“Fun with FreeBSD: Make Your Own Mini-Cloud” Karen Bruner · Talk (30 minutes)

What do you do when you have one nice PC sitting around but you really need to hack on a multi-node Kubernetes cluster? Build one by installing FreeBSD and using its native bhyve virtualization platform.


“CR Based APIs: Is It the Right Approach for Your Application?” Dave Smith-Uchida · Talk (30 minutes)

Come explore building micro-service APIs using Kubernetes Custom Resources (CRs)! We'll demo a real-life example of such an API, analyze its advantages and disadvantanges relative to typical REST APIs, and provide some guidelines for deciding whether using a CR based API is right for your applicati…


“Open Policy Agent Can Do THAT?! The Many Use Cases of OPA” John Reese · Talk (30 minutes)

That’s right! The Open Policy Agent has other skills than just securing your clusters. The general-purpose design of the Open Policy Agent has enabled many tools, such as Gatekeeper, to adopt it for their own policy decision needs. This is powerful because it provides end-users with a consistent ap…


“Virtual Kubernetes Clusters: Tips and Tricks” Rich Burroughs · Talk (30 minutes)

A lot of interest in virtual Kubernetes clusters and the open source tool vcluster has developed over the last year. vcluster allows platform teams to provide virtual Kubernetes clusters to their users. A virtual cluster appears to be a full-blown Kubernetes cluster to the users, but it runs within…


“Creating a Positive Community” Kim McMahon · Lightning Talk (5 minutes)

We all love this community and having the privilege of working in open source. In this talk I will talk about the key tenants of a positive community and specific things we can do to support developers and the community


“Everything You Want to Know about Kubernetes RBAC and Were Too Afraid to Ask” Ben Hirschberg · Talk (30 minutes)

Role-based Access Control (AKA RBAC) is a continuous challenge with the growing complexity of cloud native operations, the sheer number of services involved, as well as the privileges required to manage and maintain complex systems with today's ironclad SLAs. Many modern microservices systems are …


“Demystifying Kubernetes Vulnerability Scanning” Ben Hirschberg · Lightning Talk (5 minutes)

Security like all technology disciplines has its buzzwords. You'll often hear acronyms like SAST, SCA, DAST, and much more…but what does it all really mean?

In this talk we will review the many kinds of vulnerability scanning with a focus on Kubernetes security scanning. We'll help you understand w…


“Efficient Deep Learning Inferencing in the Cloud using Kubernetes with Smart Provisioning of Arm Nodes” Anne Holler · Talk (30 minutes)

Deep Learning (DL) models are being successfully applied in a variety of fields. Managing DL inferencing for diverse models presents cost and operational complexity challenges. The resource requirements for serving a DL model depend on its architecture, and its prediction load can vary over time,…


“Building the best internal developers' portal with Backstage” Guille Vigil, Lukas Gómez, Javier París · Talk (30 minutes)

Where do you find internal documentation about a legacy microservice? How can I make an API call to the new service deployed by other team? How is the status of my service in the production kubernetes cluster? The frontend team finds the backend service is down on Friday’s evening, how can they tri…


“The Bits Must Flow: (Net)working through the abstractions” Aaron Aldrich · Talk (30 minutes)

Virtual Networks, Container Networks and Software Defined Networking have all added layers of abstraction and complication on what used to be straightforward and very tactile, plug in a cable then watch the packets flow. But the basic protocols and how our systems exchange information largely remai…


“E2E Testing of Kube Controllers - the Good, the Bad and the Ugly” Paweł Bojanowski · Lightning Talk (5 minutes)

End to end testing in Kubernetes apps is usually done with many lines of bash scripts as this may seem as natural progression from testing Kubernetes apps manually with kubectl. Bash is not well-equipped for such tests because users have to create a lot of boilerplate and wrapper functions to make …


“Actions speak louder than words: Building better communities” Lian Li · Talk (30 minutes)

We've all seen it: Conferences fail to provide a diverse line-up, get called out publicly and speakers bail in fear of backlash. But this is just the tip of the iceberg. More often than not, they reveal a failure of leaders to create a diverse and inclusive community in the first place.
It’s not en…


“Cloud Native Authorization Landscape” Jimmy Zelinskie · Talk (30 minutes)

Within the cloud native ecosystem there are a wide variety of tools tackling authorization. This presentation covers what those tools are and how they relate to each other so that folks can find the right tool for the job.


