotka & Frederic Branczyk, Red Hat
Thanos is an open-source CNCF Sandbox project that builds upon Prometheus components to create a global-scale highly available monitoring system. It seamlessly extends Prometheus in a few simple steps and it is already used in production by dozens of companies that aim for high multi-cloud scale for metrics while keeping low maintenance cost. During this talk, Frederic Branczyk and Bartek Plotka, core maintainers of Thanos and Prometheus projects, will explain advanced concepts behind the Thanos project. This talk will cover: - Possible deployment models - Integration points with other systems - Important advanced features e.g discovery, multi-label HA, query load balancing - Example solutions for multi-tenancy, authentication and cross-cluster communication in Thanos. Join this session to learn about advanced concepts and operational models of Thanos!

Speakers
avatar for Bartlomiej Plotka

Bartlomiej Plotka

Principal Software Engineer, Red Hat
Bartek Płotka is a Principal Software Engineer at Red Hat with a background in SRE, working on Observability. Co-author of the CNCF Thanos project and core maintainer of various open-source projects including Prometheus. CNCF SIG Observability Tech Lead. He enjoys building OSS communities... Read More →
avatar for Frederic Branczyk

Frederic Branczyk

CEO, Polar Signals
Frederic is the founder and CEO of Polar Signals. Before founding Polar Signals he was a senior principal engineer and the main architect for all things Observability at Red Hat, which he joined through the CoreOS acquisition. Frederic is a Prometheus and Thanos maintainer as well... Read More →



Wednesday November 20, 2019 5:20pm - 5:55pm PST
Room 6C - San Diego Convention Center Upper Level
  Maintainer Track Sessions

5:20pm PST

The Great Cardinality Disasters of Our Time - Bryan Boreham, Weaveworks & Chris Marchbanks, Splunk
Many Cloud Native tools generate Prometheus metrics; together they form a great combination to operate and monitor your infrastructure. But sometimes things go wrong: a quirk in the metric labels can make the volume of data explode, and, soon after, your Prometheus will explode too.

Chris and Bryan will share their war-stories such as receiving 46,000 simultaneous alerts or squashing the source of 100kB label values. Then, they will provide top tips to avoid this happening to your tools in the future.

Speakers
avatar for Bryan Boreham

Bryan Boreham

Distinguished Engineer, Weaveworks
Bryan is a Distinguished Engineer at Weaveworks, the GitOps company. After first getting into programming as a kid, creating a video game called "Splat", Bryan's career has ranged from charting pie sales at a bakery to real-time pricing of billion-dollar bond trades. At Weaveworks... Read More →
avatar for Chris Marchbanks

Chris Marchbanks

Senior Software Engineer, Splunk
Chris is a Software Engineer at Splunk where he delivers observability for teams working on multiple internal Kubernetes clusters. He is a team member for two CNCF projects, Prometheus and Cortex. Outside of work, Chris enjoys skiing uphill in the mountains of Colorado.



Wednesday November 20, 2019 5:20pm - 5:55pm PST
Room 17AB - San Diego Convention Center Mezzanine Level
  Observability

5:20pm PST

How Ancestry Got Kubernetes to Run 2x Better Per Dollar Using AI - Darek Gajewski, Ancestry
Darek Gajewski, Principal Infrastructure Analyst for Ancestry.com, relies on Kubernetes to quickly integrate and deploy applications across Ancestry’s website, which receives 50-million visitors a month, and generates more than a billion dollars in revenue.

To get optimum performance out of Ancestry’s cloud applications, Ancestry employed artificial intelligence for continuous optimization of the application runtime environment. AI brings continuous optimization (CO) to the CI/CD process. In a PoC, Ancestry used AI to cut the resources of one application by more than 50 percent, with zero drop in performance. In this instance, Ancestry has been able to get two times the performance out of Kubernetes for every dollar spent.

AI-powered CO delivers a well-optimized infrastructure personalized to the workload and delivers better reliability, at higher performance, for much lower costs.

Speakers
avatar for Darek Gajewski

Darek Gajewski

Principal Infrastructure Analyst, Ancestry
Darek has spent 10 years in the role of capacity planning and management, cost governance, optimizing infrastructure at both BlackBerry and Ancestry operations. He has successfully saved millions in infrastructure spend at both Ancestry and BlackBerry. With a background in development... Read More →



Wednesday November 20, 2019 5:20pm - 5:55pm PST
Room 15AB - San Diego Convention Center Mezzanine Level
  Performance

5:20pm PST

Serverless Platform for Large Scale Mini-Apps: From Knative to Production - Yitao Dong & Ke Wang, Ant Financial
Serverless architecture is getting increasingly popular. However, developers are still experiencing pain points that hold them back from using it in production, like portability, interoperability and debugging. At Ant, Ke and Yitao are committed to building a mission-critical serverless platform that reduces those frictions, which is now supporting large scale mini-apps.

Ke and Yitao will share the key workloads they are building with serverless and how they address pain points in production by expanding Knative. They will introduce technical details of adopting Knative with secure container runtime and reinventing Knative control/data plane, which largely saves deployment and operation efforts to enable serverless in Kubernetes clusters. The chat will also cover a quick demo to illustrate improved serverless app lifecycle management, 0-M-N-0 autoscaling performance and operation workflow.

Speakers
avatar for Yitao Dong

Yitao Dong

Product Manager, Ant Financial
Yitao is a Product Manager at Ant Financial. He drives products of Ant Financial cloud, including cloud native PaaS for container and serverless. He works closely with end customers on solutions to adopt cloud native technologies for scalable financial scenarios.
avatar for Ke Wang

Ke Wang

Software Engineer, Ant Financial
Ke is a Software Engineer at AntFinancial, where he works on building an enterprise serverless product based on Knative. He is an early adopter of Knative and has been working on ingenious ways to improve / make better use of it for a long time. He is also an open-source enthusia... Read More →



Wednesday November 20, 2019 5:20pm - 5:55pm PST
Room 6F - San Diego Convention Center Upper Level
  Serverless

5:20pm PST

CSI Volume Snapshots: On the Way to Faster and Better Backups - Adnan Abdulhussein & Nolan Brubaker, VMware
Users need persistent data to support their business goals, and regular backups are critical to business continuity. The CSI Snapshot API provides users a consistent way of creating volume snapshots within Kubernetes, regardless of their storage provider. This is a big improvement over the prior, provider-specific methods for creating snapshots.

This session will first cover the basic CSI Snapshot CRDs, as well as demo snapshotting and restoring a stateful application. Additionally, we'll share how disaster recovery tools, such as the open-source Velero, can build on CSI Snapshots, as well as future enhancements coming to CSI, and what migrations from current in-tree cloud provider implementations will look like.

Agenda:
- Overview of the CSI Snapshot CRDs
- Demo of snapshot and restore workflow
- Future direction for application snapshotting and quiescing in CSI

Speakers
avatar for Adnan Abdulhussein

Adnan Abdulhussein

Software Engineer, VMware
Adnan Abdulhussein is a Software Engineer at VMware (previously at Bitnami), where he works on building tools to make apps easier to run on Kubernetes. He contributes to the Kubernetes community as a co-chair of SIG-Apps and a core maintainer of the Helm project. Adnan is passionate... Read More →
avatar for Nolan Brubaker

Nolan Brubaker

Tech Lead, Velero, Senior Member of Technical Staff, VMware
Nolan has been working on cloud infrastructure technologies since 2014, starting with OpenStack and moving to Velero (formerly Heptio Ark) in 2017.



Wednesday November 20, 2019 5:20pm - 5:55pm PST
Room 11AB - San Diego Convention Center Upper Level
  Storage
 
Thursday, November 21
 

10:55am PST

Building a Dev/Test Loop for a Kubernetes Edge Gateway with Envoy Proxy - Flynn, Datawire
As we worked with the community to build the open source Ambassador API gateway on top of Envoy Proxy we learned a bunch of lessons about our dev/test loop. One of the more unpleasant realities that we’ve had to come to terms with is that writing code is easy. What's hard is making sure it's working, and making sure that it keeps working as changes are made.

Over the life of Ambassador we've gone through multiple cycles of adding tests to increase confidence, from simple unit tests to larger integration suites, such as our Kubernetes Acceptance Test (KAT) framework. Several times these tests have become too slow, and then we had to work to speed them up so our velocity doesn't suffer.

Join Flynn to learn what we would do again in regard to our dev/test loop if we chose to build another open source tool, and also (more critically), what we would change.

Speakers
F

Flynn

Principal Engineer, Ambassador Labs
Flynn is a Principal Engineer at Ambassador Labs where he leads development of Ambassador, an open-source Kubernetes-native API gateway meant to make Envoy accessible without needing to become an Envoy expert. Flynn’s career in computing spans more than 35 years and runs the gamut... Read More →


Thursday November 21, 2019 10:55am - 11:30am PST
Room 6C - San Diego Convention Center Upper Level

10:55am PST

Balancing Power and Pain: Moving a Startup From a PaaS to Kubernetes - David Sudia, GoSpotCheck & Toni Rib, Gusto
By hiding a lot of complexity and allowing a team to move fast and simply "heroku push" applications, PaaS solutions like Heroku are a perfect fit when you are early stage startup. However, what do you do when your business starts to get traction, and your scale or use case begins to stretch the limitations of a PaaS? This talk will share the story of a startup's successful migration away from a PaaS to a self-built platform powered by CNCF technology.

We'll share the highlights of our journey, such as how we translated PaaS concepts to our new infrastructure, and explain the series of choices we made, like assembling our platform from Kubernetes and other CNCF components. We will also share some of our difficulties, with the goal that other organisations can avoid making the same mistakes.

Speakers
avatar for David Sudia

David Sudia

Senior DevOps Engineer, GoSpotCheck
David Sudia is a former educator turned developer turned DevOps Engineer. He's passionate about supporting other developers in doing their best work by making sure they have the right tools and environments. In his day to day he's responsible for managing Kubernetes clusters, deploying... Read More →
avatar for Toni Rib

Toni Rib

Software Engineer, Gusto
Toni Rib is a Software Engineer at Gusto. While she focuses mainly on application development, she isn't happy unless she understands not only the application she's developing, but also the database and infrastructure it relies on. This resulted in her being named "honorary DevOps... Read More →



Thursday November 21, 2019 10:55am - 11:30am PST
Room 14AB - San Diego Convention Center Mezzanine Level
  Case Studies

10:55am PST

Prometheus Deep Dive - Ben Kochie, GitLab
After the Intro session we will go into a mix of advanced use cases, news, and open Q&A with all Prometheus maintainers who are at CloudNativeCon.

Speakers
avatar for Ben Kochie

Ben Kochie

Contributor, Prometheus Team



Thursday November 21, 2019 10:55am - 11:30am PST
Ballroom Sec 20AB - San Diego Convention Center Upper Level
  Maintainer Track Sessions

10:55am PST

Workshop on Defining a Reference Model for Cloud-Native Application Delivery - Alois Reitbauer, Dynatrace & Lei Zhang, Alibaba
The application delivery SIG has started to define a reference model for cloud-native application delivery and operations. In this deep dive session, we will start a journey from questions like “What is the Application?” to “The layers and phases through application delivery”, then all the way to the typical model and pattern of application delivery. We will use certain open source projects as concrete examples to explain how they fit into this model, their maturity level in each layer, what’s missing, and the direction the application delivery SIG  is trying to pursue. The session will help audiences figure out not only “what project X is doing”, but also “in what layer project X is working” and “how it performs there.”

