{"$schema": "https://c3voc.de/schedule/schema.json", "generator": {"name": "pretalx", "version": "2024.3.1"}, "schedule": {"url": "https://cfp.cloud-native.rejekts.io/cloud-native-rejekts-atlanta-na-atlanta-2025/schedule/", "version": "0.7", "base_url": "https://cfp.cloud-native.rejekts.io", "conference": {"acronym": "cloud-native-rejekts-atlanta-na-atlanta-2025", "title": "Cloud Native Rejekts NA (Atlanta) 2025", "start": "2025-11-08", "end": "2025-11-08", "daysCount": 1, "timeslot_duration": "00:05", "time_zone_name": "US/Eastern", "colors": {"primary": "#ff0000"}, "rooms": [{"name": "Theater", "guid": "526fde95-1593-521b-bf45-d23b7cdbf4ed", "description": null, "capacity": 300}, {"name": "Crystal Dining Room", "guid": "42cacdf4-4e44-50a1-9e66-199f1fb3f6c7", "description": null, "capacity": 200}], "tracks": [], "days": [{"index": 1, "date": "2025-11-08", "day_start": "2025-11-08T04:00:00-05:00", "day_end": "2025-11-09T03:59:00-05:00", "rooms": {"Crystal Dining Room": [{"url": "https://cfp.cloud-native.rejekts.io/cloud-native-rejekts-atlanta-na-atlanta-2025/talk/MRPMHL/", "id": 1550, "guid": "0859339e-9e73-5417-a952-e39eb65f8a20", "date": "2025-11-08T10:10:00-05:00", "start": "10:10", "logo": null, "duration": "00:30", "room": "Crystal Dining Room", "slug": "cloud-native-rejekts-atlanta-na-atlanta-2025-1550-why-is-ci-still-doing-your-promotions-", "title": "Why Is CI still Doing Your Promotions?", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "As teams move from traditional CI/CD pipelines to GitOps tools like Argo CD, they often hit a common roadblock: how do you manage promotions across dev, staging, and production? Tools like Argo CD and Flux often leave a gap when it comes to multi-stage promotions. What used to be a simple approval click now involves juggling image tags, config changes, and pull requests across multiple repos. This shift often creates confusion, adds manual steps, and breaks the developer workflow.\r\n\r\nTools like 'GitOps Promoter' by Argo offer a promising approach to this problem, but are still in their experimental phase, limiting their readiness for production. Other enterprise solutions offer robust features but come with licensing costs, which can be a barrier for teams.\r\n\r\nIn this talk, we\u2019ll explore Kargo, a Kubernetes-native OSS tool for automating multi-stage promotions, and compare it with GitOps Promoter. We\u2019ll walk through their design choices, strengths, and tradeoffs with a live demo so users can see how each tool handles this and choose the approach that best fits their GitOps workflow, without ever relying on custom scripts.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"guid": "543974c1-cf4f-5250-b71a-67d64f1deb38", "id": 714, "code": "A7CRTE", "public_name": "Nitish Kumar", "avatar": "https://cfp.cloud-native.rejekts.io/media/avatars/KCCNC_NA_headshot_231107_Nitish_Kumar_4278_ZbcggNx.jpg", "biography": "Nitish is a Software Engineer at Akuity working on the core Argo team. He is a maintainer of the CNCF-graduated project Argo CD, CNCF Ambassador, and a former Release Team member of the Kubernetes project. Outside of work, Nitish enjoys playing chess and travelling", "answers": []}, {"guid": "a2c8fbf0-968f-59c5-a308-2f46254a4fa5", "id": 717, "code": "P9TGPC", "public_name": "Faeka Ansari", "avatar": "https://cfp.cloud-native.rejekts.io/media/avatars/P9TGPC_tsTw2Av.jpg", "biography": "Faeka works on Kubernetes-related projects, with a focus on Security, AI and GitOps. She\u2019s a CNCF Ambassador, maintainer of the Kargo project and has been an active public speaker in the developer and open source communities for several years. She is serving the Kubernetes Release team since v1.27. Faeka is also recognised through programs like the GitHub Campus Experts, Microsoft Ambassadors (Gold) and Google Dev Club Leader. She enjoys contributing to oss, building developer tools, and supporting community-driven tech", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.cloud-native.rejekts.io/cloud-native-rejekts-atlanta-na-atlanta-2025/talk/ZCZSMW/", "id": 1580, "guid": "31c4ae78-183c-5470-a1dc-8bed6f2ff8e8", "date": "2025-11-08T11:10:00-05:00", "start": "11:10", "logo": null, "duration": "00:30", "room": "Crystal Dining Room", "slug": "cloud-native-rejekts-atlanta-na-atlanta-2025-1580-the-paranoid-s-guide-to-deploying-skynet-s-interns", "title": "The Paranoid's Guide to Deploying Skynet's Interns", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "# The Paranoid's Guide to Deploying Skynet's Interns\r\n\r\nSo, you've built an AI Agent. Congratulations! It's brilliant, autonomous, and probably a little bit terrifying. While we're all racing to build the next generation of intelligent applications, we're bolting them onto deployment architectures that treat them like any other legacy system or worse, blindly deploying them without a plan. This is a mistake, and it's going to get weird.\r\n\r\nThis talk presents a reference deployment architecture for AI Agent applications, starting with a quick primer on their core components: the **Agents**, the **MCP servers**, the **Tools** they access, and the **Memory** that gives them context. Then, we dive into the deep end of the security nightmare they represent.\r\n\r\nWe'll explore the messy reality of modern AI deployments:\r\n\r\n- **A Tangled Web of Trust:** Agents and MCPs are exposed to a chaotic mix of tools and services with wildly different levels of trust. How do you keep your high-security internal tool from being manipulated by an agent that just scraped a questionable Reddit thread?\r\n\r\n- **Persistent Threats:** The very nature of an Agent's memory means that attacks and threats can persist and evolve across sessions. A vulnerability exploited today could be a weapon wielded by the agent tomorrow.\r\n\r\n- **Amplified Supply Chain Risks:** Autonomous AI actions turn opaque, previously inaccessible components into active parts of your supply chain. This dramatically increases the attack surface, making vulnerabilities that were once theoretical suddenly very exploitable.\r\n\r\n- **Compounding Complexity:** The introduction of multi-agent communication protocols and centralized MCP servers adds layers of complexity that can obscure risk and reduce control when you need it most.\r\n\r\nThe core of this talk is a simple, radical recommendation: **true, paranoid, and unapologetic isolation at every level of the AI Agent application stack.** We'll argue that AI components are dynamic, untrusted supply chains and must be handled with the same (if not more) scrutiny as any other production system.\r\n\r\nYou will leave this session understanding why segmentation of components by trust level isn't just a good idea, but absolutely vital. We'll show you why you need *more* control over your MCP servers, not less, and provide a practical, defense-in-depth architecture for deploying AI Agents that won't turn on you.", "description": "While we're all racing to build the next generation of intelligent applications, we're bolting them onto deployment architectures that treat them like any other legacy system or worse, blindly deploying them without a plan. This is a mistake, and it's going to get weird. You will leave this session understanding why segmentation of components by trust level isn't just a good idea, but absolutely vital.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "d2a54b10-3ff6-5c96-b0c7-c749754f27bc", "id": 1310, "code": "HLEGQC", "public_name": "Dan Fernandez", "avatar": "https://cfp.cloud-native.rejekts.io/media/avatars/HLEGQC_HqDuqXd.png", "biography": "Dan Fern\u00e1ndez is a product leader with over 13 years of experience at the intersection of machine learning and cybersecurity. He is currently building the future of secure computing at Edera, a startup revolutionizing cloud and AI infrastructure. Dan has a proven track record of launching new products and innovative solutions at companies like Chainguard, CrowdStrike, DomainTools and NICE Systems. Dan is also part-time faculty member at Georgia Tech's Masters of Cybersecurity program. In his free time he enjoys traveling and sampling street foods as well as learning about irrelevant food facts.