Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Application + Development [clear filter]
Tuesday, November 19

10:55am PST

Containing the Container: Developer Experience vs Strict Security Posture - Brian Bagdzinski & Sharat Nellutla, Verizon
Within Verizon IT we manage multiple multi-tenant Kubernetes clusters across on-prem and multiple clouds hosting hundreds of applications. Containers, Kubernetes, and cloud-native are central pillars: both for our application modernization strategy, and for our north star architecture. However we operate in a highly regulated environment, and our security posture is such that our developers are not permitted to run tools locally that might be considered essential to deliver on this strategy: Docker and Minikube! In this talk we will candidly discuss how we are evolving the developer experience in this space, despite the security constraints, leveraging open source tooling such as Skaffold, Harbor, Kaniko, and Jib.


Sharat Nellutla

Associate Director, Verizon
Sharat is an Associate Director at Verizon.  With over 15 years of experience in platform engineering and leadership experience, Sharat leads Verizon's enterprise Kubernetes engineering and Gitops platform engineering teams. He is responsible for multi-cloud Kubernetes architecture... Read More →
avatar for Brian Bagdzinski

Brian Bagdzinski

Cloud Engineer, Verizon
Brian Bagdzinski is a Senior Cloud Engineer at Verizon. As an application developer, as well as being part of a small team responsible for launching a Serverless platform, he is very familiar with how process can get in the way of innovation and creativity. This has instilled in him... Read More →

Tuesday November 19, 2019 10:55am - 11:30am PST
Room 29ABCD - San Diego Convention Center Upper Level
  Application + Development

11:50am PST

eBay Search On K8s - Mohnish Kodnani & Yashwanth Vempati, eBay
eBay currently has billions of items available for search. The search engine at any given time can get around 100K’s of queries per second for search within this inventory.
In order to support this scale of traffic and the size of the inventory we need thousands of servers. The inventory is sharded and then replicated across these servers to handle the traffic. In this talk we will go through how we migrated the application to kubernetes and its deployment architecture while meeting some of the business requirements for resiliency and availability. We will also go through our index distribution architecture that leverages kubernetes principles. At the end we will also share our challenges and learnings while deploying the application on kubernetes.

avatar for Mohnish Kodnani

Mohnish Kodnani

Sr MTS, Software Engineer, eBay
Mohnish works on eBay Search Engine’s Indexing and Data Acquisition domains. He is currently in-charge of migrating the Search Engine’s deployment on top of k8s. In his spare time he loves to travel, rock climb and spend time with his 5 year old son.

Yashwanth Vempati

MTS 1,Software Engineer, eBay
Yashwanth is a passionate engineer interested in solving complex business problems. Right now he is working on moving majority of traditional application into cloud native. He is also working on storing data from kubernetes clusters and use them for monitoring and machine learning... Read More →

Tuesday November 19, 2019 11:50am - 12:25pm PST
Room 6C - San Diego Convention Center Upper Level
  Application + Development

2:25pm PST

A Peek Inside the Enterprise Cloud at Salesforce - Xiao Zhou & Thomas Hargrove, Salesforce
This talk offers a peek inside the enterprise cloud infrastructure at Salesforce. Kubernetes is open source software which is becoming the de facto standard for running services as scale.
Enterprise data centers are aiming to be closely managed and very secure. At Salesforce, we are bringing these two together. We are using Kubernetes to manage 2600+ hosts across 20+ private data centers. In this talk, we’ll be looking at the challenges and our approaches for using Kubernetes as the management software from several perspectives: Multi-tenants and self-serving, Management tooling, Security, Testing, Monitoring/alerting, also Visibility.

avatar for Thomas Hargrove

Thomas Hargrove

Software Engineering Senior Director, Salesforce
Thomas is a Software Engineering Senior Director at Salesforce on the infrastructure engineering team. He helped build the hosted Kubernetes offering for Salesforce 1st party data centers with many enhancements around security, visibility and integration to internal systems. Before... Read More →
avatar for Xiao Zhou

