Room 6F - San Diego Convention Center [clear filter]
Monday, November 18

9:00am PST

Serverless Practitioner Summit hosted by CNCF and Cloud Foundry (Additional Registration + Fees Required)
The goal is to unite the serverless community and present end users with comprehensive strategies to understand serverless in a cloud native context. To do that, we plan to create a full-day single-track serverless conference that follows our initial successful work in the CNCF serverless working group and surrounding projects.


Sponsor the Event

How to register: Pre-registration is required. To register for Serverless Practitioner Summit, add it on during your KubeCon + CloudNativeCon registration.  For questions regarding this event, please reach out to nwashington@linuxfoundation.org.

Monday November 18, 2019 9:00am - 5:00pm PST
Room 6F - San Diego Convention Center Upper Level
Tuesday, November 19

10:55am PST

Kubernetes at Cruise: Two Years of Multitenancy - Karl Isenberg, Cruise
Cruise has been working on self-driving cars for six years and growing exponentially for most of that time. Two years ago they started using Kubernetes, betting on namespace-level multitenancy to provide isolation between teams and projects. Today they have over 40 internal tenants, 100,000 pods, 4,000 nodes, and… an embarrassing number of KubeDNS replicas.

This session will take you through the motivations, story, and results of migrating to multitenant Kubernetes, along with some hard-earned Pro Tips from the trenches.

You’ll also learn about the open source tooling they built around Spinnaker, Vault, Google Cloud, and Istio in order to integrate with our multitenant Kubernetes.

Come see how they went from barely isolated to very isolated and saved a few million dollars doing it!

avatar for Karl Isenberg

Karl Isenberg

Anthos Solutions Architect, Google
Karl Isenberg is on the Blueprint Solutions team at Google. Prior to Google Karl lead the PaaS team at Cruise. Before that, Karl worked on the vendor side on container platforms for more than 5 years as a committer on Kubernetes, DC/OS, and CloudFoundry at Mesosphere and Pivotal... Read More →

Tuesday November 19, 2019 10:55am - 11:30am PST
Room 6F - San Diego Convention Center Upper Level
  Case Studies

11:50am PST

Introduction to Virtual Kubelet – Featuring Titus by Netflix - Ria Bhatia, Microsoft & Sargun Dhillon, Netflix
Virtual-kubelet can extend kubernetes in many interesting and unique ways. This talk will go through how providers are utilizing virtual-kubelet to extend Kubernetes either for their customers, or for the benefit of their platform. The talk will also go through how Netflix is using virtual-kubelet to aid in integration with their existing architecture. Virtual-kubelet is able to give them the best of both worlds. Netflix has been able to leverage the Kubernetes API Server and the controllers as a mechanism to accelerate their control plane, whilst being able to use their existing containerization and isolation technology that’s been in development under the guise of the Titus (https://medium.com/netflix-techblog/the-evolution-of-container-usage-at-netflix-3abfc096781b) project since December 2015. The flexibility of the project, has allowed them to introduce new southbound, and northbound concepts to their product, which is enabling greater efficiency, and scalability.

avatar for Ria Bhatia

Ria Bhatia

Program Manager, Independent
Ria Bhatia was a Program Manager for Upstream Azure Compute within Microsoft. She's been working with the community on different ways to scale in Kubernetes and operate Kubernetes. She actively maintains Virtual Kubelet and has spoken at multiple meetups and conferences, including... Read More →
avatar for Sargun Dhillon

Sargun Dhillon

Senior Software Engineer, Netflix
Sargun Dhillon is a software engineer. He's been working in the container ecosystem for a number of years, ranging from projects like LXC to Mesos. He currently works on the Netflix container platform, Titus as a member of the agent team.

