Room 11AB - San Diego Convention Center [clear filter]
Monday, November 18

9:00am PST

Google OSS Hands-on Workshop A - KNative (Serverless) hosted by Google Cloud (Additional Registration + Fee Required)
Knative aims to provide a serverless development experience hosted on Kubernetes. What does "a serverless development experience" mean? Attend this workshop to learn what Knative offers and get firsthand experience as a developer deploying a set of RPC and event-driven microservices on Knative.

How to Register: Pre-registration is required. To register for Google OSS Hands-on Workshop - KNative (Serverless), add it on during your KubeCon + CloudNativeCon registration.

For questions regarding this event, please reach out to jamierachel@google.com.

Monday November 18, 2019 9:00am - 11:00am PST
Room 11AB - San Diego Convention Center Upper Level

1:00pm PST

Google OSS Hands-on Workshop B - KubeFlow (MLOps) hosted by Google Cloud (Additional Registration + Fees Required)
Kubeflow is an OSS machine learning stack that runs on Kubernetes. The Kubeflow project is dedicated to making deployments of ML workflows on Kubernetes simple, portable, and scalable.
In this workshop, you will learn how to install and use Kubeflow, including Kubeflow Pipelines, to support an end-to-end ML workflow. 
During the workshop, you'll install Kubeflow from scratch, see how to use Kubeflow's multi-user Jupyter notebook servers and other core components, and build and run Kubeflow Pipelines that support full ML workflows, using both the Pipelines UI and its SDK.  In the process, we'll look at how you can use logging, metrics and visualizations, and metadata/artifact tracking, to support ML workflow evaluation and reproducibility.
How to Register: Pre-registration is required. To register for Google OSS Hands-on Workshop - KubeFlow (MLOps), add it on during your KubeCon + CloudNativeCon registration.

For questions regarding this event, please reach out to jamierachel@google.com.

Monday November 18, 2019 1:00pm - 3:00pm PST
Room 11AB - San Diego Convention Center Upper Level

3:00pm PST

Google OSS Hands-on Workshop C - Agones (Gaming) hosted by Google Cloud (Additional Registration + Fees Required)
In this workshop you will learn how to turn you Kubernetes cluster into a powerful backend for running multi-player game services using Agones and Open Match -- two open source projects that extend Kubernetes for game infrastructure developers. Leave having set up a basic game connection!

How to Register: Pre-registration is required. To register for Google OSS Hands-on Workshop - Agones (Gaming), add it on during your KubeCon + CloudNativeCon registration.

For questions regarding this event, please reach out to jamierachel@google.com.

Monday November 18, 2019 3:00pm - 5:00pm PST
Room 11AB - San Diego Convention Center Upper Level
Tuesday, November 19

10:55am PST

Blazin’ Fast PromQL - Tom Wilkie, Grafana Labs
PromQL, the Prometheus Query Language, is a concise, powerful and increasingly popular language for querying time series data. But PromQL queries can take a long time when they have to consider >100k series and months of data. Even with Prometheus’ compression, a 90 day query over 200k series can touch ~100GB of data.

In this talk we will present a series of techniques employed by Cortex (a CNCF project for clustered Prometheus) for accelerating PromQL queries -- namely query results caching, time slice parallelisation, aggregation sharding and automatic recoding rule substitutions.

But there’s more: we will show how you can use this technology to get these improvements with Thanos and Prometheus. Finally, we will cover optimisations to the PromQL engine by the Cortex team, and how these have already been merged upstream to benefit the whole community.


Tom Wilkie

VP Product, Grafana Labs
Tom is VP Product at Grafana Labs, but really he is a software engineer. Tom is a maintainer on the Prometheus project and a maintainer and the original author of Cortex, both CNCF projects. Previously Tom founded Kausal, a company working on Prometheus, and worked at companies such... Read More →

Tuesday November 19, 2019 10:55am - 11:30am PST
Room 11AB - San Diego Convention Center Upper Level

11:50am PST

CAP_NET_RAW and ARP Spoofing in Your Cluster: It's Going Downhill From Here - Liz Rice, Aqua Security
Did you know that by default, your applications running in Kubernetes can open raw network sockets? This talk demonstrates how, in the right circumstances, the CAP_NET_RAW capability that allows this can be abused by a compromised application.

