Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/abtris/kubecon2022
https://github.com/abtris/kubecon2022
Last synced: about 1 month ago
JSON representation
- Host: GitHub
- URL: https://github.com/abtris/kubecon2022
- Owner: abtris
- Created: 2022-05-22T12:34:01.000Z (over 2 years ago)
- Default Branch: master
- Last Pushed: 2024-03-15T19:13:16.000Z (8 months ago)
- Last Synced: 2024-04-15T03:04:07.362Z (7 months ago)
- Language: JavaScript
- Size: 177 KB
- Stars: 0
- Watchers: 2
- Forks: 0
- Open Issues: 3
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# KubeCon 2022
- [ServiceMeshCon EU 2022](#servicemeshcon-eu-2022)
- [PrometheusDay EU 2022](#prometheusday-eu-2022)
- [KnativeCon EU 2022](#knativecon-eu-2022)
- [KubeCon + CloudNativeCon Europe 2022](#kubecon--cloudnativecon-europe-2022)
- [GitOpsCon EU 2022](#gitopscon-eu-2022)
- [Cloud Native SecurityCon EU 2022](#cloud-native-securitycon-eu-2022)
- [FluentCon EU 2022](#fluentcon-eu-2022)
## ServiceMeshCon EU 2022
- [Youtube](https://www.youtube.com/playlist?list=PLj6h78yzYM2NhafQWboq__GrDLVugYqAe)
| Name | Description | Youtube url | Published At |
| ---------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------- | -------------------- |
| Opening + Welcome - Craig Box- Google [Program Committee Member] | Opening + Welcome - Craig Box- Google [Program Committee Member] | https://www.youtube.com/watch?v=dOmytli5YcU | 2022-05-17T22:22:04Z |
| Keynote: An update on the extremely boring and uninteresting world of Linkerd- William Morgan | Keynote: An update on the extremely boring and uninteresting world of Linkerd- William Morgan, BuoyantIn this keynote, William Morgan, CEO of Buoyant and one of the creators of Linkerd, will deliver a project update on the extremely boring world of the Linkerd service mesh, the CNCF’s only graduated service mesh. William will cover all the uninteresting things happening in this boring project and discuss some of its profoundly non-exciting approaches to some perfectly ordinary challenges. | https://www.youtube.com/watch?v=BBVUScYUiYo | 2022-05-17T22:22:04Z |
| Keynote: Expanding the 80/20 Rule for Creating Service Mesh Value- Idit Levine, Solo.io | Keynote: Expanding the 80/20 Rule for Creating Service Mesh Value- Idit Levine, Solo.ioWhile service mesh usage continues to grow, far too many companies are only seeing value from mTLS and observability. 80% of their value comes from 20% of the capabilities. As we connect and secure the world’s modern applications, we must strive to bring value to a broader set of use-cases. This means not only improving the performance and simplifying operations, but also exposing more of the value of service mesh to application teams, security teams, and ultimately to the forefront of the business.In her talk, Idit Levine, CEO of Solo.io, will discuss innovative use cases that can be enabled by extending a service mesh. She will explore how the flexibility of mesh architectures can be used to enable more flexible, more secure, and more powerful usage patterns for companies. | https://www.youtube.com/watch?v=nKwcBRGS5fM | 2022-05-17T22:22:04Z |
| Keynote: Service Mesh Everywhere- Zack Butcher, Tetrate | Keynote: Service Mesh Everywhere- Zack Butcher, TetrateOne of the most exciting prospects of a service mesh is its ability to help you bridge disparate infrastructure by abstracting the network from applications. In this talk we'll explore extending the mesh beyond Kubernetes to the variety of compute and runtimes we see composed to form modern enterprise applications. By bringing these environments and services into the mesh, we can provide a unified application network that handles cross-cutting connectivity and security concerns for developers in our organization, enabling them to focus on building their applicationsService Mesh Everywhere. | https://www.youtube.com/watch?v=FU-0n_1uQS8 | 2022-05-17T22:22:04Z |
| Multi-region Service Mesh: How Koyeb Built and Operates One Using Kuma and Envoy - Yann Léger, Koyeb | Multi-region Service Mesh: How Koyeb Built and Operates One Using Kuma and Envoy - Yann Léger, KoyebService mesh is all over the place but how do you build and operate a service mesh across regions and at scale? This talk will cover how Koyeb, a serverless cloud provider, built a globally distributed mesh to provide easy-to-use inter-service connectivity across multiple cloud providers and continents. To achieve this, they built a custom stack with a multi-region service mesh using Kuma, which is an open-source control plane for service mesh orchestrating Envoy proxies. Yann will walk you through how they built distributed connectivity inside the platform, the key decisions they had to make, and what their architecture looks like. They now have a purpose-built stack based on Nomad, Firecracker, and Kuma. | https://www.youtube.com/watch?v=IB93WCoroL8 | 2022-05-17T22:22:04Z |
| Shh, It is A Secret: Manage Your Workload Certs in Service Mesh without Persisting any Se... Lin Sun | Shh, It is A Secret: Manage Your Workload Certs in Service Mesh without Persisting any Secrets- Lin Sun, Solo.ioMost service mesh projects provide self signed CA but that is NON-STARTER for a production environment as most organizations already have their PKI system in place before they adopt any service mesh. While many service mesh projects have added the support for plugging in your intermediate CA or external PKI system, they however require persisting the intermediate or root CA’s private key as Kubernetes secrets which is a security concern for them. This talk discusses a few innovative approaches in the service mesh community to tackle this challenge and the tradeoffs among them. | https://www.youtube.com/watch?v=gsyTjSZ16IY | 2022-05-17T22:22:04Z |
| Lightning Talk: Move Over API Gateway.... into Your Service Mesh- Marino Wijay, Solo.io | Lightning Talk: Move Over API Gateway.... into Your Service Mesh- Marino Wijay, Solo.ioThey say API Gateways are for your "north-south" traffic into your clusters and Service Mesh is for your "east-west" traffic. Is this really the case? As you deploy a service mesh for high availability, failover, and tenancy, you will find north/south and east/west start to converge. Instead of thinking of API Gateways and Service Mesh as separate and different, we should be thinking of them as the same thing. In this talk, we explore the role of modern API gateway and how we can make it part of the service mesh. | https://www.youtube.com/watch?v=pyLOmlII5gQ | 2022-05-17T22:22:04Z |
| Protocol Detection: A Deep Dive into How Linkerd Achieves Zero-Config - Kevin Leimkuhler, Buoyant | Protocol Detection: A Deep Dive into How Linkerd Achieves Zero-Config - Kevin Leimkuhler, BuoyantZero-config is one of Linkerd's claims to fame: for (most) Kubernetes apps, adding Linkerd doesn't require user config, even if the app uses arbitrary TCP protocols which Linkerd must proxy in a fully transparent manner. The use of protocol detection automatically determines the protocol based on the data on the connection. Linkerd maintainer Kevin Leimkuhler will describe the mechanics of how Linkerd's protocol detection works, covering the strengths and weaknesses of the current implementation, including so-called server-speaks-first protocols and why they need to be handled differently. He'll also cover how the implementation has evolved over the years as Linkerd adoption has grown to encompass even more types of applications and protocols, including the introduction of "skip ports" and "opaque ports". Finally, attendees will learn how opaque ports are implemented in the proxy using ALPN, and how Linkerd is still able to provide mTLS and golden metrics for this type of traffic. | https://www.youtube.com/watch?v=WBH-v9mJ3bU | 2022-05-17T22:22:04Z |
| Lightning Talk: Multi-cluster Istio Mesh – Complex or Piece of Cake? - Laszlo Bence Nagy, Cisco | Lightning Talk: Multi-cluster Istio Mesh – Complex or Piece of Cake? - Laszlo Bence Nagy, CiscoSetting up and then preserving a multi-cluster Istio mesh is cumbersome today, as it involves several manual steps. Those steps are not automatic, because there is no continuous synchronization mechanism between the participating clusters. With the open-source Cisco (formerly Banzai Cloud) Istio operator, forming and then sustaining a multi-cluster Istio mesh is almost fully automated. It is made possible by utilizing a cluster registry controller component, which provides continuous synchronization for the necessary resources between the clusters. In this session, you will learn: - How to form a multi-cluster mesh with ease - Learn how the necessary resources are synced between the clusters - Understand how the system recovers even when network endpoints are changed. | https://www.youtube.com/watch?v=SZlHZtcTfYg | 2022-05-17T22:22:04Z |
| Lightning Talk: MeshMark: Service Mesh Value Measurement - Lee Calcote, Layer5 & Mrittika Ganguli | Lightning Talk: MeshMark: Service Mesh Value Measurement - Lee Calcote, Layer5 & Mrittika Ganguli, IntelStill trying to understand how to best gauge the performance of your cloud native infrastructure? Confused as to whether self-published, performance benchmarks are trustworthy or simply biased marketing in disguise? Measurement data may not provide a clear and simple picture of how well those applications are performing from a business point of view, a characteristic desired in metrics that are used as key performance indicators. Behold MeshMark: a performance index that provides you with the ability to weigh the value vs overhead of your cloud native environment. Convert performance measurements into insights about the value of individual, cloud native application networking functions. Join us as we distill a variety of microarchitecture performance signals and application key performance indicators into a simple scale. Explore the other side of the performance measurement coin: value measurement. | https://www.youtube.com/watch?v=ZxKCZg7sgqY | 2022-05-19T12:18:11Z |
| Lightning Talk: GitOps and Controllers: It’s Not That Simple for Multi-cluster- Alex Ly, Solo.io | Lightning Talk: GitOps and Controllers: It’s Not That Simple for Multi-cluster- Alex Ly, Solo.ioGitOps has become a valuable approach to manage configuration for applications and infrastructure. Having a source of truth that can be automated, auditable, and is easy to understand is increasingly important when expanding to many deployments. However, enabling multi-cluster capabilities typically presents new challenges: not every cluster is the same, context is important, and managing every lower- level configuration across multiple environments can get cumbersome (and dangerous) quickly. This talk will focus on a specific example where multi-cluster GitOps is difficult: application-networking and security with service mesh. The goal is for platform teams to provide the right point of demarcation with abstractions that focus on the intent, while abstracting away the translation and orchestration of lower-level config (mesh-specific API resources in this case). We share our experiences building these abstractions with some of the largest deployments of service mesh in the world. | https://www.youtube.com/watch?v=KSVBLjcbmzY | 2022-05-17T22:22:04Z |
| Tune Your Service Mesh - Mohammad Reza Saleh Sedghpour, Umeå University | Tune Your Service Mesh - Mohammad Reza Saleh Sedghpour, Umeå UniversityService meshes improve developer productivity by factoring out cloud native patterns such as retry mechanism, circuit breaking, etc. into a unified network control plane. Modern cloud platform adopters realized how tough the tuning of these patterns can be in a highly interdependent and dynamic microservice architecture and how improper configuration of such patterns can reduce throughput and/or increase the response time. This talk will discuss the pitfalls of configuring circuit breaking and retry mechanisms in a multi-tier application using Istio. It will help you configure your environment systematically to enhance the performance of your application from an end-to-end perspective. | https://www.youtube.com/watch?v=6KhxgU0eBGA | 2022-05-17T22:22:04Z |
| Unleash Declarative Data Access with GraphQL- Kevin Dorosh & Sai Ekbote, Solo.io | Unleash Declarative Data Access with GraphQL- Kevin Dorosh & Sai Ekbote, Solo.ioGraphQL is redefining the way that developers interact with APIs, putting application clients in control of the data they consume and placing new requirements on the platforms hosting these APIs. Understanding when to write code and when to let the platform do the work is a critical tradeoff to understand as you scale GraphQL adoption. In this talk, Kevin and Sai will share experience building GraphQL support directly into Envoy to support edge gateway and service mesh use cases. They will cover common deployment patterns, GraphQL-specific implications to security and policy controls, instrumenting existing mesh services (REST, gRPC, SOAP, Lambda) with GraphQL, and the benefits and tradeoffs between declarative and programmatic approaches to GraphQL composition. This will be a hands-on session with live demos and real talk, focused on patterns of adoption to easily implement GraphQL at scale. If you are a developer or platform engineer deploying GraphQL in your service mesh, this talk is for you! | https://www.youtube.com/watch?v=c5TjPOP8LHE | 2022-05-17T22:22:04Z |
| Tidy Up Microservices Connectivity with Apache Kafka® and Kuma - Danica Fine & Viktor Gamov | Tidy Up Microservices Connectivity with Apache Kafka® and Kuma - Danica Fine, Confluent & Viktor Gamov, KongGiven the rising popularity of microservice-based architectures, Kubernetes has solidified itself as one of the most dominant container management systems available on the market. That said, deploying a host of RESTful/HTTP/gRPC services on Kubernetes has not been historically easy or efficient. Enter: service mesh. The service mesh easily facilitates the communication of synchronous microservices over a network. Leveraging an asynchronous communication method – such as that provided by Apache Kafka® messaging – may complicate things. Over the course of this presentation, Danica and Viktor will explore how to deploy Kafka-based microservices – including vanilla Kafka and Kafka Connect components – together with Kuma. We’ll also discuss the benefits and relevance of this particular approach. | https://www.youtube.com/watch?v=nzgZwjzzcXo | 2022-05-17T22:22:04Z |
| Organize Your Mesh - How to Run a Multi-Tenant Service Mesh in Production- Christian Posta, Solo.io | Organize Your Mesh - How to Run a Multi-Tenant Service Mesh in Production- Christian Posta, Solo.ioService meshes offer a breadth of benefits from securing to adding reliability to gaining visibility into your applications. However, as you start to scale your environment and start onboarding different teams or applications into the mesh you run into challenges of tenant isolation in terms of configuration management, resource consumption and security. In this session, Christian will present how to securely operate and run a multi-tenant mesh in production using the primitives available from service mesh like Istio. You will also learn how to take these concepts from a single cluster to multi cluster environment and successfully run applications across different clusters in a multi tenant unified service mesh. | https://www.youtube.com/watch?v=DhbSZ9Ue4_k | 2022-05-17T22:22:04Z |
| Panel Discussion - The Future of Service Mesh: Is eBPF a Silver Lining or a Silver Bullet | Panel Discussion-The Future of Service Mesh: Is eBPF a Silver Lining or a Silver Bullet- Moderated by Craig Box, Google; Thomas Graf, Isovalent; Idit Levine, Solo.io, Vik Gamov, Kong & William Morgan, BuoyantService mesh implementations normally take one of two forms: a proxy per node, or a proxy per workload (the so-called "sidecar"). Linkerd went from A to B. Cilium is suggesting we can go from B to A. Is eBPF a savior, or are we hyper-optimizing a tiny piece of the datapath? And what else might the future of service mesh hold? | https://www.youtube.com/watch?v=viV6YgzTWrg | 2022-05-19T13:17:19Z |
| Lightning Talk: Clearing the confusion about eBPF and service mesh - Yuval Kohavi, Solo.io | Lightning Talk: Clearing the confusion about eBPF and service mesh - Yuval Kohavi, Solo.ioeBPF is an exciting technology that allows developers to extend the capabilities of the Linux Kernel without modifying the Kernel itself. Getting access to powerful Kernel capabilities can be extremely powerful, especially in networking, but what is the responsibility of this layer when it comes to service mesh? In this talk we discuss the importance of separation of layers, where eBPF fits for service mesh (and where it doesn't), and how to best optimize the service mesh architecture and experience for the real problems users have: security, observability, flexible policy enforcement, and overall traffic management. | https://www.youtube.com/watch?v=heDVglDRDNw | 2022-05-19T13:17:19Z |
| Cilium Service Mesh - Thomas Graf, Isovalent | eBPF is a powerful Linux kernel technology that is used in several CNCF projects to provide faster networking, new security applications, and deeper observability. In this talk, we explore how eBPF, using the Cilium project, allows you to build a service mesh entirely without sidecars while still relying on proven Envoy proxy technology. We will look at how moving service mesh functionality into the kernel using eBPF leads to massive performance gains and simplification of the overall model while remaining compatible with existing control planes. Service mesh will become invisible at the kernel level similar to how namespaces, the foundation of containers, are invisible today. The sidecar-free model unlocks a simpler architecture, performance gains, scalability advantages, and even more transparency to applications. Together, we will look at the new architecture, compare performance numbers, and run through a demo. | https://www.youtube.com/watch?v=mpwTkm53YTY | 2022-05-19T13:17:19Z |
## PrometheusDay EU 2022
- [Youtube](https://www.youtube.com/playlist?list=PLj6h78yzYM2NxQ9cO7mUyHBNbvxuHnF3D)
| Name | Description | Youtube url | Published At |
| ---------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------- | -------------------- |
| Opening Remarks - Richard Hartmann, Community Director, Grafana Labs | | https://www.youtube.com/watch?v=mIEJiJafRu0 | 2022-05-17T22:08:00Z |
| Sponsored Keynote - Connecting Prometheus and OpenTelemetry Data for Faster Troublesho... Ramon Guiu | Sponsored Keynote - Connecting Prometheus and OpenTelemetry Data for Faster Troubleshooting - Ramon Guiu, VP of Observability, TimescaleThe last few years have been fantastic for observability practitioners with the growth of Prometheus as the standard for metrics monitoring and the emergence of OpenTelemetry as a standard for application monitoring. Interoperability is key for standards to be adopted and successful. In this case, these two standards can make it easier for engineers to both instrument their systems and troubleshoot problems faster. In this talk, we will show the true power of Prometheus and OpenTelemetry working together. | https://www.youtube.com/watch?v=q2-iGDeKdOw | 2022-05-17T22:08:00Z |
| Prometheus Data analysis and Event Notifications for Progressive Delivery - Ravi Hari, Intuit | Prometheus Data analysis and Event Notifications for Progressive Delivery - Ravi Hari, IntuitPrometheus is a defacto monitoring tool in kubernetes. Argo Rollouts is an open source kubernetes controller provides ways to perform analysis to drive progressive delivery in kubernetes using Prometheus. While it is crucial to do the analysis it is also important to send the notification of analysis status to the user in near real time. Argo Rollouts uses notification engine which will trigger notifications based on a successful or failure status of analysis using Prometheus data. In this talk we will walk you through an example of how an application can be configured using argo-rollouts by using analysis templates that rely on Prometheus and use notification templates to send notifications in real time to the user. This will also show how this can be integrated to multiple notification channels, destinations and recipients on analysis status. | https://www.youtube.com/watch?v=N1gU_grkRxA | 2022-05-17T22:08:00Z |
| How to Be 10x SRE? A Deep Dive to Prometheus Operator - Jayapriya Pai & Haoyu Sun, Red Hat | How to Be 10x SRE? A Deep Dive to Prometheus Operator - Jayapriya Pai & Haoyu Sun, Red HatPrometheus Operator is a fairly known solution for monitoring Kubernetes workloads using Prometheus. Many Cloud Native users benefit from Prometheus Operator CRD-based components like ServiceMonitors, PodMonitors, PrometheusRules, Probes which allows better configuration management, self-service or even multi-tenancy. Many things were said about Prometheus Operator in the past, but we believe there is room for a dedicated talk about the designed way of utilizing Prometheus Operator on production Kubernetes clusters. In this talk, Jayapriya a Prometheus Operator contributor from the Red Hat Monitoring team and her teammate Haoyu will explain all you need to know about the common usage patterns. The audience will see practical examples and learn advanced features like securing Prometheus with TLS, enabling robust remote write and operating AlertManager via Prometheus Operator. The talk will also summarize the monitoring and operating aspects of the Prometheus Operator itself, sharing first hand experience of maintaining Prometheus Operator in thousands of OpenShift clusters. | https://www.youtube.com/watch?v=Uph_Say4D3M | 2022-05-19T11:41:12Z |
| How Prometheus indexes Data and Why You Should Care - Harkishen Singh, Timescale | How Prometheus indexes Data and Why You Should Care - Harkishen Singh, TimescalePrometheus is capable of ingesting and storing large amounts of metric samples. Prometheus users define queries and dashboards to extract insights from all that data that help them ensure their systems are up and performing as expected. Good query performance is important and that’s why Prometheus indexes incoming data. In this talk we will dive into how Prometheus indexes incoming data. We will aim to give you a visual understanding of the on-disk layout and data structures used to store samples. The aim is to develop an intuitive understanding of data access complexity and costs. This will inform you about how to manage cardinality and how PromQL queries leverage the index to speed up query execution. | https://www.youtube.com/watch?v=hSpBpVvgRxk | 2022-05-19T11:41:12Z |
| Fleeting Metrics: Monitoring Short-lived or Serverless Jobs... Bartłomiej Płotka & Saswata Mukherjee | Fleeting Metrics: Monitoring Short-lived or Serverless Jobs with Prometheus - Bartłomiej Płotka & Saswata Mukherjee, Red HatPrometheus is the leading open-source monitoring solution when it comes to metrics and alerting. It is a single binary that provides you with all you need to monitor your infrastructure and services. It has seen the shift from on-prem to cloud environments and has proven to be successful for users with all kinds of use cases. Prometheus was always designed to aggregate long-living metrics. However, this does not always go along with the solutions that are emerging in the CNCF ecosystem. Short-living workloads are increasingly common in form of Kubernetes batch jobs and serverless platforms like OpenFaas or Lambda and many more. This leads to the question, how and if we can use Prometheus to monitor and troubleshoot those kinds of jobs? In this talk, you will learn about the potential solutions that are emerging in the Prometheus ecosystem. Bartek and Saswata will dive into this problem and propose a set of solutions that could help in monitoring those short-living workloads using the Prometheus data model. The audience will see a demonstration of a solution that uses best practices to capture fleeting metrics and integrates them with Prometheus. | https://www.youtube.com/watch?v=rt4JiK995s8 | 2022-05-17T22:08:00Z |
| How and Why We Rebuilt Auto-scaling in OpenFaaS with Prometheus - Alex Ellis, OpenFaaS Ltd | How and Why We Rebuilt Auto-scaling in OpenFaaS with Prometheus - Alex Ellis, OpenFaaS LtdIn the Six Million Dollar Man we get the quote “We can rebuild him. We have the technology. We can make him better than he was. Better, stronger, faster.” And with that in mind, prompted by customer feedback we rebuilt the subsystem responsible for scaling OpenFaaS functions. The new and improved version serves the needs of customers better - with the added ability to scale on in-flight requests and CPU (as well as RPS). This wasn’t an easy journey and we think you’ll be able to learn from some of the PromQL we wrote, how we (instrument) collect the data and the issues we ran into along the way. There’ll be PromQL samples, live demos of scaling functions linked back to end-user use-cases. | https://www.youtube.com/watch?v=ka5QjX0JgFo | 2022-05-17T22:08:00Z |
| Warp-Speed Debugging with Prometheus Exemplars - Ian Billett, Red Hat | Warp-Speed Debugging with Prometheus Exemplars - Ian Billett, Red HatEffectively debugging distributed systems almost always requires inspecting more than just your Prometheus metrics data - logs, traces and profiles all provide essential information that help you quickly and efficiently pinpoint the root cause of your bugs. However, navigating between different systems with disjointed data sources interrupts your debugging flow state and ultimately increases the time taken to identify and resolve your bugs. Wouldn't it be nice if Prometheus had a native capability to help you hop between data sources? Enter exemplars! In this beginner-focused talk, Ian Billett will walk you through what exemplars are, how they work and provide practical examples of how you can leverage them in your applications today to super charge your debugging experience. | https://www.youtube.com/watch?v=uBvU_3IeK4k | 2022-05-17T22:08:00Z |
| Storing Continuous Benchmarking Data in Prometheus - Matvey Arye, TimescaleDB/Promscale | Storing Continuous Benchmarking Data in Prometheus - Matvey Arye, TimescaleDB/PromscalePrometheus is most commonly used for observing live production systems. In this talk, we’ll cover another great use case: benchmarking. Usually, distributed systems are benchmarked by using a benchmark driver to apply load and measure performance. This is typically the only data recorded for the benchmark. The problem with this approach is that it gives you visibility into performance output but no ability to diagnose why performance issues occurred. By using Prometheus in your performance benchmarks you can measure resource usage metrics and internal application metrics across all your components giving you the insights you need to understand the reason for performance issues so you can fix them. This will not require a lot of additional effort because you can reuse the observability infrastructure that you should already be implementing in your application as well as the dashboards already built into Grafana. It also allows retrospective analysis of benchmark runs since the data is stored in Prometheus. In this talk we’ll explain how we set up such an environment as well as share lessons learned about tracking benchmarking runs and keeping the result data organized. | https://www.youtube.com/watch?v=1Yj2pSfsu8I | 2022-05-17T22:08:00Z |
| Lightning Talk: Troubleshoot Compactor Backlog with Ease - Ben Ye, ByteDance | Lightning Talk: Troubleshoot Compactor Backlog with Ease - Ben Ye, ByteDanceThis talk will talk about a common problem if you are running Thanos and Cortex on large scales: compactor backlog. As a core component, it is important to make sure that the compactors are running smoothly and well scaled. In this talk, Ben Ye will explain why compactor backlog happens and how to prevent it from happening. He will walk through ways to identify and troubleshoot it using existing metrics and tools. | https://www.youtube.com/watch?v=NgmAkXLAHlE | 2022-05-17T22:08:00Z |
| Lightning Talk: Troubleshoot Compactor Backlog with Ease - Ben Ye, ByteDance | Lightning Talk: Troubleshoot Compactor Backlog with Ease - Ben Ye, ByteDanceThis talk will talk about a common problem if you are running Thanos and Cortex on large scales: compactor backlog. As a core component, it is important to make sure that the compactors are running smoothly and well scaled. In this talk, Ben Ye will explain why compactor backlog happens and how to prevent it from happening. He will walk through ways to identify and troubleshoot it using existing metrics and tools. | https://www.youtube.com/watch?v=V8w3zL8Y6uI | 2022-05-19T11:41:12Z |
| Lightning Talk: Integrating 3rd Party, Non-prometheus-native Services without Writing... Paweł Krupa | Lightning Talk: Integrating 3rd Party, Non-prometheus-native Services without Writing Code - Paweł Krupa, TimescaleMany SaaS offerings provide services from which it might be good to collect data with prometheus either for easy data correlation or for alerting. However, not many of those services offer data in prometeus format. In this talk, I'll go through a simple setup that uses json_exporter to gather prometheus data from free service (uptimerobot) exposing JSON API to provide synthetic monitoring functionality. | https://www.youtube.com/watch?v=CpTvql1u8qk | 2022-05-17T22:08:00Z |
| Lightning Talk: Easy anomaly Detection with PromQL - David de Torres Huerta, Sysdig | Lightning Talk: Easy anomaly Detection with PromQL - David de Torres Huerta, SysdigHow to create an alert on a service whose load changes over the different hours of a day? How can I alert on a process that has different usage over different days of a week? Anomaly detection is one of the main challenges that Prometheus users face while setting up alerts. Systems are usually dynamic and the use of resources and behavior depends on external factors that vary over time. Setting up alerts with static thresholds in these environments generates a lot of noise, causing alert fatigue in the operators and ignoring important notifications camouflaged among false positives. In this talk, we will see the different kinds of anomaly detection, when to use them and how to implement them in promQL. Although PromQL does not have specific functions for anomaly detection, as it has for linear regression, it does provide the building blocks to create different kinds of anomaly detection. We will also discuss the possibility of creating new PromQL functions that would make it easier to create this kind of anomaly detection alert. | https://www.youtube.com/watch?v=0vxR9Rb5bBU | 2022-05-17T22:08:00Z |
| Lightning Talk: Optimize UX and Performance Through Grafana, Prometheus and Lighth... Miki Lombardi | Lightning Talk: Optimize UX and Performance Through Grafana, Prometheus and Lighthouse - Miki Lombardi, GrowensAt MailUp we always develop to improve. Lighthouse is a tool that allows us to analyze our page and returns important metrics that allow us to operate to optimize performance and UX. We have created a tool that, thanks to Docker containers, allows us to quickly analyze our platform and view the data in the Grafana Dashboard. In this talk we will analyze our use case! | https://www.youtube.com/watch?v=rD6a4EhURaE | 2022-05-17T22:08:00Z |
| Lightning Talk: Monitoring Counter Strike Global offensive with Prometheus - David Lorite, Sysdig | Lightning Talk: Monitoring Counter Strike Global offensive with Prometheus - David Lorite, SysdigEveryone is using Prometheus in their infrastructure, but who is using Prometheus in their game server? In gaming, servers are a critical component of the industry's success. The gaming industry is highly profitable and the enabling technology is critical to its success. They also carry a great responsibility in maintaining quality of service (QoS), where a drop in the latency or in the computing power, especially in multiplayer games, seriously affects user experience. can be critical. In this talk, you will learn how to set up and monitor a Counter-Strike: Global Offensive server with Prometheus. We will show the installation and configuration of the Prometheus server and the following exporters: - Node exporter: to monitor the infrastructure metrics. - CAdvisor: to monitor the usage of the containers. - SRCDS Exporter: to monitor the game server metrics. With all these exporters, apart from monitoring the game itself, we will have visibility into the node and the applications on it, to be sure that the VM is running everything at an optimal service level and avoids extra costs in our cloud bill. | https://www.youtube.com/watch?v=2uLA5RtZ4TE | 2022-05-17T22:08:00Z |
| Closing Remarks - Richard Hartmann, Community Director, Grafana Labs | Closing Remarks - Richard Hartmann, Community Director, Grafana Labs | https://www.youtube.com/watch?v=UHkX1BX7PJE | 2022-05-17T22:08:00Z |
| Lightning Talk: Pyrra - Making SLOs with Prometheus Manageable, Accessible, and Ea... Matthias Loibl | Lightning Talk: Pyrra - Making SLOs with Prometheus Manageable, Accessible, and Easy to Use for Everyone! - Matthias Loibl, Polar SignalsIn this lightning talk Matthias will give an introduction to Pyrra, a project that aims to make Service Level Objectives (SLOs) with Prometheus manageable, accessible, and easy to use for everyone. Matthias will walk you through some examples for creating a error ratio SLO and a latency SLO. We will then briefly look at Pyrra's architecture and how the critical path of alerting is still done by Prometheus. After this talk you will be confident to start to implementing SLOs in your organization with an open source project that builds on the beloved open source project Prometheus. | https://www.youtube.com/watch?v=8Ox0M6HIE3w | 2022-05-19T12:04:57Z |
| Alerting and Anomaly Detection – Best Friends Forever? - Björn Rabenstein, Grafana Labs | Alerting and Anomaly Detection – Best Friends Forever? - Björn Rabenstein, Grafana LabsWhen Prometheus became publicly known starting in 2015, the Prometheus developers expected many questions. But one surprisingly stuck out: “Can you do anomaly detection?” Somehow, everyone expected a next-generation monitoring and alerting system to venture into anomaly detection. PromQL is powerful enough to support fundamental building blocks of anomaly detection, but the general direction of Promethean alerting is, in a way, exactly the opposite: Towards confident, non-noisy alerts based on your SLOs. In this talk, Beorn will share a few stories from the receiving end of the pager and why it is almost always a bad idea to put anomaly detection at the other end. He will talk about the “proper” Promethean way of alerting (including its limitations) and where anomaly detection (or even machine learning) might have its place in it after all. | https://www.youtube.com/watch?v=s3s03RHidf8 | 2022-05-19T12:04:57Z |
| Prometheus instrumentation: the Practical Way - Aditi Ahuja, Couchbase | Prometheus instrumentation: the Practical Way - Aditi Ahuja, CouchbaseInstrumenting applications to expose meaningful metrics is the key to harnessing the power of Prometheus. The native Prometheus client libraries offer a convenient way to define various metrics about essential behaviours of your application in a form of basic metric types: counters, gauges and histograms. Applying this to more complex cases might be challenging.In this talk you will learn about the instrumenting real application in an example of Thanos (metric data store extending the long term storage capabilities of Prometheus) compaction microservice. The audience will learn practical instrumentation approaches on production-grade software from basic to more complex cases. The complex case is monitoring various stages and estimating the potential compaction durations, which can vary widely based on the data. Aditi will explain Go client implementation using the official Prometheus library, but the same can be generalized to other languages.At the end of this talk, you will know how to instrument applications and how to unit test that setup! This talk is for everyone looking to start out with instrumenting code and tap that into Prometheus. | https://www.youtube.com/watch?v=gDm279-un0M | 2022-06-03T17:10:09Z |
## KnativeCon EU 2022
- [Youtube](https://www.youtube.com/playlist?list=PLj6h78yzYM2Mv__LXlfzAAw5WMUTzIvS8)
| Name | Description | Youtube url | Published At |
| ---------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------- | -------------------- |
| Keynote: Why VMware Supports Knative (And Other Cloud Native OSS projects!)- V Körbes, VMware Tanzu | Keynote: Why VMware Supports Knative (And Other Cloud Native OSS projects!)- V Körbes, VMware TanzuVMware strives to offer our users cloud-neutral, fully-functional solutions with feature parity to cloud-specific, locked-in offerings. Knative, being the strongest alternative to AWS Lambda or Azure Functions, succeeds at that: it provides an avenue for users to deploy that same software/logic but in their own data center or multi-cloud infrastructure.In this session we’ll discuss why the success of open source projects such as Knative is so important: Not only because users are free to use it as they please, but also for being a much more vibrant and quickly-evolving project—something made possible by open source being maintained by a much broader community than any proprietary offering ever could. | https://www.youtube.com/watch?v=7AFetTK7nJA | 2022-05-18T22:56:45Z |
| Knative Functions: An Introduction, Demonstration and Roadmap - Lance Ball & Mauricio Salatino | Knative Functions: An Introduction, Demonstration and Roadmap - Lance Ball, Red Hat (WG lead) & Mauricio Salatino, VMwareKnative Functions fall somewhere between a CaaS (Containers-as-a-Service) and a FaaS (Function-as-a-Service) and provide an experience similar to Google Functions or Azure Container Apps. Those platforms allow you to run your applications without the need to know about containers or Kubernetes. They take source code, often just a function, and convert it into a runnable artifact, deployed on a cluster, while hiding from you all of the Kubernetes and container details. In this talk, you will learn about Knative Functions: what they are; how the project was created and evolved; and most importantly how you can use them to quickly and easily deploy event-driven, Knative Serverless applications. Lance and Mauricio will be live coding to create, build and deploy functions that consume and produce CloudEvents in multiple programming languages, illustrating the polyglot nature of Kubernetes and the Serverless capabilities of Knative. | https://www.youtube.com/watch?v=5NQAAnZZors | 2022-05-17T21:10:57Z |
| Data Processing at Scale with Knative and Benthos - Mihai Todor & Murugappan Sevugan Chetty, Box | Data Processing at Scale with Knative and Benthos - Mihai Todor & Murugappan Sevugan Chetty, BoxKnative serving provides push-based autoscaling (scale based on rps/concurrency) leaving a requirement on a "component" to push these requests. This works well for real-time http/grpc requests. How about event processing and batch processing? For event processing, we could leverage webhooks or knative eventing (different types of sources, brokers, etc). Challenge lies in processing batch data from databases, CSV files, etc. These are common enterprise use cases. To attain auto-scaling for each batch usecase a bespoke component needs to be developed and this is where Benthos shines. Benthos is a stateless data streaming engine that implements transaction-based resiliency with backpressure. When connecting to at-least-once sources and sinks, it's able to guarantee at-least-once delivery without needing to persist messages during transit. Data transformations can be expressed using a DSL. It's a safe, fast, and powerful way to perform document mapping within Benthos. In this session, Mihai and Murugappan will demo how to leverage the best of Knative and Benthos to process data at scale. | https://www.youtube.com/watch?v=3OaRXwcRJJk | 2022-05-24T20:57:38Z |
| Lightning Talk: The Community Meetup's Impact on the Knative Project - María Cruz, Google | Lightning Talk: The Community Meetup's Impact on the Knative Project - María Cruz, GoogleJoin this session to learn how the Knative community meetup impacts the project and what positive outcomes it had over the past two years. In this lightning talk, participants will learn how a community engagement strategy can impact an open source project, what goals it serves, and how to get involved (maybe even as an organizer!). | https://www.youtube.com/watch?v=QaJ8Gx374F4 | 2022-05-17T21:10:57Z |
| Lightning Talk: Docker-free Functions for Knative - Zbynek Roubalik, Red Hat | Lightning Talk: Docker-free Functions for Knative - Zbynek Roubalik, Red HatKnative Functions allows developers to build and run their applications on Kubernetes without knowing anything about containers. Instead, the source code is built transparently using a local Docker or Podman installation and deployed as a Knative Service in a few simple steps. Sometimes, however, a local build in Docker or Podman is not possible or simply not the preferred option for a developer. Luckily there is now an alternative. In this lightning talk, Zbynek will present the latest feature of Knative Functions: On-cluster builds, which frees users from creating container images locally. The presentation will describe the different options for creating container images within Kubernetes clusters, the current status, and the plans for on-cluster function builds. A live demo will show the on-cluster builds in action. | https://www.youtube.com/watch?v=coq85U24CrQ | 2022-05-17T21:10:57Z |
| Lightning Talk: What is the Knative Asynchronous Component?- Angelo Danducci II & Michael Maximilien | Lightning Talk: What is the Knative Asynchronous Component? - Angelo Danducci II & Michael Maximilien, IBMCurrently, all Knative services are called in a synchronous fashion. However, in many use cases, a blocking request / response primitive is not sufficient. In particular, for data processing and AI use cases, a blocking invocation approach is sub-optimal. The execution of these services is often long running and surpasses the timeouts for responses, or result in the client having to manage a multitude of pending blocking requests. A more natural invocation pattern is to allow for “fire and forget” or asynchronous invocations, where services are called in an async manner. Doing so allows the client not to block as the service execution is unraveled. The Knative async-component aims to achieve exactly this invocation pattern. Best of all, it does so in a natural and progressive manner that makes any service asynchronous with a simple label and lets the service’s caller decide when to invoke the service synchronously or asynchronously. The project is still in incubation but once it reaches beta-level, we can encourage Knative users with similar async use cases to download and try it in their own Knative clusters. | https://www.youtube.com/watch?v=8KXVbH_Rnvs | 2022-05-17T21:10:57Z |
| Accelerating KNative, Like Never Before - Yafang Wu, HUAWEI | Accelerating KNative, Like Never Before - Yafang Wu, HUAWEIKNative is the most popular Serverless project in the Cloud Native world today, as KNative has some terrific feature e.g portable when compare with other Serverless platform. At HUAWEI CLOUD, we build our serverless platform based on KNative, there're tens of thousands of workloads running on it now. When we're building this platform, we found that improving performance and minimizing operational overhead are the key challenges. In this sharing, we will go over: 1)Minimize memory overhead when you use KNative. 2.)Improve the performance of KNative Ingress Dataplane. | https://www.youtube.com/watch?v=HeCwZ84Rsts | 2022-05-17T21:10:57Z |
| The Past, Present and Future of the Knative Community | The Past, Present and Future of the Knative Community - Moderated by Michael Maximilien IBM; Evan Anderson, VMware, Roland Huß, Red Hat; Whitney Lee, VMWare; Sebastien Goasguen, TriggerMeshWith the 1.0 release and becoming a CNCF incubating project, the Knative community has reached two significant milestones recently. Join us for a fireside chat about the beginnings when Knative was still called Elafros, how the community evolved over the last four years, and what big features are on the horizon. Also, learn about how you can become part of the Knative community and join the journey. | https://www.youtube.com/watch?v=W5tEOTmHkEQ | 2022-05-17T21:10:57Z |
| Kn, The One-Stop Shop for Knative - Navid Shaikh, VMware (WG lead) & David Simansky, Red Hat | Kn, The One-Stop Shop for Knative - Navid Shaikh, VMware (WG lead) & David Simansky, Red Hat (WG lead)Knative simplifies serverless application deployments of cloud-native workloads. Knative brings you flexible consumption-based autoscaling and provides the primitives for creating production-grade event-driven applications. In addition, the command-line tool "kn'' simplifies the Developer workflow with Knative greatly. This presentation takes you through the steps of a typical developer workflow with kn. From the initial, imperative, and iterative creation of services, over GitOps integration into a CI pipeline up to the final production rollout, kn supports all of these stages. Kn also supports kubectl-like plugins for supporting features like connecting to backends like Kafka or a rich Function experience for building Knative services from scratch. After introducing Knative itself, we will show how easy it is to run applications with Knative from the command line with a set of live demos. At the end of this session, we are sure that kn became your new Knative best friend. | https://www.youtube.com/watch?v=XresRgiVGco | 2022-05-17T21:10:57Z |
| How We Built an ML inference Platform with Knative - Dan Sun, Bloomberg LP & Animesh Singh, IBM | How We Built an ML inference Platform with Knative - Dan Sun, Bloomberg LP & Animesh Singh, IBMDeploying and scaling machine learning(ML)- driven applications in production is rarely a simple task. However, serverless inference has been simplified and accelerated through the use of Knative. Knative runs serverless containers on Kubernetes with ease and handles all the details related to networking, requests volume-based autoscaling (including scale-to-zero), and revision tracking. It also enables event-driven applications by integration seamlessly with various event sources. In this session, the speakers will discuss why their organizations initially chose Knative when building their ML inference platforms, and how these efforts evolved into KServe (github.com/kserve) project. We will also discuss how we leverage Knative to implement blue/green/canary rollout strategies for safe production updates to our ML models, improve GPU utilization with scale-to-zero functionality, and build Apache kafka events-based inference pipeline. At the end of the talk, we will share some of the testing benchmarks (compared with Kubernetes HPA), as well as performance optimization tips that have enabled us to run hundreds to thousands of Knative services in a single cluster. | https://www.youtube.com/watch?v=yuxC1UVU_ec | 2022-05-17T21:10:57Z |
| How Fast is FaaS? Reducing Cold Start Times in Knative - Paul Schweigert & Carlos Santana, IBM | How Fast is FaaS? Reducing Cold Start Times in Knative - Paul Schweigert & Carlos Santana, IBMKnative is used to build serverless-style systems. One of the key features of these systems is the ability to scale a service up/down on demand, only running pods when they are needed to handle a request. When scaling up, however, users are likely to encounter the “cold start” problem, whereby the latency of when a new pod is ready to handle requests is non-negligible (2-5 seconds or more). Scheduling and making a Pod available in Kubernetes fast enough to provide a FaaS (Function as a Service) experience is a problem that we face today as it involves many components and orchestration. In this talk, Paul and Carlos will discuss how autoscaling works in Knative, the cold start problem space, and the steps taken by Knative to reduce container startup latency. One innovative solution is to pause the container CPU while maintaining state, this will allow for a fast response by having warm containers available and orchestrated. This is a practice typically used in FaaS systems. | https://www.youtube.com/watch?v=fv-TkMOM0bk | 2022-05-17T21:10:57Z |
