2.0 -//Pentabarf//Schedule//EN PUBLISH QGTB3T@@cfp.cloud-native.rejekts.io -QGTB3T Welcome to Cloud Native Rejekts EU 2024! en en 20240317T093000 20240317T094000 0.01000 Welcome to Cloud Native Rejekts EU 2024! PUBLIC CONFIRMED Opening / Welcome https://cfp.cloud-native.rejekts.io/cloud-native-rejekts-eu-paris-2024/talk/QGTB3T/ Arena Benazir Khan PUBLISH QWRFYW@@cfp.cloud-native.rejekts.io -QWRFYW OCI Registry: Beyond Container Images - Easing Air-Gap Deployments en en 20240317T094000 20240317T101000 0.03000 OCI Registry: Beyond Container Images - Easing Air-Gap Deployments Traditionally, container registries have been primarily used for storing container images. However, their potential extends far beyond this conventional use. This expanded functionality needs to be more well known. PUBLIC CONFIRMED Talk https://cfp.cloud-native.rejekts.io/cloud-native-rejekts-eu-paris-2024/talk/QWRFYW/ Arena Stéphane Este-Gracias PUBLISH YTLDLB@@cfp.cloud-native.rejekts.io -YTLDLB Microsoft - 5 mins Keynote on Community Initiatives en en 20240317T101000 20240317T101500 0.00500 Microsoft - 5 mins Keynote on Community Initiatives PUBLIC CONFIRMED Sponsor Keynote Speech https://cfp.cloud-native.rejekts.io/cloud-native-rejekts-eu-paris-2024/talk/YTLDLB/ Arena Andy Randall PUBLISH 39JA3U@@cfp.cloud-native.rejekts.io -39JA3U How eBPF Actually Works en en 20240317T101500 20240317T104500 0.03000 How eBPF Actually Works We’ll take a simple eBPF program and step through everything that happens to it. How it’s compiled, what is eBPF bytecode and what it looks like, how the kernel loads it, how the verifier works, how the JIT compiles it and what to, and finally how the kernel hooks its own function calls with the compiled eBPF. At each step we’ll follow through our example, from source code, to eBPF byte code, to JIT compiled for the running platform. We’ll investigate some relevant parts of the Linux kernel source code, and learn what’s really happening when you run eBPF code. PUBLIC CONFIRMED Talk https://cfp.cloud-native.rejekts.io/cloud-native-rejekts-eu-paris-2024/talk/39JA3U/ Arena James Laverack PUBLISH MF3EAL@@cfp.cloud-native.rejekts.io -MF3EAL Cisco - 5 mins Keynote on Community Initiatives en en 20240317T104500 20240317T105000 0.00500 Cisco - 5 mins Keynote on Community Initiatives PUBLIC CONFIRMED Sponsor Keynote Speech https://cfp.cloud-native.rejekts.io/cloud-native-rejekts-eu-paris-2024/talk/MF3EAL/ Arena Stephen Augustus PUBLISH TWUHAU@@cfp.cloud-native.rejekts.io -TWUHAU Don’t Do What Charlie Don’t Does - Avoiding Common CRD Design errors en en 20240317T111000 20240317T114000 0.03000 Don’t Do What Charlie Don’t Does - Avoiding Common CRD Design errors PUBLIC CONFIRMED Talk https://cfp.cloud-native.rejekts.io/cloud-native-rejekts-eu-paris-2024/talk/TWUHAU/ Arena Nick Young PUBLISH JDGQQG@@cfp.cloud-native.rejekts.io -JDGQQG Choose Your Own Adventure: The Perilous Passage to Production en en 20240317T114500 20240317T121500 0.03000 Choose Your Own Adventure: The Perilous Passage to Production PUBLIC CONFIRMED Talk https://cfp.cloud-native.rejekts.io/cloud-native-rejekts-eu-paris-2024/talk/JDGQQG/ Arena Viktor Farcic Whitney Lee PUBLISH HLWFXF@@cfp.cloud-native.rejekts.io -HLWFXF Context-Based Security: What Your Cloud Native Apps Really Need en en 20240317T140000 20240317T143000 0.03000 Context-Based Security: What Your Cloud Native Apps Really Need PUBLIC CONFIRMED Talk https://cfp.cloud-native.rejekts.io/cloud-native-rejekts-eu-paris-2024/talk/HLWFXF/ Arena Oshrat Nir PUBLISH ZJEVSY@@cfp.cloud-native.rejekts.io -ZJEVSY Beyond the Surface - Exploring Attacker Persistence Strategies in Kubernetes en en 20240317T143500 20240317T150500 0.03000 Beyond the Surface - Exploring Attacker Persistence Strategies in Kubernetes PUBLIC CONFIRMED Talk https://cfp.cloud-native.rejekts.io/cloud-native-rejekts-eu-paris-2024/talk/ZJEVSY/ Arena Rory McCune PUBLISH DWCTDG@@cfp.cloud-native.rejekts.io -DWCTDG Migrating 2 million CPU cores to Kubernetes en en 20240317T151000 20240317T154000 0.03000 Migrating 2 million CPU cores to Kubernetes PUBLIC CONFIRMED Talk https://cfp.cloud-native.rejekts.io/cloud-native-rejekts-eu-paris-2024/talk/DWCTDG/ Arena Lucy Sweet PUBLISH LMPRM3@@cfp.cloud-native.rejekts.io -LMPRM3 On creating a common framework for eBPF data collection en en 20240317T160000 20240317T163000 0.03000 On creating a common framework for eBPF data collection PUBLIC CONFIRMED Talk https://cfp.cloud-native.rejekts.io/cloud-native-rejekts-eu-paris-2024/talk/LMPRM3/ Arena Chris Kuehl PUBLISH KCN3QV@@cfp.cloud-native.rejekts.io -KCN3QV From Fragile to Resilient: ValidatingAdmissionPolicies Strengthen Kubernetes en en 20240317T163500 20240317T170500 0.03000 From Fragile to Resilient: ValidatingAdmissionPolicies Strengthen Kubernetes PUBLIC CONFIRMED Talk https://cfp.cloud-native.rejekts.io/cloud-native-rejekts-eu-paris-2024/talk/KCN3QV/ Arena Marcus Noble PUBLISH FZCA3P@@cfp.cloud-native.rejekts.io -FZCA3P Open Source Project Growth: The Non-Technical Needs for Driving Project Growth en en 20240317T171000 20240317T174000 0.03000 Open Source Project Growth: The Non-Technical Needs for Driving Project Growth Founders and maintainers of open source projects have a good idea of what is needed from a technology standpoint to grow their project and provide technology value. In this talk, I will cover the non-technical things that are important and just down-right critical to project success. * Messaging and outlining