Loading…
In-person + Virtual
16 -20 May
Learn More and Register to Attend

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon Europe 2022 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Central European Summer Time (UTC +2). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change.
Simple
Expanded
Grid
By Venue
Intermediate (Mid-level experience) [clear filter]
Wednesday, May 18
 

11:00 CEST

The Power of Cloud Native in Financial Institutions - Mateusz Pruchniak, mBank SA
Cloud Native architecture and public clouds have become the standard solution for modern IT for fast innovation, delivering more value to their customers, with dramatically less effort. This is a big challenge, especially for regulated financial sectors such as banking due to the complexity of their legacy systems, and compliance challenges including concerns raised by European regulators. For authorities (EBA, EIOPA, ESMA) having a flexible multicloud strategy and solid foundations for portability and interoperability has never been more relevant. In this session, Mateusz will present a good practice guide offering practical tips and tricks for designing and deploying Cloud Native business-critical systems in Financial Institutions fulfilling the assumption of having an easily portable architecture, with an easily tested Exit Plan and finally minimizing cloud concentration risk. Presented practical ideas can be used for designing from scratch and during migration to Cloud Native.

Click here to view captioning/translation in the MeetingPlay platform!
Speakers
avatar for Mateusz Pruchniak

Mateusz Pruchniak

Cloud Architect
Mateusz Pruchniak is a Cloud Architect in Cloud Center of Excellence in one of the biggest banks in Poland (mBank SA) where he focuses on utilization of public cloud and implementation of the multi-cloud strategy. He has thirteen years of experience working in the IT industry especially... Read More →

KubeCon EU 2022 MPruchniak pdf
Wednesday May 18, 2022 11:00 - 11:35 CEST
Pavilion 4, Room C | Level 2 | Central Forum Feria Valencia
  Application + Development

11:00 CEST

West Side CD: The Deployment Ballet Goes On - Benoit Moussaud, VMware Tanzu
The way to bring a new version into production has changed a lot in recent years. From a slow, manual, and uncontrolled processor it has become over time fast, automated, and versioned. The tools have evolved, changed, been modernized, or even containerized, but they have remained centralized. The new generation of solutions intends to reverse this point of view by relying no longer on orchestration but on choreography between the different stakeholders. This session shows the difference between these two concepts and how it applies to the CI/CD domain that has remained ultimately very centralized and old-school then describes an innovative solution, (cartographer.sh) based on the concept of supply chains.

Click here to view captioning/translation in the MeetingPlay platform!
Speakers
avatar for Benoit Moussaud

Benoit Moussaud

Senior Solution Engineer, VMware Tanzu
With more than 20 years of Enterprise IT experience, from the development to the global architecture of complex enterprise applications, Benoit Moussaud's focus is always about the automation, first on the Dev side by being involved in the Ant open source project, the continuous integration... Read More →

West Side CD Benoit Moussaud VMWare Tanzu pdf
Wednesday May 18, 2022 11:00 - 11:35 CEST
Pavilion 3, Room D | Level 2 | Central Forum Feria Valencia
  CI/CD

11:00 CEST

Kubernetes is Your Platform: Design Patterns For Extensible Controllers - Rafael Fernández López, SUSE & Fabrizio Pandini, VMware
Developing Controllers -- as well as other Kubernetes native extensions like admission webhooks -- is quickly becoming a mainstream practice to solve problems in a Kubernetes native way; but while developing a simple controller is pretty straightforward, things become complex as soon as you have behavioral dependencies with other components. But don't worry, this talk will provide you with reusable design patterns derived from the concrete experience and the hard lessons learned by the maintainers of Cluster API and Kubewarden, two projects built around the idea of extensible controllers. How to develop a plug-in system for your controller/admission webhook? How to add to your controller the capability to do RPC calls to pluggable external components? How to orchestrate many controllers co-operating in solving complex tasks? Come to this talk, we got you covered!

Click here to view captioning/translation in the MeetingPlay platform!
Speakers
avatar for Fabrizio Pandini

Fabrizio Pandini

Staff Engineer, VMware
A Kubernetes contributor obsessed with making Kubernetes lifecycle simple and consistent across all types of infrastructures, so everyone can build amazing applications on top of it. When I’m not busy as a SIG Cluster Lifecycle tech lead or as a project maintainer in Cluster API... Read More →
avatar for Rafael Fernández López

Rafael Fernández López

Senior Software Engineer, SUSE
Rafa is a Senior Software Engineer at SUSE that loves to learn and experiment. He has special interest in the intersection between programming languages, distributed systems and infrastructure. When not in front of a computer he enjoys time with family, friends, city walks and ph... Read More →

Developing Extensible Controllers pdf
Wednesday May 18, 2022 11:00 - 11:35 CEST
Pavilion 4, Room A | Level 2 | Central Forum Feria Valencia
  Customizing + Extending Kubernetes

11:00 CEST

Scaling Open Source ML: How Wolt Uses K8s To Deliver Great Food to Millions - Stephen Batifol, Wolt & Ed Shee, Seldon
Forecasting supply and demand, serving restaurant recommendations and predicting delivery times. These are just a few examples of how Machine Learning is being applied at Wolt. Now with over 12 million users, scaling the ML infrastructure has been a significant challenge. This talk will highlight those challenges and how they were addressed by building an end to end MLOps platform on Kubernetes. You'll learn about the open source frameworks that Wolt integrated, specifically Flyte, MLFlow and Seldon Core.

Click here to view captioning/translation in the MeetingPlay platform!
Speakers
avatar for Stephen Batifol

Stephen Batifol

Machine Learning Engineer, Wolt
From Android developer to Data Scientist to Machine Learning Engineer, Stephen has a wealth of software engineering experience at Wolt. He believes that machine learning has lots to learn from software engineering best practices and spends his time making ML deployments simple for... Read More →
avatar for Ed Shee

Ed Shee

Head of Developer Relations at Seldon, Seldon
Having previously led a tech team at IBM and now Head of Developer Relations at Seldon, Ed comes from a cloud computing background and is a strong believer in making deployments as easy as possible for developers. With an education in computational modeling and an enthusiasm for machine... Read More →

Kubecon EU 2022 pdf
Wednesday May 18, 2022 11:00 - 11:35 CEST
Pavilion 4, Room B | Level 2 | Central Forum
  Machine Learning + Data

11:00 CEST

How Lombard Odier Deployed VPA to Increase Resource Usage Efficiency - Vincent Sevel, Lombard Odier SA
Container orchestrators have become the de-facto standard to deploy a wide variety of workloads. As the number of deployments increases, so is the pressure on resource usage, and hardware costs. Container runtimes and Kubernetes come with a set of tools that help make the most out of your infrastructure such as cgroups with resource usage limitation and prioritization, requests and limits on cpu and memory, quality of services. Even with those tools, it can be challenging to understand how they work, and how to use them. In this talk, the speaker will offer a review of the available mechanisms, how they map at the orchestrator and runtime levels, and introduce the Vertical Pod Autoscaler as a mean to optimize resource tuning at scale. He will share some of the lessons the company learned since starting this effort. And finally he will describe where they are in the deployment phase, and give some perspective on the direction where they are headed.

Click here to view captioning/translation in the MeetingPlay platform!
Speakers
avatar for Vincent Sevel

Vincent Sevel

Technical Architect, Lombard Odier SA
Vincent has 20+ years of experience in the IT sector, with predominant skills on development, technical architecture, strategy and integration. In the last 15 years, Vincent has worked as a technical architect for Geneva based private bank Lombard Odier. Starting in 2018, Vincent... Read More →

kubecon 2022 vpa sevel pdf
Wednesday May 18, 2022 11:00 - 11:35 CEST
Pavilion 3, Room F | Level 2 | Central Forum Feria Valencia
  Performance

11:00 CEST

Create Your First CNCF Serverless Workflow Project with Kogito and Knative - Ricardo Zanini Fernandes, Red Hat
Serverless Workflow is a declarative workflow specification at CNCF for describing service orchestrations. Kogito is an open-source project by Red Hat and implements the Serverless Workflow Specification. In this session, you will learn in a live demo how to create your first CNFC Serverless Workflow project from the ground up with Kogito and how to deploy it on the Knative platform. Kogito is a developer-centric platform that can execute, test, and deploy workflows on Knative environments. The outcome is a REST microservice that can orchestrate other services and events. It is a perfect fit for an Event-Driven architecture and can integrate with Knative Eventing resources to solve complex business use cases. Kogito handles all the heavy lifting when deploying on Kubernetes by generating the resources necessary to deploy on Knative. After this session, you will be able to create a CNCF Serverless Workflow project, test it, and deploy it on Knative to be part of your architecture.

Click here to view captioning/translation in the MeetingPlay platform!
Speakers
avatar for Ricardo Zanini Fernandes

Ricardo Zanini Fernandes

Principal Software Engineer, Red Hat
Ricardo Zanini Fernandes is a Principal Software Engineer currently working on Red Hat’s Kogito Community project. He's been working in the field of software engineering since 2000 as a developer, system architect, support specialist, and team lead. He is a community contributor... Read More →

[Zanini] KubeCon EU 2022 Kogito Serverless Workflow pdf
Wednesday May 18, 2022 11:00 - 11:35 CEST
Auditorium 1A | Event Center Feria Valencia
  Serverless

11:55 CEST

Seeing is Believing: Debugging with Ephemeral Containers - Aaron Alpar, Kasten
Most Kuberrnetes developers are familiar with the painful process of debugging a pod within a cluster. Fortunately, a new, cutting-edge approach — ephemeral containers — simplifies debugging running pods and more! With ephemeral containers, you can dynamically deploy a container that shares pod resources. These containers use Linux namespaces to share network and process resources so debugging can occur using a container image of your choosing. During this talk, Aaron will cover the what, why and how of ephemeral containers, and the underlying mechanics that make ephemeral containers useful for debugging and testing.

Click here to view captioning/translation in the MeetingPlay platform!
Speakers
avatar for Aaron Alpar

Aaron Alpar

Member Technical Staff, Kasten
Aaron Alpar is a Member of Technical Staff at Kasten by Veeam. He has extensive background in reliable production systems. He has been working with Kubernetes since 2017, has been a presenter at Kubecon, and is an active contributor on Github. Talks: Presentation: KubeCon North America... Read More →

Ephemeral Containers pdf
Wednesday May 18, 2022 11:55 - 12:30 CEST
Pavilion 4, Room C | Level 2 | Central Forum Feria Valencia
  Application + Development

11:55 CEST

Unlimited Data Science Libraries, One Container Image, No Installation! - Marcel Hild, Red Hat & Kenneth Hoste, Ghent University
Kubernetes' agility, versatility, and resource scaling make it a platform of choice for data science, especially for shared environments. However, data scientists often need to work with lots of different libraries, languages, and applications, often with multiple versions. Conventional approaches, with a legion of tailored images or a huge 20GB golden image, do not match the reality of production. In this session, we will demonstrate how you can leverage the concept of environment modules inside Kubernetes to solve the challenges of synchronously managing multiple containers of different types, making thousands of scientific libraries, languages and packages dynamically available in a simple way. Inspired by work done and heavily used in the High Performance Computing (HPC) community, we will share a specific implementation that brings this production-proven architecture to Kubernetes and talk about how you can implement it in your own environment.

Click here to view captioning/translation in the MeetingPlay platform!
Speakers
avatar for Marcel Hild

Marcel Hild

Manager, Red Hat
Marcel Hild has 25+ years of experience in open source business and development. He co-founded a Linux consulting company, worked as a freelance developer, a Solution Architect for Red Hat, and core Developer for Cloudforms, a Hybrid Cloud Management tool. Now he researches the topic... Read More →
avatar for Kenneth Hoste

Kenneth Hoste

HPC System Administrator, Ghent University
Kenneth Hoste, a.k.a. 'boegel', is a computer scientist and FOSS enthusiast from Belgium. He holds a Masters (2005) and PhD (2010) in Computer Science from Ghent University. Since October 2010, he is a member of the HPC team at Ghent University (Belgium) where he is mainly responsible... Read More →

Unlimited Data Science Libraries, One Container Image, No Installation! pdf
Wednesday May 18, 2022 11:55 - 12:30 CEST
Pavilion 4, Room B | Level 2 | Central Forum
  Machine Learning + Data

11:55 CEST

This is The Way: A Crash Course on the Intricacies of Managing CPUs in K8s - Swati Sehgal, Red Hat & Marlow Weston, Intel
Optimizing CPU management improves cluster performance and security, but is daunting to almost everyone. CPU management may seem complex, but it can be explained in such a way that even your inner toddler will comprehend. With this talk, we will give a path to success. You may have a multi-socket node cluster where your AI/ML workloads care about the proximity of your CPUs to GPUs. You may be running scientific workloads where you want to pin in cores within containers instead of just a pod level. You may have a single-socket server where you want to save a single core outside of Kubernetes for a daemon dedicated to mining bitcoin, without affecting your other jobs (please do not do this). We will cover these and more, helping you understand the intricacies of CPU management within the kubelet and what Kuberenetes can and cannot currently do. We will also cover how you can help escalate the visibility of use cases not currently covered within Kubernetes.

Click here to view captioning/translation in the MeetingPlay platform!
Speakers
avatar for Marlow Weston

Marlow Weston

Cloud Software Architect, Intel
Marlow is a Cloud Software Architect working on resource management for Kubernetes at Intel. She also is a chair for the CNCF Environmental Sustainability TAG. Marlow has expertise in resource management, the AI/ML Kubernetes cloud compute ecosystem, embedded systems, high performance... Read More →
avatar for Swati Sehgal

Swati Sehgal

Principal Software Engineer, Red Hat
Swati Sehgal works to enhance Kubernetes and its platform to deliver best-in-class networking applications, leading edge solutions and innovative enhancements across the stack. Her work includes working on prototypes to deliver future high speed container technologies and enable customers... Read More →

This is the way A crash course on the intricacies of managing CPUs in K8s Kubecon 2022 pdf
Wednesday May 18, 2022 11:55 - 12:30 CEST
Viewable In Platform Feria Valencia
  Performance

11:55 CEST

Bypassing Falco: How to Compromise a Cluster without Tripping the SOC - Shay Berkovich, BlackBerry
The explosive growth of Kubernetes has left security professionals scrambling to deploy innovative tools to address the inherent security risks. One such tool is The Falco Project - an incubating CNCF tool for detecting malicious activity at run time. Falco, like many security tools, has some gaps. This talk highlights these gaps by introducing various techniques to silently bypass the default Falco ruleset (based on Falco v0.30.0 release). The attendees will learn 9 different classes of bypasses, 7 of which are novel and have never been presented. The bypasses allow for stealthy target enumeration, privilege escalation and lateral movement. To aid with the bypass automation, Shay will introduce a special container image and multiple code snippets built specifically for Falco bypasses. To wrap up, we will apply the bypass techniques on securekubernetes cluster (presented on KubeCon NA 2019) and demonstrate how an attacker can achieve full cluster compromise without tripping the SOC.