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.cloud-native.rejekts.io/cloud-native-rejekts-atlanta-na-atlanta-2025/talk/PHPK7Y/", "id": 1508, "guid": "ec7ff63e-93d8-5d65-8f20-b4dd65947d23", "date": "2025-11-08T11:45:00-05:00", "start": "11:45", "logo": null, "duration": "00:30", "room": "Crystal Dining Room", "slug": "cloud-native-rejekts-atlanta-na-atlanta-2025-1508-how-to-use-an-ai-assistant-with-your-monitoring-system", "title": "How to Use an AI Assistant with Your Monitoring System", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "As observability systems grow more complex, the cognitive load on users increases quite fast. This talk presents an approach that could be game-changer in the future: using AI assistants as intelligent interfaces to your observability stack. By implementing and using MCP (Model Context Protocol) servers, we can transform how observability users interact with metrics, logs, and traces. You will see how teams can query their stack in plain English and use natural language to explore data, debug issues, and even work with configurations.\r\nThe session covers both theoretical foundations and practical implementation. It demonstrates how you can integrate AI assistants directly into your day-to-day workflows and provides a comprehensive walkthrough of:\r\n- MCP architecture and how it enables LLMs (Large Language Models) to execute observability tasks\r\n- Setting up and configuring MCP servers (demonstrated with VictoriaMetrics) and integration with popular AI assistants\r\n- Current and planned features of VictoriaMetrics MCP Server\r\n- Real-world use cases: data exploring, query explanation, working with alerting rules, cardinality analysis, intelligent debugging, obtaining context-rich answer for your questions, etc\r\n- Various tips on how to make AI assistants work better with the observability stack\r\nWhether you're an SRE looking to reduce toil, a platform engineer seeking to democratize monitoring access, or a leader evaluating AI's role in operations, this talk provides practical insights and tools for possible transformation of your observability practice.\r\nThis approach doesn't replace monitoring expertise at the moment \u2014 it amplifies it, making expert knowledge accessible to entire teams, giving you a powerful teammate in the form of AI assistant.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"guid": "04aa8b34-54fa-5d97-bb60-078cb039e80d", "id": 1007, "code": "XPBPNL", "public_name": "Mathias Palmersheim", "avatar": "https://cfp.cloud-native.rejekts.io/media/avatars/PXL_20240312_225347601_UQQF3R4.jpg", "biography": "I like to help others get the most out of their observability both at Victoriametrics as a solutions engineer, and open source maintainer shiftmon. In my spare time I enjoy Jiu Jitsu, taking care of my family which includes 5 animals.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.cloud-native.rejekts.io/cloud-native-rejekts-atlanta-na-atlanta-2025/talk/YQGRTY/", "id": 1588, "guid": "d168015c-bf3b-51b1-83e1-bd798602ef67", "date": "2025-11-08T14:00:00-05:00", "start": "14:00", "logo": null, "duration": "00:30", "room": "Crystal Dining Room", "slug": "cloud-native-rejekts-atlanta-na-atlanta-2025-1588-building-trust-in-every-artifact-with-sboms", "title": "Building Trust in Every Artifact with SBOMs", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "Software Bill of Materials (SBOMs) are no longer a nice-to-have; they're quickly becoming table stakes for secure software delivery. But generating SBOMs is just the start. How do you manage them at scale across thousands of artifacts, teams, and environments? How do you ensure they\u2019re accurate, tamper-proof, and usable in real-world pipelines?\r\n\r\nWe will walk users through integrating SBOM generation, storage, and validation into a modern CI/CD workflow using cloud-native tooling.\r\n\r\n- Best practices for generating SBOMs for containers\r\n- Securely storing and indexing SBOMs alongside your artifacts\r\n- Validating artifacts against SBOM data before deployment\r\n- Using SBOMs in incident response, compliance, and auditing\r\n\r\nThe session will provide attendees a clear roadmap to make SBOMs a first-class citizen in their pipelines and will provide a real-world example of how Cloudsmith integrates CNCF projects like Trivy with OSS projects like CycloneDX, Syft and Grype for automated SBOM generation.", "description": "The talk will provide clear, actionable guidance for integrating SBOMs into real-world pipelines using cloud-native tooling, specifically cosign, kyverno, kubewarden.\r\n\r\nAs the cloud-native ecosystem continues to mature, supply chain security is becoming a critical concern - not just for security teams, but for developers and platform engineers as well.\r\n\r\nBy sharing practical techniques for generating, storing, and validating SBOMs, we would like to:\r\n\r\n- Help teams improve the security and transparency of their build and release processes\r\n- Encourage adoption of open standards like SPDX, CycloneDX, and in-toto\r\n- Stressing why Trivy has become a standard for vulnerability scanning in cloud-native environments.\r\n- Highlight the value of OCI-native approaches to artifact metadata, promoting registry-driven workflows\r\n- Build an understanding of how DevOps and DevSecOps teams can respond more quickly and confidently to emerging threats\r\n- Empower organizations to meet growing compliance demands without slowing down software delivery\r\n\r\nSBOMs are a very powerful tool that is emerging but not fully used by development teams. We want to help expand their usage.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "2994ecb2-5778-5372-9f7a-632e930f0def", "id": 1093, "code": "WDMANM", "public_name": "Nigel Douglas", "avatar": "https://cfp.cloud-native.rejekts.io/media/avatars/WDMANM_whzj84b.png", "biography": "Nigel Douglas is the Head of Developer Relations at Cloudsmith. He champions Cloudsmith\u2019s developer ecosystem by creating compelling educational content, engaging with developer communities, and promoting Cloudsmith as the go-to solution for artifact management and supply chain security. Working closely with product, engineering, and marketing teams, Nigel helps build and shape the DevOps community through events, tutorials, and innovative programs.\r\n\r\nBefore joining Cloudsmith, Nigel held similar roles in cloud-native OSS projects, including the CNCF Graduate Project Falco at Sysdig and Project Calico at Tigera. He earned a Master of Science in Cybersecurity, Privacy, and Trust from South East Technological University in Ireland.", "answers": []}, {"guid": "96b377af-be13-54fa-8f3d-62219780ffa8", "id": 1332, "code": "N3VDMV", "public_name": "Esteban Garcia", "avatar": "https://cfp.cloud-native.rejekts.io/media/avatars/N3VDMV_ybyn1Gp.jpg", "biography": "Esteban is a Principal Engineer at Cloudsmith, where he helps design and build scalable, cloud-native systems for artifact management and software supply chain security. Passionate about open-source technologies, he focuses on solving complex problems using Python, Go, and modern cloud-native tools. He advocates for developer empowerment through automation, efficiency, and thoughtful engineering.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.cloud-native.rejekts.io/cloud-native-rejekts-atlanta-na-atlanta-2025/talk/BSVWYC/", "id": 1459, "guid": "1371d998-6b23-514f-ad53-d9bdf58297da", "date": "2025-11-08T14:35:00-05:00", "start": "14:35", "logo": null, "duration": "00:30", "room": "Crystal Dining Room", "slug": "cloud-native-rejekts-atlanta-na-atlanta-2025-1459-expanding-your-toolbox-beginners-guide-to-controlling-kubernetes-logs", "title": "Expanding Your Toolbox: Beginners Guide to Controlling Kubernetes Logs", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "Drowning in logs from your Kubernetes clusters? Struggling to scale observability without overwhelming your telemetry systems? You're not alone\u2014and there's a better way. In this talk, you\u2019ll learn how to efficiently manage and streamline logging data from source to destination using telemetry pipelines.\r\nWe\u2019ll walk through the key stages of a modern telemetry pipeline\u2014collection, parsing, filtering, routing, and forwarding\u2014demonstrating how to build powerful, flexible pipelines that can handle logs from any source to any destination. Along the way, you\u2019ll see a live demo in a real Kubernetes environment, where we\u2019ll deploy your first telemetry pipeline tailored to a real-world use case.