the business value of the project and why someone should care. * The go-to-market plan for the open source project. How you will communicate about the project, how to handle project release launches, effective communications, the content plan, the web plan, events, and partnering with other projects to increase your visibility. * Community building including digital platforms, engagement, and how to grow members from users to contributors to advocates. PUBLIC CONFIRMED Talk https://cfp.cloud-native.rejekts.io/cloud-native-rejekts-eu-paris-2024/talk/FZCA3P/ Arena Kim McMahon PUBLISH GQAGX3@@cfp.cloud-native.rejekts.io -GQAGX3 What’s new in the Kubernetes Gateway API en en 20240317T174500 20240317T181500 0.03000 What’s new in the Kubernetes Gateway API PUBLIC CONFIRMED Talk https://cfp.cloud-native.rejekts.io/cloud-native-rejekts-eu-paris-2024/talk/GQAGX3/ Arena Abdelfettah SGHIOUAR PUBLISH WPUDHQ@@cfp.cloud-native.rejekts.io -WPUDHQ burnout++ — Recognizing and Managing Burnout en en 20240317T111000 20240317T114000 0.03000 burnout++ — Recognizing and Managing Burnout Also available at https://chrisshort.net/cfp/burnout++ What is Burnout? Definitions (sourced) Who it impacts? Yes. Even kids deal with this. Personal Story Thread: The year of yes can turn into years of “please stop” Burnout+ Veteran Injured (disabled veteran; disability in general) Have Kids (always stressful or worrisome) Contribute to open source (never feel like you’re doing your best) Have a side hustle (Yeah, I wrote a weekly newsletter for six years) Dealing with it all (do it before you snap) Introduce a Little Chaos A miscarriage A job lost/layoffs A global pandemic Toxic family members Personal Story Thread: A Netflix series that hit WAY too close to home Welcome to burnout++ — Managing the Chaos Friends & Family - Prioritize family, tell your friends, be forward Compartmentalization (lock it in a box for short bursts) !!!WARNING!!! The truth will set you free; be honest with yourself Medical Conditions Can Occur Due to Burnout Increased anxiety (all the way up to paralyzing panic attacks) Fatigue, repetitive use injuries, etc. Clouded thoughts Mood swings High blood pressure (living in the red) Far Worse Fight or Flight You can be in a constant fight mode; this is what, “The fog of war,” kinda comes from This feeling is built into our DNA Being aware of your body and the remedies needed to center yourself Meditation, grounding, situational awareness, and much more Everything is interconnected When I get anxious; I don’t think clearly When I get anxious; my blood pressure goes up When I get anxious; my pain levels go up This interconnectedness has completely wiped me out before (story about the last panic attack) All this starts like a snowball heading down a mountain; once you get to the end you have a devastating avalanche If the anxiety builds daily over time a blow up is bound to happen Acceptance The sooner you accept the situation you’re in the sooner you can improve it DevOps the shit out of it (“Martian” Science Meme) Forgiveness This is not entirely your fault Give yourself some grace Reach out to a friend Accept who you are This will get better Moving Forward Keep yourself organized Realize that you need to be able to communicate effectively what’s happening to you and what you’re going through Find habits that genuinely bring you peace Let go of your fears Notes and Anecdotes How many of you have weighed leaving a certification course at lunch because you were in so much pain? How many of you didn’t end up leaving because you realized you didn’t have enough pain meds to not make you feel guilty about laying in bed all afternoon? Sources https://burnoutindex.yerbo.co/ https://www.psychologytoday.com/us/blog/high-octane-women/201311/the-tell-tale-signs-burnout-do-you-have-them https://www.mayoclinic.org/healthy-lifestyle/adult-health/in-depth/burnout/art-20046642 https://www.helpguide.org/articles/stress/burnout-prevention-and-recovery.htm https://www.ncbi.nlm.nih.gov/books/NBK279286/ https://www.verywellmind.com/stress-and-burnout-symptoms-and-causes-3144516 https://www.forbes.com/sites/learnvest/2013/04/01/10-signs-youre-burning-out-and-what-to-do-about-it/#6389dff9625b https://www.thoracic.org/patients/patient-resources/resources/burnout-syndrome.pdf https://www.merriam-webster.com/dictionary/burnout https://globalnews.ca/news/3639388/burnout-syndrome-symptoms-stress/ https://www.theguardian.com/women-in-leadership/2016/jan/21/spot-the-signs-of-burnout-before-it-hits-you http://news.bbc.co.uk/sport2/hi/academy/4244782.stm https://devopsish.com/292/ https://chrisshort.net/life-after-devopsish/ https://hbr.org/2023/04/a-two-minute-burnout-checkup https://hbr.org/2023/05/when-your-employee-tells-you-theyre-burned-out PUBLIC CONFIRMED Talk https://cfp.cloud-native.rejekts.io/cloud-native-rejekts-eu-paris-2024/talk/WPUDHQ/ VIP Area Chris Short PUBLISH LLBFT8@@cfp.cloud-native.rejekts.io -LLBFT8 Empathy in Cloud Native Governance: Addressing Bias for Inclusive Decisions en en 20240317T114500 20240317T121500 0.03000 Empathy in Cloud Native Governance: Addressing Bias for Inclusive Decisions PUBLIC CONFIRMED Talk https://cfp.cloud-native.rejekts.io/cloud-native-rejekts-eu-paris-2024/talk/LLBFT8/ VIP Area Kunal Kushwaha Aakansha Priya PUBLISH NLYLSK@@cfp.cloud-native.rejekts.io -NLYLSK Progressive Delivery with Istio and Gateway API plugin for Argo Rollouts en en 20240317T143500 20240317T150500 0.03000 