* ARP spoofing: pretending to represent the wrong IP address
* If the app can ARP spoof the IP address of the DNS service, this potentially lets it spoof DNS addresses: pretending to represent the wrong domain name

Sounds bad, doesn't it?

These attacks, and their consequences, will be demonstrated live, along with preventative measures that you can take to ensure they aren't happening on your cluster.

This talk explains CAP_NET_RAW and spoofing, but the audience is expected to be comfortable with Kubernetes concepts like pod specs and admission controllers.

avatar for Liz Rice

Liz Rice

Chief Open Source Officer, Isovalent
Liz Rice is Chief Open Source Officer with eBPF specialists Isovalent, creators of the Cilium project. She was chair of the CNCF's Technical Oversight Committee 2019-2022, and Co-Chair of KubeCon + CloudNativeCon in 2018. She is also the author of O'Reilly books "Learning eBPF" and... Read More →

Tuesday November 19, 2019 11:50am - 12:25pm PST
Room 11AB - San Diego Convention Center Upper Level

2:25pm PST

Intro: Linkerd - William Morgan, Buoyant
In this session, William Morgan will provide an introduction to Linkerd, the CNCF's service mesh project. Linkerd features blazing fast performance, an ultralight footprint, a Kubernetes-native design, and open governance. You'll learn what it does, why it's useful, differences with other service meshes, and finish with a brief Q&A.

avatar for William Morgan

William Morgan

CEO, Buoyant
William Morgan is the CEO of Buoyant. Prior to founding Buoyant, he was an infrastructure engineer at Twitter, where he ran several teams building on product-facing backend infrastructure. He has worked at Powerset, Microsoft, adap.tv, and MITRE Corp, and has been contributing to... Read More →

Tuesday November 19, 2019 2:25pm - 3:00pm PST
Room 11AB - San Diego Convention Center Upper Level
  Maintainer Track Sessions
  • Experience Level Any
  • Session Slides Included Yes

3:20pm PST

Vitess: Stateless Storage in the Cloud - Sugu Sougoumarane, PlanetScale
When Vitess was migrated to run from bare-metal into Google's cloud, it was deployed as a regular stateless application. This meant that a process reschedule resulted in all the local data being wiped.

The property of Vitess to survive in such an unforgiving environment made it naturally suited to run on Kubernetes.

How did Vitess manage to run on such an environment without losing data, and providing High Availability, Scale and Performance? How are other organizations running Vitess?

This session will answer these questions, as well as go into the design principles that prepared Vitess to be cloud-native.

avatar for Sugu Sougoumarane

Sugu Sougoumarane

CTO, Planetscale, Inc.
Sugu is the co-creator of Vitess, and has been working on it since 2010. Prior to Vitess, Sugu worked on scalability at YouTube and was also part of PayPal in the early days. His recent interest is in distributed systems and consensus algorithms. He occasionally shares his thoughts... Read More →

Tuesday November 19, 2019 3:20pm - 3:55pm PST
Room 11AB - San Diego Convention Center Upper Level

4:25pm PST

Intro to Cloud Provider Azure - Rita Zhang & Craig Peters, Microsoft
In this session, you'll learn about how Kubernetes runs on the Azure infrastructure. We will cover development in the cloud provider over recent Kubernetes releases with support for new features in Azure compute like VMSS, networking like Standard Load Balancer, and storage. We'll also cover how all of this is tested and developed, and help you get involved if you would like to contribute.

avatar for Craig Peters

Craig Peters

Product Manager, GitHub
I love building tools to help developers, and aspiring developers, do better work
avatar for Rita Zhang

Rita Zhang

Principal Software Engineer, Microsoft
Rita Zhang is a software engineer at Microsoft, based in San Francisco. She leads the Azure Container Upstream team building features for Kubernetes upstream and various CNCF projects. Rita is a Kubernetes SIG Auth co-chair, a maintainer of the Secrets Store CSI Driver project, and... Read More →

