Cloud Native Rejekts EU (Valencia) 2022

“Now That We Can Checkpoint Containers - What's Next?” Adrian Reber · Talk (30 minutes)

At previous conferences we had the chance to present our upcoming work about checkpoint and restore in Kubernetes. Now that the corresponding Kubernetes Enhancement Proposal (KEP) has been merged and the first code which enables container checkpointing is available in Kubernetes 1.24 we want to pre…


“Docs inclusivity: the Cloud Native journey of a Windows user” Nuno Do Carmo · Talk (30 minutes)

Windows is by far the most used desktop operating system in the world, however when it comes to Cloud Native ecosystem, it is also the least documented. In this session i'll walk through the struggles of a Cloud Native Windows developer and share my experiences as part of documentation teams on how…


“Secret Management: The Soft Way” Lian Li · Talk (30 minutes)

Secrets. Security best-practices mandate that they stay away from the code—or else! And that’s what we did for a long time.

But as CI/CD practices evolved, for a myriad of reasons, we now want to ship the code, the environment, and the secrets, all in one lump. So we can’t hide the secrets anymore……


“Managing Third Party Software in your GitOps Setups” Sascha Siegl · Talk (30 minutes)

GitOps and its methodologies help developers automate their Software Development Life Cycle (SDLC) process. The SDLC also includes tasks from Operations Management during runtime. Therefore you need to cover dependencies to other software components, e.g., Data Management Software. Those other comp…


“Why We Chose To Ditch Helm To Gain Open Source Sanity” Simon Emms · Talk (30 minutes)

Helm is a truly excellent ecosystem and is rightly valued by the world over for giving full customisation of deployments. For open-source projects with a finite number of support engineers, full customisation is not always something that is desirable. Sometimes, you need to provide opinionated guid…


“How We Migrated a Fortune 500 Healthcare Company to Kubernetes in 7 months” Christopher J Nuland · Talk (30 minutes)

At the beginning of 2019, Chris Nuland and his team were tasked with migrating a large Mesosphere DC/OS cluster with hundreds of running containers to Kubernetes for a Fortune 500 healthcare company. The team needed to finish it within 7 months to allow the sunsetting of DC/OS before the cluster’s …


“What have we learned from scanning over 10K unique clusters with Kubescape?” Shauli Rozen · Talk (30 minutes)

Kubescape is a K8s open-source tool providing a multi-cloud K8s single pane of glass, including risk analysis, security compliance, RBAC visualizer, and image vulnerabilities scanning. Kubescape scans K8s clusters, YAML files, and HELM charts, detecting misconfigurations according to multiple frame…


“Adding a backend to Next Generation Kube Proxy (KPNG)” Neha Lohia, Rajas Kakodkar · Talk (30 minutes)

Have you ever wondered how kube-proxy originated in Kubernetes? Are you familiar with the userspace mode of kube-proxy? Have you thought about what it takes to add a mode to kube-proxy? In this session we will go through the evolution of the kube-proxy, from userspace, to iptables mode to Next-Gene…


“Plugin Orchestration for an API Gateway” Bobur Umurzokov · Lightning Talk (5 minutes)

The role of an API gateway in building large-scale, cloud-native Microservices APIs is sometimes important. It provides rich traffic management features such as load balancing, dynamic upstream, canary release, circuit breaking, authentication, observability, and more. An API gateway will introduce…


“eBPF ready kernel 5.10 for minikube” Francis Laniel · Lightning Talk (5 minutes)

Minikube is a tool used to easily deploy Kubernetes locally.
Sadly, it comes with an old kernel which does not permit running eBPF code.
This contribution is about bumping minikube kernel to 5.10 and adding the needed options to play with eBPF.


“Network Engineering Goes DevOoopsie!!!” Marino Wijay · Talk (30 minutes)

I sit here and reflect back to 2008 when my supervisor suggested I look into the CCNA and Network+. My world changed from plugging a cable into a switch to setting up BGP peers, to configuring Load Balancers for High Availability. Network Engineering has evolved and from my eyes, has been entirely …


“Buildscaler: An elastic Horizontal Pod Autoscaler framework for CI workloads” Henry Precheur, Paweł Bojanowski · Talk (30 minutes)

This talk introduces Horizontal Pod Autoscaler based open source framework Buildscaler which provides seamless CI autoscaling for any build agent (Buildkite, CircleCI, etc) and any compute shape (x86, ARM, Mac). We will also share lessons learnt from running Buildscaler in production for 2+ years.


“An Edge's tale: I'm a remote Kubernetes worker node and I feel lonely out there” Daniel Sheldon, Juan Herrera · Talk (30 minutes)

Ever wondered how remove worker nodes feel when the are far from the control plane and many times not even connected? We want to share some real world tips for managing far Edge deployments without dying trying.


