Customizing + Extending Kubernetes [clear filter]
Tuesday, November 19

10:55am PST

Only Slightly Bent: Uber’s Kubernetes Migration Journey for Microservices - Yunpeng Liu, Uber
Uber started using docker containers at scale in 2015, and has gone through a few generations of cluster management and service discovery technologies. In early 2019, we started working on migration from Mesos to Kubernetes to support secure service mesh and machine learning workloads.

This is a complex problem - there are thousands of services, tens of millions of containers to be launched daily while maintaining high machine resource utilization. To that end, a lot of customizations are built into our Kubernetes stack including elastic resource sharing, oversubscription, fast rollback and deploy, changes to service discovery and attestation etc.

This talk will cover:
- Overview of Uber Compute Infra
- API server benchmark and tweaks
- Custom controller and scheduler logic
- CRI: resource, health check, logging, isolation
- SPIRE and service discovery setup at Uber

avatar for Yunpeng Liu

Yunpeng Liu

Sr Software Engineer, Uber
Lead the compute cluster lifecycle management at Uber.Currently working on efficiency and federation projects in Uber Compute.

Tuesday November 19, 2019 10:55am - 11:30am PST
Room 30ABCDE - San Diego Convention Center Upper Level

11:50am PST

Hardware-based KMS Plug-in to Protect Secrets in Kubernetes - Raghu Yeluri & Haidong Xia, Intel
Secrets are a key pillar of K8S security, and K8S 1.10+ enhanced the protection of secrets at-rest in the etcd, with support for an external KMS (via KMS plug-ins), and supporting envelope encryption. However, the secret encryption keys (DEKs/KEK) are in the clear in memory of the K8S Master in the KMS plug-ins (during execution). An attacker with privilege access to k8S master node/host, can read the keys from memory, access secrets, compromising data & k8s cluster. This session proposes a solution (with a quick demo) to add a new KMS plug-in that leverages hardware based TEE (Trusted execution environment – like Intel SGX) to ensure that the keys, and the encryption of the secrets, are protected by the CPU on the master, addressing the threat vector mentioned. It enumerates multiple options for the integration with KMS, articulating the the trade-offs of the approaches.


Raghu Yeluri

Sr. Principal Engineer, Intel
Raghu Yeluri is a Sr. Principal Engineer and lead Security Architect in the Data Center Group at Intel Corporation with focus on confidential compute in cloud native, containerized deployments leveraging hardware-based security. In this role, he drives security solution architecture... Read More →

Haidong Xia

Sr. Solutions Architect, Intel
Haidong is a Sr. security solution architect in Data Center Group at Intel Corporation. He is also a seasoned developer working on Kubernetes/container security, OpenStack integration of h/w security features and controls, and micro-service/cloud native architecture development. He... Read More →

Tuesday November 19, 2019 11:50am - 12:25pm PST
Room 6E - San Diego Convention Center Upper Level

2:25pm PST

Russian Doll: Extending Containers with Nested Processes - Christie Wilson & Jason Hall, Google
Kubernetes extensibility has gone mainstream. From CRDs to admission controllers to custom schedulers, as a platform builder you have access to a powerful toolbox! But what about the humble Pod and its hardworking containers? What if you want to extend them? What tools are at your disposal?

In this talk you’ll learn how to extend a container by overriding its binary. This inventive approach is used by Prow (the CI/CD system that tests Kubernetes itself) and systems built on Tekton Pipelines (a Kubernetes based CI/CD platform) like Jenkins X and OpenShift Pipelines.