Tuesday November 19, 2019 4:25pm - 5:00pm PST
Room 11AB - San Diego Convention Center Upper Level
Wednesday, November 20

10:55am PST

Implementing a Consumer Focused SLA for a Kubernetes Based PaaS - Shrenik Dedhia, Box
Box's (internal) Platform as a Service empowers other Box teams to deliver 100's of micro services, on 1000's of hosts, across 10,000's of pods. As they scaled to support a large number of micro services and clusters, they ran into several scaling challenges around both the control and data planes. In order to deliver a production-grade platform, they realized the need for a Service Level Agreement (SLA) for their platform to not only demonstrate availability for infrastructure, but also "value" for a consumer, and serve as a benchmark to prioritize those challenges.

In this talk, Shrenik Dedhia will present how their team approached the problem of defining a SLA, principles used, options explored, path chosen, and future work to improve the platform's availability from ~99.4% to ~99.99%, thereby improving the overall availability of micro services that power Box.com.

avatar for Shrenik Dedhia

Shrenik Dedhia

Sr. Staff Engineer / TLM, Box
Shrenik has been at Box for about 2yrs as a Sr. Staff Engineer, with total 10+ years of experience in designing and implementing secure and scalable platforms. Shrenik is currently leading the Platform As A Service team at Box.

Wednesday November 20, 2019 10:55am - 11:30am PST
Room 11AB - San Diego Convention Center Upper Level

11:50am PST

Shipping Metrics From the Edge - Matthias Loibl, Red Hat
Computing is getting pushed to the edge, it may be your car, TV, washing machine, or your toaster. All these devices have a lot of computing power these days. While extending the cloud to the edge is getting solved with projects like KubeEdge or k3s, in this talk we want to take a closer look at how to run Prometheus on them. We want to configure Prometheus in a way that we can replicate its data to a central collecting point, that is running Thanos on Kubernetes in a replicated setup, and then make use of all the shipped metrics to efficiently query across the entire fleet.

avatar for Matthias Loibl

Matthias Loibl

Senior Software Engineer, Polar Signals

Wednesday November 20, 2019 11:50am - 12:25pm PST
Room 11AB - San Diego Convention Center Upper Level

2:25pm PST

Emitting, Consuming, and Presenting: The Event Lifecycle - Jesse Dearing, VMware
You’re building a suite of operators and processes that will run in your cluster to make your job easier. You’ve written CRDs to manage cluster and out of cluster resources, you’ve set up your monitoring with Prometheus, and set up horizontal pod autoscaling. How do you know what’s happening in your cluster? In this talk we’ll cover different ways to emit events related to cluster objects using Kubernetes events, using metrics to drive events, different techniques for consuming events, and ways for folks to create events without touching a command line. After attending this talk, you should be able to take advantage of events and metrics occurring inside the cluster and be able to produce your own events relevant to your cluster.

avatar for Jesse Dearing

Jesse Dearing

Senior SRE, VMware
Jesse is a senior site reliability engineer at VMware with over a decade of professional experience. Jesse's primary focus is building platforms to support running resilient software in production. Jesse loves taking existing services and writing code to support the operations of... Read More →

Wednesday November 20, 2019 2:25pm - 3:00pm PST
Room 11AB - San Diego Convention Center Upper Level

3:20pm PST

On the Security of Copying To and From Live Containers - Ariel Zelivansky & Yuval Avrahami, Palo Alto Networks
Nowadays mature container platforms (such as Docker, Kubernetes and LXD) provide users a way to extract files from a running container. There are several different design approaches for implementing such a copy feature. In this talk, Yuval and Ariel will present the ups and downs of the different implementations with a focus on security and possible vulnerabilities.

Throughout the presentation, different vulnerabilities that affected the major container engines will be reviewed. A live proof of concept of a vulnerability in the Docker copy command will be presented.