Progressive Delivery with Istio and Gateway API plugin for Argo Rollouts PUBLIC CONFIRMED Talk https://cfp.cloud-native.rejekts.io/cloud-native-rejekts-eu-paris-2024/talk/NLYLSK/ VIP Area Alessandro Vozza PUBLISH LXXPWR@@cfp.cloud-native.rejekts.io -LXXPWR Fluent Bit, the engine to power Chat Ops en en 20240317T151000 20240317T154000 0.03000 Fluent Bit, the engine to power Chat Ops In this session, we’ll look at these capabilities of Fluent Bit that can help us not just get data to the tools for metrics visualization and alarms and post-event analysis but also help us to react more quickly and potentially pre-emptively and show a thought-provoking demo of how Fluent Bit could be used to help empower ops so that we can look after our ‘pets’ or avoid the ‘cattle’ stampeding. This presentation puts emphasis on the often-overlooked opportunities that CNCF’s Fluent Bit can offer in the operational space. The novelty and uniqueness of this presentation will help convey the value and opportunities that Fluent Bit can offer. This is a presentation that hasn’t been seen before at Kubecon The session presenters are engaged with the Fluent Bit project. Phil Wilkins is the author of a book on Fluentd and currently authoring a book on Fluent Bit with Kubernetes. Both Patrick & Phil have previously presented at CNCF meetups and other conferences. PUBLIC CONFIRMED Talk https://cfp.cloud-native.rejekts.io/cloud-native-rejekts-eu-paris-2024/talk/LXXPWR/ VIP Area Patrick Stephens PUBLISH N7MTPK@@cfp.cloud-native.rejekts.io -N7MTPK Will ARM be the new Mainstream in our Data Centers? en en 20240317T160000 20240317T163000 0.03000 Will ARM be the new Mainstream in our Data Centers? Similar to ARM for the desktop, ARM for cloud native workload could be a game changer and make operation of our workload more efficient and cheaper. The big hyperscalers such as AWS, Google, Azure already have ARM based machines available in their data centers. We already see huge potential for ARM in edge devices in IOT use cases, but also at classical on-premise or edge data centers. Running future application stacks in a most efficient way will save energy. Lower energy usage, with fewer devices for hosting the same amount of machines, means also lower costs. That efficiency makes it attractive for everyone, including on-premise data centers. The talk will show what is already possible and where there are limitations in the CNCF ecosystem. A live demo will show differences during build- and run-time on a characteristic application stack for enterprise workload. The audience will see if the technology has a real chance to be the “next thing” at their datacenter by using cloud native technologies. PUBLIC CONFIRMED Talk https://cfp.cloud-native.rejekts.io/cloud-native-rejekts-eu-paris-2024/talk/N7MTPK/ VIP Area Tobias Schneck PUBLISH 8EK3UD@@cfp.cloud-native.rejekts.io -8EK3UD Using GitOps to Simplify Cluster API Provider Management en en 20240317T163500 20240317T170500 0.03000 Using GitOps to Simplify Cluster API Provider Management PUBLIC CONFIRMED Talk https://cfp.cloud-native.rejekts.io/cloud-native-rejekts-eu-paris-2024/talk/8EK3UD/ VIP Area Mikhail Fedosin Danil Grigorev PUBLISH AH8RBP@@cfp.cloud-native.rejekts.io -AH8RBP The Magic of Backing Service Provisioning and Consumption With Crossplane and ServiceBindings en en 20240317T171000 20240317T174000 0.03000 The Magic of Backing Service Provisioning and Consumption With Crossplane and ServiceBindings PUBLIC CONFIRMED Talk https://cfp.cloud-native.rejekts.io/cloud-native-rejekts-eu-paris-2024/talk/AH8RBP/ VIP Area Timo Salm PUBLISH HHNFJH@@cfp.cloud-native.rejekts.io -HHNFJH Demystifying CNI - Writing a CNI from scratch en en 20240318T093000 20240318T100000 0.03000 Demystifying CNI - Writing a CNI from scratch PUBLIC CONFIRMED Talk https://cfp.cloud-native.rejekts.io/cloud-native-rejekts-eu-paris-2024/talk/HHNFJH/ Arena Filip Nikolic PUBLISH FNNCU3@@cfp.cloud-native.rejekts.io -FNNCU3 Kubernetes as entities: Applying Systems Thinking to observe K8s Beyond Metrics, Traces and Logs en en 20240318T100500 20240318T103500 0.03000 Kubernetes as entities: Applying Systems Thinking to observe K8s Beyond Metrics, Traces and Logs In the realm of Kubernetes, Observability traditionally revolves around Logs, Metrics, and Traces, offering valuable insights into system performance and behaviour. However, this approach often falls short in managing the overwhelming volume of generated data or grasping the intricate interactions among Kubernetes components, failing to present users with a simplified view of the system's health according to their needs. To attain true comprehensive observability, a paradigm shift is essential. Applying 'Systems Thinking' provides a framework for understanding the relationships between different resources and their mutual impact. Join us in this discussion where we will delve into: 1. The challenges associated with using the conventional 3 Pillars Observability approach in the context of Kubernetes. 2. An introduction to Systems Thinking concepts and how they can be utilised to identify Kubernetes entities, establish boundaries, understand functions, and formalise relationships. 3. Applying Systems Thinking techniques such as abstraction and decomposition to facilitate a more holistic perspective of Kubernetes. 