\r\nWhether you're debugging production issues, operating multi-tenant clusters, or just trying to cut through the noise, this session will give you the tools and patterns you need to simplify and scale log collection. Plus, you\u2019ll get access to a self-paced, hands-on workshop to continue exploring after the session: o11y-workshops.gitlab.io/workshop-fluentbit.", "description": "This talk includes a 15-minute live demo showcasing key integration phases:\r\n\r\n1. Deploying a real workload: Start with a Kubernetes cluster running a real application (a CMS) that generates log data.\r\n\r\n2. Installing a telemetry pipeline: Deploy a telemetry pipeline to the cluster to begin streaming logs from all containers.\r\n\r\n3. Streaming to an output: Route collected logs to an external destination for analysis or storage.\r\n\r\n4. Optimizing log volume: Refine the pipeline to filter out noisy or unnecessary logs\u2014reducing telemetry costs and improving signal-to-noise ratio.\r\n\r\n5. Filtering logs: Enrich logs with metadata, isolate error-level telemetry, and ensure only the necessary logs (e.g., error logs from the CMS) are exported securely from the cluster.\r\n\r\nDemo source: gitlab.com/o11y-workshops/logs-control-easy-install", "recording_license": "", "do_not_record": false, "persons": [{"guid": "217a2443-11b5-5612-aaf4-ac7d09d0c05b", "id": 822, "code": "WA9FRV", "public_name": "Eric D. Schabell", "avatar": "https://cfp.cloud-native.rejekts.io/media/avatars/WA9FRV_aeWAERA.png", "biography": "Eric is Chronosphere's Director Community & Developer Relations. He's renowned in the development community as a speaker, lecturer, author, baseball expert, and CNCF Ambassador. His current role allows him to help the world understand the challenges they are facing with observability. He brings a unique perspective to the stage with a professional life dedicated to sharing his deep expertise of open source technologies and organizations. More on https://www.schabell.org.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.cloud-native.rejekts.io/cloud-native-rejekts-atlanta-na-atlanta-2025/talk/3JKGF7/", "id": 1590, "guid": "3cc28c8c-d2ed-5f76-b0bc-3ea2597b3cbe", "date": "2025-11-08T15:10:00-05:00", "start": "15:10", "logo": null, "duration": "00:30", "room": "Crystal Dining Room", "slug": "cloud-native-rejekts-atlanta-na-atlanta-2025-1590-vm-class-secure-millisecond-fast-cloud-native-apps-with-hyperlight-nanvix", "title": "VM-Class Secure, Millisecond-Fast Cloud-Native Apps With Hyperlight + Nanvix", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "Kubernetes enables teams to deploy almost any workload without modification, but its boundaries are still defined by namespaces and cgroups. The presence of seven container-escape CVEs from 2022 to 2024 shows these boundaries can be breached. Full VMs or Kata Containers can restore security but suffer from multi-second cold starts and high memory usage, impacting latency-sensitive or densely packed clusters.\r\nIn this talk, we will explore a middle ground with Hyperlight, a CNCF virtual-machine monitor that boots micro-VMs, and Nanvix, an open-source Rust microkernel designed to keep guests small yet compatible. This combination allows unmodified Rust, Python, and Wasm services to start up in tens of milliseconds while maintaining VM-class isolation.\r\nWe will delve into the architecture, present head-to-head benchmarks, and conduct a live demo. By the end of the session, you will have a clear understanding of the trade-offs and a checklist for implementing micro-VM isolation.", "description": "'Benefits to the ecosystem' section of our KubeCon submission:\r\nThe integration of Hyperlight and Nanvix brings significant benefits to the cloud-native ecosystem by enabling applications to run with strong isolation in a virtualized sandbox environment, while simultaneously enhancing performance and workload density. This combination leverages the lightweight, Rust-based microkernel architecture of Nanvix and the fast, open-source VMM capabilities of Hyperlight, a CNCF project, to reduce cold start times and maintain language-level compatibility. Notably, Hyperlight+Nanvix can boot up apps in tens of milliseconds, providing rapid responsiveness for cloud-native services. Currently, Hyperlight+Nanvix supports popular programming languages such as Rust, Python, and Wasm, facilitating the acceleration of cloud-native deployments. Future plans include expanding support to additional languages like JavaScript and Go, as well as deeper integration with Kubernetes. This architecture not only improves resource efficiency but also unlocks new possibilities for container isolation through containerd shims, making it a versatile and forward-looking solution for modern cloud-native applications. Attendees of this talk will walk away with concrete insights and architectural guidance on how to speed up their cloud-native applications with Hyperlight+Nanvix.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "c4ecaaa3-1ead-549d-a715-2c17e9aecd89", "id": 546, "code": "MRYVMX", "public_name": "Danilo (Dan) Chiarlone", "avatar": "https://cfp.cloud-native.rejekts.io/media/avatars/dan-chiarlone_ZdSPvSV.jpeg", "biography": "Danilo (Dan) Chiarlone is an open-source software engineer on Microsoft\u2019s Azure Core Upstream team, shaping secure, high-performance cloud-native architectures. Author of Server-side Wasm (Manning), core maintainer of CNCF Hyperlight, and champion of several WASI proposals advancing WebAssembly in the cloud. He previously contributed to runwasi and SpiderLightning and, in his free time, shares practical Rust and Wasm lessons on YouTube.", "answers": []}, {"guid": "77c0aa7e-d317-5cd1-bd8f-e472eba37715", "id": 1313, "code": "3XRKM8", "public_name": "Pedro Henrique Penna", "avatar": "https://cfp.cloud-native.rejekts.io/media/avatars/3XRKM8_gT6zoOc.jpg", "biography": "I am a Senior Research Software Engineer at Microsoft Research \u2013 Systems Research Group.\r\n\r\nI am currently working on Nanvix \u2013 A Microkernel-Based Research Operating System.\r\n\r\nI earned my PhD Degree in Computer Science from Universit\u00e9 Grenoble Alpes (UGA) and from Pontif\u00edcia Universidade Cat\u00f3lica de Minas Gerais (PUC Minas) in 2021. During my thesis, I devised a distributed operating system for lightweight manycore processors.\r\n\r\nIn 2017, I received my MSc Degree in Computer Science from Universidade Federal de Santa Catarina (UFSC). In 2015, I earned my BSc Degree in Computer Science from Pontif\u00edcia Universidade Cat\u00f3lica de Minas Gerais (PUC Minas) with Summa Cum Laude honors and Featured Computer Science Student Award by the Brazilian Computer Society (SBC).\r\n\r\nI have over than 15 years of experience in research, design and development of computing systems. I have expertise in Operating Systems, Distributed Systems Embedded Systems, Parallel Programming and High-Performance Computing.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.cloud-native.rejekts.io/cloud-native-rejekts-atlanta-na-atlanta-2025/talk/GUBJVM/", "id": 1544, "guid": "c6775a95-7a5d-5a7d-8401-761d22b45e3f", "date": "2025-11-08T16:00:00-05:00", "start": "16:00", "logo": null, "duration": "00:30", "room": "Crystal Dining Room", "slug": "cloud-native-rejekts-atlanta-na-atlanta-2025-1544-beyond-the-default-scheduler-navigating-gpu-multitenancy-in-the-ai-era", "title": "Beyond the Default Scheduler: Navigating GPU Multitenancy in the AI Era", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "GPU multitenancy in Kubernetes faces significant security challenges when deploying AI workloads on shared infrastructure. Time slicing enables GPU sharing but lacks hardware isolation, risking exposure of sensitive data. NVIDIA Multi-Instance GPU (MIG) provides true hardware isolation with dedicated compute cores, memory slices, and L2 cache partitions, ensuring consistent performance and strict QoS guarantees.\r\n\r\nSince the default Kubernetes scheduler cannot partition GPU resources like CPUs for workloads, advanced schedulers\u2014KAI, Volcano, and Kueue can serve as the scheduler for your workloads. They improve GPU sharing through hierarchical queues for secure multi-tenant environments. This talk demonstrates how combining isolation in multi-tenant setups with intelligent scheduling results in optimal utilization, fair resource distribution, and robust security boundaries, guiding the transition from default to GPU-aware scheduling solutions for scalable AI infrastructure.