You’ll see how you can control the order of container execution within a Pod, stream logs to a persistent store at scale, and gracefully handle the appearance and lifecycle of injected sidecars. You’ll learn some of the benefits and drawbacks, as well as how to overcome the hurdles.

avatar for Jason Hall

Jason Hall

Software Engineer, Google
Jason Hall (he/him) is a software engineer at Google, currently working on the Tekton project. Before Tekton, he helped launch Google Cloud Build (formery Google Cloud Container Builder), and before that helped launch Google Cloud Source Repositories.
avatar for Christie Wilson

Christie Wilson

Software Engineer, Google
Christie Wilson (she/her) is a software engineer at Google and co-creator of the Tekton project. Over the past decade+ she has worked in the mobile, financial and video game industries. Prior to working at Google she built load testing tools for AAA video game titles, and founded... Read More →

Tuesday November 19, 2019 2:25pm - 3:00pm PST
Room 6C - San Diego Convention Center Upper Level

3:20pm PST

Admission Webhooks: Configuration and Debugging Best Practices - Haowei Cai, Google
Admission (mutating and validating) webhooks have become popular mechanisms for extending Kubernetes API request admission. The admission webhook API is graduating GA in Kubernetes 1.16, where new features are introduced and debuggability improvements are made. In this talk, the audience will learn common pitfalls in admission webhook development, best practices in webhook configuration, and how to identify and debug failures caused by misconfigured or buggy admission webhooks.

avatar for Haowei Cai

Haowei Cai

Software Engineer, Google
Haowei Cai is a Software Engineer for Google Cloud. He is one of the owners of Kubernetes Python client library and an active Kubernetes SIG API Machinery contributor. He has been contributing to Kubernetes Extensibility (Admission Webhooks and CRD) to GA working group in the past... Read More →

Tuesday November 19, 2019 3:20pm - 3:55pm PST
Room 29ABCD - San Diego Convention Center Upper Level

4:25pm PST

Polymorphic Reconcilers in Kubernetes - Advanced DuckTyping - Scott Nichols & Matt Moore, Google
The explosion of Custom Resources in Kubernetes has lead to the development of new techniques to reference and reconcile objects in Kubernetes. Come learn how we are leveraging some simple patterns to produce complex systems within Kubernetes in the Knative project, and how you can adapt these methods to your applications.

avatar for Matthew Moore

Matthew Moore

Software Engineer, VMware
Matt is a member of the Technical Oversight Committee for Knative, leads Knative Serving, and started Knative Build. Previously as Google, Matt was Uber TL of container tools, and was the original TL for Google's Container Registry (gcr.io).
avatar for Scott Nichols

Scott Nichols

Founder Chainguard, Chainguard, Inc
Scott Nichols is a focused on making it easy to create and understand portable event driven serverless workloads. This work is done through Kubernetes, Knative and CloudEvents.

Tuesday November 19, 2019 4:25pm - 5:00pm PST
Room 16AB - San Diego Convention Center Mezzanine Level
Wednesday, November 20

10:55am PST

Practical Way to Build Kubernetes Native Java Controller - Zibo He & Min Jin, Ant Financial
The controller pattern has been proven as an effective way for managing Kubernetes workloads. However, for other languages, there are still many challenges remained in developing third-party controllers for Kubernetes. In this talk, we will discuss how to implement reflector, internal store, working queue and leader election in native Java style, and demonstrate controller runtime that makes it easier to develop Java controllers from scratch. We will also discuss different operators that we build to integrate with micro-service framework for cloud native application development.

avatar for Tony He

Tony He

Senior SW Engineer, Ant Financial
Zibo(Tony) He, Senior Engineer of Ant Financial. Tony is a co-maintainer of Kubernetes community, mainly focus on CLI, controller runtime, multi-tenancy and secure container runtime. Tony is now co-leading engineering effort on Ant Financial's Cafe Standard Product(the cloud native... Read More →
avatar for Min Jin

Min Jin

Software Engineer, Ant Financial
Min Jin/Kim, yue9944882, Kubernetes maintainer, subproject-owner. Actively contributing (mostly SIG API-Machinery) in the Kubernetes community for about 2 years. He is not real orange cat.