4. Practical strategies for observing Kubernetes entities using the inherent correlation capabilities of the OpenTelemetry project. PUBLIC CONFIRMED Talk https://cfp.cloud-native.rejekts.io/cloud-native-rejekts-eu-paris-2024/talk/FNNCU3/ Arena Miguel Luna PUBLISH NFRNHS@@cfp.cloud-native.rejekts.io -NFRNHS Too Many CRDs? I Say Not Enough!: Leveraging Crossplane & ClusterAPI for Effective Platform Delivery en en 20240318T104000 20240318T111000 0.03000 Too Many CRDs? I Say Not Enough!: Leveraging Crossplane & ClusterAPI for Effective Platform Delivery As the knowledge and exposure to Kubernetes grows, so does the set of tools and components which form the platforms we build, but the fragmented nature of Kubernetes can pose a challenge to platform teams. While most of us are already building abstractions with Helm charts or OpenTofu modules (among others), Crossplane allows us to do so in a Kubernetes pseudo-native way, without needing to write custom operators. Being able to build your own abstractions into the Kubernetes API and have your own CRDs (Crossplane's XRDs) so easily is an incredibly powerful feature of Crossplane, and more people should be made aware of it. Given that there are organizations and teams who are skeptical about the abundance of CRDs, I would like provide a moment to, not only challenge that perception, but also to invite them to reflect on the way they are building their platforms. The talk serves as a practical guide as well as a reflection, encouraging platform engineers to think about how Crossplane can help them defining their precise blueprints for infrastructure and service provisioning. It is not only a technical talk about how to build platforms with Crossplane, but it also includes a discussion about making efficient use of CRDs. PUBLIC CONFIRMED Talk https://cfp.cloud-native.rejekts.io/cloud-native-rejekts-eu-paris-2024/talk/NFRNHS/ Arena Carlos Mestre del Pino PUBLISH W9DAEB@@cfp.cloud-native.rejekts.io -W9DAEB Crossplane Composition Functions Step by Step en en 20240318T113000 20240318T120000 0.03000 Crossplane Composition Functions Step by Step PUBLIC CONFIRMED Talk https://cfp.cloud-native.rejekts.io/cloud-native-rejekts-eu-paris-2024/talk/W9DAEB/ Arena Stefano Borrelli PUBLISH MZPS7T@@cfp.cloud-native.rejekts.io -MZPS7T Cloud Friendly(?) Jenkins. How we failed to make Jenkins cloud native and what we learned? en en 20240318T120500 20240318T123500 0.03000 Cloud Friendly(?) Jenkins. How we failed to make Jenkins cloud native and what we learned? Jenkins has evolved a lot. It integrates with many tools and projects from the CNCF landscape. With their help you can make Jenkins cloud friendly and get the most of that in your Kubernetes clusters. My talk will go way beyond the “let’s provision agents in Kubernetes” and cover attempts to make Jenkins fully compliant with the CNCF definition. Almost all projects succeeded, but Jenkins is not cloud native for sure. So what went wrong? The key benefit is showing what obstacles to expect, and why one has to be careful about the assumptions they make. We also discuss what is the difference between Cloud Friendly and Cloud Native, and why the prior is someone really needs. It could be a good retro for those who are yet to start their cloud native migration projects. - https://www.jenkins.io/blog/2018/07/30/introducing-cloud-native-sig/ - https://www.jenkins.io/project/roadmap/ - https://jenkins-x.io/ - https://www.jenkins.io/doc/book/using/pluggable-storage/ - https://www.jenkins.io/projects/jenkins-operator/ - https://github.com/jenkinsci/jenkinsfile-runner PUBLIC CONFIRMED Talk https://cfp.cloud-native.rejekts.io/cloud-native-rejekts-eu-paris-2024/talk/MZPS7T/ Arena Oleg Nenashev PUBLISH TRGD9S@@cfp.cloud-native.rejekts.io -TRGD9S External Traffic Engineering with Cilium en en 20240318T140000 20240318T143000 0.03000 External Traffic Engineering with Cilium Integrating cloud-native applications into existing, non-Kubernetes environments brings a lot of new challenges for infrastructure professionals. These legacy environments often dictate the need for fine-grained control of traffic going over a security perimeter with stateful inspection on firewalls and intrusion detection systems. Whether you’re doing it to stay compliant with industry regulations or to improve your security posture, the problems still need to be addressed and the burden lies on the team managing the Kubernetes cluster. Very few talks and tutorials about Kubernetes networking focus on external traffic and often gloss over the details of integration with the wider IT ecosystem. With this session the audience has a chance to get a deeper understanding of typical patterns for ingress and egress traffic engineering. This is beneficial as provided examples and design patterns can be reused in any Kubernetes cluster. We don’t assume much networking knowledge, but the tutorial is a mix of intermediate and more advanced topics. Whether you’re deploying in the cloud, hybrid or multi-site environments, this tutorial will have something to address your needs. If you bring your laptop, you can also follow along our hands-on labs, designed to demonstrate the explained concepts. PUBLIC CONFIRMED Talk https://cfp.cloud-native.rejekts.io/cloud-native-rejekts-eu-paris-2024/talk/TRGD9S/ Arena Piotr Jabłoński Michael Kashin PUBLISH KEYQD9@@cfp.cloud-native.rejekts.io -KEYQD9 Unlocking the Gateway: A Practical Guide from Ingress to Gateway API en en 20240318T143500 20240318T150500 0.03000 Unlocking the Gateway: A Practical Guide from Ingress to Gateway API With Gateway API recently graduating to General