Speakers
avatar for Lei Zhang

Lei Zhang

Staff Engineer, Alibaba
Lei is leading the engineering effort in Alibaba including its Kubernetes based large-scale cluster management system and unified application platform. Lei has been working as a maintainer on Kubernetes upstream since its beginning and a popular speaker in KubeCon.
avatar for AloisR

AloisR

Chief Technical Strategist, Dynatrace
Alois is an executive member of the technical staff at Dynatrace. He has been building monitoring and application management solutions for more than 15 years. Alois has successfully brought multiple products to market that are used by the biggest companies on the planet. His current... Read More →



Thursday November 21, 2019 10:55am - 11:30am PST
Room 7AB - San Diego Convention Center Upper Level
  Maintainer Track Sessions

10:55am PST

Deep Linking Metrics and Traces with OpenTelemetry, OpenMetrics and M3 - Rob Skillington, Chronosphere
Metrics and traces are two pillars of Observability and are often used in a complementary fashion. Metrics can give you a high level view of application’s responses and performance and tracing can give you a detailed view of requests through applications. Often when using metrics in graphs or alerts you want be able to jump to an example of a request represented by a given metric datapoint which is difficult to do today. In this talk we show an example of this using an OpenTelemetry exporter to publish trace IDs as exemplars using the OpenMetrics exposition format.

We then walk through configuring Jaeger as a tracing backend and M3 as a metrics backend to store the trace ID alongside a datapoint. We show how it is then possible to go from a metrics graph that visualizes the latency of your application to a trace that fell into a latency bucket using the deep link of the trace ID.

Speakers
avatar for Rob Skillington

Rob Skillington

CTO, Chronosphere
Rob Skillington is the CTO at Chronosphere and creator of open source M3 which is a Prometheus long term storage metrics platform. He is also a member of OpenMetrics, an open standard for transmitting metrics at scale.



Thursday November 21, 2019 10:55am - 11:30am PST
Room 11AB - San Diego Convention Center Upper Level
  Observability

10:55am PST

How Yelp Moved Security From the App to the Mesh with Envoy and OPA - Daniel Popescu, Yelp & Ben Plotnick, Cruise
From its inception, Yelp's service infrastructure has treated security as a fundamental component. For many years, developers carried the burden of building security features directly into their services. By using standard cloud native building blocks, the service infrastructure now provides security features by default; this enables hundreds of developers to focus on shipping features for more than 100M monthly active Yelp users.

This talk will cover Yelp’s journey from a legacy service proxy to a modern, secure service mesh based on Envoy and Open Policy Agent. It will discuss

-Authn and Authz mechanisms using mTLS and JWT with Envoy and OPA
-Migration from using an in-house policy decision engine to standardized open source tools (OPA)
-Transpiling legacy policy data to rego and other best practices for policy maintenance
-Strategies for quickly and safely rolling out policy changes

Speakers
avatar for Daniel Popescu

Daniel Popescu

Security Engineer, Yelp
Daniel Popescu works at Yelp where he is responsible for security infrastructure and operations. Previously he worked at Microsoft on non-security products, but has maintained a passion for security since his undergrad years at the University of California, Santa Barbara. Professionally... Read More →
avatar for Ben Plotnick

Ben Plotnick

a Senior Software Enginee, Cruise Automation
Ben Plotnick is a Senior Software Engineer at Cruise Automation, leading the Platform Services team in moving the bytes around in Kubernetes. Prior to this, he was a member of the Engineering Effectiveness group at Yelp, working to redesign Yelp's service infrastructure with Envoy... Read More →



Thursday November 21, 2019 10:55am - 11:30am PST
Room 6F - San Diego Convention Center Upper Level

10:55am PST

KEDA: Event Driven and Serverless Containers in Kubernetes - Jeff Hollan, Microsoft
Event driven and serverless architectures are defining a new generation of apps. However, to take full advantage of the serverless benefits of event driven, your application needs to scale and react to those events instantly - scaling from zero to potentially thousands of instances. These events may come in the form of queue and Kafka messages, or events from a cloud provider like AWS SQS or Azure Event Hubs. KEDA 1.0 is an open sourced component created in partnership with Red Hat and Microsoft Azure that provides event driven autoscaling for your Kubernetes workloads. In this demo-filled session, learn how to get started with KEDA, how customers are using it to efficiently scale and run event-driven apps, and how everything from a simple container to a serverless function can integrate seamlessly and scale natively in an event-driven and Kubernetes world.

Speakers
avatar for Jeff Hollan

Jeff Hollan

Principal PM Manager, Microsoft
Jeff Hollan is Principal PM Manager for Azure Functions and KEDA. He is a spokesperson for serverless and cloud native for Microsoft and presented at keynotes and conferences around the world. His team focuses on building capabilities for serverless both in the cloud and on-premises... Read More →



Thursday November 21, 2019 10:55am - 11:30am PST
Room 16AB - San Diego Convention Center Mezzanine Level
  Serverless

10:55am PST

Life Outside the Cluster: Adding Virtual Machines to an Envoy Service Mesh - Megan O'Keefe & Ameer Abbas, Google
Service mesh tools add lots of functionality for Kubernetes-based applications, including policy automation and telemetry. But what if you're halfway through a migration to Kubernetes, and you still have applications running in virtual machines? In this talk, Megan O'Keefe and Ameer Abbas will demonstrate how to use Istio, an Envoy-based service mesh, to connect Kubernetes services with applications running in VMs. Demos will include: encrypting gRPC traffic between Pods and VMs, using Prometheus to view application metrics across both environments, and load balancing traffic between Kubernetes and VM instances. You will leave this talk understanding exactly how to integrate virtual machines with an Envoy-based service mesh.

Speakers
avatar for Megan O'Keefe

Megan O'Keefe

Developer Relations Engineer, Google Cloud
Megan O’Keefe is a Developer Relations Engineer at Google Cloud, where they help platform developers build on top of Kubernetes to accelerate app development and reduce toil. A graduate of Wellesley College, Megan began their career at Cisco, where they built edge computing platforms... Read More →
avatar for Ameer Abbas

Ameer Abbas

Solutions Architect, Google
Ameer Abbas is a Solutions Architect at Google Cloud in San Francisco. In this role, his goal is simple - Make Cloud Easy. Ameer works closely with the business leaders, development and operations teams to identify the right solution for the problem in Google Cloud. He also publishes... Read More →



Thursday November 21, 2019 10:55am - 11:30am PST
Room 15AB - San Diego Convention Center Mezzanine Level
  Service Mesh

10:55am PST

K8s Conformance & SIG Architecture Conformance Subgroup - Hippie Hacker, ii.coop; Dan Kohn, CNCF; & John Belamaric, Google
Speakers
avatar for Dan Kohn

Dan Kohn

General Manager, Linux Foundation Public Health, Linux Foundation
Dan leads Linux Foundation Public Health, a new initiative to use open source software to help public health authorities combat COVID-19 and serves as VP, Strategic Programs for the Cloud Native Computing Foundation, which sustains and integrates open source technologies like Kubernetes... Read More →
avatar for Hippie Hacker

Hippie Hacker

Chief Executive, ii.coop - https://ii.coop/
Hippie Hacker's unique approach to storytelling includes practical application of technology with a focus on humanity as a whole. He has a lifelong interest in the creation of vehicles of viral generosity that everyone can ride.His travels starting in an avocado green Volkswagen took... Read More →
avatar for John Belamaric

John Belamaric

Senior Staff Software Engineer, Google
John Belamaric is a Senior Staff Software Engineer at Google with over 25 years of software design and development experience. As a co-chair of Kubernetes SIG Architecture, he provides leadership on production readiness, conformance, and overall software architecture for the Kubernetes... Read More →


Thursday November 21, 2019 10:55am - 12:25pm PST
Room 6D - San Diego Convention Center Upper Level

10:55am PST

Tutorial: Everything You Need To Become a GitOps Ninja - Alex Collins & Alexander Matyushentsev, Intuit (Limited Available Seating; First-Come, First-Served Basis)
Please bring your laptop fully charged as we will have limited charging stations available in the room.

A deep-dive on GitOps which will help you, even if you only have minimal GitOps experience, to get a total understanding of everything GitOps.

Firstly you’ll get an introduction into what is GitOps and it’s key benefits, then we’ll walk through foundational techniques, such as tools and strategies, then we’ll take it to the next level with advanced techniques and best practices. Finally, you’ll get a chance to get your hands dirty with an accelerated GitOps lab.

Parts:

- Introduction
- Foundations
- Advanced Techniques
- Hands On Argo CD Lab

Prerequisites:
Audience members should be familiar with core Kubernetes concepts, as well as comfortable using Git. Those interested in the lab should have a laptop with git and minikube installed.

What to Bring:  A laptop on which you can clone and push code to github.com

Speakers
avatar for Alexander Matyushentsev

Alexander Matyushentsev

Principal Software Engineer, Intuit
Alexander Matyushentsev is a Principal Engineer in the Intuit Modern SaaS team. Alexander is focused on building tools which makes it easier to use Kubernetes. He is one of the core contributors to "Argo Workflows" and "Argo CD" projects. Alexander is passionate about open source... Read More →
avatar for Alex Collins

Alex Collins

Principal Software Engineer, Intuit
Alex Collins is a Principal Engineer working on Intuit’s Modern Saas platform. He’s one of the core contributors to Argo CD and a dedicated Open Source advocate. Previously he was the EMEA Software Architect on QuickBooks Online based in London where he presented at local Docker... Read More →



Thursday November 21, 2019 10:55am - 12:25pm PST
Room 29ABCD - San Diego Convention Center Upper Level
  Tutorials, CI/CD

10:55am PST

Tutorial: Zero to Operator in 90 Minutes! - Solly Ross, Google (Limited Available Seating; First-Come, First-Served Basis)
Please bring your laptop fully charged as we will have limited charging stations available in the room.

Please complete the following steps ahead of time to make your tutorial easier: https://gist.github.com/DirectXMan12/ad7b35327c2816125a45cdc11ff78476

Come learn how to quickly get off the ground running with building an operator using KubeBuilder v2!

Come write a Kubernetes-style API to manage a bespoke application, complete with declarative validation and defaulting. Discover what kind of requirements go into an API type, and how to write API types that work and feel like they're part of Kubernetes, and can be easily consumed as part of a larger system.

Once you've got an API type, you'll make use of the new server-side apply functionality to make implementing your core logic a breeze, and learn how to think about writing well-behaved controller logic that deals with different interactions with other parts of Kubernetes.

Finally, you'll learn how to actually run your controller locally for development and on a remote cluster for production.