Tuesday November 19, 2019 11:50am - 12:25pm PST
Room 6F - San Diego Convention Center Upper Level

2:25pm PST

Intro to Thanos: Scale Your Prometheus Monitoring With Ease - Lucas Serven, Red Hat & Dominic Green, Improbable
Thanos is an open-source CNCF Sandbox project that builds upon Prometheus components to create a global-scale highly available monitoring system. It seamlessly extends Prometheus in a few simple steps and it is already used in production by dozens of companies that aim for high multi-cloud scale for metrics while keeping low maintenance cost. During this talk, core maintainers of Thanos will explain basic concepts behind the project, its use cases, and tradeoffs. You will learn where to start and how to quickly deploy Thanos on Kubernetes without impacting your existing Prometheus setup. This talk is recommended for beginners that want to know more about running highly available Prometheus setup at scale with potentially unlimited metric retention with the lowest possible effort and cost.

avatar for Dominic Green

Dominic Green

Lead Engineer, Netspeak Games
Dom was the first cadet to outsmart the Kobiashi Maru, completed the Kessel Run in less than twelve parsecs, and beat Parzival to the First Gate. While not melting reality with fiction Dom works as an Engineer at Netspeak Games a London based game studio that is looking to push the... Read More →
avatar for Lucas Servén Marín

Lucas Servén Marín

Principal Software Engineer, Red Hat
Lucas Servén Marín is a principal software engineer from Spain currently working for Red Hat in Berlin. By trade he is an electrical engineer, with a Masters in robotics. After two years at CoreOS, he joined Red Hat where he works on the OpenShift Monitoring team and contributes... Read More →

Tuesday November 19, 2019 2:25pm - 3:00pm PST
Room 6F - San Diego Convention Center Upper Level
  Maintainer Track Sessions
  • Experience Level Any
  • Session Slides Included Yes

3:20pm PST

Walls Within Walls: What if Your Attacker Knows Parkour? - Tim Allclair & Greg Castle, Google
What happens if an attacker escapes a container and compromises your node? Is it game over for the whole cluster, or can you limit the blast radius? Whether it be for defense in depth or multi-tenancy, it is important to understand the security boundaries in your cluster. In this talk, we’ll discuss various isolation approaches and evaluate them through the eyes of an attacker who has compromised a node and is looking to propagate.

We’ll deep dive on ‘node isolation’: using Kubernetes scheduling to execute workloads on separate nodes, and demonstrate live attacks and defences to educate about strengths and weaknesses of this strategy. We’ll also discuss progress made by SIG-Auth in this area over the past few releases. After this talk you will understand when node isolation is or isn't an appropriate security mechanism, the steps to implement it, and what some alternatives are.

avatar for Greg Castle

Greg Castle

Kubernetes/GKE Security Tech Lead, Google
Greg is the tech lead for the Kubernetes and Google Kubernetes Engine (GKE) security team at Google, and is a regular at SIG-Auth. Greg has 15 years of experience in a number of security roles including product security, penetration testing, incident response, platform hardening... Read More →
avatar for Tim Allclair

Tim Allclair

Software Engineer, Google
Tim Allclair joined the Kubernetes project just after the 1.0 launch in 2015, and currently works on the GKE Control Plane team. He is a member of the Kubernetes Security Response Committee, and a SIG Auth maintainer (previous co-chair). He has led development of several Kubernetes... Read More →

Tuesday November 19, 2019 3:20pm - 3:55pm PST
Room 6F - San Diego Convention Center Upper Level

4:25pm PST

KubeFlow’s Serverless Component: 10x Faster, a 1/10 of the Effort - Orit Nissan-Messing, Iguazio
Serverless simplifies data science by automating the process of code to container and enables users to add instrumentation and auto-scaling with minimum overhead. However, serverless has many limitations involving performance, lack of concurrency, lack of GPU support, limited application patterns and limited debugging possibilities. Orit Nissan-Messing will introduce Nuclio, a KubeFlow open source component which is 10x faster when compared to alternatives at a 1/10 of the effort. She will explain how to use Nuclio to extend KubeFlow pipelines, accelerating and automating each step of the workflow. This includes parallel processing, automated code building/deployment, stream processing and artifact tracking. Orit will demonstrate how to achieve devops automation involving auto-scaling, automated logging and monitoring, security hardening, CI/CD and workload mobility.