| Lightning Talk: Knative CNCF Incubation: Testing Infrastructure Improvements and Opti... Mahamed Ali | Lightning Talk: Knative CNCF Incubation: Testing Infrastructure Improvements and Optimizations - Mahamed Ali, Rackspace TechnologyPlease join us to hear about the work Productivity Working Group has been doing to prepare for Knative's CNCF incubation. Knative attracted community contributors after the announcement by Google and CNCF and we will be talking about the improvements to our testing infrastructure and details about the infrastructure that the project inherited. We will also be talking about what the Productivity Working Group does and how it helps the project. | https://www.youtube.com/watch?v=C1c379J1Lzw | 2022-05-17T21:10:57Z |
| Lightning Talk: Modernizing Your IBM-MQ Applications with Knative and Kong - Sebastien Goasguen | Lightning Talk: Modernizing Your IBM-MQ Applications with Knative and Kong - Sebastien Goasguen, TriggerMeshIBM MQ has long been at the core of many enterprise applications especially those using mainframes. Enterprises are trying to extend the lifetime and relevance of such legacy systems in a Cloud-Native era by linking them with containerized workloads. Legacy applications still heavily rely on these systems and second, they cannot be easily replaced by Cloud solutions. In this talk we will show how you can bridge the two worlds of old legacy systems and modern Cloud architecture. We will make use of a Kong API gateway, Knative and some TriggerMesh components for event transformation and connection with IBM-MQ. We will take the example of a Mulesoft application that exposes a REST API in front of a mainframe system of record and we will decompose it using an event-driven system built on containers and using Knative and TriggerMesh. This will show how you can keep using your IBM MQ system but usher into a more open source and cloud-native world which speeds up your application workflow and reduces cost. | https://www.youtube.com/watch?v=bsnMZ6ogPEY | 2022-05-17T21:10:57Z |
| Lightning Talk: Integrating Debezium and Knative or How to Stream Changes t... Christopher Baumbauer | Lightning Talk: Integrating Debezium and Knative or How to Stream Changes the Knative Way - Christopher Baumbauer, Atelier SolutionsThis talk will highlight some of the work Chris did to take Debezium from streaming database change events into Knative to ensure an in-cluster data cache is kept up to date. While highlighting one useful use-case, the talk will go into more details on what it took to add support for streaming events using Knative instead of Apache Kafka, as well as some of the caveats and pitfalls to beware of if you are also looking at how to convert your microservices into a Knative enabled service. | https://www.youtube.com/watch?v=DuJCJfLNYbc | 2022-05-17T21:10:57Z |
| Connecting the World to Knative with Kamelets - Roland Huß, Red Hat | Connecting the World to Knative with Kamelets - Roland Huß, Red HatIn Knative Eventing, sources are responsible for importing events from the outside world, converting them to CloudEvents, and sending them along to a Knative sink. But creating source support for a backend requires a considerable amount of effort and additional installation steps on your cluster. Kamelets are a new technology that provides a solution for this problem: they are general-purpose connectors from the Apache Camel ecosystem that are ready to use within Knative. Apache Camel is the prevalent open-source enterprise application integration framework that provides connectors to more than 300 systems. This presentation explains how to use Kamelets as event sources in Knative and connect them to your applications. You will learn to install Kamelet support on your cluster, discover Kamelets from a catalog, and how to deploy and manage them with a Knative client plugin or directly with YAML resources. In a live demo, we will see the combination of Kamelets and Knative in action. Get ready and join the camel caravan to connect the world to your event-driven applications! | https://www.youtube.com/watch?v=Abxp_HW6lJE | 2022-05-17T21:10:57Z |
| Keynote: Knative, the future looks bright!- Naina Singh, Red Hat | Keynote: Knative, the future looks bright!- Naina Singh, Red HatFind out why the OpenShift Serverless team at Red Hat stands behind their vision of how Knative will continue to positively impact businesses, and help drive Knative forward as the premiere container-based serverless solution. The future looks bright! | https://www.youtube.com/watch?v=8oP_KhxsqMY | 2022-05-17T21:10:57Z |
| Consuming and Replying to CloudEvents - Pablo Mercado, TriggerMesh | Consuming and Replying to CloudEvents - Pablo Mercado, TriggerMeshThe presenter will share their experience managing CloudEvents with Knative components, exposing common scenarios and focusing on possible CloudEvents consuming patterns. CloudEvent consumers range from very simple one way receivers to components that compose non trivial orchestrations, and each scenario might require different reply and retry strategies, some of them beyond Knative's reach. This presentation will describe some of those scenarios and choices to manage them. | https://www.youtube.com/watch?v=cAU--37fbC4 | 2022-05-17T21:10:57Z |
| Closing - Evan Anderson, VMware [KnativeCon Program Committee Member] | Closing - Evan Anderson, VMware [KnativeCon Program Committee Member] | https://www.youtube.com/watch?v=yXvtYJ_F3qo | 2022-05-17T21:10:57Z |
| Keynote: Knative and the Open Cloud: Why move Knative to the CNCF?- Aizmahal Nurmamat kyzy, Google | Keynote: Knative and the Open Cloud: Why move Knative to the CNCF?- Aizmahal Nurmamat kyzy, Google Google’s open cloud relies on open source, and we have long believed in the vision of Knative making it easy to run containers for serving. In this talk, we will cover why we believe that a long-term home in the CNCF is the right thing for developers and for Google’s open cloud. | https://www.youtube.com/watch?v=NWCSQo65ynw | 2022-05-20T14:25:30Z |
| Opening + Welcome - Aizmahal Nurmamat kyzy, Google + Carlos Santana, IBM | Opening + Welcome - Aizmahal Nurmamat kyzy, Google + Carlos Santana, IBM [KnativeCon Program Committee Member] | https://www.youtube.com/watch?v=vPQJYzwoGs4 | 2022-05-20T14:25:30Z |
## KubeCon + CloudNativeCon Europe 2022
- [Youtube](https://www.youtube.com/playlist?list=PLj6h78yzYM2MCEgkd8zH0vJWF7jdQ-GRR)
| Name | Description | Youtube url | Published At |
| ---------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------- | -------------------- |
| What's New With SIG Windows and Deep Dive... Mark Rossetti & Brandon Smith, Jay Vyas, Claudiu Belu | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.What's New With SIG Windows and Deep Dive Into Windows Container Users - Mark Rossetti & Brandon Smith, Microsoft; Jay Vyas, VMware; Claudiu Belu, Cloudbase SolutionsRunning Kubernetes on Windows is increasingly a viable production strategy for complex applications in multitenant environments. In this presentation we'll highlight recent improvements - such as the pod.OS field and advancements in host-process containers for infrstractuure - that make it easier to manage production clusters/workloads, show people how to rapidly prototype the development of new Kubernetes features using the SIG-Windows developer tools project, and also do a deep-dive into how container users work on Windows. | https://www.youtube.com/watch?v=THaDy6u-Cgk | 2022-05-30T20:40:57Z |
| What If... Kube-Apiserver Could be Extended Via WebAssembly? - Flavio Castelli, SUSE | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.What If... Kube-Apiserver Could be Extended Via WebAssembly? - Flavio Castelli, SUSEDynamic Admission Controllers are currently the only way to extend the Kubernetes API Server to implement security and conformance policies. They work great, but they also have drawbacks. How would it be to have a flexible way to extend the built-in admission controllers that doesn’t resort on Webhooks? This talk will show a prototype that leverages WebAssembly as a way to enrich the Kubernetes API Server capabilities. What if this is just the beginning of extending Kubernetes core pieces with WebAssembly? Do you want to join us in this experiment? | https://www.youtube.com/watch?v=4CKcMZySUbc | 2022-05-30T20:40:57Z |
| Volcano: Intro & Deep Dive - Klaus Ma, Huawei Cloud | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Volcano: Intro & Deep Dive - Klaus Ma, Huawei CloudVolcano is a system for running high-performance workloads on Kubernetes. It features powerful batch scheduling capability that Kubernetes cannot provide but is commonly required by many classes of high-performance workloads such as ML/DL, big data application and Bioinformatics/Genomics. During this session the Volcano maintainers will introduce the project for newcomers and then provide updates on the latest and greatest features landing in Volcano. If you are interested in running high-performance workloads in Kubernetes, this session is for you. | https://www.youtube.com/watch?v=a76CajRhsX0 | 2022-05-30T20:40:57Z |
| TikTok’s Story: How To Manage a Thousand Applications on Edge With Argo CD - Qingkun Li & Jesse Suen | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.TikTok’s Story: How To Manage a Thousand Applications on Edge With Argo CD - Qingkun Li, TikTok/Bytedance Inc. & Jesse Suen, Akuity, Inc.This talk will share a case study of how TikTok manages its global edge clusters with Kubernetes and operates continuous delivery with Argo CD concluding with a demo. The talk will also dive into the scalability challenges faced by Tiktok to manage edge services using Argo CD (with ~100 edge clusters, ~150k CPUs and ~3000 applications), as well as how the Argo community plans to address them in future. TikTok operates a large network of Kubernetes edge clusters around the world, hosting apps such as Tiktok, live and gaming, using cache and traffic acceleration services offered at our edge clusters. The challenge arises when it comes to the deployment management of those edge services on hundreds of edge clusters. Normally, an edge service shares a lot of common configurations when deployed globally, but still has cluster-specific configurations (e.g. resource quota, service hostname, etc.). From this talk, people will learn how to deploy and manage such kind of services using Argo CD. | https://www.youtube.com/watch?v=Ftz5_lIepNA | 2022-05-30T20:40:57Z |
| Threat Hunting at Scale: Auditing Thousands of Clusters With Falco + F... Furkan Türkal & Emin Aktaş | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Threat Hunting at Scale: Auditing Thousands of Clusters With Falco + Fluent - Furkan Türkal & Emin Aktaş, TrendyolAt Trendyol, we are running thousands of production-grade Kubernetes clusters to make our customers always happy. The challenge that we have to achieve is to track every component, resource, user, and team in a timeline manner. This is where we have to collect audit events from almost everywhere! Kubernetes audit logs can effectively track the changes made to our clusters. By using Falco, we consume the kernel events and enrich those events with information from Kubernetes. Enabling Kubernetes Audit Logs feature allows us to scan audit events that forwarded from Kubernetes. By using Fluent Bit, we collect logs from different sources such as containers and Falco; furthermore, we extend them with filters, and send them to multiple destinations. By using Loki, we build a highly-available log aggregation system. We create and manage all of our alerting rules for the log data. In this session, we try to combine pieces and introduce a brand new Audit Monitoring System! | https://www.youtube.com/watch?v=OyB0TWVjZvY | 2022-05-30T20:40:57Z |
| This is The Way: A Crash Course on the Intricacies of Managing CPUs... Swati Sehgal & Marlow Weston | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.This is The Way: A Crash Course on the Intricacies of Managing CPUs in K8s - Swati Sehgal, Red Hat & Marlow Weston, IntelOptimizing CPU management improves cluster performance and security, but is daunting to almost everyone. CPU management may seem complex, but it can be explained in such a way that even your inner toddler will comprehend. With this talk, we will give a path to success. You may have a multi-socket node cluster where your AI/ML workloads care about the proximity of your CPUs to GPUs. You may be running scientific workloads where you want to pin in cores within containers instead of just a pod level. You may have a single-socket server where you want to save a single core outside of Kubernetes for a daemon dedicated to mining bitcoin, without affecting your other jobs (please do not do this). We will cover these and more, helping you understand the intricacies of CPU management within the kubelet and what Kuberenetes can and cannot currently do. We will also cover how you can help escalate the visibility of use cases not currently covered within Kubernetes. | https://www.youtube.com/watch?v=IFEJD1YOpXo | 2022-05-30T20:40:57Z |
| The Road to IPv6 Support in... John Gardiner Myers, Ciprian Hacman, Ole Markus, Justin Santa Barbara | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.The Road to IPv6 Support in kOps - John Gardiner Myers, Proofpoint; Ciprian Hacman, polypoly; Ole Markus, Sportradar; Justin Santa Barbara, GooglekOps has been adding support for IPv6 clusters. Learn about the design of and challenges faced in providing a turnkey IPv6 Kubernetes infrastructure, including on AWS and other clouds. kOps maintainers will describe the use cases they are targeting, the network architecture they chose, and how they are managing address allocation. They will give details on the components, both internal and in upstream projects, that needed changes to support IPv6 and the bugs and limitations they had to work around. They will also reveal trivia, such as why the kOps service network is fd00:5e4f:ce::/108. | https://www.youtube.com/watch?v=iBuPFMZu4_Q | 2022-05-30T20:40:57Z |
| The Future Of Reproducible Research: Powered By Kubeflow - Trevor Grant | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.The Future Of Reproducible Research: Powered By Kubeflow - Trevor GrantReproducibility has been a cornerstone of scientific research for the last 400 years;, often that means charts or a sample of data. With the advent of Github, sometimes now code and sample data too, unfortunately this still leaves a lot of “leg work” to the person reproducing (which is why this is often a task for graduate students). But Kubeflow, an Open Source, Cloud Native, Data Science Platform, changes that by making all steps from data cleansing to visualization quickly and easily reproducible which in turn makes iterative advances much easier and faster. In this talk, we’ll discuss a peer review article that was published not only with corresponding code, but with a Kubeflow Pipeline, so that anyone may download, check, and iteratively improve the results. While the paper itself is interesting- the talk will focus on why publishing not only code and data but full pipelines benefits not only grad students tasked with verifying results, but the entire academic community. | https://www.youtube.com/watch?v=JiqY5lWbFVE | 2022-05-30T20:40:57Z |
| Spark on Kubernetes: The Elastic Story - Bowen Li & Huichao Zhao, Apple | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Spark on Kubernetes: The Elastic Story - Bowen Li & Huichao Zhao, AppleApache Spark is a unified analytics engine for large-scale data processing. People are moving Spark and batch workload to Kubernetes due to its uprising popularity. There are many challenges to running Spark efficiently on Kubernetes, for example, supporting autoscaling-based workloads. In this talk, we discuss building a large scale Spark Service on top of Kubernetes. We will also walk through autoscaling on a multi-tenant platform with advanced features such as physical isolation, min/max capacity setting, bin-packing, scale-in and scale out controls, and more. These improvements show significant CPU and memory utilization savings for Spark on Kubernetes. | https://www.youtube.com/watch?v=n7WeoTJq-40 | 2022-05-30T20:40:57Z |
| SIG-Multicluster Intro and Deep Dive - Jeremy Olmsted-Thompson & Laura Lorenz, Paul Morie | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.SIG-Multicluster Intro and Deep Dive - Jeremy Olmsted-Thompson & Laura Lorenz, Google; Paul Morie, AppleSIG-Multicluster is focused on solving common challenges related to the management of many Kubernetes clusters, across multiple cloud providers (so-called hybrid cloud), and applications deployed across many clusters. In this session, we'll give attendees an overview of the current status of the multi-cluster problem space in Kubernetes and of the SIG. We’ll discuss current thinking around best practices for multi-cluster deployments and what it means to be part of a ClusterSet. Then we’ll highlight current SIG projects, focused use cases, and ideas for what’s next. Most importantly, we’ll provide information on how you can get involved either as a contributor or as a user who wants to provide feedback about the SIG's current efforts and future direction. Bring your questions, problems, and ideas - help us expand the multi-cluster Kubernetes landscape. | https://www.youtube.com/watch?v=cYFxjZEXucM | 2022-05-30T20:40:57Z |
| Securing Your Container Native Supply Chain with SLSA, Github and Te... Laurent Simon & Priya Wadhwa | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Securing Your Container Native Supply Chain with SLSA, Github and Tekton - Laurent Simon, Google & Priya Wadhwa, ChainguardSupply chain security has been a huge topic of discussion in recent months, and protecting your supply chain has become more important than ever. In this talk, Laurent Simon and Priya Wadhwa will discuss how to practically apply the principles of SLSA to secure your container native build system. They’ll start by covering how to use the in-toto project to create and verify source code attestations. They’ll also do a step-by-step demo of achieving SLSA Level 2 in common build systems like Tekton and Github Actions. If you’ve been wanting to secure your supply chain, but haven’t known where to start, then this talk is for you! Priya has given a related talk at SupplyChainSecurityCon on integrating Sigstore with Tekton. That talk focused on the theoretical integration, and this talk will practically show users how to secure an existing Tekton instance. This talk will also cover other build systems (e.g. Github Actions) which users may be using as part of their cloud native deployments. | https://www.youtube.com/watch?v=iZpFtalj4xE | 2022-05-30T20:40:57Z |
| Securing Kubernetes Applications by Crafting Custom Seccomp Profiles - Sascha Grunert, Red Hat | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Securing Kubernetes Applications by Crafting Custom Seccomp Profiles - Sascha Grunert, Red HatApplying seccomp profiles to Kubernetes workloads is one of the most efficient ways in securing containers. The profiles have to be created with care and need to be maintained over the complete lifecycle of the application. This manual effort causes that many applications either stick to the runtime default profile or turn the feature off at all. In this talk, Sascha will demonstrate how to create a custom seccomp profile for a specific containerized application. It will cover the basic techniques of collecting the required syscalls by hand, and also advanced ways of utilizing eBPF and automatic audit log tracing. The session will also discuss the drawbacks of relying on automations. In the end, Sascha will show how to create multi architecture profiles and utilizes in-cluster enhancements like the Security Profiles Operator to create an application specific profile. Join this talk to learn more about seccomp in Kubernetes and how to secure your applications! | https://www.youtube.com/watch?v=alx38YdvvzA | 2022-05-30T20:40:57Z |
| Sailing Multi Cloud Traffic Management With Karmada - Zhonghu Xu, Huawei | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Sailing Multi Cloud Traffic Management With Karmada - Zhonghu Xu, HuaweiMulti-Cloud is becoming a new trend in recent years. It is the superset of multiple public cloud, hybrid, on-premises, and edge. It not only provides higher availability and flexibility but also prevents vendor lock-in. Karmada is a kubernets management system, it is natively suitable for multi-cloud application management. In this topic, Zhonghu will show you what Karmada can do for Multi-Cloud applications communicating on flat network and different networks. There are already many solutions that can help acquire L3 network connectivity cross multi-cloud, like VPN peering, submariner, etc. So the biggest challenge is L7 traffic management, Zhonghu will elaborate on how Karmada perfectly integrates with Istio to provide flexible and rich L7 traffic management features: priority routing, failover to another cloud, and also brings natural security in east-west traffic. | https://www.youtube.com/watch?v=rzFbxeZQHWI | 2022-05-30T20:40:57Z |
| Running Containerd and k3s on MacOS - Akihiro Suda, NTT Corporation & Jan Dubois, SUSE | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Running Containerd and k3s on MacOS - Akihiro Suda, NTT Corporation & Jan Dubois, SUSEIt has been very hard to use Mac for developing containerized apps. A typical way is to use Docker for Mac, but it is not FLOSS. Another option is to install Docker and/or Kubernetes into VirtualBox, often via minikube, but it doesn't propagate localhost ports, and VirtualBox also doesn't support the ARM architecture. This session will show how to run containerd and k3s on macOS, using Lima and Rancher Desktop. Lima wraps QEMU in a simple CLI, with neat features for container users, such as filesystem sharing and automatic localhost port forwarding, as well as DNS and proxy propagation for enterprise networks. Rancher Desktop wraps Lima with k3s integration and GUI. | https://www.youtube.com/watch?v=g5GCsbjkzRM | 2022-05-30T20:40:57Z |
| Rook: Intro and Deep Dive with Ce... Travis Nielsen, Sebastien Han & Blaine Gardner, Satoru Takeuchi | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Rook: Intro and Deep Dive with Ceph Storage - Travis Nielsen, Sebastien Han & Blaine Gardner, Red Hat; Satoru Takeuchi, Cybozu, Inc.The Rook project will be introduced to attendees of all levels and experience. Rook is an open source cloud-native storage operator for Kubernetes, providing the platform, framework, and support for Ceph to natively integrate with Kubernetes. A deep-dive will be presented for the Ceph storage provider to show how Rook provides stable block, shared file system, and object storage for your production data. The recent features in the v1.9 release will be covered to further illustrate how Rook continues to be enhanced for production environments. Rook was accepted as a graduated project by the Cloud Native Computing Foundation in October 2020. | https://www.youtube.com/watch?v=TwGJsTa3F2g | 2022-05-30T20:40:57Z |
| Production-scale Containerized Game Platform Practice in Bytedance - Chenyu Jiang & Viktor Farcic | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Production-scale Containerized Game Platform Practice in Bytedance - Chenyu Jiang, ByteDance, Inc & Viktor Farcic, UpboundClassical games servers are running on physical machines or virtual machines to provide services to players. However, packaging game servers as in containers is quickly gaining traction across the tech landscape because of container's isolated runtime paradigm, cost efficiency and elasticity. In Bytedance, games is one of the major vertical domains and we need a mature games-centric platform to serve games from both in-house games studios and agents of game manufacturers globally. In this talk, a Bytedance's practice will be shared in establishing a Kubernetes based Game platform. It leverages multiple CNCF open source frameworks: Crossplane, KubeVela, Agones to address challenges and requirements for games to go cloud-native, such as game servers and dependency resource deployment in multi-cloud/multi-region, game servers orchestration and stateful games service autoscaling. | https://www.youtube.com/watch?v=bHDPCuCCH0E | 2022-05-30T20:40:57Z |
| Making Your Apps and Infrastructure Services Failure-Resilient with... Yaron Schneider & Henry Spang | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Making Your Apps and Infrastructure Services Failure-Resilient with Dapr - Yaron Schneider, Diagrid & Henry Spang, MicrosoftMicroservices architectures see a growing number of deployments and with it a larger number of infrastructure dependencies like databases, caches, message buses, secret stores and others. To prevent cascading failures, developers need to make sure that not only their apps are recoverable and resilient to failures, but also the underlying infrastructure that their applications interact with. In this talk, we'll explore how Dapr helps developers apply global resiliency policies across their apps and cloud or on-premises infrastructure services, irrespective of where their apps are deployed or what programming language they are using. | https://www.youtube.com/watch?v=Jw05zFpsPms | 2022-05-30T20:40:57Z |
| Make Cloud Native Chaos Engineering Easier - Deep Dive into Chaos Mesh - Cwen Yin, PingCAP | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Make Cloud Native Chaos Engineering Easier - Deep Dive into Chaos Mesh - Cwen Yin, PingCAPChaos Mesh is one of the most popular open-source chaos engineering platforms, with the goal of making chaos engineering easier and more accessible. In this session, Cwen will provide a brief overview of Chaos Mesh. He will then dive deep into how Chaos Mesh is implemented and its concrete practices. Cwen will also guide the audience through how to better apply observability to a chaos engineering Workflow, in order to improve the efficiency and effectiveness of chaos experiments. In the end, he will share how the team’s latest exploration around chaos engineering and their plan to evolve Chaos Mesh. | https://www.youtube.com/watch?v=bZnI5omUKe4 | 2022-05-30T20:40:57Z |
| Kubernetes SIG Node Intro and Deep Dive - Sergey Kanzhelev & Dawn Chen, Elana Hashman & Derek Carr | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Kubernetes SIG Node Intro and Deep Dive - Sergey Kanzhelev & Dawn Chen, Google; Elana Hashman & Derek Carr, Red HatThese are exciting times for Kubernetes SIG Node. Come to our maintainers track session to learn about the just released version 1.24 of Kubernetes, full of exciting improvements and get a glance into the SIG Node roadmap. SIG Node owns components that control interactions between pods and host resources, including the Kubelet, Container Runtime Interface (CRI), and Node API. SIG Node is responsible for the Pod’s lifecycle from allocation to teardown, to liveness checks and shared resource management. We work with the various container runtimes, kernels, networking, storage, and more; anything a pod touches is SIG Node’s responsibility! We will discuss how Container Runtime logic was streamlined and simplified with dockershim removal, progress on cgroup v2 support, as well as many other improvements. Join this session to learn more about our SIG, and how you might get involved to make Node even better! | https://www.youtube.com/watch?v=FGRenKv4RgY | 2022-05-30T20:40:57Z |
| Kubernetes Persistent Data Challenges – AZ, Region and Multi-Clou... Chris Milsted & Patrick McFadin | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Kubernetes Persistent Data Challenges – AZ, Region and Multi-Cloud Patterns - Chris Milsted, Ondat & Patrick McFadin, DataStaxIn this talk we are going to explore the patterns for building resilient applications with data persistence requirements on Kubernetes. We will be discussing deploying stateful workloads like Cassandra in Kubernetes using operators, with demos and examples at each stage using native objects like PVCs, dynamic provisioning and the k8ssandra operator. We will also be providing a sneak peek of some of the multi-cluster challenges with Kubernetes and Kube-Fed. Four architectural patterns will be covered with worked examples: The first pattern will be within an AZ, how to work with PVs. The next pattern will be spanning three AZs, and how to embrace or work around PV/AZ affinity constraints. The next pattern is three AZs and two regions within a single provider. Here we start to see physical limitations such as the speed of light begin to impinge on our patterns. Lastly, we move to two providers and hybrid-cloud patterns, leveraging operators to deliver our sample Cassandra workload. | https://www.youtube.com/watch?v=N7BYKhpqGXw | 2022-05-30T20:40:57Z |
| Kubernetes Data Protection WG Deep Dive - Xiangqian Yu, Google & Xing Yang, VMware | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Kubernetes Data Protection WG Deep Dive - Xiangqian Yu, Google & Xing Yang, VMwareData Protection WG is dedicated to promoting data protection support in Kubernetes. The Working Group is working on identifying missing functionalities and collaborating across multiple SIGs to design features to enable data protection in Kubernetes. In this session, the co-chairs of this WG will discuss what is the current state of data protection in Kubernetes and where it is heading in the future. They will also talk about how interested parties (including storage and backup vendors, cloud providers, application developers, and end users, etc.) can join this WG and contribute to this effort. Details of the WG can be found here: https://github.com/kubernetes/community/tree/master/wg-data-protection. | https://www.youtube.com/watch?v=nO-0LqWtpqg | 2022-05-30T20:40:57Z |
| KubeFlux: An HPC Scheduler Plugin for Kubernetes - Claudia Misale & Daniel Milroy | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.KubeFlux: An HPC Scheduler Plugin for Kubernetes - Claudia Misale, IBM T.J. Watson Research Center & Daniel Milroy, Lawrence Livermore National LaboratoryAdoption of cloud technologies by high performance computing (HPC) is accelerating, and HPC users want their applications to perform well everywhere. While container orchestration frameworks provide advantages like resiliency, elasticity, and declarative management, they are not designed to enable application performance to the same degree as HPC workload managers and schedulers. In response to increased interest in scheduling flexibility, the Kubernetes community developed the Scheduling Framework to facilitate integration of new policies and schedulers. We present KubeFlux, a Scheduling Framework plugin based on the Fluxion open-source HPC scheduler developed at the Lawrence Livermore National Laboratory. We discuss uses for KubeFlux and compare the performance of an application scheduled by the Kubernetes default scheduler and KubeFlux. KubeFlux is an example of the rich capability that can be added to Kubernetes and paves the way to democratization of the cloud for HPC workloads. | https://www.youtube.com/watch?v=3HGzzfsFrGQ | 2022-05-30T20:40:57Z |
| How Linkerd Helped bink Partner up with Barclays - Mark Swarbrick, bink | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.How Linkerd Helped bink Partner up with Barclays - Mark Swarbrick, binkIn this session, Mark Swarbrick, Bink's Head of Infrastructure, will share how Linkerd gave the fintech startup the confidence to partner up with Barclays and serve millions of customers in the UK. Around 2016, the Bink infrastructure team started containerizing their apps. Not long after they migrated to the cloud and moved their apps onto Kubernetes. Still in the early days, they experienced issues with the cloud's unstable networking infrastructure, leading to multiple issues including huge amounts of random TCP disconnects, UDP connections just going missing, and other faults. After a little research, they gave Linkerd a try and, lo and behold, as soon as they started experimenting with it, network faults caused by the instabilities dropped significantly. The timing could not have been better. The team was just starting conversations with Barclays and Linkerd's metrics allowed them to monitor their SLOs and agree to the bank's ambitious latency and success rated based SLAs. | https://www.youtube.com/watch?v=clICN5FXyNE | 2022-05-30T20:40:57Z |
| Harbor - Enterprise Cloud Native Artifact Regi... Yan Wang, Chenyu Zhang, Daojun Zhang & Vadim Bauer | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Harbor - Enterprise Cloud Native Artifact Registry - Yan Wang, Chenyu Zhang, Daojun Zhang, VMware & Vadim Bauer, Container RegistryProject Harbor is an open-source trusted cloud native registry project that stores, manages, signs, and scans content, thus resolving common image or Helm Chart management challenges. It has been widely used by organizations large and small around the world to resolve both the container image and Helm Chart management challenges. In this presentation, we will cover some advanced features of using Harbor, such as image signature management(cosign), image management in a cloud environment, unified management of Helm chart and container images, and highly-available deployments.Furthermore, the team would love to get feedback from users and contributors to current features and future roadmap. | https://www.youtube.com/watch?v=00Gkoijmxlc | 2022-05-30T20:40:57Z |
| gRPC For Microservices: Service-mesh and Observability - Sanjay Pujare & Wenbo Zhu, Google | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.gRPC For Microservices: Service-mesh and Observability - Sanjay Pujare & Wenbo Zhu, GooglegRPC is a popular and the de facto framework for connecting services. gRPC is language and platform independent. It was initially created by Google, as the next version of “Stubby” where “Stubby” was used to connect Google’s large number of microservices. gRPC recently has added many features for the proxyless service mesh. These features enable gRPC based microservices to do traffic management (which includes service discovery, routing and load balancing), and security without the use of proxies or without rewriting any code to make use of these features. gRPC also offers built-in observability support such as logging, metrics and tracing for microservices. One can try these features out in Google Cloud where the gRPC observability plugins seamlessly integrate with Google Cloud’s Operations Suite to give you dashboards for logs, metrics and traces. | https://www.youtube.com/watch?v=y2lKORewzJA | 2022-05-30T20:40:57Z |
| GitOpsify Everything: When Crossplane Meets Argo CD - Ying Mo & Ken Murray, IBM | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.GitOpsify Everything: When Crossplane Meets Argo CD - Ying Mo & Ken Murray, IBMArgo CD is a popular CNCF incubating project that implements GitOps on Kubernetes to drive continuous delivery of Cloud Native applications. Using Git at its core, it's been widely adopted across the industry. However, real-world organizations may still have many traditional IT systems, they may have invested heavily on management automation for these systems. How can they benefit from GitOps? This session will share the magic to combine Argo CD and existing non cloud native IT automation assets by crafting a bridge using Crossplane, another popular CNCF incubating project. It works seamlessly with existing automation technologies such as Ansible and Terraform, with a large user base and mature eco-systems. This empowers you to GitOpsify everything, cloud native or non cloud native, to manage hybrid technologies using GitOps consistently. The session will also share some best practices and lessons learned that you may consider when you start the GitOps transition with your IT systems. | https://www.youtube.com/watch?v=9odjdVqJkws | 2022-05-30T20:40:57Z |
| Empower Autonomous Driving with Cloud Native Serverless Technologies - Benjamin Huo & Xiuming Lu | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Empower Autonomous Driving with Cloud Native Serverless Technologies - Benjamin Huo, QingCloud Technologies & Xiuming Lu, UISEEFor an Autonomous-Driving platform, the complex use cases and numerous modules pose huge challenges to the entire architecture. Take data-archiving as an example, large amounts of time-sensitive data are generated in the vehicle and cloud every second, scattered in various devices and clusters. Challenges like multi-types of storage media, non-uniform data size, mixed asynchronous operations, steep resource overhead curves all prompt for a more flexible, elastic, and cost-saving architecture. In this talk, UISEE developers and OpenFunction maintainers will talk about: - Why does Autonomous-Driving need a modern FaaS platform powered by Dapr, Keda, and Knative? - Cloud Native FaaS Platform OpenFunction Intro. - Why is an asynchronous function a good fit for Autonomous-Driving? - How does UISEE use the Asynchronous functions in Autonomous-Driving? - The benefits that a modern FaaS platform brings to Autonomous-Driving. - OpenFunction updates & roadmap. | https://www.youtube.com/watch?v=gPee28M04R8 | 2022-05-30T20:40:57Z |
| CRI-O: Secure, Performant, and Boring... Peter Hunt, Urvashi Mohnani, Mrunal Patel & Sascha Grunert | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.CRI-O: Secure, Performant, and Boring as Ever! - Peter Hunt, Urvashi Mohnani, Mrunal Patel & Sascha Grunert, Red HatAnyone who has followed CRI-O, the OCI compliant implementation of the Kubernetes Container Runtime Interface (CRI), knows that it aims to be secure, performant, and over-all boring. Implemented as exactly the CRI implementation Kubernetes needs, and nothing more, allows it to be optimized, secured, and version-locked for Kubernetes. In this talk, Sascha Grunert, Mrunal Patel, Urvashi Mohnani, and Peter Hunt will give an overview of CRI-O, as well as discuss some recent improvements that highlight these three key aspects of CRI-O. The talk will cover the ease with which it transitioned between CRI versions, optimizations in container exec probes with conmon-rs, security improvements regarding SELinux relabelling for container volumes, and general security enhancements by running seccomp by default. People who join us, whether seasoned end-users or budding community members, should learn what CRI-O has to offer as the container manager that loves Kubernetes the most. | https://www.youtube.com/watch?v=9OTsR3XN9Nk | 2022-05-30T20:40:57Z |
| Crack the FaaS Cold Start and Scalability Bottleneck - Cathy Zhang & Rui Zang, Intel | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Crack the FaaS Cold Start and Scalability Bottleneck - Cathy Zhang & Rui Zang, IntelFaaS provides many benefits to the end-users, such as zero maintenance and on-demand auto-scaling. As each new technology brings benefits, it brings challenges. There are two major challenges: cold start latency and autoscaling speed in response to bursty traffic. Cold start latency refers to the time it takes to create a new function instance and get it ready to start execution. Autoscaling refers to the operation of automatically adjusting the number of running function instances to meet the traffic demand. This talk provides a detailed analysis of what causes the cold start latency and the autoscaling bottleneck. It then presents a new approach that reduces the cold start latency through instantiating a new function instance from a combination of its memory snapshot and its essential code chunks. The authors will share their learnings and test results. On the autoscaling part, the authors will share their insight of using an elastic function sandbox to boost the auto-scaling speed. | https://www.youtube.com/watch?v=RUfcc-OpBAM | 2022-05-30T20:40:57Z |
| CNCF TAG Network and Service Mesh Working Group Deep-Dive - Lee Calcote, Ken Owens, Ed Warnicke, | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.CNCF TAG Network and Service Mesh Working Group Deep-Dive - Lee Calcote, Layer5; Ken Owens, Fiserv; Ed Warnicke, CiscoWith the increasing prevalence of microservice-based distributed systems, this is true: the network, as a discipline, has never been so critical in the efficient operation of cloud-native deployments. Network primitives including load balancing, observability, authentication, authorization, policies, rate limiting, QoS, mesh networks, traditional infrastructure bridging, and so on are now being developed and invested by the entire industry, and are the focus of the Service Mesh Working Group withing the CNCF TAG Network. Listen to our introduction and get an in-depth understanding of the service mesh projects being managed within the working group. | https://www.youtube.com/watch?v=ofZyEMTwBwA | 2022-05-30T20:40:57Z |
| Bypassing Falco: How to Compromise a Cluster without Tripping the SOC - Shay Berkovich, BlackBerry | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Bypassing Falco: How to Compromise a Cluster without Tripping the SOC - Shay Berkovich, BlackBerryThe explosive growth of Kubernetes has left security professionals scrambling to deploy innovative tools to address the inherent security risks. One such tool is The Falco Project - an incubating CNCF tool for detecting malicious activity at run time. Falco, like many security tools, has some gaps. This talk highlights these gaps by introducing various techniques to silently bypass the default Falco ruleset (based on Falco v0.30.0 release). The attendees will learn 9 different classes of bypasses, 7 of which are novel and have never been presented. The bypasses allow for stealthy target enumeration, privilege escalation and lateral movement. To aid with the bypass automation, Shay will introduce a special container image and multiple code snippets built specifically for Falco bypasses. To wrap up, we will apply the bypass techniques on securekubernetes cluster (presented on KubeCon NA 2019) and demonstrate how an attacker can achieve full cluster compromise without tripping the SOC. | https://www.youtube.com/watch?v=2rSiSpaR6bI | 2022-05-30T20:41:38Z |
| Build a Cloud Native Logging Pipeline on the Edge with Fluentbit Operator - Feynman Zhou, QingCloud | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Build a Cloud Native Logging Pipeline on the Edge with Fluentbit Operator - Feynman Zhou, QingCloudFluentBit Operator was created by the KubeSphere community to solve several problems: 1. Collect K8s logs through a light-weighted agent like Fluent Bit 2. Control Fluent Bit via Kubernetes API 3. Collect logs and then send them to the final destination without having to go through Fluentd 4. Enable dynamic config reloading for Fluent Bit to reload its config whenever the config changes without restarting the Fluent Bit Pod. FluentBit Operator has reached its maturity level gradually after two and a half years of iterations, now it has became the subproject of Fluent community. In this talk, FluentBit Operator maintainers will talk about the architecture and design of Fluent Operator, and demonstrate how to use FluentBit Operator on K3s to process logs for the edge and IoT scenarios. | https://www.youtube.com/watch?v=D_nyUhO8Y7Q | 2022-05-30T20:41:38Z |
| Adapting TiKV for Cloud Storage - Xinye Tao & Jinpeng Zhang, PingCAP | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Adapting TiKV for Cloud Storage - Xinye Tao & Jinpeng Zhang, PingCAPTiKV is a cloud-native key-value database built in Rust. As a distributed storage layer, the underlying storage hardware plays a key role in how it performs. This session will start with an introduction to the modern cloud storage stack, highlighting the challenges and opportunities that come with it. After that, we will deep dive into several new features aimed at improving TiKV's service quality in the cloud, including Raft Engine, Prioritized I/O Rate Limiting and [...]. Finally, we'd love to get feedback as we lay out the future plan on bringing TiKV even closer to the cloud. | https://www.youtube.com/watch?v=hzzHn6oiOp8 | 2022-05-30T20:41:38Z |
| OpenTelemetry: The Road Ahead + Meet the Co... Morgan McLean, Alolita Sharma, Ted Young, Daniel Dyla | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.OpenTelemetry: The Road Ahead + Meet the Community - Morgan McLean, Splunk; Alolita Sharma, Amazon; Ted Young, Lightstep; Daniel Dyla, DynatraceThis session is for anyone interested in observability or OpenTelemetry to learn more about the project, and to meet and discuss our status and roadmap with maintainers! We will begin with a brief presentation of our recent releases and roadmap for the next year, followed by a panel discussion hosted by governance committee members, technical committee members, and maintainers. | https://www.youtube.com/watch?v=2uuqGuKpyQ8 | 2022-05-30T20:41:38Z |
| Open Policy Agent (OPA) Intro & Deep Dive - Anders Eknert, Styra & Will Beason, Google | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Open Policy Agent (OPA) Intro & Deep Dive - Anders Eknert, Styra & Will Beason, GoogleCome to this session to learn about the Open Policy Agent (OPA) project. OPA is a general-purpose policy engine that solves a number of policy-related use cases for Kubernetes, microservices, CI/CD, cloud, and more. During this session the OPA maintainers will introduce the project for newcomers and then provide updates on the latest and greatest features landing in OPA and OPA Gatekeeper. If you are interested in policy and security as it relates to cloud native technology, this session is for you. | https://www.youtube.com/watch?v=MhyQxIp1H58 | 2022-05-30T20:41:38Z |
| Notary v2: Deep Dive and Open Issues - Justin Cormack, Docker & Steve Lasker, Microsoft | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Notary v2: Deep Dive and Open Issues - Justin Cormack, Docker & Steve Lasker, MicrosoftNotary v2 is a community project to solve the issues that the existing Notary project has that have hindered widespread adoption. The project is a community initiative with the main registry operators, including Docker, Microsoft and Amazon, as well as a broad community of other interested parties and end users. This talk will cover an overview of the project status and cover the open issues and current working areas for the project, around formats and standardisation, open security issues and future work. | https://www.youtube.com/watch?v=7U4VdjgOFJc | 2022-05-30T20:41:38Z |
| State of NATS: Core, Persistence, & Materialized Views - Tomasz Pietrek, Synadia Communications | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.State of NATS: Core, Persistence, & Materialized Views - Tomasz Pietrek, Synadia CommunicationsNATS is a high performance cloud native distributed communications utility that allows you to build globally available and secure applications based on streams and services that are both fast and simple to operate. In this talk you will learn about the advanced features of NATS JetStream persistence implementation that includes both Key-Value & Object Store use-cases. You will also see a demo showcasing the flexibility of the NATS newly added Materialized Views capabilities. We will also discuss how it integrates with other CNCF projects, and simplifies your distributed application code base with functions like: watches, history, & sealed streams that are seamlessly integrated via the NATS CLI & API. | https://www.youtube.com/watch?v=MPda_7EPrNU | 2022-05-30T20:41:38Z |
| Deep Dive into Minikube - Medya Ghazizadeh & Sharif Elgamal, Google | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Deep Dive into Minikube - Medya Ghazizadeh & Sharif Elgamal, GoogleA deep dive into minikube's architecture and sharing top 20 useful tips on using minikube and sharing lessons from 5 years of maintaining minikube. | https://www.youtube.com/watch?v=Iyq_MlSku-I | 2022-05-30T20:41:38Z |
| Longhorn: Intro, Deep Dive and Q&A - Sheng Yang, Joshua Moody, SUSE | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Longhorn: Intro, Deep Dive and Q&A - Sheng Yang, Joshua Moody, SUSELonghorn is a cloud-native distributed block storage solution for Kubernetes, providing an opinionated solution to cover different storage topology, data protection, and data services like snapshots, replication, encryption, backup restore, disaster recovery, etc. In this talk, there will be several parts to have an introduction of Longhorn and have deep-dive discussions to talk about the technical details, the recent release, and future plans. Longhorn was accepted as an incubating project by the Cloud Native Computing Foundation in November 2021. | https://www.youtube.com/watch?v=EE185g4myLc | 2022-05-30T20:41:38Z |