Speakers
avatar for Solly Ross

Solly Ross

Software Engineer, Google
Solly is one of the leads of the Kubebuilder project, and works on Kubernetes at Google with a focus on custom controller tooling. Solly previously worked on metrics and autoscaling, and has been hacking on various parts of Kubernetes since Kubernetes 1.2. When not writing PRs or... Read More →



Thursday November 21, 2019 10:55am - 12:25pm PST
Hall D - San Diego Convention Center

11:50am PST

Linux Distribution Build Tools for Custom Container Images - Nisha Kumar & Joshua Lock, VMware
A typical container image builder takes a base OS from somewhere, runs scripts to add and modify all the things needed for an app to run, then deploys to a registry. This leads to large images which developers try to trim down by using multistage builds, removing files and squashing filesystem layers. Building container images in this way makes it difficult if not impossible to ascertain the license and security implications of using these images.

How do we generate app specific build and runtime images without having to maintain our own base OS images and build machinery?

Fortunately, this is a problem that has been solved in the Linux distribution world for some time. This talk will outline some popular tools and compare them against the requirements for a declarative and reproducible container OS builder which is not reliant on any external infrastructure.

Speakers
avatar for Nisha Kumar

Nisha Kumar

Senior Open Source Engineer, VMWare
Nisha is a Senior Open Source Engineer at VMware and the technical lead for container packaging and distribution. She has been a DevOps engineer for embedded systems and a Radio Frequency Engineer in semiconductor manufacturing. She has been involved in Open Source for more than 15... Read More →
avatar for Joshua Lock

Joshua Lock

open source engineer, VMware
Joshua Lock is the security team lead in VMware’s Open Source Technology Center. In a past life he spent many years working on and with the Yocto Project. Joshua has spoken at several events including Linux Security Summit, Embedded Linux Conference, and KubeCon + CloudNativeCon... Read More →



Thursday November 21, 2019 11:50am - 12:25pm PST
Room 6C - San Diego Convention Center Upper Level
  Application + Development

11:50am PST

Security Beyond Buzzwords: How to Secure Kubernetes with Empathy? - Pushkar Joglekar, Visa
Your developers are excited about containerizing their apps for elastic scaling. Your operations team is busy drooling over resource optimizations and cost savings that are predicted with a move away from giant VMs to tiny containers. The security person assigned to review this is, utterly clueless when words like multi-tenancy, service meshes, CRI, CNI and kubectl are thrown around.
In this presentation, Pushkar Joglekar will share his real world experience of being that security person four years ago, to becoming the "go-to" security person for his Ops & Dev teams today. By using a simple formula of risk = likelihood * severity, we will prove that not all vulnerabilities are created equal and how “secure by design” Kubernetes deployments, can reduce the likelihood and surface area of a possible attack exploiting any vulnerabilities.

Speakers
avatar for Pushkar Joglekar

Pushkar Joglekar

Security Engineer, Visa
Pushkar Joglekar is a Security Engineer who is the first ever open source contributor for his current company. He has architected several “secure by design” large scale containerized deployments in the last four years. This is his first attempt to speak on a topic that he has... Read More →



Thursday November 21, 2019 11:50am - 12:25pm PST
Room 17AB - San Diego Convention Center Mezzanine Level
  Case Studies

11:50am PST

SIG Cluster Lifecycle (kops) - Justin Santa Barbara, Google
We'll dig into the recent progress in kops: etcd-manager and etcdadm getting us to etcd3; support for CRDs and the server mode; starting to move to cluster API and our future plans here; starting to adopt bundles to allow for richer upgrades. Also kops is now a conformant kubernetes distribution! We'll discuss the status of our support for more clouds, including the recent OpenStack work. We'll also talk about some of our general initiatives e.g. secure by default. But most importantly let's talk about your pain points and figure out what you would like to see, and let's discuss how you can get involved.

Speakers
avatar for Justin Santa Barbara

Justin Santa Barbara

Software Engineer, Google
Justin has been contributing to kubernetes since 2014, acting as one of the primary developers and maintainers for the AWS support, and serves as a lead on sig-aws. He started the kops project, for managing and operating kubernetes clusters, and is a maintainer on kops. He joined... Read More →


Thursday November 21, 2019 11:50am - 12:25pm PST
Room 7AB - San Diego Convention Center Upper Level

11:50am PST

Am I Using It Right? Checking Best Practices on Live Kubernetes Clusters - Varsha Varadarajan & Adam Wolfe Gordon, DigitalOcean
While Kubernetes is stable, best practices for using it are a moving target. Some are generally applicable, others unique to a particular configuration or platform. Following best practices helps ensure workloads stay running as expected through cluster maintenance and upgrades, but checking them can feel like playing whack-a-mole in the dark.

This talk introduces a new open source tool, clusterlint, that checks compliance with best practices. Unlike other linters that work on deployment manifests, clusterlint identifies risks and problems in running Kubernetes clusters, making it useful for finding potential problems before performing cluster maintenance.

We'll discuss what clusterlint checks, why, how it works, how we use it in DigitalOcean's managed Kubernetes product to warn users of danger, and future plans for the tool.

Speakers
avatar for Adam Wolfe Gordon

Adam Wolfe Gordon

Sr. Engineer, DigitalOcean
Adam Wolfe Gordon is a software engineer at DigitalOcean, currently working on managed Kubernetes and container registry. He previously worked on block storage at DigitalOcean and EMC. Adam is a regular conference speaker and a frequent attendee of and presenter at local meetups in... Read More →
VV

Varsha Varadarajan

Engineering Intern, DigitalOcean
Varsha is a software engineer currently pursuing a Master's degree in Computer Science. She previously worked at ThoughtWorks in the continuous delivery domain; and as an intern at DigitalOcean on managed Kubernetes, where clusterlint was created. She likes working on Kubernetes related... Read More →



Thursday November 21, 2019 11:50am - 12:25pm PST
Ballroom Sec 20AB - San Diego Convention Center Upper Level
  Operations

11:50am PST

How Kubernetes Components Communicate Securely in Your Cluster - Maya Kaczorowski, Google
How *do* your cluster components talk to each other?

In this expository talk, we'll first cover the main Kubernetes components that need trusted communication - that is, the API server, kubelet, and etcd, and how this communication is protected. Then, we'll go over how the cluster certificate authority (CA) works, and how this grants certificates to Kubernetes components. Furthermore, we'll explain what authentication, integrity, and encryption means, and what options are available in Kubernetes, and what you need to configure to address these pieces of CIS benchmarks. Lastly, we'll explain how you can protect other communications within your cluster, if needed for your workload - like node to node and pod to pod.

You'll come away with a better understanding of how communications in Kubernetes work, cluster trust, and default protections.

Speakers
avatar for Maya Kaczorowski

Maya Kaczorowski

Product Manager, Software Supply Chain Security, GitHub
Maya is a Product Manager for Software Supply Chain Security at GitHub. She was previously at Google, focused on container security, and encryption at rest and encryption key management. Prior to Google, she was at McKinsey & Company, and before that, completed her Master's in mathematics... Read More →



Thursday November 21, 2019 11:50am - 12:25pm PST
Ballroom Sec 20CD - San Diego Convention Center Upper Level

2:25pm PST

Securing Your Services with Authentication, Authorization, and RBAC in gRPC - Luis Pabón, Portworx
gRPC makes it extremely simple to write complex, business-critical services, in a vast number of programming languages. Its simplicity and adaptability has made it simple for developers to adopt by easily generating code from structures and messages defined as protocol buffers. Writing a secure service based on gRPC, on the other hand, takes a little more effort. In this talk, we will be going through a model of how to secure a gRPC service using JWT based tokens to authenticate user access by relying on interceptors. We will also discuss models of how to provide role-based access control to authorize user access.

Speakers
avatar for Luis Pabón

Luis Pabón

MTS, Portworx
Luis Pabón is a CNCF Storage Technical Lead working at Portworx and also a member of Kubernetes and CSI storage communities. Prior to joining Portworx in September of 2017, he worked at CoreOS, Red Hat Storage, NetApp Advanced Technology Group, and EMC on various storage product... Read More →



Thursday November 21, 2019 2:25pm - 3:00pm PST
Ballroom Sec 20CD - San Diego Convention Center Upper Level
  Application + Development

2:25pm PST

Gone in 60 Minutes: Migrating 20 TB from AKS to GKE in an Hour with Vitess - Derek Perkins, Nozzle
The holy grail of Cloud Native tech is to have zero vendor lock-in. That becomes extra challenging when dealing with stateful applications. By leveraging out of the box Kubernetes and Vitess features, Derek and his team were able to migrate a high throughput production workload of 20 TB from Azure (AKS) to Google (GKE) in under an hour. This workload consisted of dozens of services writing to MySQL, including heavy usage of the under-marketed pub/sub style message queue feature of Vitess. Derek will go into detail about the public Helm charts that were used to set up these workloads and how Kubernetes and Vitess were configured. We will also touch on a few ecosystem projects like external-dns, cert-manager that helped make the transition low-touch and seamless.

Speakers
avatar for Derek Perkins

Derek Perkins

Founder & CEO, Nozzle
Derek is the Founder and CEO of Nozzle, an enterprise rank tracking solution that helps companies understand where they and their competitors rank on Google and other search engines. He has been an evangelist for Vitess since it was open sourced, speaking about it often and was responsible... Read More →


Thursday November 21, 2019 2:25pm - 3:00pm PST
Room 14AB - San Diego Convention Center Mezzanine Level

2:25pm PST

K3s Under the Hood: Building a Product-grade Lightweight Kubernetes Distro - Darren Shepherd, Rancher Labs
K3s is a lightweight distribution of Kubernetes originally designed for the edge. Due to its size, simplicity, and fast spin up, thousands of users are currently running k3s in various use cases besides the edge. Darren Shepherd will cover in depth how k3s is built, what changes are made, and how the benefits of k3s are achieved. The technical details about how k3s is packaged as a single binary, how sqlite was added as a data source, how certs are managed, how HA is achieved, how agent tunneling works and much more. Finally, Darren will discuss how these changes are made while still being a fully certified CNCF Kubernetes distribution.

Speakers
DS

Darren Shepherd

Co-founder and CTO, Rancher Labs
Darren Shepherd is a co-founder and the chief architect at Rancher Labs where he has led the development and creation of numerous open source software projects such as k3s, RancherOS, Longhorn, and Rio. His goal is to provide the container industry with reliable tools that ease deployment... Read More →



Thursday November 21, 2019 2:25pm - 3:00pm PST
Room 6F - San Diego Convention Center Upper Level

2:25pm PST

Networking Optimizations for Multi-Node Deep Learning on Kubernetes - Rajat Chopra, NVIDIA & Erez Cohen, Mellanox
Training a Neural Network may take days or weeks, even on a top of the line GPU. To reduce training time, distributed computation is often employed to spread the work across multiple GPUs and multiple nodes. Horovod is the best example of such a scalable architecture. At NVIDIA, in collaboration with the community, we have configured Kubernetes and multi-node infrastructure to deliver performance that scales as we add more GPUs and nodes. This talk presents the problems and solutions related to networking discovered during this journey.

The inexhaustive list includes solutions like CNI for multiple networks using SRIOV, enabling RDMA over IB and Ethernet (RoCE) to provide low latency, high throughput and direct GPU to NIC connectivity (GPUDirect), enforcing PCI affinity of GPUs with respect to Network Interfaces, using Source-Based routing within pods for L3 networks and much more.