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"guid": "0d6dfb22-c9de-5333-bb26-c87eaf2b7223", "id": 506, "code": "GEBNYB", "public_name": "Shivay Lamba", "avatar": "https://cfp.cloud-native.rejekts.io/media/avatars/6c3157c0aec2983310b14b1a3aaf0ef5_CYsQzUl.jpg", "biography": "Shivay Lamba is a software developer specializing in DevOps, Machine Learning and Full Stack Development.\r\n\r\nHe is an Open Source Enthusiast and has been part of various programs like Google Code In and Google Summer of Code as a Mentor and has also been a MLH Fellow. \r\nHe is actively involved in community work as well. He is a TensorflowJS SIG member, Mentor in OpenMined and CNCF Service Mesh Community, SODA Foundation and has given talks at various conferences like Github Satellite, Voice Global, Fossasia Tech Summit, TensorflowJS Show & Tell.", "answers": []}, {"guid": "351eb9d0-1f1f-5293-be73-d0c3327cc11c", "id": 980, "code": "9MYKVD", "public_name": "Hrittik Roy", "avatar": "https://cfp.cloud-native.rejekts.io/media/avatars/Cropped_Image_6QrlWPD.jpg", "biography": "Hrittik is a Platform Advocate at Loft Labs and a CNCF Ambassador, with expertise in cloud native technologies and open source communities. He has contributed extensively to developer advocacy, technical writing, and community engagement. Hrittik has been a featured speaker at events such as Kubernetes Community Days, Open Source Summits, and more, and has served as a Program Committee member for several KubeCons and CloudNativeCons.", "answers": []}, {"guid": "ccd99561-67a4-52ed-9bea-8b1dcd3edf2f", "id": 1138, "code": "WTXYDN", "public_name": "Saiyam Pathak", "avatar": "https://cfp.cloud-native.rejekts.io/media/avatars/WTXYDN_2WEtwHI.jpg", "biography": "Saiyam is working as Head of DevRel at Loft Labs. He is the founder of Kubesimplify that focuses on simplifying cloud-native and Kubernetes technologies. Previously at Civo, Walmart Labs, Oracle, and HP, Saiyam has worked on many facets of Kubernetes, including machine learning platforms, scaling, multi-cloud, and managed Kubernetes services. He has implemented Kubernetes solutions in various organizations. When not coding, Saiyam contributes to the community by writing blogs and organizing local meetups for Kubernetes and CNCF. He is a Kubestronaut, CNCF TAG Operational Resilience co-chair, runs a YouTube channel, and can be reached on Twitter @saiyampathak", "answers": []}], "links": [], "attachments": [], "answers": []}], "Theater": [{"url": "https://cfp.cloud-native.rejekts.io/cloud-native-rejekts-atlanta-na-atlanta-2025/talk/VN9YBE/", "id": 1601, "guid": "0a5bf929-664c-5e35-8791-3f3e5b06c5a9", "date": "2025-11-08T09:30:00-05:00", "start": "09:30", "logo": null, "duration": "00:10", "room": "Theater", "slug": "cloud-native-rejekts-atlanta-na-atlanta-2025-1601-welcome-to-cloud-native-rejekts-na-2025-", "title": "Welcome to Cloud Native Rejekts NA 2025!", "subtitle": "", "track": null, "type": "Opening/Sponsor Keynote Speech", "language": "en", "abstract": "Opening remarks", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"guid": "550e950b-1c9b-51b5-80fb-9a6f2ca9178e", "id": 203, "code": "JJLYBY", "public_name": "Ralph Squillace", "avatar": "https://cfp.cloud-native.rejekts.io/media/IMG-20180127-WA0000.jpg", "biography": null, "answers": []}, {"guid": "bd51547f-888f-5f00-83d3-fcc6c66226b2", "id": 1324, "code": "YAGRDQ", "public_name": "Jaiveer Katariya", "avatar": null, "biography": null, "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.cloud-native.rejekts.io/cloud-native-rejekts-atlanta-na-atlanta-2025/talk/MEJ3TC/", "id": 1462, "guid": "90a00bd7-5b8e-5902-9d24-8c48de8355d8", "date": "2025-11-08T09:40:00-05:00", "start": "09:40", "logo": null, "duration": "00:30", "room": "Theater", "slug": "cloud-native-rejekts-atlanta-na-atlanta-2025-1462-catch-me-if-you-can-a-kubernetes-escape-story", "title": "Catch Me If You Can: A Kubernetes Escape Story", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "Leonardo DiCaprio made it look glamorous, but real-world container escapes are less Hollywood and more chaotic. Still, the parallels are striking. Like Frank Abagnale slipping past the guards at an Atlanta prison, modern attackers escape containers not with brute force but with clever misdirection: exploiting weak isolation, abusing misconfigured permissions, and sidestepping detection.\r\n\r\nIn this talk, we\u2019ll trace the path of a container breakout\u2014from the initial escape to lateral movement across a Kubernetes cluster. We\u2019ll walk through the attack step by step (yep, there\u2019s a demo), then flip the perspective to show how modern defenses shut it down.\r\n\r\nWe\u2019ll cover:\r\n- How container escapes actually happen in the wild\r\n- What user namespaces in Kubernetes 1.33 bring to the table\r\n- How to achieve multi-tenancy workload isolation\r\n- How to detect breakout attempts before they go full clusterf*ck\r\n\r\nWhether you're a platform engineer, security lead, or just into a good cat-and-mouse chase through the control plane, you\u2019ll leave with real-world tactics for keeping your cluster escape-proof.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"guid": "58091136-5a43-5b4b-b2f7-892a8a9fc498", "id": 1179, "code": "BGTPHU", "public_name": "Jed Salazar", "avatar": "https://cfp.cloud-native.rejekts.io/media/avatars/BGTPHU_Cx08nQ3.png", "biography": null, "answers": []}, {"guid": "ec8809b2-b815-5d89-bad1-4776957f4d4b", "id": 1330, "code": "3QKYBF", "public_name": "James Petersen", "avatar": null, "biography": "...", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.cloud-native.rejekts.io/cloud-native-rejekts-atlanta-na-atlanta-2025/talk/8LRE7M/", "id": 1512, "guid": "4fec0961-b1a9-593b-890d-bab51790127f", "date": "2025-11-08T10:10:00-05:00", "start": "10:10", "logo": null, "duration": "00:30", "room": "Theater", "slug": "cloud-native-rejekts-atlanta-na-atlanta-2025-1512-migrating-bloomberg-s-internal-private-cloud-from-nginx-to-the-world-of-istio", "title": "Migrating Bloomberg's Internal Private Cloud From NGINX to the World of Istio", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "Migrating from a traditional ingress controller to a service mesh-based solution in a live environment with thousands of internal users presents significant challenges. In this session, we share Bloomberg's experience transitioning from NGINX to Istio as the ingress layer for our internal private cloud platform\u2014a managed service supporting application deployments across the firm. We explore the motivations behind this shift, the architectural and operational changes implemented, and the hurdles encountered during the migration process.\r\n\r\nOur journey offers practical insights into planning and executing such a migration with minimal disruption, while also highlighting the new capabilities unlocked through Istio. Attendees will benefit from our lessons learned, best practices, and retrospective advice aimed at helping other engineering teams undertake similar transitions with greater confidence and fewer surprises.", "description": "Migrating from a traditional ingress controller in a live environment with thousands of internal users can be challenging \u2014 but it doesn\u2019t have to be. In this session, we\u2019ll share our journey transitioning from NGINX to Istio as an ingress solution for Bloomberg's internal private cloud platform that is provided to the firm's engineers as a managed service for application deployment. We\u2019ll discuss what motivated the change, the architectural and operational adjustments we made, the challenges we faced during the migration, and the benefits we achieved post-deployment. Attendees will gain practical insights and best practices for adopting Istio in production environments, including how to plan and execute a migration with minimal disruption -- while unlocking new capabilities.