Click here to view captioning/translation in the MeetingPlay platform!
Speakers
avatar for Shay Berkovich

Shay Berkovich

Threat Researcher, Wiz
Shay is part of the Threat Research team in Wiz working on various aspects of container and cloud security with the emphasis on Kubernetes emerging threats. He worked previously at BlackBerry, Symantec and BlueCoat on a range of security products (CWPP, WAF, SWG) doing applied security... Read More →

BypassingFalco pdf
Wednesday May 18, 2022 11:55 - 12:30 CEST
Viewable In Platform Feria Valencia
  Security + Identity + Policy

14:30 CEST

No Docker, No YAML and a Polyglot Developer Experience on Top of Kubernetes - Thomas Vitale, Systematic & Mauricio Salatino, VMware
Let's build a CaaS (Containers-as-a-Service) platform that delivers a similar experience to well-loved solutions like Google Cloud Run and Azure Container Apps. Those platforms allow you to run your applications without the need to know about containers or Kubernetes. They take your source code and remotely build and deploy your software while hiding away the complexity of Docker and Kubernetes. This presentation gives practical advice on how to build such a platform in a cloud provider-agnostic way on top of Kubernetes using only open-source projects.

Thomas and Mauricio will show how the platform can scale and provide developers with a polyglot environment to code, build and deploy their event-driven applications. The presentation will cover how tools like Knative, CloudEvents, Buildpacks, func CLI, and popular languages like Java, Go, and Python can be glued together to provide an optimized polyglot developer experience that can be tested and demoed in front of a live audience.

Click here to view captioning/translation in the MeetingPlay platform!
Speakers
avatar for Mauricio Salatino

Mauricio Salatino

Software Engineer, Diagrid
Mauricio works as an Open Source Software Engineer at @Diagrid, contributing to and driving initiatives for the Dapr OSS project. Mauricio also serves as a Steering Committee member for the Knative Project and Co-Leading the Knative Functions initiative. He published a book titled... Read More →
avatar for Thomas Vitale

Thomas Vitale

Software Architect, Systematic
Thomas Vitale is a software engineer and architect focused on building cloud native, resilient, and secure applications and platforms. He works at Systematic (Denmark) and is the author of “Cloud Native Spring in Action” (Manning). Thomas likes contributing to open source projects... Read More →

Polyglot Developer experience on Kubernetes (KubeCon) pdf
Wednesday May 18, 2022 14:30 - 15:05 CEST
Pavilion 4, Room C | Level 2 | Central Forum Feria Valencia
  Application + Development

14:30 CEST

Spark on Kubernetes: The Elastic Story - Bowen Li & Huichao Zhao, Apple
Apache Spark is a unified analytics engine for large-scale data processing. People are moving Spark and batch workload to Kubernetes due to its uprising popularity. There are many challenges to running Spark efficiently on Kubernetes, for example, supporting autoscaling-based workloads. In this talk, we discuss building a large scale Spark Service on top of Kubernetes. We will also walk through autoscaling on a multi-tenant platform with advanced features such as physical isolation, min/max capacity setting, bin-packing, scale-in and scale out controls, and more. These improvements show significant CPU and memory utilization savings for Spark on Kubernetes.

Click here to view captioning/translation in the MeetingPlay platform!
Speakers
avatar for Bowen Li

Bowen Li

Engineering Manager, AIML Data Infra, Apple
Bowen Li is the manager of the Batch Processing and Interactive Analytics team at Apple AI/ML. His team builds and manages Spark batch processing service, Interactive Spark notebook service, and interactive analytics service with Trino for hundreds of data engineers and scientists... Read More →
avatar for huichao zhao

huichao zhao

Software Engineer (Tech Lead), Apple
Software Engineer on AI/ML Data Platform team, Apple

2022 KubeCon Europe Spark on Kubernetes The Elastic Story BowenLi HuichaoZhao v3 pdf
Wednesday May 18, 2022 14:30 - 15:05 CEST
Viewable In Platform Feria Valencia
  Application + Development

14:30 CEST

Kubernetes for Mac: How to Consume Shiny AWS Mac Shapes for iOS Builds - Madhuri Yechuri, Elotl & Zach Gray, Flare.build
iOS builds have traditionally run on manually managed Mac servers sitting in brick and mortar data centers. Availability of Mac compute shapes on AWS presents a unique opportunity to move these builds into the cloud along with the ease of managing them via Kubernetes, thereby simplifying Operations. This talk describes Flare.build’s journey of evaluating manually-managed vs Kubernetes-managed Mac compute shapes on AWS, lessons learnt, and suggested best practices.

Click here to view captioning/translation in the MeetingPlay platform!x
Speakers
avatar for Madhuri Yechuri

Madhuri Yechuri

Founder and CEO, Elotl Inc.
Madhuri is a systems engineer with 20+ years experience in database server technologies (Oracle), virtualization (VMware), and container technologies (ClusterHQ) before founding Elotl. Madhuri received her Masters in Computer Science from Indiana University Bloomington, and Bachelors... Read More →
avatar for Zach Gray

Zach Gray

CEO, Flare.build
As CTO at Scalio, Zach led product development and engineering for cutting-edge projects in the VR/AR, AI, big data and mobile spaces for industry leading companies before founding flare.build where he's developing next-gen build & test tooling for enterprise & hyperscale compani... Read More →

Wednesday May 18, 2022 14:30 - 15:05 CEST
Pavilion 3, Room D | Level 2 | Central Forum Feria Valencia
  CI/CD

14:30 CEST

The Risks of Single Maintainer Dependencies - John McBride, VMware
John McBride is a single maintainer for Cobra; a Go command line bootstrapping library and core dependency for many CNCF projects, including Kubernetes, Helm, Etcd, Istio, Linkerd, and many more. John will discuss the challenges of being a single maintainer on such an important project, the lottery factor, the need for contributor community, and the secure software supply chain implications this has for the entire CNCF ecosystem.

Click here to view captioning/translation in the MeetingPlay platform!
Speakers
avatar for John McBride

John McBride

Senior Member of Technical Staff, VMware
John McBride is a software engineer, open source enthusiast, and curious technologist working on cloud native platforms at VMware. Previously at Pivotal, John led teams delivering observability solutions to kubernetes and cloud foundry platforms. Currently, John is on the core engineering... Read More →

Risks of single maintainers Kubecon EU 22 jmcbride pdf
Wednesday May 18, 2022 14:30 - 15:05 CEST
Pavilion 3, Room E | Level 2 | Central Forum Feria Valencia
  Community

14:30 CEST

Improving GPU Utilization using Kubernetes - Maulin Patel & Pradeep Venkatachalam, Google
Kubernetes supports efficient utilization of resources by enabling applications to request the precise amounts of resources it needs. Unlike fractional requests for CPUs, fractional requests for GPUs are not allowed in Kubernetes. GPU resources requested in the pod manifest must be an integer number. This means one GPU is fully allocated to one container even if the container only needs a fraction of GPU for its workload. Without the support for fractional GPUs, GPU resources are invariably over provisioned leading to a wastage. This is especially true for inference workloads that process a handful of data samples in real-time. To address this limitation, we have developed user-friendly solutions that allow a single GPU to be shared by multiple containers thereby improving utilization of GPUs and saving cost. In this talk, we will show the demos of our solutions and share performance results.

Click here to view captioning/translation in the MeetingPlay platform!
Speakers
avatar for Maulin Patel

Maulin Patel

Group Product Manager, Google
Maulin Patel is a Group Product Manager at Google. Prior to his current role, he was a GM at GE and a Director at Philips Research. Maulin has a proven track record of innovations in IoT, AI/ML, cloud and smart buildings. He has experience in executing DoD, DoE, NSF and privately... Read More →
PV

Pradeep Venkatachalam

Software Engineer, Google
Pradeep Venkatachalam is a Senior Software Engineer on the GKE (Google Kubernetes Engine) team at Google Cloud. One of Pradeep’s key focus has been to improve the accelerators ecosystem built on GKE. Pradeep has been involved in a number of reliability initiatives as well as bringing... Read More →

Wednesday May 18, 2022 14:30 - 15:05 CEST
Pavilion 4, Room B | Level 2 | Central Forum
  Machine Learning + Data

14:30 CEST

Working your Cluster: Smarter Scheduling Decisions for Your Workloads - Madalina Lazar & Denisio Togashi, Intel
When deciding where to schedule your workloads, you have to consider more than just CPU and memory. Whether you are in 5G, AI/ML, HPC, or NFV, you have many more considerations to optimize your workloads. You may care about how busy the node is, how many GPU cards are attached, whether a minimal throughput is available, or whether the node is cooler than the temperature required for basic cooking. Fortunately, Kubernetes allows for extensions to its scheduling paradigm, which allows for new creative solutions going forward. Using these capabilities, we have created a way to use knowledge of your resources to impact your scheduling decisions. Telemetry Aware Scheduling and GPU Aware Scheduling, both open-source projects, enable you to use a variety of metrics in intelligent scheduling. In this talk, we will explain how to deploy and configure your system to handle your varied use cases.

Click here to view captioning/translation in the MeetingPlay platform!

Speakers
avatar for Madalina Lazar

Madalina Lazar

Software Engineer, Intel
Madalina Lazar is a Software Engineer and she is a member of the Cloud Native Orchestration team at Intel. She works on Telemetry Aware Scheduling within the Platform Aware Scheduling project and she enjoys leveraging data to solve real-life problems.
avatar for Denisio Togashi

Denisio Togashi

Software Engineer, Intel
Denisio Togashi is a Software Engineer in the Cloud Native Orchestration team at Intel. He works on Telemetry Aware Scheduling within the Platform Aware Scheduling project to help improve and tweak best performance.

working your cluster smarter scheduling decisions for your workloads pdf
Wednesday May 18, 2022 14:30 - 15:05 CEST
Pavilion 3, Room F | Level 2 | Central Forum Feria Valencia
  Performance

14:30 CEST

Trampoline Pods: Node to Admin PrivEsc Built Into Popular K8s Platforms - Yuval Avrahami & Shaul Ben Hai, Palo Alto Networks
Security teams work to prevent the next container escape while attackers do the opposite. Inevitably, we sometimes lose this battle, but we can still win the fight! It's all about *containing* the next container escape - making sure a rogue node cannot take over the entire cluster. K8s has done a great job at de-privileging the node agent, the Kubelet, but nodes also host other credentials - their pods' service account tokens. Following an escape, the attacker can easily harvest and abuse tokens of neighboring pods.

In this talk, Yuval and Shaul will introduce the concept of Trampoline Pods - pods so powerful that if their node goes rogue, it could launch devastating attacks against the cluster and in some cases completely take over it. Covering managed K8s services and common cluster add-ons, they'll reveal the trampoline pods installed by popular K8s platforms. They'll also demo exploits, discuss mitigations, and release rbac-police: a tool that detects trampoline pods and K8s privEscs.

Click here to view captioning/translation in the MeetingPlay platform!
Speakers
avatar for Yuval Avrahami

Yuval Avrahami

Principal Security Researcher, Palo Alto Networks
Yuval Avrahami is a principal security researcher at Palo Alto Networks, dealing with hacking and securing anything related to containers and cloud. Yuval found and disclosed numerous vulnerabliites across the cloud-native landscape, including container breakouts, Kubernetes CVEs... Read More →
avatar for Shaul Ben Hai

Shaul Ben Hai

Security Researcher, Palo Alto Networks
Shaul Ben Hai is a senior security researcher at Palo Alto Networks, focusing on Cloud open-source vulnerabilities in the context of container security. Shaul spent the last year researching vulnerabilities in k8s and open-source frameworks and building innovative solutions that improve... Read More →

Trampoline Pods Node to Admin PrivEsc Built Into Popular K8s Platforms.pptx pdf
Wednesday May 18, 2022 14:30 - 15:05 CEST
Auditorium 1A | Event Center Feria Valencia
  Security + Identity + Policy

15:25 CEST

Confidential Containers Explained - James Magowan, IBM & Samuel Ortiz, Apple
Confidential Containers (https://github.com/confidential-containers) enable cloud native confidential computing (https://confidentialcomputing.io/faq/) leveraging a variety of hardware platforms and technologies, standardising the confidential computing at the container level, helping users to deploy confidential workloads using already familiar workflows and tools; and in this Panel we're bringing together contributors from different hardware vendors, different projects (in different layers of the stack), and different companies to discuss and answer questions about this new complex technology. Topics for discussion will include: * How do we realise the benefits of cloud native confidential computing? * What impact is there to the Cloud Native User Experience? * What new considerations/concepts does confidential containers introduce? Note that this panel is a follow-up on what has been developed since https://www.youtube.com/watch?v=zTn9Xt1k1OA was presented.

Click here to view captioning/translation in the MeetingPlay platform!
Speakers
avatar for James Magowan

James Magowan

IBM Hyper Protect Kubernetes Architect, IBM
James works within the IBM Hyper Protect family of offerings which deliver Confidential Computing to the Cloud using IBM LinuxONE and IBM Z Systems technology. He has responsibility for the technical architecture to leverage IBM Secure Execution for Linux capability (Trusted Execution... Read More →
SO

Samuel Ortiz

Software Engineer, Apple

Confidential Containers Explained pdf
Wednesday May 18, 2022 15:25 - 16:00 CEST
Pavilion 4, Room A | Level 2 | Central Forum Feria Valencia
  Customizing + Extending Kubernetes

15:25 CEST

Autoscaling Kubernetes Deployments: A (Mostly) Practical Guide - Natalie Serrino, New Relic (Pixie team)
Sizing a Kubernetes deployment can be tricky. How many pods should it have? How much CPU/memory is needed per pod? Is it better to use a small number of large pods or a large number of small pods? What’s the best way to ensure stable performance when the load on the application changes over time? Luckily for anyone asking these questions, Kubernetes provides rich, flexible options for autoscaling deployments. This session cover the following topics: - Factors to consider when sizing your Kubernetes application - Horizontal vs Vertical autoscaling - How, when, and why to use the Kubernetes custom metrics API - Practical demo: Autoscaling with application metrics from Prometheus, Linkerd, Pixie (request throughput/latency, number of shoes purchased in my web store) - Impractical demo: A Turing-complete autoscaler!

Click here to view captioning/translation in the MeetingPlay platform!
Speakers
avatar for Natalie Serrino

Natalie Serrino

Principal Engineer, New Relic
Natalie Serrino is a Principal Engineer at New Relic working on the Pixie open source project. She focuses on Pixie’s data layer, more specifically, the PxL language, the PxL compiler, and Pixie’s edge query engine for analytics.

Autoscaling Kubernetes Deployments a (Mostly) Practical Guide pdf
Wednesday May 18, 2022 15:25 - 16:00 CEST
Pavilion 3, Room F | Level 2 | Central Forum Feria Valencia
  Performance

15:25 CEST

How Attackers Use Exposed Prometheus Server to Exploit Kubernetes Clusters - David de Torres Huerta & Miguel Hernández, Sysdig
Prometheus has become the standard for monitoring Kubernetes services. It comes with a set of helpful exporters, and Kubernetes offers several metrics endpoints directly through the API. These features enable monitoring and troubleshooting of most situations that SREs face on a daily basis. But, what if an attacker accesses your Prometheus server? How much information can they get for fingerprinting the cluster? Kernel versions, IP addresses, instance types, library versions…the list goes on and on. In this session, you will learn how attackers use this information in the first part of reconnaissance, to see if you are vulnerable. The speakers will share - What secrets they collect to fingerprint your Kubernetes cluster (hint: they're not after your timeseries) - How to leverage this information internally to secure your cluster - How to prevent the exposition of sensitive information No matter how many safety best practices you apply, you must be aware of every link of the chain.