Orit Nissan-Messing

VP R&D, Iguazio
Orit Nissan-Messing has vast experience in cloud architectures, storage, AI and big data. Prior to Iguazio, Orit was Chief Architect at XIV (acquired by IBM) and held management roles in various companies from startups to corporations. Orit is a CNCF contributor and a member of the... Read More →

Tuesday November 19, 2019 4:25pm - 5:00pm PST
Room 6F - San Diego Convention Center Upper Level
Wednesday, November 20

10:55am PST

Stitching a Service Mesh Across Hundreds of Discrete Networks - Jason Webb & Anil Attuluri, Intuit
Intuit has experienced large growth in its microservices ecosystem over the last few years, which was primarily using a hub and spoke API Gateway for service communication. As the ecosystem expanded, the increased latency and data transfer costs became significant. To facilitate future growth efficiently, Intuit needed a better model. Moving to a distributed Service Mesh running on k8s to enable secure service-to-service communication was the solution. As Intuit was building a migration path for hundreds of services communicating across discrete networks, they faced a host of challenges. While developing a platform to provide end-to-end encryption, they defined a pattern for federated workload identities and learned to manage a federated set of mesh control planes. Jason and Anil will share these learnings and Admiral, a project they are open-sourcing that enabled the migration path.


AnilKumar Attuluri

Software Engineer, Intuit, Inc.
Anil is a Software Engineer at Intuit working on some of the key challenges to move Intuit's microservices onto Service Mesh. His other areas of work at Intuit include distributed and scalable rate limiting algorithm, orchestration layer in API Gateway for Graphql and designing OSGi... Read More →
avatar for Jason Webb

Jason Webb

Principle Engineer, Intuit
Jason is the Services Fabric Chief Architect at Intuit. Where he works on building tools and platforms to enable Intuit’s microservices ecosystem. Jason is passionate about cloud-native infrastructure, developer tools & experience, and open source. Prior to Intuit, Jason worked... Read More →

Wednesday November 20, 2019 10:55am - 11:30am PST
Room 6F - San Diego Convention Center Upper Level
  Service Mesh

11:50am PST

Don’t Catch Feelings, Catch Issues With Kuberhealthy - Joshulyne Park & Shilla Saebi, Comcast
Kuberhealthy is a synthetic monitoring operator for both apps and Kubernetes clusters. Learn how to increase application and cluster observability by replicating real workflow and carefully checking for the expected behavior to occur. With Kuberhealthy, our team has been able to reliably monitor all critical Kubernetes cluster functionality in order to catch issues before our developers do. With Kuberhealthy, you can write your own tests of any kind in your own container and Kuberhealthy will manage everything else, including the creation of Prometheus metrics.

As we’ve transitioned more and more cloud workloads to elastic, self-healing Kubernetes clusters, the job of keeping the clusters running smoothly has become more challenging and important. That’s why we’re so excited to share Kuberhealthy, a new open-source tool we built at Comcast to keep our Kubernetes clusters running at their best.

avatar for Joshulyne Park

Joshulyne Park

Cloud Engineer, Comcast Technology Solutions
Joshulyne Park is a Cloud Engineer working on building a highly scalable and reliable Kubernetes platform to support all of Comcast Technology Solutions products and services. She is a graduate of Comcast's Career Opportunities and Rotational Experiences (CORE) technology program... Read More →
avatar for Shilla Saebi

Shilla Saebi

Program Manager, Open Source, Comcast
Shilla Saebi is an Open Source Program Manager who focuses on community and has been with Comcast for almost a decade. She has worked in many diverse roles within the tech industry in positions ranging from operations engineering, system administration, customer service, and network... Read More →

Wednesday November 20, 2019 11:50am - 12:25pm PST
Room 6F - San Diego Convention Center Upper Level

2:25pm PST

Moving from Legacy Infrastructure to the Cloud in a Government Organization - Chris Carty, City Of Ottawa
Cloud native tech isn’t just for start-ups. But, if you’re in a government organization looking to go cloud native, you can expect to face extra challenges. How can you select the best tools that will work with the processes you already have? What new skills are needed? How do you train staff? How to get anyone to actually use the framework once it’s in place? How to even start?

The City of Ottawa (yes the capital of Canada) was an organization that started applying DevOps practices just a few years ago. It now has a Kubernetes platform with fully automated CICD pipelines being used by multiple teams and growing. Using The City as a case study, we will examine the common issues faced by government organizations and how The City developed workable solutions on its cloud native journey.

avatar for Chris Carty

Chris Carty

Customer Engineer, Google Cloud
He is a Certified Kubernetes Administrator, Certified Kubernetes Application Developer, panelist for the Kubernetes Office Hours and a member of the Kubernetes 1.16 /1.17 Release Notes teams.

