“Observable Applications Using OpenTelemetry” Johannes Liebermann · Talk (30 minutes)

OpenTelemetry is a CNCF sandbox project which standardizes application tracing and monitoring across multiple programming languages, protocols, platforms and vendors. In this talk we’ll provide a brief introduction to the OpenTelemetry project, explore some of its language libraries, demonstrate ho…


“Developing a Local Registry for Kubernetes Clusters” Adrian Mouat · Talk (30 minutes)

Docker Hub and Quay.io are great for hosting public images, but not so great as the main resource for production clusters or storing highly sensitive images. In these cases, we really want a registry that is as close to the cluster as possible and under control of our organisation. Taking this furt…


“Watching the Watcher: Advanced Integrated Monitoring with Prometheus Federation” Charles Pretzer · Talk (30 minutes)

The name Prometheus is no longer synonymous with "The Messenger of the Gods". It has far greater responsibility in today's cloud native application environments.

This session will cover configuring Prometheus in a production environment with a focus on federating Prometheus deployments together.

Fe…


“Developing and running a backward compatible container registry at scale” Joseph Schorr · Talk (30 minutes)

Container registries are a vital piece of the cloud native infrastructure—they’re necessary for deploying containers with Kubernetes. However, to most, they are simply a black box into and out of which container images flow. But they’re much more than a storage space—they’re an essential part of de…


“The State of Kubernetes Cluster Management” Josh Michielsen · Talk (30 minutes)

Kubernetes has a reputation of being notoriously difficult to manage. The Kubernetes control plane alone requires the deployment of 6 services and a distributed key-value store, and still won't give you a useful cluster.

This has lead to the introduction of two categorgies of solutions - managed of…


“Building the ISTIOD Service Mesh Microkernel” Iris Ding, Steven Dake · Talk (30 minutes)

Join this session to learn why the Istio community challenged itself by building a better service mesh architecture modeled after a microkernel architecture. The technical origin of Istio is described in-depth, including the many historical reasons for implementing different components as separate …


“PromQL Queries for Security and Incident Response Teams” Carlos Arilla · Talk (30 minutes)

Prometheus monitoring can be useful not only for platform operators, service owners or DevOps teams but also provides great visibility to security and SOC teams.
In this talk we will go through several use cases where security and incident response teams have found themselves leveraging monitoring …


“Turbocharging Cloud-Native Storage for Database Workloads” Aakarsh · Talk (30 minutes)

Rook is a cloud-native,open-source storage orchestrator that solves the problem of storage deployment and management in kubernetes. But it still does not solve the problem of getting the most out of your storage for databases. We will be able to unlock the potential of the cloud-native storage for …


“Envoy Proxy filter development with WebAssembly for the polyglot developer” Eitan Yarmush, Yuval Kohavi · Talk (30 minutes)

Envoy has quickly become the go to cloud-native proxy for many reasons; chief among which are it’s speed, and extensibility. Envoy’s extensibility comes in the form of filters. Until this point these filters were written in CPP only and compiled directly into an Envoy instance.

This approach has a…


“Let's Talk about (Controller) UX” Chris Hein · Talk (30 minutes)

We're still in the middle of the upswing in Kubernetes Custom Controller/Operator development. As you start or continue to develop controllers, there are several handy UX techniques and patterns you can use to make your controllers better for your users. This talk goes through multiple OSS controll…


“Put your service mesh on autopilot” Idit Levine · Talk (30 minutes)

Service Mesh is a network abstraction that is making a lot of promises for microservices but that does not come without risk. In the new world, the service mesh alone bears the complexities of traffic routing, authentication, authorization, security, monitoring and tracing.

As the service mesh be…


“Journey To Istio Multi-Cluster Production Deployments At Scale” Maximilian Bischoff · Talk (30 minutes)

The current feature set of Istio includes multiple approaches for enabling a multi-cluster service mesh. For deployments with one control plane per cluster and gateway based connectivity between clusters, multiple Istio resources (CRDs) are required in both clusters to enable connectivity between t…


“Noverlay Networks for Health and Wellbeing” Karthik Prabhakar · Talk (30 minutes)

As Kubernetes multi-cluster deployment scales now start to approach those of large IP internetworks of yesteryear, we see a myriad of network design alternatives mirroring the network design choices from the internets of old.

We will take a tongue-firmly-in-cheek yet factual look through some of th…


“Connecting Applications with Operator-backed Services” Igor Sutton · Talk (30 minutes)

Cloud-Native Environments like Kubernetes comes with its challenges for binding applications. A service backed by an Kubernetes operator, for example, PostgreSQL instance and a shiny front-end Node.js application...

Wouldn't it be really fancy if we could just express the intent to bind to any back…


“The Easy Button to Kubernetes Networking with Open vSwitch” Antonin Bas · Lighting talk (5 minutes)

Networking can be a headache. Troubleshooting Kubernetes network issues often implies using a plethora of tools, running countless tests, and staring at iptables rules.