Click here to view captioning/translation in the MeetingPlay platform!
Speakers
avatar for David de Torres Huerta

David de Torres Huerta

Engineer Manager, Sysdig
David is Manager of Engineering at Sysdig and has studies on Computer Science and Cultural and Social Anthropology. Previously he worked as CTO in a company specialized in IoT for energy metering and Industry 4.0. He is a computer engineer and collaborates with open source projects... Read More →
avatar for Miguel Hernández

Miguel Hernández

Security content engineer, Sysdig
Miguel is a student for life with a passion for innovation. He has spoken at several cyber-security conferences, including HITB, RootedCon, TheStandoff, and Codemotion. Miguel spent the last six years working in security research at big tech companies. In addition to contributing... Read More →

KubeCon EU 2022 Kubernetes fingerprinting with Prometheus pdf
Wednesday May 18, 2022 15:25 - 16:00 CEST
Auditorium 1A | Event Center Feria Valencia
  Security + Identity + Policy

15:25 CEST

Empower Autonomous Driving with Cloud Native Serverless Technologies - Benjamin Huo, QingCloud Technologies & Xiuming Lu, UISEE
For an Autonomous-Driving platform, the complex use cases and numerous modules pose huge challenges to the entire architecture. Take data-archiving as an example, large amounts of time-sensitive data are generated in the vehicle and cloud every second, scattered in various devices and clusters. Challenges like multi-types of storage media, non-uniform data size, mixed asynchronous operations, steep resource overhead curves all prompt for a more flexible, elastic, and cost-saving architecture. In this talk, UISEE developers and OpenFunction maintainers will talk about: - Why does Autonomous-Driving need a modern FaaS platform powered by Dapr, Keda, and Knative? - Cloud Native FaaS Platform OpenFunction Intro. - Why is an asynchronous function a good fit for Autonomous-Driving? - How does UISEE use the Asynchronous functions in Autonomous-Driving? - The benefits that a modern FaaS platform brings to Autonomous-Driving. - OpenFunction updates & roadmap.

Click here to view captioning/translation in the MeetingPlay platform!
Speakers
avatar for Benjamin Huo

Benjamin Huo

Manager of KubeSphere Observability & Serverless Team, QingCloud Technologies
Benjamin Huo leads KubeSphere's Observability, Edge Computing, and Serverless team. He is the creator of Fluent Operator and OpenFunction. He is also the co-creator of several observability open-source projects including Kube-Events, Notification Manager, etc. He loves cloud-native... Read More →
avatar for Xiuming Lu

Xiuming Lu

Architect of UISEE, UISEE
Xiuming Lu is the architect of UISEE who is responsible for system architecture and DevOps of the cloud platform in the autonomous-driving industry. He is experienced in cloud native FaaS and observability areas.

Empower Autonomous Driving with cloud native Serverless technologies pdf
Wednesday May 18, 2022 15:25 - 16:00 CEST
Viewable In Platform Feria Valencia
  Serverless

16:30 CEST

Prow! Leveraging Developer-Centric CI for Your OSS Project! - Nabarun Pal, VMware & Arsh Sharma, Okteto
Prow is a CI system maintained by Kubernetes SIG Testing to test Kubernetes on Kubernetes. Prow is designed as a pluggable system of components and it can be used as a generic CI system. The robust architecture of Prow can lead to challenges in deploying it. In the talk, we will navigate the challenges faced when deploying and using Prow, including setting up the Prow control plane components, configuring access for GitHub repos, and enabling Prow plugins. Prow is used by large projects in the CNCF landscape like Kubernetes, Knative, cert-manager, Falco, to name a few. Even though a lot of these projects have deployed Prow successfully, it is a challenge to set up Prow. The talk will highlight the common pitfalls and gotchas that one will run into when deploying Prow. The talk would cover * A roundup of Prow Architecture * Cloud resources required for Prow and setting them up * Capabilities of Prow like running tests, using GitHub comments for interaction, auto merging pull requests.

Click here to view captioning/translation in the MeetingPlay platform!
Speakers
avatar for Nabarun Pal

Nabarun Pal

Staff Engineer at VMware, Kubernetes Steering Committee and Maintainer, Broadcom
Nabarun is a Staff Software Engineer at VMware, a maintainer of the Kubernetes project, an elected Kubernetes Steering Committee member and a chair of Kubernetes SIG Contributor Experience. He is a Release Manager for Kubernetes and has been the Kubernetes 1.21 Release Team Lead... Read More →
avatar for Arsh Sharma

Arsh Sharma

Developer Experience Engineer, Okteto
Arsh is a Developer Experience Engineer at Okteto. He is a CNCF Ambassador and was awarded the Kubernetes Contributor Award for his contributions in 2021. He has also led the CI Signal Team in the 1.25 Kubernetes Release. Previously, he worked at VMware and was also a contributor... Read More →

Wednesday May 18, 2022 16:30 - 17:05 CEST
Pavilion 3, Room D | Level 2 | Central Forum Feria Valencia
  CI/CD

16:30 CEST

Supporting Long-Lived Pods Using a Simple Kubernetes Webhook - Clément Labbe, Slack
Today's applications strive to boot fast, be stateless, and handle unexpected terminations gracefully. However, some applications like distributed caches can take a while to warm up to a running state, while batch workers would rather avoid being terminated before they're done. At Slack, such applications found their home in Kubernetes thanks to a two-sided system: one one hand an admission webhook injects tolerations in pods to inform their requirement to be long-lived, and on the other hand a custom service taints nodes with their uptime. This results in pods desiring a long life to be scheduled on young nodes less likely to be terminated early. This talk will first describe how to write a simple Kubernetes admission webhook (https://github.com/slackhq/simple-kubernetes-webhook) to inject tolerations in pods, then move onto the symbiotic node tainting system, and end with gotchas and some metrics on how this long-lived pod support is used at Slack.

Click here to view captioning/translation in the MeetingPlay platform!
Speakers
avatar for Clément Labbe

Clément Labbe

Senior Software Engineer, Cloud, Slack
Clem is a cloud engineer approaching a decade of passionately working with distributed systems and web technologies. He loves solving application delivery in DevOps environments by developing tools in Go, and building resilient infrastructure using Kubernetes on AWS or GCP. 18 months... Read More →

min pod lifespan v3 pdf
Wednesday May 18, 2022 16:30 - 17:05 CEST
Pavilion 4, Room A | Level 2 | Central Forum Feria Valencia
  Customizing + Extending Kubernetes

16:30 CEST

Accelerating High-Performance Machine Learning at Scale in Kubernetes - Alejandro Saucedo, The Institute for Ethical AI & Machine Learning & Elena Neroslavskaya, Microsoft
Identifying the right tools for high-performance production machine learning may be overwhelming as the ecosystem continues to grow at break-neck speed. In this industry collaboration we aim to provide a hands-on guide on how practitioners can productionize optimized machine learning models in cloud native ecosystems using production-ready open source frameworks. We will dive into a practical use-case, deploying the renowned GPT-2 NLP machine learning model in Kubernetes leveraging the ONNX Runtime from the Seldon Core Triton server, which will provide us with a scalable production NLP microservice serving the ML model that can power intelligent text generation applications. We will present some of the key challenges currently being faced in the MLOps space, as well as how each of the tools in the stack interoperate throughout the production machine learning lifecycle.

Click here to view captioning/translation in the MeetingPlay platform!
Speakers
avatar for Alejandro Saucedo

Alejandro Saucedo

Engineering Director, Seldon Technologies
Alejandro Saucedo is the Director of Machine Learning Engineering at Seldon Technologies, where he leads teams of machine learning engineers focused on the scalability and extensibility of machine learning deployment and monitoring products with over 5 million installations. Alejandro... Read More →
avatar for Elena Neroslavskaya

Elena Neroslavskaya

Cloud Solution Architect, Microsoft
Cloud Solution Architect and Technology Enthusiast at Microsoft. Love everything Cloud Native and ML. Working with many client on serving their ML models and optimizing the processes.

Wednesday May 18, 2022 16:30 - 17:05 CEST
Pavilion 4, Room B | Level 2 | Central Forum
  Machine Learning + Data

16:30 CEST

Getting the Optimal Service Efficiency That Autoscalers Won’t Give You - Mauro Pessina, Moviri
A challenge when tuning a Kubernetes microservices application is identifying the container size (CPU and Memory), due to frequent application changes and varying traffic patterns. Kubernetes autoscalers are the standard solution to automatically adjust Kubernetes container resources for service efficiency. We present the results of an extensive tuning activity we successfully conducted on a Kubernetes application delivering business-critical financial services to SMB customers. Our goal was to minimize cloud cost without compromising on performance of this application. The unexpected result was that configurations minimizing the service cost were not recommended by the autoscaler. Indeed, autoscalers work by adjusting resource sizing wrt the historical usage, without being aware of the actual cost of cloud resources and of the impact on application performance. In our session, we illustrate how you can use our exploratory testing approach we leveraged to get these results.

Click here to view captioning/translation in the MeetingPlay platform!
Speakers
avatar for Mauro Pessina

Mauro Pessina

Performance Engineer, Moviri
Mauro Pessina has more than 10 years of experience as a Performance Engineer working with best-in-class performance testing and observability platforms. Today, Mauro leads the Performance Engineering team at Moviri with a special focus on continuous performance optimization of modern... Read More →

Moviri Getting the optimal service efficiency that autoscalers won’t give you pdf
Wednesday May 18, 2022 16:30 - 17:05 CEST
Pavilion 3, Room F | Level 2 | Central Forum Feria Valencia
  Performance

16:30 CEST

Securing Kubernetes Applications by Crafting Custom Seccomp Profiles - Sascha Grunert, Red Hat
Applying seccomp profiles to Kubernetes workloads is one of the most efficient ways in securing containers. The profiles have to be created with care and need to be maintained over the complete lifecycle of the application. This manual effort causes that many applications either stick to the runtime default profile or turn the feature off at all. In this talk, Sascha will demonstrate how to create a custom seccomp profile for a specific containerized application. It will cover the basic techniques of collecting the required syscalls by hand, and also advanced ways of utilizing eBPF and automatic audit log tracing. The session will also discuss the drawbacks of relying on automations. In the end, Sascha will show how to create multi architecture profiles and utilizes in-cluster enhancements like the Security Profiles Operator to create an application specific profile. Join this talk to learn more about seccomp in Kubernetes and how to secure your applications!

Click here to view captioning/translation in the MeetingPlay platform!
kubecon eu 2022 seccomp pdf
Wednesday May 18, 2022 16:30 - 17:05 CEST
Viewable In Platform Feria Valencia
  Security + Identity + Policy

16:30 CEST

Crack the FaaS Cold Start and Scalability Bottleneck - Cathy Zhang & Rui Zang, Intel
FaaS provides many benefits to the end-users, such as zero maintenance and on-demand auto-scaling. As each new technology brings benefits, it brings challenges. There are two major challenges: cold start latency and autoscaling speed in response to bursty traffic. Cold start latency refers to the time it takes to create a new function instance and get it ready to start execution. Autoscaling refers to the operation of automatically adjusting the number of running function instances to meet the traffic demand. This talk provides a detailed analysis of what causes the cold start latency and the autoscaling bottleneck. It then presents a new approach that reduces the cold start latency through instantiating a new function instance from a combination of its memory snapshot and its essential code chunks. The authors will share their learnings and test results. On the autoscaling part, the authors will share their insight of using an elastic function sandbox to boost the auto-scaling speed.

Click here to view captioning/translation in the MeetingPlay platform!
Speakers
RZ

Rui Zang

Software Engineer, Intel
Rui Zang is a senior cloud engineer at Intel. He has profound technical background on cloud orchestration, networking, storage and OS. Recently his focus is on serverless stack optimization.
avatar for Cathy Zhang

Cathy Zhang

senior principal engineer, Intel
As a member of the CNCF TOC, Cathy has been sponsoring and guiding projects' applications for graduation/incubating, and reviewing/approving new sandbox projects. She has been a committee member for several KubeCon. Cathy is a currently Senior Principal Engineer at Intel, leading... Read More →

Crack the FaaS Cold Start and Scalability Bottleneck pdf
Wednesday May 18, 2022 16:30 - 17:05 CEST
Viewable In Platform Feria Valencia
  Serverless

17:25 CEST

Production-scale Containerized Game Platform Practice in Bytedance - Chenyu Jiang, ByteDance, Inc & Viktor Farcic, Upbound
Classical games servers are running on physical machines or virtual machines to provide services to players. However, packaging game servers as in containers is quickly gaining traction across the tech landscape because of container's isolated runtime paradigm, cost efficiency and elasticity. In Bytedance, games is one of the major vertical domains and we need a mature games-centric platform to serve games from both in-house games studios and agents of game manufacturers globally. In this talk, a Bytedance's practice will be shared in establishing a Kubernetes based Game platform. It leverages multiple CNCF open source frameworks: Crossplane, KubeVela, Agones to address challenges and requirements for games to go cloud-native, such as game servers and dependency resource deployment in multi-cloud/multi-region, game servers orchestration and stateful games service autoscaling.
Speakers
avatar for Viktor Farcic

Viktor Farcic

Developer Advocate, Upbound
Viktor is helping the CNCF Crossplane project’s community grow as a Developer Advocate at Upbound, where he educates and connects with the community to help them adopt and deploy a universal control plane. He also runs the popular DevOps Toolkit channel on YouTube where he teaches... Read More →
avatar for Chenyu Jiang

Chenyu Jiang

Software Engineer, ByteDance,Inc
Chenyu is a Software Engineer at the Bytedance Infrastructure team focusing on game dedicated infrastructure with cloud-native technologies.

KubeCon EU 2022 Presentation Production scale containerized game platform practice in ByteDance pdf
Wednesday May 18, 2022 17:25 - 18:00 CEST
Viewable In Platform Feria Valencia
  Application + Development

17:25 CEST

KubeFlux: An HPC Scheduler Plugin for Kubernetes - Claudia Misale, IBM T.J. Watson Research Center & Daniel Milroy, Lawrence Livermore National Laboratory
Adoption of cloud technologies by high performance computing (HPC) is accelerating, and HPC users want their applications to perform well everywhere. While container orchestration frameworks provide advantages like resiliency, elasticity, and declarative management, they are not designed to enable application performance to the same degree as HPC workload managers and schedulers. In response to increased interest in scheduling flexibility, the Kubernetes community developed the Scheduling Framework to facilitate integration of new policies and schedulers. We present KubeFlux, a Scheduling Framework plugin based on the Fluxion open-source HPC scheduler developed at the Lawrence Livermore National Laboratory. We discuss uses for KubeFlux and compare the performance of an application scheduled by the Kubernetes default scheduler and KubeFlux. KubeFlux is an example of the rich capability that can be added to Kubernetes and paves the way to democratization of the cloud for HPC workloads.

