Loading…
Attending this event?
December 6-8, 2017 - Austin, Texas
Click Here for More Information + Registration 

Customize your schedule by session topic and skill level:
Session Topic - Refer to the "Type" filter list to the right to find a session based on topic. Talk Difficulty - Sessions are categorized as [B]eginner, [Intermediate] or [Advanced] at the end of each talk title.
View analytic

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Monday, December 4
 

9:00am

Running Enterprise Kubernetes w/Tectonic
Registration: Add this training on your KubeCon + CloudNativeCon North America conference registration here. If you are already registered for KubeCon + CloudNativeCon North America 2017, modify your registration to add the training or email us at events {at} cncf {dot} io.

Running Kubernetes in an enterprise production environment requires a in-depth technical knowledge of Kubernetes and the relevant tools you need to keep your applications running properly. This hands-on workshop will introduce the audience to CoreOS Tectonic for running enterprise Kubernetes. CoreOS Tectonic includes an easy to use dashboard that provides access and insights into the many components of your stack.

We will go over the following topics:
  • Tectonic Overview 
  • Installing Tectonic 
  • Exploring the Tectonic Console 
  • Understanding the Tectonic Architecture 
  • Self-Hosted Kubernetes 
  • Security and Identity Monitoring 
  • Auto Updates 
  • The Future of Tectonic

Monday December 4, 2017 9:00am - 12:00pm
Meeting Room 7, Level 3

12:30pm

1:00pm

Running Enterprise Kubernetes w/Tectonic
Registration: Add this training on your KubeCon + CloudNativeCon North America conference registration here. If you are already registered for KubeCon + CloudNativeCon North America 2017, modify your registration to add the training or email us at events {at} cncf {dot} io.

Running Kubernetes in an enterprise production environment requires a in-depth technical knowledge of Kubernetes and the relevant tools you need to keep your applications running properly. This hands-on workshop will introduce the audience to CoreOS Tectonic for running enterprise Kubernetes. CoreOS Tectonic includes an easy to use dashboard that provides access and insights into the many components of your stack. 

We will go over the following topics: 
  • Tectonic Overview 
  • Installing Tectonic 
  • Exploring the Tectonic Console 
  • Understanding the Tectonic Architecture 
  • Self-Hosted Kubernetes 
  • Security and Identity Monitoring 
  • Auto Updates 
  • The Future of Tectonic

Monday December 4, 2017 1:00pm - 4:00pm
Meeting Room 7, Level 3

1:00pm

Introduction to Kubernetes and Containers w/Heptio

Registration: Add this training on your KubeCon + CloudNativeCon North America conference registration here. If you are already registered for KubeCon + CloudNativeCon North America 2017, modify your registration to add the training or email us at events {at} cncf {dot} io.

About: In this half day instructor-led course you will learn the fundamentals of container-based distributed systems, including an overview of the architecture and building blocks of Kubernetes and containers. 

This course is delivered in an intimate setting with a ~10:1 student to teacher ratio, so you can get the help you need.

In addition to learning from our Kubernetes experts, you will have the opportunity to: 

  • Meet Kubernetes creators Craig McLuckie (CEO) and Joe Beda (CTO) and our other Kubernetes committers for a Q&A session after each class
  • Get a copy of "Kubernetes: Up and Running" signed by Joe Beda
  • Join us for happy hour

Course topics include: 

  • Introduction
  • The Motivation for Containers
  • The Motivation for Kubernetes
  • Containers Fundamentals
  • Kubernetes Fundamentals
  • Kubernetes in Action
  • Conclusion
  • Two hands-on excercises:
    • Build container images and publish them to a registry.
    • Deploy services using Kubernetes.

Monday December 4, 2017 1:00pm - 5:00pm
Meeting Room 8C, Level 3
 
Tuesday, December 5
 

7:00am

8:00am

Kubernetes: Enterprise Logging Workshop

Registration: Add this training on your KubeCon + CloudNativeCon North America conference registration here. If you are already registered for KubeCon + CloudNativeCon North America 2017, modify your registration to add the training or email us at events {at} cncf {dot} io.

Kubernetes provide a powerful abstraction for you to run microservices anywhere and scale to any size. Monitoring a Kubernetes cluster can be challenging specifically when dealing with Logging.

The Kubernetes Enterprise Logging workshop is a full hands-on session where you will learn the basics of Logging, how to implement an unified logging layer in your cluster focusing on an end-to-end solution ready for production. 

Workshop Outline: 

  • Introduction to Logging
  • Logging and Microservices
  • Fluentd and Fluentd Enterprise
  • Kubernetes: collecting and enrich logs with metadata
  • Enterprise Logging:
    • Performance and optimizations
    • Buffering mechanisms
    • Logs routing
    • Elasticsearch
    • Apache Kafka
    • Splunk

Tuesday December 5, 2017 8:00am - 12:00pm
Meeting Room 8AB, Level 3

8:00am

Contributor Summit
By Invitation Only. 

Badges can be picked up at main registration on Tuesday at 7am on Level 1. 

General session will be in Meeting Room 5 on Level 3. 

More information can be found here

Tuesday December 5, 2017 8:00am - 4:30pm
Meeting Room 5ABC, Level 3

8:30am

Kubernetes Core Concepts Live Training w/Bitnami

Registration: Add this training on your KubeCon + CloudNativeCon North America conference registration here. If you are already registered for KubeCon + CloudNativeCon North America 2017, modify your registration to add the training or email us at events {at} cncf {dot} io.

About: This one day course serves as a crash course to learn the basics of Kubernetes right before KubeCon NA. You will discover the Kubernetes architecture and how to install it. You will then learn how to use its basic primitives (i.e pods, deployments and services) to build your own distributed application. The course will be a mix of lectures, demos and hands-on exercises.

This training course is for you because...

  • You're an administrator and want to understand the overall architecture of a Kubernetes cluster
  • You're an administrator and want to understand how to install Kubernetes yourself
  • You’re an application developer and want to understand the basic primitives of a Kubernetes application
  • You’re an application developer and want to learn the usage of `kubectl` to interact with your Kubernetes cluster and applications
  • You’re an application developer and want to understand how to use your Docker images in a Kubernetes cluster

Speakers
avatar for JuanJo Ciarlante

JuanJo Ciarlante

Senior Site Reliability Engineer, Bitnami
JuanJo has 20yrs+ experience working with open source software. He's the original author of ip aliasing support for the Linux kernel, among other FOSS contributions like Linux IP masquerading optimizations, OpenVPN IPv6 transport support, Open/SWAN crytoalgo modularizations... Read More →
avatar for Sebastien Goasguen

Sebastien Goasguen

Kubernetes Lead, Bitnami
Sebastien Goasguen is a twenty year open source veteran. A member of the Apache Software Foundation, he worked on Apache CloudStack and Libcloud for several years before diving into the container world. He is the founder of Skippbox, a Kubernetes startup acquired by Bitnami where... Read More →


Tuesday December 5, 2017 8:30am - 5:00pm
Meeting Room 1, Level 1

9:00am

Running Enterprise Kubernetes w/Tectonic
Registration: Add this training on your KubeCon + CloudNativeCon North America conference registration here. If you are already registered for KubeCon + CloudNativeCon North America 2017, modify your registration to add the training or email us at events {at} cncf {dot} io.

Running Kubernetes in an enterprise production environment requires a in-depth technical knowledge of Kubernetes and the relevant tools you need to keep your applications running properly. This hands-on workshop will introduce the audience to CoreOS Tectonic for running enterprise Kubernetes. CoreOS Tectonic includes an easy to use dashboard that provides access and insights into the many components of your stack. 

We will go over the following topics: 
  • Tectonic Overview 
  • Installing Tectonic 
  • Exploring the Tectonic Console 
  • Understanding the Tectonic Architecture 
  • Self-Hosted Kubernetes 
  • Security and Identity Monitoring 
  • Auto Updates 
  • The Future of Tectonic

Tuesday December 5, 2017 9:00am - 12:00pm
Meeting Room 7, Level 3

9:00am

Using Istio to Build a Cloud Native Service Mesh

Registration: Add this training on your KubeCon + CloudNativeCon North America conference registration here. If you are already registered for KubeCon + CloudNativeCon North America 2017, modify your registration to add the training or email us at events {at} cncf {dot} io.

In the adoption of cloud native technologies developers have found one of the greatest challenges is the integration of services in distributed systems. The challenges include service discovery, load balancing, fault tolerance, end-to-end monitoring, dynamic routing for canary deployments and most importantly securing the communication channels.

Istio solves these problems by providing a layer of infrastructure between the services and the network that allows the service communication to be controlled outside the application code. This fundamentally changes how services are connected, managed and secured.

During thisworkshop you will gain hands-on experience to understand how Istio is changing the landscape of cloud native applications. We will walk through deploying each piece of Istio alongside a microservice application running in Kubernetes and in the process create a service mesh to control the communication. We will show features of Istio such as:

  • Traffic Management, Resilient Communication and Load Balancing between Services
  • Policy Enforcement and Rate Limiting
  • Telemetry, Monitoring and Reporting
  • Securing Communication between
  • Microservices Canary Deployments

Tuesday December 5, 2017 9:00am - 12:00pm
Meeting Room 10A, Level 3

9:00am

Kubernetes on AWS Hands-on Workshop, Taught by AWS
Registration: Add this training on your KubeCon + CloudNativeCon North America conference registration here. If you are already registered for KubeCon + CloudNativeCon North America 2017, modify your registration to add the training or email us at events {at} cncf {dot} io.


Kubernetes is a popular cloud-native open-source orchestration platform for container management, scaling and automated deployment. It includes a rich set of features such as service discovery, multi-tenancy, stateful containers, resource usage monitoring, and rolling updates. Some of the questions we will go over are: 

  • How do we deploy using infrastructure technologies like CloudFormation and Terraform?
  • How can CLI clients such as kops, kubeadm and minikube be used to interact with Kubernetes?
  • What does a clean CI/CD pipeline look like using AWS?
  • How do we integrate with tools such as Maven?

In this code-driven workshop, you will learn how to package, deploy, scale and monitor your Java application using Kubernetes and the AWS cloud.


Tuesday December 5, 2017 9:00am - 4:00pm
Meeting Room 9B, Level 3

9:00am

FD.io Mini Summit

Registration: Add this training on your KubeCon + CloudNativeCon North America conference registration here. If you are already registered for KubeCon + CloudNativeCon North America 2017, modify your registration to add the training or email us at events {at} cncf {dot} io.

FD.io (Fast Data) is the first truly open data plane project focusing on data IO performance, scalability, efficiency, and programmable flexibility for networking and storage. FD.io provides a modular, extensible user space IO services framework that supports rapid development of high-throughput low-latency resource-efficient IO services. The design of FD.io is hardware, kernel, and deployment (bare metal, VM, container) agnostic. FD.io has been integrated with OpenStack Neutron, OpenDaylight, and Calico to provide a drop in upgrade for all of your dataplane needs. A key component of FD.io is the Vector Packet Processing (VPP) library contributed at the foundation of the project. The commercial-ready code targetable to run on standard x86, ARM, and Power servers is already running in products on the market today. VPP when connected to DPDK for network IO has shown to perform two orders of magnitude faster than currently available open source options implementing switching or routing workloads, reaffirming one of the core principles of FD.io: a focus on performance.

Join us at the FD.io Mini Summit to hear and learn from FD.io community experts who will be sharing information about the projects, use cases, capabilities, integration between FD.io and OpenStack/ODL/OPNFV/Other communities, tools and many more exciting topics. This is a great opportunity for the KubeCon + CloudNativeCon attendees to share their thought leadership and innovations at one of the industry’s premier events. 

*No Show Fee - Note that while FD.io Mini Summit is free to attend, anyone that is a no-show onsite will be charged $50 for each event not attended. This helps us in planning accurately for the event.

Agenda

9:00am - 9:20am - Welcome & Introduction - Ed Warnicke, Cisco
9:20am - 9:50am - A Pragmatic Approach to Service Assurance in a Cloud Native World - Balaji Ethirajulu, Ericsson Inc
9:50am - 10:20am - Benchmarking and Analysis of Software Network Data Planes - Maciek Konstantynowicz, Cisco; Patrick Lu, Intel; Shrikant M. Shah, Intel
10:20am - 11:10am - Break 
11:10am - 11:40am - VPP Host Stack - Florian Coras, Cisco
11:40am - 12:10pm - Empowering the User Space Stack on Cloud Native Applications - Hong Lin, Huawei
12:10pm - 12:40pm - Dataplane Networking Journey in Kubernetes - Kuralamudhan Ramakrishnan, Intel
12:40pm - 1:40pm - Lunch 
1:40pm - 2:10pm - Ligato: towards a platform for development of cloud-native VNFs - Jan Medved, Cisco
2:10pm - 2:40pm - The Arm Ecosystem Rallies Around FD.io - Tina Tsou, Arm
2:40pm - 3:10pm - Beyond pfSense - a new security router distribution - Jim Thompson, Netgate
3:10pm - 3:40pm - Agentless NIC-Based Security - Steve Pope, Solarflare Communications
3:40pm - 4:00pm - Break 
4:00pm - 4:45pm - Panel - Details to Come

Tuesday December 5, 2017 9:00am - 5:00pm
Meeting Room 10C, Level 3

9:00am

ONAP Workshop: Automating Networks in a Container World

Registration: Add this training on your KubeCon + CloudNativeCon North America conference registration here. If you are already registered for KubeCon + CloudNativeCon North America 2017, modify your registration to add the training or email us at events {at} cncf {dot} io.

In February 2017, The Linux Foundation introduced the Open Network Automation Platform (ONAP), which is the merger of the open source OPEN-O and ECOMP projects, code bases, and communities. The ONAP project allows operators to automate, design, orchestrate, and manage services and virtual functions. This Mini Summit examines how open source is moving up the stack and value chain, and The Linux Foundation's harmonization efforts underway to forge a unified vision and ultimately architecture to bring together open source projects and relevant standards. In addition, we will provide an in-depth introduction to the ONAP project, including the trends leading up to the project, scope, organization, etc.