Wednesday November 20, 2019 2:25pm - 3:00pm PST
Room 6F - San Diego Convention Center Upper Level
  Case Studies

3:20pm PST

How Container Networking Affects Database Performance - Tyler Duzan & Vadim Tkachenko, Percona
Through benchmarks, Percona Labs explores the effects of different container networking drivers used in Kubernetes when hosting database workloads. For this talk, we will perform benchmarks using Percona's PXC Operator deploying a 3-member PXC MySQL cluster on top of Kubernetes and use our standard database benchmarking stack with TPCC and Sysbench to analyze query throughput and replication performance as affected by our choice of networking driver. Drivers we'll test will be CNI core plugins, Flannel, Cilium, Calico, Kube-Router, and the new Red Hat SR-IOV driver. This Dual Presentation (35 minutes) will address our benchmark methodology and results, as well as recommendations regarding networking and tuning database performance on Kubernetes with a focus on MySQL. Both speakers are experts on this topic, and Vadim co-authored "High Performance MySQL", now in its 3rd Edition.

avatar for Vadim Tkachenko

Vadim Tkachenko

CTO, Percona
Vadim Tkachenko co-founded Percona in 2006 and serves as its Chief Technology Ocer. He leads Percona CTO Labs, which focuses on technology research and performance evaluations of Percona and third-party products, designing hardware, lesystems, storage engines, and databases that surpass... Read More →
avatar for Tyler Duzan

Tyler Duzan

Product Manager, Percona
Tyler Duzan joined Percona in 2017 as a Product Manager and has lead their MySQL software and Cloud technology initiatives since, including the recent GA launch of Percona's Kubernetes operators for their Percona Server for MongoDB and Percona XtraDB Cluster database server products... Read More →

Wednesday November 20, 2019 3:20pm - 3:55pm PST
Room 6F - San Diego Convention Center Upper Level

4:25pm PST

Scaling Your Cluster (Both Ways) - Scott Coulton & Patrick Chanezon, Microsoft
Kubernetes has many ways to scale your workloads, most of what we hear about is scaling our cluster up with either with vm sets or autoscaling groups. There is another way, in this talk we will look at virtual kubelet. Virual Kubelet will allow us to talk to a cloud providers container as a service platform like ACI, fargate or ECI. We will deep dive into how you can scale your applications across virtual kubelet. One issue is the kubernetes service type has is scaling to zero due to the way routing to the pod happens if there is no pod for the service to route too. Scaling our applications to zero is just as important and scaling up. We will look at projects that integrate with the horizontal pod autoscaler that fix this issue. Allowing us to not only scale our applications up but as easily down to make our cluster truly elastic.

avatar for Patrick Chanezon

Patrick Chanezon

Principal Cloud Advocate, Microsoft
Patrick Chanezon is Principal Cloud Advocate at Microsoft, helping Azure be the cloud you love. Previously, at Docker Inc., he helped to build Docker, the world’s leading software container platform, for developers and sysadmins. Software developer and storyteller, he spent 10 years... Read More →
avatar for Scott Coulton

Scott Coulton

Cloud Developer Advocate, Microsoft
Cloud Developer Advocate at Microsoft

Wednesday November 20, 2019 4:25pm - 5:00pm PST
Room 6F - San Diego Convention Center Upper Level

5:20pm PST

Serverless Platform for Large Scale Mini-Apps: From Knative to Production - Yitao Dong & Ke Wang, Ant Financial
Serverless architecture is getting increasingly popular. However, developers are still experiencing pain points that hold them back from using it in production, like portability, interoperability and debugging. At Ant, Ke and Yitao are committed to building a mission-critical serverless platform that reduces those frictions, which is now supporting large scale mini-apps.