“sqlcommenter: Bringing Database Observability to Developers” Jan Kleinert · Talk (30 minutes)

If you build, maintain, or deploy applications, you probably also work with, or at least encounter, databases. Have you ever tried to troubleshoot a database performance issue in an application that was built using an ORM? Or have you tried to determine which of many microservices was resulting in …


“Building Tech Communities Inside Companies” Catalin Jora · Talk (30 minutes)

Can one bring the open-source style of community inside a company? Yes! It can be done and it should be done.

All enterprises aim to be agile. The chances to have a bunch of people passionate about a specific technology grows with the company size. Often, especially in enterprises, the tech enginee…


“Bringing Apache Cassandra closer to Kubernetes” Christopher Bradford · Talk (30 minutes)

What does Kubernetes provide that allows us to reduce the complexity of Apache Cassandra while making it better suited for cloud native deployments? That was the question we started with as we began a mission to bring Cassandra closer to Kubernetes and eliminate the redundancy. Many great open sour…


“Building a secure, seamless auth experience that you can use with just kubectl apply” Margo Crawford · Talk (30 minutes)

Kubernetes authentication is difficult for admins to configure. With Pinniped, we sought to make the process easy and secure by abstracting away much of the complexity. In this talk you will learn tips and tricks that we used to make our users lives easier. Come learn the extension points that make…


“How We Made Our Availability Metrics More Meaningful With eBPF” Alban Crequy, Wesley Bermbach · Talk (30 minutes)

Getting availability metrics is easy: probe your service or calculate the ratio of failed/successful requests. These approaches are fine, but don't necessarily reflect the user experience. However, user experience is exactly what we want to represent with our metrics. Inspired by Google's meaningfu…


“From Zero to Auto Pilot: Exploring Kubernetes Operator Capability Levels” Soundharya Pabba, Manna Kong, Yuri Oliveira Sa, Rose Crisp, Sid Kattoju · Talk (30 minutes)

Kubernetes Operators are more popular than ever, but not all operators are created equal. How do we maximize the value that Operators have promised IT teams and ensure that they can deliver a true "as-a-service" experience? We will present a step-by-step guide on how to raise your Operator's capabi…


“Using defaults for Deployments? Is it safe and sound?” Koray Oksay · Lightning Talk (5 minutes)

It is pretty easy to deploy and run your application container on Kubernetes. All you need is a container on a registry and running a kubectl command. Kubernetes has a lot of settings and applies some defaults for your deployments. Is it safe to continue with those in terms of application security …


“User Impersonation is the Key to Multi-Tenant APIs on Kubernetes” Leigh Capili · Talk (30 minutes)

Kubernetes is hard to operate in a multi-tenant manner.
As organizations add API's and privileged controllers to their clusters, it becomes infeasible to build
clusters that teams can share with each other safely.
This is a design issue with the way projects extend Kubernetes.

While policy engines …


“Declarative lifecycle management of Kubernetes clusters on various clouds” Ankita Swamy, Ashutosh Kumar · Talk (30 minutes)

While Kubernetes has become a de facto standard for running the Cloud Native workloads, the platform on which Kubernetes runs remains pretty diverse. There are several projects that have come up to solve the challenges around managing the Kubernetes Lifecycle Management, with Cluster API becoming a…


“Debugging a container with a sidecar in Kubernetes using Gefyra” Michael Schilonka · Talk (30 minutes)

Kubernetes patterns, such as sidecars, are increasingly becoming part of modern software architectures. Writing software with these patterns in place, effectively running it in Kubernetes, is very hard. Gefyra makes this possible while providing infrastructure for debugger capabilities and more.


“Extending Kubernetes for Dev and Profit” Mario Loriedo · Talk (30 minutes)

What if development tools, including the IDE and application runtimes could be specified with a declarative syntax? If containers were used as the developers lingua franca and Kubernetes as their platform? Those are the ideas behind DevWorkspaces: containerized development environments running on K…


“Accelerating development with the Devfile format” Ida Olsen, Mario Loriedo · Talk (30 minutes)

Infrastructure as code. Network as code. Everything as a code. It looks like everything can be defined as code, versioned and tested automatically. Everything except development environments. The industry hasn’t come up with a file format to define software environments yet.