Wednesday November 20, 2019 10:55am - 11:30am PST
Pacific Ballroom, Salon 23-24 - Marriott Marquis San Diego Marina Hotel

11:50am PST

Growth and Design Patterns in the Extensions Ecosystem - Eric Tune, Google
How big is the Kubernetes Extensions ecosystem today and how quickly has it grown? How many CNCF projects does it touch?  Data gathered from Github over 2 years by the speaker provides detailed answers.  

Based on experience as a Kubernetes contributor and API reviewer, and from analyzing hundreds of extensions, the speaker has identified recurring Design Patterns, like: Provisioner, Composition, Enforcer, Claim, and Class.  End users will learn to recognize the patterns, and API authors will learn when to apply them.
The talk will be accessible to a general audience. However, experts on Kubernetes Extensions will still find ideas and data not presented anywhere before. Illustrative examples will be used from various CNCF projects, such as Vitess, Jaeger, OpenEBS, and Rook.

avatar for Eric Tune

Eric Tune

Senior Staff Software Engineer, Google
Eric is a Senior Staff Software Engineer at Google, where he is an overall lead technical lead on Google Container Engine (GKE). He started contributing to Kubernetes in 2014. Before Kubernetes, he worked on Google's Borg project, and was a co-author of the Borg paper.

Wednesday November 20, 2019 11:50am - 12:25pm PST
Pacific Ballroom, Salon 23-24 - Marriott Marquis San Diego Marina Hotel

2:25pm PST

Emitting, Consuming, and Presenting: The Event Lifecycle - Jesse Dearing, VMware
You’re building a suite of operators and processes that will run in your cluster to make your job easier. You’ve written CRDs to manage cluster and out of cluster resources, you’ve set up your monitoring with Prometheus, and set up horizontal pod autoscaling. How do you know what’s happening in your cluster? In this talk we’ll cover different ways to emit events related to cluster objects using Kubernetes events, using metrics to drive events, different techniques for consuming events, and ways for folks to create events without touching a command line. After attending this talk, you should be able to take advantage of events and metrics occurring inside the cluster and be able to produce your own events relevant to your cluster.

avatar for Jesse Dearing

Jesse Dearing

Senior SRE, VMware
Jesse is a senior site reliability engineer at VMware with over a decade of professional experience. Jesse's primary focus is building platforms to support running resilient software in production. Jesse loves taking existing services and writing code to support the operations of... Read More →

Wednesday November 20, 2019 2:25pm - 3:00pm PST
Room 11AB - San Diego Convention Center Upper Level

3:20pm PST

Is There a Place for Performance Sensitive Workloads in Kubernetes? - Gergely Csatari & Levente Kale, Nokia
Kubernetes and its ecosystem is used to manage the workload of several big web facing services, serving billions of users every day. But, the same stack is not quite ready to serve the "other" industry delivering the packets to the web-scale users: telecommunication. Due to the nature of the TelCo industry these applications are highly reliable and they must handle realtime media for a high amount of subscribers. There are some areas in the current Kubernetes architecture which are not -yet- ready to fulfill these requirements. This presentation lists these shortcomings, and also proposes various already existing, or new open-source projects needed to build a production-grade, Kubernetes based infrastructure for the edge - like it was done with Akraino Radio Edge cloud.

avatar for Gergely Csatari

Gergely Csatari

Senior Open Source Specialist, Nokia
Working in the telecom industry in the last two decades it was possible for Gergely to see the evolution from vendor specific hardware to virtualisation and cloud and a to cloud native. Currently Gergely is part of the OSPO team of Nokia CTO which is reponsible for open source. In... Read More →
avatar for Levente Kálé

Levente Kálé

Product architect, Nokia
Passionate cloud architect tirelessly working on marrying 5G with open source, containerization, and cloud-native; both within Nokia and Akraino.Always up for a chat regarding networking and resource management in Kubernetes, or the many challenges of putting TelCo stuff on everyone's... Read More →

