Loading…
In-person + Virtual
November 6-9
Learn More and Register to Attend

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon North America 2023 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Central Standard Time (UTC -6). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change.
Simple
Expanded
Grid
By Venue
Sunday, November 5
 

11:00am CST

Open Space Session: AI Inferencing in Cloud NativeWASM
Be in Spin and serverless AI, or Wasi-nn with LLM Inferencing, this is an extremely interesting time for AI and WebAssembly. Let's join to discuss further advancements in Cloud Native WASM and AI collab
Sunday November 5, 2023 11:00am - 11:45am CST
Open Space Session 1 | Solutions Showcase
  Experiences

12:00pm CST

Open Space Session: Engineers need some much needed R&R (Reliability and Resiliency)
Businesses expect reliable and resilient systems for their customers. Still, leaders often don't know what that means or what it takes to implement - they think you can implement Kubernetes and everything is self-healing.

In this open space session, we will talk about all the toil of software delivery and what R&R pain points folks are having today (or learn what pain points they will eventually be dealing with based on shared learning). We'll make sure we have some actionable takeaways and continued community discussions in slack.

Sunday November 5, 2023 12:00pm - 12:45pm CST
Open Space Session 2 | Solutions Showcase
  Experiences

2:00pm CST

Badge Pick-Up
Sunday November 5, 2023 2:00pm - 6:00pm CST
West Center Lobby - McCormick Place (Level 3)
  Badge Pick-Up
 
Monday, November 6
 

7:30am CST

Badge Pick-Up
Monday November 6, 2023 7:30am - 5:30pm CST
West Center Lobby - McCormick Place (Level 3)
  Badge Pick-Up

8:00am CST

Community Office Hours
Monday November 6, 2023 8:00am - 5:00pm CST
W191 (Ground Level)
  Experiences

8:00am CST

Project Working Sessions
In- Person Project Working Sessions allow project maintainers to come together and dive into project related topics such as upcoming or current features, roadmaps, or issues to overcome. These meetings are for maintainers, contributors, and invited guests only.

For Project Working Session locations, please visit the schedule on the Project Engagement page.


Monday November 6, 2023 8:00am - 5:00pm CST
TBA
  Project Working Sessions

9:00am CST

Better Secrets Management with Kubernetes Hosted by Akamai (AM Session)
Master secret management in Kubernetes with this step-by-step workshop on deploying self-hosted HashiCorp Vault on Akamai Connected Cloud (formerly Linode).

If you’ve defined a Secret resource in Kubernetes before, you know how effortless it is just to reuse that secret. This ease of use is Kubernetes benefit but has a massive underlying issue: Kubernetes Secrets are anything but genuinely secret. Sure, they’re stored Base64 encoded, but who doesn’t already know that? Since Kubernetes Secrets can be easily reused and read, your secrets might be just one bad commit away from being leaked to the world.

This workshop, led by Justin Mitchel of Coding for Entrepreneurs, teaches you to deploy a self-hosted HashiCorp Vault for efficient Kubernetes secret management.

Prerequisites: A working knowledge of Kubectl and access to provision resources on a running cluster.

What’s included:
  • $250 in free cloud computing services credit for Akamai Cloud
  • A paper-back copy of the Manning book “Road to Kubernetes” by Justin Mitchel
  • One Rocketbook Pro
  • Soft drinks, coffee, and refreshments throughout the workshop
  • Buffet lunch by Portillo’s
 
 Want a preview of the training? Join our Linkedin live session on September 12 at 5:30 p.m. ET.

Please note that this is an off-site Sponsor-hosted Co-located event and must be added to your KubeCon + CloudNativeCon registration (additional fee). 
For questions regarding this event, please contact: kpierce@akamai.com
Monday November 6, 2023 9:00am - 12:00pm CST
Level K Event Space 2255 S Michigan Ave 1st floor, Chicago, IL 60616
  Sponsor-hosted Co-located Events

9:00am CST

Kubernetes on Edge Day Hosted by CNCF - Half Day Event | ALL ACCESS PASS REQUIRED
Kubernetes on Edge Day Schedule is now LIVE!

Kubernetes on Edge Day in North America invites developers and adopters from across the entire cloud native ecosystem to come together and share their insights and experiences in constructing, enhancing, and improving their edge infrastructure. This event is a must-attend for any developer interested in understanding how to deploy Kubernetes and cloud native projects at the edge.

By 2025, Edge Computing is projected to quadruple the size of cloud computing and will be responsible for generating 75% of the global data. With hardware and software dispersed across hundreds or even thousands of locations, the simple paradigms around observability, loosely coupled systems, declarative APIs, and strong automation that have propelled the success of cloud native technologies in the cloud are the only feasible way to manage these distributed systems. Kubernetes is already a significant component of the edge ecosystem, driving integrations and operations. Join us at Kubernetes on the Edge Day at KubeCon + CloudNativeCon North America and take part in defining the future intersection of cloud native and edge computing. Please visit the event’s webpage for more details.

For questions regarding this event, please reach out to cncfcolocatedevents@linuxfoundation.org.
Monday November 6, 2023 9:00am - 12:15pm CST
W192ABC (Ground Level)
  CNCF-hosted Co-located Events

9:00am CST

DBaaS DevDay Hosted by CNCF - Half Day Event | ALL ACCESS PASS REQUIRED
DBaaS DevDay Schedule is now LIVE!

Join us for an exhilarating half day of discovery and knowledge sharing at DBaaS DevDay, where developers and technology enthusiasts come together to explore the world of cloud native database. This event revolves around the development and utilization of edge tech in database-as-a-service, including but not limited to distributed SQL database, serverless database service, that excels in scalability, reliability, and flexibility comparing to the traditional DBMS. Please visit the event's webpage for more details.

For questions regarding this event, please reach out to cncfcolocatedevents@linuxfoundation.org.

Monday November 6, 2023 9:00am - 12:20pm CST
W193AB (Ground Level)
  CNCF-hosted Co-located Events

9:00am CST

OSPOlogy Live North America
The event will bring together legal experts and open source professionals within organizations (OSPOers) to set a common ground and secure space where both parties can engage in legal discussions around Al licenses and compliance and its implications in open source communities.

Location: Marriott Marquis Chicago | Grand Ballroom E | Level 4 ABC Building

9:00 - 9:15am - Registration & Hallway Track
9:15 - 9:30am - Welcome
9:30am - 12:00pm - Panel Discussions
12:00 - 1:00pm - Lunch
1:00 - 2:45pm - Roundtable Discussions

For more information and to register: https://community.linuxfoundation.org/events/details/lfhq-ospologylive-na-chapter-presents-legal-ospologylive-na-kubecon-na-2023/

Attendees do not need to be registered for KubeCon + CloudNativeCon North America 2023 to attend.
Monday November 6, 2023 9:00am - 2:45pm CST
MARRIOTT MARQUIS CHICAGO, GRAND BALLROOM E
  Experiences

9:00am CST

Data Workshop on Kubernetes Hosted by Portworx by Pure Storage
The Data Workshop on Kubernetes brought to you by Portworx is in Chicago and we’re hungry for pizza! If running applications on Kubernetes has given you operational hunger pains in your Platform Engineering journey, come prepared with your laptop to experience how you can use the gold standard in cloud native storage to serve up a slice of operational goodness to your developers!

Immerse yourself in a transformative workshop designed to empower Platform Engineering teams. Join us for insightful introductory sessions from industry experts and users covering a diverse range of topics impacting platform engineering, such as WASM and A.I., complemented by hands-on labs exclusively tailored to tackle the nuances of running stateful applications in Kubernetes using the cutting-edge Portworx platform. Discover the keys to conquering storage challenges faced by Platform Engineers such as shadow ops, developer context switching, and application resiliency ensuring peace of mind and uninterrupted sleep at night. This workshop is your gateway to discovering innovative solutions and mastering the art of building resilient, data-centric platforms.

Join us for an action-packed day of learning and discussions followed by a happy hour and famous Chicago-style deep dish pizza where you can network with other industry professionals!

Please note that this is an off-site Sponsor-hosted Co-located event and must be added to your KubeCon + CloudNativeCon registration (additional fee applies.)
For questions regarding this event, please contact: ttung@purestorage.com


Monday November 6, 2023 9:00am - 4:00pm CST
Fatpour Tap Works 2206 S Indiana Ave, Chicago, IL 60616
  Sponsor-hosted Co-located Events

9:00am CST

Operator Day Hosted by Canonical

Join us to hear about the charming story of Operator Inc.

At Operator Day NA 2023, we will take you through the journey of building, deploying, operating and scaling applications with software operators through the lens of an enterprise called “Operator Inc.”

What are software operators?
Administrators, devops engineers and SREs run their applications efficiently and effectively with operators. Operators implement the operational tasks of applications and workloads with source code. Today, they are crucial in the Kubernetes landscape. Canonical provides an OSS-based platform and framework for building and running operators: Charms created with the Charm SDK.

Why attend Operator Day?
We launched Operator Day at KubeCon + CloudNativeCon North America in 2020. Since then, we have proudly hosted six Operator Day events with sessions covering Charms, what they are, how to use them, how to create them and how you can benefit from them. If you missed past events, you can freely access recordings on YouTube.
The event is entirely virtual. You can dial in from anywhere and attend.


Please note that this is a Virtual  Sponsor-hosted Co-located event.
For questions regarding this event, please contact: mohamed.elmasry@canonical.com
For details and information, please visit: https://juju.is/operator-day
Virtual Platform: https://app.myonvent.com/event/operator-day/
Monday November 6, 2023 9:00am - 4:00pm CST
Virtual
  Sponsor-hosted Co-located Events

9:00am CST

Azure Day with Kubernetes Hosted by Microsoft Azure
Join us for an immersive in-person day led by a team of Microsoft experts, where you'll gain invaluable insights into best practices for harnessing the power of Kubernetes on Azure for your cloud-native and intelligent applications.  

We will cover what is new in the world of Azure Kubernetes Service and provide deep dives into various product areas and topics, including resiliency and Fleet management. Attendees will also have the opportunity to participate in topical roundtables and pose your most pressing questions to the Azure Kubernetes Service product team.

AGENDA
Keynote: What's New in AKS

AM Sessions:
  • Innovate with AKS and AI
  • Build for resiliency and scale

Lunch + Tables with Topics: Join our experts for lunch and topical discussion roundtables.

PM Sessions:
  • Runnings stateful workloads on AKS
  • Fleet Management and extending AKS beyond the cloud

Customer Fireside Chat
Ask the Experts

Please note that this is an off-site Sponsor-hosted Co-located event.

For more information, and to register, please visit: http://azuredaywithkubernetes.com/

For questions regarding this event, please contact: v-nicmcginty@microsoft.com or
 v-rmcfarlane@microsoft.com
Monday November 6, 2023 9:00am - 5:00pm CST
Palmer House Hilton, Red Lacquer, 4th Floor 17 E Monroe St, Chicago, IL , 60603
  Sponsor-hosted Co-located Events

9:00am CST

Rancher Day Hosted by Rancher by SUSE - SOLD OUT
Join us at Rancher Day, a full-day hands-on technical workshop led by the creators of Rancher and NeuVector. Elevate your Kubernetes expertise as our engineers delve into cluster optimization, securing production environments, and simplified application deployment using open-source tools. This intermediate-level workshop is tailored for operators and developers with basic Kubernetes knowledge.

Agenda:

Module 1 - Operationalizing Kubernetes from Day OneLearn container management fundamentals, including cluster setup, deployment, and operational management. Discover how to scale clusters, integrating workloads from various environments, including virtualized, hybrid cloud, and on-premises.

Module 2 - Running Day Two Operations: Managing and Securing Production ClustersDeep dive into building a robust production container stack, covering network to storage aspects. Explore advanced container security practices, zero trust policies, authentication, and policy management. Gain insights into observability and monitoring tools for meaningful stack insights.

Module 3 - Deployment Applications on Kubernetes
Empower developers to create and deploy applications on Kubernetes. Learn to design a secured application build-ship-run process with open-source cloud-native tools. Optimize and maintain application performance through custom metrics, logging, and insights.

Don’t miss out. Limited spaces, registration required. Catering and exclusive Rancher swag bag provided for attendees.

Please note that this is an off-site Sponsor-hosted Co-located event.

For questions regarding this event, please contact: todd.harrison@suse.com
Monday November 6, 2023 9:00am - 5:00pm CST
Hyatt Regency Chicago, Ballroom B 151 E Wacker Dr, Chicago, IL 60601
  Sponsor-hosted Co-located Events

9:00am CST

AppDeveloperCon Hosted by CNCF - Full Day Event | ALL ACCESS PASS REQUIRED
AppDeveloperCon Schedule is now LIVE!

AppDeveloperCon is designed for developers at all levels who are involved in the architecture, design, and development (using any programming language) of cloud-native applications. To learn more please visit the event's website.

For questions regarding this event, please reach out to cncfcolocatedevents@linuxfoundation.org.


Monday November 6, 2023 9:00am - 5:30pm CST
W178AB (Ground Level)
  CNCF-hosted Co-located Events

9:00am CST

ArgoCon Hosted by CNCF - Full Day Event | ALL ACCESS PASS REQUIRED
ArgoCon Schedule is now LIVE!

ArgoCon is designed to foster collaboration, discussion, and knowledge sharing on the Argo Project, which consists of four projects: Argo CD, Argo Workflows, Argo Rollouts and Argo Events.

The Argo Project is a suite of open source tools for deploying and running applications and workloads on Kubernetes. It extends the Kubernetes APIs and unlocks new and powerful capabilities in application deployment, container orchestration, event automation, progressive delivery, and more.
Connect with others that are passionate about Argo and interact with project maintainers. Learn from practitioners about pitfalls to avoid and best practices on how to adopt Argo in your cloud-native environment. Get inspired by and provide input to Argo leads on project roadmaps.

The event is vendor-neutral and is being organized by the CNCF Argo Community. Topics in the past have included getting started with Argo, scaling and managing Argo, lessons learned from production deployments, technical sessions, and thought leadership. Please visit the event's webpage for more details.

For questions regarding this event, please reach out to cncfcolocatedevents@linuxfoundation.org.

Monday November 6, 2023 9:00am - 5:30pm CST
W185ABC (Ground Level)
  CNCF-hosted Co-located Events

9:00am CST

BackstageCon Hosted by CNCF - Full Day Event | ALL ACCESS PASS REQUIRED
BackstageCon schedule is now LIVE! 

BackstageCon is a one-day conference focused on all things Backstage: an open platform for building developer portals. At BackstageCon, we’ll provide a vendor-neutral space for collaboration and learning centered on improving developer experience and effectiveness through open source technologies.

The event is vendor-neutral and organized by members of the Backstage community. For more details please visit the event's webpage.

For questions regarding this event, please reach out to cncfcolocatedevents@linuxfoundation.org
Monday November 6, 2023 9:00am - 5:30pm CST
W196ABC (Ground Level)
  CNCF-hosted Co-located Events

9:00am CST

Cloud Native Wasm Day Hosted by CNCF - Full Day Event | ALL ACCESS PASS REQUIRED
Cloud Native Wasm Day Schedule is now LIVE! 

Cloud Native WebAssembly Day highlights the growing importance and ubiquity of WebAssembly throughout the cloud-native ecosystem. As an application host, an application plugin, or an application platform, WebAssembly is a technology that is compatible with containers and Kubernetes but not dependent upon them. Along with devices, virtual machines, containers, and kubernetes, WebAssembly is an additional deployment method for workloads everywhere. Please visit the event's webpage for more details.

For questions regarding this event, please reach out to cncfcolocatedevents@linuxfoundation.org.

Monday November 6, 2023 9:00am - 5:30pm CST
W180 (Ground Level)
  CNCF-hosted Co-located Events

9:00am CST

CNCF-hosted Co-located Events - ALL ACCESS PASS REQUIRED
CNCF-hosted Co-located Event Schedule is now LIVE! 

Monday November 6, 2023 9:00am - 5:30pm CST
Various Locations - Please Check Sched
  CNCF-hosted Co-located Events

9:00am CST

Data on Kubernetes Day Hosted by CNCF - Full Day Event | ALL ACCESS PASS REQUIRED
Data on Kubernetes Day Schedule is now LIVE!

Running data workloads on Kubernetes has a transformative impact on organizations who benefit from increased productivity, revenue growth, market share, and margin. Data on Kubernetes Day (DoK Day) is where the industry convenes to share best practices and use cases, forge critical relationships, and learn about advancements in the use of Kubernetes for data.

The event also serves as a forum for collaboration and discussion to help inform decisions about the future of data on Kubernetes. Whether you’re running DoK in production or just getting started, DoK Day has content to help you wherever you are in your journey.

DoK Day is vendor-neutral and organized by the community in collaboration with Cloud Native Computing Foundation. In addition to talks, we host musical performances, showcase community art, and host interactive quizzes for community fun and engagement. For more details please visit the event's webpage.

For questions regarding this event, please reach out to cncfcolocatedevents@linuxfoundation.org.

Monday November 6, 2023 9:00am - 5:30pm CST
W471AB (Level 4)
  CNCF-hosted Co-located Events

9:00am CST

EnvoyCon Hosted by CNCF - Full Day Event | ALL ACCESS PASS REQUIRED
EnvoyCon Schedule is now LIVE!

The Envoy maintainers are excited to announce the 6th annual EnvoyCon. This is a practitioner-driven community conference emphasizing end-user case studies, and technical talks from organizations that have chosen to build offerings on top of Envoy. These are not product pitches but successes and problem solving discussions. Join us for an exciting day of technical content, knowledge sharing, and engaging with project thought leaders. Envoy is a cloud-native high-performance edge, middle, and service proxy. Originally built at Lyft to provide functionality around observability and greater reliability, Envoy has been a CNCF graduated project since 2017. In a short period of time, with the help of the open source community, Envoy has been widely adopted across industries in a variety of different deployment scenarios including edge proxy, service mesh, internal middle-proxy load balancer, to name a few. Envoy’s extensibility, performance, quality, API driven configuration, and community have all been drivers for the rapid growth of the project. Please visit the event’s webpage for more details.

For questions regarding this event, please reach out to cncfcolocatedevents@linuxfoundation.org.

Monday November 6, 2023 9:00am - 5:30pm CST
W175ABC (Ground Level)
  CNCF-hosted Co-located Events

9:00am CST

Istio Day Hosted by CNCF - Full Day Event | ALL ACCESS PASS REQUIRED
Istio Day Schedule is now LIVE!

Istio Day community event for the industry’s most popular service mesh, where you will find lessons learned from running Istio in production, hands-on experiences, and featuring maintainers from across the Istio ecosystem.
Please visit the event’s webpage for more details.

For questions regarding this event, please reach out to cncfcolocatedevents@linuxfoundation.org.

Monday November 6, 2023 9:00am - 5:30pm CST
W470AB (Level 4)
  CNCF-hosted Co-located Events

9:00am CST

Kubernetes AI + HPC Day Hosted by CNCF - Full Day Event | ALL ACCESS PASS REQUIRED
Kubernetes AI + HPC Day Schedule is now LIVE! 

Processing data creates insight and helps make the world a better place. With a renowned focus on batch workloads for HPC, AI/ML in Kubernetes we want to bring together a community of experts – open source contributors, practitioners, researchers, and end users who want to make Kubernetes the best tool to manage infrastructure for research, training and production use cases. Please visit the event’s webpage for more details.

For questions regarding this event, please reach out to cncfcolocatedevents@linuxfoundation.org.

Monday November 6, 2023 9:00am - 5:30pm CST
W194AB (Ground Level)
  CNCF-hosted Co-located Events

9:00am CST

Observability Day Hosted by CNCF - Full Day Event | ALL ACCESS PASS REQUIRED
Observability Day schedule is now LIVE! 

Observability Day fosters collaboration, discussion, and knowledge sharing of cloud-native observability projects (including but not necessarily limited to Prometheus, Fluentd, Fluent Bit, OpenTelemetry, and OpenMetrics), as well as vendor-neutral best practices for addressing observability challenges. Sessions include a keynote, panel discussions, workshops, lightning talks, and individual presentations. This event is intended both for audiences that are new to observability as well as for seasoned practitioners. Observability Day will enable you to spend a day peeking under the hood of major Cloud Native Computing Foundation observability-related projects and broadening your knowledge of observability. The event is vendor-neutral and organized by members of the community.

Please visit the event’s webpage for more details.

For questions regarding this event, please reach out to cncfcolocatedevents@linuxfoundation.org.



Monday November 6, 2023 9:00am - 5:30pm CST
W176ABC (Ground Level)
  CNCF-hosted Co-located Events

9:00am CST

[Livestream Sponsored by Isovalent] CiliumCon Hosted by CNCF - Full Day Event | ALL ACCESS PASS REQUIRED
CiliumCon will be livestreamed* in our virtual platform. Thank you to our live stream sponsor, Isovalent. *Must be registered for KubeCon + CloudNativeCon North America to view livestream. 

CiliumCon is a full-day co-located event for Cilium users, contributors, and new community members. Join us for our first CiliumCon in North America!

Cilium is an open source, widely-used, and highly scalable cloud native networking solution based on the kernel technology eBPF, that connects workloads in Kubernetes and beyond, with powerful built-in observability and security capabilities.

At CiliumCon you’ll hear from end users who will share their experiences, and from contributors who will teach you about Cilium’s technology, and its use of eBPF to provide high-performance connectivity, observability, and security. It’s your chance to connect with maintainers and practitioners who are passionate about Cilium and eBPF! Please visit the event's webpage for more details.

For questions regarding this event, please reach out to cncfcolocatedevents@linuxfoundation.org.

Talk Schedule:
9:00am – 9:10am
Welcome + Opening Remarks - Liz Rice, Isovalent & Laurent Bernaille, Datadog
Speakers: Liz Rice, Laurent Bernaille

9:50am – 10:15am
From Imagination to Implementation: Inside Adobe's Production-Grade Deployment with Cilium - Joseph Sandoval & Tony Gosselin Adobe
Speakers: Tony Gosselin, Joseph Sandoval

10:20am – 10:25am
Controlling Access to External APIs with Cilium - Luis Ramírez, SuperOrbital
Speakers: Luis Ramírez

10:30am – 10:35am
Sponsored Keynote: Advancing Cilium Within the Kubernetes Ecosystem - Idit Levine, Solo.io
Speakers: Idit Levine

11:05am – 11:30am
Sponsored Keynote: Effortless Mutual Authentication With Cilium`- Christine Kim, Isovalent
Speakers: Christine Kim

11:40am – 12:05pm
What's Smoother Than Your Morning Espresso Pull? Bridging Gaps with BGP and Cilium! - Marino Wijay, Solo.io
Speakers: Marino Wijay

12:15pm – 12:40pm
Using Cilium CNI in ClickHouse Cloud - Timur Solodovnikov, ClickHouse, Inc
Speakers: Timur Solodovnikov

1:30pm – 1:55pm
Past, Present, Future of Tetragon- First Production Use Cases, Lessons Learnt, Where Are We Heading? - Natalia Reka Ivanko & John Fastabend, Isovalent
Speakers: John Fastabend, Natalia Reka Ivanko

2:05pm – 2:30pm
Secure Infrastructure with Combined Runtime and Network Security - Thomas Graf, Isovalent
Speakers: Thomas Graf

2:40pm – 3:05pm
From Eventual to Strict Encryption – Securing Cilium’s WireGuard Encryption - Leonard Cohnen, Edgeless Systems
Speakers: Leonard Cohnen

3:15pm – 3:40pm
Come BGP with Me - Daneyon Hansen, Solo.io & Yutaro Hayakawa, Isovalent
Speakers: Daneyon Hansen, Yutaro Hayakawa

3:15pm – 3:40pm
Day 2 with Cilium - What to Expect Running at Scale - Hemanth Malla & Maxime Visonneau, Datadog
Speakers: Maxime Visonneau, Hemanth Malla

4:25pm – 4:50pm
Why KVStoreMesh? Lessons Learned from Scale Testing Cluster Mesh with 50k Nodes Across 255 Clusters - Ryan Drew, Isovalent
Speakers: Ryan Drew

4:25pm – 4:50pm
Migrating from Legacy with Ease, a.k.a. Cilium in Openstack and More - Ondrej Blazek, Seznam.cz
Speakers: Ondrej

5:00pm – 5:25pm
Netreap: Bridging the Gap Between Cilium and Nomad - Dan Norris, Cosmonic
Speakers: Dan Norris

5:25pm – 5:35pm
Closing Remarks - Liz Rice, Isolvalent & Laurent Bernaille, Datadog
Speakers: Liz Rice, Laurent Bernaille

Monday November 6, 2023 9:00am - 5:30pm CST
TBA
  CNCF-hosted Co-located Events

9:00am CST

OpenShift Commons Gathering Hosted by Red Hat - SOLD OUT (in-person. virtual available)
This OpenShift Commons Gathering will be held in person in Chicago, IL and broadcast live to regional watch parties around the globe. As always, our focus is on creating a space for peer-to-peer interactions and we'll be going hybrid, so if you are unable to attend in person, join us online. This Gathering will focus on Emerging Technology as well as End User Case Studies with production deployments of OpenShift sharing their use cases, insights into their workloads and lessons learned along the way. Topics covered during this Gathering include hybrid cloud infrastructure, cloud-native development, cloud-native security and new Emerging Technology initiatives. This OpenShift Commons Gathering also warmly welcomes Red Hat’s Vice President and GM of Linux, Gunnar Hellekson, and Vice President of Product Security, Vincent Danen.


Please note that this is an off-site Sponsor-hosted Co-located event that may also be attended virtually.
For questions regarding this event, please contact: npazmino@redhat.com
https://commons.openshift.org/gatherings/kubecon-23-nov-6/


Monday November 6, 2023 9:00am - 6:00pm CST
The Dalcy 302 N Green Street, 3rd Floor, Chicago IL 60607
  Sponsor-hosted Co-located Events

10:00am CST

Learning Day: Defeat Kubernetes Ransomware with KubeCampus Hosted by Kasten by Veeam - SOLD OUT
Are you an experienced Kubernetes practitioner looking to level up your skills?

Join Kasten by Veeam for an all-day event to network with K8s thought leaders, complete hands-on labs, and test your Kubernetes skills. Spend the morning learning about ransomware in Kubernetes and the afternoon testing your Kubernetes skills in a fun coding challenge. You’ll be presented with a real-world scenario and work with a team to find the solution. The top team will win a prize!

Since this is the one-year anniversary of KubeCampus, we’ll be celebrating over lunch and sweet treats. Join KubeCampus Community Manager, Cassandra Faris, and the rest of the team for this very special edition of Learning Day!

Attend and get:
• Valuable knowledge of Kubernetes
• Expert guidance from our K8s professionals to help you complete the labs
• A KubeCampus lapel pin, swag bag, and special edition digital badge to display on your KubeCampus profile

Please note that this is an off-site Sponsor-hosted Co-located event.

For questions regarding this event, please contact: cassandra.faris@veeam.com

https://kubecampus.io/resources/learning-day/
Monday November 6, 2023 10:00am - 4:00pm CST
Microsoft Midwest District, AON Building 200 E Randolph St #200, Chicago, IL 60601
  Sponsor-hosted Co-located Events

11:00am CST

Secure your AWS Workloads as you Build with Snyk and Chainguard Hosted by Snyk
Traditional security tools and the increased complexity of modern containerized applications make security more difficult for developers and may disrupt digital transformation initiatives. In order to maintain developer agility and speed, IT teams now require a modern security solution that can automate security controls across the SDLC, from the very first line of code, to find and automatically fix vulnerabilities across source code, infrastructure-as-code templates, container images, Kubernetes applications, and open-source artifacts.
 
Snyk provides a developer-first security platform that helps you find and automatically fix vulnerabilities across each of these components, integrated with the AWS and 3rd party services that your teams use to build and run their applications.

Join Snyk, Chainguard, and AWS for a hands-on workshop where you will learn how a malicious actor might break into an application, and how you can use Snyk security controls to mitigate and remediate those same security vulnerabilities.
 
In this workshop, you will:
  • Detect and fix vulnerabilities in containers and source dependencies in Amazon ECR and Amazon EKS workloads during the development phase
  • Upgrade to recommended, secure base images
  • Secure Kubernetes workloads by prioritizing vulnerabilities in container packages used at runtime to eliminate noise

Prerequisites: Attendees should have a basic understanding of EKS, including creating and accessing an EKS cluster. No prior Snyk experience is necessary.

Please note that this is a Virtual Sponsor-hosted Co-located event.
Zoom Link: https://snyk.zoom.us/webinar/register/8016964362675/WN_lkI3E4quRAyEMZ4Po-xC2A

For questions regarding this event, please contact: madison.rocha@snyk.io





Monday November 6, 2023 11:00am - 1:00pm CST
Virtual
  Sponsor-hosted Co-located Events

11:00am CST

Distributed SQL Summit Hosted by YugabyteDB - SOLD OUT
Our interactive event brings together the Kubernetes community to learn how distributed SQL databases are shaking up the decades-old regime of traditional RDBMS.

Please note that this is an off-site Sponsor-hosted Co-located event. Please add-on to your KubeCon + CloudNativeCon registration.

For questions regarding this event, please contact: events@yugabyte.com
For details and location information, please visit: https://info.yugabyte.com/2023-dss-chicago
Monday November 6, 2023 11:00am - 5:30pm CST
Marriott Marquis Chicago at McCormick Place 2121 South Prairie Ave, Chicago, IL 60616
  Sponsor-hosted Co-located Events

11:30am CST

Cloud Native StartupFest Hosted by CNCF - Half Day Event | ALL ACCESS PASS REQUIRED
Cloud Native StartupFest Schedule is now LIVE! ​​​

Join us for the first ever Cloud Native StartupFest. Hosted by Erica Brescia (past founder of Bitnami, COO of GitHub and now Managing Director of Redpoint Ventures), Jesse Robins (past co-founder of Chef and Orion Labs and now General Partner of Heavybit), and Dave Zilberman (past Managing Director of Comcast Ventures and now General Partner of Norwest Venture Partners), Cloud Native StartupFest will address topics only relevant to open source and cloud native startups. Get inspired by hearing from successful cloud native entrepreneurs, learn about some of the most exciting cloud native startups in the space, get a glimpse into the current state of fundraising and receive guidance on how to take your idea from community adoption to success.
Monday November 6, 2023 11:30am - 4:30pm CST
MARRIOTT MARQUIS GRAND HORIZON BALLROOM F/G
  CNCF-hosted Co-located Events

12:00pm CST

Better Secrets Management with Kubernetes Hosted by Akamai (PM Session)
Master secret management in Kubernetes with this step-by-step workshop on deploying self-hosted HashiCorp Vault on Akamai Connected Cloud (formerly Linode).

If you’ve defined a Secret resource in Kubernetes before, you know how effortless it is just to reuse that secret. This ease of use is Kubernetes benefit but has a massive underlying issue: Kubernetes Secrets are anything but genuinely secret. Sure, they’re stored Base64 encoded, but who doesn’t already know that? Since Kubernetes Secrets can be easily reused and read, your secrets might be just one bad commit away from being leaked to the world.
This workshop, led by Justin Mitchel of Coding for Entrepreneurs, teaches you to deploy a self-hosted HashiCorp Vault for efficient Kubernetes secret management.

Prerequisites: A working knowledge of Kubectl and access to provision resources on a running cluster.

What’s included:
  • $250 in free cloud computing services credit for Akamai Cloud
  • A paper-back copy of the Manning book “Road to Kubernetes” by Justin Mitchel
  • One Rocketbook Pro
  • Soft drinks, coffee, and refreshments throughout the workshop
  • Buffet lunch by Portillo’s
 
 Want a preview of the training? Join our Linkedin live session on September 12 at 5:30 p.m. ET.

Please note that this is an off-site Sponsor-hosted Co-located event and must be added to your KubeCon + CloudNativeCon registration (additional fee). 
For questions regarding this event, please contact: kpierce@akamai.com
Monday November 6, 2023 12:00pm - 4:00pm CST
Level K Event Space 2255 S Michigan Ave 1st floor, Chicago, IL 60616
  Sponsor-hosted Co-located Events

1:00pm CST

Google Container Day Hosted by Google Cloud - SOLD OUT
This half-day event will be packed with the latest information on running containers with Google Cloud.  We'll end with a reception where you can meet other customers on their container journeys as well as the Googlers behind GKE and Cloud Run!

Agenda:
  • Keynote: The latest features and future vision for Google's managed container offerings
  • Platform Building with GKE: As teams adopt Kubernetes, they face challenges finding the right skills, managing security and spend at scale, and managing their environments. This session will explore how GKE Enterprise enables teams to overcome these challenges.
  • Rapidly Build, Run and Scale Container Applications: Learn how to quickly get started with building and deploying container-based applications on Google Cloud.
  • Generative AI with GKE: Join us to discover how GKE can power your Generative AI and Machine Learning (ML) workloads!
  • Reception: Join us for drinks and appetizers to end the day!

Please note that this is an off-site Sponsor-hosted Co-located event.

For questions regarding this event, please contact: container-day@google.com
https://rsvp.withgoogle.com/events/gke-kube-con-na-23




Monday November 6, 2023 1:00pm - 6:30pm CST
Google Chicago 320 North Morgan Street, Chicago, IL 60607
  Sponsor-hosted Co-located Events

1:15pm CST

Cloud Native Telco Day Hosted by CNCF - Half Day Event | ALL ACCESS PASS REQUIRED
Cloud Native Telco Day will be livestreamed* in our virtual platform. Thank you to our live stream sponsor, Vulk Coop. *Must be registered for KubeCon + CloudNativeCon North America to view livestream. 

Cloud Native Telco Day Schedule is now LIVE!

Adopting cloud native best practices and principles are critical to the success and growth of Service Providers as they scale to meet new demands for 5G and beyond. Cloud Native Telco Day brings together Service Providers and Vendors across the Telco ecosystem to collaborate with the cloud native community to share lessons learned in their cloud native journey.

Anyone involved with the digital transformation of Telco applications and/or infrastructures should join our fourth Cloud Native Telco Day. Please visit the event's webpage for more details.

For questions regarding this event, please reach out to cncfcolocatedevents@linuxfoundation.org.

Monday November 6, 2023 1:15pm - 5:30pm CST
W193AB (Ground Level)
  CNCF-hosted Co-located Events

1:15pm CST

Multi-TenancyCon Hosted by CNCF - Half Day Event | ALL ACCESS PASS REQUIRED
Multi-TenancyCon schedule is now LIVE!

Multi-TenancyCon is a vendor-neutral conference designed to foster collaboration, discussion, and knowledge sharing on Multi-Tenancy framework and technologies, and challenges for implementing and adopting in a production set-up. This event is aimed at audiences that are new to this concept of Multi-Tenancy as well as providing depth to those currently using Multi-Tenancy frameworks and technologies within their organization. Connect with others that are passionate about Multi-Tenancy and interact with open source project maintainers on this topic. Learn from practitioners about pitfalls to avoid and best practices on how to adopt Multi-Tenancy in your cloud-native environment.

Topics include getting started with and adopting a Multi-Tenancy open source tool in a production setup, lessons learned from production deployments, and technical sessions from open source maintainers, platform engineers, and practitioners. Please visit the event’s webpage for more details.

For questions regarding this event, please reach out to cncfcolocatedevents@linuxfoundation.org.
Monday November 6, 2023 1:15pm - 5:30pm CST
W192AB (Ground Level)
  CNCF-hosted Co-located Events

1:15pm CST

[Livestream Sponsored by Vulk Coop] Cloud Native Telco Day Hosted by CNCF - Half Day Event | ALL ACCESS PASS REQUIRED
Cloud Native Telco Day will be livestreamed* in our virtual platform. Thank you to our live stream sponsor, Vulk Coop. *Must be registered for KubeCon + CloudNativeCon North America to view livestream. 

Adopting cloud native best practices and principles are critical to the success and growth of Service Providers as they scale to meet new demands for 5G and beyond. Cloud Native Telco Day brings together Service Providers and Vendors across the Telco ecosystem to collaborate with the cloud native community to share lessons learned in their cloud native journey.

Anyone involved with the digital transformation of Telco applications and/or infrastructures should join our fourth Cloud Native Telco Day. Please visit the event's webpage for more details.

For questions regarding this event, please reach out to cncfcolocatedevents@linuxfoundation.org.

Talk Schedule:

1:15pm – 1:25pm
Welcome + Opening Remarks - Program Committee Members - Lucina Stricko, Vulk Coop & Mary Parsons, DISH Wireless
Speakers: Lucina Stricko, Mary Parsons

1:30pm – 1:55pm
Future of CNCF + LFN's Telco Initiatives - Taylor Carpenter, Vulk Coop & Ranny Haiby, The Linux Foundation
Speakers: Taylor Carpenter, Ranny Haiby

2:05pm – 2:30pm
Nephio: A New Approach for Automating Telco Workloads - Wim Henderickx, Nokia & John Belamaric, Google
Speakers: Wim Henderickx, John Belamaric

2:45pm – 2:50pm
⚡ Lightning Talk: Outsourcing Telco Understanding AI - Self Perfecting Networks - Praveen Mada, DISH Wireless
Speakers: Praveen Mada

2:55pm – 3:00pm
⚡ Lightning Talk: Kubernetes Gateway API for Complex Environments and Service Providers - Philip Klatte, F5, Inc.
Speakers: Philip Klatte

3:15pm – 3:40pm
A Telco CNF Journey from Zero to Millions - Sharath Rao & Abdul Hannan Khan, Ericsson
Speakers: Abdul Hannan Khan, Sharath Rao

3:50pm – 4:15pm
Evolution of Application Visibility for Telcos: From Programmable Switches to Cloud Native - Himal Kumar, Canopus Networks & Thomas Graf, Isovalent
Speakers: Thomas Graf, Himal Kumar

4:25pm – 5:00pm
Panel: Cloud Native Evolution in Telcom Infrastructure - Yoshihiro Nakajima, NTT DOCOMO; Philippe Ensarguet, Orange, Katsuhiro Horiba, SoftBank Corp, Pal Gronsund, Telenor & Ranny Haiby, Linux Foundation
Speakers: Ranny Haiby, Pål Gronsund, Philippe Ensarguet, Yoshihiro Nakajima, Katsuhiro Horiba

5:05pm – 5:10pm
⚡ Lightning Talk: Interoperable CD for Telecom: Paving the Way to Seamless Cloud-Native Integration - Andrea Frittoli, IBM
Speakers: Andrea Frittoli

5:25pm – 5:35pm
Closing Remarks - Lucina Stricko, Vulk Coop & Mary Parsons, DISH Wireless
Speakers: Lucina Stricko, Mary Parsons
Monday November 6, 2023 1:15pm - 5:30pm CST
TBA
  CNCF-hosted Co-located Events

2:00pm CST

Marketing Team Office Hours
Join your CNCF Marketing Team for Office Hours:
  • Monday, November 6: 2:00-4:00pm
  • Tuesday, November 7: 1:00-3:00pm
  • Wednesday, November 8: 1:00-3:00pm
  • Thursday, November 9: By appointment
Monday November 6, 2023 2:00pm - 4:00pm CST
Hyatt Regency McCormick Place, Dusable B
  Experiences

2:00pm CST

IBM & Sysdig Workshop: Security and Monitoring Insights for Cloud-Native Workloads Hosted by IBM + Sysdig
Learn and experience how the combination of security and monitoring built for the cloud provides better outcomes for cloud and DevOps teams. With distributed workloads, operational data, and SaaS dependencies in the cloud, new data demands attention. Monitoring, analyzing, and gauging the status of your infrastructure, services, and applications across all environments is crucial to overcome business and operational hurdles.In this hands-on workshop, you’ll see how IBM and Sysdig can help you:
· Gain better visibility into your cloud environments
· Prioritize the most critical alerts to reduce noise and address real risk
· Gain compliance visibility to harden your cloud deployments,
· Leverage open standards for runtime threat detection and cloud security monitoring.

Attendees should bring their own laptops.

There will be a reception immediately following the workshop.

