To see our schedule with full functionality, like timezone conversion and personal scheduling, please enable JavaScript and go here.
09:30
09:30
10min
Welcome to Cloud Native Rejekts EU 2024!
Benazir Khan

Opening remarks

Arena
09:40
09:40
30min
OCI Registry: Beyond Container Images - Easing Air-Gap Deployments
Stéphane Este-Gracias

This session explores the expanded capabilities of OCI registries beyond traditional container image storage, focusing on a use case to easing air-gap deployments.

Leveraging OCI registries for storing Helm charts and Kubernetes manifests presents a novel approach to manage deployments. The discussion will include key features and capabilities of tools such as Flux and ORAS, highlighting their role in enhancing the functionality of OCI registries.

By elaborating on the practical use cases, such as the deployment of signed Helm charts in secure environments, signed GitOps artefacts delivery, this presentation aims to showcase the versatility of OCI registries and their pivotal role in secured software supply-chain.

Arena
10:10
10:10
5min
Microsoft - 5 mins Keynote on Community Initiatives
Andy Randall

This is a 5 minutes speaking slot for Champion Sponsors.

Arena
10:15
10:15
30min
How eBPF Actually Works
James Laverack

You’ve seen the eBPF architecture diagram many times now in presentations: “…and then we compile some C code and attach it to a function in the kernel…”, before moving on. Have you ever wondered what that really means, and what actually happens when you do that? This talk is for you.

Arena
10:45
10:45
5min
Cisco - 5 mins Keynote on Community Initiatives
Stephen Augustus

This is a 5 minutes speaking slot for Champion Sponsors.

Arena
11:10
11:10
30min
Don’t Do What Charlie Don’t Does - Avoiding Common CRD Design errors
Nick Young

Most controllers written for Kubernetes include their own Custom Resource Definition (CRD) - but it’s actually very easy to make mistakes in the CRD design that will cost a lot in longer-term maintenance.

Come and hear from Gateway API and Ingress controller maintainers about Charlie Don’t, the Kubernetes developer with the worst luck in designing CRDs, and how you can use his experience to avoid the most common problems with CRD design.

You should expect to come away from this session with an understanding of common CRD design errors and the ways you can avoid them.

Arena
11:10
30min
burnout++ — Recognizing and Managing Burnout
Chris Short

Burnout can happen at any point in everyone’s career. But, what happens when burnout is taking place amongst other things? Your s/o having a miscarriage? Veteran dealing with time in service and injuries from it? Becoming unemployed? Let’s discuss realizing you’re approaching or are burned out, the why behind that, and coping mechanisms.

VIP Area
11:45
11:45
30min
Choose Your Own Adventure: The Perilous Passage to Production
Whitney Lee, Viktor Farcic

Our hero, a running application in a Kubernetes development environment, knows that they are destined for greater things! They long to be living in production, serving end users! However, the journey from dev to prod is hard, filled with system design choices concerning cluster provisioning, GitOps, traffic routing, and app config.. And who knows what unseen forces lurk in the shadows! One wrong step could be catastrophic.

It is up to you, the audience, to guide our hero and help them grow from an app in development to their final form⎯an app running in production. In this 'Choose Your Own Adventure'-style talk, Whitney and Viktor will present choices that an anthropomorphized app must make as they try to find their way to production. Throughout the presentation, the audience (YOU!) will vote to decide our hero app's path! Can we navigate CNCF projects and avoid dead-ends to get our app to production before the session time elapses?

Arena
11:45
30min
Empathy in Cloud Native Governance: Addressing Bias for Inclusive Decisions
Aakansha Priya, Kunal Kushwaha

"Have I considered every angle with this decision, or could a bias have crept in?" - is a common question that’ll prompt you to critically assess potential biases. As the cloud-native landscape evolves, the governance structures overseeing these environments play a pivotal role in shaping the trajectory of inclusivity of projects. Join us for an exploration, where we as contributors to CNCF projects and release teams share firsthand experiences, emphasizing the pivotal role of empathy in cloud-native development.