Xiao Zhou

Director Software Engineering, Salesforce
Xiao is a Software Engineering Director in Salesforce. She has about 10 years of experiences in the large scale and distributed computing area. Xiao has led numerous cloud native efforts and projects at Salesforce, and previously VMware. She is very passionate about improving quality... Read More →

Tuesday November 19, 2019 2:25pm - 3:00pm PST
Room 14AB - San Diego Convention Center Mezzanine Level
  Application + Development

3:20pm PST

Managing Apache Flink on Kubernetes - FlinkK8sOperator - Anand Swaminathan, Lyft
We have designed and built an open-source Kubernetes native operator that manages the complete lifecycle of Apache Flink applications from creation to execution. FlinkK8sOperator (https://github.com/lyft/flinkk8soperator) leverages Kubernetes CustomResourceDefinition to enable native management of Flink applications on Kubernetes. In this session, I will be presenting some of the unique challenges of running a complex, stateful application on Kubernetes, and the lessons we have learnt. I will also be providing an overview of how flink operator abstracts out the complexity of hosting, configuring, managing and operating 1000s of Flink clusters from application developers, and concluding with a demo.

avatar for Anand Swaminathan

Anand Swaminathan

Software Engineer, Lyft
Anand currently works as a Software Engineer at Lyft building infrastructure for large scale streaming and batch processing systems. He is a major contributor and core maintainer of the open source project - FlinkK8sOperator. Prior to Lyft, Anand worked on DynamoDB (AWS), building... Read More →

Tuesday November 19, 2019 3:20pm - 3:55pm PST
Room 6D - San Diego Convention Center Upper Level
  Application + Development

4:25pm PST

Developing Edge with Kubernetes - Dejan Bosanac & Ted Ross, Red Hat
While its original intent was to solve cloud-centric architecture challenges, Kubernetes can be used as a platform for developing Edge and IoT applications.
The session will take a look at this topic from the developer's point of view. It'll focus on special aspects of developing services for IoT and Edge environments, like autonomy, locality and secure communication to name some.
What Kubernetes features can be used to address IoT and Edge aspects of developing microservices?
What other projects in the ecosystem can developers use to achieve their goals?
We'll try to answer those questions and demonstrate the flexibility of the platform by demoing an Edge application consisting of services deployed into various environments (like Edge clusters and Edge nodes) working autonomously and communicating securely with each others and the central cloud services.

avatar for Dejan Bosanac

Dejan Bosanac

Software Engineer, Red Hat
I’m a software engineer at Red Hat with an interest in open source and integrating systems. Over the years I’ve been involved in various open source communities tackling problems like: Enterprise messaging and integration, IoT cloud platforms and Edge computing.
avatar for Ted Ross

Ted Ross

Senior Principal Software Engineer, Red Hat
Ted Ross has been with Red Hat Engineering since 2007 working on messaging products like MRG and A-MQ. He is currently working on the Skupper project. His background is in embedded systems and Networking. One of his primary interests is in bringing the performance, scale, and reliability... Read More →

Tuesday November 19, 2019 4:25pm - 5:00pm PST
Room 28ABCDE - San Diego Convention Center Upper Level
  Application + Development
Wednesday, November 20

10:55am PST

Are You About to Break Prod? Acceptance Testing with Ephemeral Environments - Erin Krengel, Pulumi & Sean Holung, Nordstrom
How confident are you that the changes you’re about to make won’t break production? In a world of Continuous Delivery, we need to be prepared for the fact that our code is going to production. K8s makes it easy to quickly deploy applications, so building pipelines with robust quality gates is vital. There’s a lot of emphasis on this, yet how to create a solid deployment strategy isn’t clearcut.

Erin and Sean will demonstrate a pattern for acceptance testing complex architectures, which verifies a K8s app properly interacts with its infrastructure. Leveraging ephemeral environments, these tests will validate as well as document the app’s business and functional requirements.