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "a607e01f-d52e-50dc-9a3c-f70c4a020131", "id": 1284, "code": "TG9FB8", "public_name": "Kavya Elchuri", "avatar": "https://cfp.cloud-native.rejekts.io/media/avatars/TG9FB8_IQMpdpV.jpg", "biography": "Kavya Elchuri is a Senior Software Engineer at Bloomberg, where she works on the Platform as a Service team to help developers deploy cloud-native applications without worrying about infrastructure. She\u2019s passionate about building collaborative, high-trust teams and solving complex technical problems that span multiple layers of the stack. Most recently, Kavya focused on simplifying Kubernetes deployment statuses to make platform debugging accessible-even to users with no prior Kubernetes experience. When she's not writing code, you\u2019ll likely find her surfing, hiking, or exploring new restaurants in search of her next favorite dish.", "answers": []}, {"guid": "f21193e9-36b0-52d7-b6e1-75e5ead225e8", "id": 1326, "code": "JUMLDT", "public_name": "Sahil Thandra", "avatar": "https://cfp.cloud-native.rejekts.io/media/avatars/JUMLDT_njPZWX3.jpg", "biography": "Sahil Thandra is a Senior Software Engineer at Bloomberg, where he works in the Platform-as-a-Service team. In this role, Sahil helps provide a managed service that empowers Bloomberg's engineers to seamlessly deploy containerized applications without the complexities of setting up and managing the underlying infrastructure. With a strong foundation in platform engineering, Sahil brings extensive experience in cloud infrastructure, large-scale distributed systems and cluster lifecycle management", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.cloud-native.rejekts.io/cloud-native-rejekts-atlanta-na-atlanta-2025/talk/QKCFNE/", "id": 1554, "guid": "0f04fe42-7d25-5845-a0ca-793193fec154", "date": "2025-11-08T11:10:00-05:00", "start": "11:10", "logo": null, "duration": "00:30", "room": "Theater", "slug": "cloud-native-rejekts-atlanta-na-atlanta-2025-1554-ease-the-move-from-devops-to-mlops-a-case-for-modelspec-kitops", "title": "Ease The Move From DevOps to MLOps: A Case For ModelSpec + KitOps", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "What does operational overhead look like in the era of MLOps? If you're grappling with this question, like many others, and would like a way to apply the paradigm of containers and cloud native to AI workloads \u2015 you're in luck. \r\nThere is an effort underway to align AI workloads with the knowledge we have of operational excellence in cloud native. The CNCF Sandbox project ModelSpec brings much needed clarity to MLOps workflows. It provides the right abstraction to be able to define how DevOps and cloud native practices can be applied for machine learning operations. \r\nAPplying the ModelSpec is the KitOps tool. It helps bridge the gaps that currently exist in the tooling space for MLOps. It creates a \"Docker\"-like interface for AI workloads and makes it easy and efficient to work with models on Kubernetes (or other container runtimes).\r\nIn this talk, I aim to bring together the ML overhead, how cloud native paradigms can help, the ModelSpec, and KitOps. Together, all these will help expose an important painpoint in productionalizing AI in the workplace. Let's eliminate all the disconnected ways in which data teams, developers, and operations folks are working by using the principles that will be highlighted during this talk.", "description": "- Understand MLOps Challenges: Learn to identify the key operational hurdles in deploying and managing AI/ML models.\r\n- Discover a New Solution: Get introduced to ModelSpec and KitOps, a practical framework for streamlining MLOps.\r\n- Apply DevOps Principles to AI: Find out how to use familiar cloud-native concepts to manage AI workloads efficiently.\r\n- Improve Team Collaboration: Learn how to bridge the gap between your data science and operations teams with a unified workflow.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "875f068f-b0a7-57e8-9932-df27bc373e0e", "id": 733, "code": "FY8GWN", "public_name": "Ram Iyengar", "avatar": "https://cfp.cloud-native.rejekts.io/media/avatars/FY8GWN_DrtSSno.jpg", "biography": "Ram Iyengar is an engineer by practice and an educator at heart. He was (cf) pushed into technology evangelism along his journey as a developer and hasn\u2019t looked back since! He enjoys helping engineering teams around the world discover new and creative ways to work. He is a proponent of product development and engineering teams that put the community first.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.cloud-native.rejekts.io/cloud-native-rejekts-atlanta-na-atlanta-2025/talk/X3LUL3/", "id": 1581, "guid": "b43419ca-4d5c-5343-a09b-39926682af8a", "date": "2025-11-08T11:45:00-05:00", "start": "11:45", "logo": null, "duration": "00:30", "room": "Theater", "slug": "cloud-native-rejekts-atlanta-na-atlanta-2025-1581-make-your-developer-s-pains-go-away-with-the-right-level-of-abstraction-for-your-platform", "title": "Make your Developer's Pains go Away, with the Right Level of Abstraction for your Platform", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "Developers don\u2019t code eight hours a day. They code one \u2014 and fight with TicketOps, Infrastructure dependencies and Security blockers the rest of the time. Many platform teams build Internal Developer Platforms (IDPs) to help, but poor abstraction choices make things worse. In this talk, we\u2019ll share a battle-tested approach to building the right level of abstraction on top of Kubernetes using Score and Kro.\r\n\r\nYou\u2019ll learn how to go beyond templating, reduce cognitive load, and deliver a developer experience that people actually want to use. We\u2019ll demo how developers can deploy secure, production-grade workloads by just focusing on their applications to bring value to their end users \u2014 while the platform handles the hard parts behind the scenes.\r\n\r\nThis talk isn\u2019t about Kubernetes and GitOps. It\u2019s about empathy. It\u2019s about platforms people adopt, not abandon.", "description": "Many platform teams build Internal Developer Platforms (IDPs) to make developers\u2019 lives easier. But the wrong abstraction choices often have the opposite effect: developers get stuck wrestling with endless YAML files, manually navigating security checklists, and troubleshooting infrastructure instead of writing code.\r\n\r\nIn this session, we\u2019ll share a proven approach to avoiding that trap \u2014 choosing the right level of abstraction for your Kubernetes-based platform. Using the open source tools Score and Kro, we\u2019ll walk through a live demo showing how to fully automate complex infrastructure and security requirements behind the scenes, so developers never have to think about them.\r\n\r\nYou\u2019ll learn how to:\r\n\r\n- Minimize cognitive load and boost the \u201cdeveloper joy\u201d factor.\r\n- Combine GitOps workflows with platform automation for smooth deployments.\r\n- Enable production-grade deployments with minimal developer effort.\r\n\r\nThe goal: platforms that teams actually want to use \u2014 because they solve real problems instead of creating new ones.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "ec6faaaa-2ce0-523c-8660-a7f48cad3c43", "id": 1089, "code": "AK33UE", "public_name": "Artem Lajko", "avatar": "https://cfp.cloud-native.rejekts.io/media/avatars/AK33UE_1oBiS8E.JPG", "biography": "Artem Lajko, certified CNCF Kubestronaut and Platform Engineer, specializes in Kubernetes scalability and GitOps workflows. He is the author of Implementing GitOps with Kubernetes and writing for various publishers. As a Platform Engineering Ambassador, he supports companies and the community in adopting Internal Developer Platforms and related technologies. Passionate about Open Source, he helps organizations choose the right tools to drive adoption and innovation.", "answers": []}, {"guid": "c9e8245d-80ef-5ec3-b37c-a846c4f0c6d6", "id": 1041, "code": "SART39", "public_name": "Mathieu Benoit", "avatar": "https://cfp.cloud-native.rejekts.io/media/avatars/PXL_20230225_180623521_2_kblr8Jq.jpg", "biography": "I\u2019m passionate about Cloud Native Computing technologies driven by Open Source, Cloud, Security, SRE, Containers, DevOps, Platform Engineering and Kubernetes. Based on my past experiences as software engineer, IT consultant, solution architect and customer success engineer, I now focus my work more and more on usability of products, driven by how I could improve the developers and end-users experience with docs, samples and products.