By attending the workshop, you have a chance to win a Star Wars lego set

To register:
https://www.ibm.com/events/reg/flow/ibm/h64z04mb/landing/page/landing

Please note that this is an off-site Sponsor-hosted Co-located event.
For questions regarding this event, please contact: jtatkins@us.ibm.com

Monday November 6, 2023 2:00pm - 4:00pm CST
Palmer House Hilton, Wabash, 3rd level 17 E. Monroe St Chicago, IL 60603
  Sponsor-hosted Co-located Events

5:30pm CST

⚡ Lightning Talk: A Secure Software Supply Chain for Open Policy Agency (OPA) Policies - Omri Gazitt, Aserto
Open Policy Agent (OPA) is gaining widespread acceptance as a mature decision engine for enforcing policies in a variety of domains, including Kubernetes admission control (Gatekeeper), configuration file policies (Conftest), and application / API authorization (Topaz). Indeed, OPA policies are becoming an integral part of the cloud-native software supply chain. Security and operations teams have tools for packaging and signing application artifacts, and they need the same capabilities for OPA policies. This lighting talk will describe how to build, tag, and sign OPA policies as OCI containers using the policy CLI. Policy CLI is an open source tool that is part of Open Policy Containers (OPCR), a CNCF sandbox project. Policy CLI can be used to pull and push OPA policies OCI-compliant registries, such as GHCR, Docker, or AWS Container Registry. And OPA can now natively pull policy bundles from OCI artifact registries.
Speakers
avatar for Omri Gazitt

Omri Gazitt

Co-founder & CEO, Aserto
Omri is the co-founder/CEO of Aserto.com, an authorization startup, and his 3rd entrepreneurial venture. He spent the majority of his 30-year career working on developer & infrastructure tech, most recently as the CPO of Puppet. Previously he was the VP & GM of HP's Cloud Native Platform... Read More →

Monday November 6, 2023 5:30pm - 5:35pm CST
W375AB (Level 3)
  ⚡ Lightning Talks, SDLC

5:35pm CST

⚡ Lightning Talk: A Tiny Talk on Tiny Containers - Eric Gregory, Mirantis
From latency to cost to sustainability, shrinking workload footprint can produce big results at scale. In this lightning talk for cloud native beginners, learn best practices for reducing container image size—as well as emerging solutions for shrinking workloads, such as deploying WebAssembly modules. By the end of this lightning talk, attendees will understand a variety of simple, practical steps for reducing workload footprint—and as a result, improving performance, utilization, security, and more.
Speakers
avatar for Eric Gregory

Eric Gregory

Senior Technical Writer, Mirantis
Eric Gregory is Senior Technical Writer at Mirantis. His writing on the cloud native landscape has appeared in The New Stack, and he is the author of Learn Kubernetes 5 Minutes at a Time. A former computer science educator, he lives in Carrboro, North Carolina with his wife and s... Read More →

Monday November 6, 2023 5:35pm - 5:40pm CST
W375AB (Level 3)
  ⚡ Lightning Talks, Cloud Native Novice

5:40pm CST

⚡ Lightning Talk: Choose Your Own Abstraction: Iterating on Developer Experience - Rosemary Wang, HashiCorp
Does a developer have to know a platform tool to deploy applications? This question often results in long discussions about building the “right” abstraction, investing in developer enablement, or improving developer experience. The answer often involves a balance of education, platform feature development, and implementation speed. This talk outlines three levels of abstraction that platform engineering teams can offer to developers and discusses the tradeoffs and benefits of each level. As organizations grow, teams need to rebuild abstractions to improve overall developer experience. The patterns in this talk help you identify and evaluate when to move to the next level of platform abstraction and how CNCF projects help alleviate the burden of implementation.
Speakers
avatar for Rosemary Wang

Rosemary Wang

Developer Advocate, HashiCorp
Rosemary Wang works to bridge the technical and cultural barriers between infrastructure, security, and application development. She has a fascination for solving intractable problems as a contributor, educator, speaker, and writer of infrastructure automation. When she is not drawing... Read More →

Monday November 6, 2023 5:40pm - 5:45pm CST
W375AB (Level 3)
  ⚡ Lightning Talks, Platform Engineering

5:45pm CST

⚡ Lightning Talk: Dynamically Proxy Helm Charts as OCI Artifacts - Vadim Bauer, 8gears Container Registry
While Helm Charts can be stored in OCI registries, most public Helm Charts are in the Repository styled format. This can become a real pain if you work with OCI registries and 3rd party public Helm Charts. In my lightning talk, I present a tool together with some enlightening workflows to transparently proxy and transform Chart Repository styled Helm Charts as OCI artifacts. Thanks to the open-source tool github.com/container-registry/helm-charts-oci-proxy, you can work with all 3rd party Helm Charts in your OCI compliant registry. Having your Helm Charts on your side opens up many opportunities and greatly increases the security posture of your organization.
Speakers
avatar for Vadim Bauer

Vadim Bauer

CNCF Harbor maintainer, 8gears Container Registry
Vadim Bauer is a Container Silverback with over a decade of experience in running containers in production. As a maintainer of the CNCF project Harbor, he focuses on extending the boundaries of OCI artifact management, adoption, and developer experience. At 8gears, Vadim helps cloud... Read More →

Monday November 6, 2023 5:45pm - 5:50pm CST
W375AB (Level 3)
  ⚡ Lightning Talks, SDLC

5:50pm CST

⚡ Lightning Talk: Empowering the Deaf and Hard of Hearing in Cloud Native and Open Source - Jon Zeolla, Seiso & Rob Koch, Slalom Build
During this session, Jon and Rob will present a new CNCF initiative that aims to create a pathway into cloud native for the deaf and hard of hearing (DHH). Diversity and inclusion foster vibrant communities where everyone contributes their unique perspectives and talents. The result: innovation that is more inclusive, higher quality, and a broader set of contributors. But when it comes to cloud native, we have yet to see universal representation of communities with disabilities. And visibility is key because, if you don't see individuals "like you" thriving in a particular field, it can be difficult to envision your own journey. This initiative aims at creating and supporting patterns and a pathway for Deaf or Hard of Hearing individuals to become active open source community members who can serve as role models, motivating a new generation of engineers to join them on this journey. Join this session to learn why these initiatives are important and what you can do to help.
Speakers
avatar for Jon Zeolla

Jon Zeolla

Co-Founder and CTO, Seiso
Jon Zeolla is the co-founder and CTO of Seiso where he is responsible for cloud native security and compliance innovation. He actively contributes to open source projects, and shapes industry standards, primarily in the areas of Zero Trust, DevSecOps, and Cloud Security. He is also... Read More →
avatar for Rob Koch

Rob Koch

Principal, Slalom
Rob Koch, AWS Hero, Principal at Slalom Build.

Monday November 6, 2023 5:50pm - 5:55pm CST
W375AB (Level 3)
  ⚡ Lightning Talks, Cloud Native Experience

5:55pm CST

⚡ Lightning Talk: From Novice to Keptn Contributor: Empowering My Journey in Cloud Native Communities - Yash Pimple
Embarking on the cloud-native journey can be both exhilarating and overwhelming for novices. Here I would like to share my transformative story of going from being a cloud-native novice to an active contributor in the Keptn community. Cloud-native communities thrive on collaboration and contributions from passionate individuals. Being an active contributor and a member of Keptn, a prominent cloud native project, I would like to explore the diverse contribution opportunities which include coding, building up documentation, fostering inclusive collaboration, and establishing your personal network. The session will delve into the power of collaboration, emphasizing the importance of inclusive practices that foster a sense of belonging and encourage individuals to contribute their unique perspectives. I will share my practical tips and advice for other cloud native enthusiasts who are looking to get involved in the community.
Speakers
YP

Yash Pimple

Contributor at Keptn, N/A
Myself Yash Pimple a Junior currently pursuing my Bachelor’s degree in India. I am presently learning DevOps and contributing to various open-source projects alongside sharing my knowledge by educating others through my learnings

Session presentation pptx
Monday November 6, 2023 5:55pm - 6:00pm CST
W375AB (Level 3)
  ⚡ Lightning Talks, Cloud Native Novice

6:00pm CST

⚡ Lightning Talk: Generative AI for Platform Engineering - Jeremy Lewi, Sailplane AI
The explosion of complexity in the Cloud Native Landscape is driving a need to create higher level abstractions and APIs. We will demo using generative AI to simplify building and consuming these abstractions. Our demo uses an LLM to automatically generate a KRM function(“client side CRD”) . Given a description of a configuration change, e.g. “change the registry of all docker images”, the agent automatically generates the Go code to make that change. We also use an LLM to turn a NL description of the transformations to be applied into KRM invocations Generative AI significantly lowers the cost of building and maintaining abstractions specific to an organization. Using AI a platform engineer can generate minimally useful code in minutes without having to learn frameworks like Kubebuilder. Platform engineers can also use AI to create human centric APIs that are easier for platform consumers.
Speakers
avatar for Jeremy Lewi

Jeremy Lewi

Software Engineer, Sailplane AI
I'm a platform engineer. I worked on Google Cloud ML Engine, the first Cloud service to offer hosted & distributed training. I also created Kubeflow, the open-source Kubernetes ML platform. Before that, I worked on YouTube Video Recommendations

Monday November 6, 2023 6:00pm - 6:05pm CST
W375AB (Level 3)
  ⚡ Lightning Talks, Platform Engineering

6:05pm CST

⚡ Lightning Talk: Open Source, Kubernetes & CNCF from the Eyes of a Designer - Gaby Moreno Cesar, IBM
This isn’t a talk about how to contribute to open source as a designer (although I’ll mention some of that as well!) but it’s a story of how an aspiring open source contributor found a community in Kubernetes and CNCF. Since attending my first KubeCon+CloudNativeCon in Seattle back in 2018, I’ve been a firsthand witness to the wealth of contribution opportunities for people (and bots) of all skills and backgrounds. As a former Co-Chair of SIG Usability and contributor to its charter, I’ve spent the past 3 years contributing to many facets of Kubernetes, from leading user research, hosting meetings, contributing blog content, and mentoring other first time contributors. This talk aims to share a little bit of my story in the hopes that it might inspire those who have been wanting to take their first steps into open source.
Speakers
avatar for Gaby Moreno Cesar

Gaby Moreno Cesar

Design Principal, IBM
Gaby is a Design Principal at IBM working on Cloud Native & Distributed Solutions. As an artist turned computer scientist turned designer, she has spent her career designing tools for enterprise IT teams. Her recent work includes managed versions of Kubernetes, OpenShift, and Terraform... Read More →

Monday November 6, 2023 6:05pm - 6:10pm CST
W375AB (Level 3)
  ⚡ Lightning Talks, Cloud Native Experience

6:10pm CST

⚡ Lightning Talk: Simple Things with Silly Names - Matthias Bertschy, ARMO
Cyber Kill Chain? ATT&CK Framework, with an ampersand? Why does cloud security have so many crazy-sounding terms ? What do they actually mean to you, a developer who just wants to run software on the internet without becoming the next cautionary? What’s the minimum you have to know to be able to cope as a developer or DevOps engineer? There’s a lot of content out there targeted at a CTO, or a CISO, whatever that is. What do you do if you don’t have one of those? Watch this talk, and you’ll be half way there.
Speakers
avatar for Matthias Bertschy

Matthias Bertschy

Senior Kubernetes Developer, ARMO
I am a Senior Kubernetes Developer at ARMO and a maintainer of Kubescape, the open-source Kubernetes security platform. I started my career in 2005 as a System Administrator. In 2011 I joined a leading security solution provider in Switzerland to become a Security System Engineer... Read More →

Monday November 6, 2023 6:10pm - 6:15pm CST
W375AB (Level 3)
  ⚡ Lightning Talks, Security

6:15pm CST

⚡ Lightning Talk: Why Service Is the Worst API in Kubernetes, and What We’re Doing About It - Tim Hockin, Google
The Kubernetes Service API is terrible! It’s one of the oldest APIs in Kubernetes, and it’s really showing its age. The concept is good, but the API has many problems which can’t be solved without breaking compatibility. The Service API is a great example of how NOT to design an API. This lighting talk will give a whirlwind tour of the ways this over-burdened API falls short, the real problems it is now struggling to solve, and how we are planning / hoping to address them with new, better APIs like Gateway.
Speakers
avatar for Tim Hockin

Tim Hockin

Distinguished Engineer, Google
Tim has spent most of his career at Google, where he works on Kubernetes and Google Kubernetes Engine (GKE). He is one of the technical leads of the Kubernetes project, and has been part of it since before it was publicly announced. He mostly pays attention to topics like APIs, networking... Read More →

Monday November 6, 2023 6:15pm - 6:20pm CST
W375AB (Level 3)
  ⚡ Lightning Talks, Cloud Native Experience

7:00pm CST

Cloud Native Gangster’s Speakeasy Hosted by Solo.io, Snyk and Teleport - SOLD OUT
Come Drop it like it's F. Scott with Solo.io, Snyk, and Teleport at our Cloud Native Gangster’s Speakeasy! Join us for cocktails, savory cuisine, networking and entertainment to kick off Kubecon+CloudNativeCon North America 2023 like it's 1923! Bring lady luck as your plus one and try your hand at one of our casino tables. Step back in time and party like Capone just steps from the convention center! For more information click here.

Please note that this is an off-site Sponsor-hosted Co-located event.

For questions regarding this event, please contact: events@solo.io

Monday November 6, 2023 7:00pm - 10:00pm CST
Mae District 19 East 21st Street, Chicago, IL 60616
  Sponsor-hosted Co-located Events

7:00pm CST

Happy Hour at FatPour Tap Works Hosted by Harness - SOLD OUT
Join Harness at Fatpour Tap Works McCormick from 7pm to 9pm for a Happy Hour co-located with KubeCon + CloudNativeCon North America! Located in the Hilton Garden Inn Chicago McCormick Place, Fatpour is a bi-level brewpub named for its 22-ounce pours, with a 200-plus beer list, as well as a full bar for non-beer drinkers, and lots of TVs. Fatpour is the largest beer venue in the South Loop! Harness has rented out the top floor and will be providing drinks and light snacks for all attendees!

Please register, by adding on to your KubeCon + CloudNativeCon registration, today to secure your spot! We look forward to seeing you there!

Please note that this is an off-site Sponsor-hosted Co-located event.
For questions regarding this event, please contact: kari.reynosa@harness.io


Monday November 6, 2023 7:00pm - 10:00pm CST
Fatpour Tap Works 2206 S Indiana Ave, Chicago, IL 60616
  Sponsor-hosted Co-located Events

7:30pm CST

House of Kube Hosted by Humanitec
Can't wait to meet you in person and burn up the dance floor at the House of Kube a.k.a. the hottest party in cloud native. Join fellow platform practitioners and cloud pioneers for the party by the platform engineering community.

Build real connections, enjoy the best food trucks in Chicago and dance to the funkiest techno beats.

Please note that this is an off-site Sponsor-hosted Co-located event.


For questions regarding this event, please contact: mariya.skalka@humanitec.com

https://www.houseofkube.com/


Monday November 6, 2023 7:30pm - Tuesday November 7, 2023 1:00am CST
salonlb. 1010 W 35th St Suite 500, Chicago, IL 60609
  Sponsor-hosted Co-located Events
 
Tuesday, November 7
 

7:30am CST

Continental Breakfast
Start your mornings right with our delightful continental breakfast featuring an array of pastries, fresh fruits, aromatic coffees, and a selection of soothing teas.
Tuesday November 7, 2023 7:30am - 9:30am CST
West Center Lobby - McCormick Place (Level 3)
  Breaks

7:30am CST

Badge Pick-Up
Tuesday November 7, 2023 7:30am - 6:00pm CST
West Center Lobby - McCormick Place (Level 3)
  Badge Pick-Up

9:00am CST

Keynote: Welcome + Opening Remarks - Priyanka Sharma, Executive Director, Cloud Native Computing Foundation
Speakers
avatar for Kevin Klues

Kevin Klues

Distinguished Engineer, NVIDIA
Kevin Klues is a distinguished engineer on the NVIDIA Cloud Native team. Kevin has been involved in the design and implementation of a number of Kubernetes technologies, including the Topology Manager, the Kubernetes stack for Multi-Instance GPUs, and Dynamic Resource Allocation (DRA... Read More →
avatar for Joseph Sandoval

Joseph Sandoval

Principal Product Manager, Platform Engineering, Adobe
Joseph Sandoval is the Lead Principal Engineer on the Ethos team at Adobe, where he applies his deep operational knowledge of Open Source and Cloud Native projects. He's an upstream Kubernetes contributor, a member of six Kubernetes release teams, and a mentor to newcomers looking... Read More →
avatar for Marlow Weston

Marlow Weston

Cloud Software Architect, Intel
Marlow is a Cloud Software Architect working on resource management for Kubernetes at Intel. She also is a chair for the CNCF Environmental Sustainability TAG. Marlow has expertise in resource management, the AI/ML Kubernetes cloud compute ecosystem, embedded systems, high performance... Read More →
avatar for Priyanka Sharma

Priyanka Sharma

ED, cncf
Priyanka is the Executive Director of the Cloud Native Computing Foundation (CNCF) which serves as the vendor-neutral home for 100+ of the fastest-growing open source projects, including Kubernetes, Prometheus, and Envoy. She is also a co-creator of the Inclusive Naming Initiative... Read More →
avatar for Tim Hockin

Tim Hockin

Distinguished Engineer, Google
Tim has spent most of his career at Google, where he works on Kubernetes and Google Kubernetes Engine (GKE). He is one of the technical leads of the Kubernetes project, and has been part of it since before it was publicly announced. He mostly pays attention to topics like APIs, networking... Read More →

Tuesday November 7, 2023 9:00am - 9:20am CST
W375 (Skyline Ballroom) (Floor 3)
  Keynote Sessions

9:25am CST

Keynote: Windy City Whirlwind: Stirring Up the Cloud Native Ecosystem - Taylor Dolezal, Head of Ecosystem, Cloud Native Computing Foundation
Join us for an exciting keynote featuring Taylor Dolezal, the Head of Ecosystem at the Cloud Native Computing Foundation, as she shares the journey of the end user ecosystem in the thriving cloud native landscape. This talk will delve into the latest developments in the ecosystem and celebrate the successes of the recent Zero to Merge cohort, a testament to CNCF’s commitment to mentoring skilled contributors to open source projects.

The introduction of the End User Technical Advisory Board (TAB) is a significant step toward aligning end user perspectives with CNCF’s technical vision. Discover the synergies, insights, and roadmap shaping a diverse and innovative cloud native ecosystem. This talk is not just about technology but also about the collaborative ecosystem that is evolving around it, highlighting the collective effort of advancing the cloud native frontier.
Speakers
avatar for Taylor Dolezal

Taylor Dolezal

Head of Ecosystem, The Linux Foundation (CNCF)
I work on infrastructure tools that enable innovation. I specialize in Kubernetes, Terraform, public clouds, and distributed systems. You can also find me buried deep in a book, preparing a technical talk, or running with my partner, Hannabeth, and our two dogs.

Tuesday November 7, 2023 9:25am - 9:35am CST
W375 (Skyline Ballroom) (Floor 3)
  Keynote Sessions

9:40am CST

Keynote: Blueprint Banter: Cloud Native Conversations by the Fireside - Taylor Dolezal, Cloud Native Computing Foundation; Alolita Sharma, Apple; Mike Bowen, Blackrock; Cailyn Edwards, Shopify; Mukulika Kapas, Intuit
Get ready to join us on an enlightening journey in the heart of Chicago as we prepare for KubeCon + CloudNativeCon North America 2023. We’ll start with a warm and cozy fireside chat hosted by Taylor Dolezal, Head of Ecosystem at the Cloud Native Computing Foundation. This intimate dialogue aims to ignite the embers of innovation and community engagement that define the cloud native landscape.

During our fireside chat, we’ll delve into the real-world experiences of end users. We’ll explore the triumphs, challenges, and the ever-evolving cloud native ecosystem. This session is a tribute to the robust community spirit and a prelude to the enriching discussions at KubeCon + CloudNativeCon.
Speakers
avatar for Mukulika Kapas

Mukulika Kapas

Director of Product Management, Intuit
Mukulika Kapas is Director of Product Management at Intuit. She leads product management for development services and experiences on which all Intuit products are built and run leveraging cloud native technologies like Kubernetes, Istio, OpenTelemetry on public Cloud. She has many... Read More →
avatar for Cailyn Edwards

Cailyn Edwards

Senior Infrastructure Security Engineer, Shopify
Cailyn Edwards (she/her) is a Senior infrastructure Security Engineer at Shopify, where she spends her time paving roads, putting up guard rails and generally helping to secure the cloud. She is also an active contributor to SIG-Security and 2022 Contributor Award recipient. Her current... Read More →
avatar for Mike Bowen

Mike Bowen

Sr. Principal Engineer, Cloud Native Platform Architect, OSPO Head,, BlackRock
Mike Bowen, is a tenured BlackRock engineer and technology leader responsible for cloud-native technical and solutions architecture for the Aladdin Cloud Platform within Aladdin Engineering. This team designs, develops, and maintains the enterprise Kubernetes-based cloud-native platform.Mr... Read More →
avatar for Taylor Dolezal

Taylor Dolezal

Head of Ecosystem, The Linux Foundation (CNCF)
I work on infrastructure tools that enable innovation. I specialize in Kubernetes, Terraform, public clouds, and distributed systems. You can also find me buried deep in a book, preparing a technical talk, or running with my partner, Hannabeth, and our two dogs.
avatar for Alolita Sharma

Alolita Sharma

Head of Engineering, Apple
Alolita Sharma is a member of OpenTelemetry GC, CNCF Observability TAG co-chair and CNCF Governing Board member from Apple. She leads Apple’s AIML observability teams. She contributes to open source, open standards at OpenTelemetry, O11y Query Language standard, Unicode, W3C. She... Read More →

Tuesday November 7, 2023 9:40am - 9:50am CST
W375 (Skyline Ballroom) (Floor 3)
  Keynote Sessions

9:55am CST

Sponsored Keynote: Orchestrating Innovation: How We Keep the Music Going with API Enhancements - David Eads, Senior Principal Software Engineer, Red Hat
When collaborating on Kubernetes API enhancements there are many ways we look at core capabilities to ‘keep the music going’ and empower the workload rockstars of the greater ecosystem. At Red Hat, it is essential to maintain a steady rhythm for the ecosystem while also giving space for innovation.

We’ll take a look at:
  • the struggles we’ve seen in the past, lessons learned, and how course corrections have been made.
  • investments being made now in the API that make Kubernetes a boring/stable platform for SMB and enterprise users alike by looking at improvements to scalability, reliability, resilience and maintainability.
  • a cross sampling of areas we look at while collaborating on future API enhancements and why they are important for the community including support for AI workloads and Virtual Machines.
Speakers
avatar for David Eads

David Eads

Software Engineer, Red Hat
David Eads is a senior principal software engineer at Red Hat and co-lead for Kubernetes sig-apimachinery and TL for sig-auth.

Tuesday November 7, 2023 9:55am - 10:00am CST
W375 (Skyline Ballroom) (Floor 3)
  Keynote Sessions

10:05am CST

Keynote: Environmental Sustainability in the Cloud Is Not a Mythical Creature - Frederick Kautz, TestifySec; Rimma Iontel, Red Hat; Tammy McClellan, Microsoft; Marlow Weston, Intel; Niki Manoledaki, Grafana Labs
Moderated by Frederick Kautz

Environmental sustainability is finally taking center stage among the priorities for technology. There is growing awareness of climate change, increased emphasis on corporate responsibility, and increasing costs for not addressing these. Ultimately, the goal is Net Zero. Cloud providers and users can start tackling this with power consumption accountability, energy efficiency, GreenOps, and cost optimization techniques. Initiatives exist to monitor and address these issues, such as the Software Carbon Intensity specification, but the data is still evolving. This panel has representatives from the Green Software Foundation, CNCF Environmental Sustainability TAG, and O-RAN. We will discuss areas applicable to our representative organizations, corresponding solutions, and how these complement each other. We will discuss the specifics of workloads such as Telco, HPC, AI/ML, and generic IT workloads, and the challenges around these.
Speakers
avatar for Frederick Kautz

Frederick Kautz

Director of R&D, TestifySec
Frederick collaborates on security and networking. He is on the SPIFFE Steering Committee, focusing on providing Zero Trust Workload Identity to compute workloads and resources. Frederick co-authored Solving the Bottom Turtle. He is a co-founder of OmniBOR and maintains the reference... Read More →
avatar for Rimma Iontel

Rimma Iontel

Chief Architect, Red Hat
Rimma Iontel is a Chief Architect in Red Hat's Telecommunications, Entertainment and Media (TME) Technology, Strategy and Execution office. She is responsible for supporting Red Hat’s global ecosystem of customers and partners in Telco. Rimma has over twenty years of experience... Read More →
avatar for Marlow Weston

Marlow Weston

Cloud Software Architect, Intel
Marlow is a Cloud Software Architect working on resource management for Kubernetes at Intel. She also is a chair for the CNCF Environmental Sustainability TAG. Marlow has expertise in resource management, the AI/ML Kubernetes cloud compute ecosystem, embedded systems, high performance... Read More →
avatar for Tammy McClellan

Tammy McClellan

Senior Cloud Solution Architect, Microsoft
Chair of the Oversight Committee for Green Software Foundation (GSF). In addition, she is co-chair of the Community working group and sits on the Standards and Open-Source working groups with GSF. A Cloud Solution Architect with Microsoft living in Michigan on her Wonderful Tiny Farm... Read More →
avatar for Niki Manoledaki

Niki Manoledaki

Software Engineer, Grafana Labs
Niki Manoledaki is a Software Engineer at Grafana Labs who works with the CNCF to advocate for cloud-native environmental sustainability by contributing to the CNCF Environmental Sustainability Technical Advisory Group. She is also a Maintainer of CNCF projects such as OpenGitOps... Read More →

Tuesday November 7, 2023 10:05am - 10:20am CST
W375 (Skyline Ballroom) (Floor 3)
  Keynote Sessions

10:20am CST

Sponsored Keynote: Achieving Performance, Security, and Efficiency at Scale with Cloud Native and Open Source - Mahesh Thiagarajan, Executive Vice President of OCI Security & Developer Platform, Oracle
Oracle is embracing and utilizing open-source and cloud-native technologies, from Linux to Java to Kubernetes, to build a large-scale distributed Applications and Infrastructure cloud. Along the way, we have encountered and resolved a number of security, performance, operability, and efficiency challenges. Join Mahesh Thiagarajan at KubeCon today as he shares our experiences, insights, and announces new contributions we are making to the community.
Speakers
avatar for Mahesh Thiagarajan

Mahesh Thiagarajan

Executive Vice President of OCI Security & Developer Platform, Oracle
Mahesh Thiagarajan is the Executive Vice President of OCI Security & Developer Platform. His organization's mission is to simplify developers' lives by building truly flexible, open, and secure platform. We create distinctive products that make it easy for customers to securely operate... Read More →

Tuesday November 7, 2023 10:20am - 10:25am CST
W375 (Skyline Ballroom) (Floor 3)
  Keynote Sessions

10:25am CST

Keynote: CNCF Graduated Project Updates
Tuesday November 7, 2023 10:25am - 10:40am CST
W375 (Skyline Ballroom) (Floor 3)
  Keynote Sessions

10:40am CST

Keynote: Closing Remarks
Speakers
avatar for Frederick Kautz

Frederick Kautz

Director of R&D, TestifySec
Frederick collaborates on security and networking. He is on the SPIFFE Steering Committee, focusing on providing Zero Trust Workload Identity to compute workloads and resources. Frederick co-authored Solving the Bottom Turtle. He is a co-founder of OmniBOR and maintains the reference... Read More →
avatar for Nikhita Raghunath

Nikhita Raghunath

Staff Software Engineer at VMware, CNCF TOC Member, VMware
Nikhita is a staff software engineer at VMware and a maintainer of the Kubernetes project. She is a member of the CNCF Technical Oversight Committee and has won the CNCF Top Committer Award in 2021 for her technical contributions. She is currently the technical lead for Kubernetes... Read More →
avatar for Aparna Subramanian

Aparna Subramanian

Director of Production Engineering, Shopify
Aparna Subramanian is a technologist and cloud-native enthusiast. She started her career as a Software Engineer and has spent most part of her 18 years of experience specializing in Infrastructure and Data Platforms. She serves as co-chair of the “CNCF End User Developer Experience... Read More →

Tuesday November 7, 2023 10:40am - 10:45am CST
W375 (Skyline Ballroom) (Floor 3)
  Keynote Sessions

10:45am CST

Coffee Break ☕
Tuesday November 7, 2023 10:45am - 11:15am CST
Hall F | Level 3 | West Building
  Breaks

10:45am CST

Project Pavilion
Make sure to drop by the Project Pavilion, conveniently situated in Hall F as part of the Solutions Showcase. Here, you can connect with our dedicated project maintainers, discover more about the project, seek answers to your questions, and engage in dynamic idea exchanges.


AM/PM Shared Kiosk Hours 

AM Shift Schedule
Tuesday, November 7: 10:30 - 3:30 PM

PM Shift Schedule
Tuesday, November 7: 3:30 - 8:00 PM


See a list of participating projects here.

Tuesday November 7, 2023 10:45am - 8:00pm CST
Hall F | Level 3 | West Building
  Solutions Showcase

10:45am CST

Solutions Showcase
Visit our sponsors in the Solutions Showcase to try the latest demos, watch live presentations, talk to experts, check out job opportunities, and score some swag.

In order to facilitate networking and business relationships at the event, you may choose to visit a third party’s booth or access sponsored content. You are never required to visit third party booths or to access sponsored content. When visiting a booth or participating in sponsored activities, the third party will receive some of your registration data. This data includes your first name, last name, title, company, address, email, standard demographics questions (i.e. job function, industry), and details about the sponsored content or resources you interacted with. If you choose to interact with a booth or access sponsored content, you are explicitly consenting to receipt and use of such data by the third-party recipients, which will be subject to their own privacy policies.



Tuesday November 7, 2023 10:45am - 8:00pm CST
Hall F | Level 3 | West Building
  Solutions Showcase

11:15am CST

15,000 Minecraft Players Vs One K8s Cluster. Who Wins? - Justin Head, Super League Gaming & Cornelia Davis, Spectro Cloud
Thousands of gamers trust Super League Gaming’s bare metal Kubernetes infrastructure, whether they’re competing in a high-stakes esports league or hopping on an after-school Minecraft session on Minehut. In this talk, we’ll share the killer combo that SLG used to pull off the win, exploring: - Why SLG is all-in on bare metal — even after 3+ years running in production - How SLG handles ultra variable workloads, with a burstable hybrid infrastructure that scales from 5k to 12k concurrent Minecraft players at peak times - The keys to service availability, including DDoS protection, load balancing and observability, across more than 100 bare metal servers - The criticality of declarative management across the full infrastructure stack with Cluster API - Lessons learned from a major migration between bare metal providers, and how to decide whether to build or buy If you’re considering Kubernetes on bare metal, whether for cost or performance, this session will give you the cheat codes.
Speakers
avatar for Justin Head

Justin Head

VP, DevOps, Super League
Justin has 20+ years experience engineering infrastructure platforms and development workflows at companies such as X (Twitter), Blizzard, Obsidian Security, Palo Alto Networks, and various startups. He is currently VP, DevOps at Super League where he heads IT, infrastructure, and... Read More →
avatar for Cornelia Davis

Cornelia Davis

Technology Fellow & VP, Product, Spectro Cloud
Cornelia has spent a career in emerging tech, starting with image processing, moving to web-centric computing, and then cloud-native software and DevOps platforms. After helping to bring Cloud Foundry to the industry, she turned her attention to Kubernetes-based platforms, pushing... Read More →

15,000 Minecraft players vs. one K8s cluster SLG & SC pdf
Tuesday November 7, 2023 11:15am - 11:50am CST
W176 (Ground Level)
  Cloud Native Experience
  • Content Experience Level Any
  • Talk Type In-Person
  • Presentation Slides Attached Yes

11:15am CST

Humans of Cloud Native Panel – Finding Your Way in #TeamCloudNative - Mitch Connors, Aviatrix; Miranda Jaramillo, The Trevor Project; Bart Farrell, CNCF Ambassador; Whitney Lee, VMware
At an event like KubeCon + CloudNativeCon, surrounded by high-profile technologists who maintain the world’s biggest and most successful open source projects, it can feel intimidating to find your place and take your first steps towards contributing. It's not unusual to feel as though you’re ‘not enough’ to contribute to open source – not technical enough, not experienced enough, not smart enough.

The strongest teams are the most diverse – created from a melting pot of different experiences and backgrounds. TeamCloudNative’s success is the sum of every individual contribution, from innovative code and governance, to new stickers and fixed spelling mistakes. You’re already ‘enough’ to be here, and your contributions matter. 

Join our Humans of Cloud Native panel for a lively, stimulating, and genuine discussion about why it takes a village to build and maintain open source technologies, and how you can kiss goodbye to your nerves, dive into #TeamCloudNative, and start contributing today. 
Speakers
avatar for Bart Farrell

Bart Farrell

The Vivacious Voice of KubeFM, LearnK8s/KubeFM
Bart Farrell is a CNCF Ambassador and Freelance Content Creator, event host, and community consultant. He brings creativity and passion to everything he does, whether it's rapping about Kubernetes or producing creative videos to bring technical concepts to life. Bart engages with... Read More →
avatar for Miranda Jaramillo

Miranda Jaramillo

Software Engineer, The Trevor Project
Miranda is a passionate software engineer who discovered her love for programming while studying Physics at UNAM. After honing her skills in an advanced software engineering program in the United States, Miranda joined The Trevor Project, the leading suicide prevention and crisis... Read More →
avatar for Mitch Connors

Mitch Connors

Sr. Principal Engineer, Aviatrix
Mitch Connors is a Sr. Principal Software Engineer at Aviatrix, and serves on the Istio Technical Oversight Committee. Over the past 17 years, Mitch has worked at Google, F5 Networks, Amazon, an Industrial IoT startup, and State Farm Insurance, giving him a broad perspective on the... Read More →
avatar for Whitney Lee

Whitney Lee

Staff Technical Advocate, VMware
Whitney is a lovable goofball and a CNCF Ambassador who enjoys understanding and using tools in the cloud native landscape. Creative and driven, Whitney recently pivoted from an art-related career to one in tech. Last fall at KubeCon, Whitney co-presented a silly-yet-informative keynote... Read More →

Tuesday November 7, 2023 11:15am - 11:50am CST
W184 (Ground Level)
  Cloud Native Experience

11:15am CST

Journey Through Time: Understanding Etcd Revisions and Resource Versions in Kubernetes - Priyanka Saggu, SUSE
Are you curious about Kubernetes' time travel and version tracking? Wondering about the relationship between etcd "Revisions" and Kubernetes "Resource Versions"? If so, this talk is for you! In this session, you will gain insights into the significance of etcd Revisions within Kubernetes. These Revisions act as historical snapshots of object states in the key-value store and play a crucial role in change tracking, versioning, conflict resolution, and maintaining data integrity within the cluster. The talk will explore these snapshots (aka Revisions) to trace evolution of the cluster, ensure data integrity, and analyze previous object states for debugging purposes. To provide practical experience, the talk will provide hands-on demonstrations, including an in-depth exploration of the etcd data storage model with a specific focus on Revisions. Followed by establishing the correlation between etcd Revisions & Resource Versions in Kubernetes.
Speakers
avatar for Priyanka Saggu

Priyanka Saggu

Kubernetes Integration Engineer, SUSE
Priyanka Saggu, a Kubernetes Engineer at SUSE, has made significant contributions to Kubernetes project via Release, Testing, ContribEx, and CLI SIGs. She's the Release Lead for the ongoing Kubernetes v1.29 release cycle, Technical Lead for the Kubernetes's project SIG - ContribEx... Read More →

psaggu etcd revisisons KubeConNA23 pdf
Tuesday November 7, 2023 11:15am - 11:50am CST
W181 (Ground Level)
  Cloud Native Novice

11:15am CST

10 Years of Keycloak - What's Next for Cloud-Native Authentication and OIDC? - Alexander Schwartz, Red Hat & Takashi Norimatsu, Hitachi, Ltd.
More than 10 years ago the Keycloak maintainers committed the first code to their repository. In the following years Keycloak built a growing community offering a flexible Open Source solution for authentication based on OpenID Connect (OIDC), SAML and with integrations into the classic enterprise. The ecosystem of OIDC and customer demands have evolved over the years, and so has Keycloak. After presenting some of the highlights of the latest Keycloak release, this talk focuses on the latest advancements in OIDC like DPoP, OIDC4IDA and FAPI 2.0, as well as Keycloak’s pursuit for scalability, high availability and a great user experience. We’ll also present the work-in-progress topics in a demo.
Speakers
avatar for Alexander Schwartz

Alexander Schwartz

Principal Software Engineer, Red Hat
Alexander Schwartz is a Principal Software Engineer at Red Hat working on the Keycloak team. At work and in his spare time he codes for Open Source projects. In a previous job he worked as a software architect and IT consultant. At conferences and at user groups he talks about JavaScript... Read More →
avatar for Takashi Norimatsu

Takashi Norimatsu

Senior OSS Specialist, Hitachi, Ltd.
Takashi Norimatsu, Senior OSS Specialist, Hitachi, Ltd. is a maintainer of Keycloak. He has been implemented and contributed secuirty features like Financial-grade API (FAPI) security profiles, W3C Web Authentication (WebAuthn) API support. He leads Keycloak's community "OAuth SIG... Read More →

(FINAL)KubeConNA2023 Chicago pdf
10 Years of Keycloak What's Next for Cloud Native Authentication and OIDC KubeCon Chicago 2023 v1.0 pdf
Tuesday November 7, 2023 11:15am - 11:50am CST
W187 (Ground Level)
  Maintainer Track, Keycloak

11:15am CST

All You Need to Know About Prometheus in 2023: Decade of Monitoring - Julien Pivotto, O11y & Ben Kochie, Reddit
Prometheus is a popular open-source monitoring system many organizations use to reliably collect, analyze and alert on metrics from their systems and applications. However, no need to feel FOMO if you have yet to learn about Prometheus! Join this talk to learn the basics, essential features and best practices from long-time maintainers: Julien & Bartek. What if you are a true Prometheus legend solving advanced use cases? That's great too! After over a decade of innovating in the open, the Prometheus community still delivers new features, integrations and optimizations. In this talk, you will learn what's new and shiny: how to reshape your instrumentation with exemplars and new histograms, improve the accuracy of your counters, integrate with other systems, e.g. OpenTelemetry and much more. We'll finish with contribution tips--there is still a lot we can improve together 💪🏽 See you!
Speakers
avatar for Ben Kochie

Ben Kochie

Contributor, Prometheus Team
avatar for Julien Pivotto

Julien Pivotto

Prometheus Maintainer, O11y
Julien Pivotto is a prominent figure in the world of open-source monitoring and alerting. As a maintainer of Prometheus, he has made significant contributions to the development and advancement of this powerful tool. Additionally, he is the co-founder of O11y, a company that specializes... Read More →

Tuesday November 7, 2023 11:15am - 11:50am CST
W190 (Ground Level)
  Maintainer Track, Prometheus

11:15am CST

CNCF Environmental Sustainability TAG Updates and Information - Marlow Weston, Intel & Niki Manoledaki, Grafana Labs
As companies feel the heat from regulations and power costs, Environmental Sustainability is an increasingly important area of focus. We will summarize some of the projects who have given demonstrations during our meetings. We will reveal the latest efforts and initiatives with the CNCF Environmental Sustainability TAG, including our current working groups and collaborations with other organizations. Furthermore, we will talk about how the TAG reviews successively CNCF projects to report and improve their sustainability footprint. In the end, we will highlight some of the outstanding people who make all of this work possible.
Speakers
avatar for Marlow Weston

Marlow Weston

Cloud Software Architect, Intel
Marlow is a Cloud Software Architect working on resource management for Kubernetes at Intel. She also is a chair for the CNCF Environmental Sustainability TAG. Marlow has expertise in resource management, the AI/ML Kubernetes cloud compute ecosystem, embedded systems, high performance... Read More →
avatar for Niki Manoledaki

Niki Manoledaki

Software Engineer, Grafana Labs
Niki Manoledaki is a Software Engineer at Grafana Labs who works with the CNCF to advocate for cloud-native environmental sustainability by contributing to the CNCF Environmental Sustainability Technical Advisory Group. She is also a Maintainer of CNCF projects such as OpenGitOps... Read More →

TAG ENV update KubeCon + CloudNativeCon North America 2023 Optional PowerPoint.pptx pdf
Tuesday November 7, 2023 11:15am - 11:50am CST
W196AB
  Maintainer Track, Environmental Sustainability

11:15am CST

From Māori to Deaf Engineers, Welcoming all Contributors - Jay Tihema, ii.nz; Catherine Paganini, Buoyant; Jay Jackson, TotalCX; Destiny O'Connor, Independent
Every project in our community is looking for more contributors. One way to get them is to "make your project welcoming," and to as broad an audience of potential contributors as possible. But what's "being welcoming" really, and how do you open your project to folks very different from you? This session will introduce you to perspectives, methods, and ideas to increase your contributor base. We'll share perspectives from TAG Contributor Strategy's Deaf and Hard of Hearing and its Maori initiatives. It will also cover basics like contributor guides and "do and don't" tips around being welcoming. Whether project leaders, contributors, or supporting sponsors, attendees will learn ways to remove barriers to entry and enable contribution.
Speakers
avatar for Catherine Paganini

Catherine Paganini

Head of Marketing & Community, Buoyant
Catherine Paganini is co-chair of the TAG Contributor Strategy, a founding member of the Deaf and Hard of Hearing WG, co-creator of the Cloud Native Glossary, and Head of Marketing at Buoyant, the creator of Linkerd. A marketing leader passionate about open source, Catherine started... Read More →
avatar for Jay Tihema

Jay Tihema

Community Manager, ii.nz
Jay works as a Community Manager for NZ-based company ii.nz and is Co-Chair of the Mentoring WG under TAG Contributor Strategy. In collaboration with education, industry, local government and community collectives, Jay creates various growth opportunities as part of developing equitable... Read More →
avatar for Destiny O'Connor