Utilizing infrastructure as code and K8s Jobs, they will demo how to create a comprehensive acceptance test suite that allows you to continuously deploy to production.

avatar for Erin Krengel

Erin Krengel

Software Engineer, Pulumi
Erin is a Software Engineer at Pulumi, where she works on their SaaS product. Previously she worked at Nordstrom on number of DevOps teams responsible for Go microservices, their infrastructure, CI/CD pipelines and production support. Most recently, she developed and architected key... Read More →
avatar for Sean Holung

Sean Holung

Software Engineer, Nordstrom
Sean is a Software Engineer at Nordstrom where he works on their event-driven Order Management System. Prior to Nordstrom, Sean worked as a Software Engineer at CenturyLink Cloud. There he worked on their internal monitoring product used to monitor infrastructure and applications... Read More →

Wednesday November 20, 2019 10:55am - 11:30am PST
Ballroom Sec 20CD - San Diego Convention Center Upper Level
  Application + Development

11:50am PST

K9P: Kubernetes as 9P Files - Terin Stock, Cloudflare
K9P, a virtual file system, exposes the state of a Kubernetes cluster as files. Our terminals have been optimized over the last 40 years towards working with files, kubectl not so much. K9P allows us to carry the mantra of "everything is a file" to the distributed computing extreme.

K9P allows you to integrate Kubernetes resources into an existing workflow, or create new ones. Scale a Deployment by writing to a file. Locate failing Pods with grep. Update configuration in ConfigMaps with sed.

avatar for Terin Stock

Terin Stock

Software Engineer, Cloudflare
Software engineer working on scaling bare-metal Kuberentes clusters by day. Builds experiments with esoteric 90s technology by night. Previous talks include an introduction to Kubernetes controllers at KubeCon EU 2018 and Building a Go-based MIDI Player at FOSDEM 2019.

Wednesday November 20, 2019 11:50am - 12:25pm PST
Room 1AB - San Diego Convention Center Upper Level
  Application + Development

2:25pm PST

Cloud Native Architecture: Monoliths or Microservices? - Goutham Veeramachaneni & Edward Welch, Grafana Labs
Microservices are the rage right now and for very good reasons. But microservices are not without drawbacks, requiring a complicated configuration and deployment, increasing the barrier to entry for both developers and users alike. This poor user experience can slow the rate of adoption for a project and hinder developers.

There is a solution to this problem seeing a lot of success. A single binary app which can act as a monolith but can also be scaled as microservices. Thanos being a great example, where the kickstart is super simple yet can be scaled out as required. The Loki project was patterned after a similar model and we’ve since re-architected Cortex as well. In the talk we will explore how an application can be architected to be both a monolith and microservices, improving both adoption and ease of use while still allowing to scale as a cloud native microservices application.

avatar for Edward Welch

Edward Welch

Software Engineer, Grafana Labs
Ed is a newbie to the CNCF community but has a long history of software development from robotic control systems to telecom middleware. He has worked in both startups and large enterprises, and currently works at Grafana Labs where he focuses mainly on the Loki project, an open source... Read More →
avatar for Goutham Veeramachaneni

Goutham Veeramachaneni

Senior Software Engineer, Grafana Labs
Goutham is a developer from India who started his journey as an infra intern at a large company where he worked on deploying Prometheus. After the initial encounter, he started contributing to Prometheus and interned with CoreOS, working on Prometheus’s new storage engine. Goutham... Read More →

Wednesday November 20, 2019 2:25pm - 3:00pm PST
Ballroom Sec 20CD - San Diego Convention Center Upper Level
  Application + Development

3:20pm PST

Writing a Kubernetes Operator: the Hard Parts - Sebastien Guilloux, Elastic
Building a custom controller or operator to manage your Kubernetes applications is becoming easier, with the help of libraries and tools such as controller-runtime and Kubebuilder. Putting together an initial working prototype is fairly straightforward, but devil is in the details.

