KubeCon + CloudNativeCon North America 2019

Kubernetes is one of the most high-velocity open source projects in the world, and one of the most unique features of this community project - that it has it's own PM team and PM process. SIG PM, originally established as a Product Management Group, today covers multiple aspects of Product, Program and Project Management of Kubernetes. In this session, the SIG PM co-chairs will provide a brief overview of SIG PM history and basic principles, the areas of interaction with the Kubernetes community, together with the information on how to start contributing to Kubernetes as a PM.

This is an introduction to the Kubernetes Service Catalog extension project. Service Catalog lets you provision cloud services directly from the comfort of native Kubernetes tooling, regardless of where the service is actually hosted. Service Catalog is a Kubernetes implementation of the Open Service Broker API, an open standard to provision and manage cloud services. Come learn how you can use Service Catalog to access third-party services from your Kubernetes applications or to offer your service to Kubernetes users. We will walk through provisioning a relational database through Service Catalog and and then connect to it from an application running on Kubernetes.

Envoy is a high-performance open source edge and service proxy that makes the network transparent to applications. As of now Envoy is only available on Linux, and that’s a big blocker for Windows teams who want to migrate their monolithic apps to more service-oriented architectures.

Last year a team at Pivotal started working with Microsoft on making Envoy on Windows a reality. This talk will give a progress report on the work being done:

* An overview of the history of the project. Starting with the work done by Microsoft, contributions to upstream so far, and what we have left.

* Some of the challenges the team faced and how they overcame them. For example, the workarounds we employed to get a working Windows environment for Envoy, and some of the performance issues which still need to be solved.

* What the team is currently working on and what the outlook for the future is like.

The secure distribution of software is critical to the overall security of a system. In this talk, Justin Cappos and Marina Moore will provide an introduction to The Update Framework (TUF), a CNCF project that has been used throughout the cloud native community for compromise resilient software updates. TUF provides a flexible framework for secure updates even through a compromise of signing keys or the update repository. You will come away from this talk with an understanding of why secure distribution of software is important and how TUF can be used to achieve this goal.

In cloud native world, image distribution is never an easy problem when the number and size of container images scale up. It has to be fast and resource efficient and to be cloud native. This session shows how Dragonfly solves this problem, and how it can increase the speed of image distribution while keeping the operation effort as less as possible. Meanwhile, this session shares the latest update on Dragonfly project where plugin framework is coming into the picture, and how this can benefit dragonfly users, as an example, this sessions shares how this plugin framework gives a chance for new decentralized distribution strategy.

Recently the Kubernetes community reached an important milestone of moving individual cloud provider SIGs as sub-projects under the Cloud Provider SIG. The SIG IBM Cloud is now a sub-project called Provider IBM Cloud. In this session, the Provider IBM Cloud leads will discuss these recent developments and brief about the activities of the sub-project. This will be followed by a deep dive into the Kubernetes Cluster API Provider IBM Cloud and the recent development activities. We will then provide the current status of the IBM Cloud Provider. Everyone --active contributors, new contributors, and conference attendees -- with interest in the Provider IBM Cloud sub-project are welcome to attend. During the session, the project leads will be available all the time for discussions.

This session will cover the inner workings of SIG Auth and its sub projects. The SIG is looking to expand contributors and attending this session is a great way to get involved. An update of the SIG's activities in the last six months will be provided. Based on community feedback, three deep dive topics will be covered: 1. The future of pod security policies Various limitations and structural problems have prevented the PSP API from GA. Possible paths forward will be explored. 2. Open Policy Agent and Gatekeeper Gatekeeper is an early stage project that aims to support policy enforcement via a Kubernetes style, custom resource definition based API. 3. Bound service account tokens, audiences and the future of container identity Asserting identity of Kubernetes workloads to external components is an essential part of access control. Bound SA tokens make this task easier and more secure.

This talk introduces the Notary project, an implementation of The Update Framework for container applications. This is the major project for container image signing, and is used by Docker Hub, Azure Container Registry, Harbor and others. This talk will give an overview of how Notary works, how to use it and integrate it with other projects, ongoing work on the project, and how to contribute.

The Component Standard Working group is charged to develop a standard foundation (philosophy and libraries) for core Kubernetes components to build on top of. Areas to standardize include configuration (flags, ComponentConfig APIs, ...), status endpoints (healthz, configz, ...), integration points (delegated authn/z, ...), and logging. In this talk we will outline current progress and challenges and how new contributors can get engaged.