Destiny O'Connor

Web Developer and co-chair of Deaf and Hard of Hearing WG, Self Employed
A deaf web developer and Co-Chair of the CNCF Deaf and Hard of Hearing Working Group. Passionate about improving accessibility for deaf and hard of hearing individuals, and It my mission to educate the community about what it means to be deaf in tech and how to be more inclusive... Read More →
JJ

Tuesday November 7, 2023 11:15am - 11:50am CST
W194 (Ground Level)
  Maintainer Track, Contributor Strategy

11:15am CST

SIG Security: Unravelling the Kubernetes Security Audit Together - Rey Lejano, SUSE; Savitha Raghunathan, Red Hat; Ala Dewberry, VMware; Pushkar Joglekar, Independent
SIG Security takes a community-building approach to improving Kubernetes security, both for the project itself and for our end users. Join organizers Ala, Pushkar, Rey, and Savitha for an overview of SIG Security and timely updates from our Documentation, Self-assessments, and Tooling subprojects. You'll learn what's been going on, what’s next, and how you could join in. Our Third-party Security Audit subproject will be a special focus. With 111 new Stable enhancements, Kubernetes has really matured since the previous audit in 2019! It takes teamwork to coordinate such a big audit, and we will share that process including the CFP, the audit itself, and internal review with the Security Response Committee. We will also share the vulnerabilities and recommended mitigations uncovered by the April 2023 audit. SIG Security has something to learn and contribute for every experience level, from beginner to expert. We hope to see you there!
Speakers
avatar for Savitha Raghunathan

Savitha Raghunathan

Senior Software Engineer, Red Hat
Savitha Raghunathan is a Senior Software Engineer at Red Hat, working on Migration and App Modernization technologies. She leads K8s sig-security-docs sub-project aiming to create security awareness through docs. As a Konveyor Maintainer, she leads the community engagement efforts... Read More →
avatar for Rey Lejano

Rey Lejano

Cloud Native Solution Architect, SUSE
Rey Lejano is a Field Engineer at SUSE by way of Rancher Labs and is the co-chair of Kubernetes SIG Docs. Rey contributes to various Kubernetes Special Interest Groups such as Contributor Experience, Docs, Release, and Security. He is a member of seven Kubernetes Release Teams including... Read More →
avatar for Pushkar Joglekar

Pushkar Joglekar

Cloud Native Security Engineer, Independent
Pushkar Joglekar wears multiple hats in the community as: CNCF Security - TAG Co-Chair & Kubernetes SIG Security Tooling Sub-Project Lead to “Make Kubernetes Secure For All”. Since 2019, he feels incredibly fortunate to have written the security chapters in Nigel Poulton’s “The... Read More →
avatar for Ala Dewberry

Ala Dewberry

Product Line Manager, VMware
Ala is a Product Line Manager in the Office of the CTO at VMware, working at the intersection of edge computing infrastructure, security, and modern applications. She has worked in a variety of roles and industries. Before joining VMware, she headed up engineering operations and program... Read More →

SIG Security Unravelling the Kubernetes Security Audit Together pptx
Tuesday November 7, 2023 11:15am - 11:50am CST
W196C (Ground Level)
  Maintainer Track, Security

11:15am CST

What's New in SIG-Windows - Mark Rossetti, Microsoft & Aravindh Puthiyaparambil, Red Hat
In this maintainer track talk we'll cover what is new with SIG-Windows and will provide updates on our ongoing projects such as WindowsServiceProxy / KPNG support, NodeLogQuery, Windows support for various node features, and more. For this talk we will also highlight many of the recent contributions from new contributors, highlight opportunities for new contibutors, and answer any questions related to getting started with new contributions!
Speakers
avatar for Aravindh Puthiyaparambil

Aravindh Puthiyaparambil

OpenShift Staff Engineer, Red Hat
Aravindh is an OpenShift Staff Engineer focusing on Node lifecycle and in particular Windows at Red Hat. He is also the co-chair of Kubernetes' SIG-Windows. In the past he has worked on CPU and memory virtualization for hypervisors .
avatar for Mark Rossetti

Mark Rossetti

Principal Software Engineer, Microsoft
Mark Rossetti is a software engineering focusing on open-source projects at Microsoft and is also the co-chair of Kubernetes' SIG-Windows. Mark focuses on improving the experience of using Windows containers in Kubernetes. Mark has also served on the Kubernetes release team since... Read More →

KubeCon + CloudNativeCon North America 2023 SIG Windows pdf
Tuesday November 7, 2023 11:15am - 11:50am CST
W192 (Ground Level)
  Maintainer Track, Windows

11:15am CST

The Future of Interactive Data Science at Scale with Jupyter and Kubeflow - Andrey Velichkevich & Zachary Sailer, Apple
The best data science is “human-in-the-loop” data science—blending the strengths of human and machine. As the human, your time is best spent thinking deeply about data and crafting Machine Learning (ML) models, while the machine efficiently cranks on your models. In this talk, the speakers will present a fresh paradigm—interactive data science at scale. The speakers will merge two open-source tools, Jupyter and Kubeflow to demonstrate a unique, “human-in-the-loop” AI/ML workflow. They will leverage Jupyter’s world-class interactive computing tools and Kubeflow’s innovative, cloud-native scaling technologies to develop, tune, train, and deploy massive ML models. The speakers will highlight key features in both projects that dramatically enhance and simplify the way humans do data science. Finally, they will end with demonstrating Jupyter’s new real-time collaboration experience—because two (or more) “humans-in-the-loop” are better than one.
Speakers
avatar for Andrey Velichkevich

Andrey Velichkevich

Senior Software Engineer, Apple
Andrey Velichkevich is a Senior Software Engineer at Apple and is a major contributor to the Kubeflow open-source project. He is a co-chair for the AutoML and Training working groups. Andrey hosts Kubeflow community meetings for the AutoML and Training working group, organises community... Read More →
avatar for Zachary Sailer

Zachary Sailer

Apple
Zach Sailer is an Senior Software Engineer at Apple and a member of Jupyter's Software Steering Council. He's been a core contributor to Jupyter's open-source community (and one its earliest developers) for over a decade. Fun fact: Zach spent his graduate days in an evolutionary biophysics... Read More →

The Future of Interactive Data Science at Scale with Jupyter and Kubeflow pdf
Tuesday November 7, 2023 11:15am - 11:50am CST
W185 (Ground Level)
  ML/AI + Data Processing + Storage
  • Content Experience Level Any
  • Talk Type In-Person
  • Presentation Slides Attached Yes

11:15am CST

Multi-Network, New Level of Cluster Multi-Tenancy - Maciej Skrocki, Google & Doug Smith, Red Hat, Inc.
When it comes to the topic of multi-network, Kubernetes has historically taken a very hands-off approach. Rather than tackling the problem, it was left for the ecosystem to solve. Today, we seek to make Kubernetes' support for multi-network easier, more complete, and in-tree. Maciej and Doug will introduce you to the Kubernetes PodNetwork construct. It will enable explicit segmentation of traffic at the Pod level, allowing definition and use of multiple networks, logical or physical, which coexist in one cluster and enable integration with existing Kubernetes concepts like Services. These features are required for telecom and high-performance computing use-cases, especially for isolation, performance, and security – and interest grows more broadly for multi-tenancy, and separation of networks by Namespace. Together we’ll explore architecture and API changes for Pod interfaces as Kubernetes elements. We invite you to participate in unifying advanced networking technology in Kubernetes.
Speakers
avatar for Doug Smith

Doug Smith

Prinicipal Software Engineer, Red Hat, Inc.
Doug Smith is a Principal Software Engineer for OpenShift Engineering at Red Hat. Focusing on Network Function Virtualization and container technologies, Doug integrates new networking technologies with container systems like Kubernetes and OpenShift. He is a member of the Network... Read More →
avatar for Maciej Skrocki

Maciej Skrocki

Software engineer, Google
Software engineer in GKE networking.

Kubecon NA 2023 Multitenancy for everyone pdf
Tuesday November 7, 2023 11:15am - 11:50am CST
W178 (Ground Level)
  Networking + Edge + Telco

11:15am CST

A Practical Guide to Debugging Browser Performance with OpenTelemetry - Purvi Kanal, Honeycomb
So you’ve taken a look at the web vitals for your site and it’s… not looking good. You’re overwhelmed, and you don’t know what change to make because everything seems like too big of a project to make a real difference. There are so many measurements to keep track of and the standards cited seem even scarier. This is extremely normal, web performance standards can feel impossible to meet for a lot of us. In this talk we’ll dig into how to instrument browser apps to measure performance, because we can't improve what we can’t measure! We’ll learn how to instrument with OpenTelemetry and how to make sense of that data. We’ll cover current best practices for what to have in your browser observability toolkit, and how to set a performance baseline to work towards a good modern web experience.
Speakers
avatar for Purvi Kanal

Purvi Kanal

Senior Software Engineer, Honeycomb
Purvi Kanal is a Senior Software Engineer at Honeycomb where she works on several open source projects. She is an approver for OpenTelemetry JavaScript with an interest in frontend observability. She has worked across the stack, making web and mobile apps in several languages with... Read More →

Kubecon Web Perf Talk 1 pdf
Tuesday November 7, 2023 11:15am - 11:50am CST
W180 (Ground Level)
  Observability
  • Content Experience Level Any
  • Talk Type In-Person
  • Presentation Slides Attached Yes

11:15am CST

Deploying Kubernetes in Classified Environments - Vlad Ungureanu & Ali Monfre, Palantir Technologies
Since its inception, Palantir has partnered with the Department of Defense, the Intelligence Community, and allied governments to support their most critical missions. Usually, this translates to deploying our software stack on classified networks and environments, which have very strict and wide-ranging constraints. To adhere to these constraints while simultaneously ensuring a continued ability to deliver modern technology on a cadence that enables mission-critical outcomes, Palantir has increasingly leveraged and deployed Kubernetes and CNCF technologies. In this talk, Vlad and Ali will present an overview of how companies should approach classified environments, and share guidelines describing the top principles to keep in mind when deploying software to these networks. They will discuss the approach Palantir has taken, how it has evolved over time, and decisions made which enabled significant scale and modern software deployment in the government's most secure environments.
Speakers
avatar for Ali Monfre

Ali Monfre

Senior Architect, Federal, Palantir Technologies
Ali Monfre is a Senior Architect, Federal at Palantir Technologies. Since joining Palantir in 2016, Ali has led technical strategy and growth across both Palantir’s Civilian Government and Department of Defense sectors, including Palantir’s efforts to become FedRAMP, IL5, and... Read More →
avatar for Vlad Ungureanu

Vlad Ungureanu

Engineering Lead, Production Infrastructure, Palantir Technologies
Vlad Ungureanu is an Engineering Lead within Palantir's Production Infrastructure organization. He is responsible for Palantir's strategy and execution regarding deployment of Kubernetes in all environments in which Palantir operates: commercial cloud, classified cloud, on-premises... Read More →

Deploying Kubernetes in Classified Environments pdf
Tuesday November 7, 2023 11:15am - 11:50am CST
W179 (Ground Level)
  Operations + Performance

11:15am CST

Back to the Future: Managing Trust in a Cloud-Native Environment - Eli Nesterov, SPIRL
Are we stuck in the past, managing trust anchors in cloud-native infrastructure like 30 years ago? Ever wondered how many expired and compromised WebPKI are in your containers? If Let's Encrypt is compromised tomorrow, how long will it take to discover all images you need to update, and how long will it take? Do you need a data scientist team to determine which CAs to trust? This session takes a deep dive into the history of trust anchor distribution, from browsers to OS and mobile devices, challenging the application of age-old techniques in our modern, cloud-native environments. We'll explore various existing solutions and question their efficiency and speed. Pivoting towards the promise of automation, we'll examine the potential for SPIFFE and its ability to revolutionize trust anchor management in the cloud-native ecosystem. This journey concludes with a live demo showcasing an innovative extension of the WorkloadAPI. Intrigued? Let's rethink trust management together.
Speakers
avatar for Eli Nesterov

Eli Nesterov

co-founder, SPIRL
Eli Nesterov is a co-founder at SPIRL. He spent years in security research and engineering, building and scaling security products at TikTok, Facebook, ShapeSecurity, and F5 Networks. He built the world's largest SPIFFE/SPIRE deployment with over 1M nodes. Eli shares his knowledge... Read More →

Back to the Future Managing Trust in a Cloud Native Environment pdf
Tuesday November 7, 2023 11:15am - 11:50am CST
W175 (Ground Level)
  Platform Engineering

11:15am CST

Tutorial: Building Cloud-Native Applications Using WebAssembly and Containers - Mikkel Mørk Hegnhøj & Melissa Klein, Fermyon; Ralph Squillace, Microsoft
This tutorial will help you get started with WebAssembly (Wasm) on Kubernetes. We will start off the tutorial by introducing you to Wasm and its system interface (i.e., WASI), and how they work together with the underlying operating system. Then, we will move to hands-on exercises to help you write your very first Wasm service that can, serve HTTP/gRPC requests, persist data to key-value/blob stores, or react to event streams using pub/sub. What's more, these Wasm applications can be authored in multiple programming languages and frameworks, so its content and business logic can be extended to whatever you are most comfortable writing in. All in all, after building applications to Wasm, we will show how to package Wasm components to containers, and, lastly, we will deploy our work to environments like on-prem, cloud, and hybrid cloud using Kubernetes. Overall, you will leave the room having learned the pros and cons of using Wasm and how to build production-ready Wasm applications.
Speakers
avatar for Ralph Squillace

Ralph Squillace

Principal Product Manager, Microsoft
Professionally trained in history; don't tell him, because he's professionally suffered in distributed applications for the past 20 years or so. A veteran of OSS wars inside the megacorp, he's thrived as the world changed. He runs Ubuntu at work, except for those times when he does... Read More →
avatar for Melissa Klein

Melissa Klein

Open Source Program Manager, Fermyon
Melissa Klein is the open source program manager at Fermyon. She started her career as a Java developer and fell in love with open source while building J2EE applications. She moved into open source program management and has been guiding development teams on their open source journey... Read More →
avatar for Mikkel Mork Hegnhoj

Mikkel Mork Hegnhoj

Head of Product and DevRel, Fermyon
Mikkel Mørk Hegnhøj is the head of product and developer relationship at Fermyon. He has a long background in product management, customer success, and developer engagement at Microsoft, working on products such as Service Fabric, Azure Kubernetes Services, Azure Container Instances... Read More →

Tutorial KubeCon NA 23 pdf
Tuesday November 7, 2023 11:15am - 12:45pm CST
W183 (Ground Level)
  Tutorials, Emerging + Advanced

11:15am CST

🚨 Contribfest: Accelerate New Features and Learn to Contribute Alongside the Crossplane Maintainer Team - Jared Watts & Nic Cope, Upbound
In this session, the Crossplane maintainer team be focusing on a few exciting hands-on activities together - we will walk through a contributor enablement session to help you get a development environment set up and ready to contribute to the project, and we will also walk through using some of the latest features in Crossplane to expedite your adoption of them, as well as discuss your important feedback to help continue maturing them.
Speakers
avatar for Jared Watts

Jared Watts

Founding Engineer, Upbound
Jared Watts is a Founding Engineer at Upbound, where he is working on advancing cloud-native computing by enabling anyone to build their own cloud platform. He is also a co-creator of the open source Crossplane (https://crossplane.io) and Rook (https://rook.io) projects. Prior to... Read More →
avatar for Nic Cope

Nic Cope

Senior Principal Software Engineer, Upbound
Nic Cope is a senior principal engineer at Upbound, founders of the Rook and Crossplane CNCF projects. Before joining Upbound to help build Crossplane, Nic spent a decade in SRE and platform engineering teams at companies large and small, including Google, Spotify, and Planet Labs... Read More →

Kubecon NA 2023 Crossplane Contribfest pdf
Tuesday November 7, 2023 11:15am - 12:45pm CST
W186 (Ground Level)
  🚨 ContribFest

12:10pm CST

A Practical Guide to eBPF Licensing: Or How I Learned to Stop Worrying and Love the GPL - Jef Spaleta & Bill Mulligan, Isovalent
While there is a wide appreciation of the power of eBPF as used across the CNCF project landscape, there are some misconceptions in the ecosystem about when eBPF programs need to be licensed under the GPL and how that impacts licensing compliance. eBPF is a unique technology inside the cloud native landscape, making it possible for projects, like Cilium, Falco, and Pixie, to extend Linux kernel functionality from userspace. Seeing GPL licensed code may give some licensing compliance teams pause because eBPF is unfamiliar to them - but it shouldn’t. This talk provides context around why the GPL licensed eBPF code exists and isn't a licensing hazard for the rest of the project. If you are a contributor to a project already using eBPF or looking to add it, or you're unfamiliar with why eBPF licensing is so exceptional, come to this session and learn some practical strategies for eBPF licensing and you’ll hopefully learn to stop worrying and love the GPL.
Speakers
avatar for Bill Mulligan

Bill Mulligan

Community Pollinator, Isovalent
Bill Mulligan is a cloud native pollinator and community builder. He has given talks and written articles about building the business case for cloud native. While at CNCF he restarted the Kubernetes Community Day program and worked to grow the student community. He is currently at... Read More →
avatar for Jef Spaleta

Jef Spaleta

Technical Community Advocate, Isovalent
Jef Spaleta has more than a decade of experience in the technology industry; as software engineer, open source contributor, IoT hardware developer, operations, and most recently as a community advocate at Isovalent.

A Practical Guide to eBPF Project Licensing pdf
Tuesday November 7, 2023 12:10pm - 12:45pm CST
W176 (Ground Level)
  Cloud Native Experience
  • Content Experience Level Any
  • Talk Type In-Person
  • Presentation Slides Attached Yes

12:10pm CST

It’s Never Too Late for PKI Fundamentals: Building a Mental Model - Jackie Elliott, Microsoft
Mental models are challenging to build. Building a mental model of certificates and identity in the context of the cloud native ecosystem is daunting. In this talk, we will build the fundamentals you need to start on your journey of building your own mental model of a PKI. If you find yourself asking, “How is a certificate chain built?”, “What is a certificate authority?”, “What role does a certificate play in verifying identity?”, etc. when looking at Cloud Native technologies or PKIs, then this talk is for you. You will leave this presentation with a solid foundation of identity concepts and workflows, an understanding of some of the identity-based technologies at play in the cloud native ecosystem, and an awareness of hot security topics like secure supply chains and zero-trust environments.
Speakers
avatar for Jackie Elliott

Jackie Elliott

Software Engineer, Microsoft
Software engineer at Microsoft. Member of the Azure Container Upstream team, former maintainer of the Open Service Mesh project, and Istio contributor. Focuses on certificate management and identity.

KubeCon + CloudNativeCon PKI Fundamentals pdf
Tuesday November 7, 2023 12:10pm - 12:45pm CST
W181 (Ground Level)
  Cloud Native Novice

12:10pm CST

All Things in-Toto: Supply Chain Attestations, Policies and Adoption Stories, Oh My! - Santiago Torres-Arias, Purdue University & Marcela Melara, Intel Corporation
in-toto is a widely-deployed CNCF project for software supply chain security which allows you to generate and verify information such as SBOMs, vulnerability scans, and more through the use of "attestations". This talk presents a brief introduction to in-toto, and community updates on new attestation formats for supply chain contexts like code reviews and test results. We will discuss the v1.0 release of the specification, the new governance, and introduce new mechanisms for specifying policies on attestations. In addition, we will showcase how companies like GitHub, Docker, and NPM use in-toto to highlight the security and compliance requirements in-toto enables vendors like them to meet. Finally, the talk will show a demo of Supply Chain Attribute Integrity (SCAI), an attestation format for capturing attributes and evidence in a number of key use cases, including secure boot attestations for build system integrity, and other evidence artifacts needed for supply chain compliance.
Speakers
avatar for Marcela Melara

Marcela Melara

Research Scientist, Intel Corporation
Marcela Melara is a research scientist in the Security and Privacy Group at Intel Labs. Her current work focuses on solutions for high-integrity software supply chains and trustworthy distributed systems. She leads a number of internal, open-source and academic efforts on supply chain... Read More →
avatar for Santiago Torres-Arias

Santiago Torres-Arias

Assistant Professor, Purdue University
Santiago is an Assistant Professor at Purdue ECE. His interests include binary analysis, cryptography, distributed systems security. His current research focuses on securing the software development lifecycle, cloud security, and update systems. Santiago is a member of the Arch Linux... Read More →

in toto@kccnc2023 pdf
Tuesday November 7, 2023 12:10pm - 12:45pm CST
W187 (Ground Level)
  Maintainer Track, in-toto

12:10pm CST

API Machinery Dual Maintainer Track - Federico Bongiovanni & Leila Jalali, Google; Stefan Schimanski, Upbound
We will have 2 - topic session:
  • The first half: Introduction & SIG Overview
  • The second half: 🅐 Generic Control Planes 🅑 Ratcheting CRD Validation
Join us for an informative talk! In the first half of the presentation, you'll delve into the world of API Machinery, gaining valuable insights into the opportunities available to you to start your contributions to our projects. Then, we learn more about Generic Control Planes and Ratcheting CRD Validation.

Introduction & SIG Overview  (Leila Jalali)
Leila will cover a comprehensive overview about the SIG:
  • Where are we on the journey?
  • Introduction & SIG Overview
  • What do we own?
  • Why is it so important and complex?
  • Roadmap

Generic API Server Roadmap (Stefan Schimanski)
Stefan will highlight developments in Sig-API-Machinery that fly under the radar of big new feature work in Kubernetes, but that will have an impact on how the ecosystem is building Kubernetes extensions. In particular, generic control planes will be discussed and automatic and explicit ratcheting validation. The latter will make CRD schema evolution dramatically easier, and everybody shipping CRDs should know about what's coming.

Speakers
avatar for Stefan Schimanski

Stefan Schimanski

Senior Principal Software Engineer, Upbound
Stefan is a Senior Principal Engineer at Upbound working on Kubernetes-based control plane technology. He contributed a major part of the CustomResourceDefinition features to Kubernetes, lead-architected kcp and is among the top 10 contributors to Kubernetes. Before Upbound he worked... Read More →
avatar for Federico Bongiovanni

Federico Bongiovanni

Senior Engineering Manager / Co-chair SIG API Machinery, Google
Engineering Manager who is passionate about people development and growth, building diverse and inclusive teams, and solving large scale technical challenges. With a large technical background in development, cloud computing at scale, building and running successful teams, and operating... Read More →
avatar for Leila Jalali

Leila Jalali

Engineering Manager, Google
Leila works as an Engineering Manager at Google and is actively involve in the Kubernetes community. Leila is particularly enthusiastic about collaboration, aiming to nurture individuals' growth and build inclusive teams to tackle customer challenges. She holds a Ph.D. in data management... Read More →

SIG API Machinery KubeCon 2023 pptx
SIG API Machinery KubeCon 2023 pdf
Tuesday November 7, 2023 12:10pm - 12:45pm CST
W190 (Ground Level)
  Maintainer Track, Kubernetes

12:10pm CST

Cloud Native Storage:the CNCF Storage TAG, Projects, Technology & Landscape - Raffaele Spazzoli, Red Hat & Alex Chircop, Akamai
This talk will introduce the CNCF Storage TAG and discuss how the TAG operates, how we work with CNCF Storage projects, and the work we have done to build guidance and write whitepapers for the ecosystem. During this session we will cover an overview of storage projects in the CNCF, including the broader ecosystem, as well as projects that are currently being reviewed. We will also share updates of our latest work including the CNCF Storage Whitepaper, Performance and Benchmarking whitepaper, Cloud Native Disaster Recovery whitepaper, and the Data on Kubernetes whitepaper. Join us to find out how to contribute and participate in the CNCF storage community and discover practical guidance on how to use cloud native storage in your environments.
Speakers
avatar for Alex Chircop

Alex Chircop

Chief Product Architect, Akamai
Chief Product Architect at Akamai. Previously a founder and CTO of Ondat (formerly StorageOS), building software defined solutions for cloud native environments. Alex is also a co-chair of the CNCF Storage TAG (previously SIG). Before embarking on the startup adventure he spent over... Read More →
avatar for Raffaele Spazzoli

Raffaele Spazzoli

Senior Principal Architect, red hat
Raffaele is a full-stack enterprise architect with 20+ years of experience. Currently Raffaele covers a consulting position of cross-portfolio application architect with a focus on OpenShift. Most of his career Raffaele worked with large financial institutions allowing him to acquire... Read More →

2023 KubeCon NA TAG Storage Session.pptx pdf
Tuesday November 7, 2023 12:10pm - 12:45pm CST
W196AB
  Maintainer Track, Storage

12:10pm CST

SIG Instrumentation Introduction and Deep Dive - Han Kang, Richa Banker & David Ashpole, Google; Damien Grisonnet, Red Hat
Kubernetes SIG Instrumentation is responsible for ensuring high quality and consistent instrumentation across the Kubernetes project. We will begin with an introductory overview of the efforts the SIG Instrumentation has worked on in the past and is currently working on. This deep dive session will go into detail about currently ongoing efforts happening within SIG Instrumentation to share with the audience concrete pieces of work to encourage future collaboration. Software engineering and operations are both disciplines practiced in SIG Instrumentation, and any experience will help the special interest group's mission. Join this session to learn how to get involved in SIG Instrumentation to make instrumentation even better!
Speakers
avatar for Han Kang

Han Kang

Senior Staff Software Engineer, Google
Han Kang is a Senior Staff Software Engineer at Google. Han co-chairs SIG instrumentation while also participating in SIG API Machinery, focusing on operational aspects of managing Kubernetes clusters.
avatar for David Ashpole

David Ashpole

Senior Software Engineer, Google
David Ashpole currently works for Google on Kubernetes and OpenTelemetry.  He was previously deeply involved in Sig-Node, and drove many enhancements around monitoring and resource management. He is currently co-Tech Lead for Sig-Instrumentation, and is working on adding Distributed... Read More →
avatar for Damien Grisonnet

Damien Grisonnet

Senior Software Engineer, Red Hat
Damien Grisonnet is a Software Engineer at Red Hat, he is very active in the monitoring ecosystem of Kubernetes for which he serves as a technical lead for Kubernetes SIG Instrumentation as well as a maintainer for projects such as kube-state-metrics, metrics-server, and prometheus-adapter... Read More →
avatar for Richa Banker

Richa Banker

Software Engineer at Google, Google
Currently a software engineer at Google working on Kubernetes for Google Distributed Cloud. Also contributing to OSS Kubernetes on the side.

Tuesday November 7, 2023 12:10pm - 12:45pm CST
W196C (Ground Level)
  Maintainer Track, Instrumentation

12:10pm CST

WG Batch: What’s New and What Is Next? - Marcin Wielgus, Google & Maciej Szulik, Red Hat
Maciej and Marcin will present improvements that the WG Batch has promoted in Kubernetes, and the opportunities under discussion to better support batch workloads such as HPC, AI/ML, data-analytics, etc. We will discuss enhancements to the Job API for fine-grained failure handling and the roadmap to make the Job API the standard for batch applications. We will also talk about the JobSet API, a new subproject sponsored by the working group that uses the upstream Job API as a building block to address common deployment patterns of AI/ML and HPC workloads. We will also cover the new release and roadmap for Kueue, a Kubernetes subproject that offers job queueing, to build a multitenant batch system. The WG Batch was created in 2022 to serve the demand from the ecosystem to better support batch applications in Kubernetes. The WG is composed of SIGs’ experts and developers from various communities, with the objective to set roadmaps and collaborate in designs and implementations.
Speakers
avatar for Marcin Wielgus

Marcin Wielgus

Staff Software Engineer, Google
Marcin Wielgus is a Staff Software Engineer at Google. Marcin joined the company in 2010 and since then he has been working on various projects, ranging from Android applications to recommendation engines. He started contributing to Kubernetes before the 1.0 release and currently... Read More →
avatar for Maciej Szulik

Maciej Szulik

Senior Principal Software Engineer, Red Hat
Maciej is a passionate developer with almost 2 decades of experience in many languages. Currently he's working on OpenShift and Kubernetes for Red Hat. Whereas at night he is hacking on side projects with python. In his spare time he enjoys reading a good book or taking photos.

KubeCon NA 2023 WG Batch pdf
Tuesday November 7, 2023 12:10pm - 12:45pm CST
W194 (Ground Level)
  Maintainer Track, Batch

12:10pm CST

What's Happening with Ingress-Nginx! - James Strong, Chainguard & Ricardo Katz, VMware
This presentation will discuss our plans for Ingress-nginx 2.0 release, breaking changes, new features, and deprecations. We will also discuss our plans for gateway API, CVE reduction, and other security updates coming to ingress-nginx. As always, we will provide a community update, roadmap, and other critical information attendees should know about the project. Please join us to learn all about the progress and future of ingress-nginx.
Speakers
avatar for Ricardo Katz

Ricardo Katz

Staff Engineer, VMware
Engineer for Cloud Native solutions at VMware by day, Ingress-Nginx maintainer by night. Previously was the tech lead for the Brazilian Government Cloud and Platform infrastructure, being one of the persons responsible for implementing some of the first Kubernetes clusters in Brazil... Read More →
avatar for James Strong

James Strong

Solution Architect, Chainguard
James has been working in the cloud for 7 years. He helped build a private cloud at GE Appliances and developed and supported REST API's in AWS on docker. Recently he has passed the CNCF's CKA exam and helps companies migrate their applications to Kubernetes.

Tuesday November 7, 2023 12:10pm - 12:45pm CST
W192 (Ground Level)
  Maintainer Track, Networkingress-nginx

12:10pm CST

Smart Global Replication Using Reinforcement Learning - Benjamin Bengfort, Rotational Labs
There are many great reasons to replicate data across Kubernetes clusters in different geographic regions: e.g. for disaster recovery and to ensure the best possible user experiences. Unfortunately, global replication is not easy; not just because of the difficulty in consistency reasoning that it introduces, but also due to the increased cost of provisioning multiple volumes that exponentially duplicate ingress and egress. Wouldn't it be great if our systems could learn the optimal placement of storage blocks so that total replication was not necessary? Wouldn't it be even better if our replication messaging was reduced ensuring communication only between the minimally necessary set of storage nodes? We show a system that uses multi-armed bandits to perform such an optimization; dynamically adjusting how data is replicated based on usage. We demonstrate the savings achieved and system performance using a real world system: the TRISA Global Travel Rule Compliance Directory.
Speakers
avatar for Benjamin Bengfort

Benjamin Bengfort

Co-founder & CEO, Rotational Labs
Dr. Benjamin Bengfort is co-founder & CEO of Rotational Labs. Benjamin is an experienced systems engineer, programmer & data scientist. Driven by a desire to build large systems with many users that have a global impact, he takes pride in solutions where many small interactions combine... Read More →

Smart Global Replication Using Reinforcement Learning pdf
Tuesday November 7, 2023 12:10pm - 12:45pm CST
W185 (Ground Level)
  ML/AI + Data Processing + Storage

12:10pm CST

Kubernetes for Edge Computing: A Guide to Building Resilient and Scalable Applications - Yin Ding, Google & Tina Tsou, Arm
In this session, we will delve deep into the best practices for implementing edge computing solutions in Kubernetes. As edge computing becomes increasingly important in today's IoT-driven world, mastering the techniques to deploy and manage workloads effectively at the edge becomes crucial. We will explore the challenges of edge computing, including network instability, hardware diversity, and geo-distribution, and demonstrate how Kubernetes can effectively manage these issues. With real-world examples and case studies, we will illustrate how Kubernetes can power robust edge computing systems and what future trends to expect in this domain. Attendees can look forward to gaining a comprehensive understanding of the best strategies and techniques for Kubernetes-based edge computing deployments and how to prepare for the future of edge computing."
Speakers
avatar for Tina Tsou

Tina Tsou

Director of Infra Ecosystem, Arm & Board Chair, LF Edge
Tina Tsou, Director of Infra Ecosystem, Arm & Board Chair, LF Edge, is a recognized leader in open source software, cloud infrastructure, and edge computing. She chairs the Kubernetes Edge Day events under the Cloud Native Computing Foundation (CNCF) and serves as the Board Chair... Read More →
avatar for Yin Ding

Yin Ding

Engineering Manager, Google
Yin Ding, an Engineering Manager at Google, lead the Kubernetes Hardening team and brings over 15 years of expertise in large-scale and distributed computing. As a co-founder of the CNCF KubeEdge open-source project and the TSC Chair of LF Edge Akraino, Yin Ding has made significant... Read More →

Tuesday November 7, 2023 12:10pm - 12:45pm CST
W178 (Ground Level)
  Networking + Edge + Telco

12:10pm CST

A Tale of Two Flamegraphs: Unlocking Performance Insights in a Diverse Application Landscape - Ryan Perry, Grafana Labs
In this session, we embark on an intriguing journey into the world of performance profiling, where we encounter the best and worst of times in optimizing applications across diverse programming languages and platforms. Join us as we explore the power of flamegraphs and their role in understanding and improving application performance. This talk draws upon our experiences and efforts in integrating profiling into OpenTelemetry, highlighting the importance of observability in modern software development. With a focus on practical examples and real-world use cases, we will use the official OpenTelemetry demo application as a backdrop for our "Tales of Two Flamegraphs." By comparing and contrasting flamegraphs across different application stacks, we will uncover common performance pitfalls and demonstrate effective optimization techniques applicable to any language ecosystem.
Speakers
avatar for Ryan Perry

Ryan Perry

Engineering Director, Grafana Labs
I’m from the Indiana originally where I initially studied business in school. However, after an internship in tech I decided that I wanted to learn how to code and ended up completing a coding bootcamp and moving out to Oakland, CA. Since then I’ve worked at several startups and... Read More →

Tuesday November 7, 2023 12:10pm - 12:45pm CST
W180 (Ground Level)
  Observability

12:10pm CST

Disaster Recovery with Very Large Postgres Databases - Gabriele Bartolini, EDB & Michelle Au, Google
Disaster recovery of mission-critical data is an important requirement for any organization. As your database grows, it becomes harder to maintain the same RPO and RTO objectives and new techniques need to be leveraged to backup and recover your data at large scales. In this session, we will explore various disaster recovery use cases and compare different technologies to meet different RPO and RTO objectives with Postgres across a wide variety of topologies and scales. We will demo these scenarios with the open source CloudNativePG operator and show how an operator can simplify and automate the experience, leading to Very Large Databases (VLDB) use case adoption in Kubernetes.
Speakers
avatar for Michelle Au

Michelle Au

Software Engineer, Google
Michelle Au is a software engineer at Google and is a Kubernetes SIG Storage tech lead. She has been a Kubernetes maintainer since 2017, working on projects including the Container Storage Interface, volume security, volume topology, and local persistent storage.
avatar for Gabriele Bartolini

Gabriele Bartolini

VP of Cloud Native, EDB
A long time open source programmer and entrepreneur, Gabriele has a degree in Statistics from the University of Florence. After having consistently contributed to the growth of 2ndQuadrant and its members through nurturing a lean and devops culture, he is now leading the Cloud Native... Read More →

KubeCon + CloudNativeCon NA 2023 Disaster Recovery with Very Large Postgres Databases pdf
Tuesday November 7, 2023 12:10pm - 12:45pm CST
W179 (Ground Level)
  Operations + Performance

12:10pm CST

Building, Scaling, and Growing Internal Developer Platform for Companies Inside Companies - Joshua Bezaleel Abednego & Giri Kuncoro, GoTo Financial
Our infrastructure team builds an internal developer platform for our digital wallet company that processes billions of dollars transactions tailored to our own engineering culture and practices. As time goes by, the company grows to provide an array of financial services that is made possible by the acquisition of various companies. We expanded the numbers of users of our self-service GitOps platform to support additional more than 10s of Kubernetes clusters and 3x the numbers of services. Even though the number is exciting, onboarding new post-merger engineering teams and consolidating them to our IDP means that we have to navigate frictions and differences as teams have their own sets of culture. This talk will help your platform team in handling the current and upcoming post-merger scenario from the unique experience and lessons learned in how our team manages the challenges in onboarding multiple engineering teams to our IDP that we think is still rarely talked in the community.
Speakers
avatar for Joshua Abednego

Joshua Abednego

Software Engineer, GoTo Financial
Joshua is a software engineer in GoTo Financial’s infrastructure department specifically on the Developer Experience team that builds and maintains the internal developer platform powering the company’s engineering team. Earlier he worked as software engineer at Shipper, contributed... Read More →
avatar for Giri Kuncoro

Giri Kuncoro

Staff Engineer, GoTo Financial
Giri is currently working for GoTo, one of fastest growing unicorns in South East Asia that recently went IPO. He started Kubernetes project and created Internal Developer Platform to drive adoption of cloud native ecosystem (Istio, ArgoCD, etc.) across the organization before the... Read More →

Companies inside Companies KubeCon + CloudNativeCon North America 2023 pdf
Tuesday November 7, 2023 12:10pm - 12:45pm CST
W375E (Level 3)
  Platform Engineering
  • Content Experience Level Any
  • Talk Type In-Person
  • Presentation Slides Attached Yes

12:10pm CST

Harnessing Argo & Flux: The Quest to Scale Add-Ons Beyond 10k Clusters- Joaquin Rodriguez, Microsoft & Priyanka Ravi, Weaveworks
Managing cluster add-ons at scale across private clouds, public clouds, and the edge presents a significant challenge. The intricate nature of large-scale operations can lead to inefficiencies, increased costs, and potential vulnerabilities if not managed effectively. This challenge can be addressed by harnessing the capabilities of Argo CD, Flux, and Flamingo to scale beyond 10,000 clusters while addressing the growing needs for scale, logging, and monitoring. We'll discuss how Flux and Flamingo contributes to the lifecycle of cluster add-ons at a massive scale and how the Argo CD API can be integrated into a cluster lifecycle solution.
Speakers
avatar for Priyanka Ravi

Priyanka Ravi

Developer Experience Engineer, Weaveworks
Priyanka “Pinky” Ravi is a Developer Experience Engineer at Weaveworks. She has worked on a multitude of topics including front end development, UI automation for testing and API development. Previously she was a software developer at a large insurance company where she was on... Read More →
avatar for Joaquin Rodriguez

Joaquin Rodriguez

Microsoft
Joaquin Rodriguez, a Senior Software Engineer in the Commercial Software Engineering organization at Microsoft, helps customers tackle their toughest technical problems, on the cloud and at the edge. With over ten years of experience, Joaquin is passionate about open-source technologies... Read More →

Harnessing Argo & Flux The Quest to Scale Add Ons Beyond 10k Clusters pdf
Tuesday November 7, 2023 12:10pm - 12:45pm CST
W175 (Ground Level)
  Platform Engineering

12:10pm CST

A Wind of Change for Threat Detection - Melissa Kilby, Apple
There’s a breeze in the air blowing steady advancements in cloud native security threat detection. However, threat actors are outpacing our innovation — rule-based detections focus on what we think attackers will do, not on what they are doing and generate enough alerts to bury security analysts in a sandstorm of poor signal-to-noise. Can this dynamic be blown back to shift the information asymmetry in favor of defenders? This advanced talk will focus on how to create high-value, kernel signals that are difficult to bypass using eBPF and Falco - but not in the traditional way. Advanced data analytics is an emerging crosswind that enables us to soar past attackers by detecting deviations in current behavior from past behavior. I’ll discuss rules versus behavior challenges and push the boundaries of innovation through demos that scale in real-world production environments. Come join me as we take this zephyr of an idea into a jet stream of change for threat detection!
Speakers
avatar for Melissa Kilby

Melissa Kilby

Security Engineer, Apple
Before joining Apple, Security Engineer Melissa Kilby contributed to US Government research projects and taught Applied Data Science at BlackHat. She has a Ph.D., specializing in machine learning and biomechanics. She has also contributed to NASA’s space suit engineering program... Read More →

A Wind of Change for Threat Detection Melissa Kilby KubeCon NA 2023 pdf
Tuesday November 7, 2023 12:10pm - 12:45pm CST
W375AB (Level 3)
  Security

12:10pm CST

Challenge to Implementing “Scalable” Authorization with Keycloak - Yoshiyuki Tabata, Hitachi, Ltd.
In the OWASP API Security Top 10 2023, three of the top 5 vulnerabilities include the word "authorization (authz)", authz is becoming more important for security considerations. Authz is often developed from scratch, however, along with the expanded service, the authz logic often becomes low scalability due to the increase in authz targets, attributes, and combinations. In such cases, it is common to introduce an authz service. Keycloak, an IAM OSS, also has an authz service. Keycloak has OAuth2 authz server capabilities, too, so by using the authz service, it is possible to centrally manage data related to authentication (authn) and authz. In this session, Yoshiyuki Tabata explains how to implement scalable authz using Keycloak and how to combine it with OPA to avoid Keycloak becoming SPOF and improve authz performance. Furthermore, by combining with CockroachDB, he introduces an authn and authz solution that withstands regional failures and operates in multi-cloud environments.
Speakers
avatar for Yoshiyuki Tabata

Yoshiyuki Tabata

CNCF Ambassador, Senior OSS Consultant, Hitachi, Ltd.
Yoshiyuki Tabata is a CNCF Ambassador, and Senior OSS Consultant at OSS Solution Center at Hitachi, Ltd, responsible for Authentication/Authorization and API-related solutions. As an authentication and authorization expert, he has provided numerous consultations, for example designing... Read More →

Challenge to Implementing Scalable Authorization with Keycloak pdf
Tuesday November 7, 2023 12:10pm - 12:45pm CST
W375CD (Level 3)
  Security

12:10pm CST

SECURITY HUB: The Quest for CNCF Ecosystem Security - Eddie Knight, Sonatype
Open source project security is the first line of defense when securing the software supply chain, making CNCF project security hygiene one of the most critical elements in securing the cloud for everyone around the world. Come to this session to learn about how TAG Security and the Cloud Native Security Slam have helped elevate projects in 2023, and hear about the strategies used by Argo to bring theory into reality for one of the most complex CNCF projects. Before we close, we'll take time to reward projects and celebrate the huge progress made this year within the ecosystem!
Speakers
avatar for Eddie Knight

Eddie Knight

OSPO Technical Program Manager, Sonatype
Eddie leads the Open Source Program Office at Sonatype, and serves as a maintainer for complimentary security and compliance projects within the OpenSSF, CNCF, and FINOS ecosystems.