This talk focuses on lessons learned while writing Kubernetes controllers for stateful workloads with the help of controller-runtime. It covers some of the "hard parts".

The operator lives in the past: how to deal with resources cache inconsistencies? Why does idempotency matter? What can you do when StatefulSets are not good enough for the orchestration you need? How to empower advanced users but still provide good defaults? What namespace(s) should the operator have access to? How to test that monster you ended up building? These are questions engineers at Elastic had to answer.

avatar for Sebastien Guilloux

Sebastien Guilloux

Principal Software Engineer, Elastic
Sébastien is a software engineer at Elastic. He has spent most of his career working with distributed systems, building resilient applications and orchestrating Apache Kafka and Elasticsearch nodes around the world. He currently works on writing a Kubernetes operator for Elasticsearch... Read More →

Wednesday November 20, 2019 3:20pm - 3:55pm PST
Ballroom Sec 20CD - San Diego Convention Center Upper Level
  Application + Development

4:25pm PST

Developing Operators with the Kubernetes Operator Pythonic Framework (kopf) - Sergey Vasilyev, Zalando SE
The Kubernetes operator pattern has revolutionized the way applications are deployed and managed in Kubernetes, but much of the tooling around building operators has focused on easing development in Golang. The Kubernetes Operator Pythonic Framework (kopf) levels the playing field, bringing much of the tooling to the Python ecosystem, and expanding it in several areas. Kopf provides powerful, high-level abstractions that make it simple to write Kubernetes operators in Python, allowing you to focus on your application logic without needing to dive headfirst into Kubernetes internals. In this talk, you will learn how to make your own Kubernetes operators in a few lines of Python code, and how to bring your own domain entities directly to Kubernetes.

avatar for Sergey Vasilyev

Sergey Vasilyev

Senior Backend Engineer, Zalando SE
Sergey is a Senior Backend Engineer working at Zalando SE. His experience with Kubernetes includes migrating the data processing and sales forecasting pipelines from raw AWS and Zalando STUPS to Kubernetes (including the Kubernetes operators and custom resources to orchestrate in... Read More →

Wednesday November 20, 2019 4:25pm - 5:00pm PST
Hall D - San Diego Convention Center
  Application + Development

5:20pm PST

Use Your Favorite Developer Tools in Kubernetes With Telepresence - Abhay Saxena, Datawire
Are you new to building cloud-native applications? As an engineer, it can be a tough transition if you're used to a quick inner development loop. With the overhead of image build/push/pull, the ability to see your code changes in action immediately probably seems impossible. But Telepresence can help! And it works well with many of the tools you're using already.

In this talk Abhay Saxena will demonstrate how to use Telepresence with some popular IDEs and debuggers, including VSCode for Node and Rust services, IntelliJ for a Java service, as well as some command-line examples with Delve for a Go service and Pdb for a Python service. Abhay will also look at how to get Telepresence to play well with Kubernetes client libraries and sidecar containers.

avatar for Abhay Saxena

Abhay Saxena

Principal Software Engineer, Datawire
Abhay Saxena is a Principal Software Engineer at Datawire where he is working on building open source tools for developers that are adopting or using microservices. He is currently the lead engineer on Telepresence, an open source tool for local development of Kubernetes microservices... Read More →

Wednesday November 20, 2019 5:20pm - 5:55pm PST
Exhibit Hall AB - San Diego Convention Center Ground Level
  Application + Development
Thursday, November 21

10:55am PST

Building a Dev/Test Loop for a Kubernetes Edge Gateway with Envoy Proxy - Flynn, Datawire
As we worked with the community to build the open source Ambassador API gateway on top of Envoy Proxy we learned a bunch of lessons about our dev/test loop. One of the more unpleasant realities that we’ve had to come to terms with is that writing code is easy. What's hard is making sure it's working, and making sure that it keeps working as changes are made.

