To see our schedule with full functionality, like timezone conversion and personal scheduling, please enable JavaScript and go here.
09:00
09:00
45min
Day 1 - Registration + Reception
TBA

Doors and registration desk open to receive attendees.

Break
Main Hall
09:45
09:45
10min
Cloud Native Rejekts Opening
Chris Kuehl

We look to welcome and provide information to all attendees.

Cloud Native
Main Hall
10:00
10:00
30min
Using BPF to debug your Kubernetes application
Alban Crequy

I will demo how to use different BPF tools in the Kubernetes developer workflow. Then, I will explain how it works and what support it requires from the Kubernetes installation.

Cloud Native
Main Hall
10:40
10:40
30min
Building flexible policy with OPA and Kubernetes
Rita Zhang, Max Smythe

Have you ever been asked the question - “How do we make sure Kubernetes resources conform to our internal policies and procedures?”. In this session we introduce, how you can audit, validate and mutate Kubernetes resources based custom semantic rules during create, update, and delete operations without recompiling or reconfiguring the Kubernetes API server using Gatekeeper - a policy controller for Kubernetes.

Cloud Native
Main Hall
11:35
11:35
30min
Evaluating Firecracker as a container runtime engine
Dongsu Park

I will explain the overview of the architecture around Firecracker and container runtimes. Then I will show demos for a proof-of-concept implementation.

Cloud Native
Main Hall
12:15
12:15
30min
Prometheus as exposition format for eBPF programs
Leonardo Di Donato

Because the kernel knows more than your programs.

Cloud Native
Main Hall
12:50
12:50
90min
Lunch
TBA

Lunch time!

Break
Main Hall
14:20
14:20
30min
Highly Effective Kubernetes Deployments with GitOps
Edaena Salinas

I will describe a GitOps based deployment workflow that makes your Kubernetes deployments secure, auditable, and simpler and the process the process and tools you need to put it in place on any cloud.

Cloud Native
Main Hall
15:00
15:00
30min
Building a CI pipeline for Kubernetes distributions on the cheap
Kosy Anyanwu

Setting up a CI pipeline for Kubernetes distribution environment can be a daunting - and possibly costly - task, especially when you need to run tests for every change in a distribution focused on high-availability.

In this talk, I will explain how we built a CI system at Kinvolk based on Concourse CI, where we spin up multiple, parallel multi-node Kubernetes clusters in isolation on a single bare metal machine, in order to automatically run tests for bare-metal Kubernetes deployments. I will discuss the architectural and design choices, the tools that were used, the challenges we faced, and how we addressed them.

Cloud Native
Main Hall
15:40
15:40
30min
Observing Enterprise Kubernetes Clusters At Scale
Joe Salisbury

Observing Kubernetes clusters at scale can be challenging. While most companies operate a small number of Kubernetes clusters, Giant Swarm is responsible for hundreds. This scale makes maintaining a responsible level of observability harder.

We aim to present our observability journey, particularly with Prometheus.

This will cover our architectural choices in the past, such as building tooling for managing Prometheus for on-demand Kubernetes clusters, our current usage and drawbacks we’d like to address, and our plans for the future, such as horizontal scaling and Cortex.

We will also cover our continuous improvement process using post mortems and continuous delivery, which allows us to evolve our metrics, new exporters, and alerting as we discover blind spots.

This talk presents our learnings of handling observability at scale, with in-depth examples from our infrastructure.

Cloud Native
Main Hall
16:35
16:35
30min
Artifact Registries; Extending OCI Image and Distribution
Steve Lasker

Container Registries store the images we build, secure, sign, geo-replicate and deploy. They support production workloads we configure authentication for each service and user that must access them.
Joins as we share the work to extend OCI distribution and image specs to support new artifact types such as Helm and CNAB. We'll demonstrate how you can author and store new artifacts, leveraging the investments of OCI compliant registries enabling you to focus on the apps and artifacts, without having to manage the infrastructure.

Cloud Native
Main Hall
17:15
17:15
30min
Deep Dive: Deploying Kubernetes on Bare Metal Using the Cluster API
David Watson & Jason DeTiberus

Relative to cloud infrastructure, bare metal environments are more varied and do not expose a unified API. The Cluster API unifies infrastructure management with Kubernetes-native resources, but our previous attempts to use it in bare metal environments show that actuators alone have significant limitations. Kubernetes webhooks offer an alternative that separates the provisioning of Infrastructure from the deployment of Kubernetes, while keeping the declarative model and common tooling provided by the Cluster API.