Slam23 Awards (1) pdf
Tuesday November 7, 2023 12:10pm - 12:45pm CST
W471AB (Level 4)
  Security
  • Content Experience Level Any
  • Talk Type In-Person
  • Presentation Slides Attached Yes

12:10pm CST

SECURITY HUB: 🚩 An Introduction to Cloud Native Capture the Flag - Andrew Martin & Kevin Ward, ControlPlane
The Cloud Native Capture The Flag (CTF) is available to all in-person KubeCon + CloudNativeCon North America attendees.  In preparation for getting started with the activity, you are invited to attend an introductory session.

This session aims to introduce how to participate in CTF competition to those who are new to them. We will share our tips and tricks for completing these challenges and work through a practice scenario together.

Learn more about how to participate in Capture The Flag.
Speakers
avatar for Kevin Ward

Kevin Ward

Principal Consultant, ControlPlane
Kevin is an Principal Consultant with over 10 years of experience designing, building and testing secure solutions for Government, Defense and Finance sectors. He enjoys hacking and hardening systems to discover the balance between security and usability. He co-authored the GKE CIS... Read More →
avatar for Andrew Martin

Andrew Martin

CEO, ControlPlane
Andrew has an incisive security engineering ethos gained building and destroying high-traffic web applications. Proficient in systems development, testing, and operations, he is at his happiest profiling and securing every tier of a cloud native system, and has battle-hardened experience... Read More →

Tuesday November 7, 2023 12:10pm - 12:45pm CST
W470AB (Level 4)
  Security

12:10pm CST

Sponsored: From Desktop to Production, Build Applications Everywhere, All at Once on Kubernetes - Matt Farina & Rey Lejano, Rancher by SUSE
Kubernetes has emerged as one of the most popular platforms for deploying and managing containerized applications on distributed computing at scale. However Kubernetes is hard, and many developers struggle with building, testing, and deploying their applications Kubernetes efficiently.

In this session, join CNCF TOC member Matt Farina and Kubernetes 1.23 release lead Rey Lejano as they both provide practical tips to help you take your application from development to production efficiently on Kubernetes with cloud-native tools.

They’ll demystify the multi-verse of tools and ecosystems developers face in a containerized world and will cover topics including how to set up development and testing environments on your desktop, best practices in dealing with Kubernetes version upgrades under your applications, navigating a shared container toolchain across development teams and explore use cases showcasing how you can just run your code, plus more!

By the end of this session, you will leave with valuable insights on how to extract the most value from your Kubernetes setup for your team's application development needs.
Speakers
avatar for Matt Farina

Matt Farina

Distinguished Engineer, SUSE
Matt works as a Distinguished Engineer at SUSE, where he works on Rancher, focusing on cloud native technologies. He is also a member of the CNCF Technical Oversight Committee. Matt is an author, speaker, and regular contributor to open source.
avatar for Rey Lejano

Rey Lejano

Cloud Native Solution Architect, SUSE
Rey Lejano is a Field Engineer at SUSE by way of Rancher Labs and is the co-chair of Kubernetes SIG Docs. Rey contributes to various Kubernetes Special Interest Groups such as Contributor Experience, Docs, Release, and Security. He is a member of seven Kubernetes Release Teams including... Read More →

From Desktop to Production, Build Applications Everywhere, All at Once on Kubernetes pdf
Tuesday November 7, 2023 12:10pm - 12:45pm CST
W184 (Ground Level)
  Sponsored Breakouts
  • Presentation Slides Attached Yes

12:45pm CST

EmpowerUs
We’d like to invite all attendees that identify as women or non-binary to join the EmpowerUs lunch sponsored by Google. Come and connect, build your network, and share experiences about your journeys.  This event is open on a first-come, first-served basis. We hope to see you there!

Lunch will be served.
Tuesday November 7, 2023 12:45pm - 1:45pm CST
Hyatt Regency McCormick Place, Ballroom AB
  Diversity + Equity + Inclusion, Experiences

12:45pm CST

Lunch 🍲
Tuesday November 7, 2023 12:45pm - 2:30pm CST
Hall F | Level 3 | West Building
  Breaks

1:00pm CST

Marketing Team Office Hours
Join your CNCF Marketing Team for Office Hours:
  • Monday, November 6: 2:00-4:00pm
  • Tuesday, November 7: 1:00-3:00pm
  • Wednesday, November 8: 1:00-3:00pm
  • Thursday, November 9: By appointment
Tuesday November 7, 2023 1:00pm - 3:00pm CST
Hyatt Regency McCormick Place, Dusable B
  Experiences

2:30pm CST

Rise of the Global Cloud Native Community: The Untold Stories - Ashutosh Kumar, Elastic & Rajas Kakodkar, VMware
CNCF is known for nurturing and supporting a vibrant and diverse community of open-source contributors and maintainers. The latest Project Journey Report of Kubernetes highlights a rise in contributors particularly from the APAC region over the last few years. Devstats show that the contributions from India have gone up by almost six times compared to five years ago. They will explain how the impact of CNCF programs cuts through geographical boundaries and empowers individuals in their cloud native journeys. They will delve into the following success stories: - Overcoming language barriers to become a core maintainer. - Getting their first job when opportunities were scarce. - Acquiring leadership skills, otherwise not easily attainable. - Attracting new contributors through localisation initiatives. - Building regional mentorship culture. The speakers will also walk through all the regional efforts in the global community and how the audience can get involved.
Speakers
avatar for Ashutosh Kumar

Ashutosh Kumar

Senior Software Engineer, Elastic
Ashutosh is an active contributor and maintainer of the cluster api provider azure project. Currently he works as senior software engineer at Elastic and worked at VMware on cluster lifecycle team prior to this. He also had worked in a storage startup and is an emeritus control plane... Read More →
avatar for Rajas Kakodkar

Rajas Kakodkar

Senior Member of Technical Staff at VMware, VMware
Rajas is a Senior Member of Technical Staff at VMware. He is the Technical Lead of Technical Advisory Group, Runtime in CNCF. He is also a contributor to the Kubernetes project, active in the SIG testing and network areas of the ecosystem.

Tuesday November 7, 2023 2:30pm - 3:05pm CST
W176 (Ground Level)
  Cloud Native Experience

2:30pm CST

From Non-Tech to CNCF Ambassador: You Can Do It Too! - Julia Furst, Veeam
The Kubernetes and Cloud Native Computing Foundation (CNCF) ecosystem has rapidly transformed the technology landscape, empowering organizations to adopt scalable and resilient cloud-native architectures. However, entering this thriving community may seem daunting, particularly for those without a technical background. In this talk, we will explore the journey of an individual – me, who embarked on the path of becoming a CNCF Ambassador, despite lacking technical expertise initially.
Speakers
avatar for Julia F Morgado

Julia F Morgado

Global Technologist, Kasten by Veeam
Julia Furst Morgado is a Global Technologist on the Product Strategy - Office of the CTO team at Kasten by Veeam. Her passion is making Cloud Native technologies and DevOps best practices easier to understand by sharing her knowledge and experiences. She is also committed to empowering... Read More →

KubeConNA23 JuliaFM pptx
Tuesday November 7, 2023 2:30pm - 3:05pm CST
W181 (Ground Level)
  Cloud Native Novice
  • Content Experience Level Any
  • Talk Type In-Person
  • Presentation Slides Attached Yes

2:30pm CST

Sustainable Scaling of Kubernetes Workloads with In-Place Pod Resize and Predictive AI - Vinay Kulkarni, eBay & Haoran Qiu, UIUC
Accurately guessing CPU & memory requirements for workloads is hard! So, it is common for users to over-provision pods which leads to under-utilized clusters, and the need to scale up cluster size to accommodate workloads. Recently added in-place pod resize feature brings the ability to right-size over-provisioned pods without restarting them. In this talk, Vinay will discuss how cluster autoscaler currently handles pods pending due to insufficient resources, then introduce a change to the autoscaling workflow that right-sizes over-provisioned pods, and show how it can help schedule pending pods more quickly while lowering costs & carbon footprint. Haoran will talk about the latest research that leverages machine learning and reinforcement learning techniques to achieve multi-dimensional autoscaling, and discuss how this cutting-edge work can help proactively scale workloads to achieve optimal cluster utilization while meeting application SLOs by more precisely provisioning the pods.
Speakers
avatar for Vinay Kulkarni

Vinay Kulkarni

Principal MTS & Director, eBay
Vinay helps solve Kubernetes networking challenges using eBPF in large-scale clusters with globally distributed workloads at eBay Cloud. Before eBay, Vinay worked on advanced research projects in Kubernetes compute & networking @ Huawei, network stack features for systemd & PhotonOS... Read More →
avatar for Haoran Qiu

Haoran Qiu

PhD Student, UIUC
Haoran Qiu is a final year PhD student at UIUC working with Prof. Ravishankar Iyer. His research interest is in machine learning and distributed systems, with a focus on performance and sustainability. His recent research has been focused on designing novel ML/RL-based solutions and... Read More →

SustainableAutoscaling pdf
kubeadm ca demo 540p mp4
kubeadm ca demo smush 720p mp4
Tuesday November 7, 2023 2:30pm - 3:05pm CST
W184 (Ground Level)
  Emerging + Advanced

2:30pm CST

Conquering Challenges in Building TiCDC: A High-Performance Change Data Capture Service for TiKV - Charles Zheng, Netflix
Building a Change Data Capture (CDC) service for TiKV poses unique challenges. Our talk discusses the creation of TiCDC, showcasing how we ensured scalability through a distributed structure, and reduced latency by monitoring TiKV's change log directly. We'll reveal how extensible interfaces were designed for varied downstream applications and how event order was maintained, considering DML-DDL relationships. This presentation will provide a comprehensive understanding of the intricacies and successes involved in creating a powerful CDC service for a highly scalable storage system.
Speakers
avatar for Chao Zheng

Chao Zheng

Software Engineer, Netflix
Chao is a highly skilled cloud native technology professional with over 5 years of experience working on and contributing to several CNCF projects, including Kubernetes, OpenYurt and TiKV. Chao is a passionate advocate of open source technology and regularly speak at events such as... Read More →

onsite TiCDC KubCon 2023 NA.pptx pdf
Tuesday November 7, 2023 2:30pm - 3:05pm CST
W187 (Ground Level)
  Maintainer Track, TiKV

2:30pm CST

Crossplane Intro and Deep Dive - the Cloud Native Control Plane Framework - Jared Watts & Nic Cope, Upbound
The maintainers of Crossplane, a CNCF Incubating project, will lead this session that will introduce the project to new attendees, as well as dive into the finer details of Crossplane’s functionality and roadmap. We will explain how Crossplane enables you to compose cloud infrastructure and services into your custom platform APIs, and how best to get started building a platform of your own. We will take a tour through the key features included in the latest releases, what problems and use cases they are solving, and how you can adopt them into your control planes. Finally, there will be an interactive opportunity to engage with the maintainers, ask questions, and influence the future of the project direction.
Speakers
avatar for Jared Watts

Jared Watts

Founding Engineer, Upbound
Jared Watts is a Founding Engineer at Upbound, where he is working on advancing cloud-native computing by enabling anyone to build their own cloud platform. He is also a co-creator of the open source Crossplane (https://crossplane.io) and Rook (https://rook.io) projects. Prior to... Read More →
avatar for Nic Cope

Nic Cope

Senior Principal Software Engineer, Upbound
Nic Cope is a senior principal engineer at Upbound, founders of the Rook and Crossplane CNCF projects. Before joining Upbound to help build Crossplane, Nic spent a decade in SRE and platform engineering teams at companies large and small, including Google, Spotify, and Planet Labs... Read More →

Crossplane Intro and Deep Dive the Cloud Native Control Plane Framework pdf
Tuesday November 7, 2023 2:30pm - 3:05pm CST
W190 (Ground Level)
  Maintainer Track, Crossplane

2:30pm CST

Exploring KEDA's Graduation and Advancements in Event-Driven Scaling - Zbynek Roubalik, Kedify
Join us for a session on KEDA, now recognized as a CNCF Graduated project, revolutionizing event-driven architectures and serverless workloads. 
  • Explore the latest advancements that elevate its capabilities, delivering efficient, cost-effective, and high-performance scaling for your applications. 
  • Discover exciting new features and improvements, such as autoscaling based on complex formulas across multiple metrics, extended monitoring and observability capabilities and more. These empower you to proactively fine-tune and optimize the performance of applications scaled by KEDA, unlocking their full potential. 
  • We'll dive into practical examples and real-world scenarios, showcasing how KEDA enables you to achieve cost-effectiveness while maximizing the performance of your event-driven workloads. 
But that's not all! Get a glimpse into the future of KEDA's development, where we'll highlight upcoming improvements and features that will further enhance its scalability and versatility.
Speakers
avatar for Zbynek Roubalik

Zbynek Roubalik

CTO, Kedify
Zbynek is a founder and CTO of Kedify, a company specializing in enterprise-grade autoscaling of Kubernetes applications. He is also the maintainer of KEDA, a CNCF project focused on enabling autoscaling for event-driven applications on Kubernetes. Zbynek has previously served as... Read More →

KubeCon NA 2023 KEDA talk pdf
Tuesday November 7, 2023 2:30pm - 3:05pm CST
W196C (Ground Level)
  Maintainer Track, Keda

2:30pm CST

High-Volume Data and APIs: The Year in SIG-Apps - Maciej Szulik, Red Hat & Janet Kuo, Google
Over the last year, Kubernetes expanded support for high-volume data workloads through Jobs, and the Workload APIs (StatefulSet, Daemonset, etc.) have become mature, consistent, and full-featured. We've been busy in SIG Apps, and there's more to come. In this session the SIG Apps leads will provide an overview of what has been accomplished over the past year. They will get into details about specific changes that have been made, but also discuss potential directions for driving further improvements. They will also discuss how the work is shared between SIG Apps and Batch Work Group. Lastly, they will provide an update on the unifications of statuses between all the controllers. The session will conclude with an open discussion and Q&A. Attendees will learn about contributing to SIG Apps themselves.
Speakers
avatar for Janet Kuo

Janet Kuo

Staff Software Engineer, Google
Janet Kuo is a Staff Software Engineer at Google. She's joined the Kubernetes project since before the 1.0 launch in 2015. She is Kubernetes project maintainer, SIG Apps chair, and KubeCon co-chair emeritus. In her free time, she enjoys traveling and taking photos.
avatar for Maciej Szulik

Maciej Szulik

Senior Principal Software Engineer, Red Hat
Maciej is a passionate developer with almost 2 decades of experience in many languages. Currently he's working on OpenShift and Kubernetes for Red Hat. Whereas at night he is hacking on side projects with python. In his spare time he enjoys reading a good book or taking photos.

KubeCon NA 2023 SIG Apps pdf
Tuesday November 7, 2023 2:30pm - 3:05pm CST
W192 (Ground Level)
  Maintainer Track, Apps

2:30pm CST

Observability TAG Updates: Enhancing Kubernetes Observability and Query Language Standardization - Alolita Sharma & Matt Young, Apple & Ken Finnigan, Lumigo
The Observability Technical Advisory Group (TAG) serves as a discussion forum for topics related to observability of cloud native systems. In this session, TAG leaders will provide an update on key observability projects. We will review the efforts of the observe-k8s workgroup to document best practices and tools for Kubernetes observability. We will also review the efforts of the query language standardization (QLS) workgroup to gather requirements and use cases for defining a common specification. Observability practitioners, developers and contributors are invited to join in for this session to discuss features, scenarios and open source solutions for end-users.
Speakers
avatar for Matt Young

Matt Young

Open Source Program Office (OSPO), Apple
I’m a technical strategist with a background in cloud-native architecture, patterns, and practices who thrives in interdisciplinary and cross-group settings. My background spans compilers to clouds wearing dev, test, support, and research hats. I have deep experience in storage... Read More →
avatar for Alolita Sharma

Alolita Sharma

Head of Engineering, Apple
Alolita Sharma is a member of OpenTelemetry GC, CNCF Observability TAG co-chair and CNCF Governing Board member from Apple. She leads Apple’s AIML observability teams. She contributes to open source, open standards at OpenTelemetry, O11y Query Language standard, Unicode, W3C. She... Read More →
avatar for Ken Finnigan

Ken Finnigan

OpenTelemetry Architect, Lumigo
Ken Finnigan is the OpenTelemetry Architect for Lumigo, a contributor to OpenTelemetry specification and Java SDK, and a member of CNCF TAG Observability. Ken has presented on distributed tracing, microservices, and other related topics at conferences like CodeOne (JavaOne), Red Hat... Read More →

KubeConNA 2023 Observability TAG Updates 11072023.pptx pdf
Tuesday November 7, 2023 2:30pm - 3:05pm CST
W196AB
  Maintainer Track, Observability

2:30pm CST

Policy-Based Kubernetes Governance, Risk, and Compliance - Jim Bugwadia, Nirmata; Andy Suderman, Fairwinds; Poonam Lamba, Google; Anca Sailer, IBM; Robert Ficcaglia, SunStone Secure
Kubernetes policies are a form of configuration management used to manage other configurations and runtime behaviors. Policies can help simplify security, and also serve as the building blocks for higher level business functions such as Governance, Risk, and Compliance (GRC). In this panel session, members of the CNCF Policy Working Group will first discuss why Kubernetes requires policy management. Then they will present how policy management works at each phase of the cloud native lifecycle. Finally, they will discuss a policy-as-code based approach for addressing critical business functions of Governance, Risk, and Compliance. Such an approach can transform costly and tedious manual processes into automated and continuous processes with collaboration among various personas. This results in organizational efficiencies and cost-savings. You will also learn about the Policy WG charter, activities, and how you can contribute to making Kubernetes secure and compliant.
Speakers
avatar for Jim Bugwadia

Jim Bugwadia

Co-founder and CEO, Nirmata
Jim Bugwadia is a co-founder and the CEO of Nirmata, the Kubernetes policy and governance company. Jim is an active contributor in the cloud native community and currently serves as co-chair of the Kubernetes Policy and Multi-Tenancy Working Groups. Jim is also a co-creator and maintainer... Read More →
avatar for Anca Sailer

Anca Sailer

Distinguished Engineer, IBM
Dr. Anca Sailer is an IBM Distinguished Engineer at the T. J. Watson Research Center where she transforms the clients compliance processes into an engineering practice. Dr. Sailer received her Ph.D. in CS from Sorbonne Universités, France and applied her Ph.D. work to Bell Labs before... Read More →
avatar for Robert Ficcaglia

Robert Ficcaglia

CTO, SunStone Secure, SunStone Secure
Robert is the co-chair of the Policy Workgroup and contributor to Kubernetes SIG-Security audit and threat modeling.
avatar for Poonam Lamba

Poonam Lamba

Product Manager, Google
Poonam is a Product Manager at Google, focusing on Governance & Compliance for GKE. She also has a demonstrated history of working working as an engineering leader for FSI where she designed, architected and operated systems at scale. 
avatar for Andy Suderman

Andy Suderman

CTO, Fairwinds
Andy Suderman is CTO at Fairwinds, a provider of software for platform teams running Kubernetes to standardize and enable development best practices. Andy has worked with cloud native technologies for the last seven years helping organizations adopt and manage Kubernetes. Andy is... Read More →

Policy WG Policy Based Kubernetes Governance, Risk, and Compliance KubeCon NA 2023.pptx pdf
Tuesday November 7, 2023 2:30pm - 3:05pm CST
W194 (Ground Level)
  Maintainer Track, Policy

2:30pm CST

Reducing AI Job Cold Start Time from 15 Mins to 1 Min - Tao He, Google
In this talk, we will present an analysis of the full workload life cycle to identify the major issues, and how we evolve container runtime for faster cold start of AI/ML jobs. We show how some of the challenges are particularly challenging for AI use cases. One of the biggest contributors to workload startup time is the container image loading phase. AI containers are often 10’s of gigabytes large, which greatly impacts the total workload startup time. We will show how you can optimize your Kubernetes platform to pre-load containers and greatly reduce your workload startup times. We will discuss additional techniques to reduce overall startup times and optimize your auto scaling performance. Lastly, we will explore further challenges to solve to get AI job cold startup time from 15 minutes to 1 min, by evolving the container runtime (especially in ContainerD).
Speakers
avatar for Tao He

Tao He

Software Engineer, Google
Tao is a software engineer in Google,  focusing on faster GPU workload startup in Kubernetes. Previously Tao was a maintainer for Istio service mesh.

Tuesday November 7, 2023 2:30pm - 3:05pm CST
W185 (Ground Level)
  ML/AI + Data Processing + Storage

2:30pm CST

High Performance, Low Latency Networking for Edge & Telco - Dan Daly & Nupur Jain, Intel; Vipin Jain, AMD; Ian Coolidge, Google; Nabil Bitar, Bloomberg
Traditional edge & telco deployments are often containerized and use Kubernetes, however applications written for these environments struggle to be cloud native as their network intensive workloads require SR-IOV and kernel bypass to maximize bandwidth and minimize latency/jitter. In this panel we will discuss the different approaches for supporting Kubernetes Network Infrastructure Offload, an implementation agnostic solution for providing high performance, low latency network connections using standard Kubernetes networking. As a follow-up to our panel last year, we will update on the standardization and open-source developments for offloading Kubernetes networking operations such as endpoint discovery, pod connectivity, service scale, load balancing, and network policy. This offload does not require end-users to make code changes to their CNFs or VNFs and can simplify deployment and management by removing the need to run SR-IOV in the cluster.
Speakers
avatar for Vipin Jain

Vipin Jain

Sr Fellow Engineer, AMD
Vipin Jain is a senior fellow engineer at AMD. He has been instrumental in developing IPU/DPU architecture, products and solutions at AMD/Pensando. He is an active contributor in the DPU related standardization work at OPI, P4 and other organizations. Prior to AMD, he was the CTO... Read More →
avatar for Dan Daly

Dan Daly

Senior Principal Engineer`, Intel
Dan Daly is a Senior Principal Engineer at Intel focusing on software architecture for enabling programmable infrastructure spanning across cloud and edge deployments. With a background in programmable switching since the beginning of P4, Dan currently works on software within IPDK... Read More →
NB

Nabil Bitar

CTO - Networking Architecture, Bloomberg
Nabil Bitar holds BS, MS and PhD degrees in Electrical Engineering from Boston University, Boston, Massachusetts, USA. He is the CTO - Head of Network Architecture at Bloomberg LP since January 2020. Prior to his current position he was the CTO for the Large Enterprise (including... Read More →
avatar for Ian Coolidge

Ian Coolidge

Software Engineer, Google
Ian Coolidge is a Staff SWE at Google, on GDC Edge, where he enables high performance workloads on kubernetes on premisis.
avatar for Nupur Jain

Nupur Jain

Cloud Architect, Intel
Nupur is a Cloud Software Architect at Intel, leading the Kubernetes Offload Recipe within IPDK. Prior to Intel, Nupur worked at Ericsson and other Bay Area companies in OpenStack, Evolved Packet Core (EPC), and cybersecurity data analytics.

Kubecon 2023 High Performance, Low Latency Networking for Edge & Telco V03 pdf
Tuesday November 7, 2023 2:30pm - 3:05pm CST
W178 (Ground Level)
  Networking + Edge + Telco
  • Content Experience Level Any
  • Talk Type In-Person
  • Presentation Slides Attached Yes

2:30pm CST

Observability in the Cloud Native Era - Why Is It Still so Hard? - Sharone Zitzman, RTFM Please; Jason Yee, Datadog; Charity Majors, honeycomb.io; Itiel Shwartz, Komodor
We’ve made a lot of progress in monitoring & observability, with dozens of OSS & commercial tooling built to power the cloud native revolution. Yet, there is still a lot of confusion & friction with getting monitoring systems to really provide the insights we need for our business continuity & to prevent incidents & outages. On top of this, there are so many tools it’s hard to know what to use & when––OpenTelemetry, Prometheus, Grafana––it makes our head spin. This begs the question - why is cloud native observability still so hard? In this panel, we’ll tap into three powerhouses from the observability community––Charity Majors, Itiel Shwartz, and Jason Yee. Come armed with your most compelling questions about the state of the o11y union, wh alerts still suck, how those unknown unknowns still bring our systems down, and anything else you want to ask these experts. We’ll make sure you come away with the most practical tips to get your monitoring and o11y working FOR YOU.
Speakers
avatar for Jason Yee

Jason Yee

Staff Developer Advocate, Datadog
Jason Yee is a Staff Developer Advocate at Datadog where he helps engineers and engineering organizations improve by using data, collaborating, and learning. Previously, he worked at Gremlin, O’Reilly Media, and MongoDB. He’s also a member of the DevOpsDays core team and an organizer... Read More →
avatar for Charity Majors

Charity Majors

CTO/cofounder, Honeycomb.io
Charity is the cofounder and CTO of honeycomb.io, the O.G. observability company, and the coauthor of O'Reilly books "Database Reliability Engineering" and "Observability Engineering". She writes about tech, leadership and other random stuff at https://charity.wtf.
avatar for Sharone Zitzman

Sharone Zitzman

Developer Relations, RTFM Please Ltd.
Sharone Zitzman, is a developer relations professional and an open source community builder, who likes to work with engineering teams that are building products that developers love. Having built both the DevOps Israel and Cloud Native & OSS Israel communities from the ground up... Read More →
avatar for Itiel Shwartz

Itiel Shwartz

CTO, Komodor
CTO and co-founder of Komodor, the dev-first Kubernetes Operations Platform. A big believer in dev empowerment and moving fast. Previously worked at eBay, Forter, and Rookout (now Dynatrace) as founding engineer. A backend developer turned DevOps, and avid public speaker that loves... Read More →

Tuesday November 7, 2023 2:30pm - 3:05pm CST
W180 (Ground Level)
  Observability

2:30pm CST

Advancing Memory Management in Kubernetes: Next Steps with Memory QoS - Dixita Narang, Google & Antti Kervinen, Intel
Effective memory management is crucial for achieving optimal performance and resource utilization in Kubernetes deployments. In this session, we will explore the realm of advanced memory controls for efficient memory utilization and robust memory protection. This talk will equip attendees with valuable knowledge about effectively managing memory in Kubernetes deployments, leading to improved performance, resource utilization, and customization options. Starting with an overview of advanced memory controls available in cgroup v2, we will delve into how K8s has strengthened memory protection through addition of a new feature, Memory QoS, in version 1.27. Furthermore, for those seeking granular control over memory configuration, we will explore the utilization of custom Node Resource Interface (NRI) plugins. Witness how NRI plugins enable administrators to exercise complete command over the workload memory options thereby achieving elevated control and customization.
Speakers
avatar for Antti Kervinen

Antti Kervinen

Cloud orchestration software engineer, Intel
Antti Kervinen is a Cloud Orchestration Software Engineer working at Intel, whose interest in Linux and distributed systems has led him from academic research of concurrency to the world of Kubernetes. When unplugged, Antti spends his time outdoors discovering wonders of nature.
avatar for Dixita Narang

Dixita Narang

Software Engineer, Google
Dixita Narang is a Software Engineer at Google on the Kubernetes Node team. With a primary focus on resource management within Kubernetes, Dixita is deeply involved in the development and advancement of the Memory QoS feature, which is currently in the alpha stage. She is a new contributor... Read More →

[Kubecon Talk] Advancing Memory QoS pdf
Tuesday November 7, 2023 2:30pm - 3:05pm CST
W179 (Ground Level)
  Operations + Performance

2:30pm CST

Building a Paved Road for Debuggability! - Anusha Ragunathan & Kevin Downey, Intuit
At Intuit, creating a "Debugging Paved Road" with the right toolchain for a Kubernetes based platform is crucial to enabling developer velocity and providing deeper observability. Such a paved road enables effective debugging without needing the developers to understand Kubernetes complexities. This paved road operates at scale to support more than 2500 services. We harnessed open-source technologies like Argo Workflows and Ephemeral Containers (stable in Kubernetes 1.25) to build a robust, scalable debuggability toolchain. In this session, we will talk about our debugging framework's design including securing ephemeral containers and Argo Workflows utilization for scalability. The presentation will feature a live demo of efficient Java and GoLang debugging techniques. Join us to learn how Intuit successfully built a powerful “Debugging Paved Road” for its Kubernetes-based platform and apply these techniques to your development environments!
Speakers
avatar for Anusha Ragunathan

Anusha Ragunathan

Principal Software Engineer, Intuit Inc
Anusha Ragunathan is a software engineer at Intuit, where she works on building and maintaining the company’s Kubernetes based Compute Infrastructure. Anusha is passionate about solving complex problems in systems and infrastructure engineering. Prior to Intuit, she worked on building... Read More →
avatar for Kevin Downey

Kevin Downey

Staff Software Engineer at Intuit, Intuit Inc.
Kevin Downey is a Staff software engineer at Intuit, core contributor to Keikoproj and Intuit Kubernetes Service (IKS). Kevin enjoys solving Platform scale problems in Systems and Infrastructure engineering. His interests include containers, virtualization, cloud-native technologies... Read More →

KubeConDebuggabilityPavedRoad pdf
Tuesday November 7, 2023 2:30pm - 3:05pm CST
W375E (Level 3)
  Platform Engineering

2:30pm CST

Runwasi: WebAssembly Serverless for Containerd - Angel M De Miguel Meana, VMware & Francisco Cabrera, Microsoft
The Worker model, pioneered by CloudFlare and others, provides a lightweight, secure way of running serverless workloads. WebAssembly (Wasm) is a portable binary format that allows code from a variety of languages like Rust, JavaScript, and Python. This talk introduces runwasi, an open-source library to develop containerd shims that leverage WebAssembly and the WebAssembly System Interface (WASI). Together, Wasm and Runwasi enable deployment of secure, lightweight apps whenever you can run containers. Thanks to the sandboxed execution environment, the workloads get an extra isolation layer. The capability-based security model that WASI follows ensures the functions only have access to the required resources. Application distribution is another challenge. Wasm modules are small and compact (20MB for a Python Wasm module). This talk will provide some of the challenges involved and a practical demonstration of what it looks like to run a Wasm serverless app on top of Kubernetes.
Speakers
avatar for Angel M De Miguel Meana

Angel M De Miguel Meana

Staff 2 Engineer, VMware
Angel is a Staff Engineer at VMware AI Labs working on multiple WebAssembly initiatives. His background is as full-stack web developer working primarily with UIs, APIs, automation and Kubernetes. Angel is an Open Source (OSS) enthusiast, both as a creator and contributor to different... Read More →
avatar for Francisco Cabrera

Francisco Cabrera

Technical Program Manager, Microsoft
Francisco is a Technical Program Manager at AKS Hybrid team, working on edge computing and Kubernetes at the Edge. For the past couple of years, he’s been working within the open-source community, developing end-to-end IoT solutions. Since joining Microsoft, he’s been responsible... Read More →

Tuesday November 7, 2023 2:30pm - 3:05pm CST
W175 (Ground Level)
  Platform Engineering

2:30pm CST

All Cloud-Native Services Are Vulnerable — Block Exploits with Security Behavior Analytics - David Hadas, IBM Research & Roland Huß, Red Hat
It's known that no service is immune to vulnerabilities, even when following the best security practices. This demands a shift in our approach – we need robust methods that can block existing exploits, future exploit mutations, exploits developed immediately after a CVE is published, and even exploits of vulnerabilities we are unaware of. This talk introduces how Security Behavior Analytics (SBA) technology can detect exploit delivery sent during client interactions. Guard, a CNCF Knative component running on Kubernetes, uses SBA to detect unusual behavior that indicates potential exploit delivery. Guard applies Machine Learning (ML) to establish per-service criteria and does not rely on specific signatures that can be outdated or missed. We cover the benefits and disadvantages of using SBA with ML. We demonstrate Guard in action, blocking an actual exploit, and discuss security operations in production, and the relationship with Zero-Trust Architecture.
Speakers
avatar for Roland Huss

Roland Huss

Senior Principal Software Engineer, Red Hat
Roland Huß is a software engineer at Red Hat who worked as tech lead on Fuse Online and landed recently in the OCF team for coding on Knative. He has been developing in Java for over twenty years now and found recently another love with Golang. However, he never forgot his roots... Read More →
avatar for David Hadas

David Hadas

Cyber @IBM Research | Security WG Lead @Knative, IBM Research
Knative Security WG Lead. Knative Technical Oversight Committee member. Owner of Knative’s Security-Guard. TAG Security whitepaper on “Zero Trust using Cloud Native Platforms” contributor. IBM Research since 2008 - Cloud workload security. Prior to IBM, 15 years in the Israeli... Read More →

All Cloud Native Services Are Vulnerable pdf
Tuesday November 7, 2023 2:30pm - 3:05pm CST
W375AB (Level 3)
  Security
  • Content Experience Level Any
  • Talk Type In-Person
  • Presentation Slides Attached Yes

2:30pm CST

Cloud Native Application Threat Modeling and Adversary Emulation : Techniques and Tools - Rafik Harabi, Sysdig
The cloud has fundamentally changed how teams develop and deploy applications. By designing Cloud Native Applications, teams eliminate a lot of risks associated with legacy applications. On the other hand, the attack surface of cloud applications can change dynamically and frequently. Threat modeling and adversary emulation are crucial practices for proactively identifying and mitigating threats. We will begin by discussing the importance of threat modeling and adversary emulation. We will delve into various threat modeling methodologies such as data flow diagrams, and attack surface analysis in addition to different techniques to identify threats and select mitigation strategies. We will explore the open source tools that help visualizing threats, assessing risks and simulating realistic attacks to generate actionable insights. By the end of this talk, you will have a comprehensive understanding of cloud-native application threat modeling and adversary emulation techniques and tools
Speakers
avatar for Rafik Harabi

Rafik Harabi

Senior Solutions Architect, Sysdig
Rafik has more than 15 years of tech and internet industry experience. Currently, he is a Senior Solution Architect devoted to helping customers secure their cloud native platforms and applications. Before joining Sysdig, he was responsible for executing go-to cloud programmes in... Read More →

Cloud Native Application Threat Modeling and Adversary Emulation Techniques and Tools, Rafik Harabi Sysdig pdf
Tuesday November 7, 2023 2:30pm - 3:05pm CST
W375CD (Level 3)
  Security

2:30pm CST

SECURITY HUB: Hacking the Kubernetes Secure Software Supply-chain with .zip Domains - John McBride, Opensauced & Sean McGinnis, AWS
The ".zip" top level domain is an inherently dangerous new route for malicious actors to use and exploit. In mid 2023, John was able to acquire the kubernetes.zip domain: https://twitter.com/johncodezzz/status/1657888452149669888

And through some experimenting and iteration, we were able to serve modified Kubernetes source code through that domain that APPEARS to be from the real Kubernetes GitHub org (where the real source code is available as a zip file).

The real domain for downloading the actual upstream source zipfile is:

https://github.com/kubernetes/kubernetes/archive/refs/heads/master.zip

And the malicious one is: https://github.com/kubernetes/kubernetes/archive/refs/heads/@kubernetes.zip

An unsuspecting party could easily download this code, unpack the tarball, and build the bespoke source code with potentially compromised malicious bits.

This talk will include a demo of this exploit, a thorough description of how socially engineered domains fit into the secure software supply-chain, and a call to action for how organizations that consume Kubernetes source code can strengthen their security posture towards these kinds of supply chain attacks (including through verifying signed Kubernetes artifacts, hardened Linux node environments, etc).
Speakers
avatar for Sean McGinnis

Sean McGinnis

Software Engineer, AWS
Sean McGinnis is an engineer working on the Bottlerocket container OS.
avatar for John McBride

John McBride

Sr Software Engineer, OpenSauced
John is a Sr Software Engineer at OpenSauced where he works on open source insights and metric tooling. He's previously worked at AWS, VMware, and Pivotal. He maintains spf13/cobra in support of the CNCF ecosystem.

hacking with dot zip tld final key
Tuesday November 7, 2023 2:30pm - 3:05pm CST
W471AB (Level 4)
  Security

2:30pm CST

Tutorial: Cloud Native Essentials: A 101 Tutorial to Start Your Cloud Native Journey - Rey Lejano, SUSE & Eamon Bauman, Red Hat
Learning about cloud native projects can be difficult and time consuming on your own. This 90 minute tutorial introduces and demystifies many CNCF graduated projects. In this tutorial we’ll give an overview of CNCF graduated projects, what problems they solved, and how to use them. The tutorial will go through the installation, setup, and use of the following: the container runtime containerd to be used with upstream Kubernetes, the latest version of upstream Kubernetes (including etcd), Harbor for a container registry, Helm to deploy an application, Prometheus for monitoring, fluentd for logging, Open Policy Agent and Gatekeeper for admission control for compliance. After this tutorial, you’ll be well on your way on your cloud native journey.
Speakers
avatar for Eamon Bauman

Eamon Bauman

OpenShift Solutions Architect, Red Hat
avatar for Rey Lejano

Rey Lejano

Cloud Native Solution Architect, SUSE
Rey Lejano is a Field Engineer at SUSE by way of Rancher Labs and is the co-chair of Kubernetes SIG Docs. Rey contributes to various Kubernetes Special Interest Groups such as Contributor Experience, Docs, Release, and Security. He is a member of seven Kubernetes Release Teams including... Read More →

Cloud Native Essentials A 101 Tutorial to Start Your Cloud Native Journey pdf
Tuesday November 7, 2023 2:30pm - 4:00pm CST
W183 (Ground Level)
  Tutorials, Cloud Native Novice

2:30pm CST

🚨 Contribfest: Keycloak - Accelerate New Features, Squash Bugs and Learn to Contribute - Alexander Schwartz & Michal Hajas, Red Hat
Keycloak is an Identity and Access Management (IAM) solution providing centralized authentication and authorization to applications and APIs. It recently joined the CNCF, and this ContribFest invites the community to contribute.

For those new to the project we will provide a tour of the repository and help set up development environments to begin contributing on some existing issues of outstanding technical debt. This is also the chance to improve Keycloak documentation for users and contributors.

For those that have some familiarity with Keycloak, we will spend time getting deeper in technical detail about how new features will be implemented and how they will fit together with Keycloak and its current capabilities.

To speed up the initial phase of the session, we recommend checking out the latest version of the Keycloak repository and downloading all dependencies before the session start using the following commands.
  1. git clone https://github.com/keycloak/keycloak.git
  2. cd keycloak
  3. ./mvnw clean install -DskipTests
Speakers
avatar for Alexander Schwartz

Alexander Schwartz

Principal Software Engineer, Red Hat
Alexander Schwartz is a Principal Software Engineer at Red Hat working on the Keycloak team. At work and in his spare time he codes for Open Source projects. In a previous job he worked as a software architect and IT consultant. At conferences and at user groups he talks about JavaScript... Read More →
avatar for Michal Hajas

Michal Hajas

Principal Software Engineer, Red Hat
Michal Hajas is an official maintainer of project Keycloak working as a Principal Sofware Engineer at Red Hat.