Over the life of Ambassador we've gone through multiple cycles of adding tests to increase confidence, from simple unit tests to larger integration suites, such as our Kubernetes Acceptance Test (KAT) framework. Several times these tests have become too slow, and then we had to work to speed them up so our velocity doesn't suffer.

Join Flynn to learn what we would do again in regard to our dev/test loop if we chose to build another open source tool, and also (more critically), what we would change.

avatar for Flynn


Tech Evangelist, Buoyant
Flynn is a technical evangelist at Buoyant, where he works on spreading the good word about Linkerd - the graduated CNCF service mesh that makes the fundamental tools for software security and reliability freely available to every engineer - and about Kubernetes and cloud-native development... Read More →

Thursday November 21, 2019 10:55am - 11:30am PST
Room 6C - San Diego Convention Center Upper Level

11:50am PST

Linux Distribution Build Tools for Custom Container Images - Nisha Kumar & Joshua Lock, VMware
A typical container image builder takes a base OS from somewhere, runs scripts to add and modify all the things needed for an app to run, then deploys to a registry. This leads to large images which developers try to trim down by using multistage builds, removing files and squashing filesystem layers. Building container images in this way makes it difficult if not impossible to ascertain the license and security implications of using these images.

How do we generate app specific build and runtime images without having to maintain our own base OS images and build machinery?

Fortunately, this is a problem that has been solved in the Linux distribution world for some time. This talk will outline some popular tools and compare them against the requirements for a declarative and reproducible container OS builder which is not reliant on any external infrastructure.


Nisha Kumar

Security Engineer, Oracle
Nisha is a Security Engineer at Oracle. She has been a DevOps engineer for embedded systems and a Radio Frequency Engineer in semiconductor manufacturing. She has been involved in Open Source for more than 15 years. You can follow her work on Twitter at @_ctlfsh
avatar for Joshua Lock

Joshua Lock

Staff Open Source Engineer, VMware
Joshua is a Staff Open Source Engineer in VMware’s Open Source Program Office where he works on software supply chain security standards and tools. He is a steering committee member and maintainer for the Supply chain Levels for Software Artifacts (SLSA) project, an editor of The... Read More →

Thursday November 21, 2019 11:50am - 12:25pm PST
Room 6C - San Diego Convention Center Upper Level
  Application + Development

2:25pm PST

Securing Your Services with Authentication, Authorization, and RBAC in gRPC - Luis Pabón, Portworx
gRPC makes it extremely simple to write complex, business-critical services, in a vast number of programming languages. Its simplicity and adaptability has made it simple for developers to adopt by easily generating code from structures and messages defined as protocol buffers. Writing a secure service based on gRPC, on the other hand, takes a little more effort. In this talk, we will be going through a model of how to secure a gRPC service using JWT based tokens to authenticate user access by relying on interceptors. We will also discuss models of how to provide role-based access control to authorize user access.

avatar for Luis Pabón

Luis Pabón

MTS, Portworx
Luis Pabón is a CNCF Storage Technical Lead working at Portworx and also a member of Kubernetes and CSI storage communities. Prior to joining Portworx in September of 2017, he worked at CoreOS, Red Hat Storage, NetApp Advanced Technology Group, and EMC on various storage product... Read More →

Thursday November 21, 2019 2:25pm - 3:00pm PST
Ballroom Sec 20CD - San Diego Convention Center Upper Level
  Application + Development

3:20pm PST

Serving HTC Users in Kubernetes by Leveraging HTCondor - Igor Sfiligoi, University of California San Diego
High Throughput Computing (HTC), sometimes also called batch computing, has long been and still is the major workhorse for most R&D organizations. Typical workloads include parameter sweeps, Monte Carlo simulations and partitionable dataset processing. Kubernetes by itself is not very well suited for such workloads, which are submitted by hundreds of concurrent users and rely on the execution of thousands, or even millions of small tasks. This presentation will provide an overview of how HTCondor, a prominent HTC system, can be used to effectively and efficiently manage such workloads. The author has been running such a system on a Kubernetes cluster operated out of the University of California San Diego, and will share his experience and issues he encountered during that time.

