Cloud Native Rejekts NA (Los Angeles + Hybrid) 2021

“Tinkerbell, a deep dive into the magic of cloud native bare metal” Daniel Finneran · Talk (30 minutes)

Servers are everywhere, your VMs, containers, functions and even "serverless" code lives, breathes and runs on servers. Unfortunately even today managing the lifecycle of a bare metal server still requires antiquated tooling, scripts and is largely difficult to manage and operate. The tinkerbell pr…


“Say goodbye to PSP! Migrate your PSP rules to OPA with no hassle” Stefano Chierici · Talk (30 minutes)

Pod Security Policies are cluster-wide resources that control security sensitive aspects of pod specification, defining a set of conditions that a pod must run with in order to be accepted into the system.
Due to its limitations, recently the Kubernetes Auth Special Interest Group (AKA sig-auth) a…


“Avoid Spikes: Unexpected Kubernetes Behaviors” Joe Thompson · Talk (30 minutes)

We all know that Kubernetes is complex and provides an ever-increasing set of capabilities for managing your workloads, but the basics of it like how pods work, how you expose a service, and so on are pretty simple... or are they? Even basic operations occasionally have sharp edges that can give y…


“Don’t Read the Manual: Automating Helm Provisioning with Terraform” Scott Reu · Talk (30 minutes)

Helm is designed to take the guesswork (and a lot of the YAML) out of deploying a Kubernetes application. If you’ve ever needed to rapidly deploy a durable application, you’ve probably taken a long look at a Helm chart. And if you’re already using Helm, you’ve probably considered about how Infrastr…


“There’s No Free Lunch, but Can I Have a Free Sandwich With Observability?” Łukasz Piątkowski · Talk (30 minutes)

This session is going to present a full cloud-native observability stack that can be used to get monitoring data from a non-orchestrated micro-services architecture oriented application.
The application will use HTTP and gRPC for communication, but will not include any code to aid with its monitori…


“depstat: Analyzing a Go Project’s Dependencies” Arsh Sharma · Talk (30 minutes)

This talk will be about the importance of tracking dependencies in a large project like Kubernetes and about "depstat" which is a tool created to track dependency updates to the Kubernetes codebase. The Kubernetes repository receives many pull requests each day many of which bring dependency change…


“Hijack a Kubernetes Cluster - a Walkthrough” Nico Meisenzahl · Talk (30 minutes)

Nico will show how to hijack a Kubernetes cluster based on common attack vectors. You'll also learn why it's important to implement zero-trust to prevent data leaks and malicious workloads from being executed on a hijacked cluster.
Furthermore, he will show you how to protect your cluster from bein…


“Bringing the power of eBPF tools to your Kubernetes web UI” Joaquim Rocha, Marga Manterola · Talk (30 minutes)

We built Inspektor Gadget to enable Kubernetes operators to get insights on their clusters, simplifying running bcc tools and using the power of eBPF to build more advanced gadgets. We designed Headlamp to help operators visualize and control their clusters, and we made it extensible so that users …


“National Association of W Lovers: How We Can Create a Thriving Wasm Ecosystem” Taylor Thomas, Matt Butcher · Talk (30 minutes)

Just as Java beget a litany of J-titled projects and Kubernetes gave us everything from KOPS to K3S, the emerging Wasm landscape is littered with W names. Wasm Fever has officially begun! And we at DeisLabs are releasing many Wasm-related projects.

While it might seem like we're peppering the lands…


“Troubleshooting Kubernetes CRDs is too damn hard” Nick Young · Talk (30 minutes)

When something to do with your CRDs breaks, how many kubectl commands do you need to understand what’s happened?

This talk argues that “how many kubectls?” is a key metric that codifies the usability of any set of CRDs, and suggests some guidelines for CRD authors to manage this metric and improve …


“Growing the Community around CNCF Incubation project Emissary Ingress” Cindy Mullins · Talk (30 minutes)

More than 4 years ago, the Ambassador Labs team recognized the power of Envoy Proxy and started building the Ambassador API gateway. Back then they thought of Ambassador as the human way to harness the power of Envoy Proxy, which was mostly built for machine configuration. Over the last four years …


“Ray on Public-Cloud Kubernetes: experiments, lessons learned, and suggested best practices” Madhuri Yechuri, Chi Su, Anne Holler · Talk (30 minutes)

Ray is an increasingly popular distributed execution framework for scaling applications and leveraging state of the art machine learning libraries. With the availability of GPU compute shapes on public clouds, deploying Ray on the public cloud is an attractive option over deploying it on bespoke on…