Click here to view captioning/translation in the MeetingPlay platform!
Speakers
avatar for Claudia Misale

Claudia Misale

Staff Research Scientist, IBM T.J. Watson Research Center
Claudia Misale is a Staff Research Scientist in the Hybrid Cloud Infrastructure Software group at IBM T.J. Watson Research Center (NY). Her research is focused on Kubernetes for IBM Public Cloud, and also targets porting HPC applications to the cloud by enabling batch scheduling alternatives... Read More →
avatar for Daniel Milroy

Daniel Milroy

Computer Scientist, Lawrence Livermore National Laboratory
Daniel Milroy is a Computer Scientist at the Center for Applied Scientific Computing at the Lawrence Livermore National Laboratory. His research focuses on graph-based scheduling and resource representation and management for high performance computing (HPC) and cloud converged environments... Read More →

KubeCon EU 2022 pdf
Wednesday May 18, 2022 17:25 - 18:00 CEST
Viewable In Platform Feria Valencia
  Customizing + Extending Kubernetes

17:25 CEST

The CRDs that Broke the Camel's Back - Alper Rifat Ulucinar, Upbound
Custom resources are the preferred way to extend the K8s API server with a declarative API. They enable us to implement our very own control planes on top of K8s. K8s has performance guidelines and thoroughly investigated scalability thresholds but no guidelines for CRDs are available yet. Our initial attempts to install 1000s of CRDs revealed severe performance issues related to the API server, such as service disruptions and client-side throttling. And this further led to investigations to reveal the root causes of those issues. This talk aims to discuss how one can troubleshoot API server performance issues using profiling tools and to present some real world data that allowed us to pinpoint the root causes of the scaling issues that we initially hit. As the troubleshooting process is explained, the talk will also deliver some insights into the mechanics of CRDs. We would also like to share some tips in successfully getting changes into upstream and moving the ecosystem forward.

Click here to view captioning/translation in the MeetingPlay platform!
Speakers
avatar for Alper Rifat Ulucinar

Alper Rifat Ulucinar

Staff Software Engineer, Upbound
Alper is currently working as a Staff Software Engineer at Upbound Inc and is a Crossplane contributor. Previously, he worked at SAP as a Development Architect, where he designed and implemented Cloud native applications. Prior to joining SAP, he was a visiting postdoctoral researcher... Read More →

Wednesday May 18, 2022 17:25 - 18:00 CEST
Pavilion 3, Room F | Level 2 | Central Forum Feria Valencia
  Performance

17:25 CEST

The Hitchhiker's Guide to Pod Security - Lachlan Evenson, Microsoft
With the release of Kubernetes v1.23, Pod Security admission has now entered beta. Pod Security is a built-in admission controller that evaluates Pod specifications against a predefined set of Pod Security Standards and determines whether to admit or deny the pod from running. Pod Security is the successor to PodSecurityPolicy which was deprecated in the v1.21 release, and will be removed in Kubernetes v1.25. In this presentation I cover the key concepts of Pod Security along with how to use it walking through practical examples. Through education of this new security focused API I hope that cluster administrators and developers alike will use this new mechanism to enforce secure defaults for their workloads.

Click here to view captioning/translation in the MeetingPlay platform!
Speakers
avatar for Lachie Evenson

Lachie Evenson

Principal Program Manager, Microsoft
Lachlan is a Principal Program Manager on the open source team at Azure. As a cloud native ambassador, emeritus Kubernetes steering committee member and release lead, Lachlan has deep operational knowledge of many Cloud Native projects. He spends his days building and contributing... Read More →

KubeCon EU 2022 The Hitchhiker's Guide to Pod Security pdf
Wednesday May 18, 2022 17:25 - 18:00 CEST
Auditorium 1A | Event Center Feria Valencia
  Security + Identity + Policy

17:25 CEST

Building a Nodeless Kubernetes Platform - William Denniss, Google Cloud
Can Kubernetes be nodeless, and is nodeless Kubernetes still really Kubernetes? That is the question the Google Kubernetes Engine team asked themselves before embarking on a project to create a new operating mode for their 6-year-old Kubernetes platform, GKE. Go behind the scenes of the creation of GKE Autopilot, a fully managed "nodeless" Kubernetes platform, and hear from one of the creators how it was built, and why various decision decisions were made. Topics covered will include the trade off between operational support, security and Kubernetes compatibility, and why it actually makes sense for nodes to retain their semantic meaning on a nodeless Kubernetes platform. The community has seen several approaches for offering serverless/nodeless Kubernetes to operators, including with technology like Virtual Kubelet. This presentation will break new ground, providing an alternative path to achieving the goals of serverless Kubernetes without removing node-level APIs like affinity.

Click here to view captioning/translation in the MeetingPlay platform!
Speakers
avatar for William Denniss

William Denniss

Product Manager, Google Cloud
William is a Product Manager at Google Cloud working on Google Kubernetes Engine (GKE). On the GKE team, he pioneered Autopilot, a fully-managed Kubernetes platform that seeks to reduce developer toil while still supporting the full range of Kubernetes workload constructs. He is currently... Read More →

Wednesday May 18, 2022 17:25 - 18:00 CEST
Pavilion 3, Room G | Level 2 | Central Forum Feria Valencia
  Serverless
 
Thursday, May 19
 

11:00 CEST

Case Study: Bringing Chaos Engineering to the Cloud Native Developers - Uma Mukkara, ChaosNative & Ramiro Berrelleza, Okteto
Though Chaos Engineering started as a solution for fixing unknown problems at scale, it has evolved in recent years into a totally different practice area. It is now beginning to play a major role in CI/CD apart from Ops and figures as an aid that improves developer experience. Chaos frameworks are beginning to feature in the list of must-have dev tools. In this session, we discuss the role of Chaos Engineering in stepping up the cloud native dev experience and how developers can use cloud native chaos tests to verify the resilience of their application even before the code is merged. Okteto is an open source tool that enables developers to deploy development environments directly in Kubernetes. The community behind Okteto has succeeded with the idea of providing cloud native chaos tests to the developers in their toolset. In this session we take examples of Litmus chaos tests on Okteto and show how developers can run them as part of the development process, rather than just on CI.

Click here to view captioning/translation in the MeetingPlay platform!
Speakers
avatar for Ramiro Berrelleza

Ramiro Berrelleza

CEO, Okteto
Ramiro Berrelleza is one of the founders of Okteto. He has spent most of his career (and his free time) building cloud services and developer tools. Before starting Okteto, Ramiro was an Architect at Atlassian and a Software Engineer at Microsoft Azure. Originally from Mexico, he... Read More →
avatar for Uma Mukkara

Uma Mukkara

CEO, ChaosNative
Uma Mukkara is a maintainer of CNCF chaos engineering project LitmusChaos. He also is the CEO of ChaosNative and is a regular speaker on the subject of Chaos Engineering and cloud native DevOps at various conferences in the recent past. He is passionate about building solutions around... Read More →

KubeConEU 2022 UmaMukkara Ramiro pdf
Thursday May 19, 2022 11:00 - 11:35 CEST
Pavilion 4, Room C | Level 2 | Central Forum Feria Valencia
  Application + Development

11:00 CEST

Learnings From Providing A Platform API With Kubernetes And Crossplane - Hannes Blut & Jan Willies, Accenture
Kubernetes' extensible API has turned it into a de-facto abstraction layer not just for building, deploying and operating cloud-native apps, but also as the control plane for the entire enterprise, to provision and manage cloud resources and complex platform components. This session will be about the journey of Kubernetes and Crossplane at Deutsche Bahn, to provide platform consumers with access to a unified API for deployments, infrastructure provisioning and applications in a manner that is independent from the cloud, addressing compliance and cross-cutting concerns while providing a Kubernetes “native” experience. The journey has not been without challenges, where the platform team has managed technical and functional requirements including an access model in an enterprise environment, user expectations of cloud native infrastructure usage, and issues with excessive API load, shared resources, as well as controllers written by the team and open sourced along the way.

Click here to view captioning/translation in the MeetingPlay platform!
Speakers
avatar for Jan Willies

Jan Willies

Platform Architect, Accenture
Jan Willies is a Platform Architect at Accenture and contributor to the crossplane project. He is participating in open source communities, founded the Berlin CI/CD Meetup and organizes the CI/CD DevRoom at FOSDEM. He is a maintainer of provider-gitlab and provider-argocd and speaks... Read More →
avatar for Hannes Blut

Hannes Blut

Cloud Architect, Accenture
Hannes Blut is a Cloud Architect at Accenture with focus on design and implementation of unique client solutions, including cloud and high-performance computing systems. He is well versed in advanced automation and managing operative reliability.

2022 05 KubeCon EU 2022 CNP pdf
Thursday May 19, 2022 11:00 - 11:35 CEST
Pavilion 4, Room A | Level 2 | Central Forum Feria Valencia
  Customizing + Extending Kubernetes

11:00 CEST

Operating Prometheus in a Serverless World - Colin Douch, Cloudflare
The traditional Prometheus configuration makes several assumptions about the architecture of the systems that it is monitoring that fail to be met in the world of Serverless Architectures. With the increasing adoption of Serverless computing in Distributed Systems architectures, the question then arises of how to achieve the same insight into them that we can achieve with more traditional architectures. In particular, with Timeseries Metrics, the choice is often to choose between substandard upstream offerings (such as the Prometheus Pushgateway), or capitulate to vendor lock-in and utilise a platform provided by your Cloud provider. So if we want to continue to use our existing Prometheus systems, then what choices do we have? This talk will cover the issues around existing solutions, Colin's solution to these issues that is currently in production at Cloudflare, and where we can go in upstream to make the experience better going forward.

Click here to view captioning/translation in the MeetingPlay platform!
Speakers
avatar for Colin Douch

Colin Douch

Systems Reliability Engineer, Cloudflare
Colin currently Tech Leads the Observability Platform Team at Cloudflare, orchestrating and inventing solutions to better serve Cloudflare's increasingly large global footprint of services around the world. Starting in Mining, he has been working, advising, and researching in the... Read More →

Operating Prometheus in a Serverless World pdf
Thursday May 19, 2022 11:00 - 11:35 CEST
Pavilion 3, Room F | Level 2 | Central Forum Feria Valencia
  Observability

11:00 CEST

Fun with Continuous Compliance - Ann Wallace, Shopify & Zeal Somani, Google
Is it possible to make compliance fun and less stressful? The old way of doing things is to manually gather evidence once or twice a year and hope nothing bad is found during your audit. This is not fun. In this talk, we’ll go over the concepts of continuous compliance and how to apply this to your current DevSecOps program. Zeal will talk about how the Open Security Controls Assessment Language (OSCAL) can be used to create automated control based assessments. Lastly, Ann will walk through how Shopify uses OSS like Falco and Voucher to achieve continuous compliance at scale. You will walk away from this session with information on how you can make compliance fun or at least less painful.

Click here to view captioning/translation in the MeetingPlay platform!
Speakers
avatar for Ann Wallace

Ann Wallace

Senior Security Engineering Manager, Shopify
Ann Wallace (she/her) leads compliance & risk teams at Shopify. Prior to Shopify, she worked at Google leading the go to market efforts for Security Solutions. She also set and ran the Global Security Practice that created Google Cloud's first set of professional services offerings... Read More →
avatar for Zeal Somani

Zeal Somani

Security Solutions Manager, Google
Zeal has a diverse experience around security, compliance and payments. Most recently at Google Cloud, she is responsible for a portfolio of solutions in the Governance, Risk and Compliance space such as Risk and Compliance as Code, Sovereignty. She lead the strategy and execution... Read More →

KubeCon EU 2022 Fun With Continuous Compliance pdf
Thursday May 19, 2022 11:00 - 11:35 CEST
Auditorium 1A | Event Center Feria Valencia
  Security + Identity + Policy

11:00 CEST

Autoscaling Elasticsearch for Logs on Kubernetes - Radu Gheorghe, Sematext Group & Ciprian Hacman, polypoly
Elasticsearch (and its fork, OpenSearch) is the go-to storage for logs. As with any storage, the cluster likely needs to scale to keep up with the change of load. But autoscaling Elasticsearch isn't trivial: indices and shards need to be well sized and well balanced across nodes. Otherwise the cluster will have hotspots and scaling it further will be less and less efficient. This talk focuses on two aspects: - best practices around scaling Elasticsearch for logs and other time-series data - how to apply them when deploying Elasticsearch on Kubernetes. In the process, a new (open-source) operator will be introduced (yes, there will be a demo!). This operator will autoscale Elasticsearch while keeping a good balance of load. It does so by changing the number of shards in the index template and rotating indices when the number of nodes changes.

Click here to view captioning/translation in the MeetingPlay platform!
Speakers
avatar for Ciprian Hacman

Ciprian Hacman

Software Engineer, Microsoft
Ciprian Hacman is a Software Engineer, working with cloud-native technologies. He is also an open source project maintainer for kOps (Kubernetes Operations), etcd-manager, cloud-provider-aws and frequent contributor to other projects in the Kubernetes ecosystem.
avatar for Radu Gheorghe

Radu Gheorghe

Search Consultant, Sematext Group
Radu Gheorghe works mainly as a search consultant at Sematext, working with clients of all sizes on their Elasticsearch and Solr projects. He is also a trainer and does production support for both these search engines. Sometimes he helps out with the development of Sematext Cloud... Read More →

Autoscaling Elasticsearch for Logs on Kubernetes 2 pdf
Thursday May 19, 2022 11:00 - 11:35 CEST
Pavilion 4, Room B | Level 2 | Central Forum
  Storage

11:00 CEST

GitOps to Automate the Setup, Management and Extension a K8s Cluster - Kim Schlesinger, DigitalOcean
In this workshop, you will experience the power of Infrastructure as Code and GitOps to automate the provisioning, modification, and extension of a Kubernetes cluster. Join me to learn how to use Terraform to spin up a Kubernetes cluster and install FluxCD, which will watch a GitHub repo and automatically apply any changes made via git commit. In order to keep all of your credentials like secrets, passwords, and tokens in your GitHub repo, we will show you how to use the sealed-secrets project to enable one-way encrypted secrets that can only be decoded inside the cluster. Finally, you will install and use Crossplane to provision digital infrastructure from inside your Kubernetes cluster, including resources from different cloud providers, giving you a chance to experiment with multi-cloud infrastructure.

Click here to view captioning/translation in the MeetingPlay platform!
Speakers
avatar for Kim Schlesinger

Kim Schlesinger

Developer Advocate, DigitalOcean
Kim Schlesinger is a teacher and technologist. She is currently a Developer Advocate at DigitalOcean, and before that she was an SRE at Fairwinds. Kim has given talks at KubeCon + CloudNativeCon North America, SRECon, LISA, DevOps Days Rockies and Develop Denver.