Tuesday November 7, 2023 2:30pm - 4:00pm CST
W186 (Ground Level)
  🚨 ContribFest

3:25pm CST

Navigating Open Source Project Hurdles to Achieve Community Empowerment - Aizhamal Nurmamat kyzy, Sysdig & Bob Killen, Google
How does an open source project become a recognized member of a foundation and provide high value to the cloud native ecosystem? How does it grow from sandbox to graduation stage? This talk will shed light on how to navigate the intricacies of the CNCF graduation process, which ultimately transforms an independent project into a vital part of a thriving community. This talk is the culmination of several years of shepherding open source projects, both as part of the CNCF as well as other major open source foundations. We will share insightful guidance, tips, and lessons to effectively navigate your own project's journey towards foundation membership. We will also cover pitfalls encountered during the process, and how you can avoid them by following the best practices.
Speakers
avatar for Aizhamal Nurmamat kyzy

Aizhamal Nurmamat kyzy

Director, DevRel, Sysdig, Inc.
Aizhamal is a Director of DevRel at Sysdig where she focuses on making open source Falco accessible through content and education. Previously she worked at Google's OSPO where she helped build open source communities in cloud native and data analytics ecosystems.
avatar for Bob Killen

Bob Killen

OSS Program Manager, Google
Bob is a Program Manager at the Google Open Source Programs Office with a focus on Cloud Native computing. He serves the Kubernetes project as a Steering Committee member and chair of the Contributor Experience SIG. Bob comes from an academic background, spending 15 years at the University... Read More →

KCNA23 alpacka pdf
Tuesday November 7, 2023 3:25pm - 4:00pm CST
W176 (Ground Level)
  Cloud Native Experience

3:25pm CST

From Classroom to Cluster: Embracing Kubernetes as a Student and Contributing to Its Development - Nitish Kumar, Faeka Ansari & Grace Nguyen, Independent; Meha Bhalodiya, Red Hat; Leonard Pahlke, Liquid Reply
Oftentimes, Students who try to get involved within the Kubernetes Ecosystem are shed by the overwhelming nature of the community. With several SIGs working on different projects and meetings happening around, it becomes extremely difficult to find your way to get involved in the project. As the ecosystem grows, it is essential to have a sustainable framework that streamlines the process of getting more students involved and building future leaders. Students often grapple with managing their academic workload while pursuing their passion for contributing and learning Kubernetes. In this panel talk, we will be interacting with some of the greatest contributors to the community who started their way as Students. This will bring light to the challenges each one of us goes through as students with minimal information and a solution to it. A key motivation for this panel discussion is to emphasize on building the next generation of cloud-native.
Speakers
avatar for Grace Nguyen

Grace Nguyen

Student, Independent
An undergrad at uWaterloo, Grace Nguyen has interned in VC, the government, research, startups and big tech. Having built in various verticals with a focus on using technology to help underserved communities, she spends most of her day hacking software, and contributing to Kubern... Read More →
avatar for Meha Bhalodiya

Meha Bhalodiya

Associate Software Quality Engineer, Red Hat
An Associate Software Quality Engineer at Red Hat, where I work with the OpenShift GitOps team. Apart from full-time job, I also participate in upstream community initiatives, such as being a CI Signal Lead in K8s Release v1.28 (been a shadow in v.127 & v1.26), a GSoC’22 Student... Read More →
avatar for Nitish Kumar

Nitish Kumar

Independant, Student
Nitish has been involved in the Kubernetes community since his freshman year of college. He is currently the Linux Foundation Intern under the Release Engineering Subproject at Kubernetes where he is working at Kubernetes upstream to build a library and CLI Tool for managing the... Read More →
avatar for Faeka Ansari

Faeka Ansari

LFX mentee, Independent
Fyka Ansari is an undergrad student with a passion for cloud-native technologies. She is a Linux Foundation LFX Mentee'23 at CNCF, contributing to Istio and shadowing for the Kubernetes Release v1.29 team. She is one of the admin, maintainer and author for Last Week in Kubernetes... Read More →
avatar for Leonard Pahlke

Leonard Pahlke

Software Engineer, Liquid Reply
Leo is chair for the CNCF TAG Environmental Sustainability, previously the Kubernetes Release Lead for v1.26, emeritus advisor for v1.28 and passionate about software, cloud, open source, sustainability, and wasm related things. He is currently studying for a master's degree in computer... Read More →

Panel talk KubeCon + CloudNativeCon NA 2023.pptx (1) pdf
Tuesday November 7, 2023 3:25pm - 4:00pm CST
W181 (Ground Level)
  Cloud Native Novice

3:25pm CST

Avoid an Ill Wind and Catch the Jet Stream – Using Falco to Detect Attackers & Compliance Violations - Jason Dellaluce, Leonardo Grasso & Luca Guerra, Sysdig; Melissa Kilby, Apple; Carlos Tadeu Panato Junior, Chainguard
As a widely embraced cloud native runtime security tool, Falco is a reliable and effective real-time threat detection and compliance violation monitoring project essential for your needs in today’s dynamic environments. Get wind of happenings in your diverse infrastructure through Falco’s new rules maturity framework; designed to ease your onboarding experience with Falco detections and accompanied by contribution, tuning, and style guides. With improved performance tailored specifically for our expanding pool of adopters, Falco now includes greater configurability, innovations with plugins, and so much more. These changes propel your organization forward and position you to power-dive into events and calls for when your workloads start going south — with a simple Falco setup you can elevate your threat response team to new heights with cloud native insights.
Speakers
avatar for Carlos Panato

Carlos Panato

Staff Engineer, Chainguard
Carlos Panato is a Staff Software Engineer at Chainguard, Inc., who’s working on development and infrastructure using Kubernetes and containers. Previously, he’s worked on development, testing, processes, and management. He contributes to several CNCF/LF projects and it is an... Read More →
avatar for Leonardo Grasso

Leonardo Grasso

Open Source Software Engineer, Sysdig
Leonardo Grasso is an Open Source Software Engineer at Sysdig, based in Italy. He has a strong passion for software design and has long professional experience in the R&D field. Leonardo loves Linux, Kubernetes, Containers, Security, and building tools other engineers would like to... Read More →
avatar for Melissa Kilby

Melissa Kilby

Security Engineer, Apple
Before joining Apple, Security Engineer Melissa Kilby contributed to US Government research projects and taught Applied Data Science at BlackHat. She has a Ph.D., specializing in machine learning and biomechanics. She has also contributed to NASA’s space suit engineering program... Read More →
avatar for Jason Dellaluce

Jason Dellaluce

Senior Open Source Engineer, Sysdig
Jason Dellaluce is a Senior Open Source Engineer at Sysdig and a Core Maintainer of Falco. On a daily basis, he is exposed to Linux, Kubernetes, Containers, Security, eBPF, and the Open Source world in general. Most recently, he contributed to Falco by leading the development of the... Read More →
avatar for Luca Guerra

Luca Guerra

Sr. Open Source Engineer, Sysdig Inc.
Luca is an experienced software engineer, specializing in software design and security research. His professional experience includes designing security solutions, building and breaking secure systems, and vulnerability management. Luca is a core maintainer for the Falco project and... Read More →

Tuesday November 7, 2023 3:25pm - 4:00pm CST
W187 (Ground Level)
  Maintainer Track, Falco

3:25pm CST

CoreDNS Plugins: A Deep Dive - Yong Tang, Ivanti & John Belamaric, Google
As a flexible and extensible DNS server with a focus on service discovery, CoreDNS has been widely used in different cloud-native systems. The extensibility of CoreDNS mostly comes from its plugin-based architecture that allows easy addition of new features. In this session, we will take a deep dive and discuss the rich plugin ecosystems of CoreDNS. We will learn the integrations of CoreDNS with cloud-vendors and how this fits hybrid-cloud strategy of different companies. We will also walk through a simple yet complete golang implementation of a CoreDNS plugin for demo purposes. At the end are the project update and road map for CoreDNS community.
Speakers
avatar for Yong Tang

Yong Tang

Senior Director, Engineering, Ivanti
Yong Tang is Senior Director of Engineering at Ivanti. He is a core maintainer of CoreDNS and contributes to many container, cloud-native, and machine learning projects for the open source community. In addition to CoreDNS, he is a maintainer of Docker/Moby. He is also a maintainer... Read More →
avatar for John Belamaric

John Belamaric

Sr Staff Software Engineer, Google
John is a Sr Staff SWE, and a co-chair of Kubernetes SIG Architecture, leading efforts on production readiness, conformance, and software architecture. He is co-founder of Nephio, an LF project for K8s-based automation of large scale telco edge deployments, and a maintainer of CoreDNS... Read More →

KubeCon Chicago pdf
Tuesday November 7, 2023 3:25pm - 4:00pm CST
W190 (Ground Level)
  Maintainer Track, CoreDNS

3:25pm CST

Envoy Maintainer Q&A
Come ask questions of the Envoy maintainers in this open ended Q&A! Any and all questions and open ended discussion is fair game!
Speakers
avatar for Alyssa Wilk

Alyssa Wilk

Senior Staff Software engineer, Google
Alyssa is an Envoy Senior Maintainer and a software engineer at Google. She spent over a decade at Google writing and enhancing the GFE, Google's front-line HTTP proxy, before setting her sights on making Envoy even more awesome than the GFE is.
avatar for Josh Marantz

Josh Marantz

Member Technical Staff, Google
Josh is an Envoy maintainer and helps build cloud load-balancing products at Google. Prior to working on Envoy, Josh created mod_pagespeed and its family of web-site optimization plugins for Apache & Nginx, and led the Ad Experience Report and Chrome Ad Blocker, to improve ads on... Read More →
GG
YA

Tuesday November 7, 2023 3:25pm - 4:00pm CST
W196C (Ground Level)
  Maintainer Track

3:25pm CST

Improving Kubernetes Security with the Konnectivity Proxy - Michael McCune, Red Hat & Joseph Anttila Hall, Google
When architecting secure Kubernetes deployments it is often desirable to isolate the various streams of network traffic that exist within a cluster. For user-initiated traffic this process involves proxies and well-crafted firewall rules, but how do you properly separate API server-initiated traffic that flows to pods, nodes, and service networks?

Konnectivity Proxy simplifies this question by providing a common methodology for shaping the network egress traffic from Kubernetes API servers. Securing network traffic within Kubernetes clusters is a vital step to ensure that user data is protected and that cloud resources are not exploited. Project maintainers will cover an overview of the Konnectivity proxy, the goals of this project as a collaboration between SIG Cloud Provider and SIG API Machinery, its current status, and will share experiences running Konnectivity at GKE. Attendees will leave with new knowledge and tools to secure their Kubernetes clusters.
Speakers
avatar for Michael McCune

Michael McCune

Senior Principal Software Engineer, Red Hat
Michael McCune is a software developer creating open source infrastructure and applications for cloud platforms. He has a passion for problem solving and team building, and a lifelong love of music, food, and culture.
avatar for Joseph Anttila Hall

Joseph Anttila Hall

Software Engineer, Google
Joseph Anttila Hall is a Software Engineer at Google, and migrated GKE from SSH tunnels to Konnectivity Proxy. Outside of work he enjoys backyard beekeeping, and riding bikes with his 1.5 year old.

KubeCon NA 2023 Improving Kubernetes Security with the Konnectivity Proxy pdf
Tuesday November 7, 2023 3:25pm - 4:00pm CST
W192 (Ground Level)
  Maintainer Track, Cloud Provider

3:25pm CST

Open and Secure: Lessons Learned in Five Years of TAG Security Assessments - Justin Cappos, NYU & Andres Vega, M42
Security is perhaps the most misunderstood field of computing. In part this is because many properties of it are hard to quantify. TAG Security regularly conducts security assessments to examine the security of CNCF projects. Compared to audits, the assessment is often detached from a specific deployment and the implementation itself. an assessment focuses more on design flaws and whether a software project as a whole is doing the sorts of things that lead to security. This will be an accessible, light, and (hopefully) fun talk. We will delve into the assessment process, the incisiveness of the review, look at prior assessments, and showcase some computer programs. We will share attack matrixes and results from the assessments of different projects and how assessments have influenced project security. Finally, it will help to recruit new participants who are interested in performing assessments.
Speakers
avatar for Andres Vega

Andres Vega

Founder, M42
avatar for Justin Cappos

Justin Cappos

Professor, New York University
I am a professor at NYU who has been working on software supply chain security for more than 20 years. I am a maintainer / creator of the TUF, Uptane, and in-toto projects, which are all under the LF.

Open and Secure Lessons Learned in Five Years of TAG Security Assessments pdf
Tuesday November 7, 2023 3:25pm - 4:00pm CST
W194 (Ground Level)
  Maintainer Track, Security

3:25pm CST

Platforms All the Way Down; Always Has Been. - Josh Gavant, Red Hat; Abby Bangser, Syntasso; Colin Griffin, Krumware; Srinivas Peri, Adobe; Joe Natale, Discover
CNCF defines a "platform" as an integrated collection of capabilities serving a use case, a definition intended to encompass web application development, large-scale data analysis and operation of third-party "COTS" applications, to name a few. Though platform engineering is in high demand today, per the CNCF's definition platforms have been an integral part of computing for decades - even an operating system like DOS or Unix also collects and brings consistency to disparate hardware functions to enable developing and running software. So why are platforms so vital to cloud-native computing in particular? How should a platform in support of cloud-native software be constructed? In this panel discussion leaders of CNCF's WG Platforms and cloud-native end user companies will share answers to these based on their experiences and the WG's white paper and maturity model. We'll discuss popular approaches to constructing a cloud-native platform and tactics to mature your own practices.
Speakers
avatar for Srinivas Peri

Srinivas Peri

Director, Ethos, Cloud Platform Engineering, Adobe
In my 19 years at Adobe I have moved from tool engineer responsible for releasing one core component to owner of a daily release system for 70+ Creative Suite components, and then the creation of the early deployment system for Shared Cloud & Creative Cloud, then through building... Read More →
avatar for Abby Bangser

Abby Bangser

Principal Engineer, Syntasso
Abby is a Principal Engineer at Syntasso delivering Kratix, an open-source cloud-native framework for building internal platforms on Kubernetes. Her keen interest in supporting internal development comes from over a decade of experience in consulting and product delivery roles across... Read More →
avatar for Colin Griffin

Colin Griffin

Chief Engineer, Krumware
Colin Griffin is Chief Engineer at Krumware. A software engineer by trade, he specializes in cloud-native application and infrastructure development; with an emphasis on developer enablement and platform engineering. He founded Krumware with the goal of enabling companies to build... Read More →
avatar for Josh Gavant

Josh Gavant

Specialist Solution Architect, Red Hat
Josh has enabled software development and delivery at global enterprises for almost 20 years, serving as product manager and solution architect for several big tech vendors as well as platform and product engineer at end user companies. Today as leader of CNCF's TAG App Delivery Josh... Read More →
avatar for Joseph Natale

Joseph Natale

Technical Architecture Manager, Discover Financial
In my 15 years at Discover I've held various roles, first level support, application developer, architect, and senior manager.  Most of my time has been spent in application development and architecture supporting the Discover's Payments line of business, specifically authorizations... Read More →

2023 11 Platforms Panel pdf
Tuesday November 7, 2023 3:25pm - 4:00pm CST
W196AB
  Maintainer Track, App Delivery

3:25pm CST

Unlocking the Full Potential of GPUs for AI Workloads on Kubernetes - Kevin Klues, NVIDIA
Dynamic Resource Allocation (DRA) is new Kubernetes feature that puts resource scheduling in the hands of 3rd-party developers. It moves away from the limited "countable" interface for requesting access to resources (e.g. "nvidia.com/gpu: 2"), providing an API more akin to that of persistent volumes. In the context of GPUs, this unlocks a host of new features without the need for awkward solutions shoehorned on top of the existing device plugin API. These features include: * Controlled GPU Sharing (both within a pod and across pods) * Multiple GPU models per node (e.g. T4 and A100) * Specifying arbitrary constraints for a GPU (min/max memory, device model, etc.) * Dynamic allocation of Multi-Instance GPUs (MIG) * … the list goes on ... In this talk, you will learn about the DRA resource driver we have built for GPUs. We walk through each of the features it provides, and conclude with a series of demos showing you how you can get started using it today.
Speakers
avatar for Kevin Klues

Kevin Klues

Distinguished Engineer, NVIDIA
Kevin Klues is a distinguished engineer on the NVIDIA Cloud Native team. Kevin has been involved in the design and implementation of a number of Kubernetes technologies, including the Topology Manager, the Kubernetes stack for Multi-Instance GPUs, and Dynamic Resource Allocation (DRA... Read More →

Unlocking the Full Potential of GPUs for AI Workloads on Kubernetes KevinKlues v1 pdf
Tuesday November 7, 2023 3:25pm - 4:00pm CST
In Virtual Platform
  ML/AI + Data Processing + Storage

3:25pm CST

Take It to the Edge: Creating a Globally Distributed Ingress with Istio & K8gb - Jimmi Dyson, D2iQ
As organizations continue to scale their Kubernetes deployments, the need for a robust and globally distributed ingress solution becomes increasingly vital. The ability to seamlessly route traffic across multiple clusters and regions not only ensures high availability but also enables efficient load balancing and optimal performance. In this session at KubeCon 2023, we will explore how to achieve this with the powerful combination of Istio and k8gb. Join us as we discuss the challenges faced when establishing a globally distributed ingress infrastructure. We will examine the limitations of traditional ingress controllers and showcase the integration of k8gb, a Kubernetes Global Balancer, with Istio to achieve a highly available and scalable ingress solution. Learn how k8gb leverages DNS-based load balancing and geo-distribution to seamlessly handle traffic across multiple clusters, enabling efficient communication between applications and users on a global scale.
Speakers
avatar for Jimmi Dyson

Jimmi Dyson

Principal Engineer, D2iQ
Jimmi is Principal Engineer at D2iQ, where he helps pull together multiple CNCF projects into a production-ready Kubernetes platform, enabling users to focus on delivering their own software rather than wrangling with the underlying infrastructure. Jimmi is a long-time contributor... Read More →

Take It to the Edge Creating a Globally Distributed Ingress with Istio & K8gb pdf
Take It to the Edge Creating a Globally Distributed Ingress with Istio & K8gb pptx
k8gb istio demo gif
Tuesday November 7, 2023 3:25pm - 4:00pm CST
W178 (Ground Level)
  Networking + Edge + Telco

3:25pm CST

Build in Observability While Developing - Jamie Danielson, Honeycomb.io
We’ve heard that observability is important to understand what is happening in production. But carving out the time to add instrumentation to a codebase can seem daunting, and is often treated as a separate task to writing features. This means that we end up instrumenting for observability long after a feature has shipped, usually when there’s a problem with it and we’ve lost all the context. What if we instead treated observability similarly to how we treat tests? We wouldn't submit our code without a test. Let’s do the same with observability. Treat it as part of the feature while the code is still fresh in our mind, with the benefit of being able to observe how the feature is behaving in production. We’ll cover practical ways to instrument during development so it feels like a natural part of the development workflow. Because if you know how to log, you know how to trace.
Speakers
avatar for Jamie Danielson

Jamie Danielson

Telemetry Engineer, Honeycomb.io
Jamie is a Telemetry Engineer at Honeycomb where she works on instrumentation libraries. She is an active contributor to multiple OpenTelemetry projects, and is an approver for OpenTelemetry JavaScript. When she’s not working she’s playing dek hockey or whittling away the hours... Read More →

O11y While Developing (final) pdf
Tuesday November 7, 2023 3:25pm - 4:00pm CST
W180 (Ground Level)
  Observability
  • Content Experience Level Any
  • Talk Type In-Person
  • Presentation Slides Attached Yes

3:25pm CST

Break Through Cluster Boundaries to Autoscale Workloads Across Them on a Large Scale - Ying Zhang, Zendesk & XingYan Jiang, DaoCloud
Nowadays, multi-cluster workload deployment and management have become increasingly common. Users usually use HPA for scaling workloads to meet changing demands. However, the current autoscaling is limited to a single cluster even when using multi-clusters. If we can break through the cluster boundaries, there will be some awesome scenarios, including scaling across clusters to extend resources infinitely, scaling up workloads in the local IDC first before the public cloud to save costs, and so on. To bring the benefits of autoscaling across clusters to users, we designed and implemented two types of multi-cluster HPA: centralized and distributed. They are different and have their own appropriate scenarios. In this session, Wei and XingYan will go over: 1. The challenges, benefits, and scenarios of autoscaling across clusters. 2. How we implement them in Karmada to solve the challenges. 3. How to select the appropriate type for different scenarios and example demonstrations.
Speakers
avatar for chauncey jiang

chauncey jiang

DaoCloud, Software Engineer, Cloud Native Enthusiast, DaoCloud
Chauncey Jiang is a software engineer at Dao Cloud, with a passion for cloud-native technologies and expertise in Kubernetes. He specializes in multi-cloud and multi-cluster environments, and actively contributes to the open source community as a karmada reviewer, istio member, and... Read More →
avatar for Ying Zhang

Ying Zhang

Zendesk, Senior Software Engineer

Break Through Cluster Boundaries to Autoscale Workloads Across Them on a Large Scale pdf
Tuesday November 7, 2023 3:25pm - 4:00pm CST
W179 (Ground Level)
  Operations + Performance

3:25pm CST

How the Record-Breaking, Cloud Native AI Supercomputer Was Built - Peter Salanki, CoreWeave
MLCommons released the latest MLPerfs in June, announcing a new record for AI performance by a Supercomputer running on Kubernetes. In this session, we'll cover what these benchmarks mean for the AI/ML industry and how CoreWeave and NVIDIA worked together to achieve this world-record breaking result. Software and hardware engineers will discuss:
- How leveraging Kubernetes and other CNCF technologies helped build massive GPU clusters for generative AI at breakneck speed
- How the team leveraged Argo Workflows to automate health checks, testing, and lifecycle management
- How Prometheus, Grafana, Mimir and Loki is used to track bare metal and network health & performance
- Learnings from running a record-breaking MLPerf submission on Kubernetes with Slurm on Kubernetes
Speakers
PS

Peter Salanki

Director or Engineering, CoreWeave
Peter is the Director of Engineering at CoreWeave.

Tuesday November 7, 2023 3:25pm - 4:00pm CST
W184 (Ground Level)
  Operations + Performance

3:25pm CST

Adopting Server Side Apply in Knative - a Case Study - Dave Protasowski, VMware
Kubernetes has a secret feature that no one seems know about and very few are using in practice. It's called server side apply (SSA) and it recently became generally available. This allows controllers and users to manage their resources through declarative intent in order to collaborate on a single object. We want to highlight this feature by presenting how it had an impact on Knative's control plane & controllers. We'll first discuss the problems that it addressed, how we did the migration and highlighting our performance gains.
Speakers
avatar for Dave Protasowski

Dave Protasowski

Dave Protasowski, VMware
Dave Protasowski is part of Knative Technical Committee and a Serving Working Group Lead. During the night he works at VMware. Prior he worked on Cloud Foundry things at Pivotal.

KubeCon 2023 Adopting Server Side Apply in Knative pdf
Tuesday November 7, 2023 3:25pm - 4:00pm CST
W375E (Level 3)
  Platform Engineering

3:25pm CST

Scalable User Authentication for Kubernetes Clusters with OpenID Connector - Nathan Brahms & Shashwat Sehgal, P0 Security
Platform engineering teams face a challenge in managing developer access to Kubernetes clusters. Firstly, on the user provisioning side, the default client certificate based authentication strategy requires submitting signing requests for every user in every cluster. Secondly, a mapping of roles and role bindings must be defined inside each cluster. This talk evangelizes the Kubernetes built-in OpenID Connector and emphasizes how easy it is to move away from these defaults, and how automation can decrease the ongoing maintenance burden. The talk discusses configuring an OIDC authentication for Kubernetes clusters, and details of how to do that in each major cloud provider (AWS, Azure, Google) and identity provider (Azure AD, Google Workspace, Okta, Jumpcloud). Finally, it discusses how to set up developer access using the open-source kubelogin kubectl plugin. This approach works well in environments with a large number of clusters or Kubernetes deployments in multiple clouds.
Speakers
avatar for Shashwat Sehgal

Shashwat Sehgal

CEO, P0 Security
I am the founder & CEO of P0 Security. I have spent most of my career building observability and security products for developers and technical teams. I am solving the problem of managing cloud-entitlements, and helping cloud security engineers understand 'who has access to what sensitive... Read More →
avatar for Nathan Brahms

Nathan Brahms

VP of Engineering, P0 Security

Brahms Scalable Kubernetes Authentication with OIDC KCCNC 2023 pdf
Tuesday November 7, 2023 3:25pm - 4:00pm CST
W175 (Ground Level)
  Platform Engineering

3:25pm CST

Arbitrary Code & File Execution in R/O FS – Am I Write? - Golan Myers, WithSecure
In containerized environments, such as Kubernetes clusters, read-only filesystems are viewed as an additional layer of defense, as they allow for better control and management of containerized applications. Immutable containers are consistent and predictable, making compliance and auditing simpler, and allowing for more accurate threat detection. They are also easily replicated to ensure high availability and can be rolled back with ease when necessary. In this talk I will present my research on bypassing write and execution restrictions to ultimately execute arbitrary code and executable files in read-only filesystems. The three methods I used to successfully execute arbitrary code will be covered and demonstrated live. We will then cover ways to remediate these attacks where possible and monitor & alert where they are not.
Speakers
avatar for Golan Myers

Golan Myers

Security Consultant, WithSecure
A Security Consultant at WithSecure specializing in Azure and Kubernetes. Focuses on low level container security.

Executing arbitrary code and executables in rofs pdf
Tuesday November 7, 2023 3:25pm - 4:00pm CST
W375AB (Level 3)
  Security

3:25pm CST

SECURITY HUB: From Threats to Trust: Safeguarding Sensitive Data in K8s - Moritz Eckert, Edgeless Systems
This talk delves into the challenges faced by regulated sectors and vulnerable targets in safeguarding their critical data in the cloud. Given their threat landscape and stringent compliance demands, they require solutions guaranteeing encryption at every state, sovereign cloud-level of isolation, and traceable supply chain security.

We'll guide you through the experiences of various case studies in their pursuit of the ideal solution to meet these demands. The talk will explore the need for robust encryption, isolation, and attestation measures to shield sensitive data even when the infrastructure becomes hostile. We will explain the pivotal role of Confidential Computing and its seamless integration with Kubernetes and cloud-native platforms.

By the end, attendees will have a deeper understanding of the challenges enterprises face when managing sensitive and regulated data in the cloud, along with practical approaches to enhance data privacy in K8s without relying solely on trust.
Speakers
avatar for Moritz Eckert

Moritz Eckert

Chief Architect, Edgeless Systems
Moritz Eckert is the Chief Architect at Edgeless Systems, a company dedicated to making confidential computing more scalable and accessible to everyone. Before joining Edgeless Systems in 2020, he conducted extensive research on cyber reasoning systems at EURECOM and UC Santa Barbara... Read More →

20231107 KubeConNA Moritz Eckert pdf
Tuesday November 7, 2023 3:25pm - 4:00pm CST
W471AB (Level 4)
  Security

3:25pm CST

SECURITY HUB: 🚩 An Introduction to Cloud Native Capture the Flag - Andrew Martin & Kevin Ward, ControlPlane
The Cloud Native Capture The Flag (CTF) is available to all in-person KubeCon + CloudNativeCon North America attendees.  In preparation for getting started with the activity, you are invited to attend an introductory session.

This session aims to introduce how to participate in CTF competition to those who are new to them. We will share our tips and tricks for completing these challenges and work through a practice scenario together.

Learn more about how to participate in Capture The Flag.
Speakers
avatar for Kevin Ward

Kevin Ward

Principal Consultant, ControlPlane
Kevin is an Principal Consultant with over 10 years of experience designing, building and testing secure solutions for Government, Defense and Finance sectors. He enjoys hacking and hardening systems to discover the balance between security and usability. He co-authored the GKE CIS... Read More →
avatar for Andrew Martin

Andrew Martin

CEO, ControlPlane
Andrew has an incisive security engineering ethos gained building and destroying high-traffic web applications. Proficient in systems development, testing, and operations, he is at his happiest profiling and securing every tier of a cloud native system, and has battle-hardened experience... Read More →

Tuesday November 7, 2023 3:25pm - 4:00pm CST
W470AB (Level 4)
  Security

3:25pm CST

Wolfi: Intro to the Linux Undistro Helping Build Small, up-to-Date, CVE Free Cloud Images - James Rawlings, Chainguard
This session provides an introduction to Wolfi, an innovative open source project aimed at reimagining the way we approach Linux distributions for the cloud. By removing the unnecessary components used by other distributions. We will delve into how Wolfi fosters the creation of custom images with minimal attack surfaces, significantly reducing the likelihood of CVE (Common Vulnerabilities and Exposures) threats. Attendees will gain insights into the architecture, inner workings and tooling of Wolfi, understanding the technologies and strategies it employs to keep software continually up-to-date for users. If you're a developer spending too much time triaging, mitigating, and patching CVEs, a cloud architect seeking to optimize resource usage and security, or a DevOps engineer in search of innovative tools, this Wolfi presentation help invaluable insights and practical knowledge that you can apply to your projects and organizations.
Speakers
avatar for James Rawlings

James Rawlings

Software Engineer, Chainguard
James Rawlings is a software engineer with a passion for automation. He currently serves as an engineer at Chainguard, where he helps maintain 'Wolfi', previously worked in CI/CD open source communities.

KubeCon + CloudNativeCon North America 2023 pptx
Tuesday November 7, 2023 3:25pm - 4:00pm CST
W375CD (Level 3)
  Security

3:25pm CST

When Is a Secure Connection Not Encrypted? and Other Stories - Liz Rice, Isovalent
Many organizations use a Service Mesh to secure traffic between apps. This may use Mutual TLS, with a proxy terminating connections on behalf of apps. mTLS starts with a handshake to authenticate endpoint identities, and exchange certificates for subsequent traffic encryption. When encryption is needed but app authentication is not, approaches like WireGuard or IPSec may be more suitable. What about scenarios where authentication is important but encryption adds too much latency? With demos to make concepts concrete, let’s dive into Cilium's approach to authentication and encryption, and the differences between mTLS and in-kernel alternatives.
  • Explore the mTLS handshake step-by-step
  • Contrast with transparent encryption using node identities
  • Understand where encryption takes place in different models
  • Discuss options for encrypting L7 protocols other than HTTP
With a clear picture of how authentication and encryption work, you’ll be better able to assess which approach best meets your needs.
Speakers
avatar for Liz Rice

Liz Rice

Chief Open Source Officer, Isovalent
Liz Rice is Chief Open Source Officer with eBPF specialists Isovalent, creators of the Cilium cloud native networking, security and observability project. She is the author of Container Security, and Learning eBPF, both published by O'Reilly, and she sits on the CNCF Governing Board... Read More →

Secure connections KubeCon pdf
Tuesday November 7, 2023 3:25pm - 4:00pm CST
W185 (Ground Level)
  Service Mesh

4:00pm CST

Coffee Break ☕
Tuesday November 7, 2023 4:00pm - 4:30pm CST
Hall F | Level 3 | West Building
  Breaks

4:30pm CST

Cloud Native Taiwan User Group: Governance of Open-Source Communities in Non-English Region - Phil Huang, Microsoft & Ching Kuo, Mirantis
Cloud Native Taiwan User Group (CNTUG) is an active IT user community based in Taiwan. It was established in 2017 and has a history of approximately 6 years, with a membership of around 6,000 individuals. The community mainly comprises members from Taiwan and other regions where Mandarin is the primary language. However, as a non-English-speaking community organization, Cloud Native Taiwan User Group also faces governance issues and challenges. By sharing the experiences of Cloud Native Taiwan User Group, we hope to share existing practices to foster global collaboration and development in the open-source community.


https://community.cncf.io/cloud-native-taiwan-user-group/
Speakers
avatar for Ching Kuo

Ching Kuo

Technical Support Engineer, Mirantis
Ching Kuo shares his passion for technology as a co-finder and co-organizer of the Cloud Native Taiwan User Group. He enjoys contributing to various CNCF/OpenInfra related projects, including but not limited to OpenStack, kops, and the cluster-api OpenStack provider. In his current... Read More →
avatar for Phil Huang

Phil Huang

Senior Cloud Solution Architect, Microsoft
Phil Huang, Senior Cloud Solution Architect at Microsoft, is Taiwan's CNCF Ambassador. With 6+ years of IT infrastructure design experience, he's previously served at Red Hat and VMware, gaining expertise in OpenSource technologies like Linux, Kubernetes, and hybrid cloud networking... Read More →

Cloud Native Taiwan User Group Governance of Open Source Communities in Non English Region pdf
Tuesday November 7, 2023 4:30pm - 5:05pm CST
W176 (Ground Level)
  Cloud Native Experience
  • Content Experience Level Any
  • Talk Type In-Person
  • Presentation Slides Attached Yes

4:30pm CST

Demystifying Service Mesh: Separating Hype from Practicality - Brian Redmond & Ally Ford, Microsoft
Even if you’re new to Kubernetes, you’re probably feeling a little FOMO when it comes to Service Mesh technology. It’s everywhere and it seems like it solves all of the problems. But do you actually need it? What are the core functions of service mesh and how do I choose a technology? And how can I be sure to use the technology in an efficient way so that I don’t introduce unneeded complexity and reliability issues. In this session, we will dig into Service Mesh in detail and break down the common use cases and discuss best practices to use it to your advantage. We will review common pitfalls and talk about how Service Mesh fits into the journey through Cloud Native technologies. Of course, there will be demos!
Speakers
avatar for Brian Redmond

Brian Redmond

Principal Product Manager, Microsoft
I am a Principal Product Manager working on our Cloud Native Platforms and AKS. My role is to support our customer and community efforts. I have been working in technology for over 28 years and have a mixed background from application development to infrastructure. I am based in Denver... Read More →
avatar for Ally Ford

Ally Ford

Product Manager, Microsoft
Ally is a Product Manager on the Azure Kubernetes Service (AKS) team at Microsoft Azure. She spends her days collaborating with customers to design features that improve the end to end operator experience for both Linux and Windows users. Formerly she was a UX designer and project... Read More →

Demystifying Service Meshes KubeCon + CloudNativeCon NA 2023 Public pptx
Tuesday November 7, 2023 4:30pm - 5:05pm CST
W181 (Ground Level)
  Cloud Native Novice

4:30pm CST

Zero-Downtime Live Migration of Stateful VMs on Kubernetes - Felicitas Pojtinger, Loophole Labs
If you’ve worked with VMs on Kubernetes, you’re familiar with how far they are behind the rest of the container ecosystem. This is caused by the different requirements around the way that VMs are started and migrated, which doesn’t match up with way we handle these things in the Kubernetes world. Outside of Kubernetes, existing legacy hypervisor solutions require VMs to be shutdown before migration, resulting in significant downtime. Even if they support live migration, that process is usually slow, error-prone, requires extensive preparation, and cuts networking during migration. These challenges make it difficult for legacy, stateful applications to leverage Kubernetes. This talk will dive into how we use r3map to solve these issues by providing stateful applications with the same UX that developers expect from containers by speeding up migrations, enabling persistent network connections, and guaranteeing zero downtime.
Speakers
avatar for Felicitas Pojtinger

Felicitas Pojtinger

Software Developer, Loophole Labs
Felicitas Pojtinger is a software engineer working on all things cloud native. She has developed multiple popular OSS projects such as the WebRTC-based overlay networking tool weron, the Go network boot server bofied, the go-nbd library and more. Currently, she does research and development... Read More →

r3map & Architekt Presentation KubeCon NA 2023 4 pdf
Tuesday November 7, 2023 4:30pm - 5:05pm CST
W184 (Ground Level)
  Emerging + Advanced

4:30pm CST

Chaos Mesh: Overview, Practice and Future - Zhou Zhiqiang, Individual & Saiyam Pathak, Civo
Join us as we delve into Chaos Mesh, the ultimate open-source tool for chaos engineering. In this presentation, we will provide an insightful overview of Chaos Mesh, its practical applications, and its promising future. Discover how Chaos Mesh empowers engineers to create controlled chaos experiments in production environments, uncover vulnerabilities, and enhance system reliability. Gain a solid understanding of Chaos Mesh's architecture, integration with Kubernetes, and its unique features that set it apart. We will also demonstrate real-world examples and best practices, showcasing the practical aspects of using Chaos Mesh. Prepare to explore the limitless possibilities that Chaos Mesh offers for building resilient and dependable systems. Don't miss this opportunity to understand the power of controlled chaos and its impact on system resilience with Chaos Mesh.
Speakers
avatar for Saiyam Pathak

Saiyam Pathak

Field CTO, Civo
Saiyam is working as Field CTO at Civo with a focus on defining the Civo cloud platform for simplifying Kubernetes & making it accessible for developers. Previously at Walmart Labs, Oracle, and HP, Saiyam has worked on many facets of k8s including machine learning platform, scaling... Read More →
avatar for Zhou Zhiqiang

Zhou Zhiqiang

Software Engineer, Individual
Zhou Zhiqiang is Chaos Mesh Maintainer.

Tuesday November 7, 2023 4:30pm - 5:05pm CST
W187 (Ground Level)
  Maintainer Track, Chaos Mesh

4:30pm CST

Cluster API Deep Dive: Improving Performance up to 2k Clusters - Fabrizio Pandini & Stefan Büringer, VMware
With Cluster API 1.5.0 the project can now support up to 2k Clusters. In this talk we are going to have a retrospective on the recent work about performance improvement and tuning, take a look at a lesson learned while optimising controllers and at the tooling we developed, which now is an asset for everyone willing to improve Cluster API providers performances or performances of any controller-runtime based controller.
Speakers
avatar for Fabrizio Pandini

Fabrizio Pandini

Staff Engineer, VMware
A Kubernetes contributor obsessed with making Kubernetes lifecycle simple and consistent across all types of infrastructures, so everyone can build amazing applications on top of it. When I’m not busy as a SIG Cluster Lifecycle tech lead or as a project maintainer in Cluster API... Read More →
avatar for Stefan Büringer

Stefan Büringer

Staff Engineer, VMware
Stefan is a Staff Engineer at VMware, a Kubernetes contributor since ~ 2018 and a Cluster API, Cluster API provider vSphere and Controller Runtime maintainer. Previously, he was part of the team that develops and operates the Mercedes-Benz Kubernetes platform. When not in front of... Read More →

Cluster API Deep Dive Improving Performance up to 2k Clusters pdf
Tuesday November 7, 2023 4:30pm - 5:05pm CST
W196AB
  Maintainer Track, Cluster LifecycleCluster API

4:30pm CST

Demystify Helm Support in Argo CD - Alexander Matyushentsev & Remington Breeze, Akuity
Argo CD is a GitOps operator for Kubernetes that lets users integrate any config management tool such as Helm, Kustomize, Jsonnet, and more. In order to ensure the best user experience, the most successful ones are pre-configured and supported out of the box. Helm stands out from other tools by also being a de-facto package manager for Kubernetes. To win this title, the Helm provides a lot of additional features. Besides just generating YAML, Helm supports dependencies, release tracking, and even orchestrates pre and post-deployment tasks. Wait, Argo CD also provides similar features! So what is the right way to use Helm with Argo CD and avoid redundancy? In this talk, we will explain how exactly Argo CD and Helm are working together and cover the best practices for integrating the two. The presentation ends with a demo of the most recent feature, multiple sources, which allows installing off-the-shelf helm charts with the value files stored in a private Git repository.
Speakers
avatar for Alexander Matyushentsev

Alexander Matyushentsev

Co-founder and Chief Architect, Akuity
Argo Co-Creator, Argo CD Lead, and maintainer. Energetic and passionate software engineer with over a decade of software development experience. I'm an enthusiast of continuous integration, agile environments, and a huge open-source believer. Core contributor and maintainer of http://argoproj.io... Read More →
avatar for Remington Breeze

Remington Breeze

Founding Software Engineer, Akuity
Remington is a maintainer of the Argo Project, focusing on Argo CD. He works as a founding Software Engineer at Akuity, a company focused on advanced application delivery for Kubernetes. He is interested in technologies which improve developer experience, which make complicated concepts... Read More →

Demystifying Helm Support In Argo CD.pptx pdf
Tuesday November 7, 2023 4:30pm - 5:05pm CST
W190 (Ground Level)
  Maintainer Track, Argo

4:30pm CST

Emissary-Ingress: Self-Service APIs and the Kubernetes Gateway API - Hamzah Qudsi, Ambassador Labs & Flynn -, Buoyant
Emissary-ingress, a CNCF Incubating project, is a self-service Kubernetes-native open-source API gateway and ingress controller built on the Envoy Proxy. In this session, we'll give attendees an overview of why ingress controllers are necessary, how self-service developer workflows work for developers and for operations, and how Emissary-ingress can make all of this easier. We'll also look at current best practices around designing, managing, and evolving self-service APIs. We'll continue with a deeper dive into Emissary-ingress' evolution and future, notably around the Kubernetes Gateway API and the future about the emerging standard. You can also learn how to get involved as a contributor or as a user who wants to offer feedback. This is a great opportunity to interact directly with the Emissary-ingress maintainers and make sure your voice is heard!
Speakers
avatar for Flynn -

Flynn -

Tech Evangelist, Buoyant
Flynn is a technology evangelist at Buoyant, spreading the good word and educating developers about the Linkerd service mesh, Kubernetes, and cloud-native development in general. He has spent four decades in software engineering - from the kernel up through distributed applications... Read More →
avatar for Hamzah Qudsi

Hamzah Qudsi

Senior Software Engineer, Ambassador Labs
Hamzah Qudsi is an Engineer at Ambassador Labs working on Ambassador Edge Stack and is a maintainer for Emissary Ingress. Before that he worked across several areas from data and ML infrastructure to cloud infrastructure, SRE, and DevOps. When he not geeking out on all things cloud... Read More →

Tuesday November 7, 2023 4:30pm - 5:05pm CST
W196C (Ground Level)
  Maintainer Track, Emissary-ingress

4:30pm CST

Inflections and Reflections from Kubernetes SIG ContribEx on Community Growth & Sustainability - Priyanka Saggu, SUSE; Madhav Jivrajani, VMware; Kaslin Fields, Google
The success and sustainability of the Kubernetes project hinges on its diverse contributor base. In this session, we will explore how the Kubernetes Special Interest Group Contributor Experience (SIG ContribEx) empowers contributors, optimizes workflows, & fosters sustained project growth. We will address the challenges of managing an expanding contributor base, the tradeoffs between attracting new contributors and growing existing ones, all while upholding high standards of code quality, stability, and the right balance between feature development, bug fixes & security enhancements. We will highlight the importance of clear communication channels, our mentorship programs, and knowledge sharing initiatives. We will also share valuable insights into the recent updates about Kubernetes community org membership, the advancements made in the automated assessment tool for membership statistics & more. So, join us in this session to gain insights about ContribEx's many diverse programs.
Speakers
avatar for Priyanka Saggu

Priyanka Saggu

Kubernetes Integration Engineer, SUSE
Priyanka Saggu, a Kubernetes Engineer at SUSE, has made significant contributions to Kubernetes project via Release, Testing, ContribEx, and CLI SIGs. She's the Release Lead for the ongoing Kubernetes v1.29 release cycle, Technical Lead for the Kubernetes's project SIG - ContribEx... Read More →
avatar for Madhav Jivrajani

Madhav Jivrajani

Member of Technical Staff 2, VMware
Madhav loves to tinker with systems and is a Member of Technical Staff at VMware, working on open-source Kubernetes. Madhav is a maintainer and TL in the Kubernetes community and spends most of his time around areas of API-Machinery, Contributor Experience, Scalability and Archit... Read More →
avatar for Kaslin Fields

Kaslin Fields

OSS K8s & GKE Developer Advocate, Google
Kaslin Fields is a Developer Advocate at Google Cloud, a Container enthusiast and creator of tech comics. She uses her knowledge of DevOps technologies and methodologies to help others as they enter the Cloud Native world. By creating comics about DevOps tech, she hopes to make learning... Read More →

ContribEx Maintainer Track KubeCon NA 23 pdf
Tuesday November 7, 2023 4:30pm - 5:05pm CST
W192 (Ground Level)
  Maintainer Track, Contributor Experience

4:30pm CST

Kubernetes Data Protection WG Deep Dive - Xiangqian Yu, Google
Data Protection WG is dedicated to promoting data protection support in Kubernetes. The Working Group is working on identifying missing functionalities and collaborating across multiple SIGs to design features to enable data protection in Kubernetes. In this session, the co-chairs of this WG will discuss what is the current state of data protection in Kubernetes and where it is heading in the future. They will also talk about how interested parties (including storage and backup vendors, cloud providers, application developers, and end users, etc.) can join this WG and contribute to this effort. Details of the WG can be found here: https://github.com/kubernetes/community/tree/master/wg-data-protection.
Speakers
avatar for Xiangqian Yu

Xiangqian Yu

Software Engineer, Google
Software engineer focusing on providing seamless storage storage and backup services in Kubernetes

Tuesday November 7, 2023 4:30pm - 5:05pm CST
In Virtual Platform
  Maintainer Track, Data Protection

4:30pm CST

Real-Time Caching for Cloud Native Applications with Redis - Madelyn Olson, AWS
In-memory caches are a ubiquitous part of modern cloud-native architectures, enabling data to be served at incredibly low latencies in a highly cost optimized way. Serving cached data can improve multiple parts of your application stack, from accelerating database queries to storing copies of expensive API results. It can be easy to add caching to add your application through patterns such as lazy loading and write through caching to an in-memory datastore, such as Redis, but this can just be a first step towards maximizing the performance of your application. In this talk, hear from Madelyn Olson, one of the Redis core maintainers, in learning how Redis excels at being a highly flexible and available cache. You will learn best practices for using Redis as a cache and see an example of running application, using standard CNCF and open source components, showing how to use Redis’ data structures and complex cache invalidations to serve real-time data.
Speakers
avatar for Madelyn Elizabeth Olson

Madelyn Elizabeth Olson

Principal Software Development Engineer, AWS
I build things

Kubecon + Caching V1.0 pptx
Tuesday November 7, 2023 4:30pm - 5:05pm CST
W185 (Ground Level)
  ML/AI + Data Processing + Storage

4:30pm CST

Service via BGP with Metallb and Calico - Evangelista Tragni & Francesco Grimaldi, Desotech SRL
Network Plugin is a fundamental plug-in to integrate is the horizontal network that allows PODs to communicate transparently on dedicated subnets on different nodes. The Network overlay plug-in in question is CALICO, which exploits the Kubernetes platform to implement instances distributed on the various nodes in the form of Pods (Containers), essentially extending the Kubernetes API and placing "agents" on the various nodes of the cluster , allows you to distribute the routes and then establish connectivity across the entire cluster on a dedicated virtual network. MetalLB integration acts as a load balancer for the services running inside a bare-metal Kubernetes cluster, distributing network traffic evenly among the various nodes of the cluster hosting the service instances. In the chosen solution MetalLB will integrate with Calico to manage the announcement of the routes in BGP towards the Fortigate (Router) , this will guarantee a real balance in ECMP dynamic routing.
Speakers
avatar for Evangelista Tragni

Evangelista Tragni

Authorized Trainer and Consultant, Desotech srl
Linux Foundation Authorized Instructor - VMware Cert Instructor - AWS Authorized Instructor.Building on my technical knowledge of software, hardware and computing standards.I like to be part of the learning path of each one of my students, so i like the most to leave a mark on each... Read More →
avatar for Francesco Grimaldi

Francesco Grimaldi

Team Leader, DESOTECH SRL
Certified Trainer & Consultant. Cloud native guy. Working with Kubernetes since 5 years. Strong passion for IT and sharing own knowledge with other people. My motto is: Never stop learning. Keep Studying.