Agenda:

Automating Networks in a Container World

9:00 – 9:10 Welcome & Intro - Phil Robb, The Linux Foundation
9:10 – 9:50 Overview & Discussion: Networking & Containers: Where Are We Now? Challenges, Opportunities - Host TBD
9:50 – 10:20 How Networking Will Be Transformed by DevOps - Jason Hunt, IBM
10:20-10:30 Break 
10:30 – 11:00 NFV in the Enterprise (Panel) 
11:00 – 11:30 Open Source Multi-Cloud Orchestration for Kubernetes with a Single Provider - Trammell Scruggs, Cloudify
11:30– 12:00 Toward Container Support As VNF-based Cloud Infrastructure - Isaku Yamahata, Intel
12:00 – 12:40 Overview & Discussion: Security In The Modern Virtualized Data Center - Hosts TBD
12:40 – 1:45 Lunch
1:45 – 3:45 BoF/Unconference 
3:45 – 4:00 Closing Remarks - Phil Robb, The Linux Foundation

 

*No Show Fee - Note that while ONAP Mini Summit is free to attend, anyone that is a no-show onsite will be charged $50 for each event not attended. This helps us in planning accurately for the event.


Tuesday December 5, 2017 9:00am - 5:00pm
Meeting Room 3, Level 1

9:00am

Kubernetes Hands-on Workshop w/Heptio

Registration: Add this training on your KubeCon + CloudNativeCon North America conference registration here. If you are already registered for KubeCon + CloudNativeCon North America 2017, modify your registration to add the training or email us at events {at} cncf {dot} io.

In this one day hands-on course you will deploy Kubernetes and containers to build out a distributed, highly available, fault tolerant application architecture. 

This course is delivered in an intimate setting with a ~10:1 student to teacher ratio, so you can get the help you need. Throughout the course, hands-on exercises reinforce the topics being discussed.

In addition to learning from our Kubernetes experts, you will have the opportunity:

  • Meet Kubernetes creators, Craig McLuckie (CEO) and Joe Beda (CTO) and our other Kubernetes committers for a Q&A session after each class
  • Get a copy of "Kubernetes: Up and Running" signed by Joe Beda
  • Join us for happy hour

Course topics include: 

  • Introduction
  • Deploy a Kubernetes Cluster
  • Containerize Applications
  • Deploy Applications
  • Manage and Modify Applications
  • ConfigMaps and Secrets
  • Persistent Volumes

Tuesday December 5, 2017 9:00am - 5:00pm
Meeting Room 8C, Level 3

10:00am

Sponsor Registration
Tuesday December 5, 2017 10:00am - 7:00pm
Palazzo, Level 1

1:00pm

Running Enterprise Kubernetes w/Tectonic
Registration: Add this training on your KubeCon + CloudNativeCon North America conference registration here. If you are already registered for KubeCon + CloudNativeCon North America 2017, modify your registration to add the training or email us at events {at} cncf {dot} io.

Running Kubernetes in an enterprise production environment requires a in-depth technical knowledge of Kubernetes and the relevant tools you need to keep your applications running properly. This hands-on workshop will introduce the audience to CoreOS Tectonic for running enterprise Kubernetes. CoreOS Tectonic includes an easy to use dashboard that provides access and insights into the many components of your stack. 

We will go over the following topics: 
  • Tectonic Overview 
  • Installing Tectonic 
  • Exploring the Tectonic Console 
  • Understanding the Tectonic Architecture 
  • Self-Hosted Kubernetes 
  • Security and Identity Monitoring 
  • Auto Updates 
  • The Future of Tectonic

Tuesday December 5, 2017 1:00pm - 4:00pm
Meeting Room 7, Level 3

1:00pm

Kubernetes Docs Sprint
The Kubernetes Docs special interest group (SIG docs) is running a Docs Sprint at Kubecon. Anyone with an interest in documentation or contributing to the Kubernetes website is welcome to join. We’ll be working in small teams to write content and improve documentation processes for Kubernetes. The projects we’ll be focusing on include improving user journeys through https://kubernetes.io, adding to the Kubernetes glossary, and improving our release notes process. This is a great opportunity to contribute to Kubernetes. All experience levels welcome. GitHub account required.

Tuesday December 5, 2017 1:00pm - 5:00pm
Mezzanine Office 6 & 7, Level 2

1:00pm

Istio Mini Summit

Registration: Add this training on your KubeCon + CloudNativeCon North America conference registration here. If you are already registered for KubeCon + CloudNativeCon North America 2017, modify your registration to add the training or email us at events {at} cncf {dot} io.

Join experts from Google, IBM, Tigera, and more to hear the latest developments on the Istio project. Connect with the community to hear about use cases, capabilities, and more.


Tuesday December 5, 2017 1:00pm - 5:00pm
Meeting Room 10A, Level 3

1:00pm

Container Troubleshooting with Sysdig Open Source

Registration: Add this training on your KubeCon + CloudNativeCon North America conference registration here. If you are already registered for KubeCon + CloudNativeCon North America 2017, modify your registration to add the training or email us at events {at} cncf {dot} io.

About: Join us for a 4-hour use-case driven training session on container visibility, troubleshooting and run-time security monitoring with the Sysdig open source tools (Sysdig and Falco) and learn how containers work under the hood.

Agenda:

  • Visibility and troubleshooting (~1 hour)
    • Learn how to debug a 502 error on a containerized LB with HPproxy, a Python webapp that crashes after working for 5 minutes or finding where you configured the wrong credentials in a microservices app.
  • Analyzing performance and bottlenecks (~1 hour)
    • Compare the performance of different web servers running in containers, use system call tracing to find the bottleneck in your application or learn how to use spectograms (flame graphs) to visualize system call performance. 
  • Debugging Kubernetes (~1 hour)
    • Dive into Kubernetes internals using reverse engineering: Why is that Kubernetes service valid but doesn't work? How does service resolution work? How does Kubernetes instruct Docker Engine?
  • Security run-time monitoring and forensics (~1 hour)
    • Last but not least, all these previous lessons can also be applied for security. Not only with forensics on an attack attempt, but Sysdig Falco can alert on containers with anomalous behaviour as well.

Speakers
avatar for Jorge Salamero

Jorge Salamero

DevOps Evangelist, Sysdig
Jorge enjoys monitoring all the things, from his container clusters to writing sensors plugins and DIY projects with Raspberry PI and ESP8266. | | Currently he is part of the Sysdig team, and in the past was one of the promoters of HumanOps. When he is away from computers, yo... Read More →


Tuesday December 5, 2017 1:00pm - 5:00pm
Meeting Room 10B, Level 3

1:00pm

OpenContrail Governance Summit - Day 1
OpenContrail Community facilitates the development, evolution and adoption of OpenContrail project across various open source ecosystems, including public and private clouds, container ecosystem and other computational platforms. OpenContrail is the leading open source, scalable, production grade  network fabric that provides a robust overlay SDN and network security. The Community goal is to maintain and improve the production ready and scalable nature of OpenContrail project while accelerating development, and attracting additional developers and users to the platform.


For the latest agenda, please refer to the OpenContrail Events page.

1:00-1:15pm Welcome and Introduction - Randy Bias

1:15- 1:45pm Community Status Recap - Greg Elkinbard

○      Review the progress of community creation over the last several mini-summits 

1:45 - 2:45pm Status Updates from the project working groups

○      Governance - Greg Elkinbard

○      Technical Steering Committee - Joseph Gasparakis

○      Architecture Review Board - Joseph Gasparakis, Paul Caver, Suhkdev Kapur

○      Infra - Paul Carver, Greg Elkinbard

2:45 - 3:00pm Break

3:00 - 5:00pm Charter and process document review (forum)

○      Governance

○      Technical Steering Committee

○      Architecture Review Board

5:00 - 5:15pm High Level community goals for 2018 (forum)

○      Discuss and set high level community goals for 2018

○      Events priority - identify key marketing events to support next year.

■      OpenStack

■      CNCF/Kubecon and Others

5:15 - 5:30 Outreach to other projects (OpenStack, Kubernetes, ONAP, OPNFV, others)

○      Our goal is to become ubiquitous SDN so we need to identify key projects which community will directly support, currently we integrate with OpenStack and CNCF CNI based projects such as Kubernetes and Mesos. Community discuss and set priorities in participating in other projects such as OPNFV, ONAP and others

 

For any questions, please contact gelkinbard@juniper.net


Tuesday December 5, 2017 1:00pm - 5:30pm
Hilton Austin - Meeting Room #410 500 East 4th Street Austin, TX USA 78701

1:00pm

Free Kubernetes 101 Workshop for the Enterprise w/VMware

This free workshop led by The Linux Foundation and VMware will provide an overview and walkthrough of containers and Kubernetes, with key concepts, architecture, and how Kubernetes is used in enterprise environments. The session will include running Kubernetes in enterprise use case scenarios and how enterpises can operationalize Kubernetes adressing day 1 and day 2 needs. 

  • Introduction to Containers
  • Overview of Kubernetes and Architecture
  • Kubernetes Deployment Walkthrough
  • Kubernetes Demos
  • Enterprise use case scenarios
  • Operationalizing Kubernetes
  • Mechanics of rolling upgrades
  • Monitoring Kubernetes

The workshop will finish with a reception right afterwards to allow time for some networking.


Tuesday December 5, 2017 1:00pm - 6:30pm
Ballroom C, Level 1

2:00pm

DevOps with K8s Meetup
On Dec 5, 2017, Huawei and patterns of CNCF community will be hosting a DevOps Meetup of Kubernetes in Austin. In this event, you will get over 3 sessions from Huawei, Loose and CoreOS. These topics focus on DevOps include CI/CD, modern infrastructure, networks and others in Kubernetes ecosystem.

The tickets are free, and we will have a great event with a lot of interesting discussion and some surprises.

More details on https://www.meetup.com/devops-for-kubernetes/events/243970695 Please join us!

Tuesday December 5, 2017 2:00pm - 5:00pm
Meeting Room 9C, Level 3

2:00pm

Event Registration
Tuesday December 5, 2017 2:00pm - 7:00pm
Palazzo, Level 1

5:00pm

Building Scalable Test Infrastructure with Kubernetes - Allan Schiebold, Codefresh
In this talk I'll quickly cover how we build scalable test infrastructure with Kubernetes. I'll cover common practices, and present some new ways to approach them.

Speakers
avatar for Allan Schiebold

Allan Schiebold

Solution Architect, Codefresh
Allan was born and raised in the suburbs of Detroit, MI. He started building personal computers at the young age of twelve, learned programming in high school with Visual Basic and JavaScript and continued on to earn his bachelors in Computer Science from the University of Michig... Read More →


Tuesday December 5, 2017 5:00pm - 5:05pm
Ballroom A, Level 1

5:10pm

How to Contribute to Kubernetes [B] - Nikhita Raghunath, Student
Do you want to contribute to Kubernetes? Not sure how or where to begin? It can be overwhelming! But fear not - you can join the thousands of successful contributors too!

In this talk we’ll explore the different parts of Kubernetes and how they work, see how the various components are related, discuss the skills you need to get started and learn the best ways to get your first Pull Request accepted.

You don’t have to be an expert; even mere mortals like us can make contributions. This talk will also walk through how I implemented my Google Summer of Code project even though I was completely new to Kubernetes. Once you see how easy it is, you’ll want to do it too!

Speakers
avatar for Nikhita Raghunath

Nikhita Raghunath

Student, NA
Nikhita is an undergraduate student and was a Google Summer of Code intern for the Cloud Native Computing Foundation. She is a contributor to Kubernetes and works on the extensibility of the Kubernetes API. She also likes helping others get started with open source.


Tuesday December 5, 2017 5:10pm - 5:15pm
Ballroom A, Level 1

5:20pm

Essentials for Building Your Own Database-as-a-Service [B] - Balachandran Chandrasekaran, Dell EMC
This session will discuss about essential blueprint for building and operating a database platform as a service by taking advantage of Kubernetes and its persistent storage support for stateful containerized applications.

Speakers
avatar for Balachandran Chandrasekaran

Balachandran Chandrasekaran

Sr. Advisor, Product Marketing, Dell EMC
I am a product manager working at Dell EMC. I currently work on Kubernetes, and Cloud Native storage platforms focused on persistent storage problems for containers. I have enormous interest in enabling enterprise data management for databases running inside containers at cloud s... Read More →



Tuesday December 5, 2017 5:20pm - 5:25pm
Ballroom A, Level 1

5:30pm

How Kubernetes is Helpful for Accelerating Machine Learning Research and Engineering [I] - Hitoshi Mitake, NTT Labs
In this lightning talk, the presenter shares his experience on helping machine learning research and engineering with kubernetes. k8s is not only a tool for managing microservices but also helpful for executing batch jobs like learning phase of deep learning frameworks and stateful services that provides data for the learning tasks. The presenter and his collaborators has been building and managing k8s cluster for TensorFlow learning tasks and HDFS as its learning data source. In addition, thanks to the pluggable scheduler architecture of k8s, their custom scheduler enshorts execution the learning tasks effecitvely and hides usage of network equipments and complex heterogeneous computational devices (e.g. GPUs) from researchers.

Speakers
avatar for Hitoshi Mitake

Hitoshi Mitake

Research Engineer, NTT Labs.
Hitoshi Mitake is a software engineer working for NTT Laboratories. He has been working on distributed storage systems for 5 years. His recent activities includes developing etcd, especially auth related stuff, as one of the maintainers. He is also working on techniques of effect... Read More →



Tuesday December 5, 2017 5:30pm - 5:35pm
Ballroom A, Level 1

5:50pm

Why is Community so Important? [B] - Yeni Capote Diaz, Samsung SDS
I believe one of the reasons Kubernetes has grown in popularity so rapidly in the past few years has a bit to do with its community. I want to share my experience as a member of the Kubernetes community and discuss how the interactions I've had have contributed towards my development as an engineer. As a woman of color and a recent graduate of a bootcamp, I know firsthand the power of a strong community. I also want to cover what helps a beginner engineer such as myself to thrive, contribute, and be successful in this industry. I want to share some important qualities that I have experienced in the Kubernetes community and where we can potentially improve.