| Running Kubernetes in a Manufacturing Line – What Could Possibly... Mario Fahlandt & Tobias Schneck | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Running Kubernetes in a Manufacturing Line – What Could Possibly Go Wrong? - Mario Fahlandt & Tobias Schneck, Kubermatic GmbHImagine your manufacturing line is controlled by services running in your datacenters’ Kubernetes clusters. You have facilities in locations all over the world. You provide a managed service with uptime SLA. Now, there is an issue with the internet connection. Or security is shutting down all connections to defend against a cyberattack. And your production line must keep working because every downtime is money. This was the challenge to solve, and we did! Did you ever think about - How to run basic Infrastructure Services like DHCP and DNS in a cloud native way for manufacturing services? How to autoscale cluster on-prem? Follow us in the rabbit hole using all kinds of CNCF projects to build a setup that scales, is able to shift and redeploy workloads, and continues to function without relying on cloud vendors or external services. We will show you the obvious and non-obvious challenges of cloud native adopters in the industry 4.0 sector, including some true edge computing cases. | https://www.youtube.com/watch?v=nE2RnhgUTHI | 2022-05-30T20:41:38Z |
| Building an Agile Platform in a Highly Regulated Industry - Fredrik Klingenberg & Jonas Samuelson | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Building an Agile Platform in a Highly Regulated Industry - Fredrik Klingenberg, Aurum AS & Jonas Samuelson, If InsuranceDuring this talk, Jonas Samuelson, Platform Engineer at If-Insurance, and Fredrik Klingenberg, Principal Software Engineer at Aurum AS, will share how If-Insurance — the leading property and casualty insurer in the Nordics — built an agile platform based on Kubernetes, Linkerd, and GitOps within the constraints of a highly regulated industry. How does a large enterprise like If-Insurance balance rapid innovation to compete with disruptive newcomers while adhering to strict security and regulatory requirements? Jonas and Fredrik will discuss If-Insurance's GitOps-based platform and application deployment engine and their tools and techniques to remake the way If-Insurance runs and manages software. This talk will cover how If's immutable platform allows them to train for disaster recovery constantly, how their entire platform was built using GitOps, and how they onboarded teams shifting from a deployment mindset to a GitOps one. | https://www.youtube.com/watch?v=urWojY1jxdc | 2022-05-30T20:41:38Z |
| Composability is to Software as Compounding Interest is to Finance - Bill Mulligan, Isovalent | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Composability is to Software as Compounding Interest is to Finance - Bill Mulligan, IsovalentThe cloud native ecosystem is built of composable projects that can be stacked, recombined, reused, and built upon. This composability allows cloud native developers to iterate and ship functionality fast and creates compounding value to businesses from telcos to machine learning to gaming. This talk will trace the history of composability within the cloud native landscape from making Kubernetes pluggable and extensible through the CNI and CRI to standardizing observability with Prometheus and OTel to eBPF making security and networking composable with Cilium. Along the way we will discover how each interface and extension built the value of the project and the ecosystem as a whole creating a learning and business value flywheel. The audience will learn how the composability of cloud native has helped grow the public cloud, generated many successful startups, given meaningful careers to a wide variety of people, and why buying into composable ecosystems compounds business value. | https://www.youtube.com/watch?v=25aVkm89ZT8 | 2022-05-30T20:41:38Z |
| How Adobe is Optimizing Resource Usage in Kubernetes - Carlos Sanchez, Adobe | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.How Adobe is Optimizing Resource Usage in Kubernetes - Carlos Sanchez, AdobeMoving to Kubernetes opens the door to a world of possibilities, the amount of workloads that can be run and the flexibility it provides. However this comes at a cost on managing the resources used by many applications and teams. At Adobe we make extensive use of standard Kubernetes capabilities to reduce resource usage and we have also built some solutions at several levels of the stack to improve it. From autoscaling to workload hibernation, from automated resource requests to Kubernetes Jobs, we have experimented with and implemented several features that decrease our resource usage and lower the cost of running many Kubernetes clusters at scale. Both at workload resource level and also at achieving higher density clusters that reduce the number of clusters we need and the operating costs. | https://www.youtube.com/watch?v=iVD5YI1-U_M | 2022-05-30T20:41:38Z |
| From Cloud Naive to Cloud Native – Avoiding Mistakes Everyone Does - Max Körbächer, Liquid Reply | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.From Cloud Naive to Cloud Native – Avoiding Mistakes Everyone Does - Max Körbächer, Liquid Reply“Cloud native” is nowadays a very brought word, used for everything from projects going to the cloud, open source solutions or in architecture terminology. This misleads initiatives and corporate decisions on cloud-first projects as well as their promised savings, improvements or speed gain. In this talk, we will have a look at common mistakes, how corporations place them elf into a twister and why you first need to really understand Netflix, Spotify and co, so that you can understand that you are very much different. Because migrating to the cloud, doesn’t make you native. Feel the passive-aggressive vibes? Good, now we can talk! Let us seriously discuss about architectural patterns, what really matters in your cloud provider, leading decision processes on a technical level and finally what are the steps to become cloud native and not cloud naive. | https://www.youtube.com/watch?v=EhBJkbo0rIE | 2022-05-30T20:41:38Z |
| Making Sense of Chaos: Implementing Chaos Engineering in a Fintech... Iqbal Farabi & Giovanni Sakti | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Making Sense of Chaos: Implementing Chaos Engineering in a Fintech Company - Iqbal Farabi & Giovanni Sakti, GoTo FinancialChaos engineering is defined as “the facilitation of experiments to uncover systemic weaknesses” by The Principles of Chaos Engineering. This is done by building a hypothesis around the behavior of a system and running experiments to vary real-world events. By doing these experiments, we can build confidence on the behavior of a complex system in the face of disruptions. In this talk, we will discuss our experience in implementing chaos engineering principles in GoTo Financial (GTF), one of Indonesia’s biggest fintech startups. As GTF is operating in a heavily regulated industry, we have the obligation to comply with financial regulations. One of those is adhering to certain service level objectives (SLO) for all cloud native infrastructures we maintain. Implementing chaos engineering in such a system should be handled with care. We will delve into both technical aspects of adopting chaos engineering practices and the approaches to roll out such initiatives to the wider organization. | https://www.youtube.com/watch?v=-7NdVuSVZFo | 2022-05-30T20:41:38Z |
| Komrade: an Open-Source Security Chaos Engineering (SCE) Tool for... Aaron Rinehart & Matas Kulkovas | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Komrade: an Open-Source Security Chaos Engineering (SCE) Tool for K8s - Aaron Rinehart, Verica.io & Matas Kulkovas, Cast.aiSecurity Chaos Engineering (SCE) is an emerging discipline that serves as a foundation for proactively discovering system weaknesses before they become an opportunity for a malicious actor. The goal of SCE experiments is to move security toward continuous recalibration and increased confidence by deriving a more realistic understanding of how well security practices perform under expected conditions. This new technique of instrumentation proactively injects security turbulent conditions or faults into systems to determine the conditions by which our security will fail so that we can fix it before it causes customer pain. During this session, the speakers will dive into SCE as a discipline as well as showcase a demo of 'komrade', the 1st Open-Source Tool for running SCE experiments on Kubernetes. | https://www.youtube.com/watch?v=9uzexriaXj4 | 2022-05-30T20:41:38Z |
| Making On-Prem Bare-Metal Kubernetes Network Stack Telco Ready - Christopher Dziomba & Marcel Fest | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Making On-Prem Bare-Metal Kubernetes Network Stack Telco Ready - Christopher Dziomba & Marcel Fest, Deutsche TelekomIf your task is to do Kubernetes at scale and at speed (read: 100s & 1000s of clusters instantly provisioned on-demand), in a complex on-prem environment, on bare metal (yes, no overlay networks, raw power) you will quickly find that the legacy network and network legacy are some of your biggest enemies. No matter how much Kubernetes gets easy on its own, making it usable in such context will require a lot of plumbing, workflows, host tuning etc. If you are a telco, like Deutsche Telekom with historically grown multitude of heavily segmented networks with 100s of historically grown overlapping VRFs it is practically mission impossible. In this talk Deutsche Telekom will share how they tackled that challenge and how they reimagined and implemented network fabric for on-prem bare metal Kubernetes cloud which pretty cloud natively supports their internal Cluster-as-a-Service offering. This cloud is hosting clusters where some of their most demanding applications like 5G core are running. | https://www.youtube.com/watch?v=ICvfr0sPSjs | 2022-05-30T20:41:38Z |
| To IPv6 - The Dual-stack Adoption Advisory Panel | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.To IPv6 - The Dual-stack Adoption Advisory Panel - Bridget Kromhout, Microsoft; Tim Hockin, Google; Dinesh Majrekar, Civo; Lachie Evenson, Microsoft; Rags Srinivas, InfoQWe all know we’re running out of IPv4 addresses. Kubernetes introduced the current implementation of dual-stack networking (supporting both IPv4 and IPv6 at the same time) in v1.20, and the dual-stack feature graduated to stable in v1.23. While the world has been slow to adopt IPv6, it is happening. It’s time to learn about using dual-stack to start your own move away from IPv4, supported by changes in Kubernetes components such as pods and services. Join for the discussion as SIG Network members and Kubernetes contributors dive into the technical details underlying the move to dual-stack networking, and leave with recommendations to shape your IPv4/IPv6 rollout strategy. | https://www.youtube.com/watch?v=CqfEwzXI5W0 | 2022-05-30T20:41:38Z |
| "My CNI Plugin Did… What?!": Debugging CNI with Style & Aplomb - Douglas Smith & Daniel Mellado Area | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects."My CNI Plugin Did… What?!": Debugging CNI with Style and Aplomb - Douglas Smith & Daniel Mellado Area, Red HatJust because CNI is simple – doesn't mean it's easy. We're going to hook you up with the tools of the trade to analyze what's up when your CNI plugin is feeling down. It sure is easy to speak STDIN and STDOUT and write CNI plugins, but debugging CNI plugins in production takes more than brute force and will power – it takes a toolbox. From cnitool, to dummy CNI plugins, to enhancing your logging, we'll show the tools we use every day to make zeroing in on CNI problems a cool breeze. Not only will we crash CNI plugins on-the-fly to show you how we inspect what's happening, we'll also show you how we handle logging so you can analyze reports from your users when you don't have direct access to systems. We'll talk about how we architect CNI plugins to make debugging easier, and talk about thin plugin vs. thick plugins programming patterns, and show you how it impacts debuggability. Not only does it make debugging easier, it'll make developing easier. | https://www.youtube.com/watch?v=WSO-AFo7dEg | 2022-05-30T20:41:38Z |
| Better Bandwidth Management with eBPF - Daniel Borkmann & Christopher M. Luciano, Isovalent | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Better Bandwidth Management with eBPF - Daniel Borkmann & Christopher M. Luciano, IsovalentKubernetes provides many knobs for managing common system resources such as vCPUs and memory limits per Pod, but often forgotten is the effect of unbounded network communication in a cluster. A large churn of packets from several services can starve bandwidth for other services. Also, out of the box TCP congestion management is not optimal for Internet-facing services. In this talk we will explore how eBPF can be leveraged to dynamically insert logic for flexible, efficient and scalable rate limiting and bandwidth management on a per-Pod basis. This talk details: - The scalability limits of token bucket filters by the bandwidth plugin, and why EDT (Earliest Departure Time) combined with eBPF is a major step forward. - How TCP congestion control with BBR can now be leveraged for Pods thanks to eBPF for significantly improving application latency and throughput. - The benefits of enforcing bandwidth limits at the egress point and considerations when to use ingress enforcement. | https://www.youtube.com/watch?v=QTSS6ktK8hY | 2022-05-30T20:41:38Z |
| Logs Told Us It Was DNS, It Felt Like DNS, It Had To Be DNS, I... Laurent Bernaille & Elijah Andrews | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Logs Told Us It Was DNS, It Felt Like DNS, It Had To Be DNS, It Wasn’t DNS - Laurent Bernaille & Elijah Andrews, DatadogIt all started with a team reaching out because they had DNS issues during rolling updates. Business as usual when you host hundreds of applications on dozens of Kubernetes clusters… Four weeks later: We are reading kernel code to understand the corner cases of dropping Martian packets. Could this be the connection between gRPC client reconnect algorithms and the overflowing conntrack table we can feel but not see? In time, we solved the issue. And for once… it wasn't DNS! In this talk, we will focus on one of the most complex incidents we have faced in our Kubernetes environment. We will go through the debugging steps in detail, dive deep into the mysterious behaviors we discovered and explain how we finally addressed the incident by simply removing three lines of code. | https://www.youtube.com/watch?v=NunyPkN0n3c | 2022-05-30T20:41:38Z |
| Observing Fastly’s Network at Scale Thanks to K8s and the Stri... Fernando Crespo & Daniel Caballero | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Observing Fastly’s Network at Scale Thanks to K8s and the Strimzi Operator - Fernando Crespo & Daniel Caballero, FastlyFastly efficiently delivers many Tbps thanks to an Edge Network that expands across tens of PoP across the globe; operating such a network comes with many challenges, so Fastly keeps investing in tooling and automated systems to make that journey as pleasant as possible. One of these systems is Fastly’s Autopilot: an automated system that performs egress traffic optimizations. This talk will provide a system overview, focusing then on the associated telemetry pipeline and how it leverages from our internal k8s-based platform (elevation), some key operators, like the Strimzi Kafka one, opensource networking libraries, like GoBGP, and tooling like FluxCD. Finally, this talk will also share some challenges and findings associated with this very network-related use case. | https://www.youtube.com/watch?v=eYZO7n_o0OQ | 2022-05-30T20:41:38Z |
| Metrics as a First-Class Citizen in the E2E Testing Landscape - Matej Gera & Jéssica Lins, Red Hat | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Metrics as a First-Class Citizen in the E2E Testing Landscape - Matej Gera & Jéssica Lins, Red HatExposing metrics through the metrics HTTP endpoint is the de facto standard when it comes to exporting application metrics in the cloud native universe. But did you know this well-known pattern can be used for more than just collecting metrics? This talk will show how instrumenting applications can be leveraged to improve your experience with end-to-end (E2E) testing. If your application is already instrumented for collecting metrics, why not take it a step further and use the exposed data to bring your E2E testing to the next level? This has the enormous benefits of giving you detailed insight into the state of the tested application and allows for more complex testing scenarios, which are not possible without observing the behavior of an application from the inside. The talk will also describe how this framework has been employed in several open-source projects, including Thanos and Observatorium, and what benefits have been gained from the change. | https://www.youtube.com/watch?v=jFm3WBtFhv4 | 2022-05-30T20:41:38Z |
| From Monitoring to Observability: Left Shift your SLOs with Chaos - Michael Friedrich, GitLab | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.From Monitoring to Observability: Left Shift your SLOs with Chaos - Michael Friedrich, GitLabSecurity has shifted left in CI/CD pipelines. Traditional service monitoring moved on with metrics, logs and traces and observability embraces the unknown unknowns. Developers and SREs are instrumenting applications with distributed tracing. How do service level objectives (SLOs) add to the bigger picture? This talk invites into a developer’s tale about ops deployment scalability, availability threshold definitions and measuring application performance. What are the benefits of app instrumentation, metrics and traces and where does the journey start? Dev becomes Ops: SLOs need to be well understood and simulated early in the development process. New building blocks come to play: Continuous Delivery, quality gates and chaos engineering - is it possible to left shift SLOs with Chaos in your CI/CD pipelines? | https://www.youtube.com/watch?v=BkREMg8adaI | 2022-05-30T20:41:38Z |
| Distributing PromQL for Fast and Efficient Kubernetes Fleet Monitor... Moad Zardab & Filip Petkovski | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Distributing PromQL for Fast and Efficient Kubernetes Fleet Monitoring - Moad Zardab, Red Hat & Filip Petkovski, ShopifyBoth Thanos and Cortex have enabled the cloud native ecosystem to scale Prometheus storage with the use of blocks of data persisted across many clusters into single object storage. Whilst this unlocks cheap long term retention of metrics, it presents a significant challenge of being able to efficiently read and process large volumes of data. This talk outlines the Thanos community's efforts to improve read path performance through query pushdown and query sharding and how it compares with existing Cortex approaches. Thanos deployment's are composed of stores; components that expose a consistent Prometheus compliant read API for retrieving timeseries, and queriers; components that combine raw timeseries and evaluate PromQL expressions against them. Query pushdown gives the opportunity to pre-evaluate these expressions closer to the data, while query sharding breaks down a query into distinct, disassociated datesets that can be computed concurrently thanks to Kubernetes. | https://www.youtube.com/watch?v=fD-j9u8hzgY | 2022-05-30T20:41:38Z |
| Show Me Your Labels and I’ll Tell You Who You Are - Sandor Guba, Cisco | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Show Me Your Labels and I’ll Tell You Who You Are - Sandor Guba, CiscoOne of the underestimated benefits of Kubernetes is the standardization of labels. Of course in every provision system, you have the ability to mark the assets with taints, tags, labels, or something. Prometheus raised the stakes and built a whole metric system on labels. The concept was so successful that more and more tooling tries to benefit from it. Modern logging, tracing, and metric systems have at least one common characteristic: they have labels. In this talk, Sandor will demonstrate how to fully exploit labels with tools that are available already at your hands. Correlate different inputs, transform logs to metrics, and more! | https://www.youtube.com/watch?v=TWf1ho0XMyM | 2022-05-30T20:41:38Z |
| Navigating the CNCF Landscape, the Right Way - D. Mohan, S. Raghunathan, K. Kushwaha & S. Pathak | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Navigating the CNCF Landscape, the Right Way - Divya Mohan, SUSE; Savitha Raghunathan, Red Hat; Kunal Kushwaha & Saiyam Pathak, CivoCNCF is the vendor-neutral home for cloud native projects. Including the most famous open source project in recent times, Kubernetes, it currently houses ~1,019 cards with a total of 2,957,938 stars. With a growing ecosystem, at an initial glance, the landscape may seem intimidating to newcomers, especially students. Journeying through the entire development and operations lifecycle, this panel aims to take a guided approach to cover the various projects involved right from the creation of the application to the deployment & monitoring. With various pit stops & forks along the way, the speakers hope to leave the audience with a fair idea of how to navigate the landscape effectively and embark on their cloud native journey. Should they also wish to contribute to any of the projects, the session also covers various tips & tricks on how to take their very first steps in the ecosystem as well. | https://www.youtube.com/watch?v=u7vUA61sZI4 | 2022-05-30T20:41:38Z |
| Kubectl Said What? - Christopher Hanson, RX-M, LLC | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Kubectl Said What? - Christopher Hanson, RX-M, LLCPods in a pending state? Containers in a Crashloop? DNS acting dastardly? (okay that last one was a stretch) You’ve definitely deployed your application but it isn’t available. Kubernetes is confirming the conundrum but what exactly is it trying to communicate? The goal of this session is to explore the causes of various phases, conditions, states, and events related to Kubernetes objects that are produced by kubectl so that you debug from an informed position. By understanding the possible causes of these conditions you will learn where to start, what to pay attention to, and what unrelated messages to ignore. Attendees should be interested in saving time, reducing effort, and minimizing frustration. We will interactively examine Kubernetes objects in various error states and the clues being presented by kubectl get, describe, events, and more. | https://www.youtube.com/watch?v=-cF8b9zcal0 | 2022-05-30T20:41:38Z |
| From Student to SRE That Loves CNCF in No Time - Jacob Valdemar Andreasen, Lunar | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.From Student to SRE That Loves CNCF in No Time - Jacob Valdemar Andreasen, LunarA year ago Jacob knew nothing about Kubernetes, Linkerd, or any other fancy CNCF projects. Jacob had been studying Software Technology for two years where he learned to write code and use software design patterns. In his fifth semester, Jacob decided to try something new and joined Lunar as a Site Reliability Engineer for a five-month full-time internship where he contributed to CNCF projects and learned to develop and maintain a GitOps based Kubernetes platform. By constantly questioning his knowledge and pushing his boundaries Jacob steadily learned how to navigate the CNCF environment. Now, 1 year and 6 months later, Jacob is a Certified Kubernetes Administrator and continues to work at Lunar where he plays with Kubernetes, Flux, Fluent Bit, Prometheus, Backstage, Linkerd, and many other exciting CNCF projects. By following Jacob’s journey we will explore the opportunities and obstacles you face as a student wanting to start their journey towards working as a platform engineer. | https://www.youtube.com/watch?v=7_k8Ni7VQy0 | 2022-05-30T20:41:38Z |
| Charting Your Own Course Through the Cloud Native Landscape - Matty Stratton & Whitney Lee | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Charting Your Own Course Through the Cloud Native Landscape - Matty Stratton, Pulumi & Whitney Lee, VMwareThe cloud native landscape is notoriously vast, and there is no hope of one human ever understanding every piece of it. Perhaps you should just quit now! Or instead, join Matty and Whitney on a journey with three fictional learners who are all trying to level up their Kubernetes knowledge, but with different backgrounds, goals, and learning styles. They will share resources and learning strategies that are beneficial to each. Anecdotal stories about how some real-life, well-known Kubernetes community members got their start will be sprinkled in along the way! The goal is not to give a comprehensive view of the Kubernetes learning landscape but instead to leave you feeling empowered to define your own personal learning strategies and goals, and then to seek out the resources that will best help you! | https://www.youtube.com/watch?v=dzcij4jDNbs | 2022-05-30T20:41:38Z |
| Writing Crossplane Providers with Code Generation - Muvaffak Onuş & Hasan Türken, Upbound | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Writing Crossplane Providers with Code Generation - Muvaffak Onuş & Hasan Türken, UpboundCrossplane providers are Kubernetes controllers that act as the bridges between your cluster and any external API. However, it’s always been a challenge to write them with CRDs that satisfy the Crossplane Resource Model and in turn Kubernetes Resource Model. In this talk, we will go over the steps of creating a provider with the latest Crossplane Runtime and code generation tooling and then we will see how we can wire that provider up to our application to provision external infrastructure. | https://www.youtube.com/watch?v=EN_vqJivZrk | 2022-05-30T20:42:01Z |
| Kubernetes Everywhere: Lessons Learned From Going Multi-Cloud - Niko Smeds, Grafana Labs | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Kubernetes Everywhere: Lessons Learned From Going Multi-Cloud - Niko Smeds, Grafana LabsMany companies are interested in deploying their products across multiple cloud providers, but few actually see it through. While benefits like avoiding provider lock-in and increased uptime during provider outages are attractive, several factors are important to consider. Grafana Labs successfully deployed across AWS, Azure, DigitalOcean, GCP, and Linode in more than 30 regions; that includes inter-cloud network connections. This talk will explore some of the large and subtle differences in networking and managed Kubernetes services between said providers. We’ll discuss the approaches we took while scaling our infrastructure across multiple environments, the challenges we faced, and what worked in the end. | https://www.youtube.com/watch?v=ZY5h8Atc14A | 2022-05-30T20:42:01Z |
| What Anime Taught Me About K8s Development & Tech Careers - Annie Talvasto, Camunda | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.What Anime Taught Me About K8s Development & Tech Careers - Annie Talvasto, CamundaFrom One piece and Naruto to Neon Genesis Evangelion and Dragon Ball, Japanese animation is a cultural phenomenon. This session will take you through both the landscape of anime and Kubernetes development, with helpful beginner tips to get you started on your cloud native journey. The session will also cover what the heroes of East blue and Planet 4032-877 can teach us about career development in the tech world. Importance of perseverance, inclusion & diversity as well as always having a snack at hand - come and learn how anime can boost your Kubernetes and tech career to the next level! | https://www.youtube.com/watch?v=XFkhulcRhCI | 2022-05-30T20:42:01Z |
| A Treasure Map of Hacking (and Defending) Kubernetes - Andrew Martin, ControlPlane | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.A Treasure Map of Hacking (and Defending) Kubernetes - Andrew Martin, ControlPlaneIn this ultimate guide to threat-driven defence, we threat model Kubernetes and detail how to attack and defend your precious clusters from nefarious adversaries. This broad and detailed appraisal of end-to-end cluster security teaches you how to defend against a range of historical and current CVEs, misconfigurations, and advanced attacks: - See the historical relevance of CVEs and demonstrations of attacks against your containers, pods, supply chain, network, storage, policy, and wider organisation - Understand when to use next-generation runtimes like gVisor, firecracker, and Kata Containers - Delve into workload identity and advanced runtime hardening - Consider the trust boundaries in soft- and hard-multitenant systems to appraise and limit the effects of compromise - Learn to navigate the choppy waters of advanced Kubernetes security. | https://www.youtube.com/watch?v=1HbwfpE4XKY | 2022-05-30T20:42:01Z |
| Lightning Talk: Secure Multi User HPC Jobs in Kubernetes with Kyverno - Trey Dockendorf | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Lightning Talk: Secure Multi User HPC Jobs in Kubernetes with Kyverno - Trey Dockendorf, Ohio Supercomputer CenterSites running traditional High Performance Computing workloads are more frequently also deploying Kubernetes for infrastructure. By leveraging the Kubernetes infrastructure, HPC centers can supplement their HPC batch environment with Kubernetes for some very specific use cases, such as interactive HPC jobs. This approach to securely using Kubernetes to support many user’s interactive workloads has been presented and well received at HPC conferences such as Supercomputing 2021. The Ohio Supercomputer Center is currently using Open OnDemand and Kubernetes to securely support virtual classrooms that require running RStudio Server and Jupyter. The benefits of multi-user Kubernetes workloads can also benefit sites who are not traditional HPC but maybe wanting to allow staff a secure place to run containers themselves without necessarily involving the team who maintains Kubernetes. | https://www.youtube.com/watch?v=MpbxRL8XPJ8 | 2022-05-30T20:42:01Z |
| Lightning Talk: Beginner to Maintainer Journey of a Student - Debabrata Panigrahi | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Lightning Talk: Beginner to Maintainer Journey of a Student - Debabrata Panigrahi, National Institute of Technology RourkelaThe session will highlight my learning as a student during the journey as a new contributor starting to contribute after attending a New Contributor Workshop during KCD Bengaluru to becoming an approver recently. I will share the nuances of working together in the community and will focus on areas that need a lot of contributors now especially with the "chop wood and carry water" kind of work that could be easily done by students. I will further focus on how various sigs runs mentoring cohort for contributors to grow up the contributing ladder and learn stuff necessary for taking leadership or helping the leadership, I have been part of such mentoring cohort under sig-contribex and now I'm a moderator of the k-dev mailing list. Also, I will try to focus on how new contributors loose interest while looking for good-first-issues, and I will try to emphasize the importance of regular sig meetings and discussions and help they have helped me to come up with solutions to help the project. | https://www.youtube.com/watch?v=WMO7EI8i3-Y | 2022-05-30T20:42:01Z |
| Lightning Talk: Locating and Debugging Failures with Linkerd... Alejandro Pedraza & Edidiong Asikpo | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Lightning Talk: Locating and Debugging Failures with Linkerd and Telepresence - Alejandro Pedraza, Buoyant & Edidiong Asikpo, Ambassador LabsCloud native applications that consist of many services running in K8s clusters can become hard to maintain and evolve. From our experience and what we see in the Kubernetes community Slack channels, when developers hit the tipping point of not being able to run all their services locally, they run into trouble. At this time, they suddenly realize they need new tooling and approaches for observing and debugging applications that will spread across their local dev machines and remote clusters. This presentation will show operators and developers how Linkerd and Telepresence offer a simple way to better observe and debug applications running in their clusters. Easy to follow and replicate (with sample code made available), users will be able to get results quickly, without disrupting their existing services architecture. | https://www.youtube.com/watch?v=E13a_CDGRV4 | 2022-05-30T20:42:01Z |
| Lightning Talk: Tell Your SD-WAN About Your Service Mesh External Services! - Alberto Rodriguez | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Lightning Talk: Tell Your SD-WAN About Your Service Mesh External Services! - Alberto Rodriguez, CiscoThis talk shows how with the right configuration and some open source, a Software-Defined Wide Area Network (SD-WAN) can automagically optimize the Egress traffic of a Service Mesh. Using the 'Cloud Native SD-WAN' open-source project, Egress configuration from Service Meshes can now be used to program SD-WAN optimizations towards remote external services.This leverages the 'SaaS optimization' feature offered by several SD-WAN solutions. SaaS optimization enhances connectivity towards SaaS applications (either public SaaS or user-defined remote applications) by constantly probing the remote application from different points of the SD-WAN network to continually compute the best path to reach it.On the Service Mesh side, Egress configurations are used to learn which external services should be probed (and how) to get their traffic optimized. What is typically used to enforce security policies (e.g. allow/deny) can be transposed into traffic engineering optimizations on the SD-WAN. | https://www.youtube.com/watch?v=c1R3RS29x30 | 2022-05-30T20:42:01Z |
| Lightning Talk: Scaling Container Builds with Software Supply Chains - Duane DeCapite, VMware | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Lightning Talk: Scaling Container Builds with Software Supply Chains - Duane DeCapite, VMwareThis lightning talk will summarize how the open source Buildpacks, flux and Cartographer projects can automate the software supply chain and help to address container builds at scale while minimizing the burden on developers. | https://www.youtube.com/watch?v=BKegE2VQhnU | 2022-05-30T20:42:01Z |
| Lightning Talk: What Made Your Container Fat? Visualizing the Size of Container Layers - Dan Čermák | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Lightning Talk: What Made Your Container Fat? Visualizing the Size of Container Layers - Dan Čermák, SUSEThe analysis of container images is becoming increasingly important to deliver a high quality product. We have found it rather challenging to continously monitor the size of our container images that we were producing and existing tools were not focused on data visualization, which we wanted initially. The presented tool was born out of this necessity: it has a very simple user interface, requires no installation (it can be hosted on a server somewhere else) and features sunburst graphs showing the file system usage. This allows everyone to easily check which layer is where responsible for the overall image's size. | https://www.youtube.com/watch?v=WpGmbJWr19E | 2022-05-30T20:42:01Z |
| Lightning Talk: What I’ve Learned by Running Local CNCF Chapter Cloud-native Islamabad - Saim Safdar | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Lightning Talk: What I’ve Learned by Running Local CNCF Chapter Cloud-native Islamabad - Saim Safdar, Neomeric DigitalsI struggled a lot when I started learning about cloud-native technologies because not many people around me were also talking about k8s or other cloud-native things. I always felt shy asking people for help when I got stuck with cloud-native tooling. However, I’ve found that many people are experiencing the same even though opensource is all about engaging with others, helping others and collaborative knowledge, and collaborative power of mind and energy. I want to share how I overcome this challenge of talking about cloud-native language in public while building out my local community. Attendees will walk away from this talk having learned the easy way of learning Kubernetes, how to build out local their own CNCF chapters, how this will help overcome the shyness of asking people for help in public, how to create empathy within the community, how to talk about open-source publicly, and how to start contributing to a worldwide community. | https://www.youtube.com/watch?v=ZB09VhIK57E | 2022-05-30T20:42:01Z |
| Lightning Talk: Introducing O-Cloud, or How 5G Leverages Kubernetes - Nikolay Nikolaev | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Lightning Talk: Introducing O-Cloud, or How 5G Leverages Kubernetes - Nikolay Nikolaev, Juniper NetworksRaise the awareness of the applications of the Cloud Native technologies in the modern generations of the Radio Access Network. Share the approach that the O-RAN Alliance is taking to solve the high demands towards the platform that handles the critical workloads with significant impact to their business and our daily live. | https://www.youtube.com/watch?v=VLQJ_Awp2x0 | 2022-05-30T20:42:01Z |
| Lightning Talk: Thank you Keptn Obvious! Making SLOs observable with Prometheus a... Andreas Grabner | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Lightning Talk: Thank you Keptn Obvious! Making SLOs observable with Prometheus and Keptn - Andreas Grabner, DynatraceThis talk shows how to not only collect metrics and provide application monitoring using Prometheus, but to also make them visible as SLOs and then act on them in a fully automated and cloud native way. | https://www.youtube.com/watch?v=5NDozsGMWIg | 2022-05-30T20:42:01Z |
| Lightning Talk: Whyhappn Instead of Whodunnit: Avoiding the Term “Human Error” - Silvia Pina | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Lightning Talk: Whyhappn Instead of Whodunnit: Avoiding the Term “Human Error” - Silvia Pina, IndependentOne of the keys to achieving reliable and secure systems is psychological safety, and this comes from having a truly blameless culture. In the past, I have encountered the term "human error" as the outcome of a "root cause analysis" process, and advocated within the company I was working for against its usage. This is the main motivator for proposing this talk. I would like also to gather some insights, from a systems thinking and organisational psychology standpoint, on how highly resilient organisations in different domains handle the human component of failures, as I think it is useful to have this perspective. | https://www.youtube.com/watch?v=Tocs7J2Hoiw | 2022-05-30T20:42:01Z |
| A Guided Tour of Cilium Service Mesh - Liz Rice, Isovalent | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.A Guided Tour of Cilium Service Mesh - Liz Rice, IsovalentThe Cilium project is adding Service Mesh features to its existing eBPF-enabled, identity-aware Kubernetes networking capabilities. This demo-driven talk explores how this works, and shows why it’s now possible to create a service mesh without sidecars. - Demonstrate why, before eBPF, the sidecar model was necessary for accessing an application pod’s network traffic - Explore how Cilium uses eBPF programs to connect Kubernetes endpoints - Show how this makes the sidecar model unnecessary for identity-aware connectivity - Demonstrate an example Cilium Service Mesh in use - Compare the resources used (in both userspace and the kernel) for both models Along the way, this talk will clarify some container and kernel concepts so that attendees can leave with a mental model of how eBPF-enabled service mesh really works. | https://www.youtube.com/watch?v=e10kDBEsZw4 | 2022-05-30T20:42:01Z |
| Simplifying Service Mesh Operations with Flux and Flagger - Mitch Connors & Stefan Prodan | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Simplifying Service Mesh Operations with Flux and Flagger - Mitch Connors, Google & Stefan Prodan, WeaveworksDistributed Proxies have opened the floodgates for Service Meshes to provide substantial value at the Application Networking Layer, but early adopters of Service Meshes are often overwhelmed by operational complexities. How do you ensure that the proxy is distributed everywhere your software runs? How do you safely upgrade or roll back all those proxies? How can you ensure that your network config is correct - without pushing it to production and risking an outage? Following the GitOps Principles is key to simplifying Service Mesh Operations. Defining the entire service mesh declaratively - be it installation, proxy injection, or configuration - provides a mechanism to safely manage the complexities of a service mesh. Continuously reconciling declarative config with the latest service mesh release keeps you from being caught off-guard by CVEs. Progressive Delivery tools enable seamless movement from one version of a service mesh to another - and back - with minimal impact to traffic. | https://www.youtube.com/watch?v=1rJYsdLgJGA | 2022-05-30T20:42:01Z |
| Linkerd End User Panel: Case Studies from Production | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Linkerd End User Panel: Case Studies from Production - Catherine Paganini, Buoyant; Kasper Nissen, Lunar; Fredrik Klingenberg, Aurum AS; Eli Goldberg, Salt Security; Christian Hüning, Finleap ConnectPaganini, Eli GoldbergIn this panel, you'll hear from end users across a variety of industries on how they use the Linkerd service mesh in real-world production scenarios. Use cases range from applying mutual TLS to encrypt and secure all service-to-service communication, load balancing gRPC requests, and troubleshooting services before they're pushed to production. Panelists represent a variety of companies with very different environments, goals, and priorities, and discussion will be focused on real-world outcomes. | https://www.youtube.com/watch?v=_DbZ6SFdY1g | 2022-05-30T20:42:01Z |
| Kubernetes Networking 101 - Randy Abernethy, RX-M LLC | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Kubernetes Networking 101 - Randy Abernethy, RX-M LLCKubernetes Networking 101 will introduce attendees to the world of network communications in a hands on Cloud Native setting. This talk delivers a high level but completely practical end to end look at service communications within and without a Kubernetes cluster. Attendees will see how the many facets of Kubernetes networking come together to enable powerful communications solutions first hand. The tutorial begins with the simplest types of service communications, using Kubernetes services, DNS (CoreDNS) and CNI plugins (Cilium) to facilitate interprocess communications and load balancing. The tutorial builds additional scenarios on this base, including ingress (Emissary/Envoy), NodePort / HostPort features, load balancing (Metal-lb) and finally a short look at service mesh functionality (Linkerd). Upon completion of this tutorial, attendees will have a clear understanding of the Kubernetes communications possibilities and pointers to next steps in the learning journey. | https://www.youtube.com/watch?v=cUGXu2tiZMc | 2022-05-30T20:42:01Z |
| PolicyReport CRD: Manage Admission Control, Runtime, and Scan Reports! | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.PolicyReport CRD: Manage Admission Control, Runtime, and Scan Reports! - Anushka Mittal & Mritunjay Sharma, Nirmata; Frank Jogeleit, Lovoo GmbH; Stephen AdeniyiPolicies help secure and automate Kubernetes. To standardize and simplify the management of policy reports across multiple tools, the Kubernetes Policy WG created a reusable PolicyReport Custom Resource Definition (CRD). In this session, Anushka, Mritunjay, and Stephen who are all LFX mentorship graduates will discuss the PolicyReport CRD and demonstrate adapters for policy and verification engines like Falco, kube-bench, KubeArmor, Kyverno, and Trivy to produce standardized policy reports. Frank will then present Policy Reporter, a Web UI with dashboards for policy reporting and integrations with Slack, Discord, Grafana, Teams, and Elasticsearch. You will learn how to easily manage policy results across admission controls, runtime, and vulnerability scanning leveraging the powerful CRD capabilities of Kubernetes. | https://www.youtube.com/watch?v=tG-YLGF9_Aw | 2022-05-30T20:42:01Z |
| SPIRE: Intro & Deep Dive Into Windows Support - Agustín Martínez Fayó & Marcos Yacob | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.SPIRE: Intro & Deep Dive Into Windows Support - Agustín Martínez Fayó & Marcos Yacob, Hewlett Packard EnterpriseJoin this session for an introduction of the SPIRE project and deep dive into the new Windows support. SPIRE (the SPIFFE Runtime Environment) implements the SPIFFE standards to securely identify software systems in dynamic and heterogeneous environments. This session provides a high level overview of the basic concepts behind SPIRE and why you should consider it if you find issuing workload identities at scale challenging for you. This talk will also give a deep dive into the Windows support that is being introduced in SPIRE, offering detailed information about the implementation details, what is the difference between running SPIRE on Windows and Linux platforms, and how will be the experience from both a user and developer perspective. | https://www.youtube.com/watch?v=pcyOnX08jHs | 2022-05-30T20:42:01Z |
| Removing Language Barriers for Spanish-speaking Professionals - Rael Garcia Arnés & Victor Morales | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Removing Language Barriers for Spanish-speaking Professionals - Rael Garcia Arnés, Red Hat & Victor Morales, Samsung ElectronicsIn 2020 the Apache Software Foundation Community published a survey[1] which suggests that language can be one of the major barriers to contribute to any open source project. According to some estimates[2] in Latin America, open source technologies will grow five times in the coming years. Talented professionals, students and enthusiasts demand access to documentation written in their own language. That's why the Spanish documentation team has been participating in different initiatives to help others to contribute into the translation process. During this session, it's going to be shared what the Kubernetes Spanish documentation team has been accomplished and walkthrough the process to translate and contribute to the CNCF documentation. The prime audience for this sessions are spanish-speaking professionals and enthusiasts willing to participate in improving the CNCF documentation. They will understand the workflow to submit documentation changes and help to participate in the localization process. [1] https://cwiki.apache.org/confluence/download/attachments/158865837/The%202020%20ASF%20Community%20Survey%20-%20Readout%20%281%29.pdf?api=v2 [2] http://www.latinamerica.tech/2019/11/12/latins-contribute-little-to-open-source-software/ | https://www.youtube.com/watch?v=PhENoqEyowQ | 2022-05-30T20:42:01Z |
| Intro + Deep Dive: SIG Scalability - Marcel Zięba & Wojciech Tyczyński, Google | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Intro + Deep Dive: SIG Scalability - Marcel Zięba & Wojciech Tyczyński, GoogleThis session will focus on the different efforts that SIG Scalability is involved in: defining what scalability means for Kubernetes, driving performance improvements, maintaining infrastructure for scalability testing, guarding Kubernetes against performance regressions. Time for Q&A will be reserved at the end of the session to understand how the SIG can better engage with the community as well as to allow the audience to provide the input about the roadmap. | https://www.youtube.com/watch?v=VTFmsD9odZ4 | 2022-05-30T20:42:01Z |
| Keynote: The Cloud Native Chasm - Emily Fox, Security Engineer, Apple | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Keynote: The Cloud Native Chasm - Emily Fox, Security Engineer, AppleThey jumped, they leapt, they soared - and graduated. Cloud native projects each have their own path for crossing the chasm. Some projects front load - they spend a lot of time going over every detail, building governance and technical strategy while others run and jump, catching their breath on the other side to regain composure, build endurance, and continue moving forward. But for some projects, they’re still on the precipice, staring wistfully at the other edge, yearning to get there. There is no road to drive down, and no bridge to cross. In this talk, we’ll explore what it means to build that bridge, add side rails, and enable other projects continue improving that bridge, bringing everyone forward together. | https://www.youtube.com/watch?v=XTC9YRumGRg | 2022-05-30T20:42:01Z |
| Keynote: Closing Remarks Day 3 - Jasmine James, Ricardo Rocha, Emily Fox | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Keynote: Closing Remarks Day 3 - Jasmine James, Senior Engineering Manager-Developer Experience; Ricardo Rocha, Computing Engineer, CERN; Emily Fox, Security Engineer, Apple | https://www.youtube.com/watch?v=gk4HXaVdzMw | 2022-05-30T20:42:01Z |