Service via BGP with MetalLB and Calico pdf
Tuesday November 7, 2023 4:30pm - 5:05pm CST
W178 (Ground Level)
  Networking + Edge + Telco

4:30pm CST

E2E Observability for Connected Vehicle Service via Distributed Tracing - Kota Endo, KDDI Corporation & Masanori Itoh, Toyota Motor Corporation
Connected Vehicles is one of the special IoT use cases with high level functional safety requirements. In order to meet them, E2E observability including mobile network connectivity is important, but conventional call trace log based monitoring has difficulties to keep tracking transactions between Vehicles and remote services and carry out troubleshooting works. In this presentation, we first provide overall architecture of Connected Vehicle E2E Service. Then, we outline technical challenges using OpenTelemetry and proposed resolutions in our POC. The POC scope covers C-Plane observability of 5GC per UE, and U-Plane observability of E2E communication per Vehicle. We discuss our ideas of OpenTelemetry instrumentation to non-HTTP protocols in 5GC C-Plane allowing E2E context propagation. Additionally, we share insights on trace embedded attributes including cloud native infrastructure where the service is running. This is a collaboration work between KDDI Corp. and TOYOTA MOTOR Corp.
Speakers
avatar for Masanori Itoh

Masanori Itoh

Project General Manager, TOYOTA MOTOR CORPORATION
I'm working on Infrastructure related research activities for Connected/Autonomous Vehicles.
avatar for Kota Endo

Kota Endo

Solution Architect, KDDI Corporation
I am a Solution Architect at KDDI Corporation enabling our Operation Support System to take advantage of all aspects of the platform. My main focus is to ensure that the service levels provided by the 5G network slice are always achieved. I enjoy working on orchestration and close-loop... Read More →

E2E Observability for Connected Vehicle Service via Distributed Tracing pdf
Tuesday November 7, 2023 4:30pm - 5:05pm CST
W180 (Ground Level)
  Observability

4:30pm CST

Burden to Bliss: Eliminate Patching and Upgrading Toil with Cluster Autoscaler at Scale - Shaikh Israil & John Moore, Oracle America Inc
Tired of patching/upgrading clusters rather working on a feature or finishing up that dashboard you wanted for so long? Running your own cloud native applications in a Kubernetes cluster comes with a lot of operational burden for maintaining the infrastructure. Cluster upgrades and migrating workloads are major pain points that require some of the most planning. Imagine managing this at scale in 30+ regions for a highly available service! With a simple change in the autoscaler, we have minimized this operational overhead to simply doing a single deployment per cluster! Come back a few hours later and voila! it’s all patched/upgraded! This talk will cover sharing our experience on how patching/upgrading the infrastructure at scale became a nightmare as we scaled up to 60+ regions, how we reduced the “devops toil” to keep the lights on, and more importantly, uncover how we did it safely for statefulset applications reducing the downtime drastically.
Speakers
avatar for Shaikh Israil

Shaikh Israil

Software Developer, Oracle America Inc
I am Shaikh Israil, passionate distributed systems advocate and Kubernetes enthusiast. I take interest in solving distributed system problems. I enjoy participating in hackathons and work on ideas. I have enjoyed building kubernetes operator for our team, that operates on statefulsets... Read More →
avatar for John Moore

John Moore

SRE, Oracle
John Moore, most folks call me "JMO".  I've worn many hats over the years starting with Network Administrator, to Developer, to SRE.  I've mainly been focusing on various data storage systems "as a service" for the past 10 years or so.  At ObjectRocket I worked on a platform to... Read More →

Tuesday November 7, 2023 4:30pm - 5:05pm CST
W179 (Ground Level)
  Operations + Performance

4:30pm CST

Building Better Controllers - John Howard, Google
Controllers are a foundational part of Kubernetes, from creating Pods in response to Deployments, or complex third-party controllers added bespoke logic to a Kubernetes cluster. While incredibly powerful, controllers are also subtly tricky to build correctly; while projects like kube-builder do an excellent job of lowering the barrier to entry of writing controllers, there is still substantial complexity involved in creating a controller, especially a non-trivial one. I will: * explain why writing controllers can be so challenging, with lessons learned from maintaining Istio's 20+ controllers. * show common problems faced by all implementations (including some examples of bugs in Kubernetes core) * introduce a new architecture for controllers that makes implementation easier and less error prone, including a demo of development of a simple controller. * explore some benefits of this approach and give a sneak peek of what the future of Kubernetes controllers could look like.
Speakers
avatar for John Howard

John Howard

Staff Software Engineer, Google
John is a Software Engineer at Google working on Istio, and member of the Istio TOC and Steering committee.

KubeCon NA 2023 Building Better Controllers pdf
Tuesday November 7, 2023 4:30pm - 5:05pm CST
W375E (Level 3)
  Platform Engineering

4:30pm CST

KMM: Your Swiss Army Knife for Kernel Modules on Kubernetes - Quentin Barrand, Red Hat & Hersh Pathak, Intel
AI/ML workloads, edge computing and software-defined storage solutions have something in common: they all require drivers, in the form of kernel modules. Deploying those modules in Kubernetes and managing their lifecycle at scale has proven difficult so far, as node customization is usually costly to maintain.The Kernel Module Management (KMM) operator, a SIG Node project, solves all those pain points. KMM works with purpose-built OCI images to load the right modules on the right nodes. It can build those images and sign your kernel modules in-cluster to make them compatible with Secure Boot.This talk will show how you can use KMM today to build, load and smoothly upgrade kernel modules on select nodes. A live demo will showcase those features. Finally, we will share a production example of how KMM simplifies the deployment and the lifecycle of GPU drivers in Kubernetes to unlock AI/ML use cases.
Speakers
avatar for Hersh Pathak

Hersh Pathak

Senior Software Engineer, Intel
Hersh is a Senior Software Engineer at Intel delivering the full-stack integration and enabling of GPUs, accelerators, and e2e cloud native AI workloads & applications for customers and partners.
avatar for Quentin Barrand

Quentin Barrand

Principal Software Engineer, Red Hat
Quentin is a Software Engineer working at Red Hat and the lead developer for the Kernel Module Management project. Prior to Red Hat, Quentin worked at Swisscom on large-scale data streaming platforms built on Kubernetes, and at CERN on various network management projects.

KMM Your Swiss Army Knife for Kernel Modules on Kubernetes pdf
Tuesday November 7, 2023 4:30pm - 5:05pm CST
W375CD (Level 3)
  Platform Engineering

4:30pm CST

Self-service Stream Processing Platform on Kubernetes at Apple - Chenya Zhang, Apple Inc.
Apache Flink is an open source distributed stream processing engine that allows users to process real-time data with low-latency and high-throughput. We build a streaming platform on top of Kubernetes to 1) enable users to launch and manage their Flink applications in a multi-tenant, multi-cloud environment, 2) automatically recover and migrate Flink applications to avoid building hours of lags in users jobs in case of Kubernetes cluster downtime or version upgrades; and 3) provide observability and support on cluster and application autoscaling for cost and operational efficiency.

In this talk, we will share how we addressed the challenges of running stream data processing at production-scale on Kubernetes. We will cover some of the upstream changes we are driving back to the project and the design approach and tradeoffs in building a streaming platform to automate deployment, scaling, and management of Flink applications.
Speakers
avatar for Chenya Zhang

Chenya Zhang

Lead Software Engineer at Apple, Apple
Chenya Zhang leads large-scale real-time and offline data processing initiatives on Kubernetes at Apple. She is Apache Yunikorn PMC member contributing to cloud-native resource scheduling and has a strong focus on accelerating AI compute for distributed training and inference. She... Read More →

Tuesday November 7, 2023 4:30pm - 5:05pm CST
W175 (Ground Level)
  Platform Engineering

4:30pm CST

Clean up on Aisle Cloud! - Sara Johnson, Boeing
One of the challenges large companies face when adopting cloud native technologies is wrangling a whole new set of data and resources in the cloud. All of these exciting features introduce opportunities for innovation and… compliance and security misconfigurations. Did someone launch a Windows 2012 image that wasn’t supposed to be there? Make an S3 Bucket public that shouldn’t have been? How do you know if your EKS cluster is configured for NIST compliance? What do you have to do for compliance? In this talk, you’re invited to learn how Boeing is leveraging compliance-as-code with cloud-native and open-source tools, including the CNCF project Cloud Custodian, to streamline solutions to these problems in some of our public cloud environments.
Speakers
avatar for Sara Johnson

Sara Johnson

Cloud Security Architect, Boeing
Sara is an internal cloud security consultant at Boeing. She has supported both commercial and defense projects as a leader in security, cloud infrastructure, and platform engineering. As part of Boeing's initial transition to the cloud, she led the creation of many internal standards... Read More →

CleanUpOnAisleCloud SaraJJohnson pdf
Tuesday November 7, 2023 4:30pm - 5:05pm CST
In Virtual Platform
  Security

4:30pm CST

SECURITY HUB: Making Kubernetes Quantum-Safe: What Can We Do to Protect Ourselves Now? Paul Schweigert & Michael Maximilien, IBM
Cryptography provides security for many of the tasks we do online everyday, but quantum computers pose a unique threat to that security. Any data protected using classical encryption-–including private messages, banking details, confidential business information–-is at risk of falling into the wrong hands as quantum computers become more powerful. To protect against this threat, the cybersecurity community has created a suite of new quantum-safe encryption which the NIST has chosen as part of their post-quantum cryptographic standard. So, how do we adopt these tools and standards in Kubernetes? In this talk, Paul and Max will sketch the steps to safeguard Kubernetes against attacks on classical encryption using quantum-safe technologies. By the end of the talk, listeners will have a strong understanding of the need for quantum-safe cryptography, the work being done in the open source community, and steps operators and developers can take now to enhance the security of their clusters.
Speakers
avatar for Michael Maximilien

Michael Maximilien

Distinguished Engineer, IBM
My name is Michael Maximilien, better known as max or dr.max, and I am a currently a computer scientist with IBM having worked with various divisions.At IBM Research Triangle Park, I was a principal engineer for the worldwide industry point-of-sale standard: JavaPOS. At IBM Research... Read More →
avatar for Paul Schweigert

Paul Schweigert

Senior Software Engineer, IBM
Paul Schweigert works on quantum and serverless technologies at IBM. He is a Qiskit Advocate, a member of the Knative Technical Oversight Committee, and a Kubernetes contributor. He has also led various platform engineering and data science teams. In a previous life, he studied French... Read More →

making k8s quantum safe pdf
Tuesday November 7, 2023 4:30pm - 5:05pm CST
W471AB (Level 4)
  Security

4:30pm CST

The Attacker Perspective - Insights From Hacking Alibaba Cloud's Managed K8s Environments - Hillai Ben-Sasson & Ronen Shustin, Wiz
In this session, we will demonstrate a real-life case study of what an attack on a managed K8s environment looks like, by presenting our step-by-step engagement with Alibaba Cloud. We will begin as an external user, execute code in the managed environment, escalate privileges, escape containers, conduct lateral movement within the Kubernetes environment, and ultimately gain unauthorized read-write access to other customers' databases.

Our session demonstrates how chaining small configuration errors can lead to far-reaching consequences, such as a complete compromise of a managed cluster.

With a deeper understanding of real-world hacker operations in managed K8s environments, the audience will be able to strengthen their deployments and enhance their organization's security posture.
Speakers
RS
avatar for Hillai Ben-Sasson

Hacking Alibaba Cloud pdf
Tuesday November 7, 2023 4:30pm - 5:05pm CST
W375AB (Level 3)
  Security

4:30pm CST

Tutorial: Demystifying Cilium: Learn How to Build an eBPF CNI Plugin from Scratch - Adam Sayah, Solo.io
eBPF technology is driving a transformative shift in the network stack, enabling secure code execution within a protected kernel sandbox. This facilitates instant metrics retrieval and the implementation of network routing and security policies. Additionally, eBPF empowers us to reshape traffic at a low level with XDP, which delivers high-performance programmable packet processing seamlessly integrated with the kernel. This revolutionary impact extends to the Kubernetes networking landscape, as eBPF serves as the core technology behind projects like Cilium and its CNI plugin that provides high-performance network capabilities, but such powerful technologies remain enigmatic for many. The objective of this workshop is to dive into the inner workings of these technologies, participants will learn the basics of eBPF and CNI, and they will gain hands-on experience in creating a CNI plugin for Kubernetes utilizing eBPF, demystifying the underlying mechanics of eBPF-based projects.
Speakers
avatar for Adam Sayah

Adam Sayah

Field Engineer, Solo.io
Adam Sayah is Field Engineer at Solo.io, a company specializing in open source and enterprise software for application networking from the edge to service mesh. At Solo.io, Adam helps organizations build and operate robust cloud-native architecture. Prior to Solo.io, Adam held software... Read More →

KubeCon North America 2023 Create an eBPF CNI Plugin from scratch.pptx pdf
Tuesday November 7, 2023 4:30pm - 6:00pm CST
W183 (Ground Level)
  Tutorials, Networking + Edge + Telco

4:30pm CST

🚨 Contribfest: etcd: Learn from the Maintainers and Get Involved - Marek Siarkowicz & Wenjia Zhang, Google; James Blair & Josh Berkus, Red Hat
Join the contributors to Etcd, the most popular cloud-native database that backs Kubernetes. We'll be working on improving key features and testing for Etcd, and in the process we’ll teach those new to the project how to contribute. Etcd is a very useful, fun, and essential project, and welcomes both new contributors and those who want to “level up”. Attendees should be familiar with programming in Go, using GitHub, and should bring a laptop on which they can do cloud-native development: either a Linux laptop or your own Github Devcontainer setup.
Speakers
avatar for Josh Berkus

Josh Berkus

Kubenetes Community Manager, Red Hat Inc.
Josh Berkus is the Kubernetes Community Manager for Red Hat. In a previous life, he was a database geek who did benchmarks for the TPC and Spec. He lives in Portland with a librarian, a pottery studio, and an absurdly large cat.
avatar for Wenjia Zhang

Wenjia Zhang

Senior Software Engineer, Google
Wenjia is a Senior Software Engineer at Google Cloud, working on Kubernetes and etcd for Google Kubernetes Engine (GKE) and Google Distributed Cloud (GDC). She currently contributes to open source etcd as a project maintainer. In her free time, she enjoys skiing, golfing, and rea... Read More →
avatar for Marek Siarkowicz

Marek Siarkowicz

Senior Software Engineer, Google
Marek is a Software Engineer working at Google in Etcd team. He began his career in local startups where he loved open source and extreme programming. Currently he is a etcd maintainer and active member of SIG-instrumentation leading structured logging effort in Kubernetes. In his... Read More →
avatar for James Blair

James Blair

Specialist Architect, Red Hat
James Blair is a Specialist Architect at Red Hat who works with organisations to design and implement solutions leveraging cloud native technologies. He is a vivid open source advocate and hands-on engineer who is an active Kubernetes and Etcd contributor and is passionate about growing... Read More →

Tuesday November 7, 2023 4:30pm - 6:00pm CST
W186 (Ground Level)
  🚨 ContribFest

5:25pm CST

Journey to Becoming an OpenTelemetry Approver - Jamie Danielson, Honeycomb.io
When I first started learning to write code, contributing to open source seemed terrifying. People talked about it as an amazing resource and made it seem like it would be easy to jump into a project. But I was hesitant to get involved because it would be very much an exercise of working in public. What if my code is bad? What if I don't understand what's happening? What if I embarrass myself? Through contributing to open source projects over the last few years, I’ve learned a few lessons about how open source communities work. We're all human and we all want good code and good support for our code. In this session I’ll talk about what it was like to start contributing to a big open source project, and the lessons I learned along the way that eventually led to becoming an approver on a repository that I contributed to.
Speakers
avatar for Jamie Danielson

Jamie Danielson

Telemetry Engineer, Honeycomb.io
Jamie is a Telemetry Engineer at Honeycomb where she works on instrumentation libraries. She is an active contributor to multiple OpenTelemetry projects, and is an approver for OpenTelemetry JavaScript. When she’s not working she’s playing dek hockey or whittling away the hours... Read More →

Journey to OTel Approver (final) pdf
Tuesday November 7, 2023 5:25pm - 6:00pm CST
W181 (Ground Level)
  Cloud Native Novice
  • Content Experience Level Any
  • Talk Type In-Person
  • Presentation Slides Attached Yes

5:25pm CST

On-Demand Systems and Scaled Training Using the JobSet API - Abdullah Gharaibeh, Google & Vanessa Sochat, Lawrence Livermore National Laboratory
Orchestrating complex workflows with heterogeneous components presents challenges that are compounded in ephemeral environments. For example, training of large ML models requires efficiently managing a significant number of expensive accelerators, and building on-demand HPC systems can mean composing applications and services. For both, efficient job orchestration is critical to ensure scalability and high resource utilization. This talk introduces the JobSet API (sigs.k8s.io/jobset) that lays the foundation to automate the setup of these designs. We will first demonstrate how JobSet is used to deploy training workloads using common frameworks like Pytorch, and present results from large scale training experiments on thousands of TPU chips. We then show using JobSet to automate the arduous task of setting up HPC systems on-demand, and creating common environments for experimental comparison.
Speakers
avatar for Abdullah Gharaibeh

Abdullah Gharaibeh

Staff Software Engineer, Google
Abdullah is a staff software engineer at Google and sig-scheduling and working group batch co-chair. He works on Kubernetes and Google Kubernetes Engine, focusing on scheduling and batch workloads.
avatar for Vanessa Sochat

Vanessa Sochat

Computer Scientist, Lawrence Livermore National Laboratory
Vanessa is a Computer Scientist at Lawrence Livermore National Laboratory, and a software engineer for fifteen years. She received her PhD from Stanford University, and has done extensive work on container technologies, developer tools, and fostering open source communities. She founded... Read More →

Kubecon Chicago 2023 Final pdf
Tuesday November 7, 2023 5:25pm - 6:00pm CST
W375CD (Level 3)
  Emerging + Advanced

5:25pm CST

Operator Design for HPC: Patterns for Orchestrating Large Scale Compute Intensive Applications - Luca Montechiesi & Min Tsao, Siemens EDA
Porting applications into Kubernetes is not always a walk in the park, operators help to abstract complex logic behind domain specific naming and configuration. But how should they behave if the application itself relies on its own distributed process orchestration ? How should controllers and clients be designed when jobs are scaling up to 10.000 pods or more ? Traditional HPC software represents a perfect storm of all the aspects that may push its portability to the limit: unique assumptions, high cardinality of processes distributed across contended nodes and cores, heavy memory, cpu and network footprint. This talk will present some of the fundamental operator design patterns behind the successful integration of established HPC software into large managed production clusters. The audience will walk away with a set of key principles and ideas useful for creating efficient custom controllers and optimizing them for the different challenges of massively parallel batch processing.
Speakers
avatar for Min Tsao

Min Tsao

Director of Engineering, Siemens, EDA
With 25 years of experience in EDA, Mr. Min Tsao specializes in optimizing software performance by integrating high-performance computing with EDA algorithms. He's now delving into cloud computing's potential in the EDA industry. With a Ph.D. from Carnegie Mellon University, Dr. Tsao... Read More →
avatar for Luca Montechiesi

Luca Montechiesi

Senior Software Engineer, SIemens EDA
Luca is Senior Software Engineer at Siemens EDA, he is responsible for container and orchestration technologies under the Advanced Infrastructure Team and he is architect and maintainer of the calibre kubernetes operator project. He works to achieve seamless integration of Calibre... Read More →

Operator design hpc pdf
Tuesday November 7, 2023 5:25pm - 6:00pm CST
W184 (Ground Level)
  Emerging + Advanced

5:25pm CST

Cloud Custodian - State of the Mop - Kapil Thangavelu, Stacklet
2023 has been an impactful year for Cloud Custodian as the intersection of compliance and finops continues to grow. This session will cover the past year's worth of development and discuss where we're planning on going for 2023/2024: - General project health updates - New providers (OCI), new contributor/maintainers, and significant new capabilities on GCP & Azure Overview of c7n-left, a new cli/provider to enforce policies at the planning stage of deployment The bulk of the session will be dedicated to a tour/outline of how the project is laid out and organized so that attendees can understand the contribution process. All skill levels welcome, knowledge of Python and typical cloud stacks (AWS, Azure, GCP, and K8s) helps.
Speakers
avatar for Kapil

Kapil

Cloud Custodian Lead Maintainer, Stacklet
Kapil is a Co-Founder and CTO at Stacklet, building products to help companies be well managed in the cloud. He started his career in open source working on Zope and Plone (CMS) communities as a consultant. Over the last decade he’s spent time building open source projects and accelerating... Read More →

Tuesday November 7, 2023 5:25pm - 6:00pm CST
W187 (Ground Level)
  Maintainer Track, Cloud Custodian

5:25pm CST

Fluent Bit: Telemetry Agent - Eduardo Silva, Calyptia
Logs, Metrics, and Traces are necessary telemetry signals that help today's Observability practitioners to monitor their applications and overall infrastructure. In production, those signals come from different applications and through different transport layers or ecosystems like file systems, OpenTelemetry, and Prometheus. Dealing with signals in a heterogeneous environment is not a simple task and usually leads to "bad practices," the more the environment grows, it's hard to keep consistency and move the data across different components for analysis. Fluent Bit is a CNCF lightweight Telemetry Agent from the Fluent Ecosystem that powers the whole infrastructure of cloud providers like AWS, Azure, and Google Cloud, among other thousands of companies. In this session, you will learn how to leverage Fluent Bit for a better Observability experience by integrating it with OpenTelemetry and Prometheus and quickly achieve the desired high throughput and signal processing.
Speakers
avatar for Eduardo Silva

Eduardo Silva

CEO & Founder, Calyptia
Eduardo is an entrepreneur and Software Engineer. He is one of Fluentd project maintainers and creator of Fluent Bit, a lightweight Logs, Metrics, and Traces processor. He also is the founder of Calyptia, the Fluent company.

Tuesday November 7, 2023 5:25pm - 6:00pm CST
W190 (Ground Level)
  Maintainer Track, Fluentd

5:25pm CST

Intro + Deep Dive: Kubernetes SIG Scalability - Wojciech Tyczyński, Google & Marcel Zięba, Isovalent
This session will cover different efforts that SIG Scalability is involved in: defining what scalability means for Kubernetes, driving performance improvements, maintaining infrastructure for scalability testing, guarding Kubernetes against performance regressions. In addition to overall overview, the most recent achievement and challenges are always the top focus for the presentation. Cooperation with other SIGs is an important aspect of the presentation as many improvements driven from the SIG are in fact owned by other SIGs. Time for Q&A will be reserved at the end of the session to understand how the SIG can better engage with the community as well as to allow the audience to provide the input about the roadmap.
Speakers
avatar for Wojciech Tyczyński

Wojciech Tyczyński

Mr, Google
Wojciech is working on Google Technical Infrastructure & Cloud since 2012. Since 2015 he works on Kubernetes and GKE. With the main focus on scalability, performance and reliability, he gained experience and contributed to many Kubernetes features and most of its components. Before... Read More →
avatar for Marcel Zięba

Marcel Zięba

Staff Software Engineer, Isovalent
Marcel Zięba is a Senior Software Engineer at Isovalent and is leading SIG Scalability in the Kubernetes open-source community. Previously, Marcel worked on Kubernetes and Google Kubernetes Engine since 2020 focusing mainly on performance and scalability. Now he is focusing on the... Read More →

SIG Scalability Kubecon NA 2023 pdf
Tuesday November 7, 2023 5:25pm - 6:00pm CST
W192 (Ground Level)
  Maintainer Track, Scalability

5:25pm CST

Observing a Large Language Model in Production - Phillip Carter, Honeycomb
Like many tech companies, Honeycomb released a feature using an API backed by a Large Language Model (LLM) this year. However, unlike most APIs, those that call LLMs are non-deterministic and inherently unreliable. So how do we know that it's doing what we need? What are the different factors that matter to our users, and how can we measure them? Subtle changes to a prompt in an LLM can have huge changes on its behavior, so how do we understand the impact of our prompt changes? We asked all these questions and more during development, and we think we have a good way to answer them through careful instrumentation and Observability practices. In this talk, I'll go through how we instrumented our feature, what we tracked, what SLOs we set up, and how we measured our improvements as we iterated on the feature. Attendees should come away with a good idea of how they can blend the worlds of prompt engineering and Observability to build better products.
Speakers
avatar for Phillip Carter

Phillip Carter

Principal Product Manager, Honeycomb
Phillip is on the product team at Honeycomb where he leads their AI initiatives and works on a bunch of different things. He's an OpenTelemetry maintainer -- chances are if you've read the docs to learn how to use OTel, you've read his words. In a past life, he worked on developer... Read More →

Observing an LLM in production pdf
Tuesday November 7, 2023 5:25pm - 6:00pm CST
W185 (Ground Level)
  ML/AI + Data Processing + Storage

5:25pm CST

AdminNetworkPolicy: A New Kubernetes-Native API for Comprehensive Cluster-Wide Network Security - Surya Seetharaman, Nadia Pinaeva & Andrew Stoycos, Red Hat; Yang Ding, VMware
Network Policies help secure workloads in a Kubernetes cluster but are still under control of potentially untrusted applications and application authors. How can application security really be enforced by admins at the cluster-wide level? End-users have been asking for the ability to create non-overridable policies on clusters before the namespaces or workloads are created so that the default guardrails are already in place. Enter AdminNetworkPolicy + BaselineAdminNetworkPolicy: New resources (v0.1.0 released in May 2023) provided by Kubernetes SIG Network as part of the NetworkPolicyV2 API which aim to provide a comprehensive Kubernetes network security solution. But how does AdminNetworkPolicy interact with the core NetworkPolicy resource and what protection does it actually provide? Join the co-creators and maintainers of this API who will showcase these features through a live demo! Attendees will learn how to adopt and use this new API to secure workloads easily and efficiently.
Speakers
avatar for Surya Seetharaman

Surya Seetharaman

Senior Software Engineer, Red Hat Inc
Surya is an Open Source advocate and contributor, active in the Kubernetes SIG-Network working group. She is working as a Senior Software Engineer at Red Hat in the OpenShift Networking team. Her areas of interest include Cloud Infrastructure and Networked Services and Systems. She... Read More →
avatar for Andrew Stoycos

Andrew Stoycos

Senior Software Engineer, RedHat
Andrew Stoycos is a Senior Software Engineer in Red Hat's office of the CTO working on all things Open Source Cloud Native Networking. He has been involved in OS communities such as OVN-Kubernetes and Submariner, while also being a member of Kubernetes SIG Network. Within SIG Network... Read More →
avatar for Nadia Pinaeva

Nadia Pinaeva

Senior Software Engineer, Red Hat
Nadia Pinaeva is a Senior Software Engineer at Red Hat working on Openshift Networking. She collaborates with the SIG-network-policy to improve network security for Kubernetes clusters, and works on ovn-kubernetes network plugin.
avatar for Yang Ding

Yang Ding

Senior Member of Technical Staff, VMware
Yang Ding is a Senior Member of Technical Staff working on container networking projects at VMware. He has been involved in developing and maintaining key features of CNIs, including VMware's own NCP, as well as open-sourced Project Antrea. As a person who considers himself as an... Read More →

AdminNetworkPolicy KubeCon NA 2023 Main Track pdf
Tuesday November 7, 2023 5:25pm - 6:00pm CST
W178 (Ground Level)
  Networking + Edge + Telco

5:25pm CST

Collecting Low-Level Metrics with eBPF - Mauricio Vásquez Bernal, Microsoft
Metrics are a fundamental piece of any modern cloud observability solution. They allow operators to visualize the system performance and to understand if something is going wrong. Some metrics are rather easy to collect as they are exposed by the different user space applications. On the other hand, collecting operating-system level metrics is challenging: many times, the metrics of interest are not exposed, or collecting them is very expensive. eBPF is a powerful and efficient technology that allows us to get deep visibility into the operating system. eBPF programs are executed in the kernel context making it possible to collect low-level metrics like packet and bytes counters, IO operation latency, system calls invocations, etc. In this presentation, Mauricio will present the fundamental concepts around metrics, eBPF and how they are related. Then, he’ll show different projects like ebpf_exporter, Tetragon and Inspektor Gadget that enable metrics collection with eBPF.
Speakers
avatar for Mauricio Vásquez Bernal

Mauricio Vásquez Bernal

Principal Software Engineer, Microsoft
Mauricio works as a software engineer at Microsoft. He is interested in eBPF, Kubernetes, networking and low level programming. Currently, he leads the development of Inspektor Gadget.

Collecting Low Level Metrics with eBPF pdf
Tuesday November 7, 2023 5:25pm - 6:00pm CST
W180 (Ground Level)
  Observability

5:25pm CST

How CERN Developers Benefit from Kubernetes and CNCF Landscape - Antonio Nappi, CERN
In few years, Kubernetes has emerged as the industry standard for managing container workloads. When you have dozens of new technologies and don’t know where to start when building your infrastructure, running production is possible but not always easy. A platform team at CERN made the decision to go with the flow and began exploring the CNCF landscape’s dense jungle. The team began providing their developers with a complete Kubernetes-based infrastructure to host some of the most important Java applications that are essential to CERN’s day-to-day operations. This session will cover how and why the team began the journey to Kubernetes, including lessons learned, obstacles encountered, and technologies used.
Speakers
avatar for Antonio Nappi

Antonio Nappi

Computer Engineer, CERN
Since 2015, Antonio has worked as a computer engineer at CERN. He was in charge of the Java Hosting Platform's migration to Kubernetes. He enjoys innovation and he was the primary supporter for GitOps adoption in his team. Prior to joining CERN, he worked as an OpenStack and Python... Read More →

Kubecon Chicago Last (2) pdf
Tuesday November 7, 2023 5:25pm - 6:00pm CST
W179 (Ground Level)
  Operations + Performance

5:25pm CST

Cutting Climate Costs with Kubernetes and CAPI - Shiva Rezaie & Steve Francis, Sidero Labs
Climate change and Kubernetes are not often talked about together, but they should be! In this talk we detail how to reduce your compute's emissions. The first step is simply to power off bare metal servers when demand does not require their use - something many companies do not do, but that can be easily achieved with Kubernetes and CAPI providers. We also talk about how to go further - automate emissions reductions by integrating real time electricity emissions data into Kubernetes, allowing you to schedule workloads when renewables are the primary source of electricity, and power down your bare metal, energy consuming computers at other times. Many companies run workloads that can be time shifted - so why not time shift them to when they will have the least impact on climate change - and save electricity costs as a bonus!
Speakers
avatar for Steve Francis

Steve Francis

CEO, Sidero Labs
Steve started his career running datacenters of Linux and FreeBSD servers for SaaS companies, then founded LogicMonitor.com, a SaaS based datacenter monitoring service. He was, at various times, CEO, Chief Product Officer, and intimately involved in technical operations, development... Read More →
avatar for Shiva Rezaie

Shiva Rezaie

Developer Relations, Sidero Labs
A recent graduate from Harvard, Shiva emigrated to the US in her early twenties. She has been programming computers since she was a teenager, and has been working to complete her degree while supporting herself with a full time job over the last 7 years. She is excited to have graduated... Read More →

KubeCon Emissions talk (2) pdf
Tuesday November 7, 2023 5:25pm - 6:00pm CST
W375E (Level 3)
  Platform Engineering

5:25pm CST

Streamlining Infrastructure with Crossplane: A Transformation Story - Clément Blaise, Consensys & Jared Watts, Upbound
Infrastructure management can rapidly become a labyrinth of repetitive and complex tasks, leading to inefficient operations. This was our story - managing individual Terraform repositories for every project in our organization, each with its unique requirements. Our pursuit of a sustainable solution led us to Crossplane, a CNCF project that allowed us to create an internal developer platform. This platform, built in less than six months by a team of two, transformed our infrastructure approach. The time-consuming process that used to take weeks or months is now available in an efficient low-code experience that takes mere hours. In this session, we will walk through our journey of building this platform with Crossplane, discussing how we used the concept of “composition” to enforce architectural standards while still providing flexibility for customization based on project requirements. Finally, we will show how you can start your own journey to build your platform too.
Speakers
avatar for Jared Watts

Jared Watts

Founding Engineer, Upbound
Jared Watts is a Founding Engineer at Upbound, where he is working on advancing cloud-native computing by enabling anyone to build their own cloud platform. He is also a co-creator of the open source Crossplane (https://crossplane.io) and Rook (https://rook.io) projects. Prior to... Read More →
avatar for Clément Blaise

Clément Blaise

Senior Platform Engineer, Consensys
Clément is building an internal development platform using Kubernetes and CNCF projects. He has been an active member of the Crossplane community by helping newcomers or contributing to the project and its provider ecosystem. Before joining the blockchain industry, Clement spent... Read More →

Streamlining Infrastructure with Crossplane pdf
Tuesday November 7, 2023 5:25pm - 6:00pm CST
W175 (Ground Level)
  Platform Engineering

5:25pm CST

Securing Kubernetes: Migrating from Long-Lived to Time-Bound Tokens Without Disrupting Existing Apps - Yuan Chen & James Munnelly, Apple Inc.
In earlier versions of Kubernetes, secrets containing long-lived tokens are automatically generated for service accounts, posing security risks as these tokens do not expire and could be shared among pods and users. Recent updates have introduced TokenRequestAPI to obtain time-bound tokens with bounded lifetimes, enhancing security practices and discouraging the use of long-lived tokens. Yuan Chen and James Munnelly will delve into the details of these changes, shedding light on their impact and providing strategies for migrating existing long-lived tokens to time-bound tokens without disrupting current customer applications. Additionally, they will share best practices for tracking and monitoring different token uses within a Kubernetes cluster. This includes legacy long-lived tokens, time-bound tokens created via TokenRequestAPI, and manually managed long-lived tokens. They will also address effective management of time-bound token expiry in large-scale Kubernetes clusters.
Speakers
avatar for James Munnelly

James Munnelly

Staff Field Engineer, Apple Inc.
James Munnelly is a Field Engineer at Apple, helping customers adopt and adapt Kubernetes, and driving adoption of OSS cloud native technologies. James is also the founder of the cert-manager project, a Kubernetes extension for managing x509 certificates. He's an active member of... Read More →
avatar for Yuan Chen

Yuan Chen

Software Engineer, Apple Inc.
Yuan Chen is a Software Engineer at Apple Cloud Services, contributing to the development of Apple's Kubernetes infrastructure since 2019. With extensive experience, he has made continuous contributions to the Kubernetes community and delivered 9 talks at KubeCon. Yuan's background... Read More →

KubeCon + CloudNativeCon North America 2023 Token Upgrade v4 2 pdf
Tuesday November 7, 2023 5:25pm - 6:00pm CST
W375AB (Level 3)
  Security

5:25pm CST

Service Mesh Battle Scars: Technology, Timing, and Tradeoffs - Keith Mattix, Microsoft; John Howard, Google; Lin Sun, solo.io; Thomas Graf, Isovalent; Flynn, Buoyant
It has been ~6 years since the first service meshes hit the market, and hundreds if not thousands of users are employing the technology in production today. As the space has matured and meshes are used at scale, many users are wondering about why certain constraints exist in their mesh of choice. Come hear maintainers of 3 CNCF service mesh projects discuss the very real tradeoffs they’re making everyday with topics ranging from eBPF, sidecarless, Rust proxies, multicluster, and user experience.
Speakers
avatar for Thomas Graf

Thomas Graf

CTO & Co-Founder, Isovalent
Thomas is the Co-Founder and CTO of Isovalent, long-time kernel and eBPF developer, and one of the creators of the Cilium project. Before working on Cilium, Thomas was a Linux kernel developer for 15+ years focusing on networking, security, and eBPF. When not working on open source... Read More →
avatar for Lin Sun

Lin Sun

Director of Open-Source, solo.io
Lin is the Director of Open-Source at Solo.io. She has worked on Istio service mesh since 2017 and serves on the Istio Technical Oversight Committee. Previously, she served on the Istio Steering Committee for three years and was a Senior Technical Staff Member and Master Inventor... Read More →
avatar for John Howard

John Howard

Staff Software Engineer, Google
John is a Software Engineer at Google working on Istio, and member of the Istio TOC and Steering committee.
avatar for Keith Mattix

Keith Mattix

Senior Engineering Lead, Microsoft
Keith Mattix is an Engineering Lead at Microsoft focused on Istio, Gateway API, and other networking projects.
avatar for Flynn -

Flynn -

Tech Evangelist, Buoyant
Flynn is a technology evangelist at Buoyant, spreading the good word and educating developers about the Linkerd service mesh, Kubernetes, and cloud-native development in general. He has spent four decades in software engineering - from the kernel up through distributed applications... Read More →

Tuesday November 7, 2023 5:25pm - 6:00pm CST
W176 (Ground Level)
  Service Mesh

6:00pm CST

🎉 #KubeCrawl + #CloudNativeFest sponsored by AMD and FluxNinja
Get ready for an unforgettable night at KubeCon + CloudNativeCon in the vibrant city of Chicago! Immerse yourself in the unique flavors, styles, and pulsating vibes of this urban oasis. Dive into the captivating sounds of dueling pianos, challenge your wits with Mind Teasers Trivia, tantalize your taste buds with vibrant cotton candy and liquid nitrogen ice cream, and capture unforgettable moments with the hosts of the party - Phippy and Friends!