Speakers
avatar for Erez Cohen

Erez Cohen

Vice President for CloudX & AI Program, Mellanox
Erez Cohen acts as Mellanox Vice President for CloudX & AI Programs, responsible for strategy, architecture and implementation. The CloudX program span across multiple cloud solutions including OpenStack, Kubernetes, Microsoft and VMware and incorporate Mellanox state of the art network... Read More →
avatar for Rajat Chopra

Rajat Chopra

Principal Engineer, Nvidia
Rajat Chopra is currently working at NVIDIA on AI/Deep-Learning infrastructure projects, which include kubernetes on edge-devices, multi-node multi-rail RDMA for deep learning jobs, layer 4 packet handling for a GPU cloud etc. He is also an expert in container networking with founding... Read More →



Thursday November 21, 2019 2:25pm - 3:00pm PST
Room 5AB - San Diego Convention Center Upper Level
  Machine Learning + Data

2:25pm PST

SIG Cluster Lifecycle (Cluster API) - Vince Prignano, VMware & Ashish Amarnath, Salesforce
The Cluster Lifecycle SIG is the Special Interest Group that is responsible for building the user experience for deploying and upgrading Kubernetes clusters. Our mission is examining how we should change Kubernetes to make it easier to operate. In this deep dive, we will examine how the Cluster API simplifies the cluster management experience for cluster operators by enabling consistent machine management across environments, and bringing declarative upgrades to Kubernetes clusters.

Speakers
avatar for Ashish Amarnath

Ashish Amarnath

Senior Software Engineer, Salesforce
Ashish Amarnath is a Senior Member of Technical Staff at Salesforce.Kubernetes community contributor, working mostly in the cluster-api ecosystem.
avatar for Vince Prignano

Vince Prignano

SIG Cluster Lifecycle Chair, VMware
Vince Prignano is a Sr. Member of the Technical Staff at VMware, core contributor to Kubernetes, SIG-Cluster-Lifecycle, and Cluster API maintainer.



Thursday November 21, 2019 2:25pm - 3:00pm PST
Room 6E - San Diego Convention Center Upper Level
  Maintainer Track Sessions

2:25pm PST

Running High-performance User-space Packet Processing Apps in Kubernetes - Abdul Halim, Intel & Peng Liu, Red Hat
With 5G on the horizon, networking is transforming around us. Network functions have already found their way from proprietary blackbox into servers running in Linux. The Linux networking stack simply cannot keep up with increasing demands for higher throughput and lower latency of these packet flows. The packet processing pipeline is now run in userspace instead, bypassing the kernel. DPDK provides an environment and API to run high-intensive packet processing in userspace. Many CNFs are developed using DPDK. A DPDK application requires specific resources from a host for guaranteed performance. Deploying and running such applications in K8s is always a challenging task.

In this presentation & demo, users will learn about open source technologies and components and how to leverage them to deploy workloads that requires high performance networking infrastructure in a Kubernetes cluster.

Speakers
avatar for Abdul Halim

Abdul Halim

Cloud Software Engineer, Intel
Abdul Halim is a Cloud Software Engineer working with Cloud Native Orchestration team at Intel R&D based in Shannon, Ireland. Currently he is focused on enabling high-performance networking solutions for NFV use-cases. He is a maintainer of SR-IOV network device plugin and SR-IOV... Read More →
avatar for Peng Liu

Peng Liu

NFV Partner Engineer, Red Hat
Peng Liu is a NFV partner engineer of the office of the CTO at Red Hat. He works in the areas of high performance networking and other NFV features on open source cloud platform, like Kubernetes and Openstack. Currently he is focussing on facilitating the Kubernetes integration with... Read More →



Thursday November 21, 2019 2:25pm - 3:00pm PST
Room 11AB - San Diego Convention Center Upper Level
  Networking

2:25pm PST

The Gotchas of Zero-Downtime Traffic /w Kubernetes - Leigh Capili, Weaveworks
Noticing your customers receive 503's every now-and-then?
Do they spike when you're updating your app or rotating your k8s cluster nodes?
Maybe you used to have this problem -- then you added some strange settings and it's mostly working now…

What most people need from Kubernetes regarding web-traffic is a repeatable but under-documented combo of esoteric, non-default options.

We'll walk through the basic needs of shaping traffic and apply that knowledge to the states of compute, rollout, and canonical networking we see with k8s.
Expect tidbits about CRI, CNI, Ingress, and the design trade-offs present in Kubernetes and its API's.

You’ll leave this session knowing how to keep your apps serving successful requests for a myriad of edge-cases.

Speakers
avatar for Leigh Capili

Leigh Capili

Developer Experience Engineer, Weaveworks
Leigh is a Kubernetes Contributor and works in Developer Experience with Weaveworks. :wheel_of_dharma: He authored kubeadm's etcd mTLS implementation and is currently working toward k8s component-standards and cluster-addons. Previously, he helped design a functional state-store for... Read More →



Thursday November 21, 2019 2:25pm - 3:00pm PST
Ballroom Sec 20AB - San Diego Convention Center Upper Level
  Operations

2:25pm PST

Securing Communication Between Meshes and Beyond with SPIFFE Federation - Evan Gilman, Scytale & Oliver Liu, Google
One of the hottest features that Istio brings to the table is transparent, mutually-authenticated TLS between all workloads running on it. Under the covers, it relies on SPIFFE to provide the cryptographic identity that is used to perform this mutual authentication.

SPIFFE relies on an authority to issue identity. In an Istio mesh, Istio Citadel (CA) issues certificates to workloads by default... but, what happens when you have more than one Istio mesh, and hence more than one Citadel? Or Istio workloads talking to external services?

Enter SPIFFE federation. It allows SPIFFE identity issuers to peer with each other, enabling workloads in disparate domains to securely authenticate and communicate with each other. In this talk, we will describe the challenges involved here and how SPIFFE addresses them, as well as demonstrate SPIFFE federation between Istio mesh and SPIRE.

Speakers
avatar for Evan Gilman

Evan Gilman

Staff Engineer, VMware
Evan Gilman is an engineer with a background in computer networks. With roots in academia, and currently working on the SPIFFE project, he has been building and operating systems in hostile environments his entire professional career. An open source contributor, speaker, and author... Read More →
avatar for Oliver Liu

Oliver Liu

Senior Software Engineer, Google
Dr. Oliver (Yonggang) Liu is a senior software engineer in Google. He is one of the early developers and core engineers of Istio. Oliver has 10 years of experience in research and development of distributed systems and service mesh. Oliver received his PhD degree from University of... Read More →



Thursday November 21, 2019 2:25pm - 3:00pm PST
Room 6C - San Diego Convention Center Upper Level

2:25pm PST

Bringing the Envoy Service Mesh to Mobile - Jose Nino & Michael Schore, Lyft
99.999% reliability on the server is meaningless if mobile apps are only able to complete the desired product flows a fraction of the time. Learn how Lyft built, and deployed Envoy Mobile (envoy-mobile.github.io) in their Swift/Kotlin apps and is benefitting from a single, consistent Envoy-based network stack across every platform.

Envoy Mobile was created to provide apps with the same network configurability, observability, and transport technologies that Envoy Proxy enables for the server - as if apps are simply another node on a service mesh. This unlocked a new tier of reliability on mobile and paved the way for many enhancements such as QUIC, request prioritization, and low connectivity handling. This talk will cover how this library was built, how Lyft tested it in their mobile apps, and what benefits they’ve already started to see.

Speakers
MS

Michael Schore

Software Engineer, Lyft
Michael Schore has nearly a decade of experience working on server and client networking technologies. He was an early implementer of SPDY, and wrote and deployed production stacks for both iOS and Android. Drawing from this experience, he participated in IETF working group discussion... Read More →
JN

Jose Nino

Senior Software Engineer, Lyft
Jose Nino worked on Lyft’s Networking team for 2+ years building out infrastructure that enabled Lyft to scale technically and socially as it developed and rolled out an Envoy-based service-oriented architecture. He was instrumental in building control plane technologies, and resilience... Read More →



Thursday November 21, 2019 2:25pm - 3:00pm PST
Room 33ABC - San Diego Convention Center Upper Level
  Service Mesh

2:25pm PST

Tutorial: A Kind Workflow for Contributing to Kubernetes - Benjamin Elder, Google; Duffie Cooley, VMware; James Munnelly, Jetstack; & Patrick Lang, Microsoft (Limited Available Seating; First-Come, First-Served Basis)
Please bring your laptop fully charged as we will have limited charging stations available in the room.

How can you be confident that the change you make is functioning as you expect *before* you submit that PR?

Many contributors to the Kubernetes code base want to increase the confidence they have in their code prior to pushing that code upstream. This workflow will simplify this process for you!

Bring your Mac, Windows or Linux laptop to this session! We will show how to install the tools you need - Docker, golang and Kind. 

We will  guide you through a great workflow for contributing and testing your code. We will be leveraging sigs.k8s.io/kind to show you how to build Kubernetes locally and test your code. Then we’ll use Kind to run e2e tests against your local build. 

Together, these new skills will enable you to feel more confident in the changes you are introducing to the existing code base and enable you to contribute more frequently!

Speakers
avatar for James Munnelly

James Munnelly

Solutions Engineer, Independent
James is a Solutions Engineer at Jetstack, which involves helping customers bend and break Kubernetes to their will. He helps maintain a number of extensions to Kubernetes, including cert-manager (a Kubernetes native x509 certificates platform), kubernetes-sigs/kind (Kubernetes-in-Docker... Read More →
avatar for Benjamin Elder

Benjamin Elder

Software Engineer, Google
Ben first worked on Kubernetes around the 1.0 launch, implementing the initial version of the iptables kube-proxy for Google Summer of Code 2015. He later started working full time on Kubernetes in the summer of 2017, focusing on the test-infra, local clusters, build, and test with... Read More →
avatar for Patrick Lang

Patrick Lang

Software Engineer, Microsoft
Patrick Lang is a Software Engineer at Microsoft building and teaching how to use Kubernetes and Windows container technologies. He is a regular speaker on Windows Server Container development and management that helped launch the tech at MS Ignite and Build conferences along with... Read More →
avatar for Duffie Cooley

Duffie Cooley

Duffie Cooley, VMware
Duffie is a Staff Cloud Native Architect at VMware focused on helping enterprises find success with technologies like Kubernetes. Duffie has been working with all things virtualization and networking for 20 years and remembers most of it. He likes to present on topics ranging from... Read More →


Thursday November 21, 2019 2:25pm - 3:55pm PST
Room 29ABCD - San Diego Convention Center Upper Level

2:25pm PST

Tutorial: From Notebook to Kubeflow Pipelines: An End-to-End Data Science Workflow - Michelle Casbon, Google, Stefano Fioravanzo, Fondazione Bruno Kessler, & Ilias Katsakioris, Arrikto (Limited Available Seating; First-Come, First-Served Basis)
Please bring your laptop fully charged as we will have limited charging stations available in the room.

This session targets data scientists and ML engineers who want to leverage Kubernetes to scale up their Machine Learning experiments. Attendees will learn a) the basics of Kubeflow, the ML toolkit for K8s, and b) how to build and deploy complex data science pipelines on-prem and on the Cloud with Kubeflow Pipelines.