| End User Awards | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.End User Awards | https://www.youtube.com/watch?v=9GIQyQjs36o | 2022-05-30T20:42:01Z |
| Keynote: Exploring the Frontiers of Cloud Native - Bryan Che, Chief Strategy Officer, Huawei | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Keynote: Exploring the Frontiers of Cloud Native - Bryan Che, Chief Strategy Officer, HuaweiCloud native technologies and adoption have certainly come a long way since the early days of small-cluster Kubernetes and containers. But, there are still so many exciting frontiers for cloud native to explore. At Huawei, we have been working to push cloud native deployments into the depths of even outer space, to wider scales than ever before, and to higher-level workloads such as AI and machine learning. And, we have been working together with others to broaden the cloud native community. | https://www.youtube.com/watch?v=gKdN0VbCQ7M | 2022-05-30T20:42:01Z |
| Keynote: Push It to the Limit: From Canary Deployments to Canary Clusters - Henrik Høegh, Lunar | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Keynote: Push It to the Limit: From Canary Deployments to Canary Clusters - Henrik Høegh, Platform Engineer, LunarAt Lunar bank we had a good problem, our customers rely on us to move quickly and provide new features and to do so in a highly reliable manner. To meet their needs we set out on a journey to move from canary deployments, where we could test new features in a safe fashion, to canary clusters. We envisioned a world where our production clusters were truly disposable and after 3 years we finally achieved that goal. In this session we will share how we did it, and how you can too. Today any engineer at Lunar bank can fail over the entire platform in 40 minutes. By deeply integrating with our infrastructure provider, writing some new custom operators, and moving most state out of the cluster Lunar is in a position to make disaster recovery a day to day operation. Listen as Henrik shares the successes, key learnings, and challenges we faced along the way. | https://www.youtube.com/watch?v=NpdHcrakhmo | 2022-05-30T20:42:01Z |
| Keynote: CNCF Project Updates - Jasmine James, Ricardo Rocha, Emily Fox | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Keynote: CNCF Project Updates - Jasmine James, Senior Engineering Manager-Developer Experience; Ricardo Rocha, Computing Engineer, CERN; Emily Fox, Security Engineer, Apple | https://www.youtube.com/watch?v=ON-_2T5Ix2c | 2022-05-30T20:42:01Z |
| Keynote: How Developers Help Scale Kubernetes Security - Connor Gorman, Red Hat | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Keynote: How Developers Help Scale Kubernetes Security - Connor Gorman, Senior Principal Software Engineer, Red HatProperly securing applications deployed onto Kubernetes is a shared responsibility. Security teams define organizational policies that improve security posture while developers implement those policies through good security practices, keeping images up to date with the latest vulnerability fixes and configurations that follow the principle of least privilege. The declarative nature of Kubernetes allows security to be deeply integrated into development workflows. This integration empowers developers to be security stakeholders and scales the remediation of security issues. In this session, we’ll explore concrete ways and best practices for integrating security into both CI (Continuous Integration) and CD (Continuous Deployment). | https://www.youtube.com/watch?v=zxPYK6O2sg0 | 2022-05-30T20:42:01Z |
| Keynote: Supporting the Community – So Open Source Projects Can Grow and Thrive - Le Tran | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Keynote: Supporting the Community – So Open Source Projects Can Grow and Thrive - Le Tran, Member of Technical Staff, Kasten by VeeamModern software is built on open source projects, and in turn, the success of any open source project hinges on its community members and their contributions. So how do we create communities with active contributors and ensure our open source projects benefit from their innovative ideas? At Kasten by Veeam, we are working to build an open source community whose members contribute often, and in meaningful ways to our open source cloud native projects. During this session, a member of the technical staff from Kasten, Le Tran will share some insights on our journey to build an open source community, including the benefits and challenges that come with creating a contributing culture in an organization. | https://www.youtube.com/watch?v=oXJUiMnjd8U | 2022-05-30T20:42:01Z |
| Keynote: Nurturing The Whole Project - Josh Berkus, Red Hat & Catherine Paganini, Buoyant | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Keynote: Nurturing The Whole Project - Josh Berkus, Community Architect, Red Hat & Catherine Paganini, Head of Marketing & Community, BuoyantYour code is reviewed, docs are being written, and the CNCF is hosting an event for you. What else does an open source project need?As it turns out, a lot. You need to deliberately create a welcoming community, publicize your project, manage contributors' expectations, motivate them to take on more responsibility, develop project policies and processes, and more. With so many things to tackle, it can feel overwhelming. Fortunately, lots of people have done this before — and the CNCF and TAG Contributor Strategy are here to help. | https://www.youtube.com/watch?v=WnOKjfe3TUM | 2022-05-30T20:42:25Z |
| Keynote: Opening Remarks Day 3 - Jasmine James, Ricardo Rocha, Emily Fox | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Keynote: Opening Remarks - Jasmine James, Senior Engineering Manager-Developer Experience; Ricardo Rocha, Computing Engineer, CERN; Emily Fox, Security Engineer, Apple | https://www.youtube.com/watch?v=y2id9ceqzis | 2022-05-30T20:42:25Z |
| Keynote: Closing Remarks Day 2 - Jasmine James, Ricardo Rocha, Emily Fox | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Keynote: Closing Remarks Day 2 - Jasmine James, Senior Engineering Manager-Developer Experience; Ricardo Rocha, Computing Engineer, CERN; Emily Fox, Security Engineer, Apple | https://www.youtube.com/watch?v=9Uv-DGM--VY | 2022-05-30T20:42:25Z |
| Keynote: PlatformOps: It’s all about Developer Experience - Ben Hale, Technical Lead, VMware Tanzu | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Keynote: PlatformOps: It’s all about Developer Experience - Ben Hale, Technical Lead, VMware TanzuKubernetes has reached mainstream adoption, with 5.6 million developers using it worldwide. But, organizations are still challenged to make developers productive using Kubernetes. PlatformOps teams are now being asked to build, run, and manage platforms that lead with developer experience.This requires embracing a PlatformOps philosophy that treats developers as customers while meeting their organization’s policies. VMware understands this transition building on 20 years of stewarding the most popular Java framework, Spring, which fundamentally changed the enterprise Java landscape on the back of a superior developer experience. That history allows us to identify patterns and attributes that we believe are critical to delivering a better cloud native developer experience on Kubernetes.In this talk we’ll focus on three things PlatformOps teams should focus on: Reducing complexity without sacrificing flexibility Shifting outcomes left without shifting the burden left Ensuring consistency and security without giving up agilityJoin Ben Hale, VMware Senior Staff Engineer and Technical Lead for VMware Tanzu® developer experience, as he shares the core values of a great developer experience on Kubernetes based on his multi-decade career building application development tools and working with one of today’s most thriving open source developer communities, Spring. | https://www.youtube.com/watch?v=5QsnUnlMyA8 | 2022-05-30T20:42:25Z |
| Keynote: Building Bridges: Cloud Native and High Performance Computing - Ricardo Rocha | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Keynote: Building Bridges: Cloud Native and High Performance Computing - Ricardo Rocha, Computing Engineer, CERNKubernetes and Cloud Native have taken over the modern IT deployments, but challenges remain in areas where its impact can still be much larger. The world of High Performance Computing (HPC), often air-gapped, tightly secured and with strong requirements regarding resource sharing for compute intensive workloads has yet to see its needs fully accomplished. This session will cover recent work where the last bits of the bridge are being finished. | https://www.youtube.com/watch?v=M95AQi1wA_s | 2022-05-30T20:42:25Z |
| Keynote: Landscape Sustainability: The Pillars of Cloud Native Gro... Dave Zolotusky & Katie Gamanji | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Keynote: Landscape Sustainability: The Pillars of Cloud Native Growth - Dave Zolotusky, Software Engineer, Spotify & Katie Gamanji, Senior Kubernetes Field Engineer, AppleThe CNCF ecosystem provides a vendor-neutral space for contributors and adopters to share their technical advancements, and cross-check innovation strategies while seeking guidance on emerging technologies. The TOC members steer the evolution of the CNCF landscape, prompting the growth of the adopter base and the number of use cases where cloud native technology can be applied. Organic adoption and development of new tools created the ecosystem and community as we know it today. However, to continue our growth, we need to identify the sustainability pillars of our community.This keynote will feature updates on TOC strategy and core pillars that define the future of the CNCF landscape in a scalable and sustainable manner. It will highlight the latest impactful projects and initiatives that drive the ubiquity of the cloud native. | https://www.youtube.com/watch?v=YWZsXdAXFO8 | 2022-05-30T20:42:25Z |
| Keynote: THE API IS PEOPLE! - Stephen Augustus, Head of Open Source, Cisco | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Keynote: THE API IS PEOPLE! - Stephen Augustus, Head of Open Source, CiscoWe spend a lot of time talking about building systems and not nearly enough time talking about building the communities that support those systems.Whether you're just getting started in the cloud native community or a long time member, there are countless opportunities to learn, contribute, and collaborate!Join Stephen Augustus, Head of Open Source at Cisco on a journey to better understand the interconnectedness of various foundations within the Linux Foundation umbrella, critical efforts that need your valuable support, and some quick tips on efficiently solution-building across multiple communities. | https://www.youtube.com/watch?v=d1XrshrkMfg | 2022-05-30T20:42:25Z |
| Keynote: Securing Shopify's Software Supply Chain - Shane Lawrence, Shopify | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Keynote: Securing Shopify's Software Supply Chain - Shane Lawrence, Staff Infrastructure Security Engineer, ShopifyRecent compromises of Codecov and Solar Winds have put a spotlight on software supply chain attacks, but this focus has led to new innovations for solving an old problem. In this talk, we'll discuss lessons that Shopify has learned in protecting millions of businesses and demonstrate these techniques using open source software. We'll look at how traditional defensive techniques can be applied in the cloud, how voucher and grafeas implementations can give you control over the software that runs in your clusters, and how the SLSA framework can guide you toward establishing trust in your software. We'll also look at how Falco can be used to detect malicious behaviour or indicators that your supply chain has been compromised. Attendees can expect to learn how to apply specific techniques for mitigating supply chain attacks. | https://www.youtube.com/watch?v=yuDMsB0jsdE | 2022-05-30T20:42:25Z |
| Keynote: Kubernetes Project Updates - Jasmine James, Ricardo Rocha, Emily Fox | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Keynote: Kubernetes Project Updates - Jasmine James, Senior Engineering Manager-Developer Experience; Ricardo Rocha, Computing Engineer, CERN; Emily Fox, Security Engineer, Apple | https://www.youtube.com/watch?v=Ar4CgGHhpls | 2022-05-30T20:42:25Z |
| Keynote: Closing Remarks Day 1 - Jasmine James, Ricardo Rocha, Emily Fox | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Keynote: Closing Remarks Day 1 - Jasmine James, Senior Engineering Manager-Developer Experience; Ricardo Rocha, Computing Engineer, CERN; Emily Fox, Security Engineer, Apple | https://www.youtube.com/watch?v=_1dB_1FwkJE | 2022-05-30T20:42:25Z |
| Keynote: Supporting the Community – So Open Source Projects Can Grow and Thrive - Le Tran | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Keynote: Supporting the Community – So Open Source Projects Can Grow and Thrive - Le Tran, Member of Technical Staff, Kasten by VeeamModern software is built on open source projects, and in turn, the success of any open source project hinges on its community members and their contributions. So how do we create communities with active contributors and ensure our open source projects benefit from their innovative ideas? At Kasten by Veeam, we are working to build an open source community whose members contribute often, and in meaningful ways to our open source cloud native projects. During this session, a member of the technical staff from Kasten, Le Tran will share some insights on our journey to build an open source community, including the benefits and challenges that come with creating a contributing culture in an organization. | https://www.youtube.com/watch?v=ygay5V_383I | 2022-05-30T20:42:25Z |
| Keynote: Incremental Deep Learning For Satellite with KubeEdge... Xiaoman Hu, Zhipeng Huang, Yue Bao | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Keynote: Incremental Deep Learning For Satellite with KubeEdge and MindSpore - Xiaoman Hu, Community Operation Director; Zhipeng Huang, Director of AI Open Source; Yue Bao, Software Engineer, HuaweiLow Earth Orbit (LEO) has become a hot topic in recent years and KubeEdge has managed to bring the cloud native to the space. With several small research satellite equipped with KubeEdge, edge computing with AI was experimented at the furthest frontier. In this talk we will present how we combine KubeEdge Sedna, the cloud native edge machine learning suite, with TinyMS which is a high level API toolkit for MindSpore deep learning framework, to enable incremental learning at the satellite to accomplish tasks like remote sensing and earth observing. We will also discuss how utilize TinyMS that KubeEdge Sedna's semantics could be integrated as an integral part of AI framework. | https://www.youtube.com/watch?v=Yk6wRsckroA | 2022-05-30T20:42:25Z |
| Keynote: Finding Your Power to Accelerate to a Sustainable Future - Kate Mulhall & Emma Collins | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Keynote: Finding Your Power to Accelerate to a Sustainable Future - Kate Mulhall, Senior Cloud Software Engineering Manager & Emma Collins, Product Manager for Observability and Power Management, IntelAccelerated digital transformation and increasing data volumes reinforce the need for data center energy efficiency. From power-aware hardware, better workload design, and smart orchestration, we can reduce energy consumption and lower our carbon footprint. There is a need to accommodate a variety of workloads across domains such as finance, health care, telecommunications, and scientific computing, where connectivity, data gathering, machine learning, and data analytics play a significant role. Optimizations can be made across compute, networking, and storage. Intel, along with the cloud native community, has been working on aligning platforms and technologies to achieve better resource utilization through innovations and tooling for observability, orchestration, and management. Come learn more about these energy sustainability efforts, where to find us in the community, and how to engage to achieve a greener future. | https://www.youtube.com/watch?v=zTEN9d1Bxa8 | 2022-05-30T20:42:25Z |
| Keynote: 7 Years of Running Kubernetes for Mercedes-Benz - Jens Erat, Peter Mueller, Sabine Wolz | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Keynote: 7 Years of Running Kubernetes for Mercedes-Benz - Jens Erat, DevOps Engineer; Peter Mueller, Lead Expert; Sabine Wolz, Product Owner, Mercedes-Benz Tech InnovationYears ago, software engineers faced hard times at Mercedes-Benz: spreadsheet operations, manual processes, grown infrastructure and strict governance. A grassroots initiative of engineers accepted the challenge to change the game – and their silver bullet was Kubernetes. Join us on our journey from introducing Kubernetes 0.9 on managed servers to an on-premises self-service cloud platform with close to 1000 clusters on Cluster API. You will learn about our stake transforming a data center with a young team that mostly did not know enterprise processes before. We describe how mixing naive visions and a strong believe in open source with lots of resilience made the project a success. | https://www.youtube.com/watch?v=UmbjwSK9b3I | 2022-05-30T20:42:25Z |
| Crossplane Intro & Deep Dive - Compose Your Custom Cloud Platform | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Crossplane Intro & Deep Dive - Compose Your Custom Cloud Platform - Jared Watts, Steven Borreli & Yury Tsarev, Upbound; Christopher Haar, DKB AGThe maintainers of Crossplane, a CNCF Incubating project, will lead this session that will introduce the project to new attendees, as well as dive into the finer details of Crossplane’s functionality and roadmap. We will explain how Crossplane enables you to compose cloud infrastructure and services into your custom platform APIs, and how best to get started building a platform of your own. We will take a tour through the key features included in the latest releases, what problems and use cases they are solving, and how you can adopt them into your control planes. Finally, there will be an interactive opportunity to engage with the maintainers, ask questions, and influence the future of the project direction. | https://www.youtube.com/watch?v=xECc7XlD5kY | 2022-05-30T20:42:25Z |
| CoreDNS: Intro and Deep Dive - John Belamaric, Google & Yong Tang, Ivanti, Inc | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.CoreDNS: Intro and Deep Dive - John Belamaric, Google & Yong Tang, Ivanti, IncCome to learn about CoreDNS and the latest updates to the project and roadmap. Stay to learn about how to write your own CoreDNS plugin! | https://www.youtube.com/watch?v=rNlSgYZoIYs | 2022-05-30T20:42:25Z |
| Contour Ingress Intro and Deep Dive - Nick Young, Orlin Vasilev & Nigel Brown, VMware | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Contour Ingress Intro and Deep Dive - Nick Young, Orlin Vasilev & Nigel Brown, VMwareContour, a CNCF incubating project, is a high performance ingress and load balancer solution for Kubernetes. Contour offers a richer feature set than some common alternatives while maintaining a lightweight profile. At its core, Contour is providing a control plane for the Envoy edge and service proxy. This session will show you how to leverage Contour and Envoy for Kubernetes workloads in a multi-tenant environment as well as include a demo of recent Contour features. We will also focus on the project roadmap including enhanced support for Gateway API, the Contour Operator for enhanced lifecycle management, distributed tracing support, and much more. | https://www.youtube.com/watch?v=nSc0te3QQ0o | 2022-05-30T20:42:25Z |
| CNCF TAG-Runtime: Cloud Native Open... Alex Scammon, Zbynek Roubalik, Ricardo Aravena, Samuel Ortiz | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.CNCF TAG-Runtime: Cloud Native Open Source Core Components - Alex Scammon, G-Research; Zbynek Roubalik, Red Hat; Ricardo Aravena, Rakuten; Samuel Ortiz, AppleLearn about the CNCF open source projects that allow users to run cloud native workloads! This session will cover: 1) Overview of the TAG-Runtime, how to join, and how to get involved. 2) Update of working groups (new, existing, and potential) within the scope of the TAG . 3) How the TAG provides advise to the CNCF TOC. 4) Future trends for cloud native runtime technologies in the TAG scope such as containers, Virtual Machines, Edge/MLOps and WebAssembly. | https://www.youtube.com/watch?v=aKEFMrp1GJ0 | 2022-05-30T20:42:25Z |
| Cloud Native Storage: The CNCF Storage TAG, Projects... Alex Chircop, Xing Yang, Raffaele Spazzoli | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Cloud Native Storage: The CNCF Storage TAG, Projects, Technology & Landscape - Alex Chircop, Ondat; Xing Yang, VMware; Raffaele Spazzoli, RedHatThis talk will introduce the CNCF Storage TAG and discuss how the TAG operates, how we work with CNCF Storage projects, and the work we have done to build guidance and write whitepapers for the ecosystem. During this session we will cover an overview of storage projects in the CNCF, including the broader ecosystem, as well as projects that are currently being reviewed. We will also share updates of our latest work including the CNCF Storage Whitepaper, Performance and Benchmarking whitepaper and the Cloud Native Disaster Recovery whitepaper. Join us to find out how to contribute and participate in the CNCF storage community and discover practical guidance on how to use cloud native storage in your environments. | https://www.youtube.com/watch?v=lqDaOxGHbPM | 2022-05-30T20:42:25Z |
| Updates from The Update Framework - Lukas Pühringer, NYU & Jussi Kukkonen, VMware | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Updates from The Update Framework - Lukas Pühringer, NYU & Jussi Kukkonen, VMwareThe Update Framework (TUF) is a framework for secure content delivery and updates. It protects against various types of supply chain attacks, and, in contrast to many other systems, provides resilience to compromise. In this talk Jussi and Lukas, both maintainers of the TUF reference implementation and core contributors to the TUF specification, will show why content delivery is such a crucial part of the supply chain, how TUF can be used to protect it, and where TUF is already used in practice. They will talk about how the TUF ecosystem is evolving: what is happening within the various sub projects and how some well-known adoptions and integration projects are proceeding. Finally, some interesting future developments are discussed. | https://www.youtube.com/watch?v=dCEUujPAIjM | 2022-05-30T20:42:25Z |
| Staring Into the Abyss with the Security Technical Advisory Group - Andres Vega & Brandon Lum | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Staring Into the Abyss with the Security Technical Advisory Group - Andres Vega, VMware & Brandon Lum, GoogleThe CNCF Security Technical Advisory Group provides analysis and helps guide the community at large on the most appropriate security mechanisms, architectures, design patterns, and tooling. This presentation covers an introduction to the Security TAG, their charter and scope, and highlights on several efforts the TAG has undertaken (completed and in progress) with their community impact such as the Security Reviews, Supply Chain Security Paper, Security Pals, and so much more. This session is for anyone interested in cloud native security, and wishes to understand how to get involved. | https://www.youtube.com/watch?v=p_yzWGcKCQA | 2022-05-30T20:42:25Z |
| Overview and State of Linkerd - Matei David, Buoyant, Inc. | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Overview and State of Linkerd - Matei David, Buoyant, Inc.In this talk, maintainers from the Linkerd project will present an overview of the project and an update on upcoming releases. They’ll cover what Linkerd is and how it compares to other service meshes; what the latest features and functionality are; what to expect in upcoming releases; and how you can get involved in one of the CNCF’s most talked-about projects. This talk will cover Linkerd’s recently-introduced policy, circuit breaking, and header-based routing features. | https://www.youtube.com/watch?v=9ksMUVhSW_k | 2022-05-30T20:42:25Z |
| Optimize Kubernetes on vSphere with Event-Driven Automation - Steven Wong & Michael Gasch, VMware | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Optimize Kubernetes on vSphere with Event-Driven Automation - Steven Wong & Michael Gasch, VMwareKubernetes abstracts out differences across hosting infrastructure, but there are cases when integrated monitoring across the layers of storage, compute, etc, are essential. When faults or reconfiguration happen, manual monitoring, diagnosis and remediation can be slow, costly, and error prone. The VMware Event Broker Appliance is an open-source project, usable with Cloud Events and Knative to optimize availability, auditing, compliance, etc. based on vSphere events. We'll cover popular use cases and how to get started. The K8s VMware User Group shares best practices for hosting K8s on VMware infrastructure, and we will close the session with details on how you can participate in the group. | https://www.youtube.com/watch?v=NJYBwJemdoY | 2022-05-30T20:42:25Z |
| SIG Architecture Intro and Update - Davanum Srinivas, VMware & John Belamaric, Google | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.SIG Architecture Intro and Update - Davanum Srinivas, VMware & John Belamaric, GoogleSIG Architecture maintains and evolves the design principles of Kubernetes, and provides a consistent body of expertise necessary to ensure architectural consistency over time. The SIG takes care of evolution of conformance definitions, API definitions/conventions, deprecation policy, design principles, and other cross-cutting concerns. In this talk, we will provide an introduction to SIG architecture, including its role and the various subprojects that support its activities. Additionally, we will provide a community update on the status of those efforts. | https://www.youtube.com/watch?v=jrQQuKSb7P8 | 2022-05-30T20:42:25Z |
| Kubernetes SIG Apps Updates - Maciej Szulik, Red Hat; Janet Kuo, Google; Kenneth Owens, Brex | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Kubernetes SIG Apps Updates - Maciej Szulik, Red Hat; Janet Kuo, Google; Kenneth Owens, BrexSIG Apps is the special interest group covering deploying and operating applications in Kubernetes with a focus on the application developer and application operator experience. In this session the SIG Apps leads will provide an overview of what we’ve accomplished over the past year, including API promotions, controller improvements, leadership changes, subprojects status etc. They will also share the work that is being planned for the upcoming releases. The session will conclude with an open discussion and Q&A. | https://www.youtube.com/watch?v=JAUIUNhYZWg | 2022-05-30T20:42:25Z |
| SIG Security Update: We Lift Tog... Tabitha Sable, Pushkar Joglekar, Rey Lejano, Savitha Raghunathan | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.SIG Security Update: We Lift Together - Tabitha Sable, Datadog; Pushkar Joglekar, VMware; Rey Lejano, SUSE; Savitha Raghunathan, Red HatSIG Security takes a community-building approach to improving Kubernetes security, both for the project itself and our end users. Join organizers Pushkar, Rey, Savitha, and Tabitha for an overview of how we make space for security collaboration to thrive. We'll share timely updates from our tooling and third-party audit subgroups and information about guided security self-assessments for Kubernetes subprojects. In closing, a deep-dive into our efforts to improve security documentation through blogs, tutorials, whitepapers, and goose honking! You'll learn what's been going on, what’s next, and how you could join in, regardless of your experience from beginner to expert. We hope to see you there! | https://www.youtube.com/watch?v=ow2SkmWxLmU | 2022-05-30T20:42:25Z |
| Three Surprising K8s Networking “Features” and How to Defend Against Them - James Cleverley-Prance | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Three Surprising K8s Networking “Features” and How to Defend Against Them - James Cleverley-Prance, ControlPlaneKubernetes' networking model simplifies the user experience, but abstractions can introduce and hide complexity under the hood. This talk challenges perceived trust boundaries in Kubernetes networking and demonstrates some non-obvious and counter-intuitive behaviours. Left unchecked, these issues can mean Kubernetes clusters present a wider attack surface than may be immediately evident. The talk will cover: * The external attack surface of a Kubernetes node * Enumerating externally available cluster information * Exploiting Linux networking to access internal pods and services * Misusing CNI configurations to access internal pods and services You will gain an understanding of these attacks and how to use them, learn mitigation strategies and pragmatic defences, and be able to protect your clusters to avoid compromise. | https://www.youtube.com/watch?v=7iwnwbbmxqQ | 2022-05-30T20:42:25Z |
| Multi-Cloud Workload Identity With SPIFFE - Jake Sanders & Charlie Egan, Jetstack | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Multi-Cloud Workload Identity With SPIFFE - Jake Sanders & Charlie Egan, JetstackWithin a single cloud provider, accessing secured APIs using your own workload identity is simple. Cloud SDKs used by application developers know how to retrieve identities and credentials from the cloud environment for each workload based on its context. A cloud administrator can then assign permissions to these identities which allow access to the required APIs. This is seamless for developers - simply calling an API in their code just works, while behind the scenes the network call is cryptographically authenticated / authorized. Unfortunately for the user, this identity is cloud-specific. With few alternatives, this often leads to long-lived credentials being mounted into workloads instead. This is less secure and harder to use. This presentation will show an alternative solution which combines features of open source CNCF projects Kubernetes, cert-manager, cert-manager-csi-driver-spiffe, cert-manager-trust and spiffe-connector to expand your SPIFFE trust domain to any cloud. | https://www.youtube.com/watch?v=vKRUq56xDiE | 2022-05-30T20:43:13Z |
| Throw Away Your Passwords: Trusting Workload Identity - Ric Featherstone, ControlPlane | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Throw Away Your Passwords: Trusting Workload Identity - Ric Featherstone, ControlPlaneTrust is required to secure our systems: we need it to bootstrap infrastructure, to run workloads, and to reassure our customers of their privacy. But how do we establish and secure this "trust" in a dynamic cloud native system?Historically we relied upon identifiers such as IP addresses, passwords, and certificates, but can we do better than these antiquated authentication mechanisms? In this talk we: Demystify machine identity and its relationship to secrets management and access control Discuss the issues with historical approaches in a cloud native environment Solve the "bottom turtle" trust bootstrap quandary Appraise the open source implementations and technologies available to you Demonstrate practical examples of how to acquire a workload identity or secret zero Strive for a world in which passwords and static keys are replaced by dynamic credentials and hardware roots of trust | https://www.youtube.com/watch?v=z-JxZblhCG8 | 2022-05-30T20:43:13Z |
| Too Much to Choose – Making Sense of a Smorgasbord of Security Standard- Anais Urlichs & Rory McCune | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Too Much to Choose – Making Sense of a Smorgasbord of Security Standards - Anais Urlichs & Rory McCune, Aqua SecurityAs time goes by, there are an increasing number of security standards which Kubernetes cluster operators may be asked to comply with or get audited against. This talk will look at how Kubernetes security standards like the CIS benchmarks, DISA STIG, Pod Security Standards and the NSA hardening guide compare, where they compare and where they don’t. Additionally, we will also cover the recently released PCI guidance on container orchestration security. Once a standard has been chosen, the remaining pain lies in compliance. Luckily, the cloud native ecosystem provides several open-source tools to make it easier. We will look at using open source tooling to assess Kubernetes clusters against these standards. At the end of the presentation, the audience will gain a clear understanding of the benefits of each standard and the processes that can be adopted to comply with common requirements. | https://www.youtube.com/watch?v=yKqqCxvlDeE | 2022-05-30T20:43:13Z |
| Full Mesh Encryption in Kubernetes with WireGuard and Calico - Peter Kelly, Tigera | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Full Mesh Encryption in Kubernetes with WireGuard and Calico - Peter Kelly, TigeraEncrypting data-in-transit is an important feature for many Kubernetes users especially for compliance and a zero-trust model. There are several ways this can be achieved, including using WireGuard, an exciting new lightweight VPN in the Linux kernel. This talk explains why you would choose WireGuard for this task and how it can work in a dynamic platform such as Kubernetes using Project Calico to provide a full host-to-host encrypted mesh at a layer below your application workloads. WireGuard is popular for good reason; lightweight, fast, scalable and easy. We’ll show you how easy it is to make it work but also dig in to the implementation details for those who love to sweat the details. | https://www.youtube.com/watch?v=G_jcvYMRUhc | 2022-05-30T20:43:13Z |
| Attacking & Defending Kubernetes TEE Enclaves in Critical Infrastructure - Robert Ficcaglia | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Attacking & Defending Kubernetes TEE Enclaves in Critical Infrastructure - Robert Ficcaglia, SunStone Secure, LLCTrusted Execution Environments (TEE)s are a feature of Intel, AMD, ARM and other chip platforms, widely available on public clouds for high security infrastructure. Kubernetes can be deployed with TEE enclaves to create a Trusted Computing Base (TCB) which can cryptographically protect the compute and memory environment for the Kubernetes control plane, data flows, and CI/CD pipelines on-chip. This greatly reduces the attack "surface area" and reduces 3rd party supply chain risks. The session will examine detailed Kubernetes threat models for critical infrastructure and demonstrate how to attack and defend Kubernetes workloads in the context of TEEs. Attendees will learn how to use enclaves to protect the integrity of container images used for workloads, deploy TEE-based Pods,.examine development and operational challenges with TEE usage, and explore compliance benefits including specific policy and control mappings for GDPR, CCPA, PCI, HIPAA and NIST 800-53. | https://www.youtube.com/watch?v=s0ITAQxZffE | 2022-05-30T20:43:13Z |
| Gateway API: Beta to GA - Rob Scott, Google & Nick Young, VMware | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Gateway API: Beta to GA - Rob Scott, Google & Nick Young, VMwareIn the past year, Gateway API has made some significant progress, becoming an official Kubernetes API and graduating to Beta. As part of that process, it gained some exciting new features, including custom policy attachment, advanced rewrite configuration, cross-namespace references, and a lot more. In this talk, we’ll provide an overview of all the new features in Gateway API, demonstrating many of them with different implementations of the API. We’ll then discuss our plans going forward, including new features we’re working on and our goals for a GA release. Most importantly, we’ll share how you can get involved with the project. | https://www.youtube.com/watch?v=YPiuicxC8UU | 2022-05-30T20:43:13Z |
| SIG Contributor Experience Deep Dive - Alison Dowdney, Christoph Blecker, Bob Killen | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.SIG Contributor Experience Deep Dive - Alison Dowdney, Kasten By Veeam; Christoph Blecker, Red Hat; Bob Killen, GoogleThe Kubernetes Contributor Experience Special Interest Group (SIG) is tasked with developing and sustaining a healthy contributor community. Things like feature velocity, community scaling, mentoring, pull request latency, and more all fall within scope of the SIG. In this talk, we will provide an introduction to SIG Contributor Experience, its role within the project, and dive into the various subprojects that support its mission. Additionally, we will provide a general community update and go over how you can get involved. | https://www.youtube.com/watch?v=hD6ZtmEIbEQ | 2022-05-30T20:43:13Z |
| Kubernetes SIG CLI: Intro and Updates - Eddie Zaneski, Katrina Verey, Maciej Szulik | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Kubernetes SIG CLI: Intro and Updates - Eddie Zaneski, Chainguard; Katrina Verey, Shopify; Maciej Szulik, Red HatSIG CLI is the special interest group for the command line tooling of the Kubernetes project. The SIG maintains kubectl, kustomize, and related libraries. In this session the SIG CLI leads will provide an introduction to the SIG and an overview of how to contribute. They will share the work that's been done the past year, an introduction to the KRM Functions subproject, and thoughts on declarative vs. imperative workflows. The session will conclude with open discussion and Q&A. | https://www.youtube.com/watch?v=eOxy1PS5TyQ | 2022-05-30T20:43:13Z |
| Kubernetes IoT Edge Working Group: Edge Device Onboa... Steven Wong, Kate Goldenring, Kilton Hopkins | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Kubernetes IoT Edge Working Group: Edge Device Onboarding and Management - Steven Wong, VMware; Kate Goldenring, Microsoft; Kilton Hopkins, EdgeworxIntegrating I/O and compute devices at edge locations requires automated processes to work at large scale. This session will cover open source tools that support device lifecycles, from secure onboarding and discovery, through monitoring, maintenance, and use in production. We'll survey CNCF, LF Edge, and Eclipse projects designed to extend the cloud to inter-operate with edge devices and I/O; for example, one CNCF project, Akri, discovers edge devices and exposes them as Kubernetes resources. The K8s IoT Edge working group focuses on using Kubernetes as a tool to support applications running on, communicating with, or using information gathered from edge devices. There are opportunities to contribute to the evolution of Kubernetes to better serve edge use cases. We will close with details on how you can get involved with the community effort to help this happen. | https://www.youtube.com/watch?v=CMthyqMhuq4 | 2022-05-30T20:43:13Z |
| What Is the CNCF TAG Observability and How You Can Join Our Effort! | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.What Is the CNCF TAG Observability and How You Can Join Our Effort! - Bartłomiej Płotka, Red Hat; Alolita Sharma, Amazon; Richard Hartmann, Grafana Labs; Matthew Young, EverquoteThe Technical Advisory Groups (TAGs, formerly SIGs) were created by the CNCF to help provide technical guidance and expertise across projects pertaining to a specific domain. One of the domains that are continuously demanded and show great innovation within the cloud-native ecosystem is Observability. In this talk, the TAG Observability co-chairs and team lead will introduce the activities we do with TAG members and the community. You will learn what has been done so far and how you can join us in our efforts to improve the observability ecosystem around us. We are looking for a diversity of skills and backgrounds, so we can give out more supporting materials and best practices for end-users and contributors around monitoring and observability. The audience will learn what TAG Observability is responsible for, how to contribute and where to find us. Hopefully, this talk will inspire your to join our Observability community! | https://www.youtube.com/watch?v=50s0XrD-ZEQ | 2022-05-30T20:43:13Z |
| The Maintainer's Toolkit: Must-know CNCF Resources for Project O... Catherine Paganini & Dawn Foster | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.The Maintainer's Toolkit: Must-know CNCF Resources for Project Owners - Catherine Paganini, Bouyant & Dawn Foster, VMwareWhether you are trying to build an active, welcoming community, manage contributors' expectations, or motivate members to take on more responsibility, managing an open source project can feel overwhelming. During this talk, TAG Contributor Strategy leads will discuss CNCF resources available to project owners to help achieve exactly that. You'll learn what resources are available, where to find them, and how to get involved to develop new resources for your project and others. Developed for maintainers by maintainers, these resources help projects implement battle-tested best practices from fellow project owners. They include templates for a contributing guide, contributor ladder, governance frameworks, security disclosures, and more. Plus general guidance to grow your contributor base. There is no need to reinvent the wheel. Whatever challenge you are facing today, someone surely solved it before. Join this community to exchange ideas, learn from one another, and build a thriving ecosystem of successful open source projects. | https://www.youtube.com/watch?v=0Rj5Xofd-Rk | 2022-05-30T20:43:13Z |
| Backstage: Restoring Order To Your Chaos - Dave Zolotusky, Spotify | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Backstage: Restoring Order To Your Chaos - Dave Zolotusky, SpotifyThe CNCF Landscape is a complex ecosystem of frameworks, technologies, and platforms. Your teams have their own implementations of these technologies. Onboarding new developers is super confusing, and docs are scattered around the place. In short: chaos. The solution to this might be… another portal? Backstage (https://backstage.io), a platform you can use to build your own developer portal. It is highly customisable and adopted by companies like Expedia, Netflix, American Airlines, and Epic Games. Dave will share why Backstage was developed at Spotify, how it became the core of their developer experience, and a CNCF project. You’ll get a quick tour of Backstage, the plugin ecosystem, and some of the key use cases for Backstage. Then he will dig into the Software Templates feature. How templates can help developers quickly get started with new code repositories. He will also cover how you can create custom templates to have your organizations best practices built-in, right from the start! | https://www.youtube.com/watch?v=AlQYP88N3Og | 2022-05-30T20:43:13Z |
| Prometheus Intro and Deep Dive - Julius Volz, Björn Rabenstein, Matthias Rampke | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Prometheus Intro and Deep Dive - Julius Volz, PromLabs; Björn Rabenstein, Grafana Labs; Matthias Rampke, SoundCloudAs the 2nd oldest project in the CNCF, you have probably heard about Prometheus before. Nevertheless, the project maintainers will give you an introduction from the very beginning, followed by a deep dive into the exciting new features that have been released recently or are in the pipeline. You will learn about many opportunities to use Prometheus, and maybe we can even tempt you to contribute to the project yourself. | https://www.youtube.com/watch?v=eM3RXdK1yys | 2022-05-30T20:43:13Z |
| SIG Cloud Provider: Portable K8s Across all Clouds, Roadmap and Updates - Nick Turner & Steve Wong | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.SIG Cloud Provider: Portable K8s Across all Clouds, Roadmap and Updates - Nick Turner, Amazon & Steve Wong, VMwareCloud Provider code allows Kubernetes to run on top of different platforms, with an implementation for each. The agenda will include: An overall status report on removing the cloud provider code from the main Kubernetes repository to “out of tree repositories; “Lightning talks” for individual cloud providers, reporting efforts, accomplishments, and roadmap for features and getting "out-of-tree". We’ll also discuss the plans to handle cloud provider migration - including interesting topics like building and migrating to cloud controller managers, and kubelet image credential providers. The goal of SIG Cloud Provider is to promote a vendor-neutral ecosystem for our community. We will close with details on how you can get involved with the SIG as either a cloud infrastructure supporter, a K8s distribution author, or a K8s user. | https://www.youtube.com/watch?v=FNcnQ5QlUco | 2022-05-30T20:43:13Z |
| What's New in Operator Framework? | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.What's New in Operator Framework? - Jonathan Berkhahn, IBM; Varsha Prasad, Jesus Rodriguez & Austin Macdonald, Red HatThis session covers recently added features in Operator Framework, particularly the Operator SDK CLI. We'll walk through scaffolding a Java operator using the newly-added Quarkus plugin, discuss how to add custom login to a Helm operator with the Hybrid-Helm feature, or how to best test your operator. | https://www.youtube.com/watch?v=XaIXWHKuzzI | 2022-05-30T20:43:13Z |
| Deleted video | This video is unavailable. | https://www.youtube.com/watch?v=RInVKuyb2DM | 2022-05-30T20:43:13Z |
| Building for the (Inevitable) Next Cloud Outage - Pavel Nikolov, Section | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Building for the (Inevitable) Next Cloud Outage - Pavel Nikolov, SectionIt seems that every few months we hear about the widespread impact of a major cloud outage. Cloud outages are unpredictable and inevitable; this is what keeps SRE teams up at night. Public cloud remains the most popular data center approach among the cloud native community, with multi-cloud growing in adoption. However, adopting a multi-cloud strategy isn’t as simple as hitting the go button. In this session, we will demonstrate how to deploy a Kubernetes application across clusters in multiple clouds and regions with built-in failover to automatically adapt to cloud outages. You will witness how BGP directs traffic across clusters in a healthy state. Then, we will take one of the clusters offline and show how workloads are automatically rescheduled and traffic is rerouted to healthy clusters in real-time. We will dive into the technologies and logic that are driving this engine and discuss how you can build this type of resilience into your own applications. | https://www.youtube.com/watch?v=02a8VB__UQ4 | 2022-05-30T20:43:13Z |
| Why Kubernetes Can't Get Around FinOps – Cost Management Best Pra... Vanessa Kantner & Manuela Latz | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Why Kubernetes Can't Get Around FinOps – Cost Management Best Practice - Vanessa Kantner & Manuela Latz, Liquid ReplyAnyone with the right permissions on a cloud provider can acquire resources or spin up Kubernetes Clusters. While developers can joyfully make cloud spending explode, traditional finance and procurement departments look around in wonder. The FinOps approach and the Foundation, which coined the word, dedicate itself to continuously enhancing best practices around cloud financial management. Managing Kubernetes resources is the masterclass of it. Having cost transparency and control over many dynamically scaling containers across many server instances can be difficult. Vanessa and Manuela share the experience in monitoring Kubernetes costs and planning budgets accordingly. This session covers how engineers – responsible for incurring costs – can support cloud cost management to prevent overspending and how this approach enables and empowers colleagues from finance, procurement and business in their daily doing. This, in turn, gives the engineer more freedom to explore new solutions. | https://www.youtube.com/watch?v=zqJ9CqaQpYw | 2022-05-30T20:43:13Z |
| Transparent Live Migration of Services Between Kubernetes Cluster - Adam Janikowski & Jörg Schad | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Transparent Live Migration of Services Between Kubernetes Cluster - Adam Janikowski & Jörg Schad, ArangoDBOperating a distributed database on a single Kubernetes cluster is interesting, but how about transparently migrating it from one cluster to another–potentially between different cloud providers– without impacting user workloads? Kubernetes has become the de facto default deployment for ArangoDB, a distributed Graph database. Consider for example ArangoDB Oasis, a managed Cloud Database service with over 200 deployments (aka highly available database clusters) across three major cloud providers and many regions. But outages, (Kubernetes) upgrades, resource considerations, and cost optimizations require the underlying infrastructure to be very dynamic including migration between Kubernetes cluster, datacenter, or even cloud providers. This talk provides insights into how Kube-Arango, the OSS operator for ArangoDB, supports live migration of distributed stateful applications without impact on users. Challenges in such migration include for example networking, DNS, and persistent data. | https://www.youtube.com/watch?v=l-2yy-wtyBQ | 2022-05-30T20:43:13Z |