The excitement continues with a mesmerizing drumline, strolling magician, tarot card readers, and a juggler showcasing their incredible skills. Our mobile DJ will keep the party going with a beat that'll get everyone on their feet.

But the thrills don't end there! Conquer an augmented reality climbing wall, embrace your adventurous side with a double mystery tattoo station, and engage in some friendly competition at the ultimate sports arena, giant mini golf, and human foosball. Experience the pulse-pounding excitement of Meltdown and dive into a life-sized version of Hungry Hungry Hippos—Hungry Hungry Humans!

We want to express our heartfelt gratitude to our sponsors, AMD and FluxNinja, for making #KubeCrawl #CloudNativeFest an evening to remember!


In order to facilitate networking and business relationships at the event, you may choose to visit a third party’s booth or access sponsored content. You are never required to visit third party booths or to access sponsored content. When visiting a booth or participating in sponsored activities, the third party will receive some of your registration data. This data includes your first name, last name, title, company, address, email, standard demographics questions (i.e. job function, industry), and details about the sponsored content or resources you interacted with. If you choose to interact with a booth or access sponsored content, you are explicitly consenting to receipt and use of such data by the third-party recipients, which will be subject to their own privacy policies.
Tuesday November 7, 2023 6:00pm - 8:00pm CST
Hall F | Level 3 | West Building
  Solutions Showcase

6:30pm CST

CLBO: ClashLoopBackOff
Come and watch a competition of two people use their technical ingenuity and creativity to solve a challenge put forth by the Scheduler (host). Time is limited and stakes are high, as this isn’t just a “live demo” for the masses. Over the course of twenty minutes, competitors will attempt to resolve a broken cluster, or deploy a service to production. At the end of the time, entries will be judged on four categories. Each category will be rated on Stability, Resiliency, Flexibility, and Observability. 

Participants won’t know what challenge they’ll be given ahead of time, but will be informed whether certain cloud resources or APIs will need to be enabled and available. Pre-creating any helpful scripts, code, or cloud resources is strictly prohibited. During the competition, the Scheduler will bounce between the participants' screens, engage with the audience, and ask questions of the participants live. 

Join us, root on our competitors, and feel free to engage live!
Tuesday November 7, 2023 6:30pm - 8:00pm CST
Hall F | Level 3 | West Building
  Solutions Showcase

7:30pm CST

End User Reception
The CNCF End User Reception brings together cloud native users for food, beverages, networking, and a casual setting to discuss best practices and lessons learned. Join us to meet peers and learn helpful tactics to help navigate the cloud native community! Note: This event is reserved exclusively for active or applying CNCF end user members.


Tuesday November 7, 2023 7:30pm - 9:00pm CST
W470 (Level 4)
  Experiences

8:00pm CST

Sip ‘N Security Hosted by Uptycs
Raise the bar and join our signature Sip ‘N Security event that will blow you away—and it’s not just because it’s in the “Windy City”. This isn’t your typical happy hour. Because happiness should not be limited to one hour. Grab an IPA all day, monitor your lagers, or wine a little bit with us. But most importantly, remember Ha-Kubernetes Matata. It means no worries for your DevSecOps. It’s Uptycs’ SDLC problem-free philosophy. Hop(e) to see you there!
** Conference Badge required for entry! **

Registration Link: https://www.uptycs.com/events/sip-n-security-kubecon-na-2023

Please note that this is an off-site Sponsor-hosted Co-located event.
For questions regarding this event, please contact: kflatau@uptycs.com


Tuesday November 7, 2023 8:00pm - 10:00pm CST
Fatpour Tap Works 2206 S Indiana Ave, Chicago, IL 60616
  Sponsor-hosted Co-located Events
 
Wednesday, November 8
 

8:00am CST

Continental Breakfast
Start your mornings right with our delightful continental breakfast featuring an array of pastries, fresh fruits, aromatic coffees, and a selection of soothing teas.
Wednesday November 8, 2023 8:00am - 9:30am CST
West Center Lobby - McCormick Place (Level 3)
  Breaks

8:00am CST

Badge Pick-Up
Wednesday November 8, 2023 8:00am - 6:00pm CST
West Center Lobby - McCormick Place (Level 3)
  Badge Pick-Up

9:00am CST

Keynote: Opening Remarks
Wednesday November 8, 2023 9:00am - 9:05am CST
W375 (Skyline Ballroom) (Floor 3)
  Keynote Sessions

9:05am CST

Keynote: Everything, Everywhere, All At Once - Hemanth Malla, Senior Software Engineer, Datadog & Laurent Bernaille, Principal Engineer, Datadog
On March 8, 2023 Datadog experienced a massive global outage that took almost 24 hours to mitigate and a further ~24 hours to backfill data after restoring full app availability. We’ll share the trigger for the incident and why it was such a massive effort to recover from. We’ll review the technical details of the incident: why and how we lost more than 60% of our Kubernetes nodes in less than an hour, and the challenges we faced to recover the tens of thousands of impacted nodes across hundreds of clusters. This was a very tough day for us, and we will share those hard-won technical and community lessons.
Speakers
avatar for Laurent Bernaille

Laurent Bernaille

Principal Engineer, Datadog
Laurent Bernaille worked several years as a consultant specializing in cloud, containers, and automation and helped organizations migrate to the public cloud, adopt containers and improve their deployment pipelines. He is now Staff Engineer at Datadog and works in the Compute team... Read More →
avatar for Hemanth Malla

Hemanth Malla

Senior Software Engineer, Datadog
Hemanth Malla is a Senior Software Engineer working on Kubernetes and container networking at Datadog. He is also a Cilium CNCF maintainer. Previously he worked on various distributed systems in industries like e-commerce, fintech and high frequency trading. Apart from computers... Read More →

Everything, everywhere, all at once pdf
Wednesday November 8, 2023 9:05am - 9:20am CST
W375 (Skyline Ballroom) (Floor 3)
  Keynote Sessions

9:20am CST

Keynote: United In The Cloud: Where Inclusion 'Winds' Around The World - Nikhita Raghunath, VMware; Divya Mohan, SUSE; Akihiro Suda, NTT Corporation; Carolina Valencia, Krol Cloud; Destiny O'Connor, Deaf and Hard of Hearing Working Group
Much like Chicago's iconic ‘L’ trains, CNCF project maintainers traverse a global network, creating a unified ecosystem that transcends geographical boundaries. Now more than ever, there has been an increase in the number of community members from various regions, languages and cultures. KCDs have also been springing up in several cities all over the world!

In this keynote, Nikhita will highlight how the cloud native community has evolved over time, challenges faced by contributors from around the world and how we can build a vibrant home that embraces all voices. Just as the Chicago River flows through the heart of the city, inclusion weaves through the fabric of cloud native development, playing a major role in sparking innovation and strengthening the community's collective identity.

In the Windy City and beyond, the contributions of these global stewards are key to cloud native’s success. Through this keynote, learn more about how to best support them and address the evolving needs of users and contributors worldwide.
Speakers
avatar for Akihiro Suda

Akihiro Suda

Software Engineer, NTT Corporation
Akihiro Suda is a software engineer at NTT Corporation, a Japan-based telecommunication company. He has been a maintainer of several opensource container software such as Moby, BuildKit, containerd, runc, and Lima. He has previously talked at several FLOSS conferences such as KubeCon... Read More →
avatar for Nikhita Raghunath

Nikhita Raghunath

Staff Software Engineer at VMware, CNCF TOC Member, VMware
Nikhita is a staff software engineer at VMware and a maintainer of the Kubernetes project. She is a member of the CNCF Technical Oversight Committee and has won the CNCF Top Committer Award in 2021 for her technical contributions. She is currently the technical lead for Kubernetes... Read More →
avatar for Divya Mohan

Divya Mohan

Senior Technical Evangelist, SUSE
Divya is a Senior Technical Evangelist at SUSE, where she contributes to Rancher’s cloud native open source projects. She co-chairs the documentation for the Kubernetes project & has previously worked extensively in the systems engineering space during her tenure with HSBC & IGate... Read More →
avatar for Destiny O'Connor

Destiny O'Connor

Web Developer and co-chair of Deaf and Hard of Hearing WG, Self Employed
A deaf web developer and Co-Chair of the CNCF Deaf and Hard of Hearing Working Group. Passionate about improving accessibility for deaf and hard of hearing individuals, and It my mission to educate the community about what it means to be deaf in tech and how to be more inclusive... Read More →
avatar for Carolina Valencia

Carolina Valencia

Solution Architect, Krol Cloud

Wednesday November 8, 2023 9:20am - 9:35am CST
W375 (Skyline Ballroom) (Floor 3)
  Keynote Sessions

9:35am CST

Keynote: Architecting Your Future the Cloud Native Way! - Aparna Subramanian, Director of Production Engineering, Shopify
KubeCon + CloudNativeCon attracts a significant number of attendees who have a real interest in contributing to the community. But how does one typically get started and choose from the abundance of cloud native projects, SIGs, and user groups? What makes a contributor successful? In this presentation, Aparna Subramanian will walk you through how to get started in the cloud-native community and how to increase your influence within it. Attendees will have the chance to hear firsthand from new contributors who have successfully navigated the complexities of open-source contributions, as well as from veterans who continue to make impactful contributions and are instrumental in developing new contributors. There is more than one way to architect your future, and this is the cloud native way!
Speakers
avatar for Aparna Subramanian

Aparna Subramanian

Director of Production Engineering, Shopify
Aparna Subramanian is a technologist and cloud-native enthusiast. She started her career as a Software Engineer and has spent most part of her 18 years of experience specializing in Infrastructure and Data Platforms. She serves as co-chair of the “CNCF End User Developer Experience... Read More →

Wednesday November 8, 2023 9:35am - 9:50am CST
W375 (Skyline Ballroom) (Floor 3)
  Keynote Sessions

9:50am CST

Sponsored Keynote: Containers Might be Ephemeral, But Can Your Business Afford to Be? - Chris Wiborg, Vice President, Product and Solutions Marketing, Veritas
You are not immune! Given recent security breach events and the fact that the cloud is the #1 target for cyber-attacks, this should be obvious.  In a world where 90% of companies believe Kubernetes is primed for stateful workloads, and 70% already run them in production, the risks are real and present. 
This session provides a compelling argument to discover the criticality of Kubernetes Data Protection, and why it should be top of mind for every DevOps practitioner and cloud leader. Let's redefine the narrative – containers might be ephemeral, but your business's resilience cannot afford to be. 
Intrigued? Join us post-keynote for an in-depth panel discussion at our booth. Engage with industry experts like Nigel Poulton, as they delve into the nuances of K8s data resiliency. 
 
We invite you to step forward, understand the shifts, and lead the way in building a resilient Kubernetes ecosystem. Let's co-create the future, together.
Speakers
avatar for Chris Wiborg

Chris Wiborg

VP, Product and Solutions Marketing, Veritas
Currently responsible for product and solutions marketing at Veritas, Chris Wiborg draws upon his 20+ years of experience as an IT practitioner and consultant to help drive an understanding of how organizations can derive more business value from disruptive technology innovations.Over... Read More →

Wednesday November 8, 2023 9:50am - 9:55am CST
W375 (Skyline Ballroom) (Floor 3)
  Keynote Sessions

9:55am CST

Keynote: Kubernetes Project Updates
Wednesday November 8, 2023 9:55am - 10:10am CST
W375 (Skyline Ballroom) (Floor 3)
  Keynote Sessions

10:10am CST

Sponsored Keynote: Community-Powered Kubernetes LTS: Ensuring Stability and Compatibility While Driving Innovation - Jeremy Rickard, Principal Software Engineer, Microsoft Azure
Planes, trains, automobiles, intelligent apps, or the internet to your ho me: just a few of the things in our modern world powered by Kubernetes. But what happens when the lead times and refresh cycles on our world’s infrastructure don’t match the Kubernetes release cycle? Imagine a company just upgraded their production cluster to last year’s version – they need more time before the next change. Enter WG-LTS, the Working Group for Long Term Support of Kubernetes. WG-LTS collaborates across all SIGs to ensure a workable LTS effort that’s feasible, secure, and meets user needs to ensure continuity and stability for your critical workloads.

Like all providers, our upstream team works closely with our downstream service on their LTS implementation – community is at the heart of LTS! Learn how the WG-LTS is driving collaboration across hyperscalers, vendors, and end users to build the best upstream LTS with the community.
Speakers
avatar for Jeremy Rickard

Jeremy Rickard

Principal Software Engineer, Microsoft Azure
Jeremy Rickard is a principal software engineer at Microsoft, where he works on supply chain security projects in the Azure Container Upstream team. He is also a chair for SIG Release, a co-chair for the Long Term Support (LTS) working group, and was the release lead for Kubernetes... Read More →

KubeCon + CloudNativeCon North America 2023 Keynote Slides Jeremy Rickard pptx
Wednesday November 8, 2023 10:10am - 10:15am CST
W375 (Skyline Ballroom) (Floor 3)
  Keynote Sessions

10:15am CST

Keynote: Awards Ceremony
Wednesday November 8, 2023 10:15am - 10:25am CST
W375 (Skyline Ballroom) (Floor 3)
  Keynote Sessions

10:25am CST

Keynote: Closing Remarks
Wednesday November 8, 2023 10:25am - 10:30am CST
W375 (Skyline Ballroom) (Floor 3)
  Keynote Sessions

10:30am CST

Coffee Break ☕
Wednesday November 8, 2023 10:30am - 11:00am CST
Hall F | Level 3 | West Building
  Breaks

10:30am CST

Project Pavilion
Make sure to drop by the Project Pavilion, conveniently situated in Hall F as part of the Solutions Showcase. Here, you can connect with our dedicated project maintainers, discover more about the project, seek answers to your questions, and engage in dynamic idea exchanges.


AM/PM Shared Kiosk Hours 

AM Shift Schedule
Wednesday, November 8: 10:30 - 2:00 PM


PM Shift Schedule
Wednesday, November 8: 2:00 - 5:00 PM


See a list of participating projects here.
Wednesday November 8, 2023 10:30am - 5:00pm CST
Hall F | Level 3 | West Building
  Solutions Showcase

10:30am CST

Solutions Showcase
Visit our sponsors in the Solutions Showcase to try the latest demos, watch live presentations, talk to experts, check out job opportunities, and score some swag.

In order to facilitate networking and business relationships at the event, you may choose to visit a third party’s booth or access sponsored content. You are never required to visit third party booths or to access sponsored content. When visiting a booth or participating in sponsored activities, the third party will receive some of your registration data. This data includes your first name, last name, title, company, address, email, standard demographics questions (i.e. job function, industry), and details about the sponsored content or resources you interacted with. If you choose to interact with a booth or access sponsored content, you are explicitly consenting to receipt and use of such data by the third-party recipients, which will be subject to their own privacy policies.



Wednesday November 8, 2023 10:30am - 5:00pm CST
Hall F | Level 3 | West Building
  Solutions Showcase

10:45am CST

SECURITY HUB: 🚩 Capture The Flag Experience - Andrew Martin & Kevin Ward, ControlPlane
The Capture The Flag (CTF) experience runs concurrently to KubeCon + CloudNativeCon North America 2023!

Delve deeper into the dark and mysterious world of Cloud Native security! Exploit a supply chain attack and start your journey deep inside the target infrastructure, utilize your position to hunt and collect the flags, and hopefully learn something new and wryly amusing along the way!

Attendees can play three increasingly treacherous and demanding scenarios to bushwhack their way through the dense jungle of Cloud Native security. Everybody is welcome, from beginner to seasoned veterans, as we venture amongst the low-hanging fruits of insecure configuration and scale the lofty peaks of cluster compromise!

Learn more about how to participate in Capture The Flag.
Speakers
avatar for Kevin Ward

Kevin Ward

Principal Consultant, ControlPlane
Kevin is an Principal Consultant with over 10 years of experience designing, building and testing secure solutions for Government, Defense and Finance sectors. He enjoys hacking and hardening systems to discover the balance between security and usability. He co-authored the GKE CIS... Read More →
avatar for Andrew Martin

Andrew Martin

CEO, ControlPlane
Andrew has an incisive security engineering ethos gained building and destroying high-traffic web applications. Proficient in systems development, testing, and operations, he is at his happiest profiling and securing every tier of a cloud native system, and has battle-hardened experience... Read More →

Wednesday November 8, 2023 10:45am - 5:25pm CST
W470AB (Level 4)
  Security

11:00am CST

AI Hub: Kick-Off & Welcome - Annie Talvasto, CNCF Ambassador & VSHN
Join us at the first ever AI Hub! This one day unconference will explore AI topics impacting the cloud native community. LLMs, AI policy, AI operations, AI data governance and more. Join us for active conversations and learn from your peers on how they are using AI in their organizations. Have an idea for the unconference sessions? Submit your ideas.

11:00-11:30 AM: Kick-Off & Welcome + Keynote
11:30-12:05 PM: Unconference Pitches and Talk Selections
12:10-12:45 PM: Unconference Session Block #1

2:20-2:55 PM: Welcome Back + AI Demos
3:00-3:35 PM: Unconference Session Block #2
3:40-4:15 PM: Unconference Session Block #3
4:15-4:25 PM: Coffee Break + Networking
4:25-5:00 PM: Unconference Session Block #4
5:05-5:15 PM: Wrap Up
Speakers
avatar for Annie Talvasto

Annie Talvasto

CNCF Ambassador & CMO, VSHN
Annie Talvasto is an award-winning international technology speaker and leader. She has been recognized with the CNCF Ambassador and Azure MVP awards. Annie has co-organized the Kubernetes & CNCF Finland meetup since 2017. She has spoken at technology conferences worldwide, including... Read More →

Wednesday November 8, 2023 11:00am - 11:05am CST
Hyatt Regency McCormick Place, Ballroom C
  ML/AI + Data Processing + Storage

11:00am CST

Code, Chaos, and Cash: (Mis)Adventures in Open-Source Wonderland - Anusha Hegde, Nirmata & Kiran Mova, VMware
Every year, more than 30 projects are added to the CNCF, yet a tiny percentage of these have been able to graduate (10 since 2020). Building a sustainable community is easier said than done. Maintainers face challenges in gaining support from their employers; and startups, on the other hand, struggle to get continued support from investors. Justifiably, everybody is looking for ways to maximize revenue from their open-source investments. In this talk, the speakers will share their experiences of building cloud-native communities, startup (mis)adventures, and monetising with CNCF projects. Learn from Kiran what it takes to build projects like OpenEBS and LitmusChaos, and anecdotes from his startup venture - sustaining through acquisitions and economic downturns. Anusha will shed light on the intricacies of startups that offer enterprise versions of open-source projects (e.g., Kyverno) - the pricing game, the wild race to hit the market, pivoting product strategies, and much more!
Speakers
avatar for Anusha Hegde

Anusha Hegde

Technical Product Manager, Nirmata
Anusha Hegde is a Technical Product Manager at Nirmata. Over the past year, she has been part of several presales activities that involve understanding customer Kubernetes security posture. She started as an engineer writing infrastructure-as-code at VMware and moved to Nirmata as... Read More →
avatar for Kiran Mova

Kiran Mova

Senior (Open Source) Engineering Manager, VMware
Kiran Mova is Senior Open Source Engineering Manager at VMware with the mission to create a Open Source Engineering team around the Tanzu platform focusing on Kubernetes and other CNCF projects. Prior to joining VMware, Kiran was the co-founder of a storage startup where he worked... Read More →

KubeCon + CloudNativeCon North America 2023 CCC pptx
Wednesday November 8, 2023 11:00am - 11:35am CST
W176 (Ground Level)
  Cloud Native Experience

11:00am CST

Apply the Can Opener of Enlightenment: Lifting the Lid off Kubernetes Networking - Joe Thompson, HashiCorp
What exactly happens when network traffic inside a Kubernetes cluster goes from one pod to another -- or, why doesn't it when you think it should? Which host interfaces will you see Kubernetes network addresses on, and what else on the host can you look at to help you troubleshoot network issues with your workloads? How do Kubernetes control plane components manage a network they themselves run within, and how does a coherent network even come to exist between cluster nodes in the first place? Maybe most importantly, *how* can you figure out what's wrong with any of it? If you're new to Kubernetes, or just want a refresher and update on some of the networking basics, Joe Thompson will show you how OS-native tools and simple techniques (that you might already use) can help you bridge the gap between what you already know about networks and how Kubernetes does networking.
Speakers
avatar for Joseph Thompson

Joseph Thompson

Staff Solutions Engineer, HashiCorp
Joe Thompson's IT career is near the end of its third decade. He's been part of the cloud-native community since 2014, starting with OpenStack and adding Kubernetes a few months after it debuted. He's spoken at KubeCon, Cloud Native Rejekts and many local meetups and enjoys showing... Read More →

Apply the Can Opener of Enlightenment pdf
Wednesday November 8, 2023 11:00am - 11:35am CST
W181 (Ground Level)
  Cloud Native Novice

11:00am CST

Kubernetes SIG Storage: Intro & Deep Dive - Xing Yang, VMware & Michelle Au, Google
Kubernetes SIG Storage is responsible for ensuring that different types of file and block storage are available wherever a container is scheduled, storage capacity management (container ephemeral storage usage, volume resizing, etc.), influencing scheduling of containers based on storage (data gravity, availability, etc.), and generic operations on storage (snapshotting, etc.). In this session, we will deep dive into some projects that SIG Storage is currently working on, provide an update on the current status, and discuss what might be coming in the future.
Speakers
avatar for Michelle Au

Michelle Au

Software Engineer, Google
Michelle Au is a software engineer at Google and is a Kubernetes SIG Storage tech lead. She has been a Kubernetes maintainer since 2017, working on projects including the Container Storage Interface, volume security, volume topology, and local persistent storage.
avatar for Xing Yang

Xing Yang

Tech Lead, VMware
Xing Yang is a Tech Lead in the Cloud Native Storage team at VMware. She is a co-chair of CNCF Storage TAG, a co-chair of the Kubernetes Storage SIG, a co-chair of the Data Protection WG, and a maintainer in Kubernetes CSI. Before joining VMware, Xing was the Lead Architect of OpenSDS... Read More →

Final 2023 KubeCon NA Kubernetes SIG Storage Deep Dive.pptx pdf
Wednesday November 8, 2023 11:00am - 11:35am CST
W190 (Ground Level)
  Maintainer Track, Storage

11:00am CST

Kyverno: Overview and What's New - Chip Zoller, Nirmata & Zach Swanson, Wayfair
This maintainer session on Kyverno will give you an overview of Kyverno, the Kubernetes-native policy engine currently in the incubator, along with recent changes in the latest version and what's coming in future versions. With Kyverno, policies are written as standard YAML and no programming language or knowledge is required.
Speakers
avatar for Chip Zoller

Chip Zoller

Principal Solutions Architect, Stackwatch
Chip Zoller is a technologist, maintainer, and contributor to the Kyverno project where his primary focus is on process, enablement, documentation, automation, policy design and authoring, and community. He is a maintainer and contributor to several other open source projects in the... Read More →
avatar for Zach Swanson

Zach Swanson

Staff Engineer, Wayfair
Zach is a graduate of the United States Military Academy at West Point, NY with a B.S. in Computer Science. He served in the US Army as a Captain until 2007. His post military career has focused on Systems Engineering, 'devops', cloud infrastructure/architecture, and Kubernetes. He... Read More →

Kyverno KubeCon NA 23 pptx
Wednesday November 8, 2023 11:00am - 11:35am CST
W187 (Ground Level)
  Maintainer Track, Kyverno

11:00am CST

Linkerd for the Enterprise: VM Support, Flat Networks, Gateway API, and More - William Morgan, Buoyant
In the service mesh world, Linkerd is known for its simplicity and low operational cost. In this project update, Linkerd maintainer Matei David will focus on the other side of Linkerd: its focus on enterprise use cases. They'll cover recent work in Linkerd to add support for connecting and securing VMs and non-Kubernetes workloads; to support multi-cluster deployments with flat networks; to adopt the Gateway API for standardized configuration and easy integration with Argo, Flagger, and other CD tools; and some exciting upcoming features for the project. Join us to speak directly with the maintainers and developers behind the CNCF's first graduated service mesh!
Speakers
avatar for William Morgan

William Morgan

CEO, Buoyant
William Morgan is the CEO of Buoyant, creators of Linkerd. Prior to founding Buoyant, he was an infrastructure engineer at Twitter, where he ran several teams building on product-facing backend infrastructure. He has worked at Powerset, Microsoft, adap.tv, and MITRE Corp, and has been contributing to open source for over 20 years... Read More →

Wednesday November 8, 2023 11:00am - 11:35am CST
W194 (Ground Level)
  Maintainer Track, Linkerd

11:00am CST

OpenTelemetry: What's Next? Logs, Profiles, and More - Morgan McLean, Splunk; Ted Young, Lightstep; Alolita Sharma, Apple; Daniel Dyla, Dynatrace
This is the official OpenTelemetry session at Kubecon. OpenTelemetry started with distributed traces and metrics, but the project's vision has always been to provide whatever signals are needed from infrastructure, services, and more. This session will focus on what's coming next, including new signals and sources. Join to learn about OpenTelemetry's new logging functionality, including its two logging paths, the benefits of each, and real-world production examples. We'll show the power of the next wave of OpenTelemetry enhancements, including profiling and the insights that this unlocks in combination with distributed traces, and how we're extending your observability to client applications. We'll wrap up with a Q&A of 10+ project maintainers, who can speak to these topics and more.
Speakers
avatar for Morgan McLean

Morgan McLean

Director of Product Management, Splunk
Morgan is one of the co-founders of OpenTelemetry, and he sits on the project's governance committee and runs multiple initiatives within the project. He is a Director of Product Management at Splunk, where he is responsible for the core platform behind Splunk Observability Cloud... Read More →
avatar for Daniel Dyla

Daniel Dyla

Senior Open Source Architect, Dynatrace
Daniel joined Dynatrace in 2015 working on the Davis Assistant natural language interface to the Dynatrace AI. He is an Open Source Architect, member of the W3C Distributed Tracing Working Group, OpenTelemetry specification contributor, maintainer of the OpenTelemetry JS client, and... Read More →
avatar for Ted Young

Ted Young

Director of Open Source, Lightstep
OpenTelemetry co-founder
avatar for Alolita Sharma

Alolita Sharma

Head of Engineering, Apple
Alolita Sharma is a member of OpenTelemetry GC, CNCF Observability TAG co-chair and CNCF Governing Board member from Apple. She leads Apple’s AIML observability teams. She contributes to open source, open standards at OpenTelemetry, O11y Query Language standard, Unicode, W3C. She... Read More →

Wednesday November 8, 2023 11:00am - 11:35am CST
W192 (Ground Level)
  Maintainer Track, OpenTelemetry

11:00am CST

Rook: Intro and Deep Dive with Ceph Storage - Travis Nielsen, Annette Clewett & Blaine Gardner, IBM; Dmitry Mishin, San Diego Supercomputer Center UCSD
The Rook project will be introduced to attendees of all levels and experience. Rook is an open source cloud-native storage operator for Kubernetes, providing the platform, framework, and support for Ceph to natively integrate with Kubernetes. The panel will discuss various scenarios to show how Rook configures Ceph to provide stable block, shared file system, and object storage for your production data. Rook was accepted as a graduated project by the Cloud Native Computing Foundation in October 2020.
Speakers
avatar for Travis Nielsen

Travis Nielsen

Senior Technical Staff Member, IBM
Travis Nielsen is a Senior Technical Staff Member for IBM where he is a maintainer on Rook and member of the ODF and Ceph engineering team. Prior to IBM and Red Hat, Travis worked in storage at Quantum and Symform, a P2P storage startup, and was an engineering lead for the Windows... Read More →
avatar for Annette Clewett

Annette Clewett

Storage Architect, IBM
Storage Architect with broad knowledge across a spectrum of technologies – network, storage, virtual, and platform. Have successfully delivered countless studies that improved end-user experience and created a more efficient and available infrastructure. Current projects include... Read More →
avatar for Blaine Gardner

Blaine Gardner

Senior Advisory Systems & Software Engineer, International Business Machines (IBM)
Blaine is a Senior Advisory Software Engineer at IBM Storage on the Ceph OpenShift Data Foundation (ODF) team. He is a maintainer of the CNCF-graduated Rook project making sure Ceph and Kubernetes live together in harmony. Their current focus topics are the Container Object Storage... Read More →
avatar for Dmitry Mishin

Dmitry Mishin

Lead Developer, San Diego Supercomputer Center UCSD
Dmitry Mishin is a software developer and DevOps with 25 years of experience. Currently lead developer at San Diego Supercomputer Center, they have been successfully supporting the global kubernetes cluster providing free computational resources to scientific community for several... Read More →

KubeCon NA 2023 Rook Session Final pdf
Wednesday November 8, 2023 11:00am - 11:35am CST
W196AB
  Maintainer Track, Rook

11:00am CST

We Finally Released KubeVirt V1.0. Now What? - Fabian Deutsch, Red Hat & Ryan Hallisey, Nvidia
KubeVirt released our long-awaited v1.0 in July - hooray! But what exactly does this mean (and not mean)? Join us as we look back on our release history to provide a background of the project, and go into detail about the changes from our most recent two releases and what users can expect. Some of these include: - non-root by default - vSock - instancetypes and preferences to simplify VM creation - Clone snapshot - Longitudinal performance and scalability benchmarks - Simplify disaster recovery for vendors - Provisioning VMs from snapshots - Hot plug and unplug of secondary network interfaces Attendees will walk away with a strong understanding of the project, covering our history, recent features, and growing use cases and end users. Plus, as a bonus we'll even throw in some details about our recent changes to how and when we release, and the reasons behind it.
Speakers
avatar for Fabian Deutsch

Fabian Deutsch

KubeVirt Maintainer & Engineering Manager, Red Hat, Red Hat
Fabian Deutsch has been working in open source for quite a while, Initially gaining experience in the Linux plumbing layer, and image building, he later focused on the virtualization stack, and recently joined the container track.
avatar for Ryan Hallisey

Ryan Hallisey

Senior Software Engineer, Nvidia
Ryan is a software engineer at NVIDIA. He works on building data centers powered by Kubernetes and KubeVirt for NVIDIA products.

Wednesday November 8, 2023 11:00am - 11:35am CST
W196C (Ground Level)
  Maintainer Track, KubeVirt

11:00am CST

Maximizing GPU Utilization in Kubernetes with Virtual Kubelets - Goutam Verma, Google Summer of Code & Dean Troyer, Salad
Join Dean and Goutam in this session to discover how virtual Kubelets are revolutionizing GPU cost optimisation and usage in Kubernetes clusters. We will address challenges in GPU utilization, such as shared resource allocation and workload imbalances. Using virtual Kubelets as lightweight Kubernetes controllers, he will demonstrate how to resolve this problems. Attendees will witness the power of virtual kubelets in addressing GPU resource challenges. Through the deployment and configuration of virtual kubelets in a Kubernetes cluster, Goutam will demonstrate improved GPU utilization. By attending this session, attendees will discover how virtual kubelets can maximize GPU utilization, deliver superior application performance, and drive cost savings in your Kubernetes environment.
Speakers
avatar for Goutam Verma

Goutam Verma

Software Engineer, Google Summer of Code
Mentor at Google Summer of Code |  Ex- Developer at ETH India | Summer of Bitcoin | MLH Prep Fellow | Technical Writer at GeeksforGeeks | Speaker at KubeCon and Open Source Summit
avatar for Dean Troyer

Dean Troyer

Software Engineer, Salad
Dean is a retired kart racer and reformed Perl coder currently building Salad's underlying network capabilities.

Wednesday November 8, 2023 11:00am - 11:35am CST
W185 (Ground Level)
  ML/AI + Data Processing + Storage

11:00am CST

Advancing Real-Time Performance at the Edge Cloud: DDS & Real-Time Publish Subscribe Open Standards - Kyoungho An & Protima Banerjee, Real-Time Innovations (RTI)
Edge-cloud and cloud deployments of latency-sensitive applications are a vital concern for organizations building large-scale performance critical systems, particularly in domains like healthcare, energy and defense. The Data Distribution Service (DDS) and the Real-Time Publish Subscribe (RTPS) protocol are a family of standards for secure, real-time data-centric communications that are used in thousands of critical systems around the world. This talk discusses the use cases and benefits of running DDS within Kubernetes for latency-sensitive applications. The discussion will cover various scenarios, including communication within a cluster, between clusters, and from edge to cloud. We will also present performance metrics and benchmarks. The goal of this talk will be to provide concrete guidance and recommendations to developers of performance-sensitive distributed systems (e.g., real-time IoT applications) in real-world cloud and edge cloud environments.
Speakers
avatar for Kyoungho An

Kyoungho An

Staff Research Engineer, Real-Time Innovations (RTI)
Kyoungho An is a Staff Research Engineer at Real-Time Innovations (RTI) with over a decade of experience in designing and implementing distributed real-time embedded systems using the OMG Data Distribution Service (DDS). He has been leading several DOD and DOE funded research projects... Read More →
avatar for Protima Banerjee

Protima Banerjee

Principal Research Engineer, RTI, Real-Time Innovations (RTI)
Dr. Protima Banerjee is a Principal Researcher at RTI. She has been working in real-time systems development for 20+ years and implemented some of the largest DDS and DDS Security deployments in the world. Prior to RTI, Protima was an Associate Fellow, Artificial Intelligence at Lockheed-Martin... Read More →

DDS Edge Cloud KubeCon 2023 pdf
Wednesday November 8, 2023 11:00am - 11:35am CST
W178 (Ground Level)
  Networking + Edge + Telco
  • Content Experience Level Any
  • Talk Type In-Person
  • Presentation Slides Attached Yes

11:00am CST

eBPF for Observability: Data Overload Panacea or Pain - Frederic Branczyk, Polar Signals; Shahar Azulay, groundcover; Valeri Pliskin, Datadog; Anna Kapuścińska, Isovalent
The use of eBPF across the cloud native landscape is exploding, especially for observability. In projects like Hubble, Pixie, and Caretta eBPF promises complete visibility at low overhead - and without any code changes. Is eBPF finally the panacea to observability problems or will it just be another deluge of unhelpful data only bringing pain to already overloaded observability teams? This panel will dive into the pros and cons of using eBPF for observability in a cloud native world. It will draw on the speaker's experience collecting, filtering, and visualizing observability data across applications, networks, profiles, and security incidents. The audience will walk away with where eBPF can help them see better and where it can be difficult to see through the swarm of data.
Speakers
avatar for Frederic Branczyk

Frederic Branczyk

Founder, Polar Signals
Frederic is the founder of Polar Signals. Before, he was a senior principal engineer and the main architect for all things Observability at Red Hat, which he joined through the CoreOS acquisition. Frederic is a Prometheus and Thanos maintainer and tenured as the tech lead for for... Read More →
avatar for Anna Kapuścińska

Anna Kapuścińska

Software Engineer, Isovalent
Anna is a Software Engineer at Isovalent, focusing on Kubernetes observability. Her previous roles span the industry: she wore both developer and SRE hats, and worked in AdTech, FinTech, public healthcare, end-user SaaS company and a hosting provider. On good weather nights you can... Read More →
avatar for Shahar Azulay

Shahar Azulay

CEO, groundcover
Shahar, CEO of groundcover is a serial R&D leader. Shahar brings experience in the world of cybersecurity and machine learning having worked as a leader in companies such as Apple, DayTwo, and Cymotive Technologies. Shahar holds three degrees in Physics, Electrical Engineering and... Read More →
avatar for Valeri Pliskin

Valeri Pliskin

Staff Engineer at Datadog, Datadog
Creating cool stuff with eBPF on scale at Datadog. Formerly co-Founder & CTO @ Seekret. Vulnerability researcher in the past with with remaining passion to hack low-level stuff

Wednesday November 8, 2023 11:00am - 11:35am CST
W180 (Ground Level)
  Observability

11:00am CST

Best Practices: Improving Batch Scheduling Performance at Scale Using MCAD and KWOK - Vishakha Ramani & Sara Kokkila-Schumacher, IBM Research
The multi-cluster app dispatcher (MCAD) is a Kubernetes controller that is being used to manage foundation model workloads on the Vela supercomputer. These workloads typically require running at scale and extensive CPU and GPU utilization. Understanding MCAD performance is crucial, but testing scalability and new features without Vela's resources is challenging. KWOK (Kubernetes WithOut Kubelet) is a lightweight simulator emulating thousands of nodes and pods with minimal resource consumption. This talk will present the use of KWOK to optimize MCAD scheduling performance on heterogeneous resources available on a cloud-native supercomputer. This includes exploring the MCAD basics, the MCAD controller details and its significance in managing and running foundation model workloads on the Vela supercomputer. Additionally, this talk will demonstrate the usefulness of the KWOK simulator tool to stress test MCAD queueing system.
Speakers
avatar for Sara Kokkila-Schumacher

Sara Kokkila-Schumacher

Staff Researcher, IBM Research
Sara Kokkila-Schumacher is a staff researcher at IBM T.J. Watson Research Center, where she co-leads the CodeFlare user experience research for IBM’s cloud-based AI supercomputer. Her main area of research focuses on improving the user experience for foundation model workloads running... Read More →
avatar for Vishakha Ramani

Vishakha Ramani

IBM Research Intern - Hybrid Cloud, Summer 2023, IBM Research
Vishakha Ramani is a doctoral candidate at Rutgers University, working with Professor Roy Yates on real-time networked systems, using the Age-of-Information (AoI) as a performance metric of interest. In addition to her doctoral studies, Vishakha also took on the role of Summer 2023... Read More →

KubeCon CloudNativeCon MCAD Vishakha Sara pdf
Wednesday November 8, 2023 11:00am - 11:35am CST
W179 (Ground Level)
  Operations + Performance

11:00am CST

Running Large-Scale Scheduling Simulations with Virtual Kubelet - David Morrison, Applied Computing Research Labs
In this talk, we show how you can simulate scheduling in a large Kubernetes cluster without breaking the bank. Pod scheduling is one of the trickiest parts of Kubernetes infrastructure to get right. Done correctly, it can have enormous benefits in terms of cost and efficiency; done poorly, it can cause outages or lasting damage to your bottom line. The Kubernetes scheduler comes with a host of parameters that you can tune to control its behaviour, as well as allowing users to inject custom plugins at almost every stage of the scheduling process. In a large-scale cluster, the interactions between all these knobs can lead to unexpected emergent behaviour that is nearly impossible to reason about. To simulate this, we use a virtual kubelet that presents itself as a fully-configurable, low-overhead Kubernetes node object. In this presentation we show how to use this technique to collect data about scheduling decisions that are made for a variety of different kube-scheduler parameters.
Speakers
avatar for David Morrison

David Morrison

Research Scientist, Applied Computing Research Labs
David Morrison is a research scientist at Applied Computing Research Labs, an open-source research and development lab exploring scheduling and optimization problems in distributed computing. Previously, David was a staff engineer at Airbnb and at Yelp. David received his PhD in Computer... Read More →

sim static pdf
Wednesday November 8, 2023 11:00am - 11:35am CST
W175 (Ground Level)
  Platform Engineering

11:00am CST

GoTo Financial’s Story: Towards 10k ArgoCD Apps to Support Billions of $ Transactions - Yudi Andrean Phanama & Giri Kuncoro, GoTo Financial
Are you facing the challenge of managing a growing number of ArgoCD apps? But, you don’t want the headache of maintaining decentralized ArgoCD instances? Look no further! This talk will dive into scalability challenges faced by GoTo Financial, one of the largest financial companies in South East Asia, managing apps delivery through centralized ArgoCD (with ~40 Istio-enabled clusters, ~10k apps, ~5k repositories) and working with Argo community to address them. GoTo Financial uses ArgoCD to deliver thousands of HTTP/gRPC services, configuring Istio objects for canary rollout, managing various routing patterns, and many other Istio superpowers. From this talk, the audience will learn how to manage such use cases using ArgoCD, fine-tune centralized ArgoCD problem after problem, learning impact on each tuning parameters (reconcile time, workqueue depth, CPU usage), and using undocumented features to optimize ArgoCD controller shards.
Speakers
avatar for Giri Kuncoro

Giri Kuncoro

Staff Engineer, GoTo Financial
Giri is currently working for GoTo, one of fastest growing unicorns in South East Asia that recently went IPO. He started Kubernetes project and created Internal Developer Platform to drive adoption of cloud native ecosystem (Istio, ArgoCD, etc.) across the organization before the... Read More →
avatar for Yudi A Phanama

Yudi A Phanama

Sr. Software Engineer, GoTo Financial
Yudi is currently working as a senior software engineer for GoTo Financial's infrastructure engineering, maintaining cloud platforms for multi-regional cloud-native services across the organization. He is experienced in working with Kubernetes, ArgoCD, Istio, and other CNFC proje... Read More →

Towards 10k+ ArgoCD Apps KubeCon + CloudNativeCon North America 2023 pdf
Wednesday November 8, 2023 11:00am - 11:35am CST
W184 (Ground Level)
  SDLC

11:00am CST

Open Space Session: Cloud Native Adoption in Higher Education
Building on the collaborative nature of higher education, this session will provide participants with the opportunity to learn about and discuss the challenges and opportunities associated with the adoption of cloud native technologies at colleges and universities.