Availability (GA) and gaining increased support from major cloud providers and leading mesh projects, more and more people are interested in upgrading to the API. This talk stands apart as more than just an introduction. It will bridge that gap and offer tangible, real-world examples that resonate with the audience. It will introduce ingress2gateway, a tool designed within SIG-Network to make the migration less intimidating, providing a robust entry point and easy support for different mesh projects and cloud providers. The talk will tackle common challenges head-on, addressing burning questions like "How do I test my Gateway?" and "How do I safely shift DNS?" or "What if I need to relocate a certificate to the Gateway?" and “How do I even choose an implementation?” By the end of this session, our anticipation is that the audience will emerge not only more confident but equipped with practical insights to dive into Gateway API, explore its features, and unlock its benefits with newfound confidence. PUBLIC CONFIRMED Talk https://cfp.cloud-native.rejekts.io/cloud-native-rejekts-eu-paris-2024/talk/KEYQD9/ Arena Lior Lieberman Mattia Lavacca PUBLISH UJAZR9@@cfp.cloud-native.rejekts.io -UJAZR9 From Sherlock to Skynet: Navigating Cloud-Native Terrain with OpenTelemetry and Runtime Security en en 20240318T151000 20240318T154000 0.03000 From Sherlock to Skynet: Navigating Cloud-Native Terrain with OpenTelemetry and Runtime Security PUBLIC CONFIRMED Talk https://cfp.cloud-native.rejekts.io/cloud-native-rejekts-eu-paris-2024/talk/UJAZR9/ Arena Arsh Sharma Ramiro Berrelleza PUBLISH D93NPJ@@cfp.cloud-native.rejekts.io -D93NPJ Bringing it all together: unifying multiple cloud native projects into a coherent UI experience en en 20240318T154500 20240318T161500 0.03000 Bringing it all together: unifying multiple cloud native projects into a coherent UI experience The landscape of CNCF projects related to Kubernetes is famously vast and rich, each helping its users solve the problems it was designed for. When it comes to using those tools though, even if they provide a graphical/textual user-interface, users still have to set up or run those different UIs, which may be inconsistent in configuration, design, and experience. What is needed is a common, vendor-neutral, graphical UI platform focused on Kubernetes, on which those various projects can offer their own experience in a unified, consistent way. Headlamp is a CNCF Sandbox project designed to enable this scenario via an extensible GUI with support for plug-ins. In this talk, we share how the Headlamp project has accomplished this, and demonstrate a range of plug-ins that highlight the capabilities of those cloud-native tools, while integrating them in a single UI for a coherent user experience. We will share the process we followed and how other projects can onboard into Headlamp. PUBLIC CONFIRMED Talk https://cfp.cloud-native.rejekts.io/cloud-native-rejekts-eu-paris-2024/talk/D93NPJ/ Arena Joaquim Rocha PUBLISH LBCQWB@@cfp.cloud-native.rejekts.io -LBCQWB The attacker's guide to exploiting secrets in the Universe en en 20240318T163000 20240318T170000 0.03000 The attacker's guide to exploiting secrets in the Universe #Section 1 - Introduction to Secrets ###Part 1: What are secrets Most attendees will likely have a good understanding of secrets but to ensure everyone is on the same page we quickly break down exactly what they are and why they are so sensitive. ###Part 2: How attackers use secrets, the anatomy of recent attacks Secrets are more than just an opportunity for initial access, they can be discovered and used at all stages of an attack. In this section, we break down recent high-profile breaches to show how attackers discovered and used secrets at different stages including 2022 Uber Breach, 2023 CircleCI breach, and 2021 Codecov breach. #Section 2 - Exploiting secrets in source code ###Part 1: Abusing the GitHub Public API GitHub contains a huge amount of data, more than a billion commits were made publicly in 2022. The GitHub public events API https://api.github.com/events is a firehose of data that contains everything that happens publicly. This API can be abused to identify high-value targets such as company employees and used to discover literally millions of secrets. ###Part 2: Scanning networks for exposed .git directories Private repositories are a much more fruitful resource when it comes to discovering secrets. One way of gaining access to these private repositories is to scan public servers. Recent research shows 2 million IP addresses had .git folder structure accessible to the public. We break down how to scan networks for these folders and scan these for secrets. ###Part 3: Finding misconfigurations in git servers Git server misconfigurations are another very common way to gain access to private repositories. This was the case when all of Twitch’s source code was leaked due to a configuration change. In this section, we explore how to identify weak or broken access in git servers. ###Part 4: Buying access and phishing Buying access can feel like cheating but the nature of git means that multiple employees have access to repositories and if all else fails you can fall back to the trusted techniques of phishing for access or buying credentials from the dark web. During this section, we will show the example of the Uber breach in 2022 where credentials were phished and sold granting an attacker access to the network and source