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.cloud-native.rejekts.io/cloud-native-rejekts-atlanta-na-atlanta-2025/talk/EBZREM/", "id": 1499, "guid": "b2f960a6-8250-5078-ad53-aa3b9763aa52", "date": "2025-11-08T14:00:00-05:00", "start": "14:00", "logo": null, "duration": "00:30", "room": "Theater", "slug": "cloud-native-rejekts-atlanta-na-atlanta-2025-1499-building-kubernetes-ai-agents-at-scale-generating-synthetic-training-data-for-autonomous-operation", "title": "Building Kubernetes AI Agents at Scale: Generating Synthetic Training Data for Autonomous Operation", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "AI agents for Kubernetes automation fail because they're trained on unrealistic, simplified scenarios. Unfortunately, there is a dearth of such training data available, as most companies are reticent to publicly share cluster operations data. Moreover, even existing data from, e.g., Google or Alibaba, is not representative of usage patterns seen in smaller organizations. In this talk, we will demonstrate how to use a small \u201cseed\u201d of real, production data from existing Kubernetes clusters to generate a large set of representative, synthetic training data for Kubernetes AI agents. We use graph-theoritic and statistical methods to generate a diverse set of training data covering failure modes, scaling events, resource contention problems, and other common scenarios found in production systems. These techniques, based on research from a team at Harvey Mudd College, allow AI Kubernetes Agents to be trained on high-quality data that is tailored to your company\u2019s production infrastructure.", "description": "The modern AI industry is evolving at a break-neck pace; as new techniques and models become available, the rapid (re)-training of AI agents is critical for companies to remain competitive.  Moreover, doing this training in a cost-effective manner provides these companies with a longer runway to get their products to market.  Lastly, while AI agents trained to manage Kubernetes can often solve simple problems on small clusters, they have thus far have failed to work in large, general-purpose clusters like those seen in many companies\u2019 production infrastructure.\r\n\r\nIn this talk, users will learn how they can build a custom, personalized set of training data for AI Kubernetes agents, based on a relatively small amount of initial data.  This capability will enable them to stay competitive in a rapidly-changing ecosystem, while keeping costs under control.  We will also provide users with an easy-to-use \u201csandbox\u201d training environment where agents can interact with the Kubernetes API and observe the effects of these interactions on the training data.\r\n\r\nThis work was done in collaboration with a team of researchers at Harvey Mudd College, and will additionally benefit the ecosystem by facilitating the flow of knowledge from the academic community into industry.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "f1a28013-7703-5166-8fb8-a284f841fb0a", "id": 984, "code": "LTEDXS", "public_name": "David Morrison", "avatar": "https://cfp.cloud-native.rejekts.io/media/avatars/me_TXaOHtF.png", "biography": "drmorr is the founder of ACRL, and is a computer scientist, researcher, and software engineer focused on problems in optimization, scheduling, and distributed systems. He received his PhD from the University of Illinois, Urbana-Champaign in 2014, and has over a decade of industry experience (at companies like Airbnb and Yelp) as well as a strong background in academic research. In his spare time he builds Legos, plays board games, and writes fiction.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.cloud-native.rejekts.io/cloud-native-rejekts-atlanta-na-atlanta-2025/talk/X3YHRS/", "id": 1463, "guid": "b664a120-2844-5fbe-9a6a-a877f29c49e5", "date": "2025-11-08T14:35:00-05:00", "start": "14:35", "logo": null, "duration": "00:30", "room": "Theater", "slug": "cloud-native-rejekts-atlanta-na-atlanta-2025-1463-brewed-for-scale-how-homebrew-virtualized-macos-devops-with-kubernetes", "title": "Brewed for Scale: How Homebrew Virtualized macOS DevOps with Kubernetes", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "Many FOSS project maintainers are operating extensive CI systems to ensure quality, stability, and rapid delivery of their software. Homebrew, the package manager beloved by macOS developers, is one such project. In this session, we\u2019ll dive into the evolution of Homebrew\u2019s CI pipelines for pull request validations, integration testing, and full regression tests for releases.\r\n\r\nEach tier of CI and test automation comes with its own unique challenges. With a variety of pull requests coming in across the Homebrew and Workbrew repositories, CI pipelines need to be fast and efficient. While a pull request may look simple on the surface, complexity often arises in the testing phase, as a modification may need to be tested against everything that runs on a particular package. We\u2019ll explore how Homebrew balances scalability and reliability across its CI landscape by utilizing open source virtualization and orchestration technology tailored to developers on macOS.", "description": "Since 2019, Homebrew has used a macOS native orchestration and CI solution that brought scalability, virtualization, resource flexibility, and workload customization to its cloud environment. When you have the intensive demand Homebrew does from downloading upstream source code and building binary packages to support multiple versions of macOS across both Intel and Apple Silicon architecture, the ability to scale and customize is critical.\r\n\r\nThis work benefits the entire macOS ecosystem, as faster CI cycles mean quicker delivery of up-to-date software to millions of Homebrew users. Optimized infrastructure gives contributors and maintainers of the project the power to iterate with confidence, regardless of their local development setup. By sharing these strategies, we aim to inspire other projects facing similar macOS CI challenges to adopt their own sustainable, scalable best practices.\r\n\r\nThis presentation will appeal to a variety of audiences including platform engineers, CI/CD architects, SREs, and FOSS maintainers who are interested in reproducible builds, improving or scaling macOS CI workloads, or designing pipelines that fit the needs of a high-volume, fast-paced open source project.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "446e66de-9f87-535f-9399-87f0274e03ee", "id": 1265, "code": "SWVDPB", "public_name": "Rin Oliver", "avatar": "https://cfp.cloud-native.rejekts.io/media/avatars/SWVDPB_kdwySTG.jpeg", "biography": "Kiran \"Rin\" is a part of the Product team working in Developer Relations at MacStadium. He enjoys discussing all things OSS, with a particular focus on diversity in tech, improving hiring pipelines in OSS for those that are neurodivergent, improving the K8s developer experience, and removing barriers to contributing to cloud-native software.\r\n\r\nWhen not immersed in all things cloud-native, Rin can be found hanging out with his family, cooking, or gaming.", "answers": []}, {"guid": "330e2e04-42ed-53e9-8dc3-0168a717a246", "id": 1266, "code": "NU9CPN", "public_name": "Brandon Valentine", "avatar": "https://cfp.cloud-native.rejekts.io/media/avatars/NU9CPN_3BejZf7.jpeg", "biography": "Brandon Valentine began his career in 2000 as a systems administrator managing large-scale fleets, quickly becoming an active contributor to open source package managers. Over the years, he expanded his expertise to include Ruby development, consulting, and professional sales. A devoted Homebrew contributor and enthusiast, Brandon spent five impactful years at GitHub before joining Workbrew, where he is focused on customer success and reconnecting with his systems administration roots.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.cloud-native.rejekts.io/cloud-native-rejekts-atlanta-na-atlanta-2025/talk/8JVWUX/", "id": 1474, "guid": "6e6c6923-85e2-5b5f-be43-cf5ab6105d21", "date": "2025-11-08T15:10:00-05:00", "start": "15:10", "logo": null, "duration": "00:30", "room": "Theater", "slug": "cloud-native-rejekts-atlanta-na-atlanta-2025-1474-in-spire-ing-identity-using-spire-for-verifiable-container-isolation", "title": "In-SPIRE-ing Identity: Using SPIRE for verifiable container isolation", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "Edera leveraged SPIRE for cryptographically attestation of a workload\u2019s environment. We started with a question: how do we prove that workloads are running in an isolated environment? It turns out that this is very similar to the workload identity question already answered by SPIFFE/SPIRE. By integrating SPIRE, Edera\u2019s users are able to prove that workloads are running in a fully isolated Edera zone and get end-to-end encryption between these workloads, allowing for use cases like non-falisifiable build provenance and remote attestation.