Ke and Yitao will share the key workloads they are building with serverless and how they address pain points in production by expanding Knative. They will introduce technical details of adopting Knative with secure container runtime and reinventing Knative control/data plane, which largely saves deployment and operation efforts to enable serverless in Kubernetes clusters. The chat will also cover a quick demo to illustrate improved serverless app lifecycle management, 0-M-N-0 autoscaling performance and operation workflow.

avatar for Yitao Dong

Yitao Dong

Product Manager, Ant Financial
Yitao is a Product Manager at Ant Financial. He drives products of Ant Financial cloud, including cloud native PaaS for container and serverless. He works closely with end customers on solutions to adopt cloud native technologies for scalable financial scenarios.
avatar for Ke Wang

Ke Wang

Software Engineer, Ant Financial
Ke is a Software Engineer at AntFinancial, where he works on building an enterprise serverless product based on Knative. He is an early adopter of Knative and has been working on ingenious ways to improve / make better use of it for a long time. He is also an open-source enthusia... Read More →

Wednesday November 20, 2019 5:20pm - 5:55pm PST
Room 6F - San Diego Convention Center Upper Level
Thursday, November 21

10:55am PST

How Yelp Moved Security From the App to the Mesh with Envoy and OPA - Daniel Popescu, Yelp & Ben Plotnick, Cruise
From its inception, Yelp's service infrastructure has treated security as a fundamental component. For many years, developers carried the burden of building security features directly into their services. By using standard cloud native building blocks, the service infrastructure now provides security features by default; this enables hundreds of developers to focus on shipping features for more than 100M monthly active Yelp users.

This talk will cover Yelp’s journey from a legacy service proxy to a modern, secure service mesh based on Envoy and Open Policy Agent. It will discuss

-Authn and Authz mechanisms using mTLS and JWT with Envoy and OPA
-Migration from using an in-house policy decision engine to standardized open source tools (OPA)
-Transpiling legacy policy data to rego and other best practices for policy maintenance
-Strategies for quickly and safely rolling out policy changes

avatar for Daniel Popescu

Daniel Popescu

Security Engineer, Yelp
Daniel Popescu works at Yelp where he is responsible for security infrastructure and operations. Previously he worked at Microsoft on non-security products, but has maintained a passion for security since his undergrad years at the University of California, Santa Barbara. Professionally... Read More →
avatar for Ben Plotnick

Ben Plotnick

a Senior Software Enginee, Cruise Automation
Ben Plotnick is a Senior Software Engineer at Cruise Automation, leading the Platform Services team in moving the bytes around in Kubernetes. Prior to this, he was a member of the Engineering Effectiveness group at Yelp, working to redesign Yelp's service infrastructure with Envoy... Read More →

Thursday November 21, 2019 10:55am - 11:30am PST
Room 6F - San Diego Convention Center Upper Level

11:50am PST

Walk-through: Debugging an RBAC Problem in Istio (But Without the Swearing) - Matt Turner, Native Wave
A few months ago, I lost a whole day to debugging a problem with RBAC in Istio. I swore a lot, but I also learned a lot. I learned new tools, new interfaces, and the rabbit hole took me past most major parts of Istio.

Today I'll recreate that debugging session live, to show you the mental models and techniques I used to methodically follow this issue through a complex distributed system. We'll learn about systems debugging techniques in general, and operating Istio in particular.

avatar for Matt Turner

Matt Turner

Software Engineer, Tetrate
Matt is a software engineer at Tetrate, working on Istio-related products, and loves sharing the latest tech and trends with everyone. He's been doing Dev, sometimes with added Ops, for over a decade. His idea of "full-stack" is Linux, Kubernetes, and now Istio too. He's given many... Read More →

Thursday November 21, 2019 11:50am - 12:25pm PST
Room 6F - San Diego Convention Center Upper Level
  Service Mesh

2:25pm PST

K3s Under the Hood: Building a Product-grade Lightweight Kubernetes Distro - Darren Shepherd, Rancher Labs
K3s is a lightweight distribution of Kubernetes originally designed for the edge. Due to its size, simplicity, and fast spin up, thousands of users are currently running k3s in various use cases besides the edge. Darren Shepherd will cover in depth how k3s is built, what changes are made, and how the benefits of k3s are achieved. The technical details about how k3s is packaged as a single binary, how sqlite was added as a data source, how certs are managed, how HA is achieved, how agent tunneling works and much more. Finally, Darren will discuss how these changes are made while still being a fully certified CNCF Kubernetes distribution.