| Reproducing Production Issues in your CI Pipeline Using eBPF - Matthew LeRay & Omid Azizi | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Reproducing Production Issues in your CI Pipeline Using eBPF - Matthew LeRay, Speedscale & Omid Azizi, New RelicObserving production workloads with enough detail to find real problems is difficult, but it's getting easier with the community adoption of eBPF. As the technology becomes better understood, tools like Falco, Cilium and Pixie are increasingly appearing in production clusters. But have you ever considered using eBPF data to help with unit tests, Continuous Integration and load testing? This talk will explain the basic technology behind eBPF while presenting some examples of how to use data collected via eBPF for a variety of software quality use cases. We'll use the Pixie CNCF sandbox project to pull data and replicate production issues on the developer desktop for debugging. You'll also get some ideas on using those calls in your Continuous Integration pipeline to sanity check builds before they are deployed. Included in that discussion will be handling some common issues like timestamp skew and authentication. All examples are open source and available after the talk. | https://www.youtube.com/watch?v=_RQLY4KXXG8 | 2022-05-30T20:43:13Z |
| The Soul of a New Command: Adding ‘Events’ to kubectl - Bryan Boreham, Grafana Labs | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.The Soul of a New Command: Adding ‘Events’ to kubectl - Bryan Boreham, Grafana LabsIntroduced as an alpha feature in the Kubernetes 1.23 release, the ‘kubectl alpha events’ command resolves some issues that could not be fixed within the generic ‘kubectl get’ command. Join us to re-live and explore: * How the need for ‘kubectl events’ came about. * How Bryan got involved and how you can, too. * The lifecycle of a Kubernetes enhancement.. * How a kubectl command is structured. * Helper libraries to fetch and print Kubernetes objects, and how you can use them in your own code. * Possible future directions for `kubectl [alpha] events`. | https://www.youtube.com/watch?v=YI1ZuN-OHNw | 2022-05-30T20:43:13Z |
| Case Study: Bringing Chaos Engineering to the Cloud Native Develo... Uma Mukkara & Ramiro Berrelleza | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Case Study: Bringing Chaos Engineering to the Cloud Native Developers - Uma Mukkara, ChaosNative & Ramiro Berrelleza, OktetoThough Chaos Engineering started as a solution for fixing unknown problems at scale, it has evolved in recent years into a totally different practice area. It is now beginning to play a major role in CI/CD apart from Ops and figures as an aid that improves developer experience. Chaos frameworks are beginning to feature in the list of must-have dev tools. In this session, we discuss the role of Chaos Engineering in stepping up the cloud native dev experience and how developers can use cloud native chaos tests to verify the resilience of their application even before the code is merged. Okteto is an open source tool that enables developers to deploy development environments directly in Kubernetes. The community behind Okteto has succeeded with the idea of providing cloud native chaos tests to the developers in their toolset. In this session we take examples of Litmus chaos tests on Okteto and show how developers can run them as part of the development process, rather than just on CI. | https://www.youtube.com/watch?v=KSl-oKk6TPA | 2022-05-30T20:43:13Z |
| How a Couple of Characters (and GitOps) Brought Down Our Site - Guy Templeton & Stuart Davidson | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.How a Couple of Characters (and GitOps) Brought Down Our Site - Guy Templeton & Stuart Davidson, SkyscannerSkyscanner have been enthusiastic adopters of Cloud-Native technologies and practices, adopting Kubernetes, Helm and ArgoCD as well as a wide range of other open-source technologies. However, adopting these technologies and practices in an existing environment doesn’t come without challenges. In this talk, Stuart and Guy will walk you through the longer-term cultural and technical challenges and benefits brought by adopting a GitOps model, as well as digging deeper into a global outage of Skyscanner’s website and mobile apps and how these approaches both exacerbated the problem but also sped up the time to resolution. They’ll then take the opportunity to explain some of the learnings from the incident with the hope that the insight they gained from this catastrophic situation will help you and your organisation not make the same mistakes. | https://www.youtube.com/watch?v=FiEm2zOuHsg | 2022-05-30T20:43:13Z |
| Scaling K8s Nodes Without Breaking the Bank or Your Sanity - Brandon Wagner & Nick Tran, Amazon | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Scaling K8s Nodes Without Breaking the Bank or Your Sanity - Brandon Wagner & Nick Tran, AmazonKubernetes (k8s) has enabled applications to be mostly agnostic to the underlying VM infrastructure it is running on. Many clusters can benefit from the cost savings of utilizing spare VM capacity offerings commonly called Spot. In this session, we will discuss some of the best practices for utilizing spot capacity within a k8s cluster and some of the tools that will make your life easier managing the underlying VM infrastructure. | https://www.youtube.com/watch?v=UBb8wbfSc34 | 2022-05-30T20:43:13Z |
| Tweezering Kubernetes Resources: Operating on Operators - Kevin Ward, ControlPlane | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Tweezering Kubernetes Resources: Operating on Operators - Kevin Ward, ControlPlaneOperators have become prevalent for the automation of repeatable cluster operations, replacing engineers in the Kubernetes configuration process. Although removing human error from the equation solves repeatability issues, Operators are often highly privileged with namespace or cluster-wide access to change resources. A compromised operator allows an attacker to deploy custom workloads very discreetly, and a rogue resource could go completely undetected. This talk asks and shows “what’s the worst that could happen?” to Operators by: - showing you how to threat model core Operator functionality - demonstrating how an Operator-based attacker can modify resources and gain persistence - how to securely appraise and test third-party Operators before trusting them - what to look out for during a code review or security related events. | https://www.youtube.com/watch?v=dcKAr8UNgMQ | 2022-05-30T20:43:13Z |
| How to Migrate 700 Kubernetes Clusters to Cluster API with Zero D... Tobias Giese & Sean Schneeweiss | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.How to Migrate 700 Kubernetes Clusters to Cluster API with Zero Downtime - Tobias Giese & Sean Schneeweiss, Mercedes-Benz Tech InnovationCluster API promises "to simplify provisioning, upgrading, and operating multiple Kubernetes clusters." Do you find it challenging to migrate your existing Kubernetes cluster provisioning to Cluster API? Would you like to benefit from all the features that Cluster API offers and manage your infrastructure the Kubernetes style? At Mercedes-Benz, we run and operate more than 700 Kubernetes clusters and 3,500 machines all over the world in on-premises OpenStack data centers. By migrating to Cluster API, we replaced our legacy provisioning, consisting of Terraform, custom self-written tools and Kubernetes operators. Expect valuable insights on what it takes to transfer production systems into the control of Cluster API with zero downtime and zero customer impact. Get to know the technical challenges of migrating, how they can be solved and how to extend Cluster API functionality to fit your needs. | https://www.youtube.com/watch?v=KzYV-fJ_wH0 | 2022-05-30T20:43:13Z |
| Your Manila CephFS Share Backups Belong to S3 - Robert Vasek, CERN | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Your Manila CephFS Share Backups Belong to S3 - Robert Vasek, CERNBackups. Boring and mundane, until you lose your application data and need it back. Our Kubernetes users at CERN make extensive use of CephFS-backed storage managed by the OpenStack Manila service. Streamlining and automating the process of backups gives them a chance to prepare so that–should a disaster strike–they can recover. In this talk we will delve into the work we have done to make Velero, CephFS, Manila and an S3 store cooperate together, and bring an application back into life. Expect code snippets and demos. By the end of this session, you should have a clear overview of how each component contributes to our current backup and restore workflow in Kubernetes, and how you can integrate this setup into your clusters too. | https://www.youtube.com/watch?v=XfpP9pBTXfY | 2022-05-30T20:43:13Z |
| Autoscaling Elasticsearch for Logs on Kubernetes - Radu Gheorghe & Ciprian Hacman | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Autoscaling Elasticsearch for Logs on Kubernetes - Radu Gheorghe, Sematext Group & Ciprian Hacman, polypolyElasticsearch (and its fork, OpenSearch) is the go-to storage for logs. As with any storage, the cluster likely needs to scale to keep up with the change of load. But autoscaling Elasticsearch isn't trivial: indices and shards need to be well sized and well balanced across nodes. Otherwise the cluster will have hotspots and scaling it further will be less and less efficient. This talk focuses on two aspects: - best practices around scaling Elasticsearch for logs and other time-series data - how to apply them when deploying Elasticsearch on Kubernetes. In the process, a new (open-source) operator will be introduced (yes, there will be a demo!). This operator will autoscale Elasticsearch while keeping a good balance of load. It does so by changing the number of shards in the index template and rotating indices when the number of nodes changes. | https://www.youtube.com/watch?v=ONGqk3xXRTw | 2022-05-30T20:43:13Z |
| Service Mesh at Scale: How Xbox Cloud Gaming Secures 22k Pods with Linkerd - Christopher Voss | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Service Mesh at Scale: How Xbox Cloud Gaming Secures 22k Pods with Linkerd - Christopher Voss, MicrosoftDuring this session, Chris Voss, Senior Software Engineer at Microsoft, will share how Microsoft deployed Linkerd to apply mutual TLS, observability, and reliability to 22,000 meshed pods across 26 clusters. Xbox Cloud Gaming is Microsoft's game streaming service. With over 300 games available in 26 countries. The app is massive: 26 clusters across 18 regions, each with 50+ microservices and 700 to 1,000 pods — all of which are meshed with Linkerd. Chris will cover Xbox Cloud Gaming's Kubernetes and Linkerd journey, including how they: * Applied mutual TLS to 22k pods with zero config * Reduced pod/container monitoring cost by thousands of dollars using Linkerd observability * Integrated Prometheus, Linkerd, Flagger and Azure ADO for progressive delivery. | https://www.youtube.com/watch?v=Mh0Wqu3v8h0 | 2022-05-30T20:43:13Z |
| Implementing Anti-patterns: Kubernetes Cross-namespace Resource Ownership - Tom Coufal, Red Hat | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Implementing Anti-patterns: Kubernetes Cross-namespace Resource Ownership - Tom Coufal, Red HatKubernetes is a very open system allowing developers a great extent of freedom. However it still follows rules, design principles and sets well-described boundaries. It constrains developers to well understood cans and cants. Prohibiting cross-namespace ownership of resources is one of such rules. A namespace scoped resource can't be an owner to a resource in a different namespace. Yet, there always is that one use case that we can't solve in any other way than by smashing through those walls of rules. We will explore why such a use case makes sense. And what challenges rigid namespace isolation brings to integration between Kubernetes native services. We will discover how one can construct a solution to this problem. Without re-implementing or replacing default core services - like the native garbage collection mechanisms. | https://www.youtube.com/watch?v=iWz5AAbbT-c | 2022-05-30T20:44:05Z |
| Cluster API Intro and Deep Dive - Yuvaraj Balaji Rao Kakaraparthi & Vince Prignano, VMware | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Cluster API Intro and Deep Dive - Yuvaraj Balaji Rao Kakaraparthi & Vince Prignano, VMwareThe Cluster Lifecycle SIG is the Special Interest Group that is responsible for building the user experience for deploying and upgrading Kubernetes clusters. Our mission is examining how we should change Kubernetes to make it easier to operate. In this deep dive, we will examine how Cluster API simplifies the cluster management experience for cluster operators by enabling consistent machine management across environments and quick stamping of Clusters using some new exciting features like ClusterClass. | https://www.youtube.com/watch?v=9H8flXm_lKk | 2022-05-30T20:44:05Z |
| Build Your Own Cluster API Provider the Easy Way - Anusha Hegde, VMware & Richard Case, Weaveworks | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Build Your Own Cluster API Provider the Easy Way - Anusha Hegde, VMware & Richard Case, WeaveworksOver the past year, the adoption of Cluster API (CAPI) has been growing with more end-users using it to provision their clusters. And increasingly it’s being adopted inside commercial products and other OSS projects (e.g. EKS-Anywhere). With this growth comes an increase in the variety of the Cluster API Providers you can choose from. What if none of the existing providers suit your use case? Perhaps you want to bring your own hosts or integrate with a custom infrastructure provisioning mechanism. If that's the case, this talk is for you. Come learn from the maintainers of existing CAPI providers on how to get started creating your own provider. It’s hard but at the same time easier than it sounds. Although every provider has unique considerations in its offering, there is a lot of commonality when it comes to writing a provider. This talk will highlight the common patterns, develop and debug workflows, and common pitfalls / gotchas to take into account when writing your own provider. | https://www.youtube.com/watch?v=HSdgmcAAXa8 | 2022-05-30T20:44:05Z |
| Learnings From Providing A Platform API With Kubernetes And Crossplane - Hannes Blut & Jan Willies | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Learnings From Providing A Platform API With Kubernetes And Crossplane - Hannes Blut & Jan Willies, AccentureKubernetes' extensible API has turned it into a de-facto abstraction layer not just for building, deploying and operating cloud-native apps, but also as the control plane for the entire enterprise, to provision and manage cloud resources and complex platform components. This session will be about the journey of Kubernetes and Crossplane at Deutsche Bahn, to provide platform consumers with access to a unified API for deployments, infrastructure provisioning and applications in a manner that is independent from the cloud, addressing compliance and cross-cutting concerns while providing a Kubernetes “native” experience. The journey has not been without challenges, where the platform team has managed technical and functional requirements including an access model in an enterprise environment, user expectations of cloud native infrastructure usage, and issues with excessive API load, shared resources, as well as controllers written by the team and open sourced along the way. | https://www.youtube.com/watch?v=XyR9DGnOpXo | 2022-05-30T20:44:05Z |
| Jet Energy Corrections with GNN Regression using Kubeflow @ CERN - Daniel Holmberg & Dejan Golubovic | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Jet Energy Corrections with GNN Regression using Kubeflow at CERN - Daniel Holmberg & Dejan Golubovic, CERNThe Large Hadron Collider is the world’s largest particle accelerator measuring 27 km in circumference. It accelerates beams of particles in opposite directions almost to the speed of light before making them collide. The particles emerging from the collisions are then measured in large detectors such as the Compact Muon Solenoid. An especially important object of study are so-called jets composed of multiple particles shooting out in the same direction from the collision point. Data-driven methods are used to correct the energy values for these jets, and what we’ll present here is the utilization of Kubeflow to enable state-of-the-art graph neural network based corrections. Kubeflow’s pipeline component allows us to define our machine learning workflow in a well-structured and reproducible manner, and its built-in training operators are used to scale up the training with ease. This work is expected to pave the way for future adoption of Kubeflow among the physics community at CERN. | https://www.youtube.com/watch?v=iqbsbXZDjs8 | 2022-05-30T20:44:05Z |
| Kubernetes as a Substrate for ATLAS Compute - Fernando Barreiro Megino & Lukas Heinrich | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Kubernetes as a Substrate for ATLAS Compute - Fernando Barreiro Megino, University of Texas at Arlington & Lukas Heinrich, TU MünchenThe ATLAS experiment at CERN is one of the largest scientific machines built to date and will have ever growing computing needs as it explores higher energy and luminosity proton collisions. Recent R&D on the integration of cloud infrastructures with ATLAS' Worldwide LHC Computing Grid resources identified Kubernetes as a commonly available, ideal substrate. While Kubernetes is widely known for its service management capabilities, it also offers powerful batch controllers for containerised workloads. We exploited these capabilities to build ephemeral batch clusters with over 100k vCPU to process tasks that require quick turnaround, make available GPU resources that are not widely available in our own infrastructure, or create interactive facilities, where users can easily spin up private clusters for their distributed analysis from a notebook. | https://www.youtube.com/watch?v=6dA43w08wLI | 2022-05-30T20:44:05Z |
| Scaling and Orchestrating “Good Bot” With Kubernetes - Aris Cahyadi Risdianto | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Scaling and Orchestrating “Good Bot” With Kubernetes - Aris Cahyadi Risdianto, National University of Singapore (NUS)During testing in the testbed, we need to emulate the production environment where there is plenty of normal traffic from the real users. High-quality normal traffic generated by the ‘human’ operator, has a significant impact on the testing results. Since the scale of testing is growing, increasing the number of operators is not practical and not cost-effective, so automating the generation of realistic normal traffic is becoming necessary. A BotNet can launch large-scale DDoS by orchestrating thousands of "infected" clients or “bad bots”. Similarly, if we can deploy thousands of human activity agents or “good bots” and orchestrate them together, we can generate a large number of emulated normal traffic from users. This talk will show how to utilize Kubernetes to orchestrate a large number of containerized bots to execute human activities in the testbed. Each bot is customized with special logic of activity workflows and it can be scaled and controlled by the orchestrator in real-time. | https://www.youtube.com/watch?v=q6GuhXOU7ao | 2022-05-30T20:44:05Z |
| Cloud-Native Building Blocks: An Interactive Envoy Proxy Workshop - Adam Sayah & Jim Barton, Solo.io | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Cloud-Native Building Blocks: An Interactive Envoy Proxy Workshop - Adam Sayah & Jim Barton, Solo.ioEnvoy Proxy is a foundational layer for many of the innovations propelling the Kubernetes community, including service meshes and cloud-native API gateways. But many engineers understand it only as a black-box, hidden by simplifying levels of abstraction. The purpose of this workshop is to provide a hands-on workshop that will bridge those gaps in Envoy understanding. Participants will explore first principles regarding Envoy architecture, filter chains, and a day-in-the-life of a request. Users will then put those principles to work interactively. Every participant will have access to a computing environment via their web browsers to a Kubernetes K3s platform provisioned with Envoy and supporting tools. From there, users will explore the life of a request through a maze of transforms, custom processing with WebAssembly, and request routing. They will further learn to employ standard Envoy tools like metrics, access logging, and the Tap filter to solve real-world problems. | https://www.youtube.com/watch?v=SNM-wnyRR8U | 2022-05-30T20:44:05Z |
| Why, How to, and Issues: Tail-Based Sampling in the OpenTelemetry Collector - Reese Lee, New Relic | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Why, How to, and Issues: Tail-Based Sampling in the OpenTelemetry Collector - Reese Lee, New RelicWhen you are running OpenTelemetry in production and your services are producing a firehouse of spans, the traditional and default head-based sampling approach won’t cut it. This is because traces are sampled at initiation, which can be useful for some environments, but for larger systems, it can mean you miss out on key trace data. This is where configuring the Collector to sample your traces after they have fully completed–tail-based sampling–becomes a great option. In this talk, you’ll learn about head- and tail-based sampling, and why the latter approach is useful for obtaining the highest level of granularity in troubleshooting. You’ll learn how to configure your OpenTelemetry Collector to do this, and see the implementation in a suite of microservices, with traces exported to Jaeger. You’ll also learn of the current issues with implementing tail-based sampling in the OpenTelemetry Collector in production so you can take the challenges into account for your own deployments. | https://www.youtube.com/watch?v=l4PeclHKl7I | 2022-05-30T20:44:05Z |
| Prometheus Sparse High-Resolution Histograms in Action - Ganesh Vernekar, Grafana Labs | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Prometheus Sparse High-Resolution Histograms in Action - Ganesh Vernekar, Grafana LabsSparse high-resolution histograms are going to totally revamp how Prometheus works with histograms. Maybe you have heard about the ongoing development efforts in previous talks. Now, for the first time, you will witness a complete working setup, from instrumentation over ingestion, storage, and querying all the way to graphical representation. Ganesh will demonstrate the breathtaking possibilities of these histograms, which include precise quantile estimations and high-resolution heatmaps, both aggregated and partitioned at will, even if, over time or between different targets, histograms of different resolutions are involved. Accompanied by benchmark results from real world load. | https://www.youtube.com/watch?v=T2GvcYNth9U | 2022-05-30T20:44:05Z |
| Alerting in the Prometheus Ecosystem: The Past, Present and Future - Josue (Josh) Abreu | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Alerting in the Prometheus Ecosystem: The Past, Present and Future - Josue (Josh) Abreu, Grafana LabsOne of the most important functionalities of Prometheus is being able to alert based on your metrics. The Prometheus Alertmanager is a critical piece of cloud native observability, and in this talk, Josue wants to share a bit more of its past, present and future. About a year ago, he set out on a path to improve scaling in the Cortex Alertmanager component, then he decided to include the Alertmanager within Grafana to continue fostering open source collaboration. For the future, his plan is to take all the good parts of what he learned on this journey back to the Prometheus Alertmanager thus going full cycle. He’ll cover: The Prometheus Alertmanager and the benefits of its modular architecture (past) The benefits of the new architecture of the Cortex Alertmanager: Like Cortex but for Alerts (past) Inclusion of the Prometheus Alertmanager within Grafana (present) The future of the Prometheus Alertmanager (future). | https://www.youtube.com/watch?v=9AX8u-bt4J8 | 2022-05-30T20:44:05Z |
| Better Reliability Through Observability and Experimentation - Julie Gunderson & Kerim Satirli | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Better Reliability Through Observability and Experimentation - Julie Gunderson, Gremlin & Kerim Satirli, HashiCorpSite Reliability Engineering (SRE) treats reliability as a software problem, but it really is an organizational problem that requires a different mindset. When the reliability of our service drops, so does our ability to create value for the organization we represent. In this talk, Julie and Kerim will take the audience on a guided journey, starting with how to determine if and how workloads are misbehaving and ending with practical approaches to improve reliability. Through simulated outages (of all types!), observability, and analysis, Julie and Kerim will show attendees how to catch and prepare for service disruptions. Going beyond deployments, attendees will also learn how to combine OpenTelemetry and OpenTracing to instill reliability into their systems. | https://www.youtube.com/watch?v=DeewkVL3RWI | 2022-05-30T20:44:05Z |
| OpenTelemetry: The Vision, Reality, and How to Get Started - Dotan Horovits, Logz.io | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.OpenTelemetry: The Vision, Reality, and How to Get Started - Dotan Horovits, Logz.ioEveryone wants observability into their system, but find themselves with too many vendors and tools, each with its own API, SDK, agents and collectors. In this talk Horovits will present OpenTelemetry, an ambitious open source project with the promise of a unified framework for collecting observability data. With OpenTelemetry you could instrument your application in a vendor-agnostic way, and then analyze the telemetry data in your backend tool of choice, whether Prometheus, Jaeger, Zipkin, or others. Horovits will cover the current state of the various projects comprising OpenTelemetry (across programming languages, exporters, receivers, protocols and more), some of which are not even GA yet, and provide practical guidance on how to get started with OpenTelemetry in your own system. | https://www.youtube.com/watch?v=qE1ggEmvz2Y | 2022-05-30T20:44:05Z |
| Operating Prometheus in a Serverless World - Colin Douch, Cloudflare | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Operating Prometheus in a Serverless World - Colin Douch, CloudflareThe traditional Prometheus configuration makes several assumptions about the architecture of the systems that it is monitoring that fail to be met in the world of Serverless Architectures. With the increasing adoption of Serverless computing in Distributed Systems architectures, the question then arises of how to achieve the same insight into them that we can achieve with more traditional architectures. In particular, with Timeseries Metrics, the choice is often to choose between substandard upstream offerings (such as the Prometheus Pushgateway), or capitulate to vendor lock-in and utilise a platform provided by your Cloud provider. So if we want to continue to use our existing Prometheus systems, then what choices do we have? This talk will cover the issues around existing solutions, Colin's solution to these issues that is currently in production at Cloudflare, and where we can go in upstream to make the experience better going forward. | https://www.youtube.com/watch?v=Zln_Kvv7hxY | 2022-05-30T20:44:05Z |
| Registries After Dark, Part 2: Distributed Random Access Merkledags - Daniel Mangum & Jason Hall | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Registries After Dark, Part 2: Distributed Random Access Merkledags - Daniel Mangum, Upbound & Jason Hall, ChainguardOur friend the registry is back and is getting into more mischief than ever. After stretching the OCI image and distribution specifications to implement a registry that acts as a chat server, Dan and Jon have continued to exploit the generality of the spec to support more use cases. In this session, they’ll move beyond what actually happens when you “push” and “pull” or use tags as identifiers. Taking a step back and looking at the landscape of hosted registries offers a unique view of the capabilities of this network of systems we all rely on - capabilities exhibited by other systems we are familiar with: computers. Attendees will join Dan and Jon on a crash course through the history of computer architecture, making stops along the way at Turing machines, load-store architectures, and compiler design, before finding themselves faced with a new definition of DRAM: Distributed Random Access Merkledag. | https://www.youtube.com/watch?v=Xt_G-pUArTM | 2022-05-30T20:44:05Z |
| Keep Calm and Containerd On! - Anusha Ragunathan, Intuit Inc | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Keep Calm and Containerd On! - Anusha Ragunathan, Intuit IncLetting go isn't easy! Especially when it comes to your Kubernetes cluster’s CRI implementation. Like most big Kubernetes deployments, Intuit’s 200+ clusters with 20000 nodes were running ‘dockerd’ as the CRI runtime, with dependencies on the docker API and CLI. We migrated our fleet of clusters to ‘containerd’. Whether you have a complicated Kubernetes installation with customized cluster addons or a simple set of clusters, you will be affected by the upcoming removal of dockerd from upstream Kubernetes. Come listen to us, learn from our journey and be prepared to make this migration smooth and seamless. We will share lessons learned migrating clusters to containerd. From issues faced with log management, SELinux and GPU support, to rewiring cluster addons related to CNI and runtime security, this talk is about Intuit’s journey moving to containerd. We will also talk about rollout of containerd to our production clusters and how we handled compatibility issues during cluster upgrades. | https://www.youtube.com/watch?v=nQAvkHJ4xak | 2022-05-30T20:44:05Z |
| Cloud Native Mentorship: Tips for Being a Great Mentor to CNCF Students - Lucas Servén Marín | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Cloud Native Mentorship: Tips for Being a Great Mentor to CNCF Students - Lucas Servén Marín, PrivateThe CNCF and broader Linux Foundation offer generous mentorship programs that connect students around the world with open source projects. The whole open source community can benefit from and grow thanks to these opportunities, however, many technically talented maintainers are not trained as teachers or equipped with the tools to lead student projects. So what can open source maintainers do to help ensure mentees are successful in their cloud native journeys? And more broadly, how can maintainers use these opportunities to build a long lasting and inclusive community? In this talk, Lucas discusses challenges, successes, and lucky breaks he experienced through two years of non-stop mentorship as a maintainer of Thanos. Based on these lessons, he provides concrete strategies and tips that Thanos mentors and mentees have leveraged to communicate effectively and empathically and to meet the community's goals, whatever they may be. | https://www.youtube.com/watch?v=9xBFHboKDi0 | 2022-05-30T20:44:05Z |
| You're a Community Manager? But What Do You REALLY Do?! - Nanci Lancaster & Karen Chu | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.You're a Community Manager? But What Do You REALLY Do?! - Nanci Lancaster, VMware & Karen Chu, MicrosoftWhen it comes to open source software, having a strong, active community that feels supported is imperative to success. Oftentimes, maintainers are tasked with an abundance of responsibilities but are also expected to set aside time to inform and engage with community members such as users, contributors, and others who are interested in the project. This is where community managers can step in to alleviate the burden and provide support.For those who are trying to understand what this hard-to-define role is, the responsibilities involved, and the value of having a community manager dedicated to your project, join Nanci (community manager for Carvel and Tanzu Community Edition(TCE) Open Source Software projects) and Karen (community manager for Helm and other CNCF projects) for a breakdown of what a community manager role can look like and the value of the role as they cover topics including:• Maintainer and Contributor experience• Events• Social media/communications• GitHub Repo Health• Community Meetings | https://www.youtube.com/watch?v=FQucIjAqZrY | 2022-05-30T20:44:05Z |
| GitOps to Automate the Setup, Management and Extension a K8s Cluster - Kim Schlesinger, DigitalOcean | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.GitOps to Automate the Setup, Management and Extension a K8s Cluster - Kim Schlesinger, DigitalOceanIn this workshop, you will experience the power of Infrastructure as Code and GitOps to automate the provisioning, modification, and extension of a Kubernetes cluster. Join me to learn how to use Terraform to spin up a Kubernetes cluster and install FluxCD, which will watch a GitHub repo and automatically apply any changes made via git commit. In order to keep all of your credentials like secrets, passwords, and tokens in your GitHub repo, we will show you how to use the sealed-secrets project to enable one-way encrypted secrets that can only be decoded inside the cluster. Finally, you will install and use Crossplane to provision digital infrastructure from inside your Kubernetes cluster, including resources from different cloud providers, giving you a chance to experiment with multi-cloud infrastructure. | https://www.youtube.com/watch?v=rra7TkYOnko | 2022-05-30T20:44:05Z |
| Understanding Kubernetes Through Real-World Phenomena and Analogies - Lucas Käldström | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Understanding Kubernetes Through Real-World Phenomena and Analogies - Lucas KäldströmHow is the Kubernetes controller model similar to a taxi driver? Why is Kubernetes so differently designed compared to similar systems? How has the second law of thermodynamics and randomness theory shaped Kubernetes design? How the shift from traditionally managing servers to using Kubernetes operators similar to the Industrial Revolution? This talk offers the audience a unique perspective into why Kubernetes is designed the way it is. Kubernetes is often described as designed from “decades of experience”, but it is not as often mentioned what that means in practice. Quite conversely, many newcomers to Kubernetes find it “too complex”. Why is it, or why is that the impression? After this talk, the audience can make sense out of why Kubernetes does what it does. This by learning the fundamental design philosophies of Kubernetes and cloud native through well-known phenomena and real-world analogies. With the right mental model, hopefully it doesn’t seem overwhelmingly complex anymore. | https://www.youtube.com/watch?v=GpJz-Ab8R9M | 2022-05-30T20:44:05Z |
| From `docker push` to Bytes on Disk: Inside Distribution - Wayne Warren & Adam Wolfe Gordon | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.From `docker push` to Bytes on Disk: Inside Distribution - Wayne Warren & Adam Wolfe Gordon, DigitalOceanIf you use containers, at some point you've probably done a `docker pull` or a `docker push`. But, have you ever thought about how those operations work? How does a container image travel to persistent storage in the cloud? What does it look like when it gets there? We hadn't thought much about these questions until we started building DigitalOcean Container Registry (DOCR) on top of the CNCF Distribution codebase in 2019. Working on DOCR required us to learn a lot of the answers and we're excited to share them. In this talk we'll pull back the curtain on how Distribution works. From your registry client, to the OCI Distribution API, to the CNCF Distribution codebase, to bytes on disk, we'll explain exactly how a container image makes it from your computer to the cloud, what it looks like when it gets there, and what happens when you ask for it back. We'll also touch on less-standardized topics such as authentication and the evolving garbage collection implementation in Distribution. | https://www.youtube.com/watch?v=XQatzE7tZDE | 2022-05-30T20:44:05Z |
| Choosing Cloud Native Technologies for the Journey to Multi-cloud - Adelina Simion, Form3 | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Choosing Cloud Native Technologies for the Journey to Multi-cloud - Adelina Simion, Form3Building, deploying and maintaining systems has become increasingly more complicated in recent years. Now, as engineers look toward migrating to multi-cloud architectures, systems and processes may need to be migrated to new technologies. But what choices are available, how do they fit together and how can the CNCF landscape help? This talk discusses the cloud native technologies that can be used to convert to a multi-cloud architecture and highlights some of the lessons learned from taking this journey on at Form3. The audience will learn: - How to decide if multi-cloud is essential for them - The fundamentals of deploying services across multiple clouds with Kubernetes - How to leverage Cilium to mesh together multiple clusters - The basics of event sourcing using NATS in the multi-cloud world - Resilient and performant data storage using CockroachDB This talk is useful for any new comers to the cloud native landscape, as well as those curious about going multi-cloud! | https://www.youtube.com/watch?v=NGuiizWUuaw | 2022-05-30T20:44:05Z |
| Digging Into Your App's Container Image Layers for Sneaky Vulnerabilities - Pablo Galego, VMware | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Digging Into Your App's Container Image Layers for Sneaky Vulnerabilities - Pablo Galego, VMwareMitigating vulnerabilities in container images is, most of the time, a straight-forward task: update the base image, use a newer version of Node or Java, bump the patch version of a project dependency, etc. However, all useful pieces of software are complex and vulnerability scanning tools fall short on explaining why they are flagging some edge-cases. This session walks you through mitigating critical vulnerabilities in popular container images like Java-based ones, from the obvious to the sneaky ones, and how to leverage layer explorer tools to narrow the search field for the latter. It is meant to be a hands-on session, first we will use Aqua’s Trivy scanner to analyze an image generated for a Spring Boot app and then wagoodman's dive to explore in which layer we are introducing a version of a library with critical vulnerabilities, while Maven seems to tell us otherwise. | https://www.youtube.com/watch?v=Yxh3MBRDVBU | 2022-05-30T20:44:05Z |
| Implementing Cert-manager in K8s - Jose Manuel Ortega, Freelance | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Implementing Cert-manager in K8s - Jose Manuel Ortega, FreelanceOne of the best practices from a security point of view is to introduce the management of the certificates that we are going to use to support protocols such as SSL / TLS. In this talk we will explain cert-manager and his implementation in K8s as a native Kubernetes certificate management controller that allows us to manage connection certificates and secure communications through SSL/TLS protocols. Later I will explain the main functionalities and advantages that cert-manager provides, for example it allows us to validate that the certificates we are using in different environments are correct. Finally, some use cases are studied in which to use cert-manager and the integration with other services such as Let's Encrypt or HashiCorp Vault. | https://www.youtube.com/watch?v=X8U6EUFJZQc | 2022-05-30T20:44:05Z |
| Sharing Knowledge: Writing Good Docs for Quick Approval - Jared Bhatti, Waymo | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Sharing Knowledge: Writing Good Docs for Quick Approval - Jared Bhatti, WaymoThe goal of this talk is to increase your ability to write good documentation that gets approved quickly. Good documentation has a profound impact on the visibility, quality, and inclusivity of open source projects. Documentation creates a shared understanding of work, helps onboard new developers, and improves the overall quality and reliability of the project.Based on Jared's experience leading Kubernetes SIG Docs from 2016 to 2020, this presentation walks developers through best practices for creating inclusive, accessible, high quality documentation in pull requests designed for quick approval. This demonstration includes how to structure documentation using content templates, write with clarity and technical accuracy, and avoid common pitfalls that trap PRs in prolonged reviews. | https://www.youtube.com/watch?v=d3XO6pc_g_U | 2022-05-30T20:44:05Z |
| Cloud Native Chaos Engineering with Lit... Karthik S, Umasankar Mukkara & Udit Gaurav, Saiyam Pathak | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Cloud Native Chaos Engineering with LitmusChaos - Karthik S, Umasankar Mukkara & Udit Gaurav, ChaosNative; Saiyam Pathak, CivoThe discipline of chaos engineering has evolved since it was introduced by Netflix a decade ago, mostly as a result of the cloud-native paradigm and the proliferation of Kubernetes as the universal control plane for today's distributed architecture. While the essence and basic principles of chaos remains the same, the way it is operationalized has undergone a paradigm shift, not limited to - the faults themselves, the environments where they are executed, the persona carrying out the experiments, as well as the methods to run them. LitmusChaos is a framework that has been designed to address these newer requirements and enable users to proactively identify weaknesses and improve resilience in their cloud-native setup. This session provides a deep-dive of the project, its goals and how it achieves them. | https://www.youtube.com/watch?v=ItUUqejdXr0 | 2022-05-30T20:44:05Z |
| Introduction to the Kubernetes WG Batch - Aldo Culquicondor & Abdullah Gharaibeh, Alex Wang | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Introduction to the Kubernetes WG Batch - Aldo Culquicondor & Abdullah Gharaibeh, Google; Alex Wang, AlibabaThe Kubernetes Working Group Batch was newly formed in the beginning of 2022. The Working Group aims to be a forum to discuss and propose enhancements to support for Batch (eg. HPC, AI/ML, data analytics, CI) workloads in core Kubernetes. We want to unify the way users deploy batch workloads to improve portability and to simplify supportability for Kubernetes providers. In this session, you will learn about the WG goals and roadmap , as well as the early efforts performed by our contributors. | https://www.youtube.com/watch?v=XeX2zBOykC4 | 2022-05-30T20:44:05Z |
| Kubernetes SIG UI Introduction and Updates - Sebastian Florek & Marcin Maciaszczyk, Shu Muto | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Kubernetes SIG UI Introduction and Updates - Sebastian Florek & Marcin Maciaszczyk, Kubermatic; Shu Muto, NECSIG UI is the special interest group developing Kubernetes Dashboard. In this session the SIG UI leads will provide an overview of what was accomplished over the past year, including new views, functions, internationalizations, leadership changes etc. They will also share plans for the upcoming releases. The session will conclude with an open discussion and Q&A. | https://www.youtube.com/watch?v=3IC7_2Zj1fg | 2022-05-30T20:44:05Z |
| Kubernetes SIG Storage Deep Dive - Xing Yang, VMware & Jan Šafránek, Red Hat | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Kubernetes SIG Storage Deep Dive - Xing Yang, VMware & Jan Šafránek, Red HatKubernetes SIG Storage is responsible for ensuring that different types of file and block storage are available wherever a container is scheduled, storage capacity management (container ephemeral storage usage, volume resizing, etc.), influencing scheduling of containers based on storage (data gravity, availability, etc.), and generic operations on storage (snapshotting, etc.). In this session, we will deep dive into some projects that SIG Storage is currently working on, provide an update on the current status, and discuss what might be coming in the future. | https://www.youtube.com/watch?v=dsEeQqRSg74 | 2022-05-30T20:44:29Z |
| SIG Instrumentation Introduction and Deep Dive - Damien Grisonnet, Red Hat & Patrick Ohly, Intel | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.SIG Instrumentation Introduction and Deep Dive - Damien Grisonnet, Red Hat & Patrick Ohly, IntelKubernetes SIG Instrumentation is responsible for ensuring high quality and consistent instrumentation across the Kubernetes project. We will begin with an introductory overview of the efforts the SIG Instrumentation has worked on in the past and is currently working on. This deep dive session will go into detail about currently ongoing efforts happening within SIG Instrumentation to share with the audience concrete pieces of work to encourage future collaboration. Software engineering and operations are both disciplines practiced in SIG Instrumentation, and any experience will help the special interest group's mission. Join this session to learn how to get involved in SIG Instrumentation to make instrumentation even better! | https://www.youtube.com/watch?v=xxG0-Ex6bjM | 2022-05-30T20:44:29Z |
| SIG Autoscaling Updates and Feature Highlights | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.SIG Autoscaling Updates and Feature Highlights - Michael McCune, Red Hat; Joachim Bartosik, Google; Guy Templeton, Skyscanner; David Morrison, AirbnbCome hear about the latest updates and features from the Kubernetes Autoscaling community. In this talk, we will cover the current status and future plans for the SIG owned projects (Cluster Autoscaler, Horizontal Pod Autoscaler, Vertical Pod Autoscaler), the timeline for deprecating the autoscaling v2beta2 API, improvements to the Vertical Pod Autoscaler API, and a highlight of gRPC extensions to the Cluster Autoscaler. If you are curious about autoscaling in Kubernetes or would like to learn more about how to get involved with this community, come join us! | https://www.youtube.com/watch?v=XWPbWM12r8g | 2022-05-30T20:44:29Z |
| Unraveling the Magic Behind Buildpacks - Sambhav Kothari, Bloomberg & Natalie Arellano, VMware | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Unraveling the Magic Behind Buildpacks - Sambhav Kothari, Bloomberg & Natalie Arellano, VMwareCloud Native Buildpacks makes building container images a breeze. It comes with out-of-the-box support for rebasing, reproducibility, multiple entrypoints and more! In this talk we’ll uncover the magic that the lifecycle - the binary at the heart of CNB - uses to convert source code into OCI images. | https://www.youtube.com/watch?v=Mi_fb5ToOa8 | 2022-05-30T20:44:29Z |
| Thinking Cloud Native, CloudEvents Future - Scott Nichols, Chainguard | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Thinking Cloud Native, CloudEvents Future - Scott Nichols, ChainguardBeing a part of the CNCF brings huge opportunities for us as a community to define and embrace common ways of communicating between the projects with the ultimate goal of integrators selecting and connecting projects and products. We will pitch what this world looks like and how it will turn our collection of projects into an ecosystem of solutions. We then will provide a status of the CloudEvents project with the focus on where we are headed in the working group, including specifications helping with the interoperable discovery of event sinks and sources and the metadata description of events and their contents. We will also touch on the integration of CloudEvents with Open Telemetry. | https://www.youtube.com/watch?v=Y6D0AY5aK-4 | 2022-05-30T20:44:29Z |