Wednesday November 20, 2019 3:20pm - 3:55pm PST
Room 15AB - San Diego Convention Center Mezzanine Level

4:25pm PST

A Toolkit for Simulating Kubernetes Scheduling at Scale - Yuan Chen, JD.com
As Kubernetes becomes the de facto standard for container orchestration, new scheduling algorithms and systems are made for different scenarios and workloads. Unfortunately, it is very time and cost consuming to evaluate new schedulers or features in real K8S clusters at scale. We present a simulation toolkit, which can simulate large-scale K8S clusters and scheduling using a single machine plus a small number of containers. The simulator runs a real K8S master and schedules pods according to event traces generated from real K8S clusters. It provides a complete set of metrics, including resource utilization, detailed scheduling trace and performance metrics, enabling developers to evaluate the scheduling behavior and performance with a reasonable amount of confidence. We have used the toolkit extensively to optimize the scheduler for large scale K8S clusters (~10K nodes) at JD.com.

avatar for Yuan Chen

Yuan Chen

Software Engineer, Apple
Yuan Chen is a software engineer at Apple. His current work focuses on Kubernetes scheduling and scalability. At Apple, he has been working on building cloud-native infrastructure and platforms for Apple software products and services. As a Kubernetes community member, Yuan has made... Read More →

Wednesday November 20, 2019 4:25pm - 5:00pm PST
Room 15AB - San Diego Convention Center Mezzanine Level

5:20pm PST

Introducing Metal³: Kubernetes Native Bare Metal Host Management - Russell Bryant & Doug Hellmann, Red Hat
Metal³ (“metal kubed”) is a new open source bare metal host provisioning tool created to enable Kubernetes-native infrastructure management. Metal³ enables the management of bare metal hosts via custom resources managed through the Kubernetes API as well as the monitoring of bare metal host metrics to Prometheus. This presentation will explain the motivations behind creating the project and what has been accomplished so far. This will be followed by an architectural overview and description of the Custom Resource Definitions (CRDs) for describing bare metal hosts, leading to a demonstration of using Metal³ in a Kubernetes cluster.

avatar for Russell Bryant

Russell Bryant

Distinguished Engineer, Red Hat
Russell is a Distinguished Engineer in Service Delivery, leading SD's adoption of OVN across our managed services. Russell also has a long history with OVN, having helped create the project back in 2015 and leading the planning for product teams to take over ownership of OVN by 2... Read More →
avatar for Doug Hellmann

Doug Hellmann

Senior Principal Software Engineer, Red Hat
Doug Hellmann is a Senior Principal Software Engineer at Red Hat. He has been a professional developer since the mid 1990s and has worked on a variety of projects in fields such as mapping, medical news publishing, banking, data center automation, and hardware provisioning. He has... Read More →

Wednesday November 20, 2019 5:20pm - 5:55pm PST
Ballroom Sec 20AB - San Diego Convention Center Upper Level
Thursday, November 21

10:55am PST

Panel: State of the Operators: Hubs, Frameworks, SDKs, and Beyond - Diane Mueller, Red Hat, Sonam Saxena, Google, & Andre Tost, IBM
Kubernetes developers have embraced the Operator Pattern and there are now many production-ready operators available via a number of hubs and marketplaces. Operators allow developers to create some powerful tools that can be used on any infrastructure where Kubernetes is installed. Operators take all of that knowledge about an application’s lifecycle that a DevOps team practices manually and systematize it. Operators can be used to provision multiple applications in a consistent manner while adhering to best practices for that particular installation.