Darren Shepherd

Co-founder and CTO, Rancher Labs
Darren Shepherd is a co-founder and the chief architect at Rancher Labs where he has led the development and creation of numerous open source software projects such as k3s, RancherOS, Longhorn, and Rio. His goal is to provide the container industry with reliable tools that ease deployment... Read More →

Thursday November 21, 2019 2:25pm - 3:00pm PST
Room 6F - San Diego Convention Center Upper Level

3:20pm PST

The Elephant in the Kubernetes Room: Team Interactions at Scale - Manuel Pais, Independent
Kubernetes helps us tame sprawling microservices architectures and address increased operational complexity. Kubernetes gives developers abstractions and APIs to deploy and run their services.

Yet, the elephant in the room is that to run, maintain and evolve Kubernetes clusters, we need more ops expertise and most likely a dedicated team to do so.

The question that begs to be asked is if we risk going back to pre-DevOps isolation between Dev and Ops teams? Is the tradeoff between better operational tools and introducing a new dependency layer on the path to production for application teams worthwhile? Are we making life easier for application teams or instead reducing their end-to-end ownership?

Manuel will then introduce Team Topologies, a balanced approach for thinking about teams responsibilities and interactions which can help get the most value out of your Kubernetes adoption.

avatar for Manuel Pais

Manuel Pais

Co-Author, "Team Topologies"
Manuel Pais is co-author of Team Topologies: Organizing Business and Technology Teams for Fast Flow. Recognized by TechBeacon as a DevOps thought leader, Manuel is an independent IT organizational consultant and trainer, focused on team interactions, delivery practices, and accel... Read More →

Thursday November 21, 2019 3:20pm - 3:55pm PST
Room 6F - San Diego Convention Center Upper Level

4:25pm PST

Enforcing Service Mesh Structure using OPA Gatekeeper - Sandeep Parikh, Google
Organizations need the ability to apply rules to their workloads and services, at scale and distinct from the development of those services. Policies and policy enablement provide those governance capabilities with declarative approaches. OPA Gatekeeper integrates with Kubernetes and is able to provide the right guardrails to enforce structure and keep your deployments running smoothly. In this session we'll talk about policy management and how OPA Gatekeeper can help manage policies at scale. We'll walkthrough the high-level architecture of Gatekeeper along with applied examples and demonstrate how it can be used to manage security and traffic management mechanisms found in service mesh deployments.

avatar for Sandeep Parikh

Sandeep Parikh

DevRel Engineer, Google Cloud
Sandeep is a DevRel Engineer for Google Cloud, where he focuses on making it easier for developers & operators to adopt DevOps and cloud native tools and processes. Sandeep’s background is in software engineering and he's worked for Google, VMware, Apple, MongoDB, and many others... Read More →

Thursday November 21, 2019 4:25pm - 5:00pm PST
Room 6F - San Diego Convention Center Upper Level

5:20pm PST

Staying in Tune: Optimize Kubernetes for Stability and Utilization - Randy Johnson & Koushik Radhakrishnan, VMware
Kubernetes provides a number of primitives to manage resource consumption. Implementing resource limits, requests and quotas are often the first steps taken to solve this problem at the pod or namespace level. However, the behaviour of an overall Kubernetes cluster as it nears capacity and the parameters available to tune it are often overlooked. To ensure optimal stability and utilization of a cluster, users must learn how to implement, test and manage these parameters over time.

With their field engineering work done for healthcare and financial customers, Randy and Koushik have gathered valuable lessons on how one should approach this problem.This talk will illustrate how you should approach resource limits, resource requests, eviction policies and node allocatable constraints to get the most out of your Kubernetes clusters.

avatar for Koushik Radhakrishnan

Koushik Radhakrishnan

Cloud Native Architect, VMware
Koushik has helped build and rollout infrastructure for some of the largest service providers and enterprise customers. In his role as a Cloud Native Architect at VMware, he is passionate about helping organizations adopt and build solutions around the Kubernetes ecosystem and making... Read More →
avatar for Randy Johnson

Randy Johnson

Cloud Native Architect, VMware
Randy is a Cloud Native Architect on the Kubernetes Architecture team at VMware. He is passionate about container orchestration, distributed systems and solving hard problems. Prior to joining VMware, he was guiding organizations along their cloud modernization journey at Red Hat... Read More →

Thursday November 21, 2019 5:20pm - 5:55pm PST
Room 6F - San Diego Convention Center Upper Level

Filter sessions
Apply filters to sessions.