Cloud Native
Main Hall
17:55
17:55
30min
Lessons learned while scaling Kubernetes to 5k nodes
Thomas Graf

In this talk, we will explore our journey scaling from a couple of hundred nodes to several thousand Kubernetes nodes. Tales will be told on how to scale etcd itself and what a health check every 30 seconds does to the apiserver when running at several thousand nodes.

Cloud Native
Main Hall
09:00
09:00
60min
Day 2 - Registration and Reception
TBA

Doors and registration desk open to receive attendees.

Break
Main Hall
10:00
10:00
30min
Getting Developers to Adopt Your Service
Jessica Andersson

Why should I use it?! Introducing new solutions, new technologies or new processes can meet resistance among your developers. Especially when it is a hyped technology such as Kubernetes.

Listen to what Jessica and her team learned while building Kubernetes as a Service for developers at Meltwater. How human challenges become technical choices, and how communication and education can achieve high adoption rate.

Cloud Native
Main Hall
10:40
10:40
30min
The App Developer's Kubernetes Toolbox
Adnan Abdulhussein

If you're developing applications on top of Kubernetes, you may be feeling overwhelmed with the vast number of developer tooling in the ecosystem at your disposal. Kubernetes is moving at a rapid pace, and it's becoming impossible to keep up with the latest and greatest development environments, debuggers, and build, test and deployment tools.

In this talk, we'll share from our experience building applications on top of Kubernetes at Bitnami. We'll take a look at the landscape and answer questions like "should my team be using minikube or a shared Kubernetes environment?", "what's the difference between Skaffold, Draft and Telepresence?" and "should I be building an operator or a Helm chart?". We'll try to discern which tools best fit a scenario or workflow by looking at real-world examples of Kubernetes applications.

Cloud Native
Main Hall
11:35
11:35
30min
Knowing what your Kubernetes cluster is doing
Federico Hernandez

While running Kubernetes in production, how do you know what the cluster is doing? In this talk Federico will show you how he and his team are using kube-state-metrics in combination with other exporters and logs to get insights into the multi-tenant Kubernetes cluster they run for 40+ development teams at Meltwater. He will focus on metrics for the higher level Kubernetes objects as well as the cloud environment they run the cluster in.

Cloud Native
Main Hall
11:35
30min
Monitoring the NATS messaging system at scale with Elastic Beats
MICHAEL KATSOULIS, Stamatis Katsaounis

In a world where stateless applications are optimized to run blazing fast, message exchanging cannot be allowed to affect their performance. Having the ability to publish more than 7 million of messages per second, NATS is the sprinter of the messaging queues.

Whereas benchmarks are good indicators for choosing a tool there is no way to confirm its value without monitoring its performance in production. In our team, we use EFK stack to monitor a bunch of microservices running on top of Kubernetes, since EFK tends to be the de facto way to monitor containerized microservices.

Everything started with a task: Ship NATS monitoring data to Elasticsearch. What we achieved: Extending Beats, the Elastic data shipper, with a NATS dedicated module.

Join us in this session to learn more about the journey, how to add value to a CNCF project and give back to the community.

PS. There will be a demo!

Cloud Native
Sidebar
12:15
12:15
30min
Hardware vulnerabilities in cloud-native environments
Thilo Fromm

In late 2017 and throughout 2018 we witnessed the advent of a new class of CPU-level information disclosure vulnerabilities, commonly known as “Spectre”, “Meltdown”, and (later in 2018) “Level 1 Terminal Fault” (l1tf in short, also known as “Foreshadow”).

This talk will give a brief introduction of related CPU design concepts and their concrete exploitation by the above-mentioned vulnerabilities, and discuss available mitigations.

After we’ve established (or refreshed) our knowledge of the problem field, the main part of the talk will focus on keeping your Kubernetes clusters secured from those vulnerabilities: we will take a full-stack approach and look at common OS and container abstraction layers in cloud-native scenarios individually - bare metal kernel space, user space, (optional) virtualization, and container runtime - to discuss weaknesses and mitigations at each of the layers.