| Intro to the Cloud Native Maturity Model - Danielle Cook, Simon Forster, Robbie Glenn & John Forman | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Intro to the Cloud Native Maturity Model - Danielle Cook, Fairwinds; Simon Forster, Stakegy; Robbie Glenn & John Forman, AccentureSince 2021, the Cartografos Working Group has produced the Cloud Native Maturity Model. In this session, the chairs will review the Cloud Native Maturity, discuss the latest updates and inclusions and solicit participation in the group. | https://www.youtube.com/watch?v=gA2CFA-dI7Y | 2022-05-30T20:44:29Z |
| Cilium: Welcome, Vision and Updates - Thomas Graf & Liz Rice, Isovalent; Laurent Bernaille, Datadog | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Cilium: Welcome, Vision and Updates - Thomas Graf & Liz Rice, Isovalent; Laurent Bernaille, DatadogIf you’re interested in using Cilium, or contributing to the project, this session is for you. Our agenda for this session: 1. Introduction to Cilium A brief overview of the origin and vision for Cilium. 2. Working with Cilium An end user's perspective of using Cilium. 3. Cilium Service Mesh Cilium can be used as a highly efficient service mesh data plane. Let’s discuss the learnings from our beta, and the upcoming roadmap. We will leave time for Q&A, and an opportunity to meet Cilium maintainers and contributors. | https://www.youtube.com/watch?v=oXpGYrbmnwQ | 2022-05-30T20:44:29Z |
| Argo’s Vibrant Ecosystem and Community - Alex Collins, Alexander Matyushentsev & Dan Garfield | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Argo’s Vibrant Ecosystem and Community - Alex Collins, Intuit; Alexander Matyushentsev, Akuity; Dan Garfield, CodefreshArgo CD is the most popular Kubernetes GitOps application delivery tool. Argo Workflows is the most popular Kubernetes workflow execution platform. I bet you know about the core Argo projects, but what about the massive rapidly growing ecosystem of projects around them? Have you heard of Argo Events, Argo Rollouts, ApplicationSet, Argo CD Image Updater, Argo CD Vault Plugin, Argo CD Autopilot, Hera Workflows? What about tools such as Kubeflow Pipelines, Katib, SQL Flow, Couler, and Ploomber?. In this session, you’ll learn not just about the core Argo projects, but also get the highlights from several ecosystem projects with demos and best practices. You can address many more use cases by teaming them up with each other. | https://www.youtube.com/watch?v=9tYkxlhXdw4 | 2022-05-30T20:44:29Z |
| CNCF 101 - Kristi Tan, The Linux Foundation & Charley Mann, Cloud Native Computing Foundation | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.CNCF 101 - Kristi Tan, The Linux Foundation & Charley Mann, Cloud Native Computing FoundationJoin us as we take a deep dive into CNCF 101, a great place to learn more about the foundation and how you can get involved. In this session, we'll take a look at the foundation at the basic level and explore the various engagement opportunities whether you are a student, an active participant, or somewhere in between. | https://www.youtube.com/watch?v=goJB2y3XM8g | 2022-05-30T20:44:29Z |
| Threat Modelling Kubernetes: A Lightspeed Introduction - Lewis Denham-Parry, Control Plane | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Threat Modelling Kubernetes: A Lightspeed Introduction - Lewis Denham-Parry, Control PlaneCloud native container and Kubernetes systems bring new threats and risks to our precious workloads. As cloud technologies undergo rapid innovation and new tools and techniques emerge, security can get left behind. The answer to this conveyor-belt of potential insecurity? Threat modelling! Join us for a primer on threat modelling cloud native systems, understanding adversarial techniques and preventative measures, and helping security and engineering teams increase the security and velocity of system delivery. | https://www.youtube.com/watch?v=gkXoYFKqQkE | 2022-05-30T20:44:29Z |
| Emissary + Linkerd: A Guide to End-to-end Encryption for your Cluster - Flynn & Jason Morgan | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Emissary + Linkerd: A Guide to End-to-end Encryption for your Cluster - Flynn, Ambassador Labs & Jason Morgan, BuoyantIn this workshop, members of the Emissary-Ingress and Linkerd teams show the painless way to get four CNCF projects (Emissary, Linkerd, Kubernetes, and Envoy) running smoothly together to provide end-to-end encryption for application calls. They'll guide you through the best practices for using Linkerd and Emissary to give you capabilities like advanced L7 routing, in-cluster mTLS, embedded authentication, rate limiting, and much more. They’ll take you on a tour of each project and show you how they complement each other and make a great addition to your Kubernetes stack. Finally, they'll introduce a reference architecture for running Linkerd and Emissary together and walk you through how to implement it in practice. | https://www.youtube.com/watch?v=3NCAUtW0sck | 2022-05-30T20:44:29Z |
| Make the Secure Kubernetes Supply Chain Work for You - Adolfo García Veytia, Chainguard | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Make the Secure Kubernetes Supply Chain Work for You - Adolfo García Veytia, ChainguardStarting in Kubernetes 1.22, SIG Release started building new security features into Kubernetes releases to make the project a better citizen in the software supply chain. The push to secure the release process has produced tools and processes that have improved the way other projects in the ecosystem are released. At the same time, we have made sure that Kubernetes plays well in the wider chain: verifying what we get from upstream and making sure consumers of our artifacts can trust what they get from us. This talk will give an overview of lessons learned and tools we have created that you can reuse in your own projects to secure your releases. It will center around three key moments and technologies: The initial effort involved producing SBOMs to describe sources and artifacts along with their dependencies. Then, we'll understand the provenance attestations that make the release process SLSA compliant. Finally, we'll see how digital signatures are implemented in the project. | https://www.youtube.com/watch?v=ffiaA__8UAE | 2022-05-30T20:44:29Z |
| Fun with Continuous Compliance - Ann Wallace, Shopify & Zeal Somani, Google | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Fun with Continuous Compliance - Ann Wallace, Shopify & Zeal Somani, GoogleIs it possible to make compliance fun and less stressful? The old way of doing things is to manually gather evidence once or twice a year and hope nothing bad is found during your audit. This is not fun. In this talk, we’ll go over the concepts of continuous compliance and how to apply this to your current DevSecOps program. Zeal will talk about how the Open Security Controls Assessment Language (OSCAL) can be used to create automated control based assessments. Lastly, Ann will walk through how Shopify uses OSS like Falco and Voucher to achieve continuous compliance at scale. You will walk away from this session with information on how you can make compliance fun or at least less painful. | https://www.youtube.com/watch?v=9Q-ZeN6WXg8 | 2022-05-30T20:44:29Z |
| Kubernetes Steering Committee AMA | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Kubernetes Steering Committee AMA - Christoph Blecker, Red Hat; Bob Killen, Google; Tim Pepper & Davanum Srinivas, VMware; Paris Pittman, Apple; Stephen Augustus, CiscoThe steering committee is tasked with decision-making and oversight with all things related to Kubernetes. This panel discussion is a chance for some navel gazing on where we are today, what got us here and where we are headed to next. This will also be a chance for the steering committee to meet face to face with their constituents in the community and wider ecosystem. https://github.com/kubernetes/steering | https://www.youtube.com/watch?v=btAVAVeY_gM | 2022-05-30T20:44:29Z |
| KubeEdge: From Fixed Location to Movable Edge, Latest Updates and... Kevin Wang (Zefeng) & Yin Ding | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.KubeEdge: From Fixed Location to Movable Edge, Latest Updates and Future - Kevin Wang (Zefeng), Huawei & Yin Ding, GoogleKubeEdge is an open source edge computing framework that extends the power of kubernetes from central cloud to edge. Since last met, KubeEdge has made big progress on user adoption, community development, cross-community collaborations. In this talk, Kevin and Yin will cover: 1. latest user adoptions in several new industries, including: cloud native satellite, smart vehicles, offshore oil fields, etc; 2. development updates, including: significant scalability improvement, brand new device mapping interface, 3. Project roadmap, SIG and subproject updates. 4. Useful informations on how new contributors to get involved. There will be an open Q&A for attendees to ask questions. | https://www.youtube.com/watch?v=vN1KOC6wiB4 | 2022-05-30T20:44:29Z |
| Jaeger: Present and Future - Pavol Loffay, Red Hat & Jonah Kowall, Logz.io | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Jaeger: Present and Future - Pavol Loffay, Red Hat & Jonah Kowall, Logz.ioIn this session, we will start with an introduction to the Jaeger distributed tracing project and the basics of distributed tracing. For the deeper dive, we will discuss the future of Jaeger and its relation to OpenTelemetry. We will cover how OpenTelemetry and Jaeger work together to unlock new use cases for operational monitoring using the new monitoring tab, which adds metrics capabilities to Jaeger UI. We will also take a closer look at the Jaeger Kubernetes operator and discuss deployment strategies. Jaeger is the most popular open-source distributed tracing backend. We are always seeking new collaborators, contributors, and users. We need your help! Whether your goal is to get acquainted with Jaeger and distributed tracing or to keep abreast with the latest and greatest, please join us! | https://www.youtube.com/watch?v=NWQD_uCGP6k | 2022-05-30T20:44:29Z |
| Helm Project 2022: How You Can Benefit, Ho... Scott Rigby, Matt Butcher, Martin Hickey, Andrew Block | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Helm Project 2022: How You Can Benefit, How You Can Help - Scott Rigby, Weaveworks; Matt Butcher, Fermyon; Martin Hickey, IBM; Andrew Block, Red HatHelm is a widely used and stable CNCF project that manages packages for Kubernetes, and will continue to dependably deliver what users have grown to love. So, which direction will Helm go in 2022 and beyond? In this session, Helm maintainers will show you why you should continue to be excited about Helm, and what lies ahead. We’ll highlight key features that you can take advantage of – both tried and true features users have grown to love, as well as newly matured features from over the past year. For the dynamic future of Helm, we’ll cover how interested users like you can keep the momentum going by participating and even contributing to the project. We’ll preview what this looks like, from simple tasks that most users can get started with, to helping shape the vision of Helm 4. | https://www.youtube.com/watch?v=mgKSq7ekJJI | 2022-05-30T20:44:29Z |
| Flux Security Deep Dive - Stefan Prodan, Weaveworks | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Flux Security Deep Dive - Stefan Prodan, WeaveworksIn this session Stefan will go deep into the security aspects of Flux v2. We'll start by explaining the Flux authorization model and how it relates to Kubernetes RBAC and account impersonation. Then we'll compare the soft and hard multitenancy models from a GitOps perspective. We'll explore the configuration options on how platform admins can lockdown Flux on multitenant environments and how they can onboard tenants onto clusters using the Flux CLI and Git. Finally we'll talk about the Flux roadmap for 2022. | https://www.youtube.com/watch?v=MjxZcY6THdc | 2022-05-30T20:44:29Z |
| Fluent Bit: Logs, OpenMetrics, and OpenTelemetry all-in-one - Eduardo Silva & Anurag Gupta, Calyptia | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Fluent Bit: Logs, OpenMetrics, and OpenTelemetry all-in-one - Eduardo Silva & Anurag Gupta, CalyptiaObservability continues to be an interesting challenge, data collection for logs, metrics, and traces is an expensive operation and different approaches exist. Fluentd and Fluent Bit have been the long-term defacto standard for logging, but recently the projects expanded their scope to support and assist with Metrics and Traces. Fluent Bit now supports data collection, aggregation, and delivery for the world of OpenMetrics (Prometheus) and OpenTelemetry. In this presentation, you will learn how to collect and aggregate Logs, Metrics, and Traces all together without losing control of your data by connecting different protocols at scale. Fluentd and Fluent Bit embraces OpenMetrics and OpenTelemetry vision, come to learn how to optimize your observability pipelines, and implement the best practices for your production environments. | https://www.youtube.com/watch?v=TciIQVve2V0 | 2022-05-30T20:44:29Z |
| From Kubernetes to PaaS to … Err, What’s Next? - Daniel Bryant, Ambassador Labs | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.From Kubernetes to PaaS to … Err, What’s Next? - Daniel Bryant, Ambassador LabsDevelopers building applications on Kubernetes today are being asked to not just code applications -- they are also responsible for shipping and running their applications, too. We often talk about needing a Kubernetes platform, but are we really looking for a PaaS? Or instead, are we looking for some kind of developer control plane with a Goldilock-sized collection of tools that provides just the right amount of platform? This talk will look back on my experience of building platforms, both as an end-user and now as part of an organization helping our customers do the same. The key takeaways are: - Treat platform as a product - Realize that you can’t have good developer experience (DevEx) without good UX - Focus on workflows and tooling interoperability We’ll wrap this talk with a walk-through of the CNCF ecosystem through the developer control plane lens, and look at what’s next in the future of this important emerging category. | https://www.youtube.com/watch?v=btUYeOa7JPI | 2022-05-30T20:44:29Z |
| Disrupting the Downtime Continuum - Taylor Thomas & Brooks Townsend, Cosmonic | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Disrupting the Downtime Continuum - Taylor Thomas & Brooks Townsend, CosmonicAt this point in Cloud Native development, many people run headlong into the “day 2” operational headaches that come with running containers at scale. One of the most frustrating is handling dependency patching and version migration. We’ve all been there. A vulnerability is released and thus begins a frantic scramble to patch hundreds of container images and release them everywhere. WebAssembly and wasmCloud offer a better way! This demo-heavy talk will start with a brief introduction to WebAssembly and what it can enable. Then we will discuss how wasmCloud leverages WebAssembly to make creating and running an application at scale a breeze. We’ll then demonstrate downtime-free migration, patching, and failover between clouds live on stage with no changes to configuration or code. | https://www.youtube.com/watch?v=wjwKmq16shI | 2022-05-30T20:44:29Z |
| No Docker, No YAML and a Polyglot Developer Experience on Top o... Thomas Vitale & Mauricio Salatino | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.No Docker, No YAML and a Polyglot Developer Experience on Top of Kubernetes - Thomas Vitale, Systematic & Mauricio Salatino, VMwareLet's build a CaaS (Containers-as-a-Service) platform that delivers a similar experience to well-loved solutions like Google Cloud Run and Azure Container Apps. Those platforms allow you to run your applications without the need to know about containers or Kubernetes. They take your source code and remotely build and deploy your software while hiding away the complexity of Docker and Kubernetes. This presentation gives practical advice on how to build such a platform in a cloud provider-agnostic way on top of Kubernetes using only open-source projects.Thomas and Mauricio will show how the platform can scale and provide developers with a polyglot environment to code, build and deploy their event-driven applications. The presentation will cover how tools like Knative, CloudEvents, Buildpacks, func CLI, and popular languages like Java, Go, and Python can be glued together to provide an optimized polyglot developer experience that can be tested and demoed in front of a live audience. | https://www.youtube.com/watch?v=OJwQkFl7gRY | 2022-05-30T20:44:29Z |
| Seeing is Believing: Debugging with Ephemeral Containers - Aaron Alpar, Kasten | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Seeing is Believing: Debugging with Ephemeral Containers - Aaron Alpar, KastenMost Kuberrnetes developers are familiar with the painful process of debugging a pod within a cluster. Fortunately, a new, cutting-edge approach — ephemeral containers — simplifies debugging running pods and more! With ephemeral containers, you can dynamically deploy a container that shares pod resources. These containers use Linux namespaces to share network and process resources so debugging can occur using a container image of your choosing. During this talk, Aaron will cover the what, why and how of ephemeral containers, and the underlying mechanics that make ephemeral containers useful for debugging and testing. | https://www.youtube.com/watch?v=obasTgzhVR0 | 2022-05-30T20:44:29Z |
| The Power of Cloud Native in Financial Institutions - Mateusz Pruchniak, mBank SA | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.The Power of Cloud Native in Financial Institutions - Mateusz Pruchniak, mBank SACloud Native architecture and public clouds have become the standard solution for modern IT for fast innovation, delivering more value to their customers, with dramatically less effort. This is a big challenge, especially for regulated financial sectors such as banking due to the complexity of their legacy systems, and compliance challenges including concerns raised by European regulators. For authorities (EBA, EIOPA, ESMA) having a flexible multicloud strategy and solid foundations for portability and interoperability has never been more relevant. In this session, Mateusz will present a good practice guide offering practical tips and tricks for designing and deploying Cloud Native business-critical systems in Financial Institutions fulfilling the assumption of having an easily portable architecture, with an easily tested Exit Plan and finally minimizing cloud concentration risk. Presented practical ideas can be used for designing from scratch and during migration to Cloud Native. | https://www.youtube.com/watch?v=JcbW31-K49g | 2022-05-30T20:44:29Z |
| Tower of Babel: Making Apache Spark, Kubeflow, and Kubernetes Play Nice - Holden Karau, Netflix | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Tower of Babel: Making Apache Spark, Kubeflow, and Kubernetes Play Nice - Holden Karau, NetflixWorking with big data matrices is challenging, Kubernetes allows users to elastically scale, but can only have a pod as large as a node, which may not be large enough to fit the matrix in memory. While Kubernetes allows for other paradigms on top of it which allows pods to coordinate on individual jobs, setting them up and making them play nice with ML platforms is not straightforward. Using Apache Spark and Apache Mahout we can work with matrices of any dimension and distribute them across an unbounded number of pods/nodes, and we can use Kubeflow to make our work quickly and easily reproducible. In this talk, we’ll discuss how we used Apache Spark and Mahout to denoise DICOM images of lungs of COVID patients and published our Pipeline with Kubeflow to make the process easily repeatable which could help doctors in more resource limited hospitals, as well as other researchers seeking to automate the detection of COVID. | https://www.youtube.com/watch?v=6eLkjPvzKRs | 2022-05-30T20:44:29Z |
| Accelerating High-Performance Machine Learning at Scale i... Alejandro Saucedo & Elena Neroslavskaya | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Accelerating High-Performance Machine Learning at Scale in Kubernetes - Alejandro Saucedo, The Institute for Ethical AI & Machine Learning & Elena Neroslavskaya, MicrosoftIdentifying the right tools for high-performance production machine learning may be overwhelming as the ecosystem continues to grow at break-neck speed. In this industry collaboration we aim to provide a hands-on guide on how practitioners can productionize optimized machine learning models in cloud native ecosystems using production-ready open source frameworks. We will dive into a practical use-case, deploying the renowned GPT-2 NLP machine learning model in Kubernetes leveraging the ONNX Runtime from the Seldon Core Triton server, which will provide us with a scalable production NLP microservice serving the ML model that can power intelligent text generation applications. We will present some of the key challenges currently being faced in the MLOps space, as well as how each of the tools in the stack interoperate throughout the production machine learning lifecycle. | https://www.youtube.com/watch?v=hj_lozIqo5M | 2022-05-30T20:44:29Z |
| How Cookpad Leverages Triton Inference Server To Boost Their Model S... Jose Navarro & Prayana Galih | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.How Cookpad Leverages Triton Inference Server To Boost Their Model Serving - Jose Navarro & Prayana Galih, CookpadThe adoption of MLOps practices and tooling by organizations has considerably reduced the pain points to productionise Machine Learning models. However, with the increase of the number of models available by a company to deploy, the diversity of frameworks used to train those models and the different infrastructure required to run each model, new challenges arise for Machine Learning Platform teams e.g: How can we deploy new models from the same or different frameworks concurrently? How can we improve throughput and optimize resource utilization in our serving infrastructure, especially GPUs? Cookpad ML Platform Engineers will talk in this session how Triton Inference Server, an open-source model serving tool from Nvidia, can simplify the process of model deployment and optimise the resource utilisation by efficiently supporting concurrent models on single GPU or CPU, and multi-GPU servers. | https://www.youtube.com/watch?v=YMtLI1Ub85s | 2022-05-30T20:44:29Z |
| Improving GPU Utilization using Kubernetes - Maulin Patel & Pradeep Venkatachalam, Google | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Improving GPU Utilization using Kubernetes - Maulin Patel & Pradeep Venkatachalam, GoogleKubernetes supports efficient utilization of resources by enabling applications to request the precise amounts of resources it needs. Unlike fractional requests for CPUs, fractional requests for GPUs are not allowed in Kubernetes. GPU resources requested in the pod manifest must be an integer number. This means one GPU is fully allocated to one container even if the container only needs a fraction of GPU for its workload. Without the support for fractional GPUs, GPU resources are invariably over provisioned leading to a wastage. This is especially true for inference workloads that process a handful of data samples in real-time. To address this limitation, we have developed user-friendly solutions that allow a single GPU to be shared by multiple containers thereby improving utilization of GPUs and saving cost. In this talk, we will show the demos of our solutions and share performance results. | https://www.youtube.com/watch?v=X876kr-LkPA | 2022-05-30T20:44:29Z |
| Unlimited Data Science Libraries, One Container Image, No Insta... Guillaume Moutier & Kenneth Hoste | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Unlimited Data Science Libraries, One Container Image, No Installation! - Guillaume Moutier, Red Hat & Kenneth Hoste, Ghent UniversityKubernetes' agility, versatility, and resource scaling make it a platform of choice for data science, especially for shared environments. However, data scientists often need to work with lots of different libraries, languages, and applications, often with multiple versions. Conventional approaches, with a legion of tailored images or a huge 20GB golden image, do not match the reality of production. In this session, we will demonstrate how you can leverage the concept of environment modules inside Kubernetes to solve the challenges of synchronously managing multiple containers of different types, making thousands of scientific libraries, languages and packages dynamically available in a simple way. Inspired by work done and heavily used in the High Performance Computing (HPC) community, we will share a specific implementation that brings this production-proven architecture to Kubernetes and talk about how you can implement it in your own environment. | https://www.youtube.com/watch?v=qexssjXrW8Y | 2022-05-30T20:44:29Z |
| Scaling Open Source ML: How Wolt Uses K8s To Deliver Great Food to Mill... Stephen Batifol & Ed Shee | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Scaling Open Source ML: How Wolt Uses K8s To Deliver Great Food to Millions - Stephen Batifol, Wolt & Ed Shee, SeldonForecasting supply and demand, serving restaurant recommendations and predicting delivery times. These are just a few examples of how Machine Learning is being applied at Wolt. Now with over 12 million users, scaling the ML infrastructure has been a significant challenge. This talk will highlight those challenges and how they were addressed by building an end to end MLOps platform on Kubernetes. You'll learn about the open source frameworks that Wolt integrated, specifically Flyte, MLFlow and Seldon Core. | https://www.youtube.com/watch?v=-TsTDaGrjBM | 2022-05-30T20:45:04Z |
| Supporting Long-Lived Pods Using a Simple Kubernetes Webhook - Clément Labbe, Slack | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Supporting Long-Lived Pods Using a Simple Kubernetes Webhook - Clément Labbe, SlackToday's applications strive to boot fast, be stateless, and handle unexpected terminations gracefully. However, some applications like distributed caches can take a while to warm up to a running state, while batch workers would rather avoid being terminated before they're done. At Slack, such applications found their home in Kubernetes thanks to a two-sided system: one one hand an admission webhook injects tolerations in pods to inform their requirement to be long-lived, and on the other hand a custom service taints nodes with their uptime. This results in pods desiring a long life to be scheduled on young nodes less likely to be terminated early. This talk will first describe how to write a simple Kubernetes admission webhook (https://github.com/slackhq/simple-kubernetes-webhook) to inject tolerations in pods, then move onto the symbiotic node tainting system, and end with gotchas and some metrics on how this long-lived pod support is used at Slack. | https://www.youtube.com/watch?v=ISuV0-8x2uA | 2022-05-30T20:45:04Z |
| Confidential Containers Explained - James Magowan, IBM & Samuel Ortiz, Apple | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Confidential Containers Explained - James Magowan, IBM & Samuel Ortiz, AppleConfidential Containers (https://github.com/confidential-containers) enable cloud native confidential computing (https://confidentialcomputing.io/faq/) leveraging a variety of hardware platforms and technologies, standardising the confidential computing at the container level, helping users to deploy confidential workloads using already familiar workflows and tools; and in this Panel we're bringing together contributors from different hardware vendors, different projects (in different layers of the stack), and different companies to discuss and answer questions about this new complex technology. Topics for discussion will include: * How do we realise the benefits of cloud native confidential computing? * What impact is there to the Cloud Native User Experience? * What new considerations/concepts does confidential containers introduce? Note that this panel is a follow-up on what has been developed since https://www.youtube.com/watch?v=zTn9Xt1k1OA was presented. | https://www.youtube.com/watch?v=rdC2ETvzun0 | 2022-05-30T20:45:04Z |
| Building Digital Twins for DFDS With Crossplane and Kubernetes - Tobias Andersen & Matthias Luebken | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Building Digital Twins for DFDS With Crossplane and Kubernetes - Tobias Andersen, DFDS & Matthias Luebken, UpboundConstant movement and adaptation to change is the story of DFDS, a logistics company from Denmark. Every ship, truck, or warehouse needs to be fully connected and be able to drive autonomous and smart decisions. At the same time, customer and business demands change constantly, and software development teams need to build and update solutions at an ever-increasing rate. In this talk, Tobias and Matthias like to introduce DFDS’s decentralized and distributed problem space and how they have mastered this challenge by introducing Kubernetes based Digital Twins. They will talk about how to align software teams from all over the organization, and how a platform build on top of Crossplane and Backstage can guide and accelerate teams. | https://www.youtube.com/watch?v=zOWLy-eZQas | 2022-05-30T20:45:04Z |
| Network-aware Scheduling in Kubernetes - José Santos, Ghent University | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Network-aware Scheduling in Kubernetes - José Santos, Ghent UniversityRecent applications are latency-sensitive, demanding low latency between microservices in the application. Current scheduling algorithms in Kubernetes aim to reduce costs and increase resource efficiency, which is not enough for applications where end-to-end latency becomes a primary objective. Applications such as databases and multi-tier web services would benefit the most from network-aware scheduling policies that consider latency and bandwidth in addition to default resources (CPU and memory). We introduce a network-aware scheduling framework to tackle this challenge, including two controllers (AppGroup and NetworkTopology) and three scheduling plugins (TopologicalSort, NodeNetworkCostFit, and NetworkMinCost). The framework ensures bandwidth reservations and optimizes the end-to-end application latency since it schedules pods in an application with chained dependencies close to each other. We will show a demo highlighting the benefits of our framework. | https://www.youtube.com/watch?v=E4cP275_OCs | 2022-05-30T20:45:04Z |
| Kubernetes is Your Platform: Design Patterns For Extens... Rafael Fernández López & Fabrizio Pandini | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Kubernetes is Your Platform: Design Patterns For Extensible Controllers - Rafael Fernández López, SUSE & Fabrizio Pandini, VMwareDeveloping Controllers -- as well as other Kubernetes native extensions like admission webhooks -- is quickly becoming a mainstream practice to solve problems in a Kubernetes native way; but while developing a simple controller is pretty straightforward, things become complex as soon as you have behavioral dependencies with other components. But don't worry, this talk will provide you with reusable design patterns derived from the concrete experience and the hard lessons learned by the maintainers of Cluster API and Kubewarden, two projects built around the idea of extensible controllers. How to develop a plug-in system for your controller/admission webhook? How to add to your controller the capability to do RPC calls to pluggable external components? How to orchestrate many controllers co-operating in solving complex tasks? Come to this talk, we got you covered! | https://www.youtube.com/watch?v=I1-s7AxD1Ls | 2022-05-30T20:45:04Z |
| Building a Nodeless Kubernetes Platform - William Denniss, Google Cloud | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Building a Nodeless Kubernetes Platform - William Denniss, Google CloudCan Kubernetes be nodeless, and is nodeless Kubernetes still really Kubernetes? That is the question the Google Kubernetes Engine team asked themselves before embarking on a project to create a new operating mode for their 6-year-old Kubernetes platform, GKE. Go behind the scenes of the creation of GKE Autopilot, a fully managed "nodeless" Kubernetes platform, and hear from one of the creators how it was built, and why various decision decisions were made. Topics covered will include the trade off between operational support, security and Kubernetes compatibility, and why it actually makes sense for nodes to retain their semantic meaning on a nodeless Kubernetes platform. The community has seen several approaches for offering serverless/nodeless Kubernetes to operators, including with technology like Virtual Kubelet. This presentation will break new ground, providing an alternative path to achieving the goals of serverless Kubernetes without removing node-level APIs like affinity. | https://www.youtube.com/watch?v=H2iI9o-qwBE | 2022-05-30T20:45:04Z |
| K8s and Active Directory Can Be Friends! How to Use Dex to Bridge the Gap - Onkar Bhat | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.K8s and Active Directory Can Be Friends! How to Use Dex to Bridge the Gap - Onkar Bhat, Kasten by VeeamSo, you’ve decided to migrate your applications to Kubernetes, but you still want to leverage your legacy Active Directory services to authenticate access to those applications. With Dex, this isn’t just possible, it’s easy! Dex is an identity service that uses OpenID connect to authenticate apps by configuring connectors to defer authentication to an external entity, such as an AD server using the LDAP protocol. Onkar has worked with multiple organizations to help them deploy Dex and configure the LDAP connector to meet such authentication requirements. During this hands-on tutorial, attendees will set up an open source AD server and add users and groups, then configure the Dex LDAP connector. Onkar will guide them through the process step-by-step, then wrap up with a demonstration of how to use Dex to authenticate access to a sample application. You’ll leave with practical experience and confidence to deploy the same configuration in a production environment. | https://www.youtube.com/watch?v=ax0gJPKgsdU | 2022-05-30T20:45:04Z |
| Intro to Kubernetes, GitOps, and Observability Hands-On Tutorial - Joaquin Rodriguez & Tiffany Wang | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Intro to Kubernetes, GitOps, and Observability Hands-On Tutorial - Joaquin Rodriguez, Microsoft & Tiffany Wang, WeaveworksThis tutorial offers newcomers a quick way to experience Kubernetes and its natural evolutionary developments: GitOps and Observability. Attendees will be able to use and experience the benefits of Kubernetes that impact reliability, velocity, security, and more. The session will cover key concepts and practices, as well as offer attendees a way to experience the commands in real-time. The tutorial covers: - kubectl - K9s - Metrics (Prometheus) - Dashboards (Grafana) - Logging (Fluent Bit) - GitOps (FluxCD) Attendees will be able to walk through the steps via a browser-based platform. Instructors will lead the topics and help to troubleshoot. Prerequisites: A computer with a modern browser (Edge, Chrome, Safari, Firefox) GitHub ID with 2FA enabled. | https://www.youtube.com/watch?v=WKvogzTg2iM | 2022-05-30T20:45:04Z |
| The CRDs that Broke the Camel's Back - Alper Rifat Ulucinar, Upbound | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.The CRDs that Broke the Camel's Back - Alper Rifat Ulucinar, UpboundCustom resources are the preferred way to extend the K8s API server with a declarative API. They enable us to implement our very own control planes on top of K8s. K8s has performance guidelines and thoroughly investigated scalability thresholds but no guidelines for CRDs are available yet. Our initial attempts to install 1000s of CRDs revealed severe performance issues related to the API server, such as service disruptions and client-side throttling. And this further led to investigations to reveal the root causes of those issues. This talk aims to discuss how one can troubleshoot API server performance issues using profiling tools and to present some real world data that allowed us to pinpoint the root causes of the scaling issues that we initially hit. As the troubleshooting process is explained, the talk will also deliver some insights into the mechanics of CRDs. We would also like to share some tips in successfully getting changes into upstream and moving the ecosystem forward. | https://www.youtube.com/watch?v=jYiLN0vmncw | 2022-05-30T20:45:04Z |
| Getting the Optimal Service Efficiency That Autoscalers Won’t Give You - Mauro Pessina, Moviri | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Getting the Optimal Service Efficiency That Autoscalers Won’t Give You - Mauro Pessina, MoviriA challenge when tuning a Kubernetes microservices application is identifying the container size (CPU and Memory), due to frequent application changes and varying traffic patterns. Kubernetes autoscalers are the standard solution to automatically adjust Kubernetes container resources for service efficiency. We present the results of an extensive tuning activity we successfully conducted on a Kubernetes application delivering business-critical financial services to SMB customers. Our goal was to minimize cloud cost without compromising on performance of this application. The unexpected result was that configurations minimizing the service cost were not recommended by the autoscaler. Indeed, autoscalers work by adjusting resource sizing wrt the historical usage, without being aware of the actual cost of cloud resources and of the impact on application performance. In our session, we illustrate how you can use our exploratory testing approach we leveraged to get these results. | https://www.youtube.com/watch?v=Z-G6yMavQrU | 2022-05-30T20:45:04Z |
| Autoscaling Kubernetes Deployments: A (Mostly) Practical Guide - Natalie Serrino, New Relic | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Autoscaling Kubernetes Deployments: A (Mostly) Practical Guide - Natalie Serrino, New Relic (Pixie team)Sizing a Kubernetes deployment can be tricky. How many pods should it have? How much CPU/memory is needed per pod? Is it better to use a small number of large pods or a large number of small pods? What’s the best way to ensure stable performance when the load on the application changes over time? Luckily for anyone asking these questions, Kubernetes provides rich, flexible options for autoscaling deployments. This session cover the following topics: - Factors to consider when sizing your Kubernetes application - Horizontal vs Vertical autoscaling - How, when, and why to use the Kubernetes custom metrics API - Practical demo: Autoscaling with application metrics from Prometheus, Linkerd, Pixie (request throughput/latency, number of shoes purchased in my web store) - Impractical demo: A Turing-complete autoscaler! | https://www.youtube.com/watch?v=n8t_hbchQcc | 2022-05-30T20:45:04Z |
| Working your Cluster: Smarter Scheduling Decisions for Your Work... Madalina Lazar & Denisio Togashi | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Working your Cluster: Smarter Scheduling Decisions for Your Workloads - Madalina Lazar & Denisio Togashi, IntelWhen deciding where to schedule your workloads, you have to consider more than just CPU and memory. Whether you are in 5G, AI/ML, HPC, or NFV, you have many more considerations to optimize your workloads. You may care about how busy the node is, how many GPU cards are attached, whether a minimal throughput is available, or whether the node is cooler than the temperature required for basic cooking. Fortunately, Kubernetes allows for extensions to its scheduling paradigm, which allows for new creative solutions going forward. Using these capabilities, we have created a way to use knowledge of your resources to impact your scheduling decisions. Telemetry Aware Scheduling and GPU Aware Scheduling, both open-source projects, enable you to use a variety of metrics in intelligent scheduling. In this talk, we will explain how to deploy and configure your system to handle your varied use cases. | https://www.youtube.com/watch?v=csg7ZQXQ5u8 | 2022-05-30T20:45:04Z |
| How Lombard Odier Deployed VPA to Increase Resource Usage Efficiency - Vincent Sevel | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.How Lombard Odier Deployed VPA to Increase Resource Usage Efficiency - Vincent Sevel, Lombard Odier SAContainer orchestrators have become the de-facto standard to deploy a wide variety of workloads. As the number of deployments increases, so is the pressure on resource usage, and hardware costs. Container runtimes and Kubernetes come with a set of tools that help make the most out of your infrastructure such as cgroups with resource usage limitation and prioritization, requests and limits on cpu and memory, quality of services. Even with those tools, it can be challenging to understand how they work, and how to use them. In this talk, the speaker will offer a review of the available mechanisms, how they map at the orchestrator and runtime levels, and introduce the Vertical Pod Autoscaler as a mean to optimize resource tuning at scale. He will share some of the lessons the company learned since starting this effort. And finally he will describe where they are in the deployment phase, and give some perspective on the direction where they are headed. | https://www.youtube.com/watch?v=eAAio3KFm6w | 2022-05-30T20:45:04Z |
| OSS Docs and How to Scale Them: Common Themes From the CNCF Ecosystem - Celeste Horgan, CNCF | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.OSS Docs and How to Scale Them: Common Themes From the CNCF Ecosystem - Celeste Horgan, CNCFThe first interaction new users have with an open source project is documentation. Documentation is a key adoption driver for open source projects, and the professionalism, completeness, and presentation of your documentation has a dramatic impact on how your project is perceived by potential users. How do you get your project’s docs to shine? How do you set your tooling up to support you as you grow? What metrics can we use to evaluate the quality of a project’s documentation? In this talk we use data from the CNCF’s documentation assessment service to give an overview of common issues we see with open source project’s documentation and how to resolve them. She breaks out these issues by project maturity and community size, and discusses how a given project’s documentation needs change as it grows. Finally, we discuss how projects can best get documentation done as they grow, based on what we’ve seen work in various CNCF project communities. | https://www.youtube.com/watch?v=rYq93ovFgXY | 2022-05-30T20:45:04Z |
| Good Governance Practices for CNCF Projects - Dawn Foster, VMware | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Good Governance Practices for CNCF Projects - Dawn Foster, VMwareToo many maintainers think they don’t need governance ... until something goes wrong. Undefined or inadequate governance results in a lack of transparency that causes confusion over how decisions are made, unrealistic expectations, and unresolved disagreements. The CNCF helps projects adopt good governance practices with a focus on fair and transparent governance from sandbox to incubating to graduated. This talk will cover * Why governance is important * Selecting an appropriate governance model * Templates with patterns that work well to bootstrap CNCF projects * The role of mission, values, and scope in setting expectations * Defining roles, responsibilities, processes, and procedures within your governance model * Contributor ladders to help people move into leadership positions * The governance pros and cons of contributing a project to the CNCF The audience will get practical advice about creating fair and neutral governance structures and processes for open source projects. | https://www.youtube.com/watch?v=x0tgEpIER1M | 2022-05-30T20:45:04Z |
| Deleted video | This video is unavailable. | https://www.youtube.com/watch?v=KI57lX3rM0w | 2022-05-30T20:45:04Z |
| The Risks of Single Maintainer Dependencies - John McBride, VMware | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.The Risks of Single Maintainer Dependencies - John McBride, VMwareJohn McBride is a single maintainer for Cobra; a Go command line bootstrapping library and core dependency for many CNCF projects, including Kubernetes, Helm, Etcd, Istio, Linkerd, and many more. John will discuss the challenges of being a single maintainer on such an important project, the lottery factor, the need for contributor community, and the secure software supply chain implications this has for the entire CNCF ecosystem. | https://www.youtube.com/watch?v=YBsDnXXW_d8 | 2022-05-30T20:45:04Z |
| Multi-cluster Failover Using Linkerd - Charles Pretzer, Buoyant, Inc. | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Multi-cluster Failover Using Linkerd - Charles Pretzer, Buoyant, Inc.Failover across clusters is a great way to improve the overall uptime and reliability of Kubernetes applications. While whole-cluster failover can be accomplished at the global ingress layer, failing over individual services is a little more difficult. During this hands-on tutorial, Charles Pretzer, Linkerd team member, will walk attendees through how to use Linkerd, the CNCF graduated service mesh, to enable traffic failover for individual services across clusters. Attendees will learn how to combine service mesh metrics, traffic shifting, and cross-cluster communication in a cohesive and automated way using pure open source, while preserving fundamental security guarantees such as mutual TLS. | https://www.youtube.com/watch?v=ieQ5eqd49BQ | 2022-05-30T20:45:04Z |
| Automated Progressive Delivery Using GitOps and Service Mesh - Yasen Simeonov & Henrik Blixt, Intuit | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Automated Progressive Delivery Using GitOps and Service Mesh - Yasen Simeonov & Henrik Blixt, IntuitIntuit is rolling out progressive delivery together with service mesh, using metrics from the mesh to automate analysis on the health of a new release. This is our next step towards more sophisticated techniques like AI/ML-driven analysis. As a FinTech Technology company with tens of millions of users and thousands of services, with many being very seasonal, we were facing a wide variety of service performance and traffic patterns that made patterning analysis templates challenging. This session discusses and demos how Intuit leverages Argo Rollouts in combination with Envoy and Service Mesh to provide automatic and declarative progressive delivery. Attendees will learn about the challenges we faced, our learnings and work we had to overcome those challenges Intuit has been heavily involved in building tools for progressive analysis with Argo Rollouts and we are now rolling this out at large scale together with service mesh. This is the story on how and what worked in production. | https://www.youtube.com/watch?v=5Ko-CnP2qhA | 2022-05-30T20:45:04Z |
| Prow! Leveraging Developer-Centric CI for Your OSS Project! - Nabarun Pal & Arsh Sharma | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Prow! Leveraging Developer-Centric CI for Your OSS Project! - Nabarun Pal, VMware & Arsh Sharma, OktetoProw is a CI system maintained by Kubernetes SIG Testing to test Kubernetes on Kubernetes. Prow is designed as a pluggable system of components and it can be used as a generic CI system. The robust architecture of Prow can lead to challenges in deploying it. In the talk, we will navigate the challenges faced when deploying and using Prow, including setting up the Prow control plane components, configuring access for GitHub repos, and enabling Prow plugins. Prow is used by large projects in the CNCF landscape like Kubernetes, Knative, cert-manager, Falco, to name a few. Even though a lot of these projects have deployed Prow successfully, it is a challenge to set up Prow. The talk will highlight the common pitfalls and gotchas that one will run into when deploying Prow. The talk would cover * A roundup of Prow Architecture * Cloud resources required for Prow and setting them up * Capabilities of Prow like running tests, using GitHub comments for interaction, auto merging pull requests. | https://www.youtube.com/watch?v=sdU-3cqiJmg | 2022-05-30T20:45:04Z |
| Public Technical Oversight Committee (TOC) Meeting - Moderated by Chris Aniszczyk | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Public Technical Oversight Committee (TOC) Meeting - Moderated by Chris Aniszczyk, CTO, The Linux Foundation | https://www.youtube.com/watch?v=BZ-CjfHRpCY | 2022-05-30T20:45:04Z |