The tutorial will focus on two essential aspects:
1. Low barrier to entry: deploy a Jupyter Notebook to Kubeflow Pipelines on the cloud using a fully GUI-based approach. This workflow enables data scientists to exploit the scaling potential of K8s - no CLI commands, SDKs, or K8s knowledge required.
2. Reproducibility: automatic data versioning and volume snapshots will enable full reproducibility and collaborative development, as well as fine grained analysis and visualizations after pipeline executions.

Setup: must bring own laptop. Qwiklab/GCP credits will be provided

Speakers
avatar for Michelle Casbon

Michelle Casbon

Senior Engineer, Google
Michelle Casbon is a Senior Engineer at Google, where she focuses on open source for machine learning and big data tools. Prior to joining Google, she was at Qordoba as Director of Data Science and Idibon as a Senior Data Science Engineer. Within these roles, she built and shipped... Read More →
avatar for Stefano Fioravanzo

Stefano Fioravanzo

Research Software Engineer, Fondazione Bruno Kessler
Stefano Fioravanzo is a Research Software Engineer at Fondazione Bruno Kessler, an ICT research center leading AI research in Italy for 40 years. His interests lie in building AI platforms based on Cloud Native technologies, empowering local communities and producers with smart tools... Read More →
avatar for Ilias Katsakioris

Ilias Katsakioris

Software Engineer, Arrikto
Ilias Katsakioris is a Software Engineer at Arrikto. He holds a Diploma in Electrical and Computer Engineering from the National Technical University of Athens. He is a Kubernetes and Kubeflow enthusiast, and he has been contributing to the Kubeflow project for almost a year. His... Read More →



Thursday November 21, 2019 2:25pm - 3:55pm PST
Hall D - San Diego Convention Center

2:25pm PST

Tutorial: Service Mesh for the Developer Workflow - Christian Posta, Solo.io & Nic Jackson, Hashicorp (Limited Available Seating; First-Come, First-Served Basis)
Please bring your laptop fully charged as we will have limited charging stations available in the room.

Service mesh is often presented as a solution for network engineering and system operability, increasing security, reliability, and observability. However, service mesh is also an incredibly useful tool for developers, and understanding how to leverage this technology can dramatically simplify your day to day workflow.

By leveraging free and open-source tools and a scenario-based approach, we will illustrate how a service mesh can help with application resilience, observability, and debugging.

By the end of this workshop you will understand:
How to use metrics and distributed tracing effectively
Reliability patterns like retries, timeouts, and circuit breaking
How to leverage Canary deployments
How you can effectively debug distributed systems

The cloud-native, open-source technology used in this tutorial include:
Envoy
Prometheus
Gloo shot
Consul Service Mesh
Loop
Squash
Open Census

Speakers
avatar for Nic Jackson

Nic Jackson

Developer Advocate, HashiCorp
Nic Jackson is a developer advocate at HashiCorp, and the author of “Building Microservices in Go”, a book which examines the best patterns and practices for building microservices with the Go,
avatar for Christian Posta

Christian Posta

Solo.io, Global Field CTO
Christian Posta (@christianposta) is Global Field CTO at Solo.io, and well known in the cloud-native community for being an author (Istio in Action, Manning, Microservices for Java Developers, O’Reilly 2016), blogger, speaker, open-source enthusiast and contributor to various open-source... Read More →


Thursday November 21, 2019 2:25pm - 3:55pm PST
Room 30ABCDE - San Diego Convention Center Upper Level

3:20pm PST

Serving HTC Users in Kubernetes by Leveraging HTCondor - Igor Sfiligoi, University of California San Diego
High Throughput Computing (HTC), sometimes also called batch computing, has long been and still is the major workhorse for most R&D organizations. Typical workloads include parameter sweeps, Monte Carlo simulations and partitionable dataset processing. Kubernetes by itself is not very well suited for such workloads, which are submitted by hundreds of concurrent users and rely on the execution of thousands, or even millions of small tasks. This presentation will provide an overview of how HTCondor, a prominent HTC system, can be used to effectively and efficiently manage such workloads. The author has been running such a system on a Kubernetes cluster operated out of the University of California San Diego, and will share his experience and issues he encountered during that time.

Speakers
avatar for Igor Sfiligoi

Igor Sfiligoi

Lead Scientific Software Developer and Researcher, University of California San Diego
Igor has been active in distributed computing for over 20 years. He has started in real-time systems, moved to local clusters, worked with leadership HPC systems, but spent most of his career in computing spanning continents. For about 10 years, he has been working on one such world-wide... Read More →



Thursday November 21, 2019 3:20pm - 3:55pm PST
Room 6E - San Diego Convention Center Upper Level
  Application + Development

3:20pm PST

Kubernetes at Reddit: Tales from Production - Greg Taylor, Reddit, Inc
This talk is the EAGERLY-anticipated sequel to last year's "Kubernetes at Reddit: An Origin story". Whereas the saga's first installment focused on early results, thoughts, and a rough higher-level vision, this year's edition serves as a retrospective for how it all shook out over Reddit's last year of rapid Kubernetes adoption.

The audience will hear of successes, share in the heartbreak of production explosions, and gain insight into what has and hasn't worked well for one of the world's busiest web properties. Topics covered include:

* A brief recap of InfraRed, our internal Infrastructure product
* How org-wide adoption has progressed
* Scaling challenges (Infrastructure and Inter/Intra-team)
* Fires, near-misses, and outages, oh my!
* Successes and celebration
* Lingering questions and challenges
* The impact of Kubernetes at Reddit

Speakers
avatar for Greg Taylor

Greg Taylor

Engineering Manager, Reddit, Inc
Greg Taylor leads the Release Engineering team within the Reddit's Infrastructure division. He and his team steward the internal Kubernetes-based infrastructure product (InfraRed) and build tooling and process to empower service owners to get their ideas to production. Greg has recently... Read More →



Thursday November 21, 2019 3:20pm - 3:55pm PST
Ballroom Sec 20AB - San Diego Convention Center Upper Level
  Case Studies

3:20pm PST

Evolving the Kubernetes Ingress APIs to GA and Beyond - Christopher M Luciano, IBM & Bowei Du, Google
The Ingress API has existed as beta type since early 2016 release in Kubernetes 1.2. Since its inception, it has been fairly lightweight and additions remained infrequent in attempts to maintain portability within the Kubernetes ecosystem. In response, Ingress API implementations commonly leverage a different internal API or extend the Ingress API by heavily decorating the resource with annotations.

In this session, we will present the Ingress enhancements for the GA/v1 Ingress API and what factors went into these decisions. Furthermore, we'll explore several possible directions for what a v2 API could entail and walk through several examples including existing non-Kubernetes implementations.

Speakers
avatar for Christopher Luciano

Christopher Luciano

Advisory Software Engineer, IBM
Christopher M Luciano is an advisory software developer for IBM’s Digital Business Group, where he works on Kubernetes, Istio, and Envoy. Previously, Christopher was the lead on the Watson container runtime squad. He is a frequent speaker about Istio and Kubernetes and has recently... Read More →
avatar for Bowei Du

Bowei Du

Staff Engineer, Google
Bowei is a tech lead at Google working on GKE Networking.



Thursday November 21, 2019 3:20pm - 3:55pm PST
Room 16AB - San Diego Convention Center Mezzanine Level

3:20pm PST

Building a Medical AI with Kubernetes and Kubeflow - Jeremie Vallee, Babylon Health
Engineering AI systems at scale can be difficult, especially in highly regulated environments like healthcare. Many challenges arise, such as ensuring reproducibility, controlling data access policies, and running highly secure infrastructure. But with some planning and meticulous engineering, this can be achieved.

At Babylon Health, we've leveraged Kubernetes, Kubeflow, Argo, Istio, OPA, and many other Cloud Native technologies to provide a secure research platform for building and scaling medical AI models across the world.

In this talk, we will share our experience so far, give an overview of how these components fit together, and explain our vision for the future of our platform. We will demonstrate how using open-source CNCF technologies can help you achieve your goal of experimenting, training and serving your AI models at scale, while operating in a regulated environment.

Speakers
avatar for Jeremie Vallee

Jeremie Vallee

AI Infrastructure Lead, Babylon Health
Jeremie is a Cloud Infrastructure Engineer working at Babylon Health, using Cloud Native technologies to scale AI model training. When he's not writing YAML, you can find him running in one of London's many parks, or being lost in a music festival somewhere in France. But mostly... Read More →



Thursday November 21, 2019 3:20pm - 3:55pm PST
Room 11AB - San Diego Convention Center Upper Level
  Machine Learning + Data

3:20pm PST

Kubeadm Deep Dive (SIG Cluster Lifecycle) - Fabrizio Pandini, VMware & Yago Nobre, Nubank
What a year for kubeadm! After reaching GA at the very beginning of this year, the kubeadm project growth never stopped, and now it is time to start defining the roadmap for the next big milestone of this project.
Don’t miss this talk if you want to understand what are the driving forces for kubeadm evolution, if you want to take your first opportunity to influence the roadmap, or, least but not last, if you are considering to step up as a new contributor helping making this happen. We’ll reserve time to talk about how to get involved with SIG Cluster Lifecycle and kubeadm, for all your questions, concerns, and feature requests!

Speakers
avatar for Yago Nobre

Yago Nobre

Software Engineer, Nubank
Software engineer at Nubank, managing Kubernetes Clusters in production since 2016. Contributor on kubeadm.
avatar for Fabrizio Pandini

Fabrizio Pandini

Software Engineer, VMware
Fabrizio has been engaged in Kubernetes work for over two years now and been involved in SIG cluster-lifecycle, kubeadm, cluster API, kind, and other subprojects helping to simplify creation, configuration, upgrade and teardown of Kubernetes clusters. On the personal side, I enjoy... Read More →



Thursday November 21, 2019 3:20pm - 3:55pm PST
Room 5AB - San Diego Convention Center Upper Level
  Maintainer Track Sessions

3:20pm PST

CoreDNS: Beyond the Basics - Cricket Liu, Infoblox & John Belamaric, Google
This session will cover aspects of CoreDNS's configuration beyond the basics, including signing DNS data with DNSSEC, supporting DNS over TLS (DoT), manipulating queries and responses, managing zone data with Git, running a full recursive DNS server with the unbound plugin, configuring CoreDNS to perform multi-cluster service discovery. The session is intended for people with a solid understanding of basic CoreDNS configuration who wish to support more advanced use cases or to extend CoreDNS's functionality.

Speakers
avatar for Cricket Liu

Cricket Liu

Chief DNS Architect, Infoblox
Cricket Liu is an authority on the Domain Name System and the co-author of all of O'Reilly Media’s books on DNS, including the classic DNS and BIND. As Infoblox’s Chief DNS Architect, Cricket guides the development of Infoblox’s product and business strategy, and serves as a... Read More →
avatar for John Belamaric

John Belamaric

Senior Staff Software Engineer, Google
John Belamaric is a Senior Staff Software Engineer at Google with over 25 years of software design and development experience. As a co-chair of Kubernetes SIG Architecture, he provides leadership on production readiness, conformance, and overall software architecture for the Kubernetes... Read More →



Thursday November 21, 2019 3:20pm - 3:55pm PST
Room 6C - San Diego Convention Center Upper Level
  Networking

3:20pm PST

Prepare to Be Boarded! A Tale of Kubernetes, Plunder, and Cryptobooty - James Condon, Lacework
How are Kubernetes cluster’s being compromised in the wild? There aren’t a whole lot of public reports detailing successful attacks against Kubernetes clusters. The goal of this talk is to demystify these attacks and provide recommendations to prevent them.