Thursday May 19, 2022 11:00 - 12:30 CEST
Pavilion 3, Room E | Level 2 | Central Forum Feria Valencia
  Customizing + Extending Kubernetes, Tutorial

11:55 CEST

Your Manila CephFS Share Backups Belong to S3 - Robert Vasek, CERN
Backups. Boring and mundane, until you lose your application data and need it back. Our Kubernetes users at CERN make extensive use of CephFS-backed storage managed by the OpenStack Manila service. Streamlining and automating the process of backups gives them a chance to prepare so that–should a disaster strike–they can recover. In this talk we will delve into the work we have done to make Velero, CephFS, Manila and an S3 store cooperate together, and bring an application back into life. Expect code snippets and demos. By the end of this session, you should have a clear overview of how each component contributes to our current backup and restore workflow in Kubernetes, and how you can integrate this setup into your clusters too.

Click here to view captioning/translation in the MeetingPlay platform!
Speakers
RV

Robert Vasek

Software engineer junior fellow, CERN
Robert is a Software Engineer junior fellow at CERN, working in the Cloud team. His main focus is storage in container environments and contributions to the ecosystem around CSI as well as its cloud deployments here at CERN. He is also involved in openstack-manila-csi and ceph-csi-cephfs... Read More →

CERN manila cephfs backups pdf
Thursday May 19, 2022 11:55 - 12:30 CEST
Pavilion 4, Room B | Level 2 | Central Forum
  Storage

14:30 CEST

Build Your Own Cluster API Provider the Easy Way - Anusha Hegde, VMware & Richard Case, Weaveworks
Over the past year, the adoption of Cluster API (CAPI) has been growing with more end-users using it to provision their clusters. And increasingly it’s being adopted inside commercial products and other OSS projects (e.g. EKS-Anywhere). With this growth comes an increase in the variety of the Cluster API Providers you can choose from. What if none of the existing providers suit your use case? Perhaps you want to bring your own hosts or integrate with a custom infrastructure provisioning mechanism. If that's the case, this talk is for you. Come learn from the maintainers of existing CAPI providers on how to get started creating your own provider. It’s hard but at the same time easier than it sounds. Although every provider has unique considerations in its offering, there is a lot of commonality when it comes to writing a provider. This talk will highlight the common patterns, develop and debug workflows, and common pitfalls / gotchas to take into account when writing your own provider.

Click here to view captioning/translation in the MeetingPlay platform!

Speakers
avatar for Richard Case

Richard Case

Principal Engineer, SUSE
Richard Case is a Principal Engineer @SUSE where he works on building Kubernetes products and open source. He's currently one of the maintainers of the AWS, GCP, Microvm & RKE2 Cluster API providers.
avatar for Anusha Hegde

Anusha Hegde

Technical Product Manager, Nirmata
Anusha Hegde is a Technical Product Manager @Nirmata working on Kubernetes Policy Management. Prior to this, she was a Senior Software Engineer @VMware working on Cluster API and its providers. Over the past year, her work has been around writing a new provider from scratch - Cluster... Read More →

Build your own Cluster API Provider pdf
Thursday May 19, 2022 14:30 - 15:05 CEST
Pavilion 4, Room A | Level 2 | Central Forum Feria Valencia
  Customizing + Extending Kubernetes

14:30 CEST

Better Reliability Through Observability and Experimentation - Julie Gunderson, Gremlin & Kerim Satirli, HashiCorp
Site Reliability Engineering (SRE) treats reliability as a software problem, but it really is an organizational problem that requires a different mindset. When the reliability of our service drops, so does our ability to create value for the organization we represent. In this talk, Julie and Kerim will take the audience on a guided journey, starting with how to determine if and how workloads are misbehaving and ending with practical approaches to improve reliability. Through simulated outages (of all types!), observability, and analysis, Julie and Kerim will show attendees how to catch and prepare for service disruptions. Going beyond deployments, attendees will also learn how to combine OpenTelemetry and OpenTracing to instill reliability into their systems.

Click here to view captioning/translation in the MeetingPlay platform!
Speakers
avatar for Kerim Satirli

Kerim Satirli

Sr. Developer Advocate, HashiCorp
Kerim is a senior developer advocate at HashiCorp, where he focuses on coaching operators and developers on sustainable practices around infrastructure and orchestration workflows. He enjoys the challenge of codifying the fragile bits of complex systems but is also excited to no longer... Read More →
avatar for Julie Gunderson

Julie Gunderson

Sr. Reliability Advocate, Gremlin
Julie Gunderson is a Sr. Reliability Advocate at Gremlin, where she works to further the adoption of Chaos Engineering principles and methodologies. Over the last seven years, Julie has been actively involved in the DevOps space and is passionate about helping individuals, teams... Read More →

Better Reliability Through Observability and Experimentation Notice pdf
Thursday May 19, 2022 14:30 - 15:05 CEST
Pavilion 3, Room F | Level 2 | Central Forum Feria Valencia
  Observability

14:30 CEST

How to Migrate 700 Kubernetes Clusters to Cluster API with Zero Downtime - Tobias Giese & Sean Schneeweiss, Mercedes-Benz Tech Innovation
Cluster API promises "to simplify provisioning, upgrading, and operating multiple Kubernetes clusters." Do you find it challenging to migrate your existing Kubernetes cluster provisioning to Cluster API? Would you like to benefit from all the features that Cluster API offers and manage your infrastructure the Kubernetes style? At Mercedes-Benz, we run and operate more than 700 Kubernetes clusters and 3,500 machines all over the world in on-premises OpenStack data centers. By migrating to Cluster API, we replaced our legacy provisioning, consisting of Terraform, custom self-written tools and Kubernetes operators. Expect valuable insights on what it takes to transfer production systems into the control of Cluster API with zero downtime and zero customer impact. Get to know the technical challenges of migrating, how they can be solved and how to extend Cluster API functionality to fit your needs.

Click here to view captioning/translation in the MeetingPlay platform!
Speakers
avatar for Tobias Giese

Tobias Giese

Software Engineer, Mercedes-Benz Tech Innovation
Tobias has been a computer nerd since he was a young teenager. Besides late-night programming sessions and Linux tinkering, he found his passion in being an IT specialist. After working in various fields like data centers and network security, he came to the cloud native world where... Read More →
avatar for Sean Schneeweiss

Sean Schneeweiss

Software Engineer, Mercedes-Benz Tech Innovation
Sean is a Software Engineer at Mercedes-Benz Tech Innovation, focused on Kubernetes clusters management system and Cluster API integration. He is a maintainer of the Kubernetes SIG Cluster API Provider OpenStack (CAPO). With a MSc in Computational Science and Engineering, he graduated... Read More →

KubeConEU22 MBTI ClusterAPI Migrate 700 Clusters pdf
Thursday May 19, 2022 14:30 - 15:05 CEST
Pavilion 4, Room B | Level 2 | Central Forum
  Operations

15:25 CEST

Transparent Live Migration of Services Between Kubernetes Cluster - Adam Janikowski & Jörg Schad, ArangoDB
Operating a distributed database on a single Kubernetes cluster is interesting, but how about transparently migrating it from one cluster to another–potentially between different cloud providers– without impacting user workloads? Kubernetes has become the de facto default deployment for ArangoDB, a distributed Graph database. Consider for example ArangoDB Oasis, a managed Cloud Database service with over 200 deployments (aka highly available database clusters) across three major cloud providers and many regions. But outages, (Kubernetes) upgrades, resource considerations, and cost optimizations require the underlying infrastructure to be very dynamic including migration between Kubernetes cluster, datacenter, or even cloud providers. This talk provides insights into how Kube-Arango, the OSS operator for ArangoDB, supports live migration of distributed stateful applications without impact on users. Challenges in such migration include for example networking, DNS, and persistent data.

Click here to view captioning/translation in the MeetingPlay platform!
Speakers
avatar for Jörg Schad

Jörg Schad

CTO, ArangoDB
Jörg Schad is the CTO at ArangoDB. In a previous life, he has worked on or built machine learning pipelines in healthcare, distributed systems, including early Kubernetes code at Mesosphere, and in-memory databases. He received his Ph.D. for research about distributed databases and... Read More →
avatar for Adam Janikowski

Adam Janikowski

Technical Lead Cloud Orchestration, ArangoDB
Adam is the technical lead for cloud orchestration at ArangoDB, responsible–amongst many other things–for the Database Kubernetes Operator. His responsibility is to integrate full lifecycle operations into the Kubernetes world for multiple cloud providers. This includes basic... Read More →

TransparentMigration pdf
Thursday May 19, 2022 15:25 - 16:00 CEST
Pavilion 4, Room C | Level 2 | Central Forum Feria Valencia
  Application + Development

15:25 CEST

Sailing Multi Cloud Traffic Management With Karmada - Zhonghu Xu, Huawei
Multi-Cloud is becoming a new trend in recent years. It is the superset of multiple public cloud, hybrid, on-premises, and edge. It not only provides higher availability and flexibility but also prevents vendor lock-in. Karmada is a kubernets management system, it is natively suitable for multi-cloud application management. In this topic, Zhonghu will show you what Karmada can do for Multi-Cloud applications communicating on flat network and different networks. There are already many solutions that can help acquire L3 network connectivity cross multi-cloud, like VPN peering, submariner, etc. So the biggest challenge is L7 traffic management, Zhonghu will elaborate on how Karmada perfectly integrates with Istio to provide flexible and rich L7 traffic management features: priority routing, failover to another cloud, and also brings natural security in east-west traffic.

Click here to view captioning/translation in the MeetingPlay platform!
Speakers
avatar for Zhonghu Xu

Zhonghu Xu

Principal Software Engineer, Huawei
Zhonghu is an open-source enthusiast and has focused on oss since 2017. In 2023, Zhonghu was awarded `Google Open Source Peer Bonus`. He has worked on istio for more than 6 years and has been a core Istio maintainer and the TOP 3 contributors. He has been continuously serving as Istio... Read More →

Sailing Multi Cloud Traffic Management With Karmada ZhonghuXu pdf
Sailing Multi Cloud Traffic Management With Karmada ZhonghuXu pdf
Thursday May 19, 2022 15:25 - 16:00 CEST
Viewable In Platform Feria Valencia
  Customizing + Extending Kubernetes

15:25 CEST

Alerting in the Prometheus Ecosystem: The Past, Present and Future - Josue (Josh) Abreu, Grafana Labs
One of the most important functionalities of Prometheus is being able to alert based on your metrics. The Prometheus Alertmanager is a critical piece of cloud native observability, and in this talk, Josue wants to share a bit more of its past, present and future. About a year ago, he set out on a path to improve scaling in the Cortex Alertmanager component, then he decided to include the Alertmanager within Grafana to continue fostering open source collaboration. For the future, his plan is to take all the good parts of what he learned on this journey back to the Prometheus Alertmanager thus going full cycle. He’ll cover: The Prometheus Alertmanager and the benefits of its modular architecture (past) The benefits of the new architecture of the Cortex Alertmanager: Like Cortex but for Alerts (past) Inclusion of the Prometheus Alertmanager within Grafana (present) The future of the Prometheus Alertmanager (future).

Click here to view captioning/translation in the MeetingPlay platform!
Speakers
avatar for Josue Abreu

Josue Abreu

Principal Software Engineer, Grafana Labs
Josue (Josh) Abreu has been involved in observability for the past 4 years. As a relative newcomer to this world, he was often puzzled at how alerting would function on a small and big scale. Josue works as the Alerting Lead at Grafana Labs and is a Prometheus Maintainer. Over a 10-year... Read More →

Alerting in the Prometheus ecosystem A story of the past, present and future (2) pdf
Thursday May 19, 2022 15:25 - 16:00 CEST
Pavilion 3, Room F | Level 2 | Central Forum Feria Valencia
  Observability

15:25 CEST

Tweezering Kubernetes Resources: Operating on Operators - Kevin Ward, ControlPlane
Operators have become prevalent for the automation of repeatable cluster operations, replacing engineers in the Kubernetes configuration process. Although removing human error from the equation solves repeatability issues, Operators are often highly privileged with namespace or cluster-wide access to change resources. A compromised operator allows an attacker to deploy custom workloads very discreetly, and a rogue resource could go completely undetected. This talk asks and shows “what’s the worst that could happen?” to Operators by: - showing you how to threat model core Operator functionality - demonstrating how an Operator-based attacker can modify resources and gain persistence - how to securely appraise and test third-party Operators before trusting them - what to look out for during a code review or security related events.

Click here to view captioning/translation in the MeetingPlay platform!
Speakers
avatar for Kevin Ward

Kevin Ward

Principal Consultant, ControlPlane
Kevin is an Principal Consultant with over 10 years of experience designing, building and testing secure solutions for Government, Defense and Finance sectors. He enjoys hacking and hardening systems to discover the balance between security and usability. He co-authored the GKE CIS... Read More →

KubeCon EU 2022 Tweezering Kubernetes Resources Operating on Operators.pptx pdf
Thursday May 19, 2022 15:25 - 16:00 CEST
Pavilion 4, Room B | Level 2 | Central Forum
  Operations

16:30 CEST

Prometheus Sparse High-Resolution Histograms in Action - Ganesh Vernekar, Grafana Labs
Sparse high-resolution histograms are going to totally revamp how Prometheus works with histograms. Maybe you have heard about the ongoing development efforts in previous talks. Now, for the first time, you will witness a complete working setup, from instrumentation over ingestion, storage, and querying all the way to graphical representation. Ganesh will demonstrate the breathtaking possibilities of these histograms, which include precise quantile estimations and high-resolution heatmaps, both aggregated and partitioned at will, even if, over time or between different targets, histograms of different resolutions are involved. Accompanied by benchmark results from real world load.

Click here to view captioning/translation in the MeetingPlay platform!
Speakers
avatar for Ganesh Vernekar

Ganesh Vernekar

Senior Software Engineer, Grafana Labs
Ganesh has been contributing to Prometheus for over 5 years and is a Prometheus team member and maintainer of its Time Series Database (TSDB). Most recently, he worked on the new native histograms in Prometheus. He has also contributed to Cortex, Grafana Mimir, and Grafana.

KubeCon EU 2022 Prometheus Sparse High Resolution Histograms in Action pdf
Thursday May 19, 2022 16:30 - 17:05 CEST
Pavilion 3, Room F | Level 2 | Central Forum Feria Valencia
  Observability

16:30 CEST

Scaling K8s Nodes Without Breaking the Bank or Your Sanity - Brandon Wagner & Nick Tran, Amazon
Kubernetes (k8s) has enabled applications to be mostly agnostic to the underlying VM infrastructure it is running on. Many clusters can benefit from the cost savings of utilizing spare VM capacity offerings commonly called Spot. In this session, we will discuss some of the best practices for utilizing spot capacity within a k8s cluster and some of the tools that will make your life easier managing the underlying VM infrastructure.

Click here to view captioning/translation in the MeetingPlay platform!
Speakers
avatar for Brandon Wagner

Brandon Wagner

Sr. Software Engineer, Amazon
Brandon Wagner is a Software Engineer at AWS working on EC2 and OSS. For the past 2 years he has been focused on Kubernetes and is a core maintainer of the Karpenter project and the AWS Node Termination Handler. Before that, Brandon worked on DNS resolvers, cyber security, and fire... Read More →
avatar for Nick Tran

Nick Tran

Software Engineer, AWS
I work at AWS EKS on the Karpenter team, responsible for maintaining the AWS Karpenter Provider and core Karpenter library.