“The Shifting Sands of Security and Compliance in the Cloud” Sonny Shi · Lightning Talk (5 minutes)

Cloud Custodian is an open source cloud security, governance, and management tool with powerful integrations with AWS cloud services that allows for quick response times to address a wide array of compliance, governance, and security issues. As public cloud adoption increases across industries, the…


“Speed up highly available deployments on Kubernetes” Mariana Ramos Franco · Lightning Talk (5 minutes)

In this talk we will show you how we speed up Cortex deployments at scale, using zone-aware Kubernetes controllers.

Kubernetes allow pods to be spread across different zones through topology constraints but these are not taken into consideration during rollout updates, or on pod disruption budgets…


“Using Kubernetes and Crossplane Together To Help Developers Code Cloud Native Applications” Ramiro Berrelleza, Viktor Farcic · Talk (30 minutes)

This talk would cover why there is a need to give developers access to Kubernetes based development environments and Crossplane during development: so they can code and test their changes in an environment as close to production as possible.

The talk will highlight the challenges developers face du…


“A New Kind of Cloud System Interface with WebAssembly” Jiaxiao Zhou, Danilo Chiarlone · Talk (30 minutes)

Engineering distributed applications has never been harder. The development process is filled with work that distracts from business logic, such as state persistence, event-handling, and knowledge about orchestrators, schedulers, and cloud providers. What if we create a new POSIX for the cloud?

T…


“Kubes and Cubes: Puzzling Out Cloud-Native Tech” Karen Bruner · Lightning Talk (5 minutes)

What do you do when faced with the ever-growing and always confusing cloud native landscape? Use visual, interactive analogies from the equally confusing twisty-puzzle landscape!


“How to measure CPU and memory usage of eBPF programs” Mauricio Vasquez Bernal · Talk (30 minutes)

eBPF is now a well-known technology used for networking, observability and security purposes in the cloud native landscape. There are a lot of different projects like BCC, Cilium, Falco, Pixie and Inspektor Gadget (to mention a few) that use eBPF as its core technology. One question often asked is …


“Setting up a logging stack in 5 minutes” Dan Bason, Sanjay Nadhavajhala · Lightning Talk (5 minutes)

Log aggregation is one of the cornerstones of observability but setting up a logging stack can be overly complicated. As the number of clusters an operations team are expected to manage explodes a simpler solution is needed. This talk will demonstrate how we can simplify this process and set up a l…


“Multi Cluster Observability and AIOps with Opni” Sanjay Nadhavajhala · Talk (30 minutes)

The collection and storage of observability data is critical for day to day operations and long term health of clusters and applications. The increasing volume of this observability data can be leveraged by AI algorithms and data analytics to automate triaging, response, and remediation for common …


“Think Certification Management Is Hard? Enable HTTPS Access in Minutes with Cert Manager” Onkar Bhat · Talk (30 minutes)

You’re deploying a project with a Kubernetes service that can be accessed using port-forward or an external IP, by using the load balancer service type. But when it’s time to deploy the project into production, the documentation doesn’t explain how to set up TLS. Now what?

Cert-manager to the resc…


“API Server Inception: How many layers down can a virtual cluster go?” Mike Tougeron · Talk (30 minutes)

Working in a large team, multi-tenant organization can be hard. There can be sub-teams, sibling teams, different BUs, parallel efforts, clients, tenants and more that all need to both collaborate and be kept separate. In this complex type of environment RBAC, access rules, network policies, and api…


“Some Assembly Required: Infrastructure lessons from Lego, K'Nex, & Mario Kart” Jeremy Tanner · Lightning Talk (5 minutes)

The Lego experience is more than just a collection of premium priced bricks in a box. If one looks closer, it's full of guidance for the cloud native developer, including; interoperability, backward compatibility, design, and documentation. This brief rant will highlight ways your project can meet …


“Detecting Cryptocurrency Mining With eBPF” Tracy P Holmes · Talk (30 minutes)

eBPF allows for introspection of events across entire nodes and is a powerful foundation for collecting data from different workloads on a Kubernetes cluster. This talk will explore step-by-step a cryptocurrency mining attack, showing how it behaves, evolves, and how different stages of the attack …