Ariel Z

Director, Security Research, Palo Alto Networks
Ariel is a security researcher and the head of research at Twistlock, dealing with hacking and securing anything related to containers.
avatar for Yuval Avrahami

Yuval Avrahami

Principal Security Researcher, Palo Alto Networks
Yuval Avrahami is a principal security researcher at Palo Alto Networks, dealing with hacking and securing anything related to containers and cloud. Yuval found and disclosed numerous vulnerabliites across the cloud-native landscape, including container breakouts, Kubernetes CVEs... Read More →

Wednesday November 20, 2019 3:20pm - 3:55pm PST
Room 11AB - San Diego Convention Center Upper Level

4:25pm PST

Cruise’s Self-Driving Networking Journey - Bernard Van De Walle & Can Yucel, Cruise
Through its exponential growth, the Platform team at Cruise experienced a networking self-driving journey. We scaled our network across numerous clusters, multiple tenants, and multiple thousands of new pods instances a day.

We will take you on a tour of our architecture and you will get a better understanding of how we choose to configure our network and security in order to support Kubernetes loads across multiple regions and multiple environments. We will specifically showcase how we do this on a public cloud (GCP) even though similar results could be achieved on-prem.

You will come out of this session with concrete examples on what it takes to build your network and security needs for internal tenants at scale while keeping internal stakeholders happy (Platform, security and networking).

avatar for Can “Jon” Yucel

Can “Jon” Yucel

Senior Software Engineer, Cruise
Can “Jon” Yucel is a software engineer and technical lead of the PaaS Traffic team at Cruise with the primary focus of internal/external/multi-cluster load balancers, service meshes, hybrid DNS and platform level networking.
avatar for Bernard Van De Walle

Bernard Van De Walle

Principal traffic engineer, Splunk
Bernard is a traffic engineer at Splunk. He is leading the Istio and service Mesh efforts as part of the traffic engineering team. Before this, Bernard had experiences with operations for large scale deployments of Kubernetes and reverse proxies such as Envoy and Nginx.

Wednesday November 20, 2019 4:25pm - 5:00pm PST
Room 11AB - San Diego Convention Center Upper Level
  Case Studies

5:20pm PST

CSI Volume Snapshots: On the Way to Faster and Better Backups - Adnan Abdulhussein & Nolan Brubaker, VMware
Users need persistent data to support their business goals, and regular backups are critical to business continuity. The CSI Snapshot API provides users a consistent way of creating volume snapshots within Kubernetes, regardless of their storage provider. This is a big improvement over the prior, provider-specific methods for creating snapshots.

This session will first cover the basic CSI Snapshot CRDs, as well as demo snapshotting and restoring a stateful application. Additionally, we'll share how disaster recovery tools, such as the open-source Velero, can build on CSI Snapshots, as well as future enhancements coming to CSI, and what migrations from current in-tree cloud provider implementations will look like.

- Overview of the CSI Snapshot CRDs
- Demo of snapshot and restore workflow
- Future direction for application snapshotting and quiescing in CSI

avatar for Adnan Abdulhussein

Adnan Abdulhussein

Software Engineer, VMware
Adnan Abdulhussein is a Software Engineer at VMware (previously at Bitnami), where he works on building tools to make apps easier to run on Kubernetes. He contributes to the Kubernetes community as a co-chair of SIG-Apps and a core maintainer of the Helm project. Adnan is passionate... Read More →
avatar for Nolan Brubaker

Nolan Brubaker

Principal Software Engineer, Red Hat
Nolan has been working on cloud infrastructure technologies since 2014, starting with OpenStack, then Velero, and now OpenShift and Cluster API.

Wednesday November 20, 2019 5:20pm - 5:55pm PST
Room 11AB - San Diego Convention Center Upper Level
Thursday, November 21

10:55am PST

Deep Linking Metrics and Traces with OpenTelemetry, OpenMetrics and M3 - Rob Skillington, Chronosphere
Metrics and traces are two pillars of Observability and are often used in a complementary fashion. Metrics can give you a high level view of application’s responses and performance and tracing can give you a detailed view of requests through applications. Often when using metrics in graphs or alerts you want be able to jump to an example of a request represented by a given metric datapoint which is difficult to do today. In this talk we show an example of this using an OpenTelemetry exporter to publish trace IDs as exemplars using the OpenMetrics exposition format.