\r\n\r\nIn this talk, we will discuss workload identity and the SPIFFE specification, explaining how workload identity enabled us to build a hypervisor-based, verifiable identity system for isolated workloads. We will talk about lessons learned when deploying SPIRE, walk through some of our configuration choices, and give some tips to others looking to use this project.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"guid": "bc6d5bcd-95f1-5c16-a469-1e0550b091f6", "id": 1272, "code": "F7CKLL", "public_name": "Marina Moore", "avatar": "https://cfp.cloud-native.rejekts.io/media/avatars/F7CKLL_K0BxwOm.jpg", "biography": "Marina Moore is a Research Scientist at Edera. She is a maintainer of The Update Framework (TUF), a CNCF graduated project that provides secure software update and delivery. She is also a chair of CNCF's TAG Security and Compliance where she contributes to security assessments and whitepapers, as well as providing technical security leadership to CNCF projects.\r\n\r\nHer research interests include container isolation, software supply chain security, and cloud security.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.cloud-native.rejekts.io/cloud-native-rejekts-atlanta-na-atlanta-2025/talk/H7EYBC/", "id": 1457, "guid": "91eaf2f6-c8f6-5d2e-84c0-6f04c174d75b", "date": "2025-11-08T16:00:00-05:00", "start": "16:00", "logo": null, "duration": "00:30", "room": "Theater", "slug": "cloud-native-rejekts-atlanta-na-atlanta-2025-1457-managing-millions-of-storage-volumes-at-scale-inside-digitalocean-s-argocd-strategy", "title": "Managing Millions of Storage Volumes at Scale: Inside DigitalOcean's ArgoCD Strategy", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "When you're managing millions of storage volumes across 13 regions, traditional deployment approaches break down. At DigitalOcean, we transformed our Storage Platform operations using ArgoCD to bring sanity to complexity.\r\n\r\nIn this talk, we'll share how DigitalOcean's Storage Platform team turned our deployment process into a GitOps-powered engine using ArgoCD. We'll take you behind the scenes of operating our Storage Kubernetes platform, StorK8s, our storage orchestration platform that powers millions of volumes across DigitalOcean's global infrastructure.\r\n\r\nYou\u2019ll learn:\r\n\r\n1. How we architected a single ArgoCD instance to manage 13+ clusters across 13 regions while maintaining sub-5-minute deployment times.\r\n2. Real-world canary and blue-green deployment patterns for stateful workloads.\r\n3. Why centralised GitOps beats federation for our use case (and when you shouldn't follow our lead)\r\n\r\nWe\u2019ll share what worked, what didn\u2019t, and secret ingredients that helped us scale GitOps reliably.", "description": "This talk gives the community a real-world end user story, large-scale example of GitOps in action using ArgoCD to manage complex, stateful workloads.\r\n\r\nBy sharing lessons learned from operating across 13+ regions, we\u2019ll show how CNCF open source tools can handle high-stakes infrastructure without compromising velocity or safety, through the lens of how DigitalOcean\u2019s Storage Platform, StorK8s, powers millions of volumes globally.\r\n\r\nDigitalOcean has been running storage platform AKA StorK8s for the past 10+ years, and in this talk storage team senior engineer Nikhil and dev advocate Yash will share learnings with hands on practical patterns, deployment strategies, and tooling ideas on GitHub that attendees can apply to their own environments, helping push GitOps adoption forward across the open source and CNCF ecosystem.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "49682054-2e64-565e-b4be-a64db87d0192", "id": 1038, "code": "PM3V9R", "public_name": "Yash Sharma", "avatar": "https://cfp.cloud-native.rejekts.io/media/avatars/PM3V9R_yHSYa6m.jpg", "biography": "Yash is Developer Advocate at Digital Ocean, international speaker and a core maintainer of Meshery, an open-source CNCF sandbox project. He is a mentor for the LFX 2024 projects and was an LFX mentee in the 2023 mentorship under Meshery. He hosts weekly Meshery Development calls and engage in CNCF communities", "answers": []}, {"guid": "a316588a-1bcd-5b7d-b87a-635460805511", "id": 1263, "code": "LUTVMX", "public_name": "Nikhil Pathak", "avatar": null, "biography": "Senior Platform Engineer at DigitalOcean.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.cloud-native.rejekts.io/cloud-native-rejekts-atlanta-na-atlanta-2025/talk/YPWVLM/", "id": 1541, "guid": "b3d05d9d-2161-5106-b561-6a09906021b5", "date": "2025-11-08T16:35:00-05:00", "start": "16:35", "logo": null, "duration": "00:30", "room": "Theater", "slug": "cloud-native-rejekts-atlanta-na-atlanta-2025-1541-truly-portable-code-serverless-webassembly-in-a-distributed-world", "title": "Truly Portable Code: Serverless WebAssembly in a Distributed World", "subtitle": "", "track": null, "type": "Talk", "language": "en", "abstract": "What if you could build serverless applications that cold-start in under a millisecond, run anywhere\u2014from your laptop to Kubernetes to the edge\u2014and require no changes to move between environments? This talk introduces Spin, a CNCF open-source WebAssembly (Wasm) developer toolkit designed for performance, portability, and simplicity.", "description": "What if you could build serverless applications that cold-start in under a millisecond, run anywhere\u2014from your laptop to Kubernetes to the edge\u2014and require no changes to move between environments? This talk introduces Spin, a CNCF open-source WebAssembly (Wasm) developer toolkit designed for performance, portability, and simplicity.\r\nAttendees will learn how to build a Spin app, write polyglot WebAssembly functions with sub-millisecond cold starts, and run them locally using the Spin CLI. The same app will then be deployed to Azure Kubernetes Service with SpinKube, the open-source Spin runtime for Kubernetes, and to Fermyon Wasm Functions, Akamai\u2019s multi-tenant, globally distributed PaaS \u2014 all without rewriting or cross-compilation.\r\nThe talk shows how WebAssembly and Spin enable true portability across the compute continuum, letting developers build once and run anywhere with no vendor lock-in. This talk demonstrates how Spin is reshaping what serverless can be.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "36b2786c-84f7-5355-b5ce-e4d3868b8209", "id": 778, "code": "MZYEP7", "public_name": "Caleb Schoepp", "avatar": "https://cfp.cloud-native.rejekts.io/media/avatars/MZYEP7_rFnqFpc.png", "biography": "Caleb Schoepp is a software engineer at Fermyon. Before working at Fermyon he interned at Microsoft three times on different teams and at the startups UnifyID and Resemble AI. Caleb enjoys hacking on cloud infrastructure and learning the ins and outs of WebAssembly. Outside of work he enjoys playing guitar, spending time with family, and playing hockey. Caleb holds a BSc in Computer Engineering from the University of Alberta. He lives in Edmonton, Alberta.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.cloud-native.rejekts.io/cloud-native-rejekts-atlanta-na-atlanta-2025/talk/M3TVS3/", "id": 1565, "guid": "6f6a045e-285f-5fd3-8101-2e51e3f7bc4f", "date": "2025-11-08T17:10:00-05:00", "start": "17:10", "logo": null, "duration": "00:05", "room": "Theater", "slug": "cloud-native-rejekts-atlanta-na-atlanta-2025-1565-beyond-yaml-building-platform-apis-with-kro", "title": "Beyond YAML: Building Platform APIs with kro", "subtitle": "", "track": null, "type": "Lightning Talk", "language": "en", "abstract": "Kube Resource Orchestrator (kro) has been steadily gaining traction as a Kubernetes-native way to build higher-level abstractions for platform engineering. Kro enables platform teams to create Platform APIs that bundle multiple Kubernetes and cloud resources into a single, self-service interface.\r\n\r\nAt its core, kro uses a ResourceGraphDefinition to define the components, their dependencies, and how they should be deployed. This eliminates sprawling YAML files, automates ordering, and lets application teams consume infrastructure without wrestling with raw Kubernetes manifests.\r\n\r\nIn this lightning talk, I\u2019ll show:\r\n\r\n1. What a Platform API built with kro looks like.