Speakers
avatar for Yeni Capote Diaz

Yeni Capote Diaz

DevOps Engineer, Samsung SDS
In my past live I was a nanny. I found my love for programming quite accidentally. I started looking at online courses and found that the only option I could see myself doing was programming, so I took a couple classes. I wanted more, and then I discovered Ada Developer's Academy... Read More →



Tuesday December 5, 2017 5:50pm - 5:55pm
Ballroom A, Level 1

6:00pm

Watch This! - Johnathon Rippy, NetApp
Rippy will demonstrate Docker running on his rooted Android Wear watch.
To get this working required Docker, OpenEmbedded, Yocto, and AsteroidOS which he'll explain. If all goes well with the demonstration, he'll add the watch as a Kubernetes node and schedule a pod to run on it.

Rippy's initial tweet about Docker running on his watch:
https://twitter.com/jkrippy/status/826661130693128194

Speakers
avatar for Jonathan Rippy

Jonathan Rippy

MTS, NetApp
Rippy first installed Linux from a shoebox full of floppy disks in high school and never looked back. He's a native of North Carolina and works at NetApp on their OpenSource Docker and K8S storage plugins.



Tuesday December 5, 2017 6:00pm - 6:05pm
Ballroom A, Level 1
  • Difficulty Level Any

6:10pm

Stupid Kubectl Tricks - Jordan Liggitt, Red Hat
A whirlwind tour of some of the most useful, interesting, and under-sold features the Kubernetes command-line has to offer.

Speakers
avatar for Jordan Liggitt

Jordan Liggitt

Principal Software Engineer, Red Hat
Jordan Liggitt is a principal software engineer at Red Hat, and helps lead Kubernetes authentication and authorization efforts.



Tuesday December 5, 2017 6:10pm - 6:15pm
Ballroom A, Level 1
  • Difficulty Level Any

6:20pm

Telepresence: Local Development & Debugging of Remote Kubernetes Services - Abhay Saxena, Datawire
Developers who use Kubernetes for multi-container applications face a conundrum: develop locally or on a remote Kubernetes cluster. Local development adds complexity to your development environment, since you have to run (and maintain!) your entire multi-container app locally. On the other hand, a remote Kubernetes cluster doesn’t lend itself to live coding and debugging.

In this talk, we will talk about Telepresence (https://www.telepresence.io), an open source tool for Kubernetes that lets you develop and debug a service locally, while setting up a bidirectional proxy to a remote Kubernetes cluster. With Telepresence, you can make a quick change to a service, save, and test it -- while that service has full access to Kubernetes environment variables, ConfigMap, secrets, and other services running in your Kubernetes cluster.

Speakers
avatar for Abhay Saxena

Abhay Saxena

Principal Software Engineer, Datawire
Abhay Saxena is a Principal Software Engineer at Datawire where he is working on building open source tools for developers that are adopting or using microservices. He is currently the lead engineer on Telepresence, an open source tool for local development of Kubernetes microser... Read More →



Tuesday December 5, 2017 6:20pm - 6:25pm
Ballroom A, Level 1
  • Difficulty Level Any

6:30pm

Templating K8s: Easily Managing Applications via Common Configuration [B] - Don Steffy & Anubhav Aaeron, Oath
Like many other companies, Yahoo is working to containerize many legacy applications, managed with Kubernetes. In order to onboard several hundred applications and libraries, Kubernetes configuration files are created for each application and multiple CI/CD environments, which leads to thousands of similar YAML files across all applications.

In order to onboard all applications seamlessly, and also be able to centrally make incremental updates to the Kubernetes configuration files with no disruption to customers, some kind of standardization is required. We tested many existing options, looking for a tradeoff between simplicity and power, and decided on centrally-managed templates for the configuration files.

A very simple yaml interface with standard technical verbiage was provided for customers to onboard their applications. This paper describes the design, user experience, and outcomes of creating these templates, which allowed developers with no Kubernetes experience to onboard their application quickly, often in less than a day.

Speakers
AA

Anubhav Aaeron

Anubhav Aaeron: DevOps Engineer at Yahoo and Oath.
DS

Don Steffy

Software Engineer, Oath
Tools and DevOps Engineer at Extricity, Kodak Gallery, Yahoo, Oath.



Tuesday December 5, 2017 6:30pm - 6:35pm
Ballroom A, Level 1

6:30pm

EmpowHER Evening Event
Register here

Join other women attending KubeCon + CloudNativeCon North America for sparkling conversation and dazzling cocktails. Attendees will have an opportunity to get to know one another and network with other women in the tech industry from around the globe. Conversation during the evening event happy hour will include adoption, usability and life-hacks of distributed systems and containers, app development and current events in Kubernetes and other cloud native technologies, ways to increase inclusivity in our fast-growing ecosystem, and how to get involved with different Cloud Native projects. Space is limited and registration is required.

*Please note the start time is subject to change.

Tuesday December 5, 2017 6:30pm - 10:00pm
Moonshine Patio Bar & Grill 303 Red River Street, Austin, TX 78701

6:40pm

Testing Kubernetes Patches with kube-spawn, the a local, multi-node Kubernetes Cluster Tool [B] - Chris Kuhl, Kinvolk
kube-spawn is a tool for running local, multi-node Kubernetes clusters on Linux machines. It was originally created as a means to test Kubernetes patches locally in a multi-node environment. Unlike other tools of its kind, it does not use VMs nor Docker app containers. Instead, it utilizes OS containers run with systemd-nspawn. As such, one can run a local, many-node cluster on modest hardware, with each node running a full OS, by default CoreOS's Container Linux.

Speakers
avatar for Chris Kühl

Chris Kühl

CEO, Kinvolk
After getting hooked on open source software as a hobby through the GNOME project, Chris turned his passion into a career and has since co-founded Kinvolk in Berlin, which focuses exclusively on foundational Linux technologies such as the Linux kernel, systemd, rkt, Kubernetes, e... Read More →


Tuesday December 5, 2017 6:40pm - 6:45pm
Ballroom A, Level 1

6:50pm

Moving Fast with Microservices: Building and Deploying Containerized Applications in a Cloud-Native World - Mica Hernandez van Leuffen, Wercker
As software becomes more and more complex, we, as software developers, have been splitting up our code into smaller and smaller components. This is also true for the environment in which we run our code: going from bare metal, to VMs to the modern-day Cloud Native world of containers, schedulers and microservices.While we have figured out how to run containerized applications in the cloud using schedulers, we've yet to come up with a good solution to bridge the gap between getting your containers from your laptop to the cloud.
How do we build software for containers? How do we ship containers? How do we do all of it without shooting ourselves in the foot? In this talk, we'll explore how current delivery systems are falling behind, and how we need to change the mental model, create new best-practices and treat containers as a first-class citizen.

Speakers
avatar for Micha "mies" Hernandez van Leuffen

Micha "mies" Hernandez van Leuffen

CEO, Wercker
Micha “mies” Hernandez van Leuffen is a hacker entrepreneur, and the founder and CEO of Wercker. He set up Wercker in order to make developers’ lives easier by building the next generation of developer automation for the Modern Cloud.


Tuesday December 5, 2017 6:50pm - 6:55pm
Ballroom A, Level 1
  • Difficulty Level Any

7:00pm

CRI Proxy: Solving the Chicken-and-Egg Problem of Running a CRI Implementation as a DaemonSet [I] - Piotr Skamruk, Mirantis
CRI allows for special-purpose CRI implementations such as Virtlet, which makes it possible to run VMs as if they were containers. Still, deployment of these CRI implementations may bring us back to pre-container days, because we run into problems with additional required software such as libvirt, the need to configure the operating system on the node in different ways, and so on. We can also have problems with upgrading the CRI implementation apps, because unlike other components, they require special treatment. It would be nice if we could use the deployment power of k8s to install these apps on some of the nodes.
Further complicating matters is the fact that if your CRI doesn't support Docker images, and is too different from Docker, you need to install Kubernetes components such as kube-proxy and a CNI plugin in a special way, meaning that you have to prepare special-purpose CRI nodes in a very special way.
Even if you just want to create a quick demo of your CRI that runs on Kubernetes clusters deployed using a popular tool such as kubeadm, you may need to tweak the node config just a bit to make this happen.

DaemonSet seems like it might be the right choice for a CRI implementation, but here we run into the chicken-and-egg problem, as a CRI implementation is required to be running on the node in order to run any pods there.
Enter CRI Proxy. CRI requests that deal with plain pods are handled by the primary CRI implementation (such as docker-shim), while requests that are marked in special way (using pod annotations and image name conventions) get directed to the special-purpose CRI implementation. This way, the deployment headache almost goes away - all you have to do is install CRI Proxy on the node, and the proxy has minimal dependencies. For demo installations, the proxy provides “bootstrap” mode, which automagically installs CRI Proxy on clusters installed with kubeadm, and possibly some other cluster setup tools, too.

(If we have time, I may also say a few words about hyper’s approach; they have something like CRI proxy built into their CRI implementation, which solves problem of running k8s components on the node, though it doesn’t help much with deployment problem.)

Speakers
PS

Piotr Skamruk

Senior Kubernetes Engineer, Mirantis
Piotr Skamruk is long time GNU/Linux and Forth language enthusiast, system administrator, sys developer. Was working on kernel sources, backend applications and even on frontends in wide variety of languages. While working at Intel - one of the main creators of the kvm flavor for... Read More →



Tuesday December 5, 2017 7:00pm - 7:05pm
Ballroom A, Level 1

7:00pm

BoF: Identity & Microservices - hosted by Sunil James, Scytale
This BoF will focus on bringing together individuals who are passionate about presenting use cases that benefit from injecting identity into microservices (a la SPIFFE). This knowledge sharing will not only help build common ground, but the F2F conversations will help to build direct relationships.

Speakers
avatar for Sunil James

Sunil James

Scytale, Inc.
Come speak with me if you're interested in using technologies like SPIFFE (https://github.com/spiffe/) to securely and easily build identity-driven, cloud-native, distributed software systems. Even if you're not, still come speak with me!


Tuesday December 5, 2017 7:00pm - 8:00pm
Meeting Room 7, Level 3

7:00pm

BoF: Kubernetes and IoT - hosted by Ian Skerrett, Eclipse Foundation
In this BOF we will discuss how Kubernetes can be used to support Internet of Things use cases. This may include using Kubernetes at the 'edge', using Kubernetes on IoT cloud platforms and any other use cases people might bring forward. The goal is to better understand the opportunities and challenges for using Kubernetes in IoT deployments.

Speakers

Tuesday December 5, 2017 7:00pm - 8:00pm
Meeting Room 9C, Level 3

7:10pm

REST, RPC, and Brokered Messaging - Nathan Murthy, Tesla
Effective communication between distributed and heterogeneous components is essential for modern service-oriented architectures to work well. REST, RPC, and brokered messaging are the most popular communication styles for achieving this, but when is it appropriate for choosing one style over the other? A well-defined microservice architecture should be accompanied by a well-defined communications semantics. This talk draws on my personal experience defining these semantics for systems I’ve built at Tesla.

Speakers
avatar for Nathan Murthy

Nathan Murthy

Staff Software Engineer, Tesla
Nathan currently works at Tesla developing services for managing distributed energy resources at scale. He is passionate about sustainable energy and has written software for startups, big companies, commercial R&D teams, and academia.


Tuesday December 5, 2017 7:10pm - 7:15pm
Ballroom A, Level 1
  • Difficulty Level Any

7:20pm

Minikube Developer Workflow and Advanced Tips [B] - Matt Rickard, Google
A brief overview of the tools available in minikube to simplify building and testing your applications on a local Kubernetes cluster.

- Bootstrapping minikube with kubeadm,
- Running minikube in TravisCI
- Minikube addons (ingress controller, registry credentials helper)
- Preloading and caching images in minikube, and other tips to help you develop your applications on top of Kubernetes even faster.

Speakers
avatar for Matt Rickard

Matt Rickard

Software Engineer, Google
Minikube Maintainer, Container Tools at Google



Tuesday December 5, 2017 7:20pm - 7:25pm
Ballroom A, Level 1
 
Wednesday, December 6
 

8:00am

Registration + Breakfast
Wednesday December 6, 2017 8:00am - 9:00am
Palazzo, Level 1

9:00am

Keynote: CloudNativeCon Opening Keynote - Dan Kohn, Executive Director, Cloud Native Computing Foundation
Speakers
avatar for Dan Kohn

Dan Kohn

Executive Director, Cloud Native Computing Foundation
Dan is Executive Director of the Cloud Native Computing Foundation, which sustains and integrates open source technologies like Kubernetes and Prometheus. He also helped create and launch the Linux Foundation's Core Infrastructure Initiative as an industry-wide response to the se... Read More →


Wednesday December 6, 2017 9:00am - 9:20am
Exhibit Hall 3, Level 1

9:20am

Keynote: CNCF Project Updates - Michelle Noorali, Senior Software Engineer, Microsoft Azure
Project representatives will share their updates. 

Speakers
avatar for Michelle Noorali

Michelle Noorali

Software Engineer, Microsoft Azure
Michelle is a software engineer on the Azure Container Service team at Microsoft and a core maintainer on the Kubernetes Helm project. She co-leads SIG-Apps which is the Kubernetes special interest group for running and managing applications and workloads on Kubernetes. She has p... Read More →


Wednesday December 6, 2017 9:20am - 9:50am
Exhibit Hall 3, Level 1

9:50am

Keynote: Accelerating the Digital Transformation - Imad Sousou, VP, Software Services Group & GM, OpenSource Technology Center, Intel Corporation

What happens when you need to get software to run reliably when moving from one computing environment to another? Imad Sousou, Vice President of the Software and Services Group and General Manager of the Open Source Technology Center for Intel Corporation, will highlight how we can use open source software to support our rapidly changing world.