| Kubernetes for Mac: How to Consume Shiny AWS Mac Shapes for iOS Builds - Madhuri Yechuri & Zach Gray | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Kubernetes for Mac: How to Consume Shiny AWS Mac Shapes for iOS Builds - Madhuri Yechuri, Elotl & Zach Gray, Flare.buildiOS builds have traditionally run on manually managed Mac servers sitting in brick and mortar data centers. Availability of Mac compute shapes on AWS presents a unique opportunity to move these builds into the cloud along with the ease of managing them via Kubernetes, thereby simplifying Operations. This talk describes Flare.build’s journey of evaluating manually-managed vs Kubernetes-managed Mac compute shapes on AWS, lessons learnt, and suggested best practices. | https://www.youtube.com/watch?v=LQOC8vI20eU | 2022-05-30T20:45:04Z |
| Effective Disaster Recovery: The Day We Deleted Production - Rick Spencer & Wojciech Kocjan | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Effective Disaster Recovery: The Day We Deleted Production - Rick Spencer & Wojciech Kocjan, InfluxDataImagine waking up to an sms, "we lost a cluster." On that day, with a one-line configuration change, we accidentally removed all of the compute from one of our busiest production clusters, causing a multi-hour outage. This presentation will cover the incident from the days leading up to it, to our full recovery, our customers' response to it, and how we implemented changes based on our learnings. It will go into detail about the configuration of our CI/CD pipeline, details about the specific change that caused the outage. Thankfully, we had a disaster recovery plan in place. We will discuss which parts of our disaster recovery plan worked, and critically, the few parts that didn't work. The session will cover a combination of technical and management content. | https://www.youtube.com/watch?v=xDGjmav8UBg | 2022-05-30T20:45:04Z |
| West Side CD: The Deployment Ballet Goes On - Benoit Moussaud, VMware Tanzu | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.West Side CD: The Deployment Ballet Goes On - Benoit Moussaud, VMware TanzuThe way to bring a new version into production has changed a lot in recent years. From a slow, manual, and uncontrolled processor it has become over time fast, automated, and versioned. The tools have evolved, changed, been modernized, or even containerized, but they have remained centralized. The new generation of solutions intends to reverse this point of view by relying no longer on orchestration but on choreography between the different stakeholders. This session shows the difference between these two concepts and how it applies to the CI/CD domain that has remained ultimately very centralized and old-school then describes an innovative solution, (cartographer.sh) based on the concept of supply chains. | https://www.youtube.com/watch?v=m0FjctG5uxU | 2022-05-30T20:45:04Z |
| Emissary-ingress: Intro and Deep Dive - Flynn, Luke Shumaker & Alice Wasko, Ambassador Labs | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Emissary-ingress: Intro and Deep Dive - Flynn, Luke Shumaker & Alice Wasko, Ambassador LabsEmissary-ingress, a CNCF Incubating project, is a self-service Kubernetes-native open-source API gateway and ingress controller built on the Envoy proxy -- but really, what does that mean? In this session, we'll give attendees an overview of why ingress controllers are necessary, how self-service developer workflows work for developers and for operations, and how Emissary-ingress can make all of this easier. We'll also look at current best practices around designing, managing, and evolving self-service APIs. We'll continue with a deeper dive into Emissary-ingress' evolution and future, notably including a discussion around plans for the upcoming getambassador.io/v3 API version, and - perhaps most importantly - how to get involved as a contributor or as a user who wants to offer feedback. This is a great opportunity to interact directly with the Emissary-ingress maintainers and make sure your voice is heard -- we're looking forward to your help as Emissary-ingress continues to grow and evolve! | https://www.youtube.com/watch?v=pukdE6TDP_c | 2022-05-30T20:45:04Z |
| Real World SPIFFE Scenarios and Outcomes - Andres Vega & Frederick Kautz, SPIFFE Steering Committee | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Real World SPIFFE Scenarios and Outcomes - Andres Vega & Frederick Kautz, SPIFFE Steering CommitteeSPIFFE aims to strengthen the identification of software components in a common way that can be leveraged across distributed systems by anyone, anywhere. The ability to maintain software security by standardizing how systems define, attest, and maintain software identity, regardless of where systems are deployed or who deploys those systems, confers many benefits. The use of SPIFFE can significantly reduce costs associated with the overhead of managing and issuing cryptographic identity documents and accelerate development by removing the need for developers to understand the complexity involved to secure service-to-service communication, but that is not the only outcome. Production identity can have a positive impact on many areas such as interoperability, compliance, audibility, and more. This presentation demonstrates the real world scenarios and outcomes of deploying SPIFFE across your infrastructure and also using it to bridge and integrate the infrastructure of others. | https://www.youtube.com/watch?v=YTmkh4UlnNA | 2022-05-30T20:45:04Z |
| Maintainers, Project Services and CNCF - Amye Scarvada Perrin & Jeffrey Sica, CNCF | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Maintainers, Project Services and CNCF - Amye Scarvada Perrin & Jeffrey Sica, Cloud Native Computing FoundationCurious about the support that CNCF provides for projects?Come join a conversation with Amye Scavarda Perrin, Director of Developer Programs, and Jeffrey Sica, Principal Developer Experience Engineer as they discuss options for projects, maintainers, and help answer questions from project maintainers about where to go for more resources. | https://www.youtube.com/watch?v=gAxCPqIDG9c | 2022-05-30T20:45:04Z |
| Kubernetes Event-driven Autoscaling with KEDA - Zbynek Roubalik & Jorge Turrado | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Kubernetes Event-driven Autoscaling with KEDA - Zbynek Roubalik, Red Hat & Jorge Turrado, Docplanner TechNowadays, the popularity of event-driven applications is rising, they enable us to design and develop scalable, distributed, and flexible systems. Kubernetes platform brings the distributed and flexible aspect, though it doesn't provide any built-in way to deal with event-driven scaling properly. Scaling based on CPU and/or memory usage doesn’t fit well with event-driven processes. The majority of autoscaling solutions are usually complex, and their scopes are too attached to a specific provider. KEDA came to solve these problems, providing a simple way to gather the metrics from external sources and translate them into Kubernetes metrics to drive the event-driven autoscaling. During this session, we will introduce KEDA: what it is, how it works, show it in action, and discuss future development. | https://www.youtube.com/watch?v=vDMLswzc9tI | 2022-05-30T20:45:04Z |
| Falco to Pluginfinity and Beyond - Leonardo Grasso & Jason Dellaluce, Sysdig | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Falco to Pluginfinity and Beyond - Leonardo Grasso & Jason Dellaluce, SysdigThis track will walk you through the astonishing things happening in Falco: a cloud-native runtime security project, the de facto Kubernetes threat detection engine. Two core maintainers, Jason and Leonardo, will give you a practical overview of Falco and its history but also updates on recently introduced features and the evolution of its ecosystem. This talk will deep dive into a new and very amazing feature introduced in Falco: the plugin system! Plugins are a game-changer, making Falco evolve to the next level: the all-in-one tool for cloud security and this maintainer track will show you how! | https://www.youtube.com/watch?v=tZI8Tzf1uzg | 2022-05-30T20:45:04Z |
| Create Your First CNCF Serverless Workflow Project with Kogito and Kna... Ricardo Zanini Fernandes | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Create Your First CNCF Serverless Workflow Project with Kogito and Knative - Ricardo Zanini Fernandes, Red Hat Serverless Workflow is a declarative workflow specification at CNCF for describing service orchestrations. Kogito is an open-source project by Red Hat and implements the Serverless Workflow Specification. In this session, you will learn in a live demo how to create your first CNFC Serverless Workflow project from the ground up with Kogito and how to deploy it on the Knative platform. Kogito is a developer-centric platform that can execute, test, and deploy workflows on Knative environments. The outcome is a REST microservice that can orchestrate other services and events. It is a perfect fit for an Event-Driven architecture and can integrate with Knative Eventing resources to solve complex business use cases. Kogito handles all the heavy lifting when deploying on Kubernetes by generating the resources necessary to deploy on Knative. After this session, you will be able to create a CNCF Serverless Workflow project, test it, and deploy it on Knative to be part of your architecture. | https://www.youtube.com/watch?v=yl6vK6TFRk4 | 2022-05-30T20:45:44Z |
| Trampoline Pods: Node to Admin PrivEsc Built Into Popular K8s Plat... Yuval Avrahami & Shaul Ben Hai | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Trampoline Pods: Node to Admin PrivEsc Built Into Popular K8s Platforms - Yuval Avrahami & Shaul Ben Hai, Palo Alto NetworksSecurity teams work to prevent the next container escape while attackers do the opposite. Inevitably, we sometimes lose this battle, but we can still win the fight! It's all about *containing* the next container escape - making sure a rogue node cannot take over the entire cluster. K8s has done a great job at de-privileging the node agent, the Kubelet, but nodes also host other credentials - their pods' service account tokens. Following an escape, the attacker can easily harvest and abuse tokens of neighboring pods.In this talk, Yuval and Shaul will introduce the concept of Trampoline Pods - pods so powerful that if their node goes rogue, it could launch devastating attacks against the cluster and in some cases completely take over it. Covering managed K8s services and common cluster add-ons, they'll reveal the trampoline pods installed by popular K8s platforms. They'll also demo exploits, discuss mitigations, and release rbac-police: a tool that detects trampoline pods and K8s privEscs. | https://www.youtube.com/watch?v=PGsJ4QTlKlQ | 2022-05-30T20:45:44Z |
| How Attackers Use Exposed Prometheus Server to Exploit... David de Torres Huerta & Miguel Hernández | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.How Attackers Use Exposed Prometheus Server to Exploit Kubernetes Clusters - David de Torres Huerta & Miguel Hernández, SysdigPrometheus has become the standard for monitoring Kubernetes services. It comes with a set of helpful exporters, and Kubernetes offers several metrics endpoints directly through the API. These features enable monitoring and troubleshooting of most situations that SREs face on a daily basis. But, what if an attacker accesses your Prometheus server? How much information can they get for fingerprinting the cluster? Kernel versions, IP addresses, instance types, library versions…the list goes on and on. In this session, you will learn how attackers use this information in the first part of reconnaissance, to see if you are vulnerable. The speakers will share - What secrets they collect to fingerprint your Kubernetes cluster (hint: they're not after your timeseries) - How to leverage this information internally to secure your cluster - How to prevent the exposition of sensitive information No matter how many safety best practices you apply, you must be aware of every link of the chain. | https://www.youtube.com/watch?v=5cbbm_L6n7w | 2022-05-30T20:45:44Z |
| The Hitchhiker's Guide to Pod Security - Lachlan Evenson, Microsoft | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.The Hitchhiker's Guide to Pod Security - Lachlan Evenson, MicrosoftWith the release of Kubernetes v1.23, Pod Security admission has now entered beta. Pod Security is a built-in admission controller that evaluates Pod specifications against a predefined set of Pod Security Standards and determines whether to admit or deny the pod from running. Pod Security is the successor to PodSecurityPolicy which was deprecated in the v1.21 release, and will be removed in Kubernetes v1.25. In this presentation I cover the key concepts of Pod Security along with how to use it walking through practical examples. Through education of this new security focused API I hope that cluster administrators and developers alike will use this new mechanism to enforce secure defaults for their workloads. | https://www.youtube.com/watch?v=gcz5VsvOYmI | 2022-05-30T20:45:44Z |
| containerd: Project Update and Deep Dive - Derek McGowan, Apple | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.containerd: Project Update and Deep Dive - Derek McGowan, AppleJoin containerd maintainers for an introduction and deep dive into the latest updates on containerd. With many exciting features currently in development, the upcoming release of container promises to deliver many new capabilities while retaining the stability containerd is known for amongst users. The deprecation of dockershim in Kubernetes has brought many new users to containerd along with greater need for documentation and tooling. We will cover how to get started and configure containerd for Kubernetes users. Additionally, nerdctl has filled a crucial usability gap for operators and developers coming to containerd. We will discuss how to make use of this important new containerd sub-project. | https://www.youtube.com/watch?v=USmJ33jG0F4 | 2022-05-30T20:45:44Z |
| Overview and State of Knative - Mauricio Salatino, VMware & Carlos Santana, IBM | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Overview and State of Knative - Mauricio Salatino, VMware & Carlos Santana, IBM As the most widely-adopted serverless platform on Kubernetes, Knative offers a simplified developer experience deploying and managing stateless and event-driven applications. In this session, we'll give attendees an overview of the Knative philosophy of being Kubernetes-native and working well with existing Kubernetes tools. Then we'll provide a demo of FaaS using Knative and conclude with a roadmap for what's next. Most importantly, we'll provide information on how you can get involved either as a contributor or end-user who wants to give feedback on its future direction. With its recent donation to the CNCF at the incubating level, there's never been a better time to get started with Knative. | https://www.youtube.com/watch?v=e5CbFDq-Jos | 2022-05-30T20:45:44Z |
| It’s All for the Users. More Durable, Secure, and Pluggable. KubeVirt v0.53 - Alice Frosi, Red Hat | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.It’s All for the Users. More Durable, Secure, and Pluggable. KubeVirt v0.53 - Alice Frosi, Red HatIf you liked KubeVirt before, you'll like it even better now, and if you ignored it before, it's time you tried it out. In the last year, KubeVirt has added numerous features, improving scalability, security, storage, network options, and usage for specialized hardware and edge applications. Join the KubeVirt contributors for a brief tour of what's new, including: - Additional traditional storage features for hotplug and snapshots - More mature high performance computing with SRIOV and vNUMA availability - Improved security with unprivileged VMs - Foundation for technical workstations using vGPU slicing - Don’t fear updates with mature Live Migrations - Improved automation with new like Argo CD and Tekton integrations - Rapid Kubernetes tenant cluster using ClusterAPI - On the verge to CNCF Incubator? We'll explain and even demo some of the new features. KubeVirt is going places, join our session to find out how it can help you go places too. | https://www.youtube.com/watch?v=L9H0pz5PpKo | 2022-05-30T20:45:44Z |
| Releasing Kubernetes Less Often and More Secure – The SIG Release Update | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Releasing Kubernetes Less Often and More Secure – The SIG Release Update - Adolfo García Veytia & Carlos Panato, Chainguard; Sascha Grunert, Red Hat; Stephen Augustus, CiscoThe Kubernetes Special Interest Group (SIG) Release is inviting you to join their project update at KubeCon! Adolfo, Carlos, Sascha and Stephen will speak about the latest changes to the SIG as well as its influence on the overall Kubernetes project. The session will cover how the SIG Release roadmap and vision maps to recent project development efforts, which enhancements to the general release process they’re currently working on, as well as the lessons learned from past release cycles. As part of that update, the Release Engineering subproject of SIG Release will speak about how the community hardens their software supply chain by driving towards full SLSA (Supply-chain Levels for Software Artifacts) compliance, including SBOM generation and container image signing. Do you wanna be part one of the largest Kubernetes SIGs? Then join this session to learn more about our latest efforts and how to contribute to them! Maintainers of other projects under the Kubernetes organization are strongly encouraged to attend this session to learn more about extending the SIG Release tools to their own releases. | https://www.youtube.com/watch?v=qhQYu077zZU | 2022-05-30T20:45:44Z |
| Keynote: Welcome + Opening Remarks - Priyanka Sharma, Executive Director, CNCF | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Keynote: Welcome + Opening Remarks - Priyanka Sharma, Executive Director, Cloud Native Computing Foundation | https://www.youtube.com/watch?v=XqEflGXlErA | 2022-05-31T06:31:09Z |
| SIG Auth Deep Dive - Margo Crawford, VMware & Mike Danese, Google | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.SIG Auth Deep Dive - Margo Crawford, VMware & Mike Danese, GoogleAfter a quick intro, this presentation will touch upon the current items the SIG is working on. These include the ongoing Pod Security effort, KMS encryption at rest observability and performance enhancements, structured configuration for authentication and authorization, reduction of legacy service account token attack surface area, certificate signing request duration control, etc. We will also discuss how to get involved with the SIG: https://docs.google.com/document/d/1sY8fRyRtk4eG9R439z5ao5i9bFuuxilS03XaNlqoni0 | https://www.youtube.com/watch?v=C3Ak35W55m0 | 2022-05-31T06:31:09Z |
| Scaling Databases with Vitess - Harshit Gangal & Manan Gupta, Planetscale | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Scaling Databases with Vitess - Harshit Gangal & Manan Gupta, PlanetscaleVitess is a cloud-native storage solution that provides horizontal scaling of MySQL. In this session we will cover the high level architecture and the feature set offered including the ease of database management. We will showcase its compatibility with the popular web framework Rails and will demo how to bring up Vitess with Rails using the Kubernetes operator. Realizing the need to scale out already running applications, we will also demonstrate how to scale out an existing database running on AWS RDS/Aurora using Vitess. | https://www.youtube.com/watch?v=HgSlmzC7O-E | 2022-05-31T06:31:09Z |
| Distributing Supply Chain Artifacts with OCI & ORAS Artifacts - Steve Lasker, Microsoft | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Distributing Supply Chain Artifacts with OCI & ORAS Artifacts - Steve Lasker, MicrosoftIn a world of continuous supply chain attacks, secure distribution matters more than ever. Your images are now signed, with systems bill of materials (SBOM) and frequent scan results. How will you consume them from public endpoints, promoting them across environments into private network environments where there's no external access? ORAS Artifacts lifts OCI Artifacts to the next level by enabling graphs of artifact relationships to be established. When you archive or delete any given container image, the related artifacts are archived or deleted as well, providing predictable lifecycle management. ORAS Artifacts enable you to build upon the hardened, performant, securely distributed registries you're already using. Come see how registries are evolving, enabling all your cloud-native artifacts to be distributed from the public registries to your private environments, wherever they may be. | https://www.youtube.com/watch?v=lT2ZMRJrQsU | 2022-05-31T06:31:09Z |
| Story of Correlation: Integrating Thanos Metrics with Observabi... Bartłomiej Płotka & Kemal Akkoyun | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Story of Correlation: Integrating Thanos Metrics with Observability Signals - Bartłomiej Płotka, Red Hat & Kemal Akkoyun, Polar SignalsThe CNCF Incubated Thanos project with the large open-source community continues to push boundaries regarding observability and monitoring using Prometheus-based metrics. Together with the Prometheus community, it improves the metric story for Kubernetes clusters and beyond. Things like improved performance, better scalability, debuggability, security, metrics backfilling and query QoS is only the tip of the iceberg. As we know, observability nowadays comes in many flavours. Bunching them together is not a trivial side, given many shapes and collection points. Aside from metrics, we have logs, traces or even continuous profiling. In this talk, Kemal and Bartek, Thanos maintainers, after a quick overview of Thanos, will explain how Thanos can be integrated with those non-metric observability signals. The audience will learn an example, end-to-end ways to correlate multiple observability backends with Thanos for enhanced observability and monitoring experience. | https://www.youtube.com/watch?v=rWFb01GW0mQ | 2022-05-31T06:31:09Z |
| Been There, Done That: Tales of Burnout from the Open Source W... Savitha Raghunathan & Divya Mohan | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Been There, Done That: Tales of Burnout from the Open Source World - Savitha Raghunathan, RedHat & Divya Mohan, SUSEStaying home has erased the line between work and life for many folks in the tech industry and around the world. Initially the extra commute time was utilized by many, including the speakers, for learning new tools, skills, and technologies. This boon eventually turned out to be a double-edged sword with overcommitting at or/and outside work leading to an overall feeling of overwhelming stress. In this talk, Divya & Savitha will share their own experience with overcommitting over the course of the pandemic and reflect on how they could have handled it better. At the end of the session, attendees will walk away knowing when to stop saying yes and how to draw their own boundaries thereby reclaiming their work-life balance. | https://www.youtube.com/watch?v=UIU8qZWL3Io | 2022-06-02T17:54:02Z |
| Deleted video | This video is unavailable. | https://www.youtube.com/watch?v=WL0__IyxNXo | 2022-06-03T21:56:33Z |
| Does Green Software need Open Hardware? - Hosted by Open Compute Project | Don’t miss out! Join us at our upcoming hybrid event: KubeCon + CloudNativeCon North America 2022 from October 24-28 in Detroit (and online!). Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.Does Green Software need Open Hardware? - Hosted by Open Compute Project - Moderator Cliff Grossner, Ph.D.; Kate Mulhall, Senior Cloud Software Engineering Manager, Intel , VP Market Intelligence, Open Compute Project (OCP) Foundation; Dinesh Marjrekar, DBy 2040 the communications technology sector it is expected to account for 14% of the world’scarbon footprint — up from about 1.5% in 2007, and in 2019, researchers at the University ofCambridge estimated that the energy needed to maintain the Bitcoin network surpassed that ofthe entire nation of Switzerland. Clearly this cannot continue and software needs to beevaluated by judging its performance on its energy efficiency as much as on traditionalparameters. On top of the software itself, is the IT infrastructure and data center facilities thatcan make a huge difference on the ecological impact of software workloads. This panel will lookat best practices and new technology directions that can change the current and dangerousecological impact curve implied by the digitization of society. | https://www.youtube.com/watch?v=E0MdTDtFi4M | 2022-06-04T12:29:56Z |
## GitOpsCon EU 2022
- [Youtube](https://www.youtube.com/playlist?list=PLj6h78yzYM2PTHsP7RhbRYBT_TDJz5x3M)
| Name | Description | Youtube url | Published At |
| ---------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------- | -------------------- |
| GitOps As a Journey - Dan Garfield, Codefresh; Scott Rigby, Weaveworks & Chris Short, AWS | What is GitOps and How to Get It Right - Dan Garfield, Codefresh; Scott Rigby, Weaveworks & Chris Short, AWSThe term "GitOps" goes back to Alexis Richardson's initial blogpost on operations by pull request but over time it became clear that GitOps was poorly understood. At the end of 2020, Amazon, Azure, Codefresh, Github, Redhat, and Weaveworks came together to start the GitOps Working Group. The goal was to work together and invite the community to collaborate on clear principles and definitions around GitOps. In this talk, two Open GitOps Co-Chairs will share how the principles were created, what they mean, and some common misunderstanding about what is and isn't GitOps. | https://www.youtube.com/watch?v=LQgsxT3SlN8 | 2022-05-17T22:36:06Z |
| Keynote: Everything as Code: Declarative Application Delivery with GitOps Wor... Christian Hernandez | Keynote: Everything as Code: Declarative Application Delivery with GitOps Workflows- Christian Hernandez, Red HatModern tools are a key component to building a successful application delivery framework based on the GitOps principles. Combining the advantages of Tekton, ArgoCD, and now StackRox open source projects, deliver security without compromising the quality or speed and encourage security, SRE, and application development teams to get declarative. Join us to see an example framework for what it means to really deliver everything as code. | https://www.youtube.com/watch?v=I7u-v53BW-o | 2022-05-17T22:36:06Z |
| 100,000 Different Ways to Manage Secrets in GitOps - Andrew Block, Red Hat | 100,000 Different Ways to Manage Secrets in GitOps - Andrew Block, Red HatAny GitOps implementation involves managing a wide range of resources. Sooner rather than later, there will become a need to manage sensitive assets, such as passwords or tokens. So, how can these types of assets be handled appropriately so that they are not visible in plain text when stored in a Git repository? Secrets management is a prevalent topic in the cloud native ecosystem and given its importance, tools and frameworks have been developed that can be applied to not only the content itself, but also within GitOps engines. Understanding where, how and when they can be used could make all the difference when employing proper security measures while implementing a GitOps solution. Attendees will learn: * Tools for detecting the presence of sensitive assets within Git repositories * Strategies for encrypting data at rest * Integrations with purpose built secrets management engines * How sensitive assets can be stored and used when working with public cloud providers * The mechanisms for which GitOps engines can aid in the management of sensitive resources Upon completion, attendees will no longer have an excuse to leave sensitive assets unprotected again! | https://www.youtube.com/watch?v=FVaaqP7_AJg | 2022-05-17T22:36:06Z |
| Organizing Teams for GitOps and Cloud Native Deployments - Sandeep Parikh, Google Cloud | Organizing Teams for GitOps and Cloud Native Deployments - Sandeep Parikh, Google CloudLarge scale Cloud Native deployments typically include multiple teams running multiple applications across multiple environments - but how should teams be organized to enable efficient software delivery? How should responsibilities be split between platform, DevOps, and application teams? In this talk we’ll walk through the different approaches teams can adopt for organizing Git repos, handling upstream dependencies, and managing software rollouts. This talk will go in-depth about repo structure and strategies for managing the release process, as well as how to enforce policies across configs and manifests. | https://www.youtube.com/watch?v=Kl4-f1d_viY | 2022-05-17T22:42:47Z |
| Lightning Talk: Hiding in Plain Sight - How Flux Decrypts Secrets - Somtochi Onyekwere, Weaveworks | Lightning Talk: Hiding in Plain Sight - How Flux Decrypts Secrets - Somtochi Onyekwere, WeaveworksGitOps has been all the rage of late and it requires you to store all your YAML files in Git. This works great for YAMLs containing non-sensitive information but it gets trickier for files that contain secrets even if the repository is secret. Anyone who has or gains access to your repository can access your secret, which could include database passwords and API keys. This talk explores how Flux, with the help of projects such as Mozilla SOPS and sealed secrets, lets you encrypt your secrets and then store them as files in Git. Then, it decrypts them for you and applies them to the cluster. Flux also lets you use key management systems (KMS) in the major cloud providers so you don’t have to create the secret containing your private key in the cluster. The talk will end with a showcase of this feature in Flux using live demos and practical examples. These tools and techniques will help users to benefit from GitOps with the added security that Flux brings. | https://www.youtube.com/watch?v=2rJur5VE6yA | 2022-05-17T22:42:47Z |
| Lightning Talk: Day 2 Has Arrived - How Carvel Suite and Cluster API Can Bring Gi... Pietro Terrizzi | Lightning Talk: Day 2 Has Arrived - How Carvel Suite and Cluster API Can Bring GitOps to Your Kubernetes Infrastructure - Pietro Terrizzi, CLASTIX srlKubernetes has emerged as the de-facto standard for cloud and container orchestration, thanks to its composability and extensibility; however, these positives don't come without a cost. While setting up a cluster as compositions of YAML manifests may seem like a challenge at hand, managing and upgrading a fleet across multiple environments and distributions could seriously become hell. In this talk, we will discover how to maintain and upgrade the state of an infrastructure deployed through the Cluster API, a Kubernetes SIG project based on kubeadm that aims to extend k8s core capabilities through a configuration-as-code. Then, we’ll see how this methodology can be empowered by the Carvel suite, a composable toolchain that makes use of a declarative and layered approach for application building, configuration and deployment, in order to reduce the toil of cluster day 2 operations. | https://www.youtube.com/watch?v=6kuEEsQFCOg | 2022-05-17T22:36:06Z |
| Intuitive Progressive Delivery Across Microservices in a Depe... Hari Kumar Rongali & Rohit Agrawal | Intuitive Progressive Delivery Across Microservices in a Dependency Graph Using Argo Rollouts. - Hari Kumar Rongali, Intuit & Rohit Agrawal, DataBricksProgressive Delivery as you all know is controlled deployments to minimize the risk associated with service updates. Organizations use tools like ArgoRollouts to achieve Progressive delivery for individual services. Progressive delivery across microservices with dependencies is a challenge that many companies are working to solve. In this session, We will demonstrate how to use Argo Rollouts in achieving progressive rollouts & automated rollbacks across microservices in a dependency graph using capabilities such as automated analysis & custom webhook notifications. We will also discuss how to use your current complex multi-service monitoring queries in analysis and automate the entire deployment flow across microservices. Another important capability that we will present is ‘dry runs’ that will enable users to identify and validate possible automated rollbacks in production without actually doing rollbacks. | https://www.youtube.com/watch?v=02y5q4Cc2Fs | 2022-05-17T22:36:06Z |
| Lightning Talk: GitOps and Progressive Delivery with Flagger, Istio and Flux - Marco Amador, Anova | Lightning Talk: GitOps and Progressive Delivery with Flagger, Istio and Flux - Marco Amador, AnovaOrganizations that use progressive delivery are able to ship new code faster, reduce risk, and continuously improve customer experience. Progressive delivery is an essential component of DevOps, and feature management is the primary way it works. In this talk, Marco Amador (Anova) will describe their journey into progressive delivery with some hands-on demos and explain why they've chosen progressive delivery on their multi-cluster and multi-region Kubernetes cluster. | https://www.youtube.com/watch?v=AKVfqn85ZJ4 | 2022-05-17T22:36:06Z |
| Applied GitOps with Argo CD Autopilot Using Multiple Clusters with an Appli... Hannah Grace Seligson | Applied GitOps with Argo CD Autopilot Using Multiple Clusters with an ApplicationSet - Hannah Grace Seligson, CodefreshUsing a GitOps controller, such as ArgoCD, to deploy applications allows you to deploy more often, execute rollbacks, and avoid configuration drift. However, what if you are an organization beginning to adopt GitOps and are new to Argo? What if you need to deploy hundreds of applications? Manage several clusters? How do you structure your directory? Or apply GitOps at scale for your organization? You can do all of this with Argo CD Autopilot, which provides an opinionated directory structure, allowing you to promote changes across environments with an ApplicationSet Controller for Argo CD applied by the Autopilot bootstrap. Autopilot enables organizations to simplify disaster recovery and quickly set up one-off environments or easily promote changes by leveraging GitOps. This tool works well for teams that are new to Argo CD but want to enable the ApplicationSet's automation and templating abilities to create, modify, and manage multiple applications simultaneously while also targeting numerous clusters with a no-brainer directory structure. | https://www.youtube.com/watch?v=r3k2qI2NDsA | 2022-05-17T22:42:47Z |
| Lightning Talk: GitOps, A Slightly Realistic Situation on Kuberne... Laurent Grangeau & Ludovic Piot | Lightning Talk: GitOps, A Slightly Realistic Situation on Kubernetes with Flux - Laurent Grangeau, Google & Ludovic Piot, theGarageBandOfITYou're tired of talks that deploy hello-worlds to demonstrate the relevance of the younameit tool. That's good news: what we're interested in is trying out a slightly realistic DevSecOps situation. So we're going to build a step-by-step enterprise scenario where devs and ops collaborate on a daily basis around a GitOps workflow based on Kubernetes and Flux. The dev teams deploy / update / rollback Pokémon WebApps using Kustomize and/or Helm charts. On the Ops side, we take care of the platform's security issues by implementing Kyverno: segregation of team rights, WebApps network flows and control of activities on the cluster. And we monitor everything via Prometheus and Grafana. Finally, we will see how to articulate upgrade and configuration while respecting the blue/green pattern and canary deployment, thanks to Istio. At the end of this hands-on, you may have discovered some technologies. But above all you will have seen how to implement them in a dev-to-prod process that resembles a real case. | https://www.youtube.com/watch?v=uU-zbTgbHPI | 2022-05-17T22:36:06Z |
| When GitOps Meets UX - Cansu Kavili Örnek & Angels Dimitri Gutierrez, Red Hat | When GitOps Meets UX - Cansu Kavili Örnek & Angels Dimitri Gutierrez, Red HatWe had the ambition to create a sustainable platform to support development, lower the cognitive load of onboarding new applications and teams, and increase the products' visibility while giving developers the freedom to experiment. Sounds like a lot of work, right? Yet GitOps provided us fast and fine solutions for processes like self-service or onboarding! But that required some design considerations and a strong relationship between platform and developers. And that's where UX comes in!Join us to talk about how to combine tech and UX practices to bring the best out of GitOps and create a state-of-the-art platform focusing on DevEx! Together we’ll address questions like:*What are the benefits of working techies and UX together?*How can we validate the ideas and merge them with devs feedback to create platform features and implement them through GitOps?*How to simplify GitOps and make it accessible?*How can we empower devs to own the approach and encourage them to contribute? | https://www.youtube.com/watch?v=o0LiBEecJVE | 2022-05-17T22:36:06Z |
| Crossing the Divide: How GitOps Brought AppDev & Platform Teams Together! - Priyanka "Pinky" Ravi | Crossing the Divide: How GitOps Brought AppDev & Platform Teams Together! - Priyanka "Pinky" Ravi, WeaveworksPriyanka, now at Weaveworks, and Russ, her former colleague at State Farm will share their varied experiences of application change management and how they updated their process to follow the GitOps methodology. Together, they will emphasize the benefits of adopting GitOps by commiserating on the elaborate difficulties and contorted solutions of earlier alternative deployment strategies. Priyanka and Russ come from different sides of the Application / Platform development team divide, and each bring their own historical context and separate understanding of how a deployment system should function! Be prepared to hear horror stories and tales about those systems that should never be told, about the worst solutions that should never have been built, and problems that should never have needed to be solved - and what it looks like on the other side. | https://www.youtube.com/watch?v=0jNtDnWT3yo | 2022-05-17T22:36:06Z |
| Infrastructure as Software with GitOps - Justin Garrison, Amazon | Infrastructure as Software with GitOps - Justin Garrison, AmazonThe cloud has enabled abstractions and automation, but Infrastructure as Code (IaC) doesn't scale. You can use declarative YAML or imperative scripts and still lose control. Infrastructure as Software (IaS) allows you to control and scale infrastructure with the same practices as applications. GitOps is an implementation of IaS with lots of benefits over IaC. We'll look at how it's different, when you should use it, and where it potentially breaks down. | https://www.youtube.com/watch?v=hULomz2FU40 | 2022-05-17T22:36:06Z |
| CTA | How to Get involved + Project Update - What's Next - Dan Garfield, Scott Rigby & Chris Short | CTA | How to Get involved + Project Update - What's Next- Dan Garfield, Codefresh; Scott Rigby, Weaveworks & Chris Short, AWS | https://www.youtube.com/watch?v=0zDzH6KRHMs | 2022-05-17T22:36:06Z |
| Infra-like-apps - GitOpsifying Cloud Natively Managed Infrastructure with... Al-Hussein Hameed Jasim | Infra-like-apps - GitOpsifying Cloud Natively Managed Infrastructure with Crossplane and Argo CD - Al-Hussein Hameed Jasim | https://www.youtube.com/watch?v=epoTCI4pqdE | 2022-05-18T16:20:37Z |
| Pipelines and the Multiverse of Madness - Christian Hernandez & Hilliary Lipsig, Red Hat | Pipelines and the Multiverse of Madness - Christian Hernandez & Hilliary Lipsig, Red HatGone are the days of daisy chaining Jenkins Jobs together. With modern CI/CD tools pipelines are the new high ways. But unlike a driving a car, which you can only take down one road at a time. CI/CD pipleines have the power to run concurrent processes, across multiple lanes, to get to the same destination: Code in production, fast, reliably, and automatically. Join us for a review of Pipelines, CI/CD, and how to leverage tools to get jobs done with your GitOps workflows. | https://www.youtube.com/watch?v=hvBbMZ5Vcu8 | 2022-05-18T22:18:27Z |
| GitOps Everything!? We Sure Can!, Ayelet de-Roos, AppsFlyer | GitOps Everything!? We Sure Can!, Ayelet de-Roos, AppsFlyerUsually when developers mention GitOps, it is to describe yet another continuous delivery mechanism for their (micro-)services. There are developers that to some extent apply it to their infrastructure, but can it describe both? Can you also apply it to your SaaS solutions? At Appsflyer, with an architecture of over 850 micro-services, thousands of cloud resources and dozens of SaaS integrations, we strive to automate them all using GitOps workflow. In this talk, Ayelet de-Roos will present how AppsFlyer applies Terraform with GitOps to automate everything, how AppsFlyer keeps its deployables safe and easy to manage with Flux CD, how AppsFlyer identifies drifts in non-Kubernetes environments, and how to enforce company standards and policies using Open Policy Agent. | https://www.youtube.com/watch?v=qGQyGuoS5Ds | 2022-05-18T22:18:27Z |
| Managing Thousands of Clusters and Their Workloads with Flux - Max Jonas Werner, D2iQ | Managing Thousands of Clusters and Their Workloads with Flux - Max Jonas Werner, D2iQWith Kubernetes becoming more and more popular, so is managing clusters at scale. Applying GitOps principles with Flux simplifies provisioning clusters and managing workloads deployed onto them, including tenant and RBAC management. In this session I will demonstre a best practice approach towards GitOps with a management cluster handling the provisioning and further maintenance of clusters, tenants and workloads, employing the CNCF projects Flux, OPA Gatekeeper and the Kubernetes Cluster API sub-project. The benefits of such an approach are: * It creates a simplified way to declaratively define thousands of clusters and perform operations on those clusters * Makes it easy to have a multi-tenancy approach where each team or group of applications gets their own cluster or individual namespace on a certain cluster * Operations against clusters are fully audited and attributable, as reverting changes is hard. | https://www.youtube.com/watch?v=Xei2ZcEg5B0 | 2022-05-18T22:18:27Z |
| Solving Environment Promotion with Flux - Sam Tavakoli & Adelina Simion, Form3 | Solving Environment Promotion with Flux - Sam Tavakoli & Adelina Simion, Form3Without a doubt, Flux is now one of the most popular tools for GitOps. Form3 have been using Flux extensively for PR based operations of our Kubernetes clusters, which has resulted in a great developer experience for their growing engineering teams. However, Flux Kustomize overlays have proven insufficient for Form3's complex business needs, which involve multi-cloud workloads and controlled releases between environments. As a result, the Tooling team at Form3 have written their own tool, k8s-promoter. It automates the promotion of workloads by creating pull requests which copy manifests to the target cluster. Then, Flux reconciles manifests from the directory structure and correctly promotes workloads. This talk will cover: - How the typical commit/deploy flow at Form3 looks, as well as how they use GitOps - Why the tooling Team have decided to use promotion via duplication - Architecture and design details of k8s-promoter - A demo of the deploy flow using k8s-promoter - Lessons learned and future improvements for the project Join this talk to learn from the journey of solving the problem of environment promotion at Form3! | https://www.youtube.com/watch?v=gqs4mVppn1Q | 2022-05-18T22:18:27Z |
| Creating A Landlord for Multi-tenant K8s Using Flux, Gatekeeper, Helm, and Friends - Michael Irwin | Creating A Landlord for Multi-tenant K8s Using Flux, Gatekeeper, Helm, and Friends - Michael Irwin, DockerSupporting multi-tenant environments in Kubernetes is easy, right? (insert laugh here) Well, it can be. But, it takes organization, structure, and proper policy enforcement.At Virginia Tech, I helped build a "Common Application Platform" that gives each tenant its own manifest repo and deploys those manifests into isolated namespaces using Flux. By leveraging Gatekeeper and Karpenter, we can properly isolate workloads into node pools and ensure tenants don't step on each other's toes. And best of all, our tenant config is in a simple Helm chart that we call "the landlord."In this talk, we'll dive into how we've built the landlord, the various policies and mutations we're using, and how it works... all with the intent that you can build your own platform too! We'll have live demos and even try to break a thing or two! | https://www.youtube.com/watch?v=agsnktpIxzU | 2022-05-18T22:18:27Z |
| Lightning Talk: A Practitioners Guide to GitOps - Introduction, Principles, and Im... Thomas Schuetz | Lightning Talk: A Practitioners Guide to GitOps - Introduction, Principles, and Implementation in Keptn - Thomas Schuetz, Dynatrace Not so long ago, we had to remember lots of commands and their execution order to configure systems and infrastructure. With the rise of Kubernetes and Infrastructure-as-Code, we learned that it's easier to declare the desired state of systems and let other tools bring our intentions to the system. Finally, Git can be our best friend when it comes to storing and versioning our configuration.To put it to practice we look at one specific GitOps implementation approach from the CNCF Sandbox Project Keptn. Together we walk through declaring the desired state for application delivery in Git, see how the GitOps operator translates that definition into tasks and how those tasks get executed by various tools to bring the desired state to life. | https://www.youtube.com/watch?v=n3E5o3SG51A | 2022-05-18T22:18:27Z |
| Implementing Preview Environments with GitOps in Kubernetes - François Le Pape, Remazing | Implementing Preview Environments with GitOps in Kubernetes - François Le Pape, RemazingImplementing Preview Environments with GitOps in Kubernetes: how to spin up ephemeral environments on the fly at each Pull-requests for the delight of your team. Have you ever experienced a delayed-release because your Staging environment was broken by another feature? Ending up merging a non-production tested Hotfix branch to your Main branch? Preview environments are an answer to increasing velocity inside your team. Kubernetes combined with GitOps allow you to quickly create and destroy resources along with keeping a clear code history and infrastructure changes in Git. Using Bitbucket Pipelines for Continuous Integration and ArgoCD for declarative Continuous Delivery, we will go through different challenges you can encounter to deploy Preview environments such as Secrets management with Sealed Secrets, splitting repositories, and clearing resources to prevent further costs. | https://www.youtube.com/watch?v=QNAiIJRIVWA | 2022-05-18T22:18:27Z |
| Lightning Talk: Taming the Thundering Gitops Herd with Update... Joaquim Rocha & Iago López Galeiras | Lightning Talk: Taming the Thundering Gitops Herd with Update Policies - Joaquim Rocha & Iago López Galeiras, Microsoftgitops in Kubernetes is a simple but powerful workflow: declare the deployments' desired state in git and an agent (often Flux) should pick it up and reflect the state in the cluster automatically. However, this approach allows for the propagation of issues by "broken" versions of software, which could be avoided with a progressive rollout and enforcement of policies around those. In this talk we propose the use of an update and policy manager – Nebraska – as a complement to gitops. Nebraska allows to set up policies to be met for granting updates, and aggregates the data about update statuses. The integration is accomplished using a new Nebraska Update Agent (NUA), which controls Flux itself, automatically reports statuses, and has a minimal impact to the gitops users’ workflows. With NUA and flux, users can manage new deployment rollouts in a more controlled way, by defining policies for updates, for example: update just one cluster at a time and halt all updates if one cluster fails to update; update cluster only during certain hours; see a global view of the updates’ statuses and drill down to any error reports. Hence, tying gitops and policy-based updates in Kubernetes. | https://www.youtube.com/watch?v=20f6yYK-RWM | 2022-05-18T22:18:27Z |