To discuss the future of the operator pattern and why are operators have become so valuable to organizations working with containers, we've assembled some key project leads, engineers, and builders of operators to help demystify the concepts, share lessons learned and best practices for building operators and grow the operator community.

avatar for Diane Mueller

Diane Mueller

Director, Community Development, Red Hat
Director, Community Development, Red Hat (https://redhat.com) ; Co-Chair, OKD Working Group, the Community Distribution of Kubernetes that powers Red Hat OpenShift (https://okd.io) and founder/organizer of OpenShift Commons (https://commons.openshift.org)
avatar for Sonam Saxena

Sonam Saxena

Product Manager, Google Cloud, Google
Sonam is Head of Product for Google Cloud Deployment Manager and focuses on the CI/CD and DevOps space. He has over 17 years of experience as a PM in startups and enterprises as a PM and lives in Seattle with his wife and 2 daughters. Over weekends he likes to climb mountains and... Read More →
avatar for Andre Tost

Andre Tost

IBM Distinguished Engineer, IBM
André is a Distinguished Engineer in IBM's Software organization and one of IBM's leading technical experts on Hybrid Cloud, IT Architecture and Software Engineering. He currently works as an AI Engineer in the Worldwide watsonx Client Engineering team, focusing on bringing Generative... Read More →

Thursday November 21, 2019 10:55am - 11:30am PST
Room 17AB - San Diego Convention Center Mezzanine Level

11:50am PST

Making Plugins Mainstream: Developing a Plugin Manager for Kubectl - Ahmet Alp Balkan, Google
Kubectl Plugins are an extension mechanism to add custom commands to Kubernetes developers’ favorite tool: kubectl. As the plugin mechanism became stable recently in Kubernetes 1.12 and people started to develop plugins, we realized a challenge is upon us: How to make these plugins easy to develop, package and distribute.

This talk is a Kubernetes SIG CLI subproject "krew" and how we have designed and built a "cross-platform package manager" that makes plugins accessible to vast amount of Kubernetes users easily.

This talk will go through:
* Kubernetes project’s emphasis on extensibility
* Introduction to kubectl plugins and writing a small plugin
* Designing Krew: how to write a plugin manager for kubernetes without writing a fully-fledged package manager
* Life of a kubectl plugin managed by Krew
* Challenges of building a curated catalog of plugins as Kubernetes OSS community

avatar for Ahmet Alp Balkan

Ahmet Alp Balkan

Software Engineer, Google
Ahmet Alp Balkan is a Software Engineer at Google, working on developer experiences for open source technologies like Kubernetes and Knative. He is the maintainer of developer tooling like kubectx.dev and krew.dev, which is a Kubernetes SIG CLI sub-project. At Google, he works on... Read More →

Thursday November 21, 2019 11:50am - 12:25pm PST
Room 14AB - San Diego Convention Center Mezzanine Level

2:25pm PST

K3s Under the Hood: Building a Product-grade Lightweight Kubernetes Distro - Darren Shepherd, Rancher Labs
K3s is a lightweight distribution of Kubernetes originally designed for the edge. Due to its size, simplicity, and fast spin up, thousands of users are currently running k3s in various use cases besides the edge. Darren Shepherd will cover in depth how k3s is built, what changes are made, and how the benefits of k3s are achieved. The technical details about how k3s is packaged as a single binary, how sqlite was added as a data source, how certs are managed, how HA is achieved, how agent tunneling works and much more. Finally, Darren will discuss how these changes are made while still being a fully certified CNCF Kubernetes distribution.


Darren Shepherd

Co-founder and CTO, Rancher Labs
Darren Shepherd is a co-founder and the chief architect at Rancher Labs where he has led the development and creation of numerous open source software projects such as k3s, RancherOS, Longhorn, and Rio. His goal is to provide the container industry with reliable tools that ease deployment... Read More →

Thursday November 21, 2019 2:25pm - 3:00pm PST
Room 6F - San Diego Convention Center Upper Level

3:20pm PST

Evolving the Kubernetes Ingress APIs to GA and Beyond - Christopher M Luciano, IBM & Bowei Du, Google
The Ingress API has existed as beta type since early 2016 release in Kubernetes 1.2. Since its inception, it has been fairly lightweight and additions remained infrequent in attempts to maintain portability within the Kubernetes ecosystem. In response, Ingress API implementations commonly leverage a different internal API or extend the Ingress API by heavily decorating the resource with annotations.