Speakers
avatar for Imad Sousou

Imad Sousou

VP, Software Services Group & GM, OpenSource Technology Center, Intel Corporation
Imad Sousou is vice president in the Software and Services Group at Intel Corporation and general manager of the Intel Open Source Technology Center, a position he's held since its founding in 2003. Sousou is responsible for Intel's efforts in open source software across a wide r... Read More →


Wednesday December 6, 2017 9:50am - 9:55am
Exhibit Hall 3, Level 1

9:55am

Keynote: Spinnaker and the Culture Behind the Tech - Dianne Marsh, Director of Engineering, Netflix
Speakers
avatar for Dianne Marsh

Dianne Marsh

Director of Engineering, Netflix
Engineering Tools, Developer Productivity, Continuous Delivery, Women in Tech


Wednesday December 6, 2017 9:55am - 10:15am
Exhibit Hall 3, Level 1

10:15am

Keynote: Cloud Native at AWS - Adrian Cockcroft, Vice President Cloud Architecture Strategy, Amazon Web Services
Speakers
avatar for Adrian Cockcroft

Adrian Cockcroft

Vice President Cloud Architecture Strategy, Amazon Web Services
Adrian Cockcroft has had a long career working at the leading edge of technology, and is fascinated by what happens next. In his role at AWS, Cockcroft is focused on the needs of cloud native and “all-in” customers, and leads the AWS open source community development program... Read More →


Wednesday December 6, 2017 10:15am - 10:35am
Exhibit Hall 3, Level 1

10:30am

Sponsor Showcase
Wednesday December 6, 2017 10:30am - 8:30pm
Exhibit Halls 1 & 2

10:40am

Morning Break
Wednesday December 6, 2017 10:40am - 11:10am
Palazzo, Level 1

11:10am

Panel: Kubernetes, Cloud Native and the Public Cloud [B] - Moderated by Dan Kohn, Cloud Native Computing Foundation
The six largest public cloud providers -- AWS, Microsoft, Google Cloud, IBM Cloud, Alibaba Cloud and Oracle -- are all now major backers of CNCF and Kubernetes. This is a chance to hear their perspective on investments they are making into Kubernetes and other CNCF technologies. How are they using these technologies internally? What changes are they making in their offerings to better suit cloud native enterprises? What is their perspective on the future of container runtimes? How do they deal with customers that need a hybrid cloud solution? Is the infrastructure layer becoming commoditized? What is their ability to differentiate in value added services at the higher layers? What projects should CNCF bring in to help fill out its stack?

Moderators
avatar for Dan Kohn

Dan Kohn

Executive Director, Cloud Native Computing Foundation
Dan is Executive Director of the Cloud Native Computing Foundation, which sustains and integrates open source technologies like Kubernetes and Prometheus. He also helped create and launch the Linux Foundation's Core Infrastructure Initiative as an industry-wide response to the se... Read More →

Speakers
avatar for Brandon Chavis

Brandon Chavis

Solutions Architect, Amazon Web Services
Brandon Chavis is a Cloud Artisan for Amazon Web Services. He focuses on hand-crafted, small batch, sustainable, and organic cloud architectures.
avatar for Jon Mittelhauser

Jon Mittelhauser

Vice President of Engineering, Oracle
Jon runs engineering for the Container Native Platform team at Oracle (which includes all of Oracle’s Kubernetes offerings). Jon is considered one of the founding fathers of the World Wide Web with more than 20 years of open source and engineering management experience.  He wrote the first widely used Web browser (NCSA Mosaic for Windows) as part of his... Read More →
avatar for Gabe Monroy

Gabe Monroy

Lead PM for Containers, Microsoft Azure
Gabe Monroy is the Lead PM for Containers on Microsoft Azure. Gabe was the founder and CTO of Deis, which was acquired by Microsoft in 2017. As an early contributor to Docker and Kubernetes, Gabriel has deep experience with containers in production and frequently advises organi... Read More →
avatar for Todd Moore

Todd Moore

VP, Open Technology, IBM
Todd leads the IBM global team working to develop open communities that fuel both innovation and new business models. Todd can be found engaged with communities and technologies that span Cloud Computing, Mobile, Social Business, and Analytics. He has the pulse of where open innovation is happening around the industry. Todd has a unique background in software and hardware development, architecture, design and product management. He has served in executive roles in both... Read More →
avatar for Aparna Sinha

Aparna Sinha

Group Product Manager, Google
Aparna Sinha leads the product team at Google for Kubernetes and Container Engine. She started and co-leads the community PM Special Interest Group (SIG) to maintain an open backlog for the Kubernetes project on Github. Aparna is currently a secondary member of the CNCF Governing... Read More →
avatar for Hong Tang

Hong Tang

Chief Architect, Alibaba Cloud
Dr. Hong serves as Chief Architect at Alibaba Cloud, the cloud computing arm of Alibaba Group. He joined Alibaba Cloud in 2010 and has been instrumental in the development of Apsara, Alibaba Cloud’s large-scale computational engine.  | | Prior to Alibaba Cloud, he was a Director of Search System Infrastructure at the... Read More →


Wednesday December 6, 2017 11:10am - 11:45am
Ballroom A, Level 1

11:10am

Container Runtime and Image Format Standards - What it Means to be “OCI-Certified” [I] - Jeff Borek, IBM & Rob Dolin, Microsoft
With the proliferation and rapid growth of container-based solutions over the past few years— including container-based solutions from almost all major IT vendors, cloud providers, and emerging start-ups—the industry needed a standard on which to support container image formats and runtimes while also ensuring interoperability and neutrality. The Open Container Initiative (OCI) was launched with the goal of developing common, minimal, open standards and specifications around container technology without the fear of lock-in. OCI has recently issued v1.0 of its container image format and runtime specifications, which enable a consistent and stable platform for running containerized applications.

The next phase in ensuring broad adoption of common container image format and runtime specifications is the OCI Certification program, which will be launching soon. This session will provide an overview and goals of the program, factors to consider if becoming OCI-certified makes sense for your container project, how to get your container project OCI-certified, and how you might be able to gain interoperability benefits from OCI-certified solutions. This session will also include a demo of the OCI Image validator being run against container images from container image registries from multiple vendors.

Speakers
avatar for Jeff Borek

Jeff Borek

Open Technologies & Partnerships, IBM
Jeffrey Borek is a senior technology and communications executive with over twenty years of leadership and technical experience in the Software, Telecommunications, and Information Technology/Consulting industries. He is currently a WW Program Director for the Open Technologies and Developer Advocacy team - working with developers, business partners, leading industry analysts, and various open source community initiatives including; the Cloud Native Computing Foundation (CNCF) initiative, the Open Container Initiative (OCI), and the Open API Initiative (OAI) to ensure rapid response to changes in the open source... Read More →
avatar for Rob dolin

Rob dolin

Senior Engineering Program Manager, Microsoft
Rob Dolin is the Co-Chair of the Open Container Initiative (OCI) Certification Program WG. He works as a Senior Engineering Program Manager on Microsoft’s Open Interoperability team. His past community work includes service on the OpenDaylight Technical Steering Committee, as a... Read More →


Wednesday December 6, 2017 11:10am - 11:45am
Ballroom B, Level 1

11:10am

Using Containers for Continuous Integration and Continuous Delivery [I] - Carlos Sanchez, CloudBees
Building and testing is a great use case for containers, both due to the dynamic and isolation aspects, but it increases complexity when scaling to multiple nodes and clusters.

Jenkins is an example of an application that can take advantage of Kubernetes technology to run Continuous Integration and Continuous Delivery workloads. Jenkins and Kubernetes can be integrated to transparently use on demand containers to run build agents and jobs, and isolate job execution. It also supports CI/CD-as-code using Jenkins Pipelines and automated deployments to Kubernetes clusters. The presentation will allow a better understanding of how to use Jenkins on Kubernetes for container based, totally dynamic, large scale CI and CD.

Speakers
avatar for Carlos Sanchez

Carlos Sanchez

Software Engineer, CloudBees
Carlos Sanchez specializes in software automation, from build tools to Continuous Delivery. He has spoken at several conferences around the world, including ApacheCON, JavaOne, Fosdem,... Involved in Open Source for more than ten years, he is the author of the Jenkins Kubernetes... Read More →


Wednesday December 6, 2017 11:10am - 11:45am
Meeting Room 9AB, Level 3

11:10am

The Makers of Marvels: How Developers Are Rebuilding the Enterprise, One Brick at a Time [B] - Abby Kearns, Cloud Foundry Foundation
History teaches us that astonishing feats occur not when a singular leader envisions them, but when a mass of skilled workers collaborates to transform that vision into something material. The Pyramids of Giza, for example, were not built overnight by a Pharaoh, but constructed by tens of thousands of workers over a period of years. Today’s “pyramid” is quite a bit smaller, but a wonder of the world in its own right: The iPhone has transformed the world as we know it -- but most of its power comes from the app store, which offers thousands of apps created from the imaginations of thousands of developers. These developers are the makers of marvels in our time. They instantiate the very concept of digital transformation -- that notion of infrastructure disruption and re-assembly on the mind of every CIO. Business development is driven by software development, and software development is shaped by developers in the open source community.

In her talk, Abby Kearns empowers developers to think of themselves as the doers and makers who hold the key to unlocking digital transformation. She will cover the importance of diversity among developers for the technology industry to evolve and to reflect its user base, and will highlight the key open source concepts and technologies powering this trans-industrial transformation.

Speakers
avatar for Abby Kearns

Abby Kearns

Executive Director, Cloud Foundry Foundation
With nearly twenty years in the tech world, Abby Kearns is a true veteran of the industry. Her lengthy career has spanned product marketing, product management and consulting across Fortune 500 companies and startups alike. As Executive Director of Cloud Foundry Foundation, Abby helms the ecosystem of developers, users and applications running on Cloud Foundry, and works closely with the Board to drive the... Read More →


Wednesday December 6, 2017 11:10am - 11:45am
Meeting Room 10AB, Level 3

11:10am

Unified Monitoring of Containers and Microservices [I] - Nishant Sahay, Wipro Limited
Microservices are become critical for enterprise strategy towards simplifying their IT landscape. For a successful journey of microservice adoption, Container management, DevOps and Monitoring play an important role. Managing microservices in large-scale deployments are fraught with many unique challenges for enterprise IT.

Following are some of the key metrics of microservice monitoring which will enable the enterprises to manage their container platforms better:

1. Collecting logs, metrics from containers
2. Monitoring application running inside the container
3. Distributed tracing and the time taken by each service call.
4. Storage, analysis of collected metrics, logs
5. Performing RCA and anomaly detection on the collected logs and metrics

This session would explain how to harness the power of Zipkin with the intelligence of Spark ecosystem and the flexibility of ELK+ Beats to create a unified monitoring solution. Key features of this solution are – utilization of distributed tracing, infrastructure metrics to manage containers. All this is done through visualization, correlation and predictive monitoring

Speakers
avatar for Nishant Sahay

Nishant Sahay

Senior Architect, Wipro Limited
Nishant is a senior architect at Wipro Technologies with extensive experience in data architecture, design and visualization. Nishant is a Sun Certified Developer and IBM Certified IT Specialist with work experience spanning roles that include Software development, design and arc... Read More →



Wednesday December 6, 2017 11:10am - 11:45am
Ballroom C, Level 1

11:10am

Establishing Container Trust at Scale [I] - Tim Mackey, Black Duck Software
Quantifying risks in a container image is a critical aspect of production deployments. With orchestration clusters supporting thousands of nodes, any risk assessment solution must work at production scale. Once a trusted image is deemed vulnerable, application risk increases, but which applications are impacted, and how far has trust been broken? Trust is established through best practices including the use of trusted image registries, static code analysis, fuzzing, strong perimeter defenses and deployment controls. Unfortunately, this trust model omits information flow.
Malicious actors succeed when applications are most vulnerable. When devising action plans in response to security disclosures, defenders must quickly assess both the impact and scope of the disclosure. This time to remediation requires accurate and actionable vulnerability assessments as applications are created, deployed and scaled. Enhancing security information flow accelerates risk mitigation at production scale.

Speakers
avatar for Tim Mackey

Tim Mackey

Senior Technology Evangelist, Black Duck Software
Tim Mackey is a technology evangelist for Black Duck Software specializing in the secure deployment of applications using virtualization, cloud and container technologies. Prior to joining Black Duck, Tim was most recently the community manager for XenServer and was part of the C... Read More →


Wednesday December 6, 2017 11:10am - 11:45am
Meeting Room 6AB, Level 3

11:10am

Panel: Ask Me Anything: Microservices and Service Mesh [B] - Moderated by Jason McGee, IBM
Have you heard the buzz around microservices and containers lately? With containers becoming the new standard to building microservice based applications for production, users are leveraging the service mesh to solve common issues with routing, re-routing for graceful degradation as services fail, secure inter-service communication and rate limiting between services. Join us for a live interactive session where our panel of experts from IBM, Google, Envoy, Linkerd and RedHat will address your most challenging inquiries around microservice and service mesh!

Speakers
avatar for Matt Klein

Matt Klein

Software Engineer, Lyft
Matt Klein is a software engineer at Lyft and the architect of Envoy. Matt has been working on operating systems, virtualization, distributed systems, and networking and making systems easy to operate for 15 years across a variety of companies. Some highlights include leading the... Read More →
SM

Sven Mawson

Google: Sven Mawson (sven@google.com) Sven is a Senior Staff Software Engineer at Google, and one of the founders of the open source Istio project. He joined Google in 2006, and has spent the past 10 years working on several generations of Google's API Management platform, starti... Read More →
avatar for Jason McGee

Jason McGee

Fellow & VP, IBM
Jason McGee, IBM Fellow, is VP and CTO of Container and Microservice Tribe. Jason leads the technical strategy and architecture across all of IBM Cloud, with specific focus on core foundational cloud services, including containers, micro-services, continuous delivery and operatio... Read More →
avatar for William Morgan

William Morgan

CEO, Buoyant
William is the cofounder and CEO of Buoyant, a startup focused on building service mesh technology. Prior to Buoyant, he was an infrastructure engineer at Twitter, where he helped move Twitter from a failing monolithic Ruby on Rails app to a highly distributed, fault-tolerant mic... Read More →
avatar for Christian Posta

Christian Posta

Principal Architect, Cloud Native Apps, Red Hat
Christian Posta (@christianposta) is a Principal Middleware Specialist/Architect at Red Hat and well known for being an author (Microservices for Java Developers, O’Reilly 2016), frequent blogger, speaker, open-source enthusiast and committer on Apache ActiveMQ, Apache Camel, F... Read More →


Wednesday December 6, 2017 11:10am - 11:45am
Meeting Room 9C, Level 3

11:10am

Prometheus Salon - hosted by Frederic Branczyk, CoreOS, Bob Cotton, FreshTracks.io, Goutham Veeramanchaneni, & Tom Wilkie, Kausal

The Prometheus Salon will feature talks from Prometheus developers, including an introduction to Prometheus for beginners, a closer look at how you can use Prometheus to monitor your Kubernetes cluster, and a discussion of the new features in Prometheus 2.0. 