Wednesday November 8, 2023 11:00am - 11:45am CST
Open Space Session 1 | Solutions Showcase
  Experiences

11:00am CST

Tutorial: Exploring the Power of Metrics Collection with OpenTelemetry on Kubernetes - Pavol Loffay & Benedikt Bongartz, Red Hat; Anthony Mirabella, AWS; Matej Gera, Coralogix; Anusha Reddy Narapureddy, Apple
Deploying an observability system has many challenges, as several data types need to be collected. The data can be collected in many protocols and with different technology stacks. This session will cover end-to-end metrics collection on Kubernetes using the OpenTelemetry project. We will start from the ground up by instrumenting an application with OpenTelemetry APIs and agents and progressively solve more complicated use cases like a collection of resource attributes, collecting Prometheus metrics with the OpenTelemetry Collector and Operator, correlation with traces and logs, exemplars, and collecting Kubernetes infrastructure metrics.
Speakers
avatar for Pavol Loffay

Pavol Loffay

Pavol Loffay, Red hat
Pavol Loffay is a principal software engineer at Red Hat working on open-source observability technology for modern cloud-native applications. Pavol contributes and maintains Cloud Native Computing Foundation (CNCF) projects OpenTelemetry and Jaeger. In his free time, Pavol likes... Read More →
avatar for Matej Gera

Matej Gera

Software Engineer, Coralogix
Matej is a Software Engineer for the Observability Ecosystem Team at Coralogix. He is interested mainly in the topics of observability and cloud engineering. He has been a long-time open source and free software fan, since the time he interned for the Free Software Foundation Europe... Read More →
avatar for Anthony Mirabella

Anthony Mirabella

Senior SDE, AWS
Anthony is a Senior SDE at Amazon Web Services and leads the AWS Distribution for OpenTelemetry development team. He is a member of the OpenTelemetry Collector, Go client library, and Lambda layer teams and a contributor to many other elements of the OpenTelemetry project.
avatar for Anusha Narapureddy

Anusha Narapureddy

Software Engineer, Apple
Anusha is a Software Engineer at Apple with a keen interest in observability and cloud-native technologies. Over the years of working in different projects, she comes with a wealth of knowledge in cloud computing, infrastructural components, and micro-services ecosystem. She is an... Read More →
avatar for Benedikt Bongartz

Benedikt Bongartz

Senior Software Engineer, Red Hat
Bene is a software developer at Red Hat where he is mainly contributing to OpenTelemetry, an open source CNCF project.

KubeCon NA 2023 Tutorial Exploring the Power of Metrics Collection with OpenTelemetry on Kubernetes pdf
Wednesday November 8, 2023 11:00am - 12:30pm CST
W183 (Ground Level)
  Tutorials, Observability
  • Content Experience Level Any
  • Talk Type In-Person
  • Presentation Slides Attached Yes

11:00am CST

🚨 Contribfest: Istio: Hands-on Development and Contribution Workshop - Lin Sun & Steven Landow, Solo.io; Faseela Kundattil, Ericsson Software Technology; Eric Van Norman, IBM
Wished you knew how to contribute code for Istio, the most popular service mesh and a CNCF graduated project? Where to get started with contributing to Istio? How to get involved with the community? Join us to learn an overview of architecture on how Istio works, how to set up a development environment, how to contribute, develop and test Istio useful in day to day use. Unblock yourself and others! It's easier than you think! We will go through useful resources and ways to interact with the project and community, to explore the benefits of Istio and get you started on your first contribution effectively!
Speakers
avatar for Faseela K

Faseela K

Experienced Cloud-native Developer, Ericsson Software Technology
Faseela is a cloud-native developer at Ericsson Software Technology(EST) and is a steering committee member and maintainer at Istio. Prior to this, she has worked as a platform development engineer at Cisco and as a Tech Lead at Ericsson R&D, leading contributions to the OpenDaylight... Read More →
avatar for Eric Van Norman

Eric Van Norman

Senior Software Engineer, IBM
Eric has been working at IBM for 34 years and in the IBM Cloud division since 2014. He has worked on service brokers, service proxy and discovery, Docker, Kafka, image security, and since 2019, Istio. He is a member of the Technical Oversight Committee and is the lead of the Istio... Read More →
avatar for Lin Sun

Lin Sun

Director of Open-Source, solo.io
Lin is the Director of Open-Source at Solo.io. She has worked on Istio service mesh since 2017 and serves on the Istio Technical Oversight Committee. Previously, she served on the Istio Steering Committee for three years and was a Senior Technical Staff Member and Master Inventor... Read More →
avatar for Steven Landow

Steven Landow

Principal Engineer, Solo.io
Steven is a Principal Engineer at Solo.io and an Istio Networking Working Group lead. He has worked on Istio since 2020 previously focused on areas such as Multi-Cluster, Multi-Network and VM support.

Istio Contributor workshop KubeCon 2023 NA.pptx pdf
Wednesday November 8, 2023 11:00am - 12:30pm CST
W186 (Ground Level)
  🚨 ContribFest

11:05am CST

AI Hub: Keynote: Scaling AI with Cloud Native - Ricardo Rocha, CERN
This session will present the potential of using cloud native technologies to scale AI workloads beyond single card, node and even datacenter. It will provide a few examples and use cases along with real world results from working with users who are experts in AI but not necessarily on infrastructure.

__________________________
Join us at the first ever AI Hub! This one day unconference will explore AI topics impacting the cloud native community. LLMs, AI policy, AI operations, AI data governance and more. Join us for active conversations and learn from your peers on how they are using AI in their organizations. Have an idea for the unconference sessions? Submit your ideas.
Speakers
avatar for Ricardo Rocha

Ricardo Rocha

Computing Engineer, CERN
Ricardo is a Computing Engineer at CERN IT focusing on containerized deployments, networking and more recently machine learning platforms. He has led for several years the internal effort to transition services and workloads to use cloud native technologies, as well as dissemination... Read More →

Wednesday November 8, 2023 11:05am - 11:30am CST
Hyatt Regency McCormick Place, Ballroom C
  ML/AI + Data Processing + Storage

11:30am CST

AI Hub: Unconference Pitches and Talk Selections - Ilan Ilan Rabinovitch, Product & Community Leader & Jono Bacon, Community Leadership Core
Join us at the first ever AI Hub! This one day unconference will explore AI topics impacting the cloud native community. LLMs, AI policy, AI operations, AI data governance and more. Join us for active conversations and learn from your peers on how they are using AI in their organizations. Have an idea for the unconference sessions? Submit your ideas.

Anyone interested in speaking or collaborating on a topic for an unconference session can propose a topic/idea to everyone in attendance. The group as a whole will determine what sessions will be featured. Those chosen will be placed in the unconference schedule.
Speakers
avatar for Ilan Rabinovitch

Ilan Rabinovitch

Ilan is long time advocate for open source and cloud native.  He lead product, community, and technical partnerships for 8 years as a Senior Vice President at a Datadog. Prior to this he spent a number of years leading infrastructure and reliability engineering teams at organizations... Read More →
avatar for Jono Bacon

Jono Bacon

Founder, Community Leadership Core
Jono Bacon is a leading community and collaboration speaker, author, and podcaster. He is the founder of Jono Bacon Consulting which provides community strategy/execution, workflow, and other services. He previously served as director of community at GitHub, Canonical, XPRIZE, and... Read More →

Wednesday November 8, 2023 11:30am - 12:05pm CST
Hyatt Regency McCormick Place, Ballroom C
  ML/AI + Data Processing + Storage

11:55am CST

Design Metric Programs to Respect Contributor Expectations and Promote Safety - Sophia Vargas, Google
Metrics can be a powerful tool to understand and measure the health of your project and community. However, metrics collected through commit logs, APIs, web scraping, surveys, etc have the potential to cause unintended behavioral change as well as expose more details about an individual than they were expecting, especially when aggregated across platforms and/or displayed on a public dashboard. This talk will discuss tactics and best practices when collecting data in and around open source communities to ensure alignment with norms and expectations, comply with platform policies and regulations, respect the right to anonymity, and most importantly ensure the safety of all members of the community.
Speakers
avatar for Sophia Vargas

Sophia Vargas

Research Program Manager, Google
Sophia Vargas is a Program Manager in the research and education team within Google’s Open Source Programs Office. In this role she leads efforts that span project health, contributor experience, and open source economics. She is also on the Governing Board and an active contributor... Read More →

Wednesday November 8, 2023 11:55am - 12:30pm CST
W176 (Ground Level)
  Cloud Native Experience

11:55am CST

Beyond Passwords: Keycloak's Contributions to IAM(Identity and Access Management) + Security - Soojin Lee & Hoon Jo, Megazone
Did you know that you can sign in to Kubernetes with Google? Keycloak's contributions to IAM in Kubernetes are significant. Organizations can enforce granular authorization policies, centralize user management, and safeguard critical resources effectively. Keycloak's robust access control features empower organizations to establish a strong security foundation within their Kubernetes clusters. This talk will explain what Keycloak does and how it provides security benefits to administrators and users.
Speakers
avatar for Hoon Jo

Hoon Jo

CNCF Ambassador, Cloud Solutions Architect, Megazone
Since his experience as a system/network IT vendor, he has been providing technical advice and container architecture design for all projects related to Kubernetes in the Megazone GCP Cloud team. He is also an admin of the Facebook 'IT Infrastructure Engineers Group' and an open source... Read More →
avatar for Soojin Lee

Soojin Lee

Cloud Architect, Megazone
Soojin is a Cloud Engineer at Megazone, working on GKE and Cloud ID.Since her experience as a Google Workspace engineer, she has been providing support and technical advice. for all projects related to Cloud ID in the Megazone GCP Cloud Team.

Beyond Passwords Keycloak's Contributions to IAM(Identity and Access Management) + Security Soojin Lee & Hoon Jo, Megazone pdf
Wednesday November 8, 2023 11:55am - 12:30pm CST
W181 (Ground Level)
  Cloud Native Novice

11:55am CST

Patterns of Multi-cluster Kubernetes - George Hantzaras & Dan Mckean, MongoDB
In this presentation, we will explore the various patterns and use cases for multi-cluster Kubernetes deployments. As organizations continue to expand and adopt Kubernetes at scale, managing multiple clusters has become a necessity for addressing diverse requirements, such as high availability, data locality, and enhanced security.

We will begin by discussing the motivations behind multi-cluster Kubernetes deployments, including the benefits they provide in terms of resilience, performance, security, and operational efficiency. We will also highlight the challenges associated with managing multiple clusters and the need for adopting effective multi-cluster patterns.

Next, we will delve into the key patterns of multi-cluster Kubernetes, such as:
- Hub-Cluster Pattern:
- Cluster Federation
- Cluster Replication
- Multi-Cluster Ingress
- Cluster Sharding
- Hybrid and Multi-Cloud Deployments
Speakers
avatar for George Hantzaras

George Hantzaras

Director of Engineering, Kubernetes, MongoDB
George is a distributed systems expert and a hands-on engineering leader with focus on delivering Enterprise cloud services at scale. He is a Director of Engineering at MongoDB, focusing on implementing cloud native technologies at enterprise scale. Most recently, he has been a speaker... Read More →
avatar for Dan Mckean

Dan Mckean

Senior Product Manager, Kubernetes, MongoDB

Patterns of Multi Cluster Kubernetes pdf
Wednesday November 8, 2023 11:55am - 12:30pm CST
W180 (Ground Level)
  Emerging + Advanced

11:55am CST

Keeping Helm Reliable and Usable - Matt Farina, SUSE; Karena Angell, Red Hat; George Jenkins, Bloomberg; Ian Zink, Independent
Helm is a foundational part of Kubernetes software delivery. Deploying mission critical software for many projects and users. Keeping Helm stable while also improving usability is an important goal of the Helm project as any change can affect a large portion of the Kubernetes community. In this session, we will review how the Helm project prioritizes users, enforces a robust change management process, security, testing, and more while still layering in new features to keep its ecosystem reliable, compelling, and usable for you.
Speakers
avatar for Matt Farina

Matt Farina

Distinguished Engineer, SUSE
Matt works as a Distinguished Engineer at SUSE, where he works on Rancher, focusing on cloud native technologies. He is also a member of the CNCF Technical Oversight Committee. Matt is an author, speaker, and regular contributor to open source.
avatar for Karena Angell

Karena Angell

Senior Principal Product Manager, Technical, Red Hat
Karena Angell is a Senior Principal Product Manager at Red Hat focusing on cloud native application workloads for Kubernetes, open source software projects, as well as solutions for the 'open' hybrid cloud. She is a Helm maintainer and TAG App Delivery Technical Lead.
avatar for George Jenkins

George Jenkins

Bloomberg
George is a software engineer working on Cloud based data analytics and compute platforms for data scientists and Quants at Bloomberg. He enjoys working with and contributing back to open source, and utilizing the best in technology to solve business problems.
avatar for Ian Zink

Ian Zink

Independent
Full snack developer for 3 advanced neural networks. Ideas by the many, not by the few. Lit a fire with gasoline and lived to regret it. Wrote a program once and it compiled the first time. I dream in yaml. Also, ~20yrs doing infrastructure, performance & availability engineering... Read More →

KubeCon NA 2023 Keeping Helm Reliable And Usable pptx
KubeCon NA 2023 Keeping Helm Reliable And Usable pdf
Wednesday November 8, 2023 11:55am - 12:30pm CST
W194 (Ground Level)
  Maintainer Track, Helm

11:55am CST

KubeEdge: Extending Kubernetes to the Edge with Real-World Industry Examples - Yin Ding, Google & Kevin Wang, Huawei
In this session, the KubeEdge project maintainers will provide an overview of KubeEdge's architecture, explore how KubeEdge, with its industry-specific examples. The session will kick off with a brief introduction to edge computing and its growing importance in IoT and distributed systems. The maintainers will then delve into the core components and architecture of KubeEdge, showcasing how it extends the capabilities of Kubernetes to manage edge computing workloads efficiently. Drawing on a range of industry use cases, including smart cities, industrial IoT, and retail, the maintainers will demonstrate the real-world impact of KubeEdge. They will share success stories and insights from organizations that have deployed KubeEdge in their edge environments, highlighting the tangible benefits and transformational possibilities it offers.
Speakers
avatar for Yin Ding

Yin Ding

Engineering Manager, Google
Yin Ding, an Engineering Manager at Google, lead the Kubernetes Hardening team and brings over 15 years of expertise in large-scale and distributed computing. As a co-founder of the CNCF KubeEdge open-source project and the TSC Chair of LF Edge Akraino, Yin Ding has made significant... Read More →
avatar for Kevin Wang

Kevin Wang

CNCF Ambassador, TOC contributor, Kubernetes emeritus Maintainer, Founder and Maintainer of multiple CNCF projects, Lead of Cloud Native Open Source Team at Huawei, Huawei
Kevin Wang has been an outstanding contributor in the CNCF community since its beginning and is the leader of the cloud native open source team at Huawei. Kevin has contributed critical enhancements to Kubernetes, led the incubation of the KubeEdge, Volcano, Karmada projects in CNCF... Read More →

Wednesday November 8, 2023 11:55am - 12:30pm CST
W187 (Ground Level)
  Maintainer Track, KubeEdge

11:55am CST

Kubernetes Infra SIG: Intro and Updates - Arnaud Meukam, VMware & Benjamin Elder, Google
The Kubernetes Infrastructure SIG is responsible for maintaining the overall infrastructure of the Kubernetes project. In this session, we will take a deep dive into some of the projects that the SIG is currently working on, as well as existing collaborations with other platform providers and Kubernetes SIGs. We will also provide an update on the current state of the SIG and explore what's next.
Speakers
avatar for Arnaud Meukam

Arnaud Meukam

Senior Member of Technical Staff, VMware
Arnaud is a Software Engineer at VMware and he is a maintainer of the Kubernetes project. He is been involved in the project for over 5 years now, is the SIG Chair for the Kubernetes Infrastructure Group and a Release manager for Kubernetes.
avatar for Benjamin Elder

Benjamin Elder

Senior Software Engineer, Google
Benjamin Elder is a Senior Software Engineer at Google working on Kubernetes. Ben is a long time contributor to the project since writing kube-proxy's iptables mode for GSoC 2015 and is an elected member of the Kubernetes Steering Committee.

Wednesday November 8, 2023 11:55am - 12:30pm CST
W192 (Ground Level)
  Maintainer Track, K8s Infra

11:55am CST

Kubernetes SIG Node Intro and Deep Dive - Sergey Kanzhelev, Google & Mrunal Patel, Red Hat
Kubernetes SIG Node maintainers track session will cover the latest updates and developments in the Kubernetes Node subsystem. SIG Node owns components that control interactions between pods and host resources, including the Kubelet, Container Runtime Interface (CRI), and Node API. SIG Node is responsible for the Pod’s lifecycle from allocation to teardown, to liveness checks and shared resource management. We work with various container runtimes, kernels, networking, storage, and more; anything a pod touches is SIG Node’s responsibility! The session will be led by Kubernetes SIG Node leads and will be interesting for seasoned contributors as well as people seeking to get involved in the project. Attendees will leave the session with a better understanding of the latest developments in the Kubernetes Node subsystem. The session is open to all Kubernetes users, regardless of experience level.
Speakers
avatar for Sergey Kanzhelev

Sergey Kanzhelev

Staff Software Engineer, Google
Sergey Kanzhelev is a seasoned open source and cloud native maintainer working actively on Kubernetes. Sergey is serving as co-chair of SIG node. He is also one of OpenTelemetry founders. He is working on engineering aspect of software and its practical application. With the Kubernetes... Read More →
avatar for Mrunal Patel

Mrunal Patel

Senior Principal Software Engineer, Red Hat
Mrunal Patel is a Senior Principal Software Engineer at Red Hat working on containers for Openshift. He is a maintainer of runc/libcontainer and the OCI runtime specification. He started the CRI-O runtime. He is a SIG-Node chair and tech lead.

KubeCon + CloudNativeCon North America 2023 SIG Node maintainers track pdf
Wednesday November 8, 2023 11:55am - 12:30pm CST
W190 (Ground Level)
  Maintainer Track, Node

11:55am CST

Scale Your MySQL Database by Migrating to Vitess - Matt Lord & Deepthi Sigireddi, PlanetScale
Vitess is a cloud-native storage solution that provides horizontal scaling of MySQL. In this session we will introduce you to Vitess, covering the high level architecture and the feature set offered. From there we will focus on how to scale out already running applications by migrating the existing MySQL database into Vitess – sharding it in the process – without any downtime.
Speakers
avatar for Deepthi Sigireddi

Deepthi Sigireddi

Engineering Lead, PlanetScale
Deepthi is the Technical lead for Vitess, a CNCF graduated open source project. She also leads the Vitess engineering team at PlanetScale which offers a database service built on Vitess. She brings over 20 years of experience building scalable systems to this role. She enjoys speaking... Read More →
avatar for Matt Lord

Matt Lord

Vitess Maintainer, PlanetScale
Matt Lord has spent the last 25+ years working in the database space both as a producer at MySQL and MongoDB and as a consumer at WeWork and Etsy. Today he leverages these decades of experience to help make Vitess the best Open Source solution for running MySQL at scale and supporting... Read More →

KubeCon NA 2023 Scale Your MySQL Database by Migrating to Vitess pdf
Wednesday November 8, 2023 11:55am - 12:30pm CST
W196AB
  Maintainer Track, Vitess

11:55am CST

What's New in Operator Framework? - Jonathan Berkhahn, IBM & Attila Mészáros, Red Hat
Java Operator SDK joined Operator Framework as a subproject this year! OSDK provides a controller runtime and a feature complete framework to implement Kubernetes Operators in Java. In this talk we will give an introduction to the framework and overview of features. In addition to that, we will introduce the features where the framework tries to be innovative, and bring higher level abstractions to the table, that reduces boiler plate code and makes it trivial to implement resource management and related workflows within controllers.
Speakers
avatar for Attila Mészáros

Attila Mészáros

Principal Software Engineer, Red Hat
For more than ten years I was designing and implementing software solutions, architectures and services and related tooling. Then I spent a few years focusing more on building platforms on top of Kubernetes in some excellent platform teams. I'm one of the creators and currently full... Read More →
avatar for Jonathan Berkhahn

Jonathan Berkhahn

Senior Software Engineer, IBM
Jonathan is a member of the steering committee of Operator Framework, and a maintainer of Operator SDK. He's worked in the past on various open technologies in the cloud platform space, including Kubernetes and Cloud Foundry. His passions in open source include behavior driven development... Read More →

KubeCon NA 2023 OF Maintainer Track pdf
Wednesday November 8, 2023 11:55am - 12:30pm CST
W196C (Ground Level)
  Maintainer Track, Operator Framework

11:55am CST

Mastering LLM Delivery in Private Clouds: A Journey to Seamless Deployments with Kubernetes and OCI - Autumn Moulder & Marwan Ahmed, Cohere
Deploying LLMs is challenging. This talk is a case study in how cloud native technologies, specifically Kubernetes and OCI artifacts, simplifies private LLM deployments. Allowing teams to run models in their infrastructure solves significant data governance & security challenges. However, it is still difficult to efficiently share large artifacts between model developers and model consumers. Autumn and Marwan share how open standards unblocked challenges and simplified LLM delivery. First, we explore how Kubernetes made it possible to rapidly deliver a highly portable, cloud-native inference stack. Second, OCI Artifacts have been underutilized as a delivery mechanism for artifacts beyond container images. We explore how we achieved significant efficiency gains by reducing duplicate storage, increasing download speed, and minimizing governance overhead. Walk away learning how you can leverage Kubernetes and OCI in your MLOps journey.
Speakers
avatar for Autumn Moulder

Autumn Moulder

Manager of Technical Staff, Cohere
Autumn is a Manager of Technical Staff running Infrastructure & Security at Cohere. She’s been with the company since September 2022 scaling teams & tools. Prior to buying into the startup life, she spent 3 years in financial services and 14 years at a large non-profit. Her passion... Read More →
avatar for Marwan Ahmed

Marwan Ahmed

Member of Technical Staff, Cohere
Marwan is a Member of Technical Staff on the Infrastructure team at Cohere. He has contributed to several Kubernetes projects since 2018, most notably Cluster API Azure and Cluster Autoscaler. He has previously worked at Twitter on the Distributed Coordination team and Microsoft on... Read More →

Mastering LLM Delivery KubeconNA23 pdf
Wednesday November 8, 2023 11:55am - 12:30pm CST
W185 (Ground Level)
  ML/AI + Data Processing + Storage

11:55am CST

Gateway API: The Most Collaborative API in Kubernetes History Is GA - Rob Scott, Google & Nick Young, Isovalent
Gateway API has graduated to GA! In this session, we will share the journey it took to get here, highlighting the incredible story of what has likely been the most collaborative API development process in Kubernetes history, with over 150 contributors and 20 implementations already. This API also represents a fundamental shift in how Kubernetes APIs are developed. Although this may be the first CRD-based Kubernetes API to graduate to GA, there are already others in progress. We’ll talk about what this means for the future of Kubernetes, and the ecosystem as a whole. Finally, we’ll give an overview of the API, describing how it can be used for load balancing, in-cluster routing, and service mesh configuration. You’ll learn what it means for CRDs to be considered GA, and when, why, and how you can migrate to Gateway API if you’re not already using it.
Speakers
avatar for Rob Scott

Rob Scott

Software Engineer, Google
Rob is an open source enthusiast currently working on Kubernetes Networking at Google. He's been a maintainer of Gateway API since the very early days of the project and led the development of other Kubernetes networking APIs like EndpointSlices.
avatar for Nick Young

Nick Young

Staff Engineer, Isovalent
Nick has been working to prevent the entropic downfall of systems for 25 years, across datacenters, clouds, networking, and others. He's a Staff Engineer at Isovalent, and a maintainer on the Kubernetes Gateway API project, where he works on improving the ingress and mesh experiences... Read More →

Wednesday November 8, 2023 11:55am - 12:30pm CST
W178 (Ground Level)
  Networking + Edge + Telco

11:55am CST

How to Carefully Replace Thousands of Nodes Every Day - Adrien Trouillaud & Ryan McNamara, Datadog
Datadog operates tens of thousands of Kubernetes nodes at any given time. Roughly half of them run critical stateful workloads. Every day, we replace thousands of nodes to upgrade software, anticipate host retirements, or swiftly react to hardware failures. To automate node replacements, we use and extend the Eviction API and Pod Disruption Budgets (PDBs). We will share our experience working with these primitives, discuss their limitations, describe solutions, and propose improvements. We will cover the following topics: - the case for default PDBs; - the abuse of the readiness probe; - the missing node lifecycle hooks; - recent, ongoing, and possible changes to the Eviction API and PDBs; - existing open source projects that can each play a role in the solution. After this talk, attendees will be better prepared to deal with node replacements, especially at scale, whether initiated by them or by a managed Kubernetes distribution.
Speakers
avatar for Adrien Trouillaud

Adrien Trouillaud

Engineering Manager, Datadog
Adrien Trouillaud is an Engineering Manager at Datadog, where he has been leading a team focusing on Kubernetes node lifecycle since 2021. Prior to Datadog, Adrien started the Admiralty open source project and eponymous company, where he developed and commercialized a multi-cluster... Read More →
avatar for Ryan McNamara

Ryan McNamara

Senior Software Engineer, Datadog
Ryan McNamara is a Senior Software Engineer at Datadog, where he has been focusing on Kubernetes node lifecycle since 2020. Prior to Datadog, Ryan spent six years at Palantir, most of that time working on the company’s Kubernetes platform. Ryan holds a BS in Computer Science and... Read More →

How to Carefully Replace Thousands of Nodes Every Day pdf
Wednesday November 8, 2023 11:55am - 12:30pm CST
W179 (Ground Level)
  Operations + Performance

11:55am CST

Declarative Everything - Cici Huang, Google
Declarative APIs are a key part of Kubernetes' declarative nature - we even have a declarative API (Custom Resources) to define new declarative APIs! The vast majority of Kubernetes operators have at least one custom-resource API installed, and many clusters have dozens, or even hundreds. A whole ecosystem has sprung up around Kubernetes-hosted APIs. However, an API is much more than just the data schema, and to build a full featured Kubernetes-hosted API, users are often forced to deal with imperative and opaque extension mechanisms such as Webhooks. This makes API development and operations more difficult and error-prone than it needs to be. In fact, this is true for the built-in Kubernetes APIs as well as CRD APIs. In this talk, we will examine the work that has been done so far, and the work that is in progress to make defining APIs easier and more declarative, and the overall vision of declarative API definition.
Speakers
avatar for Cici Huang

Cici Huang

Senior Software Engineer, Google
Be involved in Kubernetes open source community cross multiple SIGs with main focus on Kubernetes extensibility. Recently involved heavily in bringing CEL into Kubernetes.

Wednesday November 8, 2023 11:55am - 12:30pm CST
W375E (Level 3)
  Platform Engineering

11:55am CST

Leveraging Cluster-API for Production-Ready Multi-Regional Infrastructures - Shotaro Gotanda & Kotaro Inoue, LY Corporation
LY Corporation is a tech company widely recognized for the LINE messaging application in APAC. Here, both user-facing services and cloud infrastructure services(Iaas, KaaS, DBaaS, etc.) operate on top of Kubernetes. In early 2023, we, the Kubernetes Service team, successfully switched to the Cluster-API to manage our hundreds of clusters across multiple private cloud regions. However, our journey was pretty tough and a consecutive challenges. In this talk, we will explain: • How we determined that Cluster API was right for us; • Why we developed a new Cluster-API provider rather than using Cluster-API-Provider-Openstack; • What customizations to the control plane we needed for our own private cloud; • How we supported migration from our old infrastructure to Cluster API; • What we would do differently if we started over. We would like to share our experience and lesson learned to provide the potential obstacles and insights on adopting Cluster-API in a private cloud environment.
Speakers
avatar for Kotaro Inoue

Kotaro Inoue

Software Engineer, LY Corporation
Kotaro is a Software Engineer at LY Corporation, where he works on managed Kubernetes Services built on top of an on-premise Private Cloud called "Verda".
avatar for Shotaro Gotanda

Shotaro Gotanda

Software Engineer, LY Corporation

leveraging cluster api for production ready multi regional infrastructure pdf
Wednesday November 8, 2023 11:55am - 12:30pm CST
W175 (Ground Level)
  Platform Engineering

11:55am CST

Everything Is Code: Embracing GitOps at Spotify - Tim Hansen, Spotify
You’ve heard of infrastructure-as-code with tools like Terraform, but how about documentation-as-code, monitoring-as-code, and builds-as-code? Learn how developers at Spotify provision infrastructure, run builds, deploy services, deliver documentation, manage dependencies, set up monitoring and incident management, and implement cost optimizations — all in Git, right alongside the service code. Oh, and of course, there’s software-catalog-as-code to manage the metadata about an ever-growing software inventory and interwoven dependencies, all browsable through Backstage. Explore the developer-centric world of GitOps, where developers can operate at the speed of commits yet still have a built-in audit trail, rollback capability, and change review.
Speakers
avatar for Tim Hansen

Tim Hansen

Senior Engineer, Spotify
Tim is a senior engineer at Spotify who worked as part of the Platform organization to decrease infrastructure toil for Spotify developers, now focused on the open-source Backstage platform. Prior to this, he worked in FinOps at Spotify, focused on reducing cloud infrastructure c... Read More →

Everything is Code Embracing GitOps at Spotify pdf
Wednesday November 8, 2023 11:55am - 12:30pm CST
W184 (Ground Level)
  SDLC

11:55am CST

Eraser: Cleaning up Vulnerable Images from Kubernetes Nodes - Peter Engelbert & Ashna Mehrotra, Microsoft
Supply chain security is an increasingly important issue in cloud-native computing: the number of attacks has grown by over 300% since 2021. It is common for pipelines to build and push images to the cluster, but uncommon for those images to be removed from a node’s local store once a CVE has been disclosed. Kubernetes has no built-in solution to this problem: its garbage collection only responds to disk pressure. As images become outdated, they present a risk as users may run a vulnerable container. Eraser, a CNCF sandbox project, is an open source solution that automates the scanning and removal of images. What distinguishes Eraser is that it gives more control over removal: the developer decides what gets removed and when. By default, Eraser uses Trivy to scan images based on a given threshold of vulnerability. Images can also be removed based on custom logic. The talk will begin with a demo of Eraser in action, before showing an example of customizing the removal process.
Speakers
avatar for Ashna Mehrotra

Ashna Mehrotra

Software Engineer, Microsoft
Ashna is a software engineer on the Upstream Security team, working on cloud-native open source security projects. Currently, she is continuing work on Eraser and supply chain security projects at Microsoft.
avatar for Peter Engelbert

Eraser Kubecon.pptx pdf
Wednesday November 8, 2023 11:55am - 12:30pm CST
W375AB (Level 3)
  Security

11:55am CST

Grifts Ahoy! Bracing for the AI Tide - Shane Lawrence, Shopify
As AI and machine learning models like ChatGPT gain popularity, it is crucial for organizations to understand the potential risks and benefits they bring to Kubernetes and cloud computing environments. Language models have been used by attackers for convincing phishing attacks, rapid prototyping and iteration on exploit tools, and obfuscation of existing exploits to evade detection. Businesses using chatbots are at risk of data poisoning, leaked secrets, and false information. Conversely, teams embracing AI have an opportunity to reduce toil and improve their security posture. In this talk, Shane will examine the real security impact of recent developments in AI and how they affect everyone in the CloudNative ecosystem, including developers, operations, management, and security teams. Attendees will learn new threats to traditional systems, new risks for organizations that are beginning to use AI, and new ways to leverage AI to improve existing security processes and systems.
Speakers
avatar for Shane Lawrence

Shane Lawrence

Senior Staff Security Engineer, Shopify
Shane is a Senior Staff Infrastructure Security Engineer at Shopify, where he's working on a multi-tenant platform that allows developers to securely build scalable apps and services for crafters, entrepreneurs, and businesses of all sizes.

Wednesday November 8, 2023 11:55am - 12:30pm CST
W375CD (Level 3)
  Security

11:55am CST

SECURITY HUB: Fuzzing Introduction + OSS-Fuzz Demo - Adam & David Korczynski, Ada Logics
Fuzzing is a technique used for finding bugs and vulnerabilities in software. The technique has been applied on many CNCF projects and tech giants fuzz daily thousands of software packages for security issues. However, it may not be easy to take the first steps in the fuzzing world and, furthermore, understand which direction to navigate towards when beginning a fuzzing journey.

This is a talk and demo presentation that introduces fuzzing and common tools in the open source space related to fuzzing. We will focus on showcasing the initial first steps needed towards setting up a mature fuzzing set up for an open source project. OSS-Fuzz is a service for running continuous fuzzing on open source projects and we will introduce both fuzzing in general as well as OSS-Fuzz as a platform. The goal of this talk is to give a pragmatic introduction to audience members that may be interested in how to navigate the fuzzing space but may not know where to get started.
Speakers
avatar for David Korczynski

David Korczynski

Security Researcher, Ada Logics
David Korczynski is a security researcher at Ada Logics and his focus is on building tools that automate software security analysis. In the open source community David is a top contributor to OSS-Fuzz and has worked on fuzzing several CNCF projects, e.g. Fluent Bit, Envoy and Linkerd2-proxy... Read More →
avatar for Adam Korczynski

Adam Korczynski

Security Engineer, Ada Logics
Adam is a security engineer at Ada Logics where his work mainly focuses on security automation. He is heavily involved in open source projects and is a top contributor to OSS-Fuzz.

Wednesday November 8, 2023 11:55am - 12:30pm CST
W471AB (Level 4)
  Security

12:10pm CST

AI Hub: Uncoference Session - AI For Packaging Machines + AI + HPC For Data Management
Join us at the first ever AI Hub! This one day unconference will explore AI topics impacting the cloud native community. LLMs, AI policy, AI operations, AI data governance and more. Join us for active conversations and learn from your peers on how they are using AI in their organizations. Have an idea for the unconference sessions? Submit your ideas.

Facilitated group discussions will occur based on topics suggested and selected earlier in the day.


Wednesday November 8, 2023 12:10pm - 12:45pm CST
Hyatt Regency Ballroom C Foyer
  ML/AI + Data Processing + Storage

12:10pm CST

AI Hub: Uncoference Session - Data Security In LLM's
Join us at the first ever AI Hub! This one day unconference will explore AI topics impacting the cloud native community. LLMs, AI policy, AI operations, AI data governance and more. Join us for active conversations and learn from your peers on how they are using AI in their organizations. Have an idea for the unconference sessions? Submit your ideas.

Facilitated group discussions will occur based on topics suggested and selected earlier in the day.


Wednesday November 8, 2023 12:10pm - 12:45pm CST
Hyatt Regency Chicago, Ballroom E
  ML/AI + Data Processing + Storage

12:10pm CST

AI Hub: Uncoference Session - Dynamic Resource Allocation + SLURMS vs K8's
Join us at the first ever AI Hub! This one day unconference will explore AI topics impacting the cloud native community. LLMs, AI policy, AI operations, AI data governance and more. Join us for active conversations and learn from your peers on how they are using AI in their organizations. Have an idea for the unconference sessions? Submit your ideas.

Facilitated group discussions will occur based on topics suggested and selected earlier in the day.


Wednesday November 8, 2023 12:10pm - 12:45pm CST
Hyatt Regency Chicago, Ballroom C
  ML/AI + Data Processing + Storage

12:10pm CST

AI Hub: Uncoference Session - How Can Cloud Native Be Relevant to AI Developers
Join us at the first ever AI Hub! This one day unconference will explore AI topics impacting the cloud native community. LLMs, AI policy, AI operations, AI data governance and more. Join us for active conversations and learn from your peers on how they are using AI in their organizations. Have an idea for the unconference sessions? Submit your ideas.

Facilitated group discussions will occur based on topics suggested and selected earlier in the day.


Wednesday November 8, 2023 12:10pm - 12:45pm CST
Hyatt Regency Chicago, Ballroom D
  ML/AI + Data Processing + Storage

12:10pm CST

AI Hub: Unconference Session Block #1
Join us at the first ever AI Hub! This one day unconference will explore AI topics impacting the cloud native community. LLMs, AI policy, AI operations, AI data governance and more. Join us for active conversations and learn from your peers on how they are using AI in their organizations. Have an idea for the unconference sessions? Submit your ideas.

Facilitated group discussions will occur based on topics suggested and selected earlier in the day.

See session schedule for list of selected un-conference sessions.


Wednesday November 8, 2023 12:10pm - 12:45pm CST
Hyatt Regency McCormick Place, Ballroom CDE
  ML/AI + Data Processing + Storage

12:30pm CST

Lunch 🍲
Wednesday November 8, 2023 12:30pm - 2:30pm CST
Hall F | Level 3 | West Building
  Breaks

12:30pm CST

Diversity + Equity + Inclusion Lunch

Join this special program featuring discussion around diversity, equity, and inclusivity. Participants will embark on an enlightening journey of self-discovery and awareness through an interactive discussion on unconscious bias. Through thought-provoking scenarios, we'll delve into the intricate world of unconscious bias, gaining the tools and insights to identify and address these hidden prejudices and spark meaningful dialogue.

Seating is limited and will be provided on a first come, first served basis.

Lunch will be served.

Thank you to our sponsor, Intel!
Wednesday November 8, 2023 12:30pm - 2:30pm CST
W474 (Level 4)
  Diversity + Equity + Inclusion, Experiences

1:00pm CST

Open Space Session: Advancing Cloud Native & Open Source within the Black Community
Diversity is important across the board, the goal of this session is to double click on the exposure and impact Cloud Native Software Development and Open Source software is having in the Black community. The session is intended for BIPOC & Allies to join together to ideate how we can increase exposure to these ares in our companies as well as in external Black communities. 
Wednesday November 8, 2023 1:00pm - 1:45pm CST
Open Space Session 1 | Solutions Showcase
  Experiences, Diversity + Equity + Inclusion

1:00pm CST

Marketing Team Office Hours
Join your CNCF Marketing Team for Office Hours:
  • Monday, November 6: 2:00-4:00pm
  • Tuesday, November 7: 1:00-3:00pm
  • Wednesday, November 8: 1:00-3:00pm
  • Thursday, November 9: By appointment
Wednesday November 8, 2023 1:00pm - 3:00pm CST
Hyatt Regency McCormick Place, Dusable B
  Experiences

2:20pm CST

AI Hub: Welcome Back - Annie Talvasto, CNCF Ambassador & VSHN
Join us at the first ever AI Hub! This one day unconference will explore AI topics impacting the cloud native community. LLMs, AI policy, AI operations, AI data governance and more. Join us for active conversations and learn from your peers on how they are using AI in their organizations. Have an idea for the unconference sessions? Submit your ideas.

2:20-2:55 PM: Welcome Back + AI Demos
3:00-3:35 PM: Unconference Session Block #2
3:40-4:15 PM: Unconference Session Block #3
4:15-4:25 PM: Coffee Break + Networking
4:25-5:00 PM: Unconference Session Block #4
5:05-5:15 PM: Wrap Up
Speakers
avatar for Annie Talvasto

Annie Talvasto

CNCF Ambassador & CMO, VSHN
Annie Talvasto is an award-winning international technology speaker and leader. She has been recognized with the CNCF Ambassador and Azure MVP awards. Annie has co-organized the Kubernetes & CNCF Finland meetup since 2017. She has spoken at technology conferences worldwide, including... Read More →

Wednesday November 8, 2023 2:20pm - 2:30pm CST
Hyatt Regency McCormick Place, Ballroom C
  ML/AI + Data Processing + Storage

2:30pm CST

AI Hub: Welcome Back, From Transformers to Text Generation Inference + Text Generation Inference Kubernetes Demo - Guillaume Salou, Hugging Face