Red Hat, AWS and JetBra…


“How to write API conversions for Kubernetes CRDs?” Madhur Agarwal, Shivani Singhal · Talk (30 minutes)

All Kubernetes projects need to define the APIs for CRDs and the lifecycle of each API generally starts with the alpha version. The API definition evolves over time and eventually moves to a stable version. But this evolution leads to multiple releases and each release should provide support for ha…


“Enforcing a Secure Supply Chain on Kubernetes” Víctor Cuadrado Juan · Talk (30 minutes)

A series of exploits and vulnerabilities made everybody aware about the importance of having a Secure Supply Chain story in place.
But how hard is to implement a Secure Supply Chain and, most important of all, how to take advantage of it inside of our Kubernetes clusters?
Moreover, how can we ensur…


“Efficient Deep Learning with Ludwig AutoML, Ray, and Nodeless Kubernetes” Anne Holler · Talk (30 minutes)

Deep Learning (DL) has been successfully applied to many fields, including computer vision, natural language, business, and science. The open-source platforms Ray and Ludwig make DL accessible to diverse users, by reducing the complexity barriers to training, scaling, deploying, and serving DL mo…


“Supply Chain Security with Sigstore and Kyverno” Adrian Mouat · Talk (30 minutes)

Everyone has heard about supply chain security in the last year. The Solarwinds hack and President Biden's Cybersecurity Executive order have forced the industry to start taking it seriously. This has resulted in the emergence of credible solutions for addressing provenance concerns in Cloud Native…


“How Lab.Computer built distributed Notebook as a Service using Federated Kubernetes” Madhuri Yechuri · Talk (30 minutes)

Online IDE improves learning outcomes for programming and STEM education. Lab.computer is a SaaS platform for AI teachers and students that offers on-demand Jupyter notebooks with all required packages, data, software and background processes. This enables students and teachers to focus on learning…


“Automate Updating Nonconformants in Your k8s Cluster (Policy Enforcement)” Harshita Sharma · Talk (30 minutes)

Have you ever encountered missing or incorrect security policies on your k8s cluster?
Maybe you found yourself in a k8s resources chaos where you don't know which resource is created by who?
Maybe you forgot to set some key attributes on your k8s cluster.

With PodSecurityPolicy deprecation, OPA Gat…


“Crashing our way in to production” Francisco Borges Aurindo Barros, Rajula Vineet Reddy · Talk (30 minutes)

In this presentation authors will share the experience working with a vast ever changing ecosystem and will demonstrate how important it is to adapt to evolving requirements as the journey progresses.


“Cloud FinOps & Sustainability on Kubernetes” Álvaro Fernández, Cesar Gonzalez, Ramiro Alvarez Fernandez · Talk (30 minutes)

Do you know how much your workloads cost? Are you worried about your underutilisation resources? Do you have a tag allocation strategy set in place? Would you like to have a fairly approximate cost report on real time from your Kubernetes resources? Could your teams have control and visibility of t…


“Reverse K8s resources: from YAML to Go stucts” Jan Wozniak · Talk (30 minutes)

In the Kubernetes world, it is a common use case to convert API resources written in Go to YAML manifests for further distribution whether as part of helm chart, kustomize template or other tools. How hard can it be to go the other way around, take a YAML manifest and generate a valid Go code from …


“Learnings From Creating CI/CD Pipelines for Open Source Kubernetes Projects” David vonThenen · Talk (30 minutes)

There are over 20,500 open source projects in GitHub that are tagged by topic as focused on Kubernetes. 92,000+ repositories mention the word Kubernetes in their repository's "About" paragraph signaling some level of integration. How does one of these projects validate that integration at the featu…


“Media Streaming Mesh - Real-Time Media in Kubernetes” Giles Heron · Talk (30 minutes)

Media Streaming Mesh is a new open-source project which enables real-time media applications to be first class citizens in cloud-native environments.


“Opening remarks” Chris Kuehl · Lightning Talk (5 minutes)

An intro to Rejekts


“Designing enterprise-ready machine learning applications with webassembly & wasmCloud” Christoph Brewing · Talk (30 minutes)

Deployment of Machine Learning (ML) to production is notoriously difficult, made so by variations in models, engines, platforms, and networks. How can we deploy distributed ML in production across dissimilar devices from edge to cloud, make optimal use of available resources, and support practical …


“Hitching a ride on a flatcar: a community project update” Andy Randall, Thilo Fromm · Talk (30 minutes)

Over two years ago, we introduced the Flatcar project to the Cloud Native Rejekts community in San Diego. A lightweight Linux built specifically for running container workloads, Flatcar builds on the incredibly successful foundation laid by CoreOS Container Linux for enabling security and manageabi…


“Why continuous profiling needed a new database” Frederic Branczyk · Talk (30 minutes)

In this talk Frederic will walk through the design decisions of arcticDB, the database used for storing continuous profiling data as part of the Parca project. ArcticDB is an embedded database building on Apache Parquet and Apache Arrow.

Frederic will walk through the use cases of arcticDB as well …