The session will include hands-on access to a live Prometheus and Kubernetes cluster, allowing you to experiment with PromQL queries to gain deeper insights into your Kubernetes clusters.


Speakers
avatar for Frederic Branczyk

Frederic Branczyk

Software Engineer, CoreOS
Frederic Branczyk is an engineer at CoreOS, where he contributes to Prometheus and Kubernetes to build state-of-the-art modern infrastructure and monitoring tools. Frederic discovered his interest in monitoring tools and distributed systems in his previous jobs, where he used mac... Read More →
avatar for Bob Cotton

Bob Cotton

FreshTracks.io, Co-Founder
Bob Cotton is a co-founder of FreshTracks.io, a Kubernetes and Prometheus focused monitoring startup. Mr. Cotton bleeds observability based on 22 years designing, architecting, building and running distributed SaaS solutions. Infrastructure and application metrics, full-stack dis... Read More →
avatar for Goutham Veeramanchaneni

Goutham Veeramanchaneni

Student, IIT Hyderabad
Goutham is a student and a developer from India. His enthusiasm for Ops got him an internship on the infra team of a large company where he worked on Production infrastructure and built the company's monitoring system on top of Prometheus. | That was his first encounter with pr... Read More →
avatar for Tom Wilkie

Tom Wilkie

Founder, Kausal
Tom is the founder of Kausal, a new company working on Prometheus & Cortex. Previously he worked at companies such as Weaveworks, Google, Acunu and XenSource. In his spare time, Tom likes to make craft beer and build home automation systems.


Wednesday December 6, 2017 11:10am - 12:30pm
Meeting Room 10C, Level 3

11:10am

When the Going Gets Tough, Get TUF Going! [I] - David Lawrence & Ashwini Oruganti, Docker
Software distribution and packaging systems are rapidly becoming the weak link in the software lifecycle. In this talk we will look at the security landscape of existing software update systems and signing strategies. We will then introduce The Update Framework (TUF), a new signing framework that looks to address many of the challenges found in existing systems and more.

TUF provides protections against data tampering, rollbacks, key compromise, and other more esoteric attacks. We will investigate how it achieves these protections and show you how to start using it today.

While TUF is a general signing framework, we will also address use cases specific to the Cloud Native Ecosystem. These include how to use TUF signing to de-privilege cluster managers and attach metadata to images and containers in a decentralized manner which can be leveraged for policy management.

Speakers
DL

David Lawrence

Senior Security Engineer, Docker
Lay security developer that has learned a lot of mistakes the hard way. David started off building authentication systems, moved on to encrypted cloud storage for a few years, and is now working on the Security Team at Docker, presently focused on securing software distribution
AO

Ashwini Oruganti

Ashwini is a Security Engineer at Docker and an open source developer. She is the author of pyca/tls, a pure-python TLS 1.2 implementation with opinionated and secure APIs. In the past, she has worked on Twisted - an asynchronous event-driven networking framework, and Hippy - a P... Read More →


Wednesday December 6, 2017 11:10am - 11:45pm
Meeting Room 5ABC, Level 3

11:55am

DevOps Friendly Doc Publishing for APIs & Microservices - Amanda Whaley, Cisco DevNet
Microservices create an explosion of internal and external APIs. These APIs need great docs. Many organizations end up with a jungle of wiki pages, swagger docs and API consoles. Keeping docs updated and in sync with code can be a challenge. We’ve been working on a project to help solve this problem for engineering teams internally across Cisco. The goal is to create a forward looking developer and API doc publishing pipeline that:

- Has a developer friendly editing flow
- Accepts many API spec formats (Swagger, RAML, etc)
- Supports long form documentation in markdown
- Is CI/CD pipeline friendly so that code and docs stay in sync
- Is flexible enough to be used by a wide scope of teams and technologies

This session will share many lessons learned about tooling and attendees will learn how to solve documentation challenges for internal and external facing APIs. We have found that solving this doc publishing flow is a key component of a building modern infrastructure.

Speakers
avatar for Amanda Whaley

Amanda Whaley

Director of Developer Experience at Cisco DevNet, Cisco DevNet
Amanda Whaley is Director of Developer Experience & Developer Evangelism for Cisco DevNet. She spends most of her time thinking about how developers use Cisco APIs, and about how to make their job easier. She also leads a team of developer evangelists who work with Cisco partners... Read More →


Wednesday December 6, 2017 11:55am - 12:30pm
Meeting Room 8ABC, Level 3
  • Difficulty Level Any

11:55am

SIG Testing Update - hosted by Aaron Crickenberger, Samsung SDS
Speakers
avatar for Aaron Crickenberger

Aaron Crickenberger

Cloud Architect, Samsung SDS


Wednesday December 6, 2017 11:55am - 12:30pm
Meeting Room 4C, Level 3

11:55am

Embedding the Containerd Runtime for Fun and Profit [I] - Phil Estes, IBM
The containerd project, one of the youngest in CNCF, is purpose-built to be an embeddable container runtime expected for use within higher layer container systems like the Docker engine and the Kubernetes orchestrator. Of course, the intent is that it will be used and embedded within a variety of software systems and has been designed for easy consumption via a gRPC API and client library.

In this talk we'll walk through a straightforward example of building up a container "client" written in Go, using today's containerd client library and API. Similar to how the Kubernetes CRI uses the containerd endpoints or how the Docker engine's libcontainerd operates, our small client will have access to all the same capabilities of container lifecycle management and registry interactions provided by containerd.

To finish our tour of building a fully functioning containerd client, we will pair our new sample application with LinuxKit and the Moby tool project. Using these tools, we'll build a simple virtual machine that embeds containerd and our sample client to test interesting aspects of containerd's capabilities in our own customized Linux OS image.

Speakers
avatar for Phil Estes

Phil Estes

Senior Technical Staff, Office of the CTO, IBM
Phil is a Senior Technical Staff Member in the office of the CTO of IBM Cloud. Phil is a core contributor and maintainer on the Docker engine project where he has contributed key features like user namespace support and multi-platform image capabilities. Phil is also a founding m... Read More →


Wednesday December 6, 2017 11:55am - 12:30pm
Ballroom B, Level 1

11:55am

Deploying to Kubernetes Thousands of Times Per/Day - Dan Garfield, Codefresh & William Denniss, Google
Connecting all the pieces to make zero downtime continuous delivery happen at scale. We'll show real teams bring all the components come together to make high-velocity deployment to Kubernetes scale. Get a hands on view of the critical steps that go into making container management a scalable process that not only allows teams to delivery faster but with more confidence in the final result.

Speakers
avatar for William Denniss

William Denniss

Product Manager, Google
William is a Product Manager at Google and works on Google Cloud and Kubernetes. He has a passion for open source and open standards, is the author of several IETF Internet-Drafts including OAuth 2.0 for Native Apps, and founded AppAuth, the leading open source OAuth client for n... Read More →
avatar for Dan Garfield

Dan Garfield

Full-Stack Engineer and VP of Marketing, Codefresh


Wednesday December 6, 2017 11:55am - 12:30pm
Meeting Room 9AB, Level 3
  • Difficulty Level Any

11:55am

Next Generation Services at Indeed Using gRPC [I] - Jaye Pitzeruse, Indeed.com
At Indeed, we use an internal framework for interprocess communication called Boxcar. Boxcar was developed in 2010 and provides built-in advantages when used with Indeed’s infrastructure. This framework was originally built as a proof of concept and only targeted Java as a supported language. Due to this limitation, it has not scaled with Indeed’s growth and adoption of more and more languages. Recently, Indeed has started to experiment with gRPC as a replacement for the framework. In this talk, we’ll describe our existing service infrastructure and the changes we made in order to support gRPC. We’ll also discuss the strategy we used to migrate existing Boxcar services over to using gRPC. Finally, we’ll compare benchmarks between Boxcar and the new gRPC-based system. Other technologies mentioned in the talk: linkerd for load balancing, opentracing.

Speakers
avatar for Jaye Pitzeruse

Jaye Pitzeruse

Senior Software Engineer, Indeed.com
Senior Software Engineer working out of Indeed's Austin tech office for the last 4 years. Today, I own the distributed services framework that drives many of the systems at Indeed. I also work with our Services Infrastructure Group to expand our service capabilities. Such capabil... Read More →



Wednesday December 6, 2017 11:55am - 12:30pm
Meeting Room 10AB, Level 3

11:55am

Istio: Weaving the Service Mesh [I] - Shriram Rajagopalan, IBM & Louis Ryan, Google
With the rapid adoption of microservices new tools are needed to load-balance, route, secure and monitor the traffic that flows between them. Istio provides a common networking, security, policy and telemetry substrate for services that we call a ‘Service-Mesh’. Come learn how the service-mesh helps with the transition to microservices, to empower operations teams, to adopt security best-practices and much more. We’ll also cover the state of the project, where it’s headed and how you can get involved.

Speakers
avatar for Shriram Rajagopalan

Shriram Rajagopalan

Tech Lead, Istio, IBM
Shriram Rajagopalan is a researcher at IBM Research. He works closely with IBM's enterprise customers developing platforms and solutions for microservice deployments. He has had diverse experience in developing various aspects of the software stack over the last decade. He has wo... Read More →
LR

Louis Ryan

Software Engineer, Google
Louis Ryan is a Principal Engineer at Google working on APIs and microservices. Prior to working on Istio he co-authored the GRPC spec and ran the infrastructure that supports Googles consumer facing APIs.


Wednesday December 6, 2017 11:55am - 12:30pm
Ballroom A, Level 1

11:55am

Full Stack Visibility with Elastic: Logs, Metrics and Traces - Carlos Pérez-Aradros, Elastic
"With microservices every outage is like a murder mystery" is a common complaint. But it doesn't have to be! This talk gives an overview on how to monitor distributed applications. We dive into:

System metrics: Keep track of network traffic and system load.
Application logs: Collect structured logs in a central location.
Audit info: Watch for user and processes activity in the system.
Uptime monitoring: Ping services and actively monitor their availability and response time.
Application metrics: Get metrics and health information from for application via REST or JMX.
Request tracing: Gather timing data by using tools like Zipkin to retrieve and show call traces.

Speakers
avatar for Carlos Pérez-Aradros

Carlos Pérez-Aradros

Software Engineer, Elastic
Carlos is a software engineer at Elastic, working on Beats. With love for distributed systems, he has experience in many container technologies and focuses on bringing the right tools to monitor them. When he is not coding you may find him playing with home automation and all kin... Read More →


Wednesday December 6, 2017 11:55am - 12:30pm
Ballroom C, Level 1
  • Difficulty Level Any

11:55am

How We Built a Framework at Twitter to Solve Service Ownership & Improve Infrastructure Utilization at Scale [I] - Vinu Charanya, Twitter
Twitter is powered by thousands of microservices that run on our internal Cloud platform which consists of a suite of multi-tenant platform services that offer Compute, Storage, Messaging, Monitoring, etc as a service. These platforms have thousands of tenants and run atop hundreds of thousands of servers, across on-prem & the public cloud. The scale & diversity in multi-tenant infrastructure services makes it extremely difficult to effectively forecast capacity, compute resource utilization & cost and drive efficiency.

In this talk, I would like to share how my team is building a system (Kite - A unified service manager) to help define, model, provision, meter & charge infrastructure resources. The infrastructure resources include primitive bare metal servers / VMs on the public cloud and abstract resources offered by multi-tenant services such as our Compute platform (powered by Apache Aurora/Mesos), Storage (Manhattan for key/val, Cache, RDBMS), Observability. Along with how we solved this problem, I also intend to share a few case-studies on how we were able to use this data to better plan capacity & drive a cultural change in engineering that helped improve overall resource utilization & drive significant savings in infrastructure spend.

Speakers
VC

Vinu Charanya

Senior Software Engineer, Twitter
Vinu Charanya is a Senior Software Engineer at Twitter where she works in the Compute Platform building Twitter’s internal cloud infrastructure management platform. She is also a core team member of Women who code, a non-profit organization dedicated to inspiring women to excel... Read More →


Wednesday December 6, 2017 11:55am - 12:30pm
Meeting Room 6AB, Level 3

11:55am

The Power of Application Intent Analysis for Container Security [I] - John Morello, Twistlock
As containers gain mainstream momentum and cloud-native applications surge, practices such as DevOps culture, continuous delivery, cloud development and containerization require a reinvention of security. The threats targeting organizations only continue to increase in severity and frequency, and even simple attacks can cause considerable damage. Cloud-native development is a vital evolution for security in the enterprise, as it equips organizations with the same tools and processes that modern fast-moving organizations rely on.

Cloud-native needs to be considered a new culture, not just a technological shift, when it comes to IT. This is because cloud-native changes the processes of DevOps, which requires automated security processes and application awareness. With cloud-native culture, security needs to be truly application aware and based upon developer intent. Using application intent analysis, developers have a new way of looking at applications, specifically containerized apps. They can produce produce a more predictable and secure container environment that can be effectively enforced.