We then walk through configuring Jaeger as a tracing backend and M3 as a metrics backend to store the trace ID alongside a datapoint. We show how it is then possible to go from a metrics graph that visualizes the latency of your application to a trace that fell into a latency bucket using the deep link of the trace ID.

avatar for Rob Skillington

Rob Skillington

CTO, Chronosphere
Rob Skillington is the CTO at Chronosphere and creator of open source M3 which is a Prometheus long term storage metrics platform. He is also a member of OpenMetrics, an open standard for transmitting metrics at scale.

Thursday November 21, 2019 10:55am - 11:30am PST
Room 11AB - San Diego Convention Center Upper Level

11:50am PST

Cloud Native Smart Contract with Knative - Jay Guo & Ying Chun Guo, IBM
Smart contract in blockchain carries out business logics by manipulating data in ledger. Hyperledger Fabric, a permissioned blockchain technology, manages lifecycle of smart contracts by building and running them in Docker containers. However, alleviated privilege is required to access Docker daemon, which is normally against security principal in enterprise. It is not scalable to co-locate smart contracts with Fabric on same host. Also, idle contracts can be waste of resource.

This session will cover in depth why smart contracts should be ran in cloud native fashion, and how this can benefit deployment, operation and performance. This talk will demonstrate the changes made to Fabric to offload smart contract lifecycle management to Knative, a Kubernetes native serverless platform. This talk will also walk through steps that deploy smart contract as Knative service exposed to Fabric.

avatar for Ying Chun Guo

Ying Chun Guo

Software Engineer, IBM
Ying Chun Guo, known as “Daisy”, is an open source developer in IBM China development lab. She has several years experiences in open source communities, starting from OpenOffice, then OpenStack, and recently serverless platforms Apache OpenWhisk and Knative. Now she concentrates... Read More →

Jay Guo

Software Engineer, IBM
Jiannan (Jay) Guo is working for IBM China as software engineer. His main job is to contribute and advocate open source projects and he is currently maintainer of Hyperledger Fabric, a permissioned blockchain technology. He used to contribute to Apache Mesos, a container orchestration... Read More →

Thursday November 21, 2019 11:50am - 12:25pm PST
Room 11AB - San Diego Convention Center Upper Level

2:25pm PST

Running High-performance User-space Packet Processing Apps in Kubernetes - Abdul Halim, Intel & Peng Liu, Red Hat
With 5G on the horizon, networking is transforming around us. Network functions have already found their way from proprietary blackbox into servers running in Linux. The Linux networking stack simply cannot keep up with increasing demands for higher throughput and lower latency of these packet flows. The packet processing pipeline is now run in userspace instead, bypassing the kernel. DPDK provides an environment and API to run high-intensive packet processing in userspace. Many CNFs are developed using DPDK. A DPDK application requires specific resources from a host for guaranteed performance. Deploying and running such applications in K8s is always a challenging task.

In this presentation & demo, users will learn about open source technologies and components and how to leverage them to deploy workloads that requires high performance networking infrastructure in a Kubernetes cluster.

avatar for Abdul Halim

Abdul Halim

Cloud Software Engineer, Intel
Abdul Halim is a Cloud Software Engineer working with Cloud Native Orchestration team at Intel R&D based in Shannon, Ireland. Currently he is focused on enabling high-performance networking solutions for NFV use-cases. He is a maintainer of SR-IOV network device plugin and SR-IOV... Read More →
avatar for Peng Liu

Peng Liu

NFV Partner Engineer, Red Hat
Peng Liu is a NFV partner engineer of the office of the CTO at Red Hat. He works in the areas of high performance networking and other NFV features on open source cloud platform, like Kubernetes and Openstack. Currently he is focussing on facilitating the Kubernetes integration with... Read More →

Thursday November 21, 2019 2:25pm - 3:00pm PST
Room 11AB - San Diego Convention Center Upper Level

3:20pm PST

Building a Medical AI with Kubernetes and Kubeflow - Jeremie Vallee, Babylon Health
Engineering AI systems at scale can be difficult, especially in highly regulated environments like healthcare. Many challenges arise, such as ensuring reproducibility, controlling data access policies, and running highly secure infrastructure. But with some planning and meticulous engineering, this can be achieved.