Open vSwitch, which offers a performant, reliable and feature-rich virtual switch for Linux and Windows, can help alleviate this. …


“Get Your Policy in Your Development Cycle” Ivan Towlson · Talk (30 minutes)

What if your editor could warn you of Open Policy Agent or Gatekeeper violations... before you even saved your work? Come see new tools for Visual Studio Code that help you stay compliant and secure from day one.


“Building and Maintaining Secure and Highly-Available Clusters” Marko Mudrinić · Talk (30 minutes)

Building highly-available (HA) Kubernetes clusters is still a hard task that takes a lot of time. Besides building clusters, you also have to maintain and upgrade them to stay secure and have all the new features.

Kubeadm is a Kubernetes community-supported tool capable of managing the full lifecyc…


“A Five-Minute Tour of the Kubernetes Release Cycle” Marko Mudrinić · Lighting talk (5 minutes)

Understanding the release cadence and support policy of a project is an important step before adopting it in your workflow. Everyone running Kubernetes in production wants to ensure that their clusters are secure and the first step in the journey is making sure your clusters are up-to-date. But whe…


“Inspektor Gadget and traceloop: BPF debugging tools for Kubernetes” Alban Crequy · Talk (30 minutes)

I will present Inspektor Gadget and traceloop, a tracing tool to trace system calls in cgroups or in containers using BPF and overwritable ring buffers.

Many people use the “strace” tool to synchronously trace system calls using ptrace. Traceloop similarly traces system calls but asynchronously in …


“Code Kubernetes While You Are Using It” Mario Loriedo · Lighting talk (5 minutes)

This lightning talk is about deploying a development platform on a Kubernetes cluster and using it to code and rollout an Kubernetes component update. Without stopping coding. To do so we are going to use Eclipse Che, a container based IDE that runs on Kubernetes and is particularly adapted for ra…


“OPA ate my image scanning” Fede Barcelona · Talk (30 minutes)

Image scanning is a cornerstone to keep your Kubernetes cluster secured. You don't want to open the door to attacks by deploying a pod from an image with vulnerabilities, or that doesn't follow your policies.

This talk will show attendees how to use Open Policy Agent as an Admission Controller and …


“Making our APIs more user friendly - Using OPA as a general webhook for CRDs” Puja Abbassi · Talk (30 minutes)

Custom Resource Definitions (CRDs) are the future of the Kubernetes API. Not only external so-called “operators” are using CRDs, but going forward more and more “native” functionality is being built with CRDs and custom controllers, making Kubernetes more modular.

As the CRD concept is maturing SIG…


“What We’ve Learned Building a Multi-Region DBaaS on Kubernetes” Josh Imhoff · Talk (30 minutes)

When the engineers at Cockroach Labs started development on a global Database as a Service (DBaaS), they weren’t sure if Kubernetes would be the right choice for the underlying orchestration system. They wanted to harness Kubernetes’s powerful orchestration capabilities, but building a system to ru…


“Kubernetes on Rails” Andrew Randall · Talk (30 minutes)

In 2017, Kelsey Hightower tweeted: "Kubernetes is a platform for building platforms. It's a better place to start; not the endgame." This session will explore how we should understand this quote today: what is missing from Kubernetes itself, the innovation enabled by -- and traps laid by -- its sup…


“How we organised the world-first Kubernetes Community Day” Alessandro Vozza · Lighting talk (5 minutes)

This talks recounts the journey of an handful of motivated community leaders that came together at the beginning of 2019 to run the very first Kubernetes Community Day in Amsterdam. Based on previous experience in local communities, we created an event that united the local communities and Kubernet…


“Kubernetes Ingress-Nginx Security from Beginner to Expert” Fernando Diaz · Talk (30 minutes)

In Kubernetes the Ingress-Nginx Controller is one of the most deployed Ingress Controller. It is the gateway to your applications, the metaphorical door person right outside. Securing it is crucial to the overall Security of your Cloud, yet many times it is not properly configured, leaving it vulne…


“Using Kubernetes to Scale Multi-Class Clusters” Javad Taheri · Talk (30 minutes)

As K8s adoption continues to grow, use cases which require more than one cluster instance emerge. Scalability limitations, different cluster configurations (specific capabilities for various purposes), and multi-cloud presence are among these use cases. In general, multiple cluster classes can be e…


“Containerless Cloud Native: Pushing Kubernetes to the Edge and more” Ralph Squillace · Talk (30 minutes)

The explosion of Kubernetes as the core distributed container kernel has established the future of Cloud Native development, operations, and applications, and the ecosystem around K8s has exploded in lock step. But upstream K8s is not "the platform" of the future; instead, "it's the platform of the…


“Easing the burden of the Kubernetes Pod Security Policy setup” Pablo Lopez Zaldivar · Talk (30 minutes)

A Pod Security Policy defines what conditions a pod must meet to be accepted into the system. Defining these objects at a Kubernetes cluster is not always easy. Will it be too restrictive or too loose? But, is there any alternative to copy-pasting from previous deployments? Which RBAC permissions s…


“Augmenting eBPF tracing with OpenTelemetry” Alex Boten · Talk (30 minutes)

So you want to know how your applications perform at the kernel level? Combining the power of eBPF with OpenTelemetry provides system operators with the tools necessary to collect, aggregate and visualize telemetry information about systems at large scale.