In this talk, a successful attack on a Kubernetes honeypot is analyzed. The amount of time it took for this to occur is quite surprising. Next, using this information, the scope of research is widened to survey other clusters that have fallen victim to the same attacks. Multiple cryptojacking campaigns emerge and details behind the methods of the attackers are shared. After providing statistics on these attacks, recommendations for prevention along with indicators of compromise are provided.

Speakers
avatar for James Condon

James Condon

Director of Research, Lacework
James Condon is Director of Research at Lacework. James is a security veteran with over 10 years of experience in incident response, intelligence analysis, and automated threat detection. James was previously Director of Threat Research at ProtectWise (acquired by Verizon), an Incident... Read More →



Thursday November 21, 2019 3:20pm - 3:55pm PST
Room 14AB - San Diego Convention Center Mezzanine Level

3:20pm PST

Supercharge Your Microservices CI/CD with Service Mesh and Kubernetes - Brian Redmond, Microsoft
We all know by now that Service Mesh provides many benefits to containers on Kubernetes. Linkerd, Istio, and Consul are some great examples. With Service Mesh Interface (SMI), adoption is becoming much easier.

Along with a lot of other features, Service Meshes are great at traffic shifting and observability which are helpful for microservice deployment and CI/CD platforms. Testing new versions in production with strategies such as Blue/Green, A/B, and canary rollouts are key in ensuring that deployments are error-free.

In this session, I will dig deep into how you can integrate Service Mesh into deployment pipelines and automate these kinds of CI/CD methods. I will talk about observability using projects such as Prometheus and how it is key to validate candidate releases with real time latency statistics down to specific paths/methods.

As always, I will include lots of demos!

Speakers
avatar for Brian Redmond

Brian Redmond

Cloud Architect, Microsoft
I am a Cloud Architect on the Azure Global Black Belt team at Microsoft. I focus on containers, microservices, and cloud native applications in the Azure cloud platform. I have been working in technology for over 20 years and have a mixed background from application development to... Read More →



Thursday November 21, 2019 3:20pm - 3:55pm PST
Ballroom Sec 20CD - San Diego Convention Center Upper Level
  Service Mesh

4:25pm PST

KubeDirector - Deploying Complex Stateful Applications on Kubernetes - Joel Baxter & Thomas Phelan, Hewlett Packard Enterprise
Kubernetes was originally designed to deploy cloud-native stateless applications.
Features such as StatefulSets and Persistent Volumes have been added that make it possible to deploy some stateful applications on Kubernetes. However, deploying and running complex stateful applications remains a difficult task -- even with tools such as Kustomize, Helm, and KubeFlow. KubeDirector is an open source Apache project designed to address these challenges. It utilizes the Kubernetes custom resource functionality and API extensions to deploy and manage complex, stateful, scale-out applications.
This session will: describe the limitations of existing tools for complex stateful applications, provide an overview of the KubeDirector architecture and how it overcomes these limitations, and demonstrate how to author the metadata to deploy a stateful application on Kubernetes with KubeDirector

Speakers
JB

Joel Baxter

Distinguished Engineer, Hewlett Packard Enterprise
Joel is a Distinguished Engineer in the Storage and Big Data organization at HPE. He joined HPE when BlueData, Inc. was acquired in 2018. At HPE/BlueData, Joel focuses on Kubernetes and other technologies for running AI/ML and big data analytics on a hybrid cloud infrastructure... Read More →
avatar for Thomas Phelan

Thomas Phelan

Fellow, HPE
Tom is an HPE Fellow. He joined Hewlett Packard Enterprise when BlueData, Inc. was acquired by HPE in November of 2018. Tom was the Co-Founder and Chief Architect of BlueData and led the team that developed the EPIC platform for automating and managing AI/ML/DL/Big Data containerized... Read More →



Thursday November 21, 2019 4:25pm - 5:00pm PST
Ballroom Sec 20CD - San Diego Convention Center Upper Level
  Application + Development

4:25pm PST

Tinder's Move to Kubernetes - Chris O'Brien & Chris Thomas, Tinder
Almost 2 years ago, Tinder decided to move its platform to Kubernetes. Kubernetes afforded us an opportunity to drive Tinder Engineering toward containerization and low-touch operation through immutable deployment. Application build, deployment, and infrastructure would be defined as code.

We were also looking to address challenges of scale and stability. When scaling became critical, we often suffered through several minutes of waiting for new EC2 instances to come online. The idea of containers scheduling and serving traffic within seconds as opposed to minutes was appealing to us.

During our migration in early 2019, we reached critical mass within our Kubernetes cluster and began encountering various challenges due to traffic volume, cluster size, and DNS. We solved interesting challenges to migrate 200 services and run a Kubernetes cluster at scale.  

Speakers
CO

Chris O'Brien

Senior Engineering Manager, Tinder
Chris is a Software Engineer who works in Cloud Infrastructure—Kubernetes, CI/CD, AWS, Linux, Automation and Configuration Management (Terraform, Ansible, Chef, Puppet), and other open source technologies.
CT

Chris Thomas

Engineering Manager, Tinder
Chris is an Engineering Manager for Tinder Cloud Infrastructure. He leads the Resiliency team, which is responsible for much of the infrastructure powering the Tinder backend platform, as well as Observability.



Thursday November 21, 2019 4:25pm - 5:00pm PST
Ballroom Sec 20AB - San Diego Convention Center Upper Level
  Case Studies

4:25pm PST

GPU as a Service Over K8s: Drive Productivity and Increase Utilization - Yaron Haviv, Iguazio
Building machine learning applications is hard. Surprisingly enough, it’s not the data science that’s hard, but all the operations around it. GPUs accelerate performance, but pose challenges such as GPU resource sharing, software dependencies and data bottlenecks. In a cloud-native era, data scientists are looking for a GPU-powered machine learning PaaS like AWS Sagemaker or Google AI, only based on open source technologies, without vendor lock-ins and/or on-premises. Yaron Haviv will demonstrate how to integrate Kubernetes, KubeFlow, high-speed data layers and GPU-powered servers to build self-service machine learning platforms. He will show how GPU resources can be pooled to maximize utilization and increase scalability, how to use RAPIDS for 10x faster data processing and how to integrate GPUs with the rest of the machine learning stack.

Speakers
avatar for Yaron Haviv

Yaron Haviv

CTO, Iguazio
Yaron Haviv is a serial entrepreneur who has deep technological experience in the fields of ML, big data, cloud, storage and networking. Prior to Iguazio, Yaron was the Vice President of Datacenter Solutions at Mellanox, where he led technology innovation, software development and... Read More →



Thursday November 21, 2019 4:25pm - 5:00pm PST
Room 17AB - San Diego Convention Center Mezzanine Level
  Machine Learning + Data

4:25pm PST

Deep Dive Into the Latest Kubernetes Scheduler Features - Abdullah Gharaibeh, Google Inc.
Kubernetes Scheduler is the component of Kubernetes that assigns pods to nodes based on the configured scheduling requirements. Users can choose to run their clusters with high resource efficiency, high reliability, or other custom policies. The scheduler also implements a number of critical Kubernetes features, such as "Node Affinity", "Inter-pod affinity and anti-affinity" and the new "Even pod spreading" features. This talk will provide information on recent SIG Scheduling projects and features, including the the scheduling framework and even pod spreading. We will dedicate about half of the time of the presentation to audience questions and users' feedback.

Speakers
avatar for Abdullah Gharaibeh

Abdullah Gharaibeh

Software Engineer, Google



Thursday November 21, 2019 4:25pm - 5:00pm PST
Room 6C - San Diego Convention Center Upper Level
  Maintainer Track Sessions

4:25pm PST

RDMA Enabled Kubernetes for High Performance Computing - Jacob Anders, CSIRO & Feng Pan, Red Hat
Adoption of Kubernetes in scientific workloads has been hampered by limited support for high speed interconnects used in HPC clusters. Fortunately, we can now solve this problem by enabling RDMA in Kubernetes.

In this session, we will describe the HPC use case and requirements from an end user's perspective. We will discuss how RDMA, a highly efficient network transport protocol, can be used to address this challenge. We will then provide an overview of a community driven RDMA implementation for Kubernetes using CNI plugins and SR-IOV.

Finally, we will demonstrate real-world applications running in RDMA-enabled Kubernetes environment and provide a performance comparison between standard and RDMA-enabled networking.

You will leave this session understanding the state of the art for HPC networking on Kubernetes.

Speakers
FP

Feng Pan

Software Engineering Manager, Red Hat
Feng Pan is an engineering manager in Office of the CTO at Red Hat working on emerging open source networking projects. Coming from networking background, Feng’s main interest is in the area of networking technology transformation. Currently, Feng is working on enhancing advanced... Read More →
avatar for Jacob Anders

Jacob Anders

HPC Technical Lead, CSIRO
Jacob Anders is a Linux and Cloud architect with strong focus on High Performance Computing. He is a pioneer of using high performance interconnects in Cloud Computing, starting with OpenStack in 2012, currently working on RDMA support in Kubernetes. Jacob is interested in large scale... Read More →



Thursday November 21, 2019 4:25pm - 5:00pm PST
Room 33ABC - San Diego Convention Center Upper Level
  Networking

4:25pm PST

Enforcing Service Mesh Structure using OPA Gatekeeper - Sandeep Parikh, Google
Organizations need the ability to apply rules to their workloads and services, at scale and distinct from the development of those services. Policies and policy enablement provide those governance capabilities with declarative approaches. OPA Gatekeeper integrates with Kubernetes and is able to provide the right guardrails to enforce structure and keep your deployments running smoothly. In this session we'll talk about policy management and how OPA Gatekeeper can help manage policies at scale. We'll walkthrough the high-level architecture of Gatekeeper along with applied examples and demonstrate how it can be used to manage security and traffic management mechanisms found in service mesh deployments.

Speakers
avatar for Sandeep Parikh

Sandeep Parikh

DevRel Engineer, Google
Sandeep is a DevRel Engineer for Google Cloud, where he focuses on making it easier for developers & operators to adopt devops processes and cloud native tools. Sandeep’s background is in software engineering and he's worked for Google, VMware, Apple, MongoDB, and many others. He... Read More →



Thursday November 21, 2019 4:25pm - 5:00pm PST
Room 6F - San Diego Convention Center Upper Level
  Operations

4:25pm PST

Ready to Serve! Speeding-Up Startup Time of Istio-Powered Workloads - Michal Malka & Etai Lev-Ran, IBM
Pod startup time has long been a focus area for cloud-native platforms. Optimizing startup time is critical to support use cases such as autoscaling, upgrades, and failure recovery. The recent rise of the serverless model, along with its key value proposition of scale-to-zero of idle workloads, has made pod startup time important than ever: The platform must be able to start the pod fairly quick, such that the latency of request-triggered scale-from-zero is acceptable.