The unique nature of container technology allows the developer intent-based security model to capitalize on the following pillars:

1. Containers are declarative. When a developer writes the code, he/she does not just write the code, he/she writes a manifest that describes how this code should work and how it should interact with its environment. While the developer does not provide you with a real security manifest, you can translate the extra information that you have and try to create a security profile. With containers, you have a Docker file, you might have a pod, and you might have an application group if you’re running on top of mesosphere. There is a lot of information in the system that you could use in order to understand what is supposed to happen.

2. Containers are predictable. When you look at containers, they contain less specific logic and more common building blocks because containers are typically made out of downloadable layers that someone else created.

3. Containers are immutable. In the past, it was hard to understand if something happening with the application was really an attack or not. But in the case of containers, whenever you patch a container or change its real intent, it should not happen in real time. What happens is the developer changes things and then he/she pushes in a new version. He patches the OS or adds new functionality and then pushes in a new container and scratches the old one. This gives you a lot of power from a security standpoint because, for the first time ever, if you see a polymorphic change in the behavior of the application (if it starts behaving differently) that means it’s either a configuration drift or a real attack.

By leveraging these three pillars -- declarative nature, predictability and immutability -- there’s a powerful opportunity to use whitelisting, for example, to approve known good processes. In combination with application intent analysis, enforcement measures help support the intent-based security model and preserve the original intent of the application.

Speakers
avatar for John Morello

John Morello

CTO, Twistlock
John Morello is the Chief Technology Officer at Twistlock. As CTO, John leads the work with strategic customers and partners and drives the product roadmap. Prior to Twistlock, John was the CISO of Albemarle, a Fortune 500 global chemical company. Before that, John spent 14 years... Read More →


Wednesday December 6, 2017 11:55am - 12:30pm
Meeting Room 5ABC, Level 3

12:30pm

Lunch (Attendees on Own)
Check out these local deals for event attendees: 

  1.  Café Blue -  10% off your bill excluding alcohol (expires COB 12/9/17)
  2.  Michelada’s – Free Queso with purchase of entrée
  3.  Max’s Wine Dive – 15% off your bill excluding alcohol (Expires COB 12/8/17)

*Must have event badge to receive discounts*

Wednesday December 6, 2017 12:30pm - 2:00pm
Sponsor Showcase

1:00pm

OpenContrail User and Developer Group - Day 2
OpenContrail Community facilitates the development, evolution and adoption of OpenContrail project across various open source ecosystems, including public and private clouds, container ecosystem and other computational platforms. OpenContrail is the leading open source, scalable, production grade  network fabric that provides a robust overlay SDN and network security.


For the latest agenda, please refer to the OpenContrail Events page.

1:00- 5:00 Developer Track - Come and learn how to be an OpenContrail project contributor. Leading OpenContrail architects from Juniper Networks will walk you through the code base, teach you how to build, install and test OpenContrail and will answer your OpenContrail questions.  This will be an interactive session, so bring your laptop and get ready to play with code.

 

5:15 - 6:45 User Track

○      OpenContrail and Kubernetes Integration – James Kelly will lead an interactive session focused on integration of OpenContrail and Kubernetes. This session will introduce new OpenContrail users to key features of OpenContrail available in Kubernetes environment and will walk users through installation, configuration and operation of OpenContrail in Kubernetes clusters. Bring your laptop and an Amazon EC2 account and get ready to follow along.

○      Real World Deployments - Leading Community members will provide brief overview of their operational OpenContrail/Juniper Contrail environments.

 

For any questions, please contact gelkinbard@juniper.net


Wednesday December 6, 2017 1:00pm - 6:45pm
Hilton Austin - Meeting Room #410 500 East 4th Street Austin, TX USA 78701

2:00pm

Pinterest's Journey from VMs to Containers [I] - Michael Benedict, Pinterest
Pinterest helps you discover and do what you love. A visual discovery engine at heart, Pinterest guides you through a billion possibilities to quickly discover & get inspired to do something. With over 150MM MAUs across the globe contributing & combing through a billion pins, Pinterest's Infrastructure is built to cater to this scale with very unique requirements -- Today, I'll be talking about how a company operating on the public cloud on VMs since its inception decided to move to containers.

This talk will primarily focus on four things:
1. Pinterest Infrastructure Overview (Offline Compute / Online Serving)
Pinterest was born on AWS. As of today, we operate tens and thousands of instances and process tens and hundreds of PBs of data. Data is the cornerstone of our business where freshness & relevance is key. We will deep dive into our processing & serving stack.

2. VMs vs. Containers - The Pros and Cons
In this section, we will cover the challenges along four key pillars:
a. Developer Velocity - We will discuss the overall job lifecycle workflow i.e build, setup, deploy, operations when using VMs or Containers.
b. Service Reliability - Constraints around resource isolation and standardization across health checks.
c. Infrastructure Governance - Attribution of resources both on utilization & Spend, Quotas
d. Efficiency - Specifically around auto scaling -- our learnings from using ASGs at scale & how this impacts VM vs. Container from an efficiency & operations perspective.

3. Move to Containers
Here we will discuss the use of Docker at Pinterest and more importantly the steps we took around evaluating various orchestration systems. I'll share the various dimensions we evaluated and our learnings when running on a public cloud environment. For ex, docker integration, scheduling, networking, community, stateful support, big data support, security support

4. Vision of the Compute Platform at Pinterest
Finally we will close out with the larger vision (next 18 months) for the Compute Platform at Pinterest.

Speakers
avatar for Micheal Benedict

Micheal Benedict

Technical Product Manager, Pinterest
Micheal Benedict leads Product Management for Pinterest's Cloud & Data Infrastructure. He and his team are building Pinterest's next generation multi-tenant compute platform for stateless and stateful services. He also manages Infrastructure Governance at Pinterest. Previously, h... Read More →


Wednesday December 6, 2017 2:00pm - 2:35pm
Meeting Room 8ABC, Level 3

2:00pm

SIG Multi-Cluster (formerly Federation) Update - hosted by Christian Bell, Google
Speakers
CB

Christian Bell

Software Engineer, Google
I am co-lead of the Kubernetes Multicluster SIG (previously Federation SIG). I am interested in how users can make use of multiple clusters for high availability, regional proximity and consistent deployments across regions and multiple cloud providers.


Wednesday December 6, 2017 2:00pm - 2:35pm
Meeting Room 4B, Level 3

2:00pm

runV: Hypervisor-Based Container Runtime - Xu Wang, HyperHQ & Samuel Ortiz, Intel
runV is a hypervisor based OCI-compatible container runtime, which could work with containerd and hyperd. The containers are isolated with hypervisors, just like instances in EC2 or GCE. And as a container runtime, runV is compatible with OCI runtime spec and supports full CRI semantics, i.e. it could be scheduled with kubernetes via contaienrd or frakti. Moreover, runV reduced cost of virtualization much, which make it could launch a container in about 100ms. runV supports multi-architectures, including x86_64, ARM64, power, and s390x, and cooperates with Intel, ARM, Huawei, IBM, etc.

Because of the strong isolation feature and low consumption, runV could be the corner stone of container cloud and edge/IoT solutions. Based on runV, we have run a container native cloud, in which users could launch container based cloud native apps without having any virtual machine cluster.

Speakers
SO

Samuel Ortiz

Principal Engineer, Intel
avatar for Xu Wang

Xu Wang

CTO and Cofounder, HyperHQ
Xu Wang is the CTO and Cofounder of Hyper HQ, which contributed the hypervisor based container runtime runV (secure as VM, fast as container), and provides a runV based container native Cloud. Before founded HyperHQ, Xu worked in a public cloud in China since 2011 and was working... Read More →



Wednesday December 6, 2017 2:00pm - 2:35pm
Ballroom B, Level 1
  • Difficulty Level Any

2:00pm

Continuous Delivery with Kubernetes at Box [I] - Greg Lyons, Box
Deploying and managing applications with Kubernetes can be challenging. Organizing configuration across multiple environments, rolling out changes incrementally, safely killing or rolling back failed deployments - these are just a few difficulties that organizations face when running containers in production.

At Box, we've dealt with these issues and more, at the scale of thousands of servers across multiple data centers and public cloud providers. In this talk, we'll share how we set up a continuous delivery pipeline with Jenkins, Docker, Artifactory, and Kubernetes to test, build, and release our software rapidly and reliably. We'll discuss how our pipeline reduces time to ship to production, provides greater visibility into the deployment process, and empowers our engineers to deploy quality code with confidence.

Speakers
GL

Greg Lyons

Software Engineer, Box
Greg is a software engineer at Box, where he works on tooling for running microservices with Kubernetes. He built and open-sourced kube-applier, a containerized service for deploying Kubernetes apps with declarative configuration.


Wednesday December 6, 2017 2:00pm - 2:35pm
Ballroom A, Level 1

2:00pm

The Art of Documentation and Readme.md for Open Source Projects - Ben Hall, Katacoda
The Readme is becoming essential to successful Open Source projects. The Readme is a gateway to welcoming new users and potential contributors. It defines the tone of the project, how to get started and most importantly, the aim.

While many Open Source projects have amazing code-bases, the Readme and documentation are letting them down and as a result they are losing influence and opportunities for adoption and feedback.

In this talk, Ben uses his expertise of building an Interactive Learning Platform to highlight The Art of Documentation and the Readme file. The aim of the talk is to help open source contributors understand how small changes to their documentation approach can have an enormous impact on how users get started.

Ben will discuss:
- How to create engaging documentation
- Defining technical details in an accessible way
- Building documentation that encourages users to get started
- How to manage documentation and keeping it up-to-date and relevant

In the end, attendees will have an understanding of how to build beautiful, useful documentation. This will be backed by examples from some of the best open source projects.

Speakers
avatar for Ben Hall

Ben Hall

Founder, Katacoda
Ocelot Uproar is the creator behind Katacoda (Katacoda.com), an interactive learning platform for software engineers. Ben tweets at @Ben_Hall while blogging at blog.benhall.me.uk.


Wednesday December 6, 2017 2:00pm - 2:35pm
Meeting Room 10AB, Level 3

2:00pm

Would You Like Some Tracing With Your Monitoring? - Yuri Shkuro, Uber Technologies
Understanding how your microservices based application is executing in a highly distributed and elastic cloud environment can be complicated. Distributed tracing has emerged as an invaluable technique that succeeds where traditional monitoring tools falter. Yet deploying it can be quite challenging, especially in the large scale, polyglot environments of modern companies that mix together many different technologies. In this talk we share what we have learned while building and rolling out Jaeger, our open source, OpenTracing-native distributed tracing system, to hundreds of microservices at Uber. We showcase new and exciting features that make it even more valuable to engineers.

Speakers
avatar for Yuri Shkuro

Yuri Shkuro

Staff Engineer, Uber Technologies
Yuri is a Staff engineer at Uber Technologies, working on distributed tracing, reliability, monitoring, and performance. He is a member of the CNCF OpenTracing Specification Council, and the founder of Jaeger, Uber's open source distributed tracing system.


Wednesday December 6, 2017 2:00pm - 2:35pm
Ballroom C, Level 1
  • Difficulty Level Any

2:00pm

The Mechanics of Deploying Envoy at Lyft - Matt Klein, Lyft
The idea of the "service mesh" is becoming very popular in microservice design circles. However, the mechanics of deploying one into an existing infrastructure are far from simple. In this talk we will cover the logistical details of how Envoy was developed and deployed incrementally at Lyft, focusing primarily on the evolution of service mesh configuration management. We will also discuss why high level systems such as Istio are likely to be the main mechanism by which most customers ultimately get access to the technology.

Speakers
avatar for Matt Klein

Matt Klein

Software Engineer, Lyft
Matt Klein is a software engineer at Lyft and the architect of Envoy. Matt has been working on operating systems, virtualization, distributed systems, and networking and making systems easy to operate for 15 years across a variety of companies. Some highlights include leading the... Read More →



Wednesday December 6, 2017 2:00pm - 2:35pm
Meeting Room 6AB, Level 3
  • Difficulty Level Any

2:00pm

Introducing SPIFFE: An Open Standard for Identity in Cloud Native Environments [I] - Evan Gilman, Scytale
Modern infrastructure patterns like microservices, container orchestration, and hybrid/multi-cloud deployments have turned conventional models for datacenter authentication and security on their heads. In the face of highly dynamic compute and network resources, a new challenge has risen: how to authenticate and secure service-to-service traffic in this brave new world? Enter the problem known as service identity.

Getting service identity right is surprisingly hard, with requirements extending well beyond simple secret management. What kind of credentials to settle on, how to rotate them, how to automatically (and securely) bootstrap them... and even more importantly, how to make sure a wide variety of external systems can authenticate them appropriately? These questions represent only a subset of the points that must be solved for.

In this talk, we introduce both SPIFFE and SPIRE - a new open source project designed to solve exactly these problems. SPIRE, backed by the SPIFFE open standard, performs seamless node and workload attestation across various platforms, and automatically issue short-lived certificates based on those attestations in a controlled manner. Even better, these certificates work across organizational boundaries and heterogeneous environments thanks to SPIFFE, which introduces a standardized identity format and validation methodology for X.509 certificates.

Speakers
avatar for Evan Gilman

Evan Gilman

Engineer, Scytale
Evan Gilman is an engineer with a background in computer networks. With roots in academia, and currently working on the SPIFFE project, he has been building and operating systems in hostile environments his entire professional career. An open source contributor, speaker, and auth... Read More →


Wednesday December 6, 2017 2:00pm - 2:35pm
Meeting Room 5ABC, Level 3

2:00pm

Ask Your Proxy, It Knows Everything - Blake Mizerany, Backplane
Proxies have long been layered into distributed systems but rarely do we lean on them to do more than route, and balance load. In this talk we will go over how to use proxies to replace Service Discovery, control Release Managment and Traffic Shaping, and streamline Employee on-boarding/off-boarding. You'll talk away never looking at your proxies/load-balancers the same.