Scaling K8s Nodes Without Breaking the Bank or Your Sanity pdf
Thursday May 19, 2022 16:30 - 17:05 CEST
Pavilion 4, Room B | Level 2 | Central Forum
  Operations

16:30 CEST

Keep Calm and Containerd On! - Anusha Ragunathan, Intuit Inc
Letting go isn't easy! Especially when it comes to your Kubernetes cluster’s CRI implementation. Like most big Kubernetes deployments, Intuit’s 200+ clusters with 20000 nodes were running ‘dockerd’ as the CRI runtime, with dependencies on the docker API and CLI. We migrated our fleet of clusters to ‘containerd’. Whether you have a complicated Kubernetes installation with customized cluster addons or a simple set of clusters, you will be affected by the upcoming removal of dockerd from upstream Kubernetes. Come listen to us, learn from our journey and be prepared to make this migration smooth and seamless. We will share lessons learned migrating clusters to containerd. From issues faced with log management, SELinux and GPU support, to rewiring cluster addons related to CNI and runtime security, this talk is about Intuit’s journey moving to containerd. We will also talk about rollout of containerd to our production clusters and how we handled compatibility issues during cluster upgrades.

Click here to view captioning/translation in the MeetingPlay platform!
Speakers
avatar for Anusha Ragunathan

Anusha Ragunathan

Principal Software Engineer, Intuit Inc
Anusha Ragunathan is a software engineer at Intuit, where she works on building and maintaining the company’s Kubernetes based Compute Infrastructure. Anusha is passionate about solving complex problems in systems and infrastructure engineering. Prior to Intuit, she worked on building... Read More →

Prettyv2 Containerd KubeCon EU 2022 pptx
Containerd KubeCon EU 2022 pdf
Thursday May 19, 2022 16:30 - 17:05 CEST
Pavilion 3, Room E | Level 2 | Central Forum Feria Valencia
  Runtimes

17:25 CEST

Building for the (Inevitable) Next Cloud Outage - Pavel Nikolov, Section
It seems that every few months we hear about the widespread impact of a major cloud outage. Cloud outages are unpredictable and inevitable; this is what keeps SRE teams up at night. Public cloud remains the most popular data center approach among the cloud native community, with multi-cloud growing in adoption. However, adopting a multi-cloud strategy isn’t as simple as hitting the go button. In this session, we will demonstrate how to deploy a Kubernetes application across clusters in multiple clouds and regions with built-in failover to automatically adapt to cloud outages. You will witness how BGP directs traffic across clusters in a healthy state. Then, we will take one of the clusters offline and show how workloads are automatically rescheduled and traffic is rerouted to healthy clusters in real-time. We will dive into the technologies and logic that are driving this engine and discuss how you can build this type of resilience into your own applications.

Click here to view captioning/translation in the MeetingPlay platform!
Speakers
avatar for Pavel Nikolov

Pavel Nikolov

Software Developer, section.io
During the last 16 years I have been part of numerous projects of all kinds - backend, frontend, APIs, high-volume pipelines processing billions of events per hour and different types of distributed applications. I am passionate about high scalability, reliability, observability and... Read More →

KubeCon EU 2022 Presentation.pptx pdf
Thursday May 19, 2022 17:25 - 18:00 CEST
Pavilion 4, Room C | Level 2 | Central Forum Feria Valencia
  Business Value

17:25 CEST

Jet Energy Corrections with GNN Regression using Kubeflow at CERN - Daniel Holmberg & Dejan Golubovic, CERN
The Large Hadron Collider is the world’s largest particle accelerator measuring 27 km in circumference. It accelerates beams of particles in opposite directions almost to the speed of light before making them collide. The particles emerging from the collisions are then measured in large detectors such as the Compact Muon Solenoid. An especially important object of study are so-called jets composed of multiple particles shooting out in the same direction from the collision point. Data-driven methods are used to correct the energy values for these jets, and what we’ll present here is the utilization of Kubeflow to enable state-of-the-art graph neural network based corrections. Kubeflow’s pipeline component allows us to define our machine learning workflow in a well-structured and reproducible manner, and its built-in training operators are used to scale up the training with ease. This work is expected to pave the way for future adoption of Kubeflow among the physics community at CERN.

Click here to view captioning/translation in the MeetingPlay platform!
Speakers
avatar for Dejan Golubovic

Dejan Golubovic

Junior Fellow, CERN
Dejan Golubovic is a CERN software engineer with experience in machine learning. His interests are containerized applications, Python programming, and large-scale distributed systems. Dejan is currently working on machine learning infrastructure with Kubernetes and Kubeflow at CERN... Read More →
avatar for Daniel Holmberg

Daniel Holmberg

Technical Student, CERN
Daniel is a technical student at CERN investigating deep learning applications for the CMS experiment. A special focus of his work is on promoting the Kubeflow platform to the high energy physics community at CERN, and developing examples for running physics analyses on it. Daniel... Read More →

CERN KF Kubecon 2022 EU Jet Tagging pdf
Thursday May 19, 2022 17:25 - 18:00 CEST
Pavilion 3, Room G | Level 2 | Central Forum Feria Valencia
  Research + Academia

17:25 CEST

Registries After Dark, Part 2: Distributed Random Access Merkledags - Daniel Mangum, Upbound & Jason Hall, Chainguard
Our friend the registry is back and is getting into more mischief than ever. After stretching the OCI image and distribution specifications to implement a registry that acts as a chat server, Dan and Jon have continued to exploit the generality of the spec to support more use cases. In this session, they’ll move beyond what actually happens when you “push” and “pull” or use tags as identifiers. Taking a step back and looking at the landscape of hosted registries offers a unique view of the capabilities of this network of systems we all rely on - capabilities exhibited by other systems we are familiar with: computers. Attendees will join Dan and Jon on a crash course through the history of computer architecture, making stops along the way at Turing machines, load-store architectures, and compiler design, before finding themselves faced with a new definition of DRAM: Distributed Random Access Merkledag.

Click here to view captioning/translation in the MeetingPlay platform!
Speakers
avatar for Jason Hall

Jason Hall

Engineer, Chainguard
Jason contributes to various projects related to container image construction, security and performance.He has never heard a joke about his name and the JavaScript Object Notation that didn't elicit a polite chuckle. He lives in Brooklyn with his wife and kids, and enjoys naps and... Read More →
avatar for Daniel Mangum

Daniel Mangum

Cloud Lead, Golioth
Dan has worked in a variety of infrastructure automation and distributed systems roles, building software that powers internal cloud platforms at some of the largest companies in the world. He is a long-time open-source contributor, serving in leadership roles in the Kubernetes community... Read More →

Thursday May 19, 2022 17:25 - 18:00 CEST
Pavilion 3, Room E | Level 2 | Central Forum Feria Valencia
  Runtimes

17:25 CEST

Threat Modelling Kubernetes: A Lightspeed Introduction - Lewis Denham-Parry, Control Plane
Cloud native container and Kubernetes systems bring new threats and risks to our precious workloads. As cloud technologies undergo rapid innovation and new tools and techniques emerge, security can get left behind. The answer to this conveyor-belt of potential insecurity? Threat modelling! Join us for a primer on threat modelling cloud native systems, understanding adversarial techniques and preventative measures, and helping security and engineering teams increase the security and velocity of system delivery.

Click here to view captioning/translation in the MeetingPlay platform!
Speakers
avatar for Lewis Denham-Parry

Lewis Denham-Parry

Head of Training, Control Plane
Lewis works for Control Plane as Head of Training, helping others learn how to orchestrate the ocean of containers using Kubernetes and securing their infrastructure by teaching how to attack and defend Cloud Native infrastructure. He co-founded Cloud Native Wales, an initiative to... Read More →

Threat Modelling Kubernetes A Lightspeed Introduction pdf
Thursday May 19, 2022 17:25 - 18:00 CEST
Auditorium 1A | Event Center Feria Valencia
  Security + Identity + Policy
 
Friday, May 20
 

11:00 CEST

A Treasure Map of Hacking (and Defending) Kubernetes - Andrew Martin, ControlPlane
In this ultimate guide to threat-driven defence, we threat model Kubernetes and detail how to attack and defend your precious clusters from nefarious adversaries. This broad and detailed appraisal of end-to-end cluster security teaches you how to defend against a range of historical and current CVEs, misconfigurations, and advanced attacks: - See the historical relevance of CVEs and demonstrations of attacks against your containers, pods, supply chain, network, storage, policy, and wider organisation - Understand when to use next-generation runtimes like gVisor, firecracker, and Kata Containers - Delve into workload identity and advanced runtime hardening - Consider the trust boundaries in soft- and hard-multitenant systems to appraise and limit the effects of compromise - Learn to navigate the choppy waters of advanced Kubernetes security.

Click here to view captioning/translation in the MeetingPlay platform!
Speakers
avatar for Andrew Martin

Andrew Martin

CEO, ControlPlane
Andrew has an incisive security engineering ethos gained building and destroying high-traffic web applications. Proficient in systems development, testing, and operations, he is at his happiest profiling and securing every tier of a cloud native system, and has battle-hardened experience... Read More →

Friday May 20, 2022 11:00 - 11:35 CEST
Pavilion 3, Room D | Level 2 | Central Forum Feria Valencia
  101 Track

11:00 CEST

From Cloud Naive to Cloud Native – Avoiding Mistakes Everyone Does - Max Körbächer, Liquid Reply
“Cloud native” is nowadays a very brought word, used for everything from projects going to the cloud, open source solutions or in architecture terminology. This misleads initiatives and corporate decisions on cloud-first projects as well as their promised savings, improvements or speed gain. In this talk, we will have a look at common mistakes, how corporations place them elf into a twister and why you first need to really understand Netflix, Spotify and co, so that you can understand that you are very much different. Because migrating to the cloud, doesn’t make you native. Feel the passive-aggressive vibes? Good, now we can talk! Let us seriously discuss about architectural patterns, what really matters in your cloud provider, leading decision processes on a technical level and finally what are the steps to become cloud native and not cloud naive.

Click here to view captioning/translation in the MeetingPlay platform!
Speakers
avatar for Max Körbächer

Max Körbächer

Co-Founder & Cloud Native Advisor, Liquid Reply
Max is Founder and Cloud Native Advocate at Liquid Reply. He is Co-Chair of the CNCF Environmental Sustainability Technical Advisory Group, CNCF Ambassador, Linux Foundation Europe Advisory Board inaugural member and served 3 years at the Kubernetes release team. In his work he supports... Read More →

KubeConEU Koerbaecher pdf
Friday May 20, 2022 11:00 - 11:35 CEST
Pavilion 4, Room C | Level 2 | Central Forum Feria Valencia
  Business Value

11:00 CEST

Observing Fastly’s Network at Scale Thanks to K8s and the Strimzi Operator - Fernando Crespo & Daniel Caballero, Fastly
Fastly efficiently delivers many Tbps thanks to an Edge Network that expands across tens of PoP across the globe; operating such a network comes with many challenges, so Fastly keeps investing in tooling and automated systems to make that journey as pleasant as possible. One of these systems is Fastly’s Autopilot: an automated system that performs egress traffic optimizations. This talk will provide a system overview, focusing then on the associated telemetry pipeline and how it leverages from our internal k8s-based platform (elevation), some key operators, like the Strimzi Kafka one, opensource networking libraries, like GoBGP, and tooling like FluxCD. Finally, this talk will also share some challenges and findings associated with this very network-related use case.

Click here to view captioning/translation in the MeetingPlay platform!
Speakers
avatar for Daniel Caballero Rodriguez

Daniel Caballero Rodriguez

Principal Engineer, Fastly
Principal Engineer at Fastly, previously part-time lecturer (La Salle University in Barcelona, KTH Royal Institute of Technology in Stockholm), and also working as Staff Devops at Schibsted, NTT, Oracle (and others!), where I have been trying to code, build and maintain backend services... Read More →
avatar for Fernando Crespo Gravalos

Fernando Crespo Gravalos

Staff Engineer, Fastly
Staff Engineer at Fastly, ex-Tuenti, Nagra and Bitnami SRE. Managing and scaling k8s production clusters since 2017, I like building systems and tools with code, being golang my preferred language. I was lucky enough to contribute with the kubernetes open source community with fixes/features... Read More →

Observing Fastly’s network at scale thanks to K8s and the Strimzi operator pdf
Friday May 20, 2022 11:00 - 11:35 CEST
Pavilion 4, Room A | Level 2 | Central Forum Feria Valencia
  Networking

11:00 CEST

Threat Hunting at Scale: Auditing Thousands of Clusters With Falco + Fluent - Furkan Türkal & Emin Aktaş, Trendyol
At Trendyol, we are running thousands of production-grade Kubernetes clusters to make our customers always happy. The challenge that we have to achieve is to track every component, resource, user, and team in a timeline manner. This is where we have to collect audit events from almost everywhere! Kubernetes audit logs can effectively track the changes made to our clusters. By using Falco, we consume the kernel events and enrich those events with information from Kubernetes. Enabling Kubernetes Audit Logs feature allows us to scan audit events that forwarded from Kubernetes. By using Fluent Bit, we collect logs from different sources such as containers and Falco; furthermore, we extend them with filters, and send them to multiple destinations. By using Loki, we build a highly-available log aggregation system. We create and manage all of our alerting rules for the log data. In this session, we try to combine pieces and introduce a brand new Audit Monitoring System!

Click here to view captioning/translation in the MeetingPlay platform!
Speakers
avatar for Furkan Türkal

Furkan Türkal

Platform Engineer, Trendyol
He likes to design and implement new tech stacks with a deep focus on distributed and low-level systems. Interested in contributing to open source projects, communities and project management. Strong interest in CNCF world! Recently, he has been doing research on Supply Chain Security... Read More →
avatar for Emin Aktaş

Emin Aktaş

Platform Engineer, Trendyol
Emin is a man who loves target-driven, versatile and cares about innovative ideas. He enjoys process management and communication. He never hesitates to share his experience on Medium. Not only that, he strongly interested in combination of fields of mechanics, hardware and software... Read More →

Threat Hunting At Scale Auditing Thousands Of Clusters With Falco Fluent FurkanTurkal EminAktas v1 pdf
Friday May 20, 2022 11:00 - 11:35 CEST
Viewable In Platform Feria Valencia
  Observability

11:00 CEST

TikTok’s Story: How To Manage a Thousand Applications on Edge With Argo CD - Qingkun Li, TikTok/Bytedance Inc. & Jesse Suen, Akuity, Inc.
This talk will share a case study of how TikTok manages its global edge clusters with Kubernetes and operates continuous delivery with Argo CD concluding with a demo. The talk will also dive into the scalability challenges faced by Tiktok to manage edge services using Argo CD (with ~100 edge clusters, ~150k CPUs and ~3000 applications), as well as how the Argo community plans to address them in future. TikTok operates a large network of Kubernetes edge clusters around the world, hosting apps such as Tiktok, live and gaming, using cache and traffic acceleration services offered at our edge clusters. The challenge arises when it comes to the deployment management of those edge services on hundreds of edge clusters. Normally, an edge service shares a lot of common configurations when deployed globally, but still has cluster-specific configurations (e.g. resource quota, service hostname, etc.). From this talk, people will learn how to deploy and manage such kind of services using Argo CD.