Discover the analogy of empathy as a muscle and learn how to cultivate it. Drawing a clear distinction between empathy and sympathy, shifting from a "know it all" mindset to a "learn it all" and “two-word check-in” for concise emotional expression. Prioritizing open dialogue, the talk suggests creating a safe space, establishing a common language, and empowering attendees to integrate empathy into decision-making for a more inclusive, bias-aware Cloud Native environment.

VIP Area
14:00
14:00
30min
Context-Based Security: What Your Cloud Native Apps Really Need
Oshrat Nir

We're all way past understanding why security is a critical piece in our product stacks - from the code, APIs, to the workloads, and runtime. The next step was choosing the scanners and tooling, to ensure a guarded fortress, however all of these come with their own chaos of CVEs, compounding cognitive load. This is where context matters in cloud native security.

We'll dive into how you even get started with what matters, from prioritization, daring to remediate - without breaking prod, how to apply better component security, anomaly detection & how eBPF is simplifying this on all the layers.

Come armed with tough questions and come away with good practices for ensuring your security choices are always in context.

Arena
14:35
14:35
30min
Beyond the Surface - Exploring Attacker Persistence Strategies in Kubernetes
Rory McCune

Kubernetes has been put to great use by a wide variety of organizations to manage their workloads, as it hides away a lot of the complexity of managing and scheduling containers. But with each added layer of abstraction, there can be new places for attackers to hide in darkened corners.

This talk will examine how attackers can (ab)use little known features of Kubernetes and the components that are commonly deployed as part of cloud-native containerized workloads to persist in compromised systems, sometimes for years at a time. We'll also pinpoint places where, if you don't detect the initial attack, it might be very difficult to spot the attacker lurking in your cluster.

Arena
14:35
30min
Progressive Delivery with Istio and Gateway API plugin for Argo Rollouts
Alessandro Vozza

Elevate your Argo Rollouts experience with the Gateway API Plugin! Argo Rollouts excels in progressive delivery, including canary and blue/green deployments. Thanks to CNCF's Gateway API project, we now have a standardized interface for mastering progressive delivery.

Bid farewell to complex custom gateway integrations. The Gateway API Plugin broadens your options, simplifying delivery management across cloud platforms.

Join us for a demo focused on Istio's newly added support for GatewayAPI. Witness seamless transitions between application versions, orchestrated by Argo Rollouts.

VIP Area
15:10
15:10
30min
Fluent Bit, the engine to power Chat Ops
Patrick Stephens

The key to successful Chat Ops is to be able to identify the important information
in a timely manner using the best communications channel for a team (which
could range from Slack to a bespoke App), and then enable the ops team to take
appropriate action.
The CNCF project Fluent Bit, has a number of core characteristics (event-driven
and stream analytics features) that allow us to recognize critical events and
event patterns as they occur without losing the benefits of traditional log
analytics and observability tools. Using Fluent Bit’s connectivity and extensibility
allows us to spot critical events and immediately communicate with the right ops
staff using social channels or apps in a flexible and versatile manner and return
actions to trigger suitable Fluent Bit events. All of which creates the opportunity
to react more quickly and even become proactive/preventative.

VIP Area
15:10
30min
Migrating 2 million CPU cores to Kubernetes
Lucy Sweet

Uber has been migrating all of its stateless compute fleet from a pre-Kubernetes system called Peloton to Kubernetes, in this presentation we want to share with you why we decided to migrate our fleet to Kubernetes, the challenges we've faced and how we're adapting our systems to run millions of workloads on top of dozens of Kubernetes clusters.

Arena
16:00
16:00
30min
On creating a common framework for eBPF data collection
Chris Kuehl

eBPF has become a key technology in the cloud native ecosystem. It revolutionized the way the Linux kernel is extended as it’s now much easier to add functionality to the kernel. There is a huge variety of tools using eBPF for different purposes such as networking, security, observability, and others.

Unfortunately, all those tools have their own tooling for deploying and configuring the eBPF programs, as well as gathering and processing the data produced by them. This, for the developers of such tools, is duplicated (and useless) work and it makes collaboration between different parties more difficult.

In this talk, we’ll look at how the Inspektor Gadget project is trying to address this. We’ll deep dive into Inspektor Gadget as a framework that makes it easier to use eBPF in applications and infrastructure for systems data collection; ultimately enabling greater collaboration between different parties.