avatar for Igor Sfiligoi

Igor Sfiligoi

Lead Scientific Software Developer and Researcher, University of California San Diego
Igor has been active in distributed computing for over 20 years. He has started in real-time systems, moved to local clusters, worked with leadership HPC systems, but spent most of his career in computing spanning continents. For about 10 years, he has been working on one such world-wide... Read More →

Thursday November 21, 2019 3:20pm - 3:55pm PST
Room 6E - San Diego Convention Center Upper Level
  Application + Development

4:25pm PST

KubeDirector - Deploying Complex Stateful Applications on Kubernetes - Joel Baxter & Thomas Phelan, Hewlett Packard Enterprise
Kubernetes was originally designed to deploy cloud-native stateless applications.
Features such as StatefulSets and Persistent Volumes have been added that make it possible to deploy some stateful applications on Kubernetes. However, deploying and running complex stateful applications remains a difficult task -- even with tools such as Kustomize, Helm, and KubeFlow. KubeDirector is an open source Apache project designed to address these challenges. It utilizes the Kubernetes custom resource functionality and API extensions to deploy and manage complex, stateful, scale-out applications.
This session will: describe the limitations of existing tools for complex stateful applications, provide an overview of the KubeDirector architecture and how it overcomes these limitations, and demonstrate how to author the metadata to deploy a stateful application on Kubernetes with KubeDirector


Joel Baxter

Distinguished Engineer, Hewlett Packard Enterprise
Joel is a Distinguished Engineer in the Storage and Big Data organization at HPE. He joined HPE when BlueData, Inc. was acquired in 2018. At HPE/BlueData, Joel focuses on Kubernetes and other technologies for running AI/ML and big data analytics on a hybrid cloud infrastructure... Read More →
avatar for Thomas Phelan

Thomas Phelan

Fellow, HPE
Tom is an HPE Fellow. He joined Hewlett Packard Enterprise when BlueData, Inc. was acquired by HPE in November of 2018. Tom was the Co-Founder and Chief Architect of BlueData and led the team that developed the EPIC platform for automating and managing AI/ML/DL/Big Data containerized... Read More →

Thursday November 21, 2019 4:25pm - 5:00pm PST
Ballroom Sec 20CD - San Diego Convention Center Upper Level
  Application + Development

5:20pm PST

Inside Kubernetes Services - Dominik Tornow, Cisco & Andrew Chen, Google
Kubernetes Services are a core abstraction of Kubernetes. In combination with Kubernetes Pods, Kubernetes Services provide the very foundation for scalable and reliable applications hosted on Kubernetes. However, even experienced Kubernetes users struggle to reason about Services end-to-end.

Using a systems modeling approach, this talk will explore the mechanics of Kubernetes Services, connect the dots between K8s Services, K8s Endpoints, and the KubeProxy, all the way to IP Tables and Network Filters. You will leave with a concise and accurate understanding how K8s Services enable scalable and reliable communication in the Kubernetes cluster. In addition, you will leave with a detailed understanding under what circumstances K8s Services DON’T work and how to mitigate the situation.

avatar for Andrew Chen

Andrew Chen

Program Manager, Google
Andrew Chen is an Open Source Program Manager at Google Cloud. He has been working to improve the usability and conceptual content of open source documentation.
avatar for Dominik Tornow

Dominik Tornow

Principal Engineer, Temporal
Dominik Tornow is a Principal Engineer at Temporal. He focuses on systems modeling, specifically conceptual and formal modeling, to support the design and documentation of complex software systems.

Thursday November 21, 2019 5:20pm - 5:55pm PST
Room 17AB - San Diego Convention Center Mezzanine Level

Filter sessions
Apply filters to sessions.