code. #Section 3 - Secrets in compiled applications ###Part 1: Overview of secrets in compiled applications Moving away from source code and git repositories we begin our exploration into how we can discover secrets in compiled applications, in both Docker images and Android mobile applications. ###Part 2: Anatomy of a Docker Image During this section, we use tools like Dive to show exactly how docker images are made up and how they can be easily reversed with tools. ###Part 3: Scanning for secrets in docker images We do a quick demo of using secrets detection tools to discover secrets inside docker images. We will also do new unreleased research to show how 5% of Docker images contain secrets and exactly what are the most common types of secrets to find. During this section we will look at the CodeCov breach to show how malicious actors have used these methods in a real attack. ###Part 4: Secrets in Android and IOS mobile applications During this section, we focus on research showing how common it is to discover secrets inside mobile applications. This will include research that shows about half of applications on the Play Store contain at least 1 plain text credential with 10% of these secrets being critical. We will also walk through the result from a penetration test involving a tier 1 bank that was breached due to hardcoded secrets in their mobile application. ###Part 5: Demo - decompiling and scanning Here we will show how to pipe together multiple open-source tools to be able to extract APKs and IPAs from the Google Play Store and Apple App Store, decompile them and quickly scan them for secrets. PUBLIC CONFIRMED Talk https://cfp.cloud-native.rejekts.io/cloud-native-rejekts-eu-paris-2024/talk/LBCQWB/ Arena Mackenzie Jackson PUBLISH YAYJS8@@cfp.cloud-native.rejekts.io -YAYJS8 The Bang! - When bad things happen to your data en en 20240318T170500 20240318T173500 0.03000 The Bang! - When bad things happen to your data Both speakers combine their expertise to bring more awareness to data security. Anais has several years of experience in the cloud native security space, where she has helped dozens of users to implement open source security scanning with Trivy. Michael Cade is an expert in all things data storage and management for cloud native environments. A lot of the time, people will talk in isolation about both topics. Resulting, security professionals are unaware of database management processes and, thus, do not provide the right guidance on preventing and dealing with incidents. Looking at this table of data breaches from 2021: https://github.com/rapid7/data/blob/main/2021-cloud-misconfigurations/2021-cloud-misconfigurations.csv Most misconfiguration issues expose customer/user data publicly due to misconfigured and insecure data storage. This risk can be minimised through the right policies and security scanning. However, in cases where no misconfiguration is identified, our data security depends on the right data protection and disaster recovery strategies to ensure the availability of our data services. In this talk, the speakers will go through trial incidents ("the bang") to showcase the best strategies for minimising the damage to businesses and customers and also to share strategies for reducing the risk of similar issues in the future. PUBLIC CONFIRMED Talk https://cfp.cloud-native.rejekts.io/cloud-native-rejekts-eu-paris-2024/talk/YAYJS8/ Arena Anais Urlichs Michael Cade PUBLISH JUBTCX@@cfp.cloud-native.rejekts.io -JUBTCX Unlocking New Possibilities: Bridging Linux and Kubernetes en en 20240318T174000 20240318T174500 0.00500 Unlocking New Possibilities: Bridging Linux and Kubernetes "Unlocking New Possibilities: Bridging Linux and Kubernetes" Platform engineering thrives on Linux and Kubernetes, reveling in the structured approach and adaptability of the Linux filesystem. But what if we could blend these worlds? Imagine harnessing Linux's concepts—like directory trees and mounts—within Kubernetes: Mount your dev-cluster: kubeconfig mount dev-cluster clusters:dev Or access the prod-cluster: kubeconfig mount prod-cluster clusters:prod Navigate effortlessly: kubeconfig cd clusters:prod This session delves into a powerful revelation: innovation doesn’t always demand new tools. Instead, let's explore how revisiting established principles can revolutionize our approach. Join us to discover how leveraging proven strategies from one domain can dynamically transform another, opening doors to new efficiencies and possibilities. PUBLIC CONFIRMED Lightning Talk https://cfp.cloud-native.rejekts.io/cloud-native-rejekts-eu-paris-2024/talk/JUBTCX/ Arena Mangirdas PUBLISH HUSACY@@cfp.cloud-native.rejekts.io -HUSACY Kubernetes Operators: The Power of Automation en en 20240318T174500 20240318T175000 0.00500 Kubernetes Operators: The Power of Automation This Talk is for attendees who want to cut through the complexity and understand how Kubernetes Operators simplify application management. Whether you're a newcomer to Kubernetes or a seasoned pro, this presentation offers valuable insights. By the end of this Lightning Talk, attendees will Have a clear understanding of what Kubernetes Operators are and why they are essential. Gain insight into the diverse range of Operators available and their real-world applications. Walk away with a sense of empowerment, ready to explore the world of Kubernetes Operators further. PUBLIC CONFIRMED Lightning Talk