Arena
16:00
30min
Will ARM be the new Mainstream in our Data Centers?
Tobias Schneck

As I have been working with my new Apple Mac M1 for over a year, I was wondering why ARM is not used more in regular application workload scenarios? ARM for desktop computing is really stable, seamless, reliable and for me a game changer - when will we recognize the same for our servers? Especially in times when energy and raw materials are expensive, we should also benefit from the efficiency of ARM technology in our Data Centers. So what’s missing?
We have Kubernetes on ARM, we have the main operating systems supporting ARM, we have a lot of application software and programming languages supporting ARM out of the box, why don't we use this potential in large scale? Join the talk to get more insights on the current state of the ecosystem, open source and cloud native landscape. Let’s find out if it is possible to create out of the results a real future business case for ARM based revolution in our Data Centers.

VIP Area
16:35
16:35
30min
From Fragile to Resilient: ValidatingAdmissionPolicies Strengthen Kubernetes
Marcus Noble

In the world of Kubernetes, dynamic admission controllers have long played a pivotal role in enhancing the robustness and adaptability of clusters. For instance, the ValidatingWebhookConfiguration, which empowers users to implement intricate and finely-tuned access controls beyond the capabilities of RBAC. However, this newfound agility often comes at a price – the ease with which they can be misconfigured, potentially leading to cluster disruption and downtime.

Historically, we’ve accepted this fragility as an inevitable trade-off for greater control over our clusters. But what if we could change that narrative?

Enter ValidatingAdmissionPolicies!

In this talk we’ll take a look at what makes ValidatingAdmissionPolicies a safer choice for your validation logic and what problems they aim to solve.

We will delve into the world of ValidatingAdmissionPolicies, exploring their features and limitations. We will also draw comparisons with ValidatingWebhookConfigurations, shedding light on the problems they solve. Furthermore, I’ll provide a comprehensive walkthrough on how you can begin leveraging ValidatingAdmissionPolicies today.

Arena
16:35
30min
Using GitOps to Simplify Cluster API Provider Management
Danil Grigorev, Mikhail Fedosin

A lot of users have adopted Cluster API because of its enhanced ability to manage Kubernetes clusters. Are you struggling to manage your growing infrastructure because the complexity involved in managing multiple providers across diverse deployments can be challenging?

Join us as we introduce the Cluster API Operator, a tool that simplifies the deployment and management of Cluster API providers. It utilizes a flexible, GitOps-based approach for real-world scenarios. In this talk, we cover an overview of the Cluster API Operator project and the challenges faced in managing multiple Cluster API providers across numerous clusters and regions. We also explore how a declarative GitOps approach enhances cluster management, ensuring consistency and reliability.

We'll demonstrate the process of installing and upgrading providers, making customizations, and deploying providers in isolated environments throughout various regions.

VIP Area
17:10
17:10
30min
Open Source Project Growth: The Non-Technical Needs for Driving Project Growth
Kim McMahon

Founders and maintainers of open source projects have a good idea of what is needed from a technology standpoint to grow their project and provide technology value. But there are many other things to consider such as how to talk about the business value, advocacy and marketing activities, and community building that gives the project the needed boost that accelerates the time to project success.

In this talk, I will bring my experience and insights on best practices for marketing, advocacy, and community building for open source projects that you can use to help you grow your project. I will outline steps you can take and specific things you can do to improve your success with your project and taking your project through Foundation maturity levels.

Arena
17:10
30min
The Magic of Backing Service Provisioning and Consumption With Crossplane and ServiceBindings
Timo Salm

As the amount of cloud-native applications continues to rise, there is an unprecedented surge in the demand for backing services, amplifying the need for automated provisioning.

We will embark on a journey to demystify the complexity of managing and connecting backing services.
Crossplane, a multi-cloud control plane, will take center stage as we explore its capabilities to automate the provisioning of backing services and expose simple, abstracted interfaces for developers to claim those.
The second component in this magical symphony are ServiceBindings that enable the automated supply of the required information for the connections between applications and their required backing services in a consistent way.