Click here to view captioning/translation in the MeetingPlay platform!
Speakers
avatar for Jesse Suen

Jesse Suen

CTO, Akuity
Jesse Suen is the CTO and co-founder of Akuity, and co-creator and a project lead on the Argo project. Prior to founding Akuity, Jesse was a Principal Software Engineer and technical lead for the Argo team at Intuit, leading the design and architecture for Workflows, CD, and Rollouts... Read More →
avatar for Qingkun Li

Qingkun Li

Tech Lead Manager, TikTok/Bytedance Inc.
Qingkun is tech lead manager at TikTok/Bytedance edge platform team, building a Kubernetes-based PaaS platform to manage CDN edge clusters and help TikTok developers to deploy and manage applications on the edge. Qingkun received his M.S. in Electrical and Computer Engineering from... Read More →

TikTok’s Story How To Manage a Thousand Applications on Edge With Argo CD pdf
Friday May 20, 2022 11:00 - 11:35 CEST
Viewable In Platform Feria Valencia
  Operations

11:00 CEST

Attacking & Defending Kubernetes TEE Enclaves in Critical Infrastructure - Robert Ficcaglia, SunStone Secure, LLC
Trusted Execution Environments (TEE)s are a feature of Intel, AMD, ARM and other chip platforms, widely available on public clouds for high security infrastructure. Kubernetes can be deployed with TEE enclaves to create a Trusted Computing Base (TCB) which can cryptographically protect the compute and memory environment for the Kubernetes control plane, data flows, and CI/CD pipelines on-chip. This greatly reduces the attack "surface area" and reduces 3rd party supply chain risks. The session will examine detailed Kubernetes threat models for critical infrastructure and demonstrate how to attack and defend Kubernetes workloads in the context of TEEs. Attendees will learn how to use enclaves to protect the integrity of container images used for workloads, deploy TEE-based Pods,.examine development and operational challenges with TEE usage, and explore compliance benefits including specific policy and control mappings for GDPR, CCPA, PCI, HIPAA and NIST 800-53.

Click here to view captioning/translation in the MeetingPlay platform!
Speakers
RF

Robert Ficcaglia

CTO, Self
Robert Ficcaglia is CTO of SunStone Secure, a virtual CISO and Compliance Advisory firm, and also serves as the Kubernetes Policy Workgroup Co-Chair, CNCF Security Technical Advisory Group (TAG) Lead Assessor, and member of the Kubernetes Security Special Interest Group (SIG-security... Read More →

KubeCon EU 2022 Attack and Defend TEE v2 pdf
Friday May 20, 2022 11:00 - 11:35 CEST
Auditorium 1A | Event Center Feria Valencia
  Security + Identity + Policy

11:55 CEST

Logs Told Us It Was DNS, It Felt Like DNS, It Had To Be DNS, It Wasn’t DNS - Laurent Bernaille & Elijah Andrews, Datadog
It all started with a team reaching out because they had DNS issues during rolling updates. Business as usual when you host hundreds of applications on dozens of Kubernetes clusters… Four weeks later: We are reading kernel code to understand the corner cases of dropping Martian packets. Could this be the connection between gRPC client reconnect algorithms and the overflowing conntrack table we can feel but not see? In time, we solved the issue. And for once… it wasn't DNS! In this talk, we will focus on one of the most complex incidents we have faced in our Kubernetes environment. We will go through the debugging steps in detail, dive deep into the mysterious behaviors we discovered and explain how we finally addressed the incident by simply removing three lines of code.

Click here to view captioning/translation in the MeetingPlay platform!
Speakers
avatar for Laurent Bernaille

Laurent Bernaille

Principal Engineer, Datadog
Laurent Bernaille worked several years as a consultant specializing in cloud, containers, and automation and helped organizations migrate to the public cloud and adopt containers. He is now Principal Engineer at Datadog and works closely with infrastructure teams, which are responsible... Read More →
avatar for Elijah Andrews

Elijah Andrews

Senior Software Engineer, Datadog
I'm a software engineer at Datadog. I'm currently working on our networks, and previously worked on our data ingestion pipelines. Outside of work, I love playing guitar, going to concerts, and spending time with my cat Bao.

Logs told us it was DNS pdf
Friday May 20, 2022 11:55 - 12:30 CEST
Pavilion 4, Room A | Level 2 | Central Forum Feria Valencia
  Networking

11:55 CEST

Show Me Your Labels and I’ll Tell You Who You Are - Sandor Guba, Cisco
One of the underestimated benefits of Kubernetes is the standardization of labels. Of course in every provision system, you have the ability to mark the assets with taints, tags, labels, or something. Prometheus raised the stakes and built a whole metric system on labels. The concept was so successful that more and more tooling tries to benefit from it. Modern logging, tracing, and metric systems have at least one common characteristic: they have labels. In this talk, Sandor will demonstrate how to fully exploit labels with tools that are available already at your hands. Correlate different inputs, transform logs to metrics, and more!

Click here to view captioning/translation in the MeetingPlay platform!
Speakers
avatar for Sandor Guba

Sandor Guba

Engineering Technical Leader, Cisco
Sandor is a Senior Engineer and Architect whose main field is observability. He built and operated infrastructure at UStream and later at IBM. After that, He decided to concentrate on developing observability tools and co-founded Banzai Cloud where they built tooling around Kubernetes... Read More →

KubeCon EU 2022 ShowMeLabels pdf
Friday May 20, 2022 11:55 - 12:30 CEST
Pavilion 3, Room F | Level 2 | Central Forum Feria Valencia
  Observability

11:55 CEST

GitOpsify Everything: When Crossplane Meets Argo CD - Ying Mo & Ken Murray, IBM
Argo CD is a popular CNCF incubating project that implements GitOps on Kubernetes to drive continuous delivery of Cloud Native applications. Using Git at its core, it's been widely adopted across the industry. However, real-world organizations may still have many traditional IT systems, they may have invested heavily on management automation for these systems. How can they benefit from GitOps? This session will share the magic to combine Argo CD and existing non cloud native IT automation assets by crafting a bridge using Crossplane, another popular CNCF incubating project. It works seamlessly with existing automation technologies such as Ansible and Terraform, with a large user base and mature eco-systems. This empowers you to GitOpsify everything, cloud native or non cloud native, to manage hybrid technologies using GitOps consistently. The session will also share some best practices and lessons learned that you may consider when you start the GitOps transition with your IT systems.

Click here to view captioning/translation in the MeetingPlay platform!
Speakers
avatar for Ying Mo

Ying Mo

Senior Software Engineer, IBM
Ying Mo is a Senior Software Engineer at IBM, working on IBM Cloud Pak for Watson AIOps, focusing on multi-cloud management and monitoring using Kubernetes and container technology. He is always enthusiastic about bringing innovative idea into product by leveraging open source technologies... Read More →
avatar for Ken Murray

Ken Murray

CI/CD Engineer, IBM
Ken Murray is a Software Developer in the Cloud Pak for Watson AIOps Team at IBM. Ken has been a technical lead across many projects in the areas of Network and Application Management. In his current role he leads a team developing solutions for automated CICD Deployment Pipelines... Read More →

kubecon2022 gitopsify everything when crossplane meets argo cd pdf
Friday May 20, 2022 11:55 - 12:30 CEST
Viewable In Platform Feria Valencia
  Operations

11:55 CEST

Full Mesh Encryption in Kubernetes with WireGuard and Calico - Peter Kelly, Tigera
Encrypting data-in-transit is an important feature for many Kubernetes users especially for compliance and a zero-trust model. There are several ways this can be achieved, including using WireGuard, an exciting new lightweight VPN in the Linux kernel. This talk explains why you would choose WireGuard for this task and how it can work in a dynamic platform such as Kubernetes using Project Calico to provide a full host-to-host encrypted mesh at a layer below your application workloads. WireGuard is popular for good reason; lightweight, fast, scalable and easy. We’ll show you how easy it is to make it work but also dig in to the implementation details for those who love to sweat the details.

Click here to view captioning/translation in the MeetingPlay platform!
Speakers
avatar for Peter Kelly

Peter Kelly

Director of Engineering, Tigera
Peter is a Director of Engineering at Tigera and Site Leader for Tigera's EMEA office based in Cork, Ireland where he and his team work on encryption and application security. Peter has two decades of experience in software development, including recently building control plane technology... Read More →

KubeCon2022 PeterKelly.pptx pdf
Friday May 20, 2022 11:55 - 12:30 CEST
Auditorium 1A | Event Center Feria Valencia
  Security + Identity + Policy

14:00 CEST

How Adobe is Optimizing Resource Usage in Kubernetes - Carlos Sanchez, Adobe
Moving to Kubernetes opens the door to a world of possibilities, the amount of workloads that can be run and the flexibility it provides. However this comes at a cost on managing the resources used by many applications and teams. At Adobe we make extensive use of standard Kubernetes capabilities to reduce resource usage and we have also built some solutions at several levels of the stack to improve it. From autoscaling to workload hibernation, from automated resource requests to Kubernetes Jobs, we have experimented with and implemented several features that decrease our resource usage and lower the cost of running many Kubernetes clusters at scale. Both at workload resource level and also at achieving higher density clusters that reduce the number of clusters we need and the operating costs.

Click here to view captioning/translation in the MeetingPlay platform!
Speakers
avatar for Carlos Sanchez

Carlos Sanchez

Principal Scientist, Adobe
Carlos Sanchez is a Principal Scientist at Adobe Experience Manager, specializing in software automation, from build tools to Continuous Delivery and Progressive Delivery. Involved in Open Source for over 15 years, he is the author of the Jenkins Kubernetes plugin and a member of... Read More →

KubeCon EU 2022 How Adobe is Optimizing Resource Usage in Kubernetes pdf
Friday May 20, 2022 14:00 - 14:35 CEST
Pavilion 4, Room C | Level 2 | Central Forum Feria Valencia
  Business Value

14:00 CEST

Distributing PromQL for Fast and Efficient Kubernetes Fleet Monitoring - Moad Zardab, Red Hat & Filip Petkovski, Shopify
Both Thanos and Cortex have enabled the cloud native ecosystem to scale Prometheus storage with the use of blocks of data persisted across many clusters into single object storage. Whilst this unlocks cheap long term retention of metrics, it presents a significant challenge of being able to efficiently read and process large volumes of data. This talk outlines the Thanos community's efforts to improve read path performance through query pushdown and query sharding and how it compares with existing Cortex approaches. Thanos deployment's are composed of stores; components that expose a consistent Prometheus compliant read API for retrieving timeseries, and queriers; components that combine raw timeseries and evaluate PromQL expressions against them. Query pushdown gives the opportunity to pre-evaluate these expressions closer to the data, while query sharding breaks down a query into distinct, disassociated datesets that can be computed concurrently thanks to Kubernetes.

Click here to view captioning/translation in the MeetingPlay platform!
Speakers
avatar for Filip Petkovski

Filip Petkovski

Staff Production Engineer, Shopify
Filip is a Staff Production Engineer at Shopify, currently working on the metrics team. He is a Thanos Metrics maintainer and an occasional Prometheus contributor.
MZ

Moad Zardab

Senior Software engineer, Red Hat
Moad Zardab is a Senior Software Engineer at Red Hat with a background in Video Game networking observability, currently working on Observability. Moad is a member of the Red Hat team that maintains Thanos, Prometheus and Observatorium, an opinionated SaaS implementation for all Observability... Read More →

Distributing PromQL for Fast and Efficient Kubernetes Fleet Monitoring pdf
Friday May 20, 2022 14:00 - 14:35 CEST
Pavilion 3, Room F | Level 2 | Central Forum Feria Valencia
  Observability

14:00 CEST

Komrade: an Open-Source Security Chaos Engineering (SCE) Tool for K8s - Aaron Rinehart, Verica.io & Matas Kulkovas, Cast.ai
Security Chaos Engineering (SCE) is an emerging discipline that serves as a foundation for proactively discovering system weaknesses before they become an opportunity for a malicious actor. The goal of SCE experiments is to move security toward continuous recalibration and increased confidence by deriving a more realistic understanding of how well security practices perform under expected conditions. This new technique of instrumentation proactively injects security turbulent conditions or faults into systems to determine the conditions by which our security will fail so that we can fix it before it causes customer pain. During this session, the speakers will dive into SCE as a discipline as well as showcase a demo of 'komrade', the 1st Open-Source Tool for running SCE experiments on Kubernetes.

Click here to view captioning/translation in the MeetingPlay platform!
Speakers
avatar for Aaron Rinehart

Aaron Rinehart

CTO & Co-Founder, Verica.io
Aaron has been expanding the possibilities of chaos engineering in its application to other safety-critical portions of the IT domain notably cybersecurity. He began pioneering the application of security in chaos engineering during his tenure as the Chief Security Architect at the... Read More →
avatar for Matas Kulkovas

Matas Kulkovas

Software Engineer, CAST AI
Matas Kulkovas is a backend software engineer and security enthusiast currently employed as a Software Engineer for Cast AI. He joined the startup Cast AI after he completed his Masters at DTU Fotonik in Denmark in Computer Science. Matas’s Masters Thesis was focused on bringing... Read More →

KubeCon EU 2022 Presentation pdf
Friday May 20, 2022 14:00 - 14:35 CEST
Pavilion 4, Room B | Level 2 | Central Forum
  Operations

14:00 CEST

Too Much to Choose – Making Sense of a Smorgasbord of Security Standards - Anais Urlichs & Rory McCune, Aqua Security
As time goes by, there are an increasing number of security standards which Kubernetes cluster operators may be asked to comply with or get audited against. This talk will look at how Kubernetes security standards like the CIS benchmarks, DISA STIG, Pod Security Standards and the NSA hardening guide compare, where they compare and where they don’t. Additionally, we will also cover the recently released PCI guidance on container orchestration security. Once a standard has been chosen, the remaining pain lies in compliance. Luckily, the cloud native ecosystem provides several open-source tools to make it easier. We will look at using open source tooling to assess Kubernetes clusters against these standards. At the end of the presentation, the audience will gain a clear understanding of the benefits of each standard and the processes that can be adopted to comply with common requirements.