Cloud Native
Main Hall
12:15
30min
Test Driven Development Is Dead
Kevin Crawley

Test Driven Development and Code Coverage as a concept and practice is approaching 20 years and we've moved on. Sufficiently advanced monitoring is indistinguishable from testing and in this talk I'll prove it.

Cloud Native
Sidebar
12:50
12:50
90min
Lunch
TBA

Lunch time!

Break
Main Hall
14:20
14:20
30min
Kubernetes Operators
Josh Wood

What even are Kubernetes Operators? Kernel modules for extending Kubernetes.

Cloud Native
Main Hall
14:20
30min
Moving the CNI to User Space
Giles Heron

In this presentation we will explain why and how container networking is moving from the kernel into user space through projects such as the Contiv-VPP CNI plug-in (which leverages the Linux Foundation's fd.io project).

Cloud Native
Sidebar
15:00
15:00
30min
Consistent user authentication in multi-cloud hosted Kubernetes clusters
Christian Simon

As hosted Kubernetes solutions mature, it becomes ever more compelling to operate clusters across multiple cloud providers. A general point of friction can often be the differences in how you are able to authenticate to those clusters. Cloud providers tend to integrate their own proprietary solutions and hosted control planes lack the flexibility to use authentication providers and audit sinks.

Cloud Native
Sidebar
15:00
30min
Visualizing Canary Rollouts with Istio and Helm
Dan Garfield

Istio is one of the most important things to happen to continuous delivery/deployment since Kubernetes. In this talk, you'll learn how to leverage Helm and Istio to create reliable automated deployment. To help us visualize the rollout we've built an interactive, open-source app and will ask audiences to help decide if a rollout continues or not.

Cloud Native
Main Hall
15:40
15:40
30min
Preemptive Autoscaling on any Cloud
Matt Kelly, Ashley Schuett

Cerebral is an open source, provider agnostic, preemptive Kubernetes cluster autoscaler with pluggable metrics backends and scaling engines. In this talk, we'll do a deep dive into Cerebral and contrast its methodology with that of the Kubernetes Cluster Autoscaler, which scales only after seeing that pods cannot be scheduled.

Cloud Native
Main Hall
16:35
16:35
30min
Always up-to-date - Dissecting A Kubernetes Upgrade
Fernando RIpoll

The Cloud Native community pushes updates very frequently, sometimes for security reasons other times to deliver new features. This means we need to continuously upgrade Kubernetes and the related Cloud Native Stack.

Kubernetes has created a nice way to roll out new application versions, but what about the upgrade of the orchestrator itself, the core addons running on the cluster, or even the infrastructure holding it.

Thanks to running clusters for multiple customers all over the world Giant Swarm has created a system to roll out any piece of the infrastructure stack without impact to the customer’s workloads. Our approach is relying on a set of operators to gracefully control the entire process making it reliable and reproducible.

The audience will see the different decisions that have been taken and which problems have been faced over time.

Cloud Native
Main Hall
17:15
17:15
5min
OpenMetrics: Prometheus Unbound
Leonardo Di Donato

The State of the Art of OpenMetrics and some fundamentals about it.

Cloud Native
Main Hall
17:30
17:30
5min
Which service mesh should I use?
Lee Calcote

Not sure which service mesh is right for you? In the emerging landscape of service meshes, which should you choose? In this lightning talk, we will demo, Meshery, an open source, multi-mesh playground that deploys different types of service meshes on-demand.

Cloud Native
Main Hall
17:40
17:40
5min
Zero downtime upgrades of Kubernetes
Simone Sciarrati

The Kubernetes project releases a new version every 3 month as well as several bug fix releases in between. You need and want to upgrade your clusters. How do you do that with zero-downtime and no impact on your production workloads? In this lightning talk I will show how my team has come up with a procedure to upgrade a cluster and monitor the upgrade itself. In particular to avoid impact due to nodes becoming "Not Ready".

Cloud Native
Main Hall
17:55
17:55
30min
Build Cloud Native Application Bundles with Porter
Carolyn Van Slyck, Jeremy Rickard

Learn how to use Porter to create and deploy Cloud Native Application Bundles without knowing the CNAB spec.

Cloud Native
Main Hall