This session is your compass to navigate the enchantment of effortless backing service provisioning and consumption and will illustrate how this dynamic duo enhances developer productivity, reduces operational overhead, and facilitates the seamless deployment of applications.

VIP Area
17:45
17:45
30min
What’s new in the Kubernetes Gateway API
Abdelfettah SGHIOUAR

The Gateway API was Introduced to Kubernetes in 2019. The project is making steady progress toward becoming the single expressive API for inbound traffic that is portable, extensible, and role-oriented, with over 20 implementations and multiple objects making it to GA recently. This session is about exploring what’s happening in the project. What is the state of the API and the various implementations? We will also cover the GAMMA initiative, which uses the Gateway API as a standard way to describe East-West traffic (AKA mesh traffic).

Arena
09:30
09:30
30min
Demystifying CNI - Writing a CNI from scratch
Filip Nikolic

Whether you're new to Kubernetes or a seasoned veteran, understanding the details of Pod creation and networking is essential.
This talk unravels the intricacies of Kubernetes networking by building the simplest of CNIs (Container Network Interface) from scratch.

A CNI plugin is a crucial component, enabling communication between containers in a Kubernetes cluster.
In just a few lines of code, we'll explore the creation of Pods, how they are assigned IP addresses, and the role of virtual Ethernet pairs in connecting them to the broader cluster.
Gain practical insights into real-world scenarios, discover the significance of CNIs in the CNCF and understand why it's fundamental for any engineer operating Kubernetes.

This talk equips you with practical knowledge to navigate Kubernetes networking with confidence by empowering attendees with essential CNI concepts and providing a clear understanding of its role in shaping the containerized world.

Arena
09:30
30min
Exchanging third-party tokens in Dex and how it helps you to build a secure cloud native environment
Maksim Nabokikh

Dex is a CNCF Sandbox project implementing an OIDC identity and OAuth 2.0 provider that is often used in Kubernetes-based environments.

A well-known issue with authentication using OIDC occurs when you need it on a CLI-only machine. For example, it affects you if you’re using Dex as the identity provider for your Kubernetes or CI system — e.g., you want to exchange the tokens from CI or Kubernetes ServiceAccount with Dex to authenticate in a simple and secure manner. Since this authentication requires performing a redirect, which is challenging in a browserless environment, you need another approach to make it happen.

The OAuth 2.0 Token Exchange specification (RFC 8693) addresses this issue, yet requires you to have it implemented in your provider, such as Dex. With this feature recently introduced in Dex, keeping your cloud native infrastructure secure has become much easier. In this talk, I will explain how you can leverage the token exchange in Dex and demonstrate practical cases where it will help you.

VIP Area
10:05
10:05
30min
Kubernetes as entities: Applying Systems Thinking to observe K8s Beyond Metrics, Traces and Logs
Miguel Luna

Imagine navigating a bustling city, traditional observability is like relying on street signs, traffic lights, and a map —useful, but overwhelming with data. Our talk explores the shift to Systems Thinking, akin to seeing the city as an interconnected system rather than just individual signs and lights.

We will explore the challenges of traditional observability in Kubernetes, introduce Systems Thinking for a holistic perspective, apply Systems Thinking concepts to Kubernetes and discuss practical techniques using OpenTelemetry to observe Kubernetes entities effectively. It's like upgrading from navigating streets to understanding the entire urban ecosystem, providing a comprehensive view of system health and interactions.

Arena
10:05
30min
Understanding the Cloud Native Security Landscape
Mike Coleman

There are many highly effective cloud native OSS security tools, which can be a blessing and a curse. It’s a blessing because there is good coverage; it’s a curse because it can be overwhelming trying to understand which tools do what. Beyond that practitioners usually don’t want a point solution, they want tools that work together.

In this session, we’ll look at some key tools in the CNCF security landscape. We'll discuss how these tools secure key areas as an application moves from the developer desktop to being deployed.

After attending this session, participants will have a much better understanding of not only what it takes to protect their cloud native environments but also which tools can help them achieve that goal.

VIP Area
10:40
10:40
30min
A hitchhiker's guide to CNCF/OSS observability solutions around Kubernetes
Tiffany Jernigan, Matthias Haeussler

Understanding what is happening in your cluster can be challenging. How can you quickly and easily tell if your cluster and apps are healthy, well utilized and running as expected?