Speakers
BM

Blake Mizerany

Founder / CTO, Backplane
Sinatra, Heroku, Doozer, Etcd, Backplane


Wednesday December 6, 2017 2:00pm - 2:35pm
Meeting Room 9C, Level 3
  • Difficulty Level Any

2:00pm

CNCF Kubernetes Conformance Working Group - hosted by William Denniss, Google
Speakers
avatar for William Denniss

William Denniss

Product Manager, Google
William is a Product Manager at Google and works on Google Cloud and Kubernetes. He has a passion for open source and open standards, is the author of several IETF Internet-Drafts including OAuth 2.0 for Native Apps, and founded AppAuth, the leading open source OAuth client for n... Read More →


Wednesday December 6, 2017 2:00pm - 3:20pm
Meeting Room 7, Level 3

2:00pm

2:00pm

Fluentd Salon - hosted by Eduardo Silva, Treasure Data

The Fluentd Salon is an unconference session for attendees interested in logging in the context of Kubernetes, containers and standalone applications.

The Salon will be facilitated by Fluentd core developers and community members. We will give a brief update about Fluentd v1.0, roadmap and tools around the Fluent ecosystem plus an a space for lightning talks and open discussions. This will be a great networking opportunity.

If you are interested in suggesting a topic or giving a lightning talk (5 minutes presentation), please go ahead and fill the form with the required information.


Speakers
avatar for Eduardo Silva

Eduardo Silva

Open Source Software Engineer, Treasure Data
Eduardo is an Open Source Engineer at Treasure Data. He currently leads the efforts to make logging more scalable in Containerized and Orchestrated systems such as Kubernetes.


Wednesday December 6, 2017 2:00pm - 3:20pm
Meeting Room 10C, Level 3

2:00pm

rkt Salon - hosted by Alban Crequy, Kinvolk

The rkt salon will feature talks and demos of rkt and rktlet from, and discussions with, core contributors. The salon will include a general update on the rkt project, a demonstration of some core rkt concepts and of rktlet, the Kubernetes CRI implementation using rkt. We'll conclude with an open discussion.

 We are also eager to have community members speak about their use of rkt. Please contact us at cncf-rkt-maintainers@lists.cncf.io if you'd like to be added to the schedule.


Speakers
avatar for Alban Crequy

Alban Crequy

CTO, Kinvolk
Originally from France, Alban currently lives in Berlin where he is a CTO & co-founder at Kinvolk. He is a contributor to rkt, a container runtime for Linux, Weave Scope, a container visualization & monitoring tool, and is actively working on BPF-related projects. Before falling... Read More →


Wednesday December 6, 2017 2:00pm - 3:20pm
Meeting Room 4A, Level 3

2:45pm

The True Costs of Running Cloud Native Infrastructure [B] - Dmytro Dyachuk & Gordon Klok, Pax Automa
Never before have organizations wrestled with as much choice in how they compute and where they compute. The public cloud offers freedom from lead times and elasticity to manage changing workloads, but once a workload reaches a certain size or can be forecasted over a longer period of time it may be much more expensive than building and operating the compute infrastructure in-house. In the following talk we estimate when this threshold is crossed. We then explore what a modern datacentre should look like, why running an efficient compute infrastructure requires a spirit of radical simplification, and finally how focusing on important abstractions enables workload portability in an era with an abundance of choice.

Speakers
avatar for Dmytro Dyachuk

Dmytro Dyachuk

Co-founder, Chief Research Officer, Pax Automa
Dmytro Dyachuk is a co-founder of PaxAutoma. Prior to that he was a lead capacity planning engineer at Demonware, a subsidiary of Activision-Blizzard. Dmytro specializes in performance modeling and capacity management of distributed systems.
GK

Gordon Klok

Gordon Klok is co-founder and CEO at PaxAutoma. Formerly team lead of the Ops Automation and efficiency team at Demonware, kernel hacker at OpenBSD, high performance computing consultant and software developer. He specializes in the managing development of software for distribute... Read More →



Wednesday December 6, 2017 2:45pm - 3:20pm
Meeting Room 8ABC, Level 3

2:45pm

WG Container Identity Update - hosted by Greg Castle, Google & Clayton Coleman, Red Hat
Decomposing applications into containers and microservices has many advantages but it creates a foundational problem: we need a reliable and secure way to identify all of the pieces. Kubernetes runs your containers, but how do those containers prove who they are to other containers, services, clusters, and infrastructure?  Some concepts of identity exist in Kubernetes and could be improved, and others are just outright missing.

In August 2017 we started the Kubernetes Container Identity Working Group, a cross-SIG effort, with the goal of improving this situation. In this session we’ll give a short introduction to the problem space and the work that's underway. We’ll reserve most of the time for discussion, and to hear about identity pain points, use cases, and ideas from the community.

Speakers
avatar for Greg Castle

Greg Castle

Kubernetes/GKE Security Tech Lead, Google
Greg is the tech lead for the Kubernetes and Google Container Engine (GKE) security team at Google. Prior to GKE, Greg worked on the Google incident response team developing open-source investigation tools, and on OS X platform hardening. His pre-Google job roles have included p... Read More →
avatar for Clayton Coleman

Clayton Coleman

Architect, Kubernetes and OpenShift, Red Hat
Clayton is architect and engineer on cloud orchestration and | containers at Red Hat, in charge of both technical direction for | Kubernetes and OpenShift (Red Hat's platform as a service built on top | of Kubernetes) as well as the broader container and container content | effor... Read More →


Wednesday December 6, 2017 2:45pm - 3:20pm
Meeting Room 4B, Level 3

2:45pm

Building Specialized Container-Based Systems with Moby: A Few Use Cases [I] - Patrick Chanezon, Docker
Moby is an open source project providing a "LEGO set" of dozens of components, the framework to assemble them into specialized container-based systems, and a place for all container enthusiasts to experiment and exchange ideas.
One of these assemblies is Docker CE, an open source product that lets you build, ship, and run containers.

This talk will explain how you can leverage the Moby project to assemble your own specialized container-based system, whether for IoT, cloud or bare metal scenarios.
We will cover Moby itself, the framework, and tooling around the project, as well as many of it’s components: LinuxKit, InfraKit, containerd, SwarmKit, Notary.
Then we will present a few use cases and demos of how different companies have leveraged Moby and some of the Moby components to create their own container-based systems.

Speakers
avatar for Patrick Chanezon

Patrick Chanezon

Chief Developer Advocate, Docker, Inc.
Patrick Chanezon is Chief Developer Advocate at Docker Inc. He helps to build Docker, the world’s leading software container platform, for developers and sysadmins. | Software developer and storyteller, he spent 10 years building platforms at Netscape & Sun, then 10 years evan... Read More →


Wednesday December 6, 2017 2:45pm - 3:20pm
Ballroom B, Level 1

2:45pm

Microservices, Service Mesh, and CI/CD Pipelines: Making It All Work Together [I] - Brian Redmond, Microsoft
Microservices come with many advantages for massively scaling applications. With that comes many challenges around service communication and application updates. It is pretty simple to do blue/green deployment and canary releases with a basic web site. But what about thousands of microservices? How can we have blue/green deployments at the service level while still allowing for efficient communication? This is one of the areas where service mesh technology is a huge benefit in Kubernetes.

In this session, I will show how to use common CI/CD tooling such as Spinnaker or Jenkins to drive microservices deployments with Kubernetes. I will show how service mesh technologies such as istio and linkerd ease the ability to efficiently deliver and test microservices in Kubernetes. All without substantial changes for the microservice developer. Additionally, I will provide comparisons of the wide variety of tools available in this area.

The overall goal of this demo heavy session is to show the value of these technologies working together to ease the delivery of cloud native applications.

Speakers
avatar for Brian Redmond

Brian Redmond

Azure Cloud Architect, Microsoft
Brian Redmond is an Azure Architect on the Global Black Belt team. Brian focuses on containers, microservices, DevOps, and cloud native applications in the Azure cloud platform. Brian has been working in technology for over 20 years and has a mixed background across application d... Read More →



Wednesday December 6, 2017 2:45pm - 3:20pm
Ballroom A, Level 1

2:45pm

Distributed Workflows for Microservices-Style Applications [I] - Yun Qin, Nirmata
Microservices-style architectures solve several problems but also introduce new complexities. With Microservices, a best practice is to keep services isolated and loosely coupled. However, in the real world, it is not uncommon to encounter business logic which requires coordination across multiple business functions i,e. microservices.

The distributed workflow pattern addresses this problem. In this presentation we will describe the distributed workflow pattern and its use cases. We will then look at various implementations of this pattern, such as Netflix Conductor, AWS Simple Workflow Service and NirmataOSS Workflow.

We will end by showing a demonstration of a distributed workflow, running on a Kubernetes cluster and show how workflow managers can leverage Kubernetes features like Horizontal Pod Autoscaling.

Speakers
YQ

YUN QIN

Software Engineer, Nirmata
Yun is a software enginner in Nirmata, a company deliverring integrated solutions for multi-cloud application management. Yun has extensive experience in distributed system application development and operations. Prior to joining Nirmata, Yun worked as a senior network engineer a... Read More →


Wednesday December 6, 2017 2:45pm - 3:20pm
Meeting Room 10AB, Level 3

2:45pm

The RED Method: How To Instrument Your Services [B] - Tom Wilkie, Kausal
The RED Method defines three key metrics you should measure for every microservice in your architecture; inspired by the USE Method from Brendan Gregg, it gives developers a template for instrumenting their services and building dashboards in a consistent, repeatable fashion.

In this talk we will discuss patterns of application instrumentation, where and when they are applicable, and how they can be implemented with Prometheus. We’ll cover Google’s Four Golden Signals, the RED Method, the USE Method, and Dye Testing. We’ll also discuss why consistency is an important approach for reducing cognitive load. Finally we’ll talk about the limitations of these approaches and what can be done to overcome them.

Speakers
avatar for Tom Wilkie

Tom Wilkie

Founder, Kausal
Tom is the founder of Kausal, a new company working on Prometheus & Cortex. Previously he worked at companies such as Weaveworks, Google, Acunu and XenSource. In his spare time, Tom likes to make craft beer and build home automation systems.


Wednesday December 6, 2017 2:45pm - 3:20pm
Ballroom C, Level 1

2:45pm

Kubernetes, Metadata and You [I] - Liz Rice, Aqua Security & Gareth Rushgrove, Puppet
The combination of CI/CD tools and Kubernetes means we can set up a pipeline for deploying code changes as they happen, triggering a container image build and a rolling update to pull the new image. But what about changes that are about the application and how it should run, rather than the code itself?

This talk will explore tools and approaches for managing application metadata alongside the application code. We will look at:

- The importance of metadata to managing modern Cloud Native systems
- Built-in metadata capabilities in Kubernetes like ConfigMaps, Annotations and Labels
- Ways of making a deployment self-describing as part of a CI/CD workflow
- Using metadata to make the life of Kubernetes operators easier
- Examples of open source tools (like Manifesto, Lumogon and Skopeo) which work with Kubernetes ecosystem metadata

Speakers
avatar for Liz Rice

Liz Rice

Technology Evangelist, Aqua Security
Liz Rice is the Technology Evangelist with container security specialists Aqua Security, and also works on container-related open source projects including manifesto and kube-bench. She has a wealth of software development, team, and product management experience from working on... Read More →
GR

Gareth Rushgrove

Principal Staff Engineer, Puppet
Gareth Rushgrove is a principal software engineer at Puppet. He works remotely from Cambridge, UK, building interesting tools for people to better manage infrastructure. Previously he worked for the UK Government Digital Service focused on infrastructure, operations and informati... Read More →


Wednesday December 6, 2017 2:45pm - 3:20pm
Meeting Room 6AB, Level 3

2:45pm

IAM on Hybrid Cloud: Next Generation Security Model to Create an Interoperable Cloud [I] - Jeyappragash JJ & Kamil Pawlowski, padme.io

Those developing and operating modern software infrastructure face a myriad of complexity when trying to secure it.  While environments like amazon have vastly simplified the supply chain associated with brining up new physical and virtual infrastructure or services, complexity around managing access to and between these services has grown, and continues to expand.  The proliferation of configurations, management tools, and management schemes that exists in the modern datacenter has exploded when dealing with multi-cloud, hybrid (cloud + dc), or legacy systems.

Complexity is the enemy of security.  This heterogeneity is its embodiment. Having many different ways to configure access policies on different cloud providers or with different vendors, makes it impossible to understand whom has access to what in any given infrastructure.  Without this visibility it is impossible to have intelligibility, and hence security.  

Worse, today developers and operators must exist in and support a highly dynamic service environment.  That is to say existing services must evolve to support new functionality, and new services must be rapidly brought on line to support features in a highly competitive business environment.  The miasma of different configuration schemes creates a great deal of friction against this, and impedes security because it is difficult to holistically understand the impact of changes (let alone make them rapidly).  Security must be able to accommodate this temporality.

In this talk we introduce PADME as an architecture for policy admission aimed at solving these problems in a distributed environment.  PADME operates by normalizing access policy information across underlying clouds and system.  It allows policies to be operated up as known fixed building blocks in order to establish end to end security.  Finally, it attacks the problem of policy distribution in a distributed environment so that assertions can be made about the security of a system over time, and in the face of CAP theorem issues.


Speakers
avatar for Jeyappragash JJ

Jeyappragash JJ

Software Engineer, padme.io
Jeyappragash previously built the team and lead the technical roadmap for Twitter's Cloud Infrastructure Management Platform. This platform helps developers manage their services and provides detailed visibility to the infrastructure and the services that use the infrastructures... Read More →
KP

Kamil Pawlowski

Kamil Pawlowski (Software Engineer) has worked on everything from mobile to high scale/availability systems, network protocols to web stacks. His experience includes early stage startups, large companies, and stages in between. He is presently building services infrastructure f... Read More →


Wednesday December 6, 2017 2:45pm - 3:20pm
Meeting Room 5ABC, Level 3

2:45pm

Microservices Patterns with NGINX Proxy in an Istio Services Mesh [I] - A.J. Hunyady, NGINX Inc
Building a cloud native application is only half the battle; running it reliably is the other half.

NGINX, the leading provider of ingress controller functionality in Kubernetes environments, has partnered with Istio to enhance Sidecar proxy capabilities in the Istio' Services Mesh architecture.