In this talk, we'll analyze the latency contributed by Istio service mesh to pod startup time, right from pod creation and up to the pod becoming ready to service requests. We'll also examine various techniques to reduce it, including using Istio CNI to bootstrap the pod's network, launching the sidecar proxy with an initial routing configuration, and using manual sidecar injection.

Speakers
avatar for Etai Lev Ran

Etai Lev Ran

System Architect, IBM
Etai works for the IBM research lab in Haifa and was a security workgroup lead for Istio open source project. He has previously worked on cloud infrastructure services, distributed file systems and high performance networked systems.
avatar for Michal Malka

Michal Malka

Manager, IBM Cloud Foundations, IBM
Michal is working as a manager of the Cloud Foundations group at the IBM Haifa Research Lab, focusing on several projects in the area of Hybrid Cloud. Michal has deep knowledge in microservices technologies and is currently working on new directions for Istio as the microservices... Read More →



Thursday November 21, 2019 4:25pm - 5:00pm PST
Room 11AB - San Diego Convention Center Upper Level
  Performance

4:25pm PST

Identity Bootstrapping in Multi-tenant Multi-cluster Kubernetes - Manish Mehta, Volterra & Derek Suzuki, The Voleon Group
With the increasing popularity of Kubernetes, providing managed K8s has been a great way to convert enthusiasts into adopters. However, current solutions mainly focus on providing isolated clusters and adopters are responsible for making workload identities work across clusters. If multi-tenancy is added to the mix, the challenges of bootstrapping identities that work across clusters - but within tenancy - are even greater.

In this presentation, the speakers will share challenges of securely bootstrapping identities in such a setup (especially when the individual clusters could be running in untrusted environments), the tradeoffs, and possible solutions. Manish will also introduce planned open-source components of a solution used by Volterra Edge Services for identity bootstrapping and other security services.

Speakers
avatar for Derek Suzuki

Derek Suzuki

Director of DevOps, The Voleon Group
Derek Suzuki is Director of DevOps at The Voleon Group.  Previously he was Senior Director of Information Technology and Business Applications at Outbrain and has held a variety of technology management roles at Redwood Systems, ZipRealty, Wine.com, Juno Online Services, and other... Read More →
avatar for Manish Mehta

Manish Mehta

Chief Security Architect, Volterra
Manish Mehta is Chief Security Architect at Volterra Edge Services, CA. In the past, he has worked at Netflix, Cryptography Research Inc., and other SF bay area companies designing and developing solutions around secure bootstrapping, authentication (service and user), and authorization... Read More →



Thursday November 21, 2019 4:25pm - 5:00pm PST
Room 14AB - San Diego Convention Center Mezzanine Level

4:25pm PST

Fine Grained Mesh Metrics for Better Visibility With Native Performance - Mandar Jog & Kuat Yessenov, Google
Knowing granular traffic patterns is crucial in understanding the functioning and health of a service mesh. The existing Envoy extensions collecting metrics are either not granular enough or can consume too many resources.

In this session, attendees will learn about an efficient way of producing granular metrics. This method introduces a new metadata exchange protocol between peer workloads and uses the new Envoy/WASM metrics API to produce richly dimensioned metrics based on the exchanged metadata.

The operator can add arbitrary peer dimensions like availability zones and locality to get additional insights into the traffic. Istio will use this technique to efficiently produce highly dimensioned Istio standard telemetry.

Attendees will see a demo of rich telemetry collection to Prometheus at near native performance.

Speakers
avatar for Mandar Jog

Mandar Jog

Istio TL/M, Google
Mandar is a co-lead of the Istio extensions and the Istio performance and scalability workgroups. He would like to see adoption of service meshes everywhere so as to realize the full promise of micro services architecture. Mandar has been working on the Isio project since its inception... Read More →
KY

Kuat Yessenov

software engineer, google
Kuat is a maintainer of the envoyproxy/go-control-plane and a contributor to envoy. He has been an integral part of the Istio team at google since the beginning.



Thursday November 21, 2019 4:25pm - 5:00pm PST
Room 16AB - San Diego Convention Center Mezzanine Level
  Service Mesh

4:25pm PST

Tutorial: Attacking and Defending Kubernetes Clusters: A Guided Tour - Brad Geesaman, Brad Geesaman Consulting; Jimmy Mesta, KSOC, Inc.; Tabitha Sable, Independent; & Peter Benjamin, Teradata (Limited Available Seating; First-Come, First-Served Basis)
Please bring your laptop fully charged as we will have limited charging stations available in the room.

Is your Kubernetes cluster able to resist the most common attacks? And, are all the necessary detection mechanisms in place to know if a security issue did occur?

In this hands-on workshop, the instructors will dive into the art and science of Kubernetes security through a series of interactive attack and defense scenarios. Attendees will learn through instructor-led exercises how to identify and exploit realistic misconfigurations in Kubernetes clusters to achieve full cluster compromise. Each attack step will be matched with hardening measures and specific methods for detection and response workflows.

Each workshop attendee will be provided with a pre-configured Kubernetes cluster running realistic workloads in a cloud-based lab environment. The tools and methodologies covered by these exercises will directly help attendees secure their own organization's clusters.

Speakers
avatar for Peter Benjamin

Peter Benjamin

Principal Security Engineer
Peter Benjamin is a Software Engineer with a background in Security and a co-organizer for the San Diego Kubernetes and Go meet-ups. He has a passion for enabling engineers to build secure and scalable applications, services, and platforms on modern distributed systems.
avatar for Brad Geesaman

Brad Geesaman

Director of Cloud Security, Aqua Security
Brad Geesaman is the Director of Cloud Security at Aqua Security and focuses on building solutions with a security practitioner's mindset. When he’s not hacking on cloud-native and containerized environments, he enjoys spending time with his family in Virginia, eating Mexican food... Read More →
avatar for Jimmy Mesta

Jimmy Mesta

Founder, KSOC, Inc.
Jimmy is a security leader that has been working in AppSec and Infrastructure Security for over 10 years. He founded and led the OWASP Santa Barbara chapter and co-organized the AppSec California security conference. Jimmy has taught at private corporate events and security conferences... Read More →
avatar for Tabitha Sable

Tabitha Sable

Systems Security Engineer, Datadog
Tabitha Sable never met a system she didn't want to take apart. She serves the Kubernetes community as co-chair of SIG Security and a member of the Product Security Committee. At work, Tabitha is Systems Security Engineer at Datadog. She writes exploits, hardens infrastructure, and... Read More →



Thursday November 21, 2019 4:25pm - 5:55pm PST
Room 30ABCDE - San Diego Convention Center Upper Level

4:25pm PST

Tutorial: Deep Dive into the Operator Framework for Kubernetes - Melvin Hillsman, Michael Hrivnak, & Matt Dorn, Red Hat (Limited Available Seating; First-Come, First-Served Basis)
Please bring your laptop fully charged as we will have limited charging stations available in the room.

This is an entry-level tutorial session for both application developers and system administrators interested in building and managing Operators for Kubernetes environments. It is designed for those who have a basic knowledge of Kubernetes and want to learn how to apply domain or application-specific knowledge to automate common operational tasks.

Attendees will understand the past difficulties with building Operators with existing client-libraries and discover how the Operator Framework can ease development workflow.

Step-by-step guidance will be given on the process of creating real-world Operators with Go, Ansible and Helm charts while mastering methodologies, design patterns, and strategies that can assist in avoiding common pitfalls.

Attendees will use the Operator Lifecycle Manager (OLM) to define, install and upgrade Operators as well.

Speakers
avatar for Michael Hrivnak

Michael Hrivnak

Principal Engineer, Red Hat
Michael Hrivnak is a Principal Software Engineer at Red Hat. After leading development of early registry and distribution technology for container images, he became involved with solving real-world orchestration problems on Kubernetes. He now works on the Automation Broker and Operator... Read More →
avatar for Matt Dorn

Matt Dorn

Principal Engineer, Red Hat
Matt Dorn is a Principal Software Engineer at Red Hat and helps hundreds of IT teams around the world succeed with cloud native technology. He is the author of the “Preparing for the Certified OpenStack Administrator Exam” book, creator of the O’Reilly “Getting Starting with... Read More →
avatar for Melvin Hillsman

Melvin Hillsman

Senior SRE, Operator Enablement, Red Hat
Melvin Hillsman is a Senior SRE at Red Hat. He is passionate about user and developer collaboration and cross-community interaction and communication. Prior to Red Hat he helped launch OpenLab while working closely with members of the Kubernetes, OpenStack, CNCF, CloudFoundry, AdoptOpenJDK... Read More →


Thursday November 21, 2019 4:25pm - 5:55pm PST
Hall D - San Diego Convention Center

4:25pm PST

Tutorial: Mastering Multi-version CRDs: From YAML to a Serious Development Project - Stefan Schimanski, Red Hat & Joe Betz, Google (Limited Available Seating; First-Come, First-Served Basis)
Please bring your laptop fully charged as we will have limited charging stations available in the room.

To prepare for the session, follow the setup instructions at: https://bit.ly/2JWsbxC

CRDs have become the main vehicle to extend the Kubernetes API. They are ready to build serious products on-top of them. But with more and more features like admission and conversion they are no longer just a hundred lines of YAML, but involve real software development. In this talk/tutorial we will start with a YAML-only CRD project and step-by-step go through the development life-cycle towards a powerful multi-version CRD:

- add schema validation using OpenAPI schema generators
- enable pruning
- add defaulting
- add an admission webhook for powerful turing-complete validation
- evolve the CRD to a new version with a conversion webhook
- including comprehensive testing.

On this journey we will learn a lot of about the expected webhook behaviour, how they fit into API machinery, and about API compatibility and good & bad API practices.

Speakers
avatar for Stefan Schimanski

Stefan Schimanski

Senior Prinicpal Software Engineer, Red Hat
Stefan is a Senior Principal Software Developer at Red Hat working on Kubernetes and OpenShift, with a focus on API machinery, extension points and developer tools as part of Sig API Machinery. He contributed a major part of the CRD feature set. Stefan is a 2nd time GoogleSummer of... Read More →
avatar for Joe Betz

Joe Betz

Staff Software Engineer, Google
Joe Betz is a contributor to Kubernetes with a focus on custom resource, admission webhook extensibility features and server side apply. Joe is also etcd project maintainer and directly responsible for the health and stability of the GKE etcd fleet and leads improvements to etcd via... Read More →



Thursday November 21, 2019 4:25pm - 5:55pm PST
Room 29ABCD - San Diego Convention Center Upper Level

5:20pm PST

Inside Kubernetes Services - Dominik Tornow, Cisco & Andrew Chen, Google
Kubernetes Services are a core abstraction of Kubernetes. In combination with Kubernetes Pods, Kubernetes Services provide the very foundation for scalable and reliable applications hosted on Kubernetes. However, even experienced Kubernetes users struggle to reason about Services end-to-end.

Using a systems modeling approach, this talk will explore the mechanics of Kubernetes Services, connect the dots between K8s Services, K8s Endpoints, and the KubeProxy, all the way to IP Tables and Network Filters. You will leave with a concise and accurate understanding how K8s Services enable scalable and reliable communication in the Kubernetes cluster. In addition, you will leave with a detailed understanding under what circumstances K8s Services DON’T work and how to mitigate the situation.