In this tutorial, we'll look at various aspects of Kubernetes observability, and present multiple OSS solutions from the CNCF landscape and beyond to achieve that.

We will start with tools that simply query the Kubernetes API and deliver the output in an easy-to-understand UI (e.g. Skooner, k9s), go over sidecar-based and eBPF-based services meshes (e.g. Istio/Kiali, Cilium/Hubble UI) and end with application-side logging and monitoring (e.g. OpenTelemetry, fluentd, Jaeger, Grafana). Each level of observability demands a certain price in terms of configuration and runtime overhead. In turn the quality and depth of the information is different.

The intended take-away is to get an understanding which type of tooling is the right one for a given purpose. Most options will be shown in a live demonstration.

VIP Area
10:40
30min
Too Many CRDs? I Say Not Enough!: Leveraging Crossplane & ClusterAPI for Effective Platform Delivery
Carlos Mestre del Pino

Kubernetes is a platform for building platforms, but for some organizations, embracing its distributed and granular nature can easily lead to fragmented platform mayhem.

As platforms engineers tasked to automate the provisioning of infrastructure and/or services, (through IaaC, templating or custom code in pipelines) it sometimes might feel like we are just gluing components together.

Enter Crossplane, which enables you to bake your abstractions within the Kubernetes API without the need for building custom operators. Define the blueprints you need for provisioning infrastructure and the ones your developers need to deploy their services, reducing their cognitive load.

In this talk, I will discuss how you can leverage Crossplane and ClusterAPI for effective platform delivery, while minimizing the coding effort of your platform team and your developer's exposure to the Kubernetes' nitty gritty.

Are you one of those people who think there are too many CRDs? Let me challenge that!

Arena
11:30
11:30
30min
Building Resilient Observability Pipelines in Kubernetes with OpenTelemetry Collector
Juraci Paixão Kröhling, Yuri Oliveira Sa

Deploying OpenTelemetry Collector on Kubernetes is straightforward with Helm charts and the Operator. However, achieving a robust and production-quality observability pipeline requires thoughtful configuration and experimentation.

In this talk, Juraci and Yuri draw from their real-world experience to guide you through the process of designing and implementing telemetry pipelines in Kubernetes. They delve into the intricacies of building resilient pipelines with OpenTelemetry Collector by exploring through a live demo around topics like the load-balancing exporter, memory-limiting and batching processors, as well as the internal sending queues, delivering a production-ready telemetry pipeline.

By attending this talk, you will get a deep understanding of common strategies for designing telemetry pipelines in Kubernetes and the practical knowledge to apply them effectively to your specific requirements.

VIP Area
11:30
30min
Crossplane Composition Functions Step by Step
Stefano Borrelli

Crossplane Composition functions are one of the most consequential new features in the project's history. Crossplane is a CNCF project that allows users to manage anything (like S3 buckets of Gitlab repositories) in a Kubernetes-native manner.

Composition Functions run in a pipeline to create a desired state using any programming language, allowing platform engineers to easily create and manage complex infrastructure deployments. Since graduating to beta in November 2023 functions have been rapidly adopted by the Crossplane community.

This talk will help engineers get up to speed with Composition Functions. We'll go over their design and runtime concerns of Functions in a K8s cluster. We'll then cover how to use functions to build out cloud infrastructure using field patching and Go templates.

Finally we'll discuss the basics of writing distributing your own functions in languages like Python and Go.

Arena
12:05
12:05
30min
An IDE for Ops Should Be Integral to Your Docs
Sebastian Tiedtke

Markdown is something you are already using. But do you colocate your internal docs with code? We will unpack how to use open source to record and share tribal knowledge buried in your team's bash aliases & histories – ensuring code and internal docs will no longer diverge.

We'll illustrate how Notebooks, Devcontainers, Web Components, and the VS Code platform, first conceived for analysis, excel at delivering runnable internal docs, reliably describing your team’s tasks, workflows, and solutions. An IDE for Ops is a human-centric approach that isn’t mutually exclusive with CI/CD.