\r\n1. How it compares to tools like Crossplane compositions and Helm.\r\n1. Where kro fits in your platform engineering roadmap.\r\n\r\nIn just 5 minutes, you\u2019ll see how this approach can make your platform APIs higher-level\u2014and your delivery pipelines faster.", "description": "If you\u2019re a platform engineer, DevOps practitioner, or Kubernetes enthusiast who\u2019s tired of juggling endless YAML files, this lightning talk is for you. We\u2019ll explore how Kube Resource Orchestrator (kro) turns complex deployments into clean, reusable Platform APIs that app teams can use without touching low-level manifests. In just 5 minutes, you\u2019ll learn what kro is, how it works, and why it might be the missing abstraction in your platform engineering toolkit.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "3a72aa62-4d11-5c7b-b665-be2b1e5ce6f7", "id": 770, "code": "VYZW8W", "public_name": "Engin Diri", "avatar": "https://cfp.cloud-native.rejekts.io/media/avatars/me_oCXakbE.jpg", "biography": "As a Senior Solutions Architect at Pulumi with over 15 years of experience in the IT industry, including roles at the Schwarz Group and W&W Versicherungen, I bring extensive expertise with an end-user and enterprise focus. Currently working for a startup while collaborating with enterprise clients has further enriched my experience!\r\n\r\nI began my career as a Java backend developer, transitioned to frontend development, and ultimately specialized in CI/CD and DevOps. Working with ANT and Cruise Control to switch to Jenkins and Microsoft Team Foundation Server added some traumas on top! But as they say, what doesn't kill you makes you stronger.\r\n\r\nI have now embraced the dynamic world of DevOps and Platform Engineering, leveraging cloud technologies and Kubernetes.\r\n\r\nRecently, I have been exploring AI to find ways to make myself redundant in the future.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.cloud-native.rejekts.io/cloud-native-rejekts-atlanta-na-atlanta-2025/talk/3FQ7NM/", "id": 1563, "guid": "4c990071-b8a1-58a1-9b25-f7dfda0c6374", "date": "2025-11-08T17:15:00-05:00", "start": "17:15", "logo": null, "duration": "00:05", "room": "Theater", "slug": "cloud-native-rejekts-atlanta-na-atlanta-2025-1563-the-dragonfly-5-minute-formula-for-speedy-container-delivery", "title": "The Dragonfly 5-Minute Formula for Speedy Container Delivery", "subtitle": "", "track": null, "type": "Lightning Talk", "language": "en", "abstract": "Ever wondered how to speed up your Kubernetes container delivery and get results in the blink of an eye? Look no further! In this action-packed 5-minute session, you will experience the magic of Dragonfly, the ultimate tool for accelerating container delivery in Kubernetes that slashes delivery times, boosts efficiency and ensures lightning-fast container distribution across your infrastructure.\r\n\r\nWhether you're looking to optimize deployment speed or just curious about how to supercharge your container workflow, this talk is for you.\r\n\r\nThis talk covers how to:\r\n1. Integrate Dragonfly with Kubernetes, ArgoCD, and other tools fromthe CNCF landscape for seamless container delivery.\r\n2. Unlock the magic behind Dragonfly\u2019s peer-to-peer container distribution.\r\n3. Real-world examples of using Dragonfly to accelerate deployments in Kubernetes.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"guid": "5350da7e-ed67-5199-9b98-611a03088d54", "id": 990, "code": "KNTRDG", "public_name": "Aditya Soni", "avatar": "https://cfp.cloud-native.rejekts.io/media/avatars/1715395028354_1_bW4kzLw.jpeg", "biography": "Aditya Soni is a DevOps/SRE tech professional He worked with Product and Service based companies including Red Hat, Searce, and is currently positioned at Forrester Research as a DevOps Engineer II. He holds AWS, GCP, Azure, RedHat, and Kubernetes Certifications.He is a CNCF Ambassador, and AWS Community Builder for 4 years He leads AWS, CNCF, and HashiCorp user groups for Rajasthan State in India. He has spoken at many conferences, both in-person and virtually.", "answers": []}, {"guid": "351eb9d0-1f1f-5293-be73-d0c3327cc11c", "id": 980, "code": "9MYKVD", "public_name": "Hrittik Roy", "avatar": "https://cfp.cloud-native.rejekts.io/media/avatars/Cropped_Image_6QrlWPD.jpg", "biography": "Hrittik is a Platform Advocate at Loft Labs and a CNCF Ambassador, with expertise in cloud native technologies and open source communities. He has contributed extensively to developer advocacy, technical writing, and community engagement. Hrittik has been a featured speaker at events such as Kubernetes Community Days, Open Source Summits, and more, and has served as a Program Committee member for several KubeCons and CloudNativeCons.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.cloud-native.rejekts.io/cloud-native-rejekts-atlanta-na-atlanta-2025/talk/9RUPBC/", "id": 1468, "guid": "f5d96082-6635-589e-93b9-1548aec687c2", "date": "2025-11-08T17:20:00-05:00", "start": "17:20", "logo": null, "duration": "00:05", "room": "Theater", "slug": "cloud-native-rejekts-atlanta-na-atlanta-2025-1468-from-messy-to-modular-fixing-multi-tenant-ingress-with-gateway-api-s-xlistenerset", "title": "From Messy to Modular: Fixing Multi-Tenant Ingress with Gateway API's XListenerSet", "subtitle": "", "track": null, "type": "Lightning Talk", "language": "en", "abstract": "Kubernetes Ingress doesn\u2019t scale well in multi-tenant clusters, especially when teams need to share ports or protocols.\r\n\r\nIn this talk, I\u2019ll show how the experimental XListenerSet in Gateway API solves that.\r\nUsing a real use case, I\u2019ll walk through how it lets different teams define their own listeners safely, without stepping on each other.\r\n\r\nIf you're managing shared clusters and fighting with ingress conflicts, this is five minutes that could save you hours.", "description": "Managing Ingress in multi-tenant Kubernetes clusters is complex and error-prone, especially when teams need to share ports or protocols.\r\n\r\nThe new XListenerSet extension in Gateway API provides a clean way to delegate listener configuration safely.\r\n\r\nIn this talk, I\u2019ll present a real-world use case where XListenerSet resolved conflicts and improved isolation between teams.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "2f485398-74e4-59f4-8aef-0f15165d1496", "id": 1127, "code": "ZY7DGN", "public_name": "Mengin Nicolas", "avatar": "https://cfp.cloud-native.rejekts.io/media/avatars/ZY7DGN_zVNfLZF.png", "biography": "Traefik Maintainer - Head of Development @ TraefikLabs\r\nHead of Development at Traefik Labs, the company behind Traefik, the popular cloud-native Gateway Controller, and Traefik Hub, a comprehensive API Management solution for Kubernetes.\r\nResponsible for overseeing the implementation of the Gateway API in Traefik.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.cloud-native.rejekts.io/cloud-native-rejekts-atlanta-na-atlanta-2025/talk/PQWWSW/", "id": 1602, "guid": "c1602747-3300-55ea-ad3d-d275cdfe042b", "date": "2025-11-08T17:25:00-05:00", "start": "17:25", "logo": null, "duration": "00:50", "room": "Theater", "slug": "cloud-native-rejekts-atlanta-na-atlanta-2025-1602-more-lightning-talks-signup-sheet-at-registration", "title": "More Lightning Talks - Signup sheet at registration", "subtitle": "", "track": null, "type": "More Lightning Talks - Sign up sheet at registration (limited slots available)", "language": "en", "abstract": "5 mins talks from attendees - sign up sheet at registration (limited slots available)", "description": "", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.cloud-native.rejekts.io/cloud-native-rejekts-atlanta-na-atlanta-2025/talk/VS7TPL/", "id": 1603, "guid": "69e64952-f397-50bb-9857-ab07ca31b274", "date": "2025-11-08T18:15:00-05:00", "start": "18:15", "logo": null, "duration": "00:05", "room": "Theater", "slug": "cloud-native-rejekts-atlanta-na-atlanta-2025-1603-closing-keynote", "title": "Closing Keynote", "subtitle": "", "track": null, "type": "Lightning Talk", "language": "en", "abstract": "Closing out Rejekts NA 2025 in Atlanta, GA", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"guid": "41c78b36-f69e-5c9e-9e82-84f0eba878aa", "id": 131, "code": "KWSQGH", "public_name": "Duffie Cooley", "avatar": "https://cfp.cloud-native.rejekts.io/media/IMG_2810.JPG", "biography": null, "answers": []}], "links": [], "attachments": [], "answers": []}]}}]}}}