| Lightning Talk: How Intuit Enables GitOps at Scale For All Its Developers - Omer Azmon, Intuit | Lightning Talk: How Intuit Enables GitOps at Scale For All Its Developers - Omer Azmon, IntuitThis is the story of how we at Intuit learned what it really takes to enable our front-end, back-end, and AI developers – all our developers – to rapidly create, update, and dispose of applications. Our learning from building such a GitOps on-boarding/asset-management system include: * What are the independent personas whose needs must be addressed by any such system, and how to resolve their disparate needs. * What are and how to handle the overlapping needs of the assortment of application types: service, serverless, UI, ML, etc.. * Why is updating and cleanup harder than onboarding * Why workflows, orchestration, and even traditional choreography can't handle the variability of such a system, and what we did about it. * How to avoid flurries of PRs. * What happens when a developer can rapidly standup an asset and abandon when not needed like cattle, including build, deploy, persistence, everything * Why is it impossible for one team to develop this alone, and how to make it possible to deliver such a system. We hope that you will find the needs common and join us in building an open source community based on our proven tools. | https://www.youtube.com/watch?v=ohx2rdjpFA0 | 2022-05-18T22:18:27Z |
| GitOps Based Infrastructure as Code with Rancher Fleet and Crossplane - Hossein Salahi, Liquid Reply | GitOps Based Infrastructure as Code with Rancher Fleet and Crossplane - Hossein Salahi, Liquid ReplyWith more demand for deploying at scale, we need a new concept for multi-cluster management. The majority of current multi-cluster and multi-cloud management solutions are missing a unified control plane not only to manage Kubernetes cluster life cycle (vanilla or managed), but also application deployment, security policies enforcement (e.g., RBAC, network policies, etc.). By using GitOps patterns we can solve most of the above-mentioned challenges. Fleet is the next generation of cluster management tooling and uses Kubernetes Custom Resource Definitions (CRDs) to manage GitOps at scale up to deployments of thousands of clusters. Crossplane, on the other hand is a cloud control plane that transforms Kubernetes API into an interface to the public or private cloud providers. The Crossplane fits really well into the Gitops realm, since it allows declarative specifications of cloud services that are stored in a git repository for GitOps tools to pull from it. | https://www.youtube.com/watch?v=kD5onzZBXj4 | 2022-05-18T22:18:27Z |
| We Have Always Done It This Way! Now Let’s Try Something Completely Different -Eliran Bivas | We Have Always Done It This Way! Now Let’s Try Something Completely Different -Eliran Bivas, AppsFlyerAt Appsflyer, we have 400 engineers that write software in several programming languages and with an architecture of over 850 micro-services, thousands of cloud resources and dozens of SaaS integrations. We felt a change was needed. Can GitOps be that change? In this talk, Eliran Bivas, AppsFlyer's Cloud Native Leader, will present the challenges the department faced and still faces when adopting GitOps practices. How AppsFlyer’s Engineering Platform organization changed, how AppsFlyer uncovered the unknowns, and how AppsFlyer educated its Platform Group, and later the entire R&D organization to practice GitOps. | https://www.youtube.com/watch?v=es5ngkzJDEc | 2022-05-18T22:18:27Z |
| Lightning Talk: Exploring HashiCorp Vault and ArgoCD - the GitOps Way - Tracy P Holmes, Codefresh | Lightning Talk: Exploring HashiCorp Vault and ArgoCD - the GitOps Way - Tracy P Holmes, CodefreshA big topic in GitOps that isn't really discussed enough is proper GitOps secrets management and just how serious of an issue it can be in a cloud-native aspect. While normalized usage of Bitnami Sealed Secrets is typically explored, but not much is seen around using HashiCorp Vault. Especially as it pertains to using Vault with Argo Project's continuous delivery tool Argo CD. What exactly is HashiCorp Vault? HashiCorp Vault is a secrets management tool created primarily to control access to sensitive credentials in a low-trust environment. It can be used to manage secrets, encryption as a service, and privileged access. This talk will explore integrating HashiCorp Vault with Argo CD, any pros and cons, and (hopefully) what ended up working for Tracy and her sensitive credentials. Note: A shorter version of this talk was presented at HashiTalks 2022. However, the intent is to go more in-depth with exploration and findings while attempting the integration. | https://www.youtube.com/watch?v=2camnnjyviw | 2022-05-18T22:19:54Z |
## Cloud Native SecurityCon EU 2022
- [Youtube](https://www.youtube.com/playlist?list=PLj6h78yzYM2P3qs7Y_QPD4uCgQ4Krsgb3)
| Name | Description | Youtube url | Published At |
| ---------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------- | -------------------- |
| Opening and Introductions- V Körbes, VMware | Opening and Introductions- V Körbes, VMware | https://www.youtube.com/watch?v=TwUDy4u7MJ8 | 2022-05-16T22:40:52Z |
| Keynote: DevSecOps and the Art of Not Ending Up On the Front Page- Fabio Rapposelli, VMware Tanzu | Keynote: DevSecOps and the Art of Not Ending Up On the Front Page- Fabio Rapposelli, VMware TanzuDevSecOps is the seamless and transparent integration of security into emerging agile IT and DevOps development. Ideally, this is accomplished without reducing developers' agility or speed or requiring them to leave their development toolchain environment. The SolarWinds Supply-Chain Attack is one of the most dangerous in recent memory. The malware was distributed as part of an update and was digitally signed by a valid digital certificate containing the company's name. The software bill of materials (SBOM) is gaining new attention and notoriety in the aftermath of SolarWinds. Requiring SBOMs for all software entering your pipeline has become common sense. And in some cases it’s a mandate. For example, Executive Order 14028 requires an SBOM for all federal software procurements in the United States.At the moment, less than half of companies create SBOMs for their software, and accountability for SBOMs appears to be lost in a rush to deliver new software. Understanding which components are included in applications is critical for proactive vulnerability management. The SBOM is a versatile and adaptable approach that can be easily tailored to specific use cases. What should you put in SBOMs for software applications that your company makes, buys, or consumes? | https://www.youtube.com/watch?v=SSlise4jILY | 2022-05-16T22:40:52Z |
| Fuzzing the CNCF Landscape - Adam Korczynski & David Korczynski, Ada Logics | Fuzzing the CNCF Landscape - Adam Korczynski & David Korczynski, Ada LogicsThis talk presents Adam’s and David’s experience with fuzzing more than ten projects in the CNCF landscape over the last year resulting in more than hundred bugs filed and fixed. For each of the projects, the goal was to integrate fuzzing such that the project would be continuously fuzzed by the free fuzzing service OSS-Fuzz. The projects which will be discussed in the talk include Kubernetes, Argo, Etcd, Containerd, Vitess, Linkerd2-proxy, runc, Flux and more. In this talk Adam and David will present a holistic view on this CNCF fuzzing experience and the focus will be on the technical challenges and results. | https://www.youtube.com/watch?v=zIyIZxAZLzo | 2022-05-16T22:40:52Z |
| Dissecting the Discovery of the 0-Day Supply Chain Vulnerability in Argo CD - Moshe Zioni, Apiiro | Dissecting the Discovery of the 0-Day Supply Chain Vulnerability in Argo CD - Moshe Zioni, ApiiroThe Security Researcher who discovered the 0-day vulnerability in Argo CD (CVE-2022-24348) will walk through the details of the vulnerability and the process that led to the finding. The discussion will include a deep-dive into: * How an attacker could circumvent Argo CD’s defenses to exploit the vulnerability and steal sensitive information * Remediation steps, and * Why the vulnerability matters to the ecosystem. | https://www.youtube.com/watch?v=Bjo7SEGAAhk | 2022-05-16T22:40:52Z |
| CTF Overview and Experience - Lewis Denham-Parry, Control Plane | CTF Overview and Experience - Lewis Denham-Parry, Control PlanePrepare yourself for tomorrow's CTF event with a warm-up session based on introductory SecurityCon CTF events. All experience levels are welcome!Learn how to engage with confounding container breakouts, confusing Kubernetes misconfigurations, and the art of engaging with CTF events to prepare yourself for the high-flying no-holds-barred super-inverted gravity-defying capture the flag event at SecurityCon tomorrow! | https://www.youtube.com/watch?v=YVlQS90SdaA | 2022-05-16T22:40:52Z |
| Security Champions: The What, Why, and How - Ann Marie Fred, Red Hat | Security Champions: The What, Why, and How - Ann Marie Fred, Red HatKnown vulnerabilities are a fact of life, especially with open source software. Cyber Security Intelligence tracked over 18,000 CVEs and at least 66 Zero-Day Vulnerabilities in 2021. According to the Sonatype 2020 DevSecOps Community Survey, 24% of organizations surveyed revealed a breach within one of their web applications in the prior 12 months. The average cost of a data breach was $4.24 million, according to the IBM 2021 Cost of a Data Breach Report. The only way to keep up with the fast pace and demands of cybersecurity today is to scale up the security expertise of your technical workforce. This talk explains why setting up a Security Champions program is such an important part of an overall cybersecurity strategy. Then it goes into detail on how to get your own Security Champions program running, the realistic costs of such a program, and what benefits you can expect from it. | https://www.youtube.com/watch?v=baudGw99ges | 2022-05-16T22:40:52Z |
| Protect the Pipe! A Policy-based Approach for Securing CI/CD Pipe... Shripad Nadgowda & Jim Bugwadia | Protect the Pipe! A Policy-based Approach for Securing CI/CD Pipelines - Shripad Nadgowda, IBM Research & Jim Bugwadia, NirmataModern applications are composed of hundreds of packages and delivered to production via automated CI/CD pipelines. With rapid delivery comes the growing risk of attacks, vulnerabilities, and misconfigurations. Protecting these critical assets requires policy-based controls for CI/CD pipeline composition, configurations and execution. In this session, Shripad and Jim will present a cloud-native security framework for Tekton pipelines using in-toto, Kyverno and sigstore. They will discuss the unique security challenges for CI/CD pipelines, and then demonstrate the use of open-source tools to attest and verify each pipeline resource and execution step using declarative policies. | https://www.youtube.com/watch?v=zVkumUImIao | 2022-05-16T22:40:52Z |
| TUF Maintainer Panel Discussion | TUF Maintainer Panel Discussion - Moderated by Andrew Krug, Datadog; Asra Ali, Google; Marina Moore, NYU; Trishank Karthik Kuppusamy, Datadog; & Jussi Kukkonen, VMwareJoin us for a panel discussion with maintainers from across The Update Framework’s projects to learn about new and upcoming TUF integrations and enhancements. The TUF specification provides compromise resilient security for software update and distribution. It has implementations in python, go, and rust that have been used in production by organizations like Datadog, AWS BottleRocket, Google Fuchsia, and Sigstore. Panelists will provide insight into the state of the project, how TUF can be used to improve supply chain security, and behind the scenes perspectives on integrations with Sigstore and PyPI. The panelists will also speak on unique challenges around maintenance, vulnerability disclosure and consumption of an open source project with multiple implementations. | https://www.youtube.com/watch?v=MCTKc8mke8o | 2022-05-16T22:40:52Z |
| Lightning Talks: Detecting Data Exfiltration on the Edge with Pixie - Zain Asgar, New Relic | Lightning Talks: Detecting Data Exfiltration on the Edge with Pixie - Zain Asgar, New RelicDetecting data exfiltration in your Kubernetes cluster is important but hard. Capturing the right data, especially encrypted data, in order to perform the analysis can be a hassle. Additionally, it can be a non-starter to export sensitive requests outside of the cluster to perform this analysis. In this lightning talk, you’ll learn how Pixie (an open source, CNCF sandbox project), can be applied to attack this problem. Pixie’s auto-telemetry, in-cluster edge compute, and scriptability make it a powerful tool for anyone looking to identify data exfiltration attacks in their cluster. We’ll show a demo which will also be open source for attendees to reference later. | https://www.youtube.com/watch?v=bzZW4JEOE-0 | 2022-05-16T22:40:52Z |
| Lightning Talk: What’s Inside Your Container Image? How to Audit All the Dependencies... Steve Judd | Lightning Talk: What’s Inside Your Container Image? How to Audit All the Dependencies in Your software Supply-Chain. - Steve Judd, JetstackThis year has seen much focus on software supply chains and how organisations can move towards a zero trust approach, especially with regards to the 3rd-party artefacts they depend on. Yet a security gap still exists that is preventing organisations from knowing the provenance of their 3rd party software components. This is because the vast majority of build systems (both cloud-hosted and on-premise) do not directly provide the features necessary to achieve even the minimum SLSA Levels. This talk will describe how Jetstack worked with Improbable Defence to design and implement a framework to evaluate all the Images in use across all environments, and seamlessly map each one to known associated vulnerabilities and open-source licences. Assessing Images in this manner has allowed Improbable Defence to keep an accurate inventory and implement admission policies to prevent Images that don’t meet their risk posture from being used. The result is a fine-grained operational security framework which profiles the provenance of each 3rd party component and builds a comprehensive security posture across the supply chain. | https://www.youtube.com/watch?v=-lpy3Ze8aEc | 2022-05-16T22:40:52Z |
| Using CNCF Best Practices for Software Supply Chain to Guide and Enha... Ryan Gibbons & Conor Rogers | Using CNCF Best Practices for Software Supply Chain to Guide and Enhance Your Security Posture - Ryan Gibbons, 3m & Conor Rogers, StelligentIn this presentation the 3M team will describe how CNCF best practices were used to inform requirements for secure software development capabilities throughout the 3M software supply chain and our journey to improve the code security posture. The team will describe how CNCF best practices were used to evangelize an improved security policy and inform Security, Legal, Risk and Delivery Management functions. Using the CNCF best practices the 3M team will tell the story of how these best practices were used to enhance policy, process, procedure and build across the Software Development Lifecycle. We will tell our story of Securing The Software Supply Chain with a particular emphasis on Opensource Components and we will share how our efforts to date have helped the organization to respond to and prepare for Supply Chain Attacks and vulnerabilities such as Log4J. Finally we will hope to help the community on accelerating their journey to the standards based SBOM (Software Bill Of Materials). | https://www.youtube.com/watch?v=-Sfv83CsCao | 2022-05-16T22:40:52Z |
| The Unexpected Demise of Open Source Libraries - Liran Tal, Synk | The Unexpected Demise of Open Source Libraries - Liran Tal, SynkHello there dear developer building your app on open source dependencies. Oh wait, did you think open source code lives forever? Think again! Did you hear about the maintainer discontinuing a library despite having tens of millions of downloads? What about a maintainer who intentionally introduced code to break the functionality of his package which receives millions of downloads? So, did you ever wonder why dependencies die? Join me on a journey full of humor and horror across real-world incidents to learn how even the mightiest of open source projects got defeated. What can we learn from past incidents on the continuous struggles of open source software sustainability, maintainer burnout, and how it impacts us. | https://www.youtube.com/watch?v=XD43KJx15GY | 2022-05-16T22:40:52Z |
| Co-Chair Update- Ragashree MC [Program Committee Member] | Co-Chair Update- Ragashree MC [Program Committee Member] | https://www.youtube.com/watch?v=2ZyUViQZRCw | 2022-05-17T20:36:17Z |
| Keynote: Why Wait? Find Cloud Risks and Threats in Real Time with Stream Detection - Loris Degioanni | Keynote: Why Wait? Find Cloud Risks and Threats in Real Time with Stream Detection- Loris Degioanni, SysdigCloud service providers offer cost-effective and efficient collection and storage of cloud logs, which is a rich source of data for devops and security teams. Copying logs out of the cloud to query them later is expensive and complex to manage. With stream detection you can find risks and threats in real time and fix issues faster while saving time and money.Loris will share how you can utilize Falco's real-time telemetry in your cloud-native environment to enable smarter alerts faster and stay ahead of bad actors and malicious attacks. | https://www.youtube.com/watch?v=xHnGWwkiRyM | 2022-05-17T20:36:17Z |
| Keynote: Evolutions in data privacy: threats and opportunities -Kirsten A. Newcomer, Red Hat | Keynote: Evolutions in data privacy: threats and opportunities -Kirsten A. Newcomer, Red HatEncryption is key for data confidentiality in cloud native solutions. This talk will focus on the future of encryption to ensure confidentiality while also enabling collaboration across data sets to advance solutions in areas such as health care. We’ll take a look at the opportunities that homomorphic encryption offers as well as the likely impact of post-quantum cryptography on securing data on cloud-native platforms and applications. | https://www.youtube.com/watch?v=z4c8GW9E7cI | 2022-05-17T20:36:17Z |
| Vanquishing Vulnerabilities in Valencia - Alba Ferri Fitó, Sysdig & Eric Smalling, Synk | Vanquishing Vulnerabilities in Valencia - Alba Ferri Fitó, Sysdig & Eric Smalling, SynkThe infamous Log4Shell vulnerability took us all by surprise right as we were preparing to take our end-of-year vacations! Will there be another massive vulnerability to deal with this year? It’s very possible, but you can be ready for it! Join us to learn how you can prepare your organization for the next critical CVE and make it harder for attackers to leverage it against you. From the developers’ shell to runtime in production, there are many tools and practices you can put in place today that can mitigate and detect would-be attackers and make their lives harder. Topics will include container image construction and scanning, policy enforcement, controlling network traffic, safer runtime configurations, and monitoring runtime behavior. This session will include live demonstrations of the log4shell remote code exploit and how effective the techniques presented can be against attacks on it. | https://www.youtube.com/watch?v=aK-mlDm_yRE | 2022-05-17T20:36:17Z |
| Shrinking Software Attack Surface with WebAssembly & CNCF Wasmcloud - Liam Randall, Cosmonic | Shrinking Software Attack Surface with WebAssembly & CNCF Wasmcloud - Liam Randall, CosmonicWebAssembly is poised to fundamentally transform the development of both browser and server-side development. The virtualization of the CPU, OS, and cloud with hypervisor, containers, and Kubernetes each marked epochs of technology that ushered in emerging trends in software architecture, design, development, operation, and life cycle management. In this session, we highlight the development and advantages of WebAssembly and the CNCF wasmCloud Application Framework. WebAssembly marks the next wave of cloud-native evolution. In this demonstration heavy session, we highlight 3 main advantages driving the adoption of these technologies focusing on the security impacts: 1. With WebAssembly's virtualization of the application, we demonstrate portability across diverse CPUs, clouds, Kubernetes distributions, edges, and web browsers. 2. Through a capability-driven sandbox we demonstrate a security model that is sandboxed, portable, and consistent across the diverse execution environments. 3. With wasmClouds actor model we demonstrate a streamlined approach to managing the software supply chain by virtualizing the use of non-functional requirements and common open source libraries. | https://www.youtube.com/watch?v=BQVmPbW8h80 | 2022-05-17T20:36:17Z |
| Lighting Talk: Lessons Learned from Writing Thousands of Lines of IaC - Eran Bibi, Firefly | Lighting Talk: Lessons Learned from Writing Thousands of Lines of IaC - Eran Bibi, FireflyImmutable architecture is the backbone of infrastructure as code & cloud native operations, to ensure production environments cannot be changed during runtime. While this has the benefits of its inherent safety measures, this can also be restrictive, all while creating new challenges for security. Immutable concepts are much more effective when it comes to securing cloud native environments and infrastructure, which is becoming an increasingly more complex task. This talk will focus on some of the fundamentals of immutable architecture, best practices and recommended design patterns to work around its limitations and enhance security, as well as what you most certainly should not be doing when running immutable architecture both from an infrastructure and security perspective. This will be demonstrated through a real-world example of deploying a single-tenant SaaS in an automated pipeline, typical challenges encountered, and what was learned on the way, through a Terraform, Kubernetes and step functions example. | https://www.youtube.com/watch?v=tzHPy1OBqWc | 2022-05-17T20:36:17Z |
| Lightning Talk: Repurposed Purpose: Using Git's DAG for Supply Chain Artifact Resolution- Aeva Black | Lightning Talk: Repurposed Purpose: Using Git's DAG for Supply Chain Artifact Resolution - Aeva Black, MicrosoftWhat if we could know the complete and reproducible artifact tree for every binary executable, shared object, container, &etc – including all its dependencies – and you could efficiently cross-reference that against a database of known vulnerabilities? If you had had that information, could you have remediated Log4Shell faster? Might it even help open source maintainers identify at-risk dependencies sooner? If you're thinking, "this sounds too good to be true - what's it going to cost?", then we really hope you’ll join us because we believe this should be an automatic part of open source build tools. In this talk, Aeva and Ed will share why they're so excited about GitBOM and explain what it is (hint: it's not git and it's not an SBOM). If the demo gods are willing, they will show you how you can generate a GitBOM with a simple command-line tool, and explain why you won't have to. | https://www.youtube.com/watch?v=2SSkNLWL4UM | 2022-05-17T20:36:17Z |
| Lightning Talk: Knowing Your Serverless Functions: Signing and Verifying Serverless... Ariel Shuper | Lightning Talk: Knowing Your Serverless Functions: Signing and Verifying Serverless Functions with Cosign - Ariel Shuper, Cisco the security of software supply chains is extremely important. Malicious attacks on the software supply chain are an ever-present threat that can cause extreme damage. An increasing popular method to secure software supply chain is by creating a cryptographic evidence that the author of the code is who they say they are; based on them having access to the trusted private key and the content has not been changed since. Kubernetes provides a great infrastructure to complement code "signing" with a validation step that ensures signing prerequisites where met and only "signed" images are deployed. An admission controller can use ValidationWebHook and MutatingWebHook to verify deployments of "signed" images only. But what about Serverless functions? how can users validate their code was changed/ tempered before or after it was uploaded to their cloud account? In the absence of the admission controller equivalent how users can stay protected? In this talk we'll demostrate how to use and operate code-signing for serverless function using Cosign project and how to validate that only signed functions are being used in the cloud account (leveraging available tools). | https://www.youtube.com/watch?v=fAKU917XLU8 | 2022-05-17T20:36:17Z |
| Deep Dive: Serverless Security (STAG Presentation) | Deep Dive: Serverless Security (STAG Presentation) - Moderated by Andrew J Krug, Datadog; Ragashree M C, Nokia; Ashish Rajan, CISO & Ariel Shuper, CiscoServerless encompasses many different facets and technologies in its creation, use, and execution. Serverless computing available by a provider permits the execution of a piece of code by dynamically allocating resources and adhere to a consumption based pricing model. These snippets or sections of code are called “functions” and can serve multiple needs as identified in the newly released CNCF Serverless Whitepaper, first available at KubeCon EU 2022. Over the past 6 months the CNCF Security Technology Advisory group has been working on a platform independent whitepaper on serverless security. This whitepaper incorporates the industry experience of STAG members alongside industry standard best practices. Join Ashish Rajan and Andrew Krug for this panel discussion with STAG whitepaper authors. We'll discuss what's changed since the last whitepaper was released and predict a few things about where serverless security is headed. | https://www.youtube.com/watch?v=bKx6dZ-N1jk | 2022-05-17T20:36:17Z |
| First Steps to Full Lifecycle Security with Open Source Tools - Rory McCune & Anais Urlichs | First Steps to Full Lifecycle Security with Open Source Tools - Rory McCune & Anais Urlichs, Aqua SecurityA key element of successfully integrating security into the DevOps lifecycle is embedding it right from the start. Helping developers and operators build security controls in from day-one with easy to use open source tooling can make that a reality. This workshop will take a hands-on approach to demonstrate how to install, configure and customize open source security tools to be used throughout the DevOps process. The workshop will focus on a couple of core tools. Firstly understanding how Trivy can be used to help secure container images, Dockerfiles, Kubernetes manifests and IaC code such as Terraform. Then the workshop will move on to operationalizing security controls using Starboard to automate the operation of Trivy and other security tools, providing continuous security assurance of workloads and Kubernetes clusters. | https://www.youtube.com/watch?v=nwJ0366rs6s | 2022-05-17T20:36:17Z |
| Top 5 Reasons (and 5 Myths Debunked) to Invest in Securing the Software Supply Chain- Hector Linares | Top 5 Reasons (and 5 Myths Debunked) to Invest in Securing the Software Supply Chain - Hector Linares, MicrosoftThe recent Log4j vulnerability and NOBELIUM attack stress the importance of securing the software supply chain across the lifecycle: design, development, compilation, packaging, deployment, and maintenance. Executive Order 14028 mandates "significant investments" to help protect against malicious cyber threats and emphasizes a renewed focus on "enhancing software supply chain security," including compliance with the NIST Secure Software Development Framework (SSDF). To meet requirements of SSDF, we present a practitioner's guide for the journey ahead employing the Supply Chain Integrity Model (SCIM), an open-source model for managing data about the security, quality, and integrity of assets across end-to-end supply chains. We show how to maximize ROI in software supply chain security, enabling a trusted platform for the Software Development Lifecycle (SDLC) that extends to partners and customers. | https://www.youtube.com/watch?v=P70z2PmkbxA | 2022-05-17T20:36:17Z |
| Lightning Talk: lockc - Containing the Containers That Do Not Contain - Michal Rostecki | Lightning Talk: lockc - Containing the Containers That Do Not Contain - Michal Rostecki, Deepfence Inclockc is open source software for providing MAC (Mandatory Access Control) type of security audit for container workloads, written in Rust in C (soon to be written fully in Rust). The main reason why lockc exists is that containers do not contain. Containers are not as secure and isolated as VMs. By default, they expose a lot of information about host OS and provide ways to "break out" from the container. lockc aims to provide more isolation to containers and make them more secure through policies enforces in the kernel. The main technology behind lockc is eBPF - to be more precise, its ability to attach to LSM hooks. This talk will also mention Aya and the ability to write eBPF programs in Rust. | https://www.youtube.com/watch?v=cEr9eQLs_n4 | 2022-05-17T20:36:17Z |
| Lightning Talk: What Have We Learned from Scanning Over 10K Unique Clusters with Ku... Shauli Rozen | Lightning Talk: What Have We Learned from Scanning Over 10K Unique Clusters with Kubescape? - Shauli Rozen, ARMOKubescape is a K8s open-source tool providing a multi-cloud K8s single pane of glass, including risk analysis, security compliance, RBAC visualizer and image vulnerabilities scanning. Kubescape scans K8s clusters, YAML files, and HELM charts, detecting misconfigurations according to multiple frameworks (such as the NSA-CISA, MITRE ATT&CK®), software vulnerabilities, and RBAC (role-based-access-control) violations at early stages of the CI/CD pipeline, calculates risk score instantly and shows risk trends over time. In the last 6 months, Kubescape scanned over 10K unique clusters and we learned a great deal about the state of Kubernetes risk, compliance, and security vulnerabilities. In this session, Shauli Rozen, ARMO CEO &Co-Founder, will share interesting insight on why and where Kubernetes deployments are failing, the weak spots, and how to get better. He will share some interesting statistics on which controls fail most and where and what are measures to take in order to prevent them. | https://www.youtube.com/watch?v=a_-lhJW0m8Q | 2022-05-17T20:36:17Z |
| Real Time Security - eBPF for Preventing attacks - Liz Rice, Isovalent | Real Time Security - eBPF for Preventing attacks - Liz Rice, IsovalenteBPF is used in several cloud native security tools. In some respects it is already being used for preventative security: - Cilium uses eBPF to enforce NetworkPolicy - Default seccomp profiles - more properly called seccomp-bpf - limit the system calls that applications can use When it comes to runtime security, Falco today uses eBPF to detect suspicious application behavior, but this isn’t preventative - it generates alerts that are used asynchronously to react to malicious events. Is this really the best we can do with eBPF? The answer is a resounding “no”. In this talk we’ll dive into demos and code to explore how eBPF can be used for the next generation of security enforcement tooling. This talk will cover: - Why enforcing NetworkPolicy with eBPF has been in place for years, but preventative security for applications has taken longer - How Phantom attacks can compromise the use of basic system call hooks - How other eBPF attachment points, such as BPF LSM, can be used for preventative security You don’t need to know about eBPF to get the most out of this talk, but you will need a basic understanding of kernel and user space, and a willingness to see some C code. | https://www.youtube.com/watch?v=Xs3MBK17kCk | 2022-05-17T20:36:17Z |
| Closing + CTF Wrap Up- Brandon Lum, Google; Andy Martin, ControlPlane | Closing + CTF Wrap Up- Brandon Lum, Google; Andy Martin, ControlPlane | https://www.youtube.com/watch?v=93FdQUjzqow | 2022-05-17T20:36:17Z |
| VEX! or... How to Reduce CVE Noise With One Simple Trick! - Frederick Kautz | VEX! or... How to Reduce CVE Noise With One Simple Trick! - Frederick KautzCVEs are one of the most valuable tools for determining risk, but they have significant usability issues. Just because you are "vulnerable" to a CVE does not mean you are "affected" by the vulnerability. Small development teams can usually mitigate the risk by having a team member analyze the impact. However, this noise can overwhelm you if you're running a large-scale vulnerability management program with diverse vendors. The lack of context in a CVE directly impacts your capability to rank vulnerabilities and respond to them efficiently. Enter VEX, the Vulnerability-Exploitability eXchange. In this talk, we will cover what VEX is. We will cover how it integrates with SBOMs, and how it can become a critical capability of your Zero Trust infrastructure. If you're a consumer, you can use it to help determine the risk of a vulnerability and how to mitigate the vulnerability with computer-assisted tooling. If you're a vendor, you can use it to communicate actionable information to customers effectively. | https://www.youtube.com/watch?v=OWAn3ynhyzQ | 2022-05-19T10:03:04Z |
| Towards the Hardened Cloud-Native Cornerstone: Container Runtime Protection from Secur... Kailun Qin | Towards the Hardened Cloud-Native Cornerstone: Container Runtime Protection from Security to Privacy - Kailun Qin, IntelContainers, the defacto Cloud-Native vehicles carrying complex workloads today, are yet facing increasing threats owing to their weaker threat model and isolation guarantees. The security concerns and mutual distrust over the inter-container relations spread from the network to the system level, even to the intra-container or against Cloud admins and infrastructure. In this talk, we'll start by reviewing attack vectors of the container runtime and revisiting the existing protection such as AppArmor, SELinux, seccomp and their limitations. Next, we’ll deep dive into the most recent advances of enabling kernel-aided (Landlock, Core Scheduling) and hardware-aided (Memory Protection Keys, Trusted Execution Environment) "magic" with containers against more advanced exploits. The adaptations required to the runtime and image specs of containers, also to their policy enforcement, debugging, monitoring, logging, and alerting management will be further discussed. Finally, we’ll share the "Now and next" and the real scenarios of the hardened two-way sandboxes for both security and privacy. | https://www.youtube.com/watch?v=w3I23EnC5qs | 2022-05-19T14:00:18Z |
| Putting the Supply Chain Pieces together: A Deep Dive into the Secure softwar... Michael Lieberman | Putting the Supply Chain Pieces together: A Deep Dive into the Secure software Factory - Michael Lieberman, CitiIn this deep dive on supply chain security Michael Lieberman will go into a deep dive on an implementation of the CNCF's Secure Software Factory reference architecture. The talk will discuss the holistic nature of the supply chain security problem space and how the reference architecture highlights the software provenance gap that many projects and organizations trying to improve their security posture have. Michael will show how cloud native tools, configured and implemented in the right ways, can help in providing reliable provenance while increasing the trustworthiness of the artifacts you build. A system built on top of tools like Kyverno, Tekton, Chains, Spire and Sigstore will be shown how they can be tied together to build software that hits high SLSA levels. | https://www.youtube.com/watch?v=ZYRycpIJqVs | 2022-05-19T14:00:18Z |
| Purple Teaming Like Sky’s the Limit – Adversary Emulation in the Cloud... Christophe Tafani-Dereeper | Purple Teaming Like Sky’s the Limit – Adversary Emulation in the Cloud with Stratus Red Team - Christophe Tafani-Dereeper, DatadogEngineering and Security teams are increasingly operating in the cloud. With that comes the need to identify malicious activity in cloud-native environments such as AWS or Kubernetes. In this context, it’s critical that we ask ourselves: what does malicious activity look like in the cloud? What are common attacker and malware tactics we should prioritize detecting? How do we reproduce these against a live cloud environment, in order to validate our logging and threat detection pipelines? In this talk, we’ll present Stratus Red Team: an open-source project for adversary emulation and validation of threat detection in the cloud. We’ll discuss the motivation behind the project, the journey and design decisions behind it, but also the philosophy we stand for: focusing on documenting and emulating real-world, documented, and sighted attack techniques. We’ll conclude by a live demo where we use Stratus Red Team to detonate attack techniques against a live AWS account. https://github.com/DataDog/stratus-red-team | https://www.youtube.com/watch?v=hDJpU4Eh1ms | 2022-05-19T14:00:18Z |
| Securing the Supply Chain with Witness - Cole Kennedy, TestifySec | Securing the Supply Chain with Witness - Cole Kennedy, TestifySecWitness is a new open-source modular framework for supply chain security. Witness works by making collections of attestations that are bound to the CI process. These attestation collections give administrators trusted sectors on which to enforce policy no matter where the policy enforcement point is. Witness is an implementation of in-toto and integrated with cloud-native security tools such as rekor, spire, cosign and Kubernetes. In this talk we will describe the witness trust model and offer a demonstration of implementation in a CI pipeline. | https://www.youtube.com/watch?v=cZD_4u7DZPM | 2022-05-19T14:00:18Z |
## FluentCon EU 2022
- [Youtube](https://www.youtube.com/playlist?list=PLj6h78yzYM2PcilkIEOACGi3ua5-ykWam)
| Name | Description | Youtube url | Published At |
| ---------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------- | -------------------- |
| Opening + Welcome: Fluent Bit in 2022: Logs, Prometheus and OpenTelemetry - Eduardo Silva, Calyptia | Opening + Welcome: Fluent Bit in 2022: Logs, Prometheus and OpenTelemetry - Eduardo Silva, CEO & Founder, CalyptiaObservability continues to be an interesting challenge, data collection for logs, metrics, and traces is an expensive operation and different approaches exist. Fluentd and Fluent Bit have been the long-term defacto standard for logging, but recently the projects expanded their scope to support and assist with Metrics and Traces. In 2022, Fluent Bit now supports data collection, aggregation, and delivery for the world of OpenMetrics (Prometheus) and OpenTelemetry. In this presentation, you will learn how to collect and aggregate Logs, Metrics, and Traces all together without losing control of your data by connecting different protocols at scale. Fluentd and Fluent Bit embrace OpenMetrics and OpenTelemetry vision, come to learn how to optimize your observability pipelines, and implement the best practices for your production environments. | https://www.youtube.com/watch?v=qVjWu2WBinU | 2022-05-16T20:04:17Z |
| Keynote: End-to-End Log Analytics: Using the OpenSearch Project and Fluent - Eli Fisher | Keynote: End-to-End Log Analytics: Using the OpenSearch Project and Fluent - Eli Fisher, Senior Manager and Product Lead, OpenSearchThe OpenSearch Project is an open-source search and analytics suite, popular for use cases such as application search, log analytics, and more. In this talk we discuss why production ready OpenSearch Fluent Bit and Fluentd connectors are important to the project, and how these technologies work together to build an end to end log analytics solution. | https://www.youtube.com/watch?v=s-zNfY8xo3g | 2022-05-16T20:04:17Z |
| Hands-on Workshop: Getting started with Fluent Bit and Metrics with P... Anurag Gupta & Gibbs Cullen | Hands-on Workshop: Getting started with Fluent Bit and Metrics with Prometheus - Anurag Gupta, Calyptia & Gibbs Cullen, ChronosphereThe Fluent Ecosystem has recently added support for Prometheus and Open Metrics. This hands-on session will give attendees a chance to both learn and try out the new capabilities while being guided by a Fluent maintainer and Prometheus community expert. In this session we will cover the following: An introduction to Fluent ecosystem and Prometheus metrics How to spin up Prometheus as well as visualization platform (Grafana) Setting up Fluent Bit to collect and send metrics to the backend; Viewing and visualizing data that is sent by Fluent Bit Question and answer sectionThis session is suitable for learners of all skill levels, and attendees can expect to leave having a better grasp of how these Cloud Native projects can be used together to strengthen observability. | https://www.youtube.com/watch?v=2QGmofDZQfg | 2022-05-16T20:04:17Z |
| Hands-on Workshop: Fluent Operator | Intro - Benjamin Huo & Han Zhu, QingCloud Technologies | Hands-on Workshop: Fluent Operator | Intro - Benjamin Huo & Han Zhu, QingCloud TechnologiesWith the support of Fluentd, the original Fluent Bit Operator has been renamed to Fluent Operator. In this session, Fluent Operator maintainers will elaborate on the key features of Fluent Operator as well as its design principles and architecture including: 1. From Fluent Bit Operator to Fluent Operator. 2. Fluent Operator design principles. 3. Fluent Operator Architecture. 4. Use Fluent Bit as a light-weighed logging agent on Kubernetes. 5. Use Fluentd as a global log forwarding & aggregation layer on Kubernetes. 6. Build a flexible and multi-tenant log processing pipeline for Kubernetes with Fluent Bit and Fluentd. 7. Demo. 8. Community & Roadmap. | https://www.youtube.com/watch?v=VujFvp5E7_A | 2022-05-16T20:04:17Z |
| Monitoring Fluent Bit in Production - Pandu Aji, Microsoft | Monitoring Fluent Bit in Production - Pandu Aji, MicrosoftFluent Bit comes with built-in features to allow you to query internal information and monitor metrics of each running plugin. But how do you decide which metrics to use for measuring the reliability of your pipeline? How do you leverage the storage metrics, and what are the challenges? How do you detect if your logging pipeline is unhealthy and if there is any congestion? This talk will describe our Fluent Bit monitoring story. It will briefly touch on some of the design choices but will primarily focus on how to monitor Fluent Bit in the production clusters. | https://www.youtube.com/watch?v=OhlyY6glf0A | 2022-05-16T20:04:17Z |
| Lightning Talk: Data Flow Control in Cluster Logging Pipeline - Pranjal Gupta & Eran Raichstein, IBM | Lightning Talk: Data Flow Control in Cluster Logging Pipeline - Pranjal Gupta & Eran Raichstein, IBMLogging pipelines are crucial in ensuring container logs are reliably collected and routed to persistent storage. Logs generated by workloads (container processes) are written to files by Container Monitor processes (e.g. Conmon). In production environments, as Fluentd deals with a massive volume of logs, the log generation rate often exceeds the rate of log collection, which causes log loss. There is a need to prioritise application logs so that administrators can collect logs from high priority workloads in a controlled manner. In this talk, we introduce a new feature in the in_tail input plugin, which uses group rules to rate limit log collection. We share exciting insights from our systematic study about log loss on Fluentd plugins using our open-source benchmarking framework. We also present a Log Flow Control framework that allows users to define and enforce log rate limit policies to control log loss predictably. | https://www.youtube.com/watch?v=XmQBQBMjqsQ | 2022-05-16T20:04:17Z |
| Fluent Community Meeting | Fluent Community Meeting | https://www.youtube.com/watch?v=uVp6KhsL2mA | 2022-05-16T20:04:17Z |
| Demystify the Fluent Core Event Loop and Join in on its Optimization Efforts - Matthew Fala, Amazon | Demystify the Fluent Core Event Loop and Join in on its Optimization Efforts - Matthew Fala, AmazonAt the most fundamental level, Fluent Bit is an event driven system that relies on a core event loop running on each thread to initiate, resume, and clean routines required for delivering data. Have the core Fluent Bit event loop demystified, and deep dive into the data uncovering existing problems that occur due to the event loop in high throughput use-cases. The talk brings you into the community discussion on how to best optimize this event loop system and uncovers efforts spent on implementing the identified improvements. For the sake of understandably, a highly correlated analogy will be conveyed to modal the central concepts (the event loop, coroutines, cpu, yield, ready list, blocking wait) providing means to think through event loop problems and ideate solutions conceptually without full knowledge of unrelated systems. Attendees should after the talk be able to: 1. Understand the Event Loop system conceptually 2. Gain insight into the conceptual problems of the Event Loop system 3. Gain insight into the currently proposed conceptual solutions 4. Have the knowledge and tools to join the discussion, and propose new solutions. | https://www.youtube.com/watch?v=pB27FO4uxgE | 2022-05-16T20:04:17Z |
| Challenges of Logging on the Edge - Mickey Pashov, Medtronic Digital Surgery | Challenges of Logging on the Edge - Mickey Pashov, Medtronic Digital SurgeryIn this talk we will describe our journey from arbitrary log collection from edge devices to building an observability pipeline with FluentBit. We will discuss the reasons why we chose it over other agents - highly performant with a small memory footprint, open-source, vendor-agnostic, great community support, extensibility via Lua filters, and a plethora of core input and output plugins. Some of the challenges of deploying on-prem such as firewall and web filter rules; authN and authZ to the cloud; offline-mode and packaging and deployment using an unfamiliar toolchain. We will also discuss the the challenges of deploying an observability pipeline on Kubernetes with FluentD. From setting up the Helm charts and livenessProbes to TLS termination and autoscaling. | https://www.youtube.com/watch?v=zMJjv-2d7qs | 2022-05-16T20:04:17Z |
| Modernizing to the Fluent Stack: An Asana Story - James Elías Sigurðarson, Asana | Modernizing to the Fluent Stack: An Asana Story - James Elías Sigurðarson, AsanaIn 2021, Asana migrated its event emission infrastructure to use Fluent Bit, from an old logging system based on Facebook's Scribe. At Asana, event emission requires high flexibility, performance, and durability, as it powers important Asana features, such as mobile notifications. In this session, we'll take a look at how we modernised our infrastructure, and used the Fluent Node library to meet these challenges, eventually scaling up to 3.5 billion events per day. | https://www.youtube.com/watch?v=EZE_RiyFqyM | 2022-05-16T20:04:17Z |
| Closing Remarks: Anurag Gupta, Calyptia | Closing Remarks: Anurag Gupta, Calyptia | https://www.youtube.com/watch?v=IKDy7JM1o8g | 2022-05-16T20:09:25Z |
| Hands-on Workshop: Fluent Operator | Intro - Benjamin Huo & Han Zhu, QingCloud Technologies | Hands-on Workshop: Fluent Operator | Intro - Benjamin Huo & Han Zhu, QingCloud TechnologiesWith the support of Fluentd, the original Fluent Bit Operator has been renamed to Fluent Operator. In this session, Fluent Operator maintainers will elaborate on the key features of Fluent Operator as well as its design principles and architecture including: 1. From Fluent Bit Operator to Fluent Operator. 2. Fluent Operator design principles. 3. Fluent Operator Architecture. 4. Use Fluent Bit as a light-weighed logging agent on Kubernetes. 5. Use Fluentd as a global log forwarding & aggregation layer on Kubernetes. 6. Build a flexible and multi-tenant log processing pipeline for Kubernetes with Fluent Bit and Fluentd. 7. Demo. 8. Community & Roadmap. | https://www.youtube.com/watch?v=ZThmMPijJs8 | 2022-05-20T11:36:26Z |
| Securing Fluent Bit by Way of Fuzzing - David Korczynski, Ada Logics | Securing Fluent Bit by Way of Fuzzing - David Korczynski, Ada LogicsThis talk will cover efforts in automating security and reliability analysis of Fluent Bit by way of fuzzing. Fuzzing is an automated testing technique that is used in combination with bug sanitizers to identify code issues in software. In the last two years David has set up extensive continuous fuzzing of Fluent Bit by way of the open source fuzzing service OSS-Fuzz, and in this talk David will present details of this work and the results achieved, and also highlight how this impacts the overall security of Fluent Bit. The talk will cover the implementation of automated testing, the bugs found and various related statistics. The talk will relate the efforts in automated security testing onto how it impacts the security posture of Fluent Bit at large. | https://www.youtube.com/watch?v=Yp6IClswWQE | 2022-05-20T11:36:26Z |