Click here to view captioning/translation in the MeetingPlay platform!
Speakers
avatar for Anais Urlichs

Anais Urlichs

Developer Advocate, Aqua Security
Anaïs is a Developer Advocate at Aqua Security, where she contributes to Aqua’s cloud native open source projects. When she is not advocating DevOps best practices, she runs her own YouTube Channel centered around cloud native technologies. Before joining Aqua, Anais worked as... Read More →
avatar for Rory McCune

Rory McCune

Senior Security Advocate, Datadog
Rory is a senior advocate for Datadog who has extensive experience with Cyber security and Cloud native computing. In addition to his work as a security reviewer and architect on containerization technologies like Kubernetes and Docker he has presented at Kubecon EU and NA, as well... Read More →

Friday May 20, 2022 14:00 - 14:35 CEST
Auditorium 1A | Event Center Feria Valencia
  Security + Identity + Policy

14:55 CEST

"My CNI Plugin Did… What?!": Debugging CNI with Style and Aplomb - Douglas Smith & Daniel Mellado Area, Red Hat
Just because CNI is simple – doesn't mean it's easy. We're going to hook you up with the tools of the trade to analyze what's up when your CNI plugin is feeling down. It sure is easy to speak STDIN and STDOUT and write CNI plugins, but debugging CNI plugins in production takes more than brute force and will power – it takes a toolbox. From cnitool, to dummy CNI plugins, to enhancing your logging, we'll show the tools we use every day to make zeroing in on CNI problems a cool breeze. Not only will we crash CNI plugins on-the-fly to show you how we inspect what's happening, we'll also show you how we handle logging so you can analyze reports from your users when you don't have direct access to systems. We'll talk about how we architect CNI plugins to make debugging easier, and talk about thin plugin vs. thick plugins programming patterns, and show you how it impacts debuggability. Not only does it make debugging easier, it'll make developing easier.

Click here to view captioning/translation in the MeetingPlay platform!
Speakers
avatar for Daniel Mellado

Daniel Mellado

Principal Software Engineer, Red Hat
Daniel is a Principal Software Engineer at the Red Hat’s Office of the CTO. He’s been involved in several networking projects, such as Kuryr-Kubernetes (a CNI plugin which enables native Neutron-based networking in Kubernetes), MetalLB and recently he’s been tackling Edge and... Read More →
avatar for Doug Smith

Doug Smith

Principal Software Engineer, Red Hat, Inc
Doug Smith is a Principal Software Engineer for OpenShift Engineering at Red Hat. Focusing on Network Function Virtualization and container technologies, Doug integrates new networking technologies with container systems like Kubernetes and OpenShift. He is a member of the Network... Read More →

Kubecon EU 2022 My CNI plugin did what pdf
Friday May 20, 2022 14:55 - 15:30 CEST
Pavilion 4, Room A | Level 2 | Central Forum Feria Valencia
  Networking

14:55 CEST

Build a Cloud Native Logging Pipeline on the Edge with Fluentbit Operator - Feynman Zhou, QingCloud
FluentBit Operator was created by the KubeSphere community to solve several problems: 1. Collect K8s logs through a light-weighted agent like Fluent Bit 2. Control Fluent Bit via Kubernetes API 3. Collect logs and then send them to the final destination without having to go through Fluentd 4. Enable dynamic config reloading for Fluent Bit to reload its config whenever the config changes without restarting the Fluent Bit Pod. FluentBit Operator has reached its maturity level gradually after two and a half years of iterations, now it has became the subproject of Fluent community. In this talk, FluentBit Operator maintainers will talk about the architecture and design of Fluent Operator, and demonstrate how to use FluentBit Operator on K3s to process logs for the edge and IoT scenarios.

Click here to view captioning/translation in the MeetingPlay platform!
Speakers
avatar for Feynman Zhou

Feynman Zhou

Senior Community Manager, QingCloud
Feynman is a senior community manager at QingCloud. He is growing and maintaining the KubeSphere community (kubesphere.io), which helps users to widely adopt Kubernetes and reduce the learning curve of using cloud-native technologies. Feynman is also a CNCF ambassador, Fluent member... Read More →

Build a Cloud Native Logging Pipeline on the Edge with Fluent Operator Feynman Zhou pdf
Friday May 20, 2022 14:55 - 15:30 CEST
Viewable In Platform Feria Valencia
  Observability

14:55 CEST

Throw Away Your Passwords: Trusting Workload Identity - Ric Featherstone, ControlPlane
Trust is required to secure our systems: we need it to bootstrap infrastructure, to run workloads, and to reassure our customers of their privacy. But how do we establish and secure this "trust" in a dynamic cloud native system?

Historically we relied upon identifiers such as IP addresses, passwords, and certificates, but can we do better than these antiquated authentication mechanisms? In this talk we:
  • Demystify machine identity and its relationship to secrets management and access control
  • Discuss the issues with historical approaches in a cloud native environment
  • Solve the "bottom turtle" trust bootstrap quandary
  • Appraise the open source implementations and technologies available to you
  • Demonstrate practical examples of how to acquire a workload identity or secret zero
  • Strive for a world in which passwords and static keys are replaced by dynamic credentials and hardware roots of trust
Click here to view captioning/translation in the MeetingPlay platform!
Speakers
avatar for Ric Featherstone

Ric Featherstone

ControlPlane
From Engineer to Architect and back, Ric’s greying hair comes from his years of hard-won experience consulting in the Financial Services and Media sectors. He's been around for a while, seen shiny new tech come and go, old concepts get rebranded, and now cloud-washes himself as... Read More →

Throw Away Your Passwords pdf
Friday May 20, 2022 14:55 - 15:30 CEST
Auditorium 1A | Event Center Feria Valencia
  Security + Identity + Policy

16:00 CEST

From Monitoring to Observability: Left Shift your SLOs with Chaos - Michael Friedrich, GitLab
Security has shifted left in CI/CD pipelines. Traditional service monitoring moved on with metrics, logs and traces and observability embraces the unknown unknowns. Developers and SREs are instrumenting applications with distributed tracing. How do service level objectives (SLOs) add to the bigger picture? This talk invites into a developer’s tale about ops deployment scalability, availability threshold definitions and measuring application performance. What are the benefits of app instrumentation, metrics and traces and where does the journey start? Dev becomes Ops: SLOs need to be well understood and simulated early in the development process. New building blocks come to play: Continuous Delivery, quality gates and chaos engineering - is it possible to left shift SLOs with Chaos in your CI/CD pipelines?

Click here to view captioning/translation in the MeetingPlay platform!
Speakers
avatar for Michael Friedrich

Michael Friedrich

Senior Developer Evangelist, GitLab
Michael Friedrich is a Senior Developer Evangelist at GitLab, focussing on Observability, DevSecOps, AI. He loves to educate everyone and regularly speaks at events and meetups. Michael created o11y.love as an Observability learning platform, and shares technology trends and in... Read More →

From Monitoring to Observability Left Shift your SLOs with Chaos pdf
Friday May 20, 2022 16:00 - 16:35 CEST
Pavilion 3, Room F | Level 2 | Central Forum Feria Valencia
  Observability

16:00 CEST

Multi-Cloud Workload Identity With SPIFFE - Jake Sanders & Charlie Egan, Jetstack
Within a single cloud provider, accessing secured APIs using your own workload identity is simple. Cloud SDKs used by application developers know how to retrieve identities and credentials from the cloud environment for each workload based on its context. A cloud administrator can then assign permissions to these identities which allow access to the required APIs. This is seamless for developers - simply calling an API in their code just works, while behind the scenes the network call is cryptographically authenticated / authorized. Unfortunately for the user, this identity is cloud-specific. With few alternatives, this often leads to long-lived credentials being mounted into workloads instead. This is less secure and harder to use. This presentation will show an alternative solution which combines features of open source CNCF projects Kubernetes, cert-manager, cert-manager-csi-driver-spiffe, cert-manager-trust and spiffe-connector to expand your SPIFFE trust domain to any cloud.

Click here to view captioning/translation in the MeetingPlay platform!
Speakers
avatar for Charlie Egan

Charlie Egan

Senior Developer Advocate, Styra, Inc
Charlie has been working with in the Cloud Native space since 2018. He currently works as a Senior Developer Advocate at Styra and on the OPA project. Charlie is interested in authentication and authorization across the stack. You can also find him in the OPA Slack.
avatar for Jake Sanders

Jake Sanders

Senior Software Engineer, Jetstack
Jake has been working with Kubernetes since approximately version 0.8, and is now one of the maintainers of the cert-manager project. They are currently interested in all things identity, open source and X.509.

KubeCon EU 2022 Multi Cloud Workload Identity With SPIFFE.pptx pdf
Friday May 20, 2022 16:00 - 16:35 CEST
Auditorium 1A | Event Center Feria Valencia
  Security + Identity + Policy

16:00 CEST

A Guided Tour of Cilium Service Mesh - Liz Rice, Isovalent
The Cilium project is adding Service Mesh features to its existing eBPF-enabled, identity-aware Kubernetes networking capabilities. This demo-driven talk explores how this works, and shows why it’s now possible to create a service mesh without sidecars. - Demonstrate why, before eBPF, the sidecar model was necessary for accessing an application pod’s network traffic - Explore how Cilium uses eBPF programs to connect Kubernetes endpoints - Show how this makes the sidecar model unnecessary for identity-aware connectivity - Demonstrate an example Cilium Service Mesh in use - Compare the resources used (in both userspace and the kernel) for both models Along the way, this talk will clarify some container and kernel concepts so that attendees can leave with a mental model of how eBPF-enabled service mesh really works.

Click here to view captioning/translation in the MeetingPlay platform!
Speakers
avatar for Liz Rice

Liz Rice

Chief Open Source Officer, Isovalent
Liz Rice is Chief Open Source Officer with eBPF specialists Isovalent, creators of the Cilium project. She was chair of the CNCF's Technical Oversight Committee 2019-2022, and Co-Chair of KubeCon + CloudNativeCon in 2018. She is also the author of O'Reilly books "Learning eBPF" and... Read More →

Guided Tour of Cilium ServiceMesh pdf
Friday May 20, 2022 16:00 - 16:35 CEST
Pavilion 3, Room G | Level 2 | Central Forum Feria Valencia
  Service Mesh

16:55 CEST

Making Sense of Chaos: Implementing Chaos Engineering in a Fintech Company - Iqbal Farabi & Giovanni Sakti, GoTo Financial
Chaos engineering is defined as “the facilitation of experiments to uncover systemic weaknesses” by The Principles of Chaos Engineering. This is done by building a hypothesis around the behavior of a system and running experiments to vary real-world events. By doing these experiments, we can build confidence on the behavior of a complex system in the face of disruptions. In this talk, we will discuss our experience in implementing chaos engineering principles in GoTo Financial (GTF), one of Indonesia’s biggest fintech startups. As GTF is operating in a heavily regulated industry, we have the obligation to comply with financial regulations. One of those is adhering to certain service level objectives (SLO) for all cloud native infrastructures we maintain. Implementing chaos engineering in such a system should be handled with care. We will delve into both technical aspects of adopting chaos engineering practices and the approaches to roll out such initiatives to the wider organization.

Click here to view captioning/translation in the MeetingPlay platform!
Speakers
avatar for Iqbal Farabi

Iqbal Farabi

Enginering Manager, GoTo Financial
Iqbal is a teacher, developer, software infrastructure engineer, and now an engineering manager at GoTo Financial. He works in the Cloud Automation stream in the Infrastructure Engineering team which focuses on developing automation around deployments and stateful components management... Read More →
avatar for Giovanni Sakti Nugraha

Giovanni Sakti Nugraha

Sr. Engineering Manager, GoToFinancial
Gio is engineer, tech mentor and a former startup founder. He is really passionate about tech education and communities. Gio currently works as Sr. Engineering Manager for the Infrastructure Engineering team, which is accountable for the entire infrastructure of GoToFinancial Consumer... Read More →

KubeCon EU 2022 Making Sense of Chaos Rev 20220520 pdf
Friday May 20, 2022 16:55 - 17:30 CEST
Pavilion 4, Room B | Level 2 | Central Forum
  Operations

16:55 CEST

Three Surprising K8s Networking “Features” and How to Defend Against Them - James Cleverley-Prance, ControlPlane
Kubernetes' networking model simplifies the user experience, but abstractions can introduce and hide complexity under the hood. This talk challenges perceived trust boundaries in Kubernetes networking and demonstrates some non-obvious and counter-intuitive behaviours. Left unchecked, these issues can mean Kubernetes clusters present a wider attack surface than may be immediately evident. The talk will cover: * The external attack surface of a Kubernetes node * Enumerating externally available cluster information * Exploiting Linux networking to access internal pods and services * Misusing CNI configurations to access internal pods and services You will gain an understanding of these attacks and how to use them, learn mitigation strategies and pragmatic defences, and be able to protect your clusters to avoid compromise.

Click here to view captioning/translation in the MeetingPlay platform!
Speakers
avatar for James Cleverley-Prance

James Cleverley-Prance

Security Engineer, Wiz

Three Surprising K8s Networking Features and How to Defend Against Them pdf
Friday May 20, 2022 16:55 - 17:30 CEST
Auditorium 1A | Event Center Feria Valencia
  Security + Identity + Policy
 
Filter sessions
Apply filters to sessions.
Sunday, May 15
Monday, May 16
Tuesday, May 17
Wednesday, May 18
Thursday, May 19
Friday, May 20
Auditorium 1A | Event Center
Auditorium 3A | Event Center
Ausias March I I Mall Level | Central Forum
Central Forum
Joaquin Rodrigo Room I | Mall Level | Central Forum
Joaquin Rodrigo Room II | Mall Level | Central Forum
Marina Beach Club - La Marina De Valencia, 46001, Spain
Masía Aldamar
Pavilion 1 | Level 3 | Central Forum
Pavilion 3, Room D | Level 2 | Central Forum
Pavilion 3, Room E | Level 2 | Central Forum
Pavilion 3, Room F | Level 2 | Central Forum
Pavilion 3, Room G | Level 2 | Central Forum
Pavilion 4, Room A | Level 2 | Central Forum
Pavilion 4, Room B | Level 2 | Central Forum
Pavilion 4, Room C | Level 2 | Central Forum
Pavilions 1 + 2 | Level 2 | Central Forum
Project Office Hours
Room 1D | Event Center
Room 2E | Event Center
Room 2F | Event Center
Room 2G | Event Center
Room 2H | Event Center
Room 2I | Event Center
Room 3FG | Event Center
Room 4C | Event Center
Room 4D | Event Center
Room 4F | Event Center
Sercotel Sorolla Palace, Recatí B | 58 Avinguda de les Corts Valencianes, 46015,
Viewable In Platform
Virtual
Westin Valencia, Carrer d'Amadeu de Savoia, 16 - Sala La Exposición
  • 101 Track
  • Application + Development
  • Birds of a Feather
  • Breaks
  • Business Value
  • CI/CD
  • Co-Located Events
  • Community
  • Customizing + Extending Kubernetes
  • Diversity + Equity + Inclusion
  • Experiences
  • Keynote Sessions
  • Machine Learning + Data
  • Maintainer Track
  • Networking
  • Observability
  • Operations
  • Performance
  • Project Meeting
  • Project Office Hours
  • Registration
  • Research + Academia
  • Runtimes
  • Security + Identity + Policy
  • Serverless
  • Service Mesh
  • Solutions Showcase
  • Storage
  • Student
  • Wellness Activities
  • Content Experience Level
  • Advanced (Expert level experience)
  • Any (Anyone can attend - no experience required)
  • Beginner (Very basic information)
  • Intermediate (Mid-level experience)
  • Talk Type
  • In-Person
  • Virtual