At Babylon Health, we've leveraged Kubernetes, Kubeflow, Argo, Istio, OPA, and many other Cloud Native technologies to provide a secure research platform for building and scaling medical AI models across the world.

In this talk, we will share our experience so far, give an overview of how these components fit together, and explain our vision for the future of our platform. We will demonstrate how using open-source CNCF technologies can help you achieve your goal of experimenting, training and serving your AI models at scale, while operating in a regulated environment.

avatar for Jeremie Vallee

Jeremie Vallee

AI Infrastructure Lead, Babylon Health
Jeremie is a Cloud Infrastructure Engineer working at Babylon Health, using Cloud Native technologies to scale AI model training. When he's not writing YAML, you can find him running in one of London's many parks, or being lost in a music festival somewhere in France. But mostly... Read More →

Thursday November 21, 2019 3:20pm - 3:55pm PST
Room 11AB - San Diego Convention Center Upper Level
  Machine Learning + Data

4:25pm PST

Ready to Serve! Speeding-Up Startup Time of Istio-Powered Workloads - Michal Malka & Etai Lev-Ran, IBM
Pod startup time has long been a focus area for cloud-native platforms. Optimizing startup time is critical to support use cases such as autoscaling, upgrades, and failure recovery. The recent rise of the serverless model, along with its key value proposition of scale-to-zero of idle workloads, has made pod startup time important than ever: The platform must be able to start the pod fairly quick, such that the latency of request-triggered scale-from-zero is acceptable.

In this talk, we'll analyze the latency contributed by Istio service mesh to pod startup time, right from pod creation and up to the pod becoming ready to service requests. We'll also examine various techniques to reduce it, including using Istio CNI to bootstrap the pod's network, launching the sidecar proxy with an initial routing configuration, and using manual sidecar injection.

avatar for Etai Lev Ran

Etai Lev Ran

System Architect, IBM Research
Etai works for the IBM research lab in Haifa and is responsible for application networking research efforts. He has previously worked on cloud infrastructure services, distributed file systems and high performance networked systems.
avatar for Michal Malka

Michal Malka

Manager, IBM Cloud Foundations, IBM
Michal is working as a manager of the Cloud Foundations group at the IBM Haifa Research Lab, focusing on several projects in the area of Hybrid Cloud. Michal has deep knowledge in microservices technologies and is currently working on new directions for Istio as the microservices... Read More →

Thursday November 21, 2019 4:25pm - 5:00pm PST
Room 11AB - San Diego Convention Center Upper Level

5:20pm PST

Supercharge Kubeflow Performance on GPU Clusters - Meenakshi Kaushik & Neelima Mukiri, Cisco
AI/ML applications on Kubernetes can be optimized for performance at many levels.

This presentation provides an overview of the optimizations such as:
- Distributed training on multiple GPUs with optimal selection of interconnects between the GPUs and CPUs.
- Utilizing different types of GPUs/Servers for different workloads like training and inference.
- OS level optimizations to get optimal performance on the hardware.
- Usage of GPU Passthrough for optimal utilization and performance.

This presentation will also cover how the selection of machine learning framework, like Kubeflow, can impact performance and hardware utilization.

avatar for Meenakshi Kaushik

Meenakshi Kaushik

Leader, Product Manager, Cisco
Meenakshi Kaushik leads product management for Cisco Panoptica Security platform. Meenakshi is interested in the AI and ML space and is excited to see how the technology can enhance human well-being and productivity.

Neelima Mukiri

Principal Engineer, Cisco
Neelima Mukiri is a Principal Engineer in Cisco's Cloud Platform Solutions group working on the architecture and development of Cisco's Container Platform. Prior to this she worked on core virtualization layer at VMware and systems software in Samsung Electronics.

Thursday November 21, 2019 5:20pm - 5:55pm PST
Room 11AB - San Diego Convention Center Upper Level
  Machine Learning + Data

Filter sessions
Apply filters to sessions.