https://cfp.cloud-native.rejekts.io/cloud-native-rejekts-eu-paris-2024/talk/HUSACY/ Arena Edith Puclla PUBLISH LNNLSQ@@cfp.cloud-native.rejekts.io -LNNLSQ CEL to the rescue: applying the common expression language to secure hundreds of servers at once. en en 20240318T175000 20240318T175500 0.00500 CEL to the rescue: applying the common expression language to secure hundreds of servers at once. 90% of respondents in Red Hat’s State of Kubernetes security report 2023 had at least one security incident in the past 12 months, with attacks on Kubernetes environments increasing by 300% over the last two years. Many early practitioners believe Kubernetes is secure, but reality is very different. Fortunately, there are several tools which can be used to enhance Kubernetes security and enforce best practices. CEL's adoption represents a significant opportunity, not only in admission policies but also within the larger Kubernetes ecosystem. With its debut in version 1.26, and its extension to authentication from version 1.29 onwards, this is an opportune moment to discuss the language and elucidate the advantages of its practical adoption. PUBLIC CONFIRMED Lightning Talk https://cfp.cloud-native.rejekts.io/cloud-native-rejekts-eu-paris-2024/talk/LNNLSQ/ Arena João Brito PUBLISH FUT7EF@@cfp.cloud-native.rejekts.io -FUT7EF I explained Kubernetes to my grandma! en en 20240318T175500 20240318T180000 0.00500 I explained Kubernetes to my grandma! In this lighthearted and engaging lightning talk, I share my unconventional approach to demystifying Kubernetes by explaining it to my Italian grandma, using food analogies. PUBLIC CONFIRMED Lightning Talk https://cfp.cloud-native.rejekts.io/cloud-native-rejekts-eu-paris-2024/talk/FUT7EF/ Arena Matteo Bianchi PUBLISH WTV9DM@@cfp.cloud-native.rejekts.io -WTV9DM SUSE - 5 mins Closing Keynote on Community Initiatives en en 20240318T183000 20240318T183500 0.00500 SUSE - 5 mins Closing Keynote on Community Initiatives PUBLIC CONFIRMED Sponsor Keynote Speech https://cfp.cloud-native.rejekts.io/cloud-native-rejekts-eu-paris-2024/talk/WTV9DM/ Arena Divya Mohan PUBLISH LLZZTA@@cfp.cloud-native.rejekts.io -LLZZTA Exchanging third-party tokens in Dex and how it helps you to build a secure cloud native environment en en 20240318T093000 20240318T100000 0.03000 Exchanging third-party tokens in Dex and how it helps you to build a secure cloud native environment Dex can perform as an essential building block of the cloud native infrastructure built on self-hosted, Open Source, CNCF-backed solutions — with which Dex easily integrates — for both production and non-production use cases. Therefore, delivering such features that encourage new applications of Dex and showcasing them is beneficial to get a bigger community of Dex adopters and potential project contributors. It becomes even more relevant when we consider a growing focus on fostering security for cloud native environments. PUBLIC CONFIRMED Talk https://cfp.cloud-native.rejekts.io/cloud-native-rejekts-eu-paris-2024/talk/LLZZTA/ VIP Area Maksim Nabokikh PUBLISH P3K7UB@@cfp.cloud-native.rejekts.io -P3K7UB Understanding the Cloud Native Security Landscape en en 20240318T100500 20240318T103500 0.03000 Understanding the Cloud Native Security Landscape PUBLIC CONFIRMED Talk https://cfp.cloud-native.rejekts.io/cloud-native-rejekts-eu-paris-2024/talk/P3K7UB/ VIP Area Mike Coleman PUBLISH 8ZR3VA@@cfp.cloud-native.rejekts.io -8ZR3VA A hitchhiker's guide to CNCF/OSS observability solutions around Kubernetes en en 20240318T104000 20240318T111000 0.03000 A hitchhiker's guide to CNCF/OSS observability solutions around Kubernetes Out of the box, vanilla Kubernetes provides a few tools to help with observability such as basic logging with kubectl logs and basic metrics if you have metrics-server. This alone is not enough. We don't have fine-grained metrics, logs, data retention, or tracing, for example. These things can empower you when planning cluster capacity, troubleshooting bugs, or proactively anticipating operational issues, which are all steps in being production ready. We want to help others decide which aspects and technologies should be considered when approaching observability of their clusters and apps. We will show them one way to set up an observability stack using some of the many tools in the CNCF landscape as well as other OSS technologies that we have personal experience with. We will also talk about how mature these solutions are, what they can bring now and what to expect in the future. PUBLIC CONFIRMED Talk https://cfp.cloud-native.rejekts.io/cloud-native-rejekts-eu-paris-2024/talk/8ZR3VA/ VIP Area Matthias Haeussler Tiffany Jernigan PUBLISH CRAQLT@@cfp.cloud-native.rejekts.io -CRAQLT Building Resilient Observability Pipelines in Kubernetes with OpenTelemetry Collector en en 20240318T113000 20240318T120000 0.03000 Building Resilient Observability Pipelines in Kubernetes with OpenTelemetry Collector As contributors to the OpenTelemetry Collector and Operator, we frequently encounter users who are able to get started with those components for testing and proof-of-concept environments, but are not confident enough to run it in production. This session will empower users to reliably use the OpenTelemetry Collector and Operator in production, by explaining and demonstrating the use of strategies such as load balancing, batching, concurrency, and general resiliency techniques. PUBLIC CONFIRMED Talk https://cfp.cloud-native.rejekts.io/cloud-native-rejekts-eu-paris-2024/talk/CRAQLT/ VIP Area Yuri Oliveira Sa Juraci Paixão Kröhling PUBLISH FPVXV8@@cfp.cloud-native.rejekts.io -FPVXV8 An IDE for Ops Should Be Integral to Your Docs en en 20240318T120500 20240318T123500 0.03000 An IDE for Ops Should Be Integral to Your Docs Since the rise of the Docs as Code approach, with tools like Python’s Sphinx, Jekyll, Mkdocs, Docusaurus, and rustdoc, we've seen improved frameworks and communities helping us consistently deliver high-quality external documentation. However, what about your team’s internal docs? The docs your team relies on to develop, test, and break/fix infra, services, and do development daily? In practice, efforts to “fully script everything” fall flat, and written internal docs - a snapshot in time - are quickly outdated. Fully scripting everything (inside and outside pipelines) isn't just complex. It's often brittle, too. Especially the closer automation gets to the engineer; human interfaces starkly differ from uniform machines. This talk emphasizes the need for improved internal documentation. Documentation needs to clearly explain the WHAT and WHY, while also providing a step-by-step HOW, allowing contributors, developers, and users to better understand key aspects such as: - The purpose of different technologies and services - Navigating various platforms for project management and collaboration (like GitHub, GitLab, etc.) - Identifying personal/service credentials and user-specific configurations - Determining where and when to run scripts or pipelines, etc This approach paves the way for effective knowledge sharing. Traditionally, teams rely on intensive onboarding to acquire project-specific knowledge, without formal training or prior experience. Any existing documentation, if available, often becomes outdated quickly. Join this session to explore a better approach to maintaining up-to-date, user-friendly, and runnable documentation that spreads know-how instead of allowing it to fall into the realm of tribal knowledge. PUBLIC CONFIRMED Talk https://cfp.cloud-native.rejekts.io/cloud-native-rejekts-eu-paris-2024/talk/FPVXV8/ VIP Area Sebastian Tiedtke PUBLISH KHFPCL@@cfp.cloud-native.rejekts.io -KHFPCL No GitOps Pain, No Platform gain: Day 2 Challenges of Managing Kubernetes Fleets with GitOps en en 20240318T151000 20240318T154000 0.03000 No GitOps Pain, No Platform gain: Day 2 Challenges of Managing Kubernetes Fleets with GitOps GitOps has really taken flight recently and more and more companies are adopting the GitOps principles. Still, the journey only starts with deploying a GitOps tool. You have to plan and prepare the structure of your git repositories, do upgrades and migrations, and ensure monitoring and security. In this session, I want to share our most important learnings we’ve gained at Giant Swarm from solving some of these challenges head-on, while doing Kubernetes fleet management at a large scale for companies like Adidas or Vodafone. We will base our talk on the Flux project, but our learnings are universal and apply to any GitOps tool. Our discussion will include: Approaches to structuring multi-repository GitOps configs: Explore various methods, weighing up their pros and cons. How to keep your GitOps configuration DRY, but elastic: How to share, enhance, and lock the configuration, while still allowing flexibility for customers. Explaining common operations: Learn how to execute the most common duties, like adding a new app or a new tenant, when using a multi-repository setup. Identifying challenges and areas for improvement: Examine potential pitfalls and opportunities for enhancing our processes. PUBLIC CONFIRMED Talk https://cfp.cloud-native.rejekts.io/cloud-native-rejekts-eu-paris-2024/talk/KHFPCL/ VIP Area Łukasz Piątkowski PUBLISH ZVKV3Q@@cfp.cloud-native.rejekts.io -ZVKV3Q You’re Good Enough: Combating Imposter Syndrome in Cloud Native Communities en en 20240318T154500 20240318T161500 0.03000 You’re Good Enough: Combating Imposter Syndrome in Cloud Native Communities We want our talk to encourage members of the cloud native community to actively overcome their imposter syndrome. In doing so, we aim to help individuals reach their full potential by increasing contributions, building confidence, and making the existing community more inviting for new members and underrepresented people. The presenters will use their mentor-mentee relationship as an example to illustrate the ways they support each other in overcoming imposter syndrome. Through this talk they will invite others to do the same in their own communities. PUBLIC CONFIRMED Talk https://cfp.cloud-native.rejekts.io/cloud-native-rejekts-eu-paris-2024/talk/ZVKV3Q/ VIP Area Kat Yang Ida Furjesova PUBLISH 9HD3FC@@cfp.cloud-native.rejekts.io -9HD3FC The Storage Crashcourse - From CSI to Databases en en 20240318T163000 20240318T170000 0.03000 The Storage Crashcourse - From CSI to Databases This is a overview talk targeting an beginner to intermediate level audience. The following topics are covered: - The Kubernetes Persistence Model (PVs, PVCs, Provisioning, Storage Classes) - What is CSI? - Selecting a Storage Provider (Local Path, Cloud Provider CSI drivers, Ceph, Longhorn and JuiceFS) - Backups with K8up - When is S3 a better fit - Databases in a cluster (Experiences with CNPG, Zalando Postgres and MySQL Operator) PUBLIC CONFIRMED Talk https://cfp.cloud-native.rejekts.io/cloud-native-rejekts-eu-paris-2024/talk/9HD3FC/ VIP Area Benjamin Ritter