The extended Berkeley Packet Filter (eBPF)…


“Under the microscope - getting the data we need from OpenFaaS” Pau Rosello · Talk (30 minutes)

A serverless framework provides clear benefits for developers such as easier deployments and scalability. On the other hand, knowing what is really going on is difficult due to the additional abstraction layer and traditional observability methods might not fully work.

While platform metrics, like …


“Building from the Ashes: Lessons Learned From Layoffs” Dana Asbury · Talk (30 minutes)

Have you ever wished that you could have a do-over on building your system? Our team got to do this in an unlikely way. We were tasked to build an e-commerce marketplace running on Kubernetes with Istio in 16 weeks. Months after launching we were all unexpectedly laid off. In the time in between we…


“Dying With Dignity: How to Exit Your Applications Gracefully” Dana Asbury · Lighting talk (5 minutes)

Have you ever wondered why your error rates spike on deployments? Tired of ignoring those 120 second timeouts in your logs? In this talk we will get to the bottom of these common errors and more.

After this talk you will understand:
- What makes a good readiness probe
- The difference between SIG…


“Chaos Engineering: Making Lives Easier!” Chandan Kumar, Harsh Shekhar · Lighting talk (5 minutes)

In this talk, Chandan and Harsh will talk about Chaos Engineering in general and how its application can make the lives of Site Reliability Engineers (SREs) easier and carefree. By introducing chaos one can make rigorous testing in a development environment similar to the production environment. Fo…


“The need for a Cloud Native Tunnel” Alex Ellis, Founder @ OpenFaaS Ltd, CNCF Ambassador · Talk (30 minutes)

Everything was fine, we were developing applications for the cloud on our local laptops, until we needed to integrate with webhooks. Then things got tricky at work, all known solutions were blocked like cryptic socat commands, SSH, Ngrok, Argo Tunnels and we had no budget for an AWS account.

We nee…


“The State of Open Source Serverless” Jonatas "Jojo" Baldin · Talk (30 minutes)

Serverless architecture and technologies change the way software is designed and created by removing server management, cutting costs and providing almost “infinite” scalability.
Notably born as a closed source solution with AWS Lambda in 2014, Serverless has grown in the open source and Cloud Nat…


“How (Not) To Containerise Securely” Andrew Martin · Talk (30 minutes)

Andy has made mistakes. He's seen even more. And in this talk he details the best and the worst of the container and Kubernetes security problems he's experienced, exploited, and remediated.

See how to bypass container and Kubernetes security controls, break out of service meshes, find and drive-by…


“10 Useful Techniques for Making Sense of Istio Service Mesh” Lin Sun · Talk (30 minutes)

We have spent innumerous hours to write the "Istio Explained - Getting Started with Service Mesh" book and get the guiding example up running with Istio service mesh to incrementally enjoy the benefit of the service mesh. We are excited to share our learning in this session! You will be given a qui…


“Wrapping Nebraska around Omaha: Open Sourcing the Container Linux Update Process” Joaquim Rocha · Talk (30 minutes)

While CoreOS Container Linux was extremely popular among the cloud native community, its updates manager (CoreUpdater) was always kept proprietary. In this talk, we share details of a new 100% Open Source project, called Nebraska, which implements the Google-originated Omaha protocol for updating C…


“Kubernetes The Fun Way” Dan Acristinii · Talk (30 minutes)

Kubernetes the Fun Way is a collection of case studies in which Kubernetes and other cloud-native technologies are explored in unrealistic and (somewhat) ridiculous scenarios. The purpose is to create a fun and inclusive learning environment


“Level Up Your Security—A Practical Path from Default to Defended” Malte Isberner · Talk (30 minutes)

Do you know everything running in your clusters? Which pods would an attacker get to first, and would
they be able to burrow into the rest of your cluster?

This talk introduces a phased approach you can use to improve your Kubernetes security posture,
whether you’ve already made some progress or ar…


“Yes, we need a new dashboard!” Joaquim Rocha · Lighting talk (5 minutes)

Kubernetes is a complex project, and one of the goals of UX and design is to make complex things feel simpler, so using a web dashboard for accessing and managing Kubernetes makes a lot of sense. Fortunately, there are many choices out there for those who want to try out dashboards, unfortunately, …


“Closing” Chris Kuehl · Talk (30 minutes)

Closing of Rejekts