Speakers
avatar for Andrew Chen

Andrew Chen

Program Manager, Google
Andrew Chen is an Open Source Program Manager at Google Cloud. He has been working to improve the usability and conceptual content of open source documentation.
avatar for Dominik Tornow

Dominik Tornow

Principal Engineer, Temporal
Dominik Tornow is a Principal Engineer at Temporal. He focuses on systems modeling, specifically conceptual and formal modeling, to support the design and documentation of complex software systems.


Thursday November 21, 2019 5:20pm - 5:55pm PST
Room 17AB - San Diego Convention Center Mezzanine Level

5:20pm PST

Release the Kraken: Bring Sidecar Containers to Next Level - Di Xu, Ant Financial & Xiaoyu Zhang, Alibaba
Sidecar containers are well accepted and widely used nowadays. Sidecars are coupled with normal containers by sharing the same lifecycle and provide accessory features. This is a good pattern to enable applications to be composed of heterogeneous components and technologies by reducing coupling.

The demands of using sidecar containers in production environments are rapidly increasing, although sidecars have not formally identified. More issues and discussions have cropped up in Kubernetes community and slack channels.

Thus, we need a fine-grained way to manage the sidecars, including the starting/terminating order, the lifecycle of sidecars, etc. Also pre and post steps are introduced to better control the sidecars. Moreover, we will introduce some use scenarios on how we maximize the power of sidecars at a large scale in Alibaba Group and Ant Financial.

Speakers
avatar for Di Xu

Di Xu

Senior Engineer, Tencent
Di Xu is working at Tencent as a senior software engineer. He is a top50 code contributor and active reviewer in Kubernetes community. He has extensive experience in Kubernetes, Cloud Native and Cloud Computing. He is passionate about open source projects and gets involved in. He... Read More →
avatar for Xiaoyu Zhang

Xiaoyu Zhang

Senior Engineer, Alibaba
Xiaoyu Zhang is a senior software engineer in Alibaba Group. He's a member of the Kubernetes organization. He mainly works on Kubernetes project and focuses on docs, kubectl, controller-manager, storage and runtime areas. He had multiple speeches in Cloud Native End User Conference... Read More →



Thursday November 21, 2019 5:20pm - 5:55pm PST
Room 6C - San Diego Convention Center Upper Level

5:20pm PST

Supercharge Kubeflow Performance on GPU Clusters - Meenakshi Kaushik & Neelima Mukiri, Cisco
AI/ML applications on Kubernetes can be optimized for performance at many levels.

This presentation provides an overview of the optimizations such as:
- Distributed training on multiple GPUs with optimal selection of interconnects between the GPUs and CPUs.
- Utilizing different types of GPUs/Servers for different workloads like training and inference.
- OS level optimizations to get optimal performance on the hardware.
- Usage of GPU Passthrough for optimal utilization and performance.

This presentation will also cover how the selection of machine learning framework, like Kubeflow, can impact performance and hardware utilization.

Speakers
MK

Meenakshi Kaushik

Product Manager, Cisco
Meenakshi is a product manager for Cisco Container Platrform, an enterprise grade kubernetes offering that supports GPU/Kubeflow for hybrid AI/ML workloads. Meenakshi has interest in AI/ML space and is excited how the technology can enhance human well being and productivity.
NM

Neelima Mukiri

Principal Engineer, Cisco
Neelima Mukiri is a Principal Engineer in Cisco's Cloud Platform Solutions group working on the architecture and development of Cisco's Container Platform. Prior to this she worked on core virtualization layer at VMware and systems software in Samsung Electronics.



Thursday November 21, 2019 5:20pm - 5:55pm PST
Room 11AB - San Diego Convention Center Upper Level
  Machine Learning + Data

5:20pm PST

Component Standard Working Group - Leigh Capili, Weaveworks & Michael Taufen, Google
The Component Standard Working group is charged to develop a standard foundation (philosophy and libraries) for core Kubernetes components to build on top of. Areas to standardize include configuration (flags, ComponentConfig APIs, ...), status endpoints (healthz, configz, ...), integration points (delegated authn/z, ...), and logging. In this talk we will outline current progress and challenges and how new contributors can get engaged.

Speakers
avatar for Michael Taufen

Michael Taufen

Software Engineer, Google
Michael Taufen is a software engineer at Google. He works on GKE, GKE On-prem, and open-source Kubernetes. He's an active maintainer, who has contributed to a number of projects related to the Kubelet, configuration APIs, release management, OS images, node lifecycle, and most recently... Read More →
avatar for Leigh Capili

Leigh Capili

Developer Experience Engineer, Weaveworks
Leigh is a Kubernetes Contributor and works in Developer Experience with Weaveworks. :wheel_of_dharma: He authored kubeadm's etcd mTLS implementation and is currently working toward k8s component-standards and cluster-addons. Previously, he helped design a functional state-store for... Read More →



Thursday November 21, 2019 5:20pm - 5:55pm PST
Room 32AB - San Diego Convention Center Upper Level
  Maintainer Track Sessions

5:20pm PST

Solving Multi-Cluster Network Connectivity With Submariner - Chris Kim, Rancher Labs & Miguel Angel Ajo, Red Hat
Today companies face the need to spread workloads across several clusters, leverage the capabilities of specific clouds, create more resilient services, or comply with GDPR by locating and securing specific data on specific geographic locations, but while that is possible today still communication between clusters is not solved in a transparent and secure way.

Currently the pods and services in two different kubernetes clusters are isolated from each other, network plugins in kubernetes don't have a common for way creating such connectivity. To connect two services in separate clusters the administrator needs to make the application endpoints public, some network plugins provide partial solutions to this problem and service meshes like Istio solve this and more at the cost of some level complexity and overhead.

https://submariner.io solves this problem connecting clusters at IP level

Speakers
avatar for Chris Kim

Chris Kim

Field Engineer, Rancher Labs
Chris Kim is currently a field engineer at Rancher Labs. Chris originally developed Submariner as an open source project in response to the need he saw for cross cluster network connectivity while helping customers architect Kubernetes based solutions. He is an active contributor... Read More →
avatar for Miguel Angel Ajo

Miguel Angel Ajo

Senior Principal Software Engineer, Red Hat
Miguel is currently working at Red Hat for the Submariner project in the area of multi-cluster communication and security. He started contributing to OpenStack 6 years ago on the Neutron project (virtual networks) fixing bugs and contributing to new frameworks like Quality of Service... Read More →



Thursday November 21, 2019 5:20pm - 5:55pm PST
Room 15AB - San Diego Convention Center Mezzanine Level
  Networking

5:20pm PST

Governance on K8s: How to Solve Ownership, Metering & Capacity Planning - Micheal Benedict & Yongwen Xu, Pinterest
Pinterest is a cloud first visual discovery engine that serves over 250MM users. To support this scale, there are thousands of services running on tens of thousands of hosts, processing 300+PB of data. We operate large kubernetes clusters across several availability zones, across regions. The cluster is auto scaled with support for pod level auto-scaling. Finally,to effectively utilize resources within the clusters, we operate heterogeneous workloads on a kitchen sink of instance types. Given this,
1.Who owns what?
2.What is driving utilization?
3.How do we plan capacity effectively with minimal overhead?

In this talk, we will share how we built a governance platform to address the above through defining canonical ownership, metering resource utilization (at various granularities) + reporting and finally a policy enforcement mechanism (ex, pre-emption, placement, etc).

Speakers
avatar for Micheal Benedict

Micheal Benedict

Head of Engineering Productivity, Pinterest
Micheal Benedict heads the Engineering Productivity organization at Pinterest that is responsible for languages strategy, source code management, build systems & CI/CD platform. Previously, Micheal led products for the Compute Platform at Twitter. Micheal holds a master's degree in... Read More →
avatar for Yongwen Xu

Yongwen Xu

Technical Lead - Engineering Productivity, Pinterest
Yongwen Xu is the Tech Lead at Engineering Productivity Team at Pinterest. Previously, Yongwen worked as a staff engineer at Sun and Oracle developing large scale distributed system. He holds a PhD degree in computer science from the University of Hawaii at Manoa.


Thursday November 21, 2019 5:20pm - 5:55pm PST
Ballroom Sec 20CD - San Diego Convention Center Upper Level

5:20pm PST

Staying in Tune: Optimize Kubernetes for Stability and Utilization - Randy Johnson & Koushik Radhakrishnan, VMware
Kubernetes provides a number of primitives to manage resource consumption. Implementing resource limits, requests and quotas are often the first steps taken to solve this problem at the pod or namespace level. However, the behaviour of an overall Kubernetes cluster as it nears capacity and the parameters available to tune it are often overlooked. To ensure optimal stability and utilization of a cluster, users must learn how to implement, test and manage these parameters over time.

With their field engineering work done for healthcare and financial customers, Randy and Koushik have gathered valuable lessons on how one should approach this problem.This talk will illustrate how you should approach resource limits, resource requests, eviction policies and node allocatable constraints to get the most out of your Kubernetes clusters.

Speakers
avatar for Koushik Radhakrishnan

Koushik Radhakrishnan

Cloud Native Architect, VMware
Koushik has helped build and rollout infrastructure for some of the largest service providers and enterprise customers. In his role as a Cloud Native Architect at VMware, he is passionate about helping organizations adopt and build solutions around the Kubernetes ecosystem and making... Read More →
avatar for Randy Johnson

Randy Johnson

Cloud Native Architect, VMware
Randy is a Cloud Native Architect on the Kubernetes Architecture team at VMware. He is passionate about container orchestration, distributed systems and solving hard problems. Prior to joining VMware, he was guiding organizations along their cloud modernization journey at Red Hat... Read More →



Thursday November 21, 2019 5:20pm - 5:55pm PST
Room 6F - San Diego Convention Center Upper Level
  Performance

5:20pm PST

Envoy on Fire: A Practical Look at Debugging a Service Mesh - Lita Cho & Ryan Cox, Lyft
In this talk, presenters will share lessons from several years of experience running Envoy in production at scale. They will explore practical techniques for triaging issues in a service mesh, along with the intuition behind them. The presenters will cover a broad range of topics including traffic capture, issues specific to GRPC, health checks, and techniques useful during incident mitigation. The talk will end with a deep dive into Envoy stats and their use in resolving issues.

Speakers
avatar for Lita Cho

Lita Cho

Software Engineer, Lyft
Lita is a senior software engineer on the Networking team, building out the service mesh to handle both Kubernetes and legacy systems at Lyft. Before that, she worked on building out the API infrastructure using Protocol Buffers, creating systems that would generate code and bring... Read More →
avatar for Ryan Cox

Ryan Cox

Software Engineer, Lyft
Ryan Cox is a software engineer at Lyft focused on infrastructure resilience. His career includes the creation of large-scale ecommerce platforms and extensive time working on systems and infrastructure. He holds patents related to distributed filesystems and is an active member of... Read More →


Thursday November 21, 2019 5:20pm - 5:55pm PST
Ballroom Sec 20AB - San Diego Convention Center Upper Level