We will learn:
1. Open tech applied for shareable and reliable docs via notebooks
2. How to bridge terminal, browser, and editor
3. Complementary nature with existing best practices

This approach paves the way to DevX & OpsX equilibrium. Allowing devs to trust abstractions (pipelines and internal platforms) while teams owning them benefit from the transparency of runnable docs' self-documenting properties.

VIP Area
12:05
30min
Cloud Friendly(?) Jenkins. How we failed to make Jenkins cloud native and what we learned?
Oleg Nenashev

Jenkins has been one of the most popular automation servers in the world. It is widely used for CI/CD purposes in cloud environments. You may have heard that Jenkins is not cloud native, and of course it is true. You may have heard that Jenkins controllers are a legacy monolith from the 2000s. That is not true, it is quite cloud friendly if used right. And yes we tried to make Jenkins cloud native, but it didn’t quite work. Why?

I have been involved in Jenkins architecture projects for more than ten years, including pluggable storage, multi-tenant Jenkins, cloud native agents, breaking down the controller monolith, Kubernetes integrations, etc., etc. Some of these efforts worked, some didn’t. But it was a great learning experience that can be used by developers and maintainers of other projects that consider re-platforming them to make cloud- and Kubernetes-native. I'll talk about the technical assumptions and mistakes we made in Jenkins, and how it worked. What to keep in mind when doing the re-platforming? And do you even need it?

Arena
14:00
14:00
30min
External Traffic Engineering with Cilium
Michael Kashin, Piotr Jabłoński

Have you ever had a need to steer the incoming traffic to a subset of Kubernetes nodes? What about translating the source IP of traffic leaving the cluster to a fixed set of pre-defined addresses, all while maintaining high reliability and achieving sub-second failover times?

In this session we will walk you through a series of scenarios covering various aspects of ingress and egress Kubernetes traffic engineering using Cilium. We will demonstrate deployment scenarios and best practices that will help guide you through most common design patterns. While doing this we will be using industry-standard protocols, like BGP, to achieve high availability and open source solutions, like Egress Gateway, to implement functionality not provided by Kubernetes natively.

Arena
14:35
14:35
30min
Unlocking the Gateway: A Practical Guide from Ingress to Gateway API
Mattia Lavacca, Lior Lieberman

Have you heard about Gateway API, but find yourself wondering how to start leveraging its benefits? Supported by over 25 implementations, Gateway API is the next generation of Kubernetes Networking APIs.
If you want to understand HOW and why to upgrade, this talk is for you.

In this session, Lior and Mattia, holding distinct leading roles in Gateway API development, will share their experience and embark on a complete, step-by-step, real-world migration from Ingress, and implementation-specific configurations to Gateway API. They’ll talk about decision factors, and when Gateway API can provide significant benefits over current deployments. They’ll focus on ingress2gateway and its pivotal role in the migration journey, and continue with common pitfalls and challenges where you’ll also find answers to questions like “How do I shift my DNS?” or “How to handle TLS configurations?”. Finally, you’ll learn how you can get involved, and how your voice can influence future development plans.

Arena
15:10
15:10
30min
From Sherlock to Skynet: Navigating Cloud-Native Terrain with OpenTelemetry and Runtime Security
Ramiro Berrelleza, Arsh Sharma

Imagine a world where security threats lurk in the shadows of your cloud-native applications, hidden amongst the complex web of microservices and serverless functions. You, the hero of this story, are armed with a powerful tool: OpenTelemetry. But unlike Sherlock Holmes, you don't need a magnifying glass and keen observation. OpenTelemetry is your AI assistant, your Skynet, granting you the ability to see the unseen and unravel the mysteries of your cloud environment.

We'll kick off by exploring the paradigm shift from monolithic structures to cloud-native and microservices architectures. Then, we'll delve into how OpenTelemetry offers invaluable visibility and potential security enhancements for our applications. However, relying solely on OpenTelemetry isn't sufficient; traditional security tools lag in securing microservices. Skeptical? We'll provide concrete examples. Now, picture an attack striking your own cluster – chilling, isn't it? That's why real-time runtime security is indispensable. In conclusion, we'll draw insightful conclusions on the powers of OpenTelemetry and runtime security for your microservice applications.