In this session, we will present the Ingress enhancements for the GA/v1 Ingress API and what factors went into these decisions. Furthermore, we'll explore several possible directions for what a v2 API could entail and walk through several examples including existing non-Kubernetes implementations.

avatar for Christopher Luciano

Christopher Luciano

Advisory Software Engineer, IBM
Christopher M Luciano is an advisory software developer for IBM’s Digital Business Group, where he works on Kubernetes, Istio, and Envoy. Previously, Christopher was the lead on the Watson container runtime squad. He is a frequent speaker about Istio and Kubernetes and has recently... Read More →
avatar for Bowei Du

Bowei Du

Senior Staff Engineer, Google
Bowei is a lead on Kubernetes Networking at Google. He has worked on various topics in SIG-NETWORK, the most recent being helping shepard the new Gateway APIs (https://gateway-api.sigs.k8s.io/)

Thursday November 21, 2019 3:20pm - 3:55pm PST
Room 16AB - San Diego Convention Center Mezzanine Level

4:25pm PST

WIGM and Why You Want an Operator - Carson Anderson, Weave
Operators are amazing! At least that is what what they say. But what is the actual value they provide? Are they really better than just managing things with yaml? Yes, this is yet another presentation about operators. But with a twist: this presentation takes a new service from yaml, to templates, to two different operators.

The presentation will introduce WIGM. A very simple piece of software deployed in Kubernetes that has one job: download and serve a single GIF. But even the simplest software comes with operational concerns: How to deploy many copies with different configurations? How to update them reliably? How to change configuration without breaking everything?

This is a different kind of operator talk: One that covers the why of operators instead of just the how.

avatar for Carson Anderson

Carson Anderson

DevX-O, Weave
Carson has a deep passion for CICD, Kubernetes, Docker, and Distributed systems. Not just for building and managing these systems, but for finding ways to make them accessible and useful. Carson loves being a cloud native and open source liaison to Weave and the hundreds of developers... Read More →

Thursday November 21, 2019 4:25pm - 5:00pm PST
Room 15AB - San Diego Convention Center Mezzanine Level

5:20pm PST

Release the Kraken: Bring Sidecar Containers to Next Level - Di Xu, Ant Financial & Xiaoyu Zhang, Alibaba
Sidecar containers are well accepted and widely used nowadays. Sidecars are coupled with normal containers by sharing the same lifecycle and provide accessory features. This is a good pattern to enable applications to be composed of heterogeneous components and technologies by reducing coupling.

The demands of using sidecar containers in production environments are rapidly increasing, although sidecars have not formally identified. More issues and discussions have cropped up in Kubernetes community and slack channels.

Thus, we need a fine-grained way to manage the sidecars, including the starting/terminating order, the lifecycle of sidecars, etc. Also pre and post steps are introduced to better control the sidecars. Moreover, we will introduce some use scenarios on how we maximize the power of sidecars at a large scale in Alibaba Group and Ant Financial.

avatar for Di Xu

Di Xu

Senior Engineer, Tencent
Currently, he is working at Tencent as a staff engineer, leading a small team working on open source cloud native projects and distributed cloud platform development. Also, he is a top 50 code contributor in Kubernetes community. He had spoken many times at open source conferences... Read More →
avatar for Xiaoyu Zhang

Xiaoyu Zhang

Senior Engineer, Alibaba
Xiaoyu Zhang is a senior software engineer in Alibaba Group. He's a member of the Kubernetes organization. He mainly works on Kubernetes project and focuses on docs, kubectl, controller-manager, storage and runtime areas. He had multiple speeches in Cloud Native End User Conference... Read More →

Thursday November 21, 2019 5:20pm - 5:55pm PST
Room 6C - San Diego Convention Center Upper Level

Filter sessions
Apply filters to sessions.