Arena
15:10
30min
No GitOps Pain, No Platform gain: Day 2 Challenges of Managing Kubernetes Fleets with GitOps
Łukasz Piątkowski

As a company, we manage hundreds of clusters across multiple users. Achieving consistent, repeatable, and verifiable configurations, all while maintaining a single source of truth, is paramount. That's why we are big fans of the GitOps approach, with a special fondness for Flux. However, the journey doesn’t end once you select a GitOps tool; in fact, it has just started.

The “Day 2” problems of GitOps force you to figure out answers to multiple questions: How to structure your git repositories? How to reuse your configuration? And how do you ensure customer separation? In real life, you also have to handle aspects such as security, configuration layout migrations or providing safe extension points for your users. Oh, and even if you answer all the questions, it’s still possible to accidentally delete a cluster in a really fancy way.

In this talk, I want to share our real-life experience resulting from running, structuring, migrating, and, yes, making errors with our GitOps setup.

VIP Area
15:45
15:45
30min
Bringing it all together: unifying multiple cloud native projects into a coherent UI experience
Joaquim Rocha

The landscape of CNCF projects related to Kubernetes is famously vast and rich, each helping its users solve the problems it was designed for. When it comes to using those tools though, even if they provide a graphical/textual user-interface, users still have to set up or run those different UIs, which may be inconsistent in configuration, design, and experience. In this talk, we share how the Headlamp project has accomplished this, and demonstrate a range of plug-ins that highlight the capabilities of those cloud-native tools, while integrating them in a single UI for a coherent user experience. We will share the process we followed and how other projects can onboard into Headlamp.

Arena
15:45
30min
You’re Good Enough: Combating Imposter Syndrome in Cloud Native Communities
Ida Furjesova, Kat Yang

Various studies show that more than half of engineers suffer from imposter syndrome. Based on other sources and industries, these numbers might be even higher for women and underrepresented people. It is undeniable that imposter syndrome also has a stifling effect on community contributions. Can we dare to imagine how much potential could be unlocked if we were to provide more support to our peers suffering from it?

This talk aims to bring light to the conversation around imposter syndrome and provide strategies on how to tackle it in cloud native communities. To illustrate better, the presenters will first talk about their personal experience with imposter syndrome. Together, we will explore how to recognize imposter syndrome and the role microaggressions and discrimination play in exacerbating it. The main portion of the talk will then focus on providing people with tools to overcome imposter syndrome together.

VIP Area
16:30
16:30
30min
The Storage Crashcourse - From CSI to Databases
Benjamin Ritter

Storage, Persistence and Databases are important parts of most Kubernetes operations. It is a broad topic which this talk tries to demystify. We will go over how Kubernetes storage works, how CSI fits into it, which storage provider options are out there, and how to select the right one for your environment.

Another topic I will talk about is backups and disaster recovery, which will be covered by explaining how CSI Snapshots work and how to make your backups ransomware-proof.

There are also Storage patterns that do not use normal file systems, like S3-style Object Storage and Databases. I will give you some inspiration how and where to integrate them into your applications with the goal to decrease cost and increase performance.

I am going to share some practical experiences on running SQL Databases in your clusters and how to ensure reliability and ease of use.

VIP Area
16:30
30min
The attacker's guide to exploiting secrets in the Universe
Mackenzie Jackson

Exposed secrets like API keys and other credentials are the crown jewels of organizations but continue to be a persistent vulnerability within security. The majority of security breaches leverage secrets at some point during the attack path. This presentation sheds light on the various methods used by attackers to discover and exploit these secrets in different technologies. This manual will include how to:
Abuse GitHub public API
Gain unauthorized access to private git repos
Decompile containers
Decompile mobile applications from the App and Play Stores
We combine novel research, real-life attack paths, and live demos to prove exactly the steps attackers take, revealing their playbook.

Recent research has shown that git repositories are treasure troves full of secrets. A year-long study showed that 10 million secrets were pushed into public repositories in 2022 alone. We will show exactly how adversaries abuse the public GitHub API to uncover these secrets, even leaking secrets live to show how quickly attackers discover and exploit it. Public source code, however, is only the tip of the iceberg as private code repositories have proven to be much more valuable targets. We will demonstrate how to gain unauthorized access to private git repositories and discover secrets deep in their history. This will include supply chain poisoning, developer phishing, and configuration exploitation among other techniques. Finally, this talk will dive into decompiling containers, packages, and mobile applications to be able to uncover the huge amount of secrets buried within revealing how shockingly common it is to find hard-coded secrets.

Knowing how attackers operate is essential in building effective defenses, understanding the attacker's playbook allows you to understand their next moves. This presentation is perfect for anyone wanting to know how to prevent attackers from getting old of your crown jewels.

Arena
17:05
17:05
30min
The Bang! - When bad things happen to your data
Michael Cade, Anais Urlichs

Imagine the inevitable has already happened—you’ve had a security breach—and you’re now dealing with the aftermath. Organisations must act fast to ensure business returns to operations quickly while also figuring out how to prevent similar incidents in the future. By adopting new use cases, engineering teams are simultaneously accelerating the deployment of sensitive data across multi-cloud architectures and tapping into new risk factors.

In this talk, we will use the “Data Security Bang” analogy and learnings from resilience engineering to answer questions such as: How could we do more left of bang (prevention) to help with the speed of right of bang (remediation)? The audience will be guided through a set of example scenarios using Kanister, OPA, and Prometheus, in which they can make decisions on data security to guide the way towards a more robust infrastructure.

Arena
17:40
17:40
5min
Unlocking New Possibilities: Bridging Linux and Kubernetes
Mangirdas

"Ever noticed how the Linux file system structure simplifies the way we organize data? Interestingly, Kubernetes clusters can follow a similar logic. But when it comes to managing a multitude of clusters—talking double digits here—it becomes a monumental challenge.

That's where KCP comes in, allowing you to mount remote clusters as workspaces, offering a solution to the complexity of managing numerous clusters. The analogy to the Linux file system isn't just a handy comparison; it's a game-changer for navigating and organizing a large count of clusters, simplifying the way we handle an extensive cluster landscape."

Arena
17:45
17:45
5min
Kubernetes Operators: The Power of Automation
Edith Puclla

Kubernetes Operators have become a transformative influence in the world of container orchestration. In this lightning talk, I will explain the core operations of Kubernetes Operators and explore their real-world impact. In just 5 minutes, you'll discover why Kubernetes Operators matter, explore their practical use cases, and learn how they can help you maximize the capabilities of your containerized applications.

In this talk, I will provide an introduction to what Kubernetes Operators are and why they are significant. We will quickly explore the Kubernetes Operator ecosystem and its role in streamlining application operations. To conclude, I will share case studies where Operators can improve the scalability, reliability, and efficiency of applications.

Arena
17:50
17:50
5min
CEL to the rescue: applying the common expression language to secure hundreds of servers at once.
João Brito

Practical lessons for Kubernetes "Production Ready"

By default Kubernetes is not a secure environment, and that's a fact. There are a lot of articles and applications around telling you that you should improve security, but actually it is not an easy task. Also you have lots of tech buddies creating new things on your cluster, so enforcement is your best friend and periodic checks can be your allies.
Fortunately, CEL, the language adopted by Kubernetes for validating policies and enforcement, is here to help and make it easier to start protecting your workloads and environment. In this talk, we'll take 5 minutes to show how the top 5 best practices can be implemented with CEL on Kubernetes.
No other tool is necessary, and this may help you to implement your own protections as well!

Arena
17:55
17:55
5min
I explained Kubernetes to my grandma!
Matteo Bianchi

Picture a scene where I'm enjoying a big plate of spaghetti, and my dear grandma, totally unaware of the deep tech world I work in, curiously asks about my job, like she does every xmas.
Seizing this wonderful opportunity, I dove deep into the rabbit hole of container orchestration, trying to make it relatable through her favorite topic—food!

I ended up explaining Kubernetes to her and she started serving homemade biscuits as they were apps.

Arena
18:30
18:30
5min
SUSE - 5 mins Closing Keynote on Community Initiatives
Divya Mohan

This is a 5 minutes speaking slot for Champion Sponsors.

Arena