A service mesh is highly dependent on the strength of the proxy, and NGINX is the most powerful service proxy in the market. It offers a small footprint high performance engine with advance load balancing algorithms, caching, SSL termination, API gateway, extensibility through broad range of third-party modules, sciptability with Lau and nginScript and various security features with granular access control.

Microservices also require a Web Server to be deployed side-by-side with the service proxy. While optional, deploying NGINX as Web Server technology provides additional benefits in performance, manageability, security and the overall monitoring of the Application.

NGINX is already used by more than half of the top 100,000 websites and this talk will describe how NGINX in Istio environments is a natural extension of this technology.

Our demo will show a sample application running in a Kubernetes/Istio/NGINX environment and we will answer questions from the audience.

Speakers
AH

A.J. Hunyady

Head of Microservices Strategy, NGINX Inc
A.J. Is a technology enthusiast and a Silicon Valley veteran. He founded Zokets where he developed software for managing containerized services in highly dynamic environments. A.J. is now at NGINX, where he leads innovations in new product development.


Wednesday December 6, 2017 2:45pm - 3:20pm
Meeting Room 9C, Level 3

3:20pm

Afternoon Break
Wednesday December 6, 2017 3:20pm - 3:40pm
Palazzo, Level 1

3:40pm

Bottoms-Up Adoption of a Microservices Workflow Using Kubernetes & Envoy - Rafael Schloming & Phil Lombardi, Datawire
Many organizations start their microservices journey by (re)designing their application architecture and operational infrastructure. We started building our cloud application using this approach. We discovered that this takes a long time.

In this talk, we’ll talk about how we ended up with a different approach when we started thinking about microservices as a workflow, and not an architecture. We’ll talk about our first goal: enabling a single developer to be able to code, ship, and manage a microservice, as quickly as possible. We’ll show how we integrated Kubernetes, Docker, Prometheus, and Envoy to achieve this goal.

Finally, we’ll talk about scaling this initial goal beyond a single developer. We’ll talk about the tradeoffs of this bottoms up approach to the conventional PAAS / service mesh / application architecture strategy, and show how you can get to the same place in the end.

Speakers
PL

Phil Lombardi

Phil Lombardi is a Senior Platform Engineer at Datawire.io where he is building a development platform aimed at small companies adopting or using microservices and with a need for their platform to be simple, resilient and adaptable to the ever-changing tech landscape. He has spo... Read More →
avatar for Rafael Schloming

Rafael Schloming

Co-founder and Chief Architect, Datawire
Rafael Schloming is Co-founder and Chief Architect of Datawire. He is a globally recognized expert on messaging and distributed systems and a spec author of the AMQP specification. He has spoken on microservices at numerous technical conferences including ApacheCon, the O’Reill... Read More →



Wednesday December 6, 2017 3:40pm - 4:15pm
Meeting Room 8ABC, Level 3
  • Difficulty Level Any

3:40pm

SIG Cluster Lifecycle Update - hosted by Robert Bailey, Google & Lucas Käldström

The Cluster Lifecycle SIG is the Special Interest Group that is responsible for building the user experience for deploying and upgrading Kubernetes clusters. Since splitting out of SIG Cluster Ops in mid-2016 we have primarily focused on creating kubeadm, a streamlined installer tool and building block to simplify the installation and upgrade experience. We have recently begun building a Cluster API to provide an abstraction of machines across different deployment environments along with a common control plane configuration. 

In this update session we will present the SIG's mission statement, review recent accomplishments, and discuss our future plans, where you are very welcome to contribute to the discussion. We will also focus on how new contributors can get involved in helping shape the future of Kubernetes cluster lifecycle management. 


Speakers
avatar for Robert Bailey

Robert Bailey

Software Engineer, Google
Robert is a lead for the cluster lifecycle SIG and has been working on Kubernetes for more than 3 years. He was one of the founding members of the Google Container Engine team. Prior to Kubernetes, he was a Site Reliability Engineer helping teams at Google launch new products and... Read More →
avatar for Lucas Käldström

Lucas Käldström

Individual Maintainer, Student
Lucas is a passionate Kubernetes Maintainer and CNCF Ambassador that is excited about all things cloud native. Lucas has been engaged in Kubernetes work for about two years now and been involved in work like porting Kubernetes to multiple platforms, getting Minikube off the groun... Read More →



Wednesday December 6, 2017 3:40pm - 4:15pm
Meeting Room 4B, Level 3

3:40pm

CRI-O: All the Runtime Kubernetes Needs, and Nothing More - Mrunal Patel, Red Hat
CRI-O is a brand new container runtime dedicated and optimized to support kubernetes workload. Its goal is to be a stable container runtime tied to kubernetes releases, replacing the docker daemon.

Historically every update of Docker has broken Kubernetes. This has led to major rewriting and fixes of Kubernetes, which is understandable since Docker is not primarily for Kubernetes. Kubernetes needs a container runtime dedicated to its specifications.

CRI-O, the name comes from the Container Runtime Interface for Open container runtimes, takes advantages of emerging standards like OCI Runtime and Image Specification, as well as open source projects to handle container images (github.com:containers/image, github.com:containers/storage) . This means as these projects advance CRI-O will be able to take advantage of the improvements and features, but all the while guaranteeing that it will not break any functionality required by the Kubernetes CRI. CRI-O works with runc and Clear Containers runtimes.

CRI-O was designed from the ground up to satisfy Kubernetes Container Runtime Interface, and currently passes all node and E2E tests. The github repository has been setup to not accept any pull requests that causes these tests to break. We will be tying the versions of CRI-O to the Kubernetes versions, to maintain complete compatibility.

This talk will describe the CRI-O architecture as well as demonstrate different kubernetes features running on top of CRI-O exercising the CRI API. The attendees will learn how to configure CRI-O with kubernetes and use it for their workloads.

Speakers
MP

Mrunal Patel

Principal Software Engineer, Red Hat, Inc.
Mrunal Patel is a Principal Software Engineer at Red Hat working on containers for Openshift. He is a maintainer of runc/libcontainer and the OCI runtime specification. He is the lead developer of CRI-O. He has helped contribute support for user namespaces to the Go programming l... Read More →



Wednesday December 6, 2017 3:40pm - 4:15pm
Ballroom B, Level 1
  • Difficulty Level Any

3:40pm

Expand Your Spinnaker Pipeline to the Desktop [I] - Sean Korten, Kenzan
Commit, build, test, push, build, test, deploy, test, promote, test, repeat. You can already use Kubernetes as the common platform for your entire lifecycle, but wouldn’t it be cool to use one tool to manage it? Spinnaker is a multi-cloud CI/CD platform that works well with Kubernetes on many cloud providers. In this talk we will discuss how to turn your workstation running minikube into another cloud provider in your cloud based production Spinnaker and add it to your CI/CD pipeline.

Speakers
avatar for Sean Korten

Sean Korten

Director of Engineering, Platform, Kenzan
Sean is a Lead Platform/DevOps Engineer with Kenzan, a professional services company that provides customized end-to-end solutions to a diverse group of clients. Since joining Kenzan he has contributed to the Spinnaker OSS project and helped implement it internally and with multi... Read More →



Wednesday December 6, 2017 3:40pm - 4:15pm
Meeting Room 9AB, Level 3

3:40pm

Modifying gRPC Services Over Time [I] - Eric Anderson, Google
Services grow and stretch over time to accommodate features, bugs, and basic maintenance. Learn how gRPC services can change while managing existing clients.

Speakers
EA

Eric Anderson

Staff Software Engineer, Google
Tech Lead for Java gRPC. Contributor to the gRPC wire protocol and experienced with HTTP/2.



Wednesday December 6, 2017 3:40pm - 4:15pm
Meeting Room 10AB, Level 3

3:40pm

How Netflix Is Solving Authorization Across Their Cloud [I] - Manish Mehta & Torin Sandall, Netflix
Since 2008, Netflix has been on the cutting edge of cloud-based microservices deployments. In 2017, Netflix is recognized as one of the industry leaders at building and operating “cloud native” systems at scale. Like many organizations, Netflix has unique security requirements for many of their workloads. This variety requires a holistic approach to authorization to address “who can do what” across a range of resources, enforcement points, and execution environments.

In this talk, Manish Mehta (Senior Security Software Engineer at Netflix) and Torin Sandall (Technical Lead of the Open Policy Agent project) will present how Netflix is solving authorization across the stack in cloud native environments. The presentation shows how Netflix enforces authorization decisions at scale across various kinds of resources (e.g., HTTP APIs, gRPC methods, SSH), enforcement points (e.g., microservices, proxies, host-level daemons), and execution environments (e.g., VMs, containers) without introducing unreasonable latency. The presentation includes a deep dive into the architecture of the cloud native authorization system at Netflix as well as how authorization decisions can be offloaded to an open source, general-purpose policy engine (Open Policy Agent).

This talk is targeted at engineers building and operating cloud native systems who are interested in security and authorization. The audience can expect to take away fresh ideas about how to enforce fine-grained authorization policies across stackthe cloud environment.

Speakers
avatar for Manish Mehta

Manish Mehta

Senior Security Software Engineer, Netflix
Manish Mehta is Senior Security Software Engineer at Netflix, Los Gatos, CA. He has designed and developed solutions around secure bootstrapping, authentication (service and user), and authorization for cloud-native infrastructure. His professional interests and expertise are cyb... Read More →
TS

Torin Sandall

Software Engineer, Styra
Torin Sandall is the technical lead of the recent open source Open Policy Agent (OPA) project. He has spent 10 years as a software engineer working on large-scale distributed systems projects. Prior to working on the Open Policy Agent project, Torin was a senior software engineer... Read More →



Wednesday December 6, 2017 3:40pm - 4:15pm
Ballroom A, Level 1

3:40pm

Fluentd and Distributed Logging [I] - Masahiro Nakagawa, Treasure Data
In container era, logging is very important because applications are distributed. This session talks about why Fluentd is needed and how fluentd resolves the distributed logging problem by flexible and robust ways.

Speakers
MN

Masahiro Nakagawa

Senior Software Engineer, Treasure Data Inc
Fluentd maintainer


Wednesday December 6, 2017 3:40pm - 4:15pm
Ballroom C, Level 1

3:40pm

Queueing Theory, In Practice: Performance Modelling in Cloud-Native Territory [I] - Eben Freeman, Honeycomb.io
Kubernetes and similar cloud-native infrastructure make it easier than ever to adjust a service's capacity based on variable demand. In practice, it's still hard to take observed metrics, and translate them into quantitative predictions about what will happen to service performance as load changes. Resource limits are often chosen by guesstimation, and teams are likely to find themselves reacting to slowdowns and bottlenecks, rather than anticipating them.

Queueing theory can help, by treating large-scale software systems as mathematical models. But it's not easy to translate between real-world systems and textbook models. This talk will cover practical techniques for turning operational data into actionable predictions. We'll show how to use results from queueing theory to develop a model of system performance. We'll discuss what data to gather in production to better inform its predictions -- for example, why it's important to capture the shape of a latency distribution, and not just a few percentiles. We'll also talk about some of the limitations and pitfalls of performance modelling.

Speakers
EF

Eben Freeman

Engineer, Honeycomb.io
Now largely reformed after stints studying theoretical math and living as an itinerant rock climber, Eben is fascinated by tools that help humans better understand the systems they create. He works as an engineer at Honeycomb.io.


Wednesday December 6, 2017 3:40pm - 4:15pm
Meeting Room 6AB, Level 3

3:40pm

Building an Edge Computing Platform for Network Services Using Cloud Native Technology [I] - Stephen Wong & Vikram Dham, Huawei Technologies, Inc.
Edge computing have become increasingly important due to the demands of latency sensitive applications and explosion of data from end user devices in cases such as Internet of Things (IoT). One common intelligent edge deployment is the buildout of mini data centers on network edge that are centrally managed and operated by the cloud. Unlike traditional data centers, these mini data centers are constrained by limited resources and minimal operational supervision, and as such they impose challenges on traditional data center infrastructure including network services, here defined as L3-7 network services such as packet gateway and application firewall. These services usually are implemented with the need for heavy manual configurations and complex provisioning, which are particularly ill-fitted to deploy at the edge.

In this session we will discuss how we built a new edge computing platform for network services that can achieve auto provisioning, dynamic service deployments and updates, and high resiliency. By running componentized network services in containers orchestrated by Kubernetes, and utilizing projects such as gRPC, linkerd, and fluentd, as well as making use of cloud native related projects including etcd and IOvisor, this platform essentially treats network services as cloud native applications, and thereby able to achieve the associated benefits. We will show a demo of the platform as part of the presentation.

Speakers
SW

Stephen Wong

Senior Architect, Huawei Technologies, Inc.
Stephen Wong has had 20 years of software development experience in the networking industry. Currently he is a software architect at FutureWei Technologies, the US Research Center of Huawei Technologies. His focus at FutureWei is to advance the field of Network Function Virtualiz... Read More →



Wednesday December 6, 2017 3:40pm - 4:15pm
Meeting Room 9C, Level 3

3:40pm

Kubernetes SIG Schedule + Resource Management Working Group Deep Dive - hosted by Jeremy Eder, Red Hat
Intro
  • Introduce the leads
  • Cover logistics, where to find SIGs, and how to participate
  • Remote participation (i.e., Zoom, if possible)

Topics
  • Roadmap Triage: Leads to discuss roadmap for each SIG

- RMWG Roadmap 

  • Areas of overlap between SIG/WG:

- How is the two-level scheduling working out?
- What use-caes are we trying to cover in the coming year that would generate features from each other? 

  • Resource API, we need something written down

  • Graduating features... Beta -> GA

  • How does anyone keep track of anything on Github? 
- Tracker issues are needle in haystack...

Speakers
avatar for Jeremy Eder

Jeremy Eder

Senior Principal Software Engineer, Performance Engineering, Red Hat, Inc.
Jeremy Eder, Senior Principal Software Engineer, Red Hat Performance Engineering | | Specializes in measurement and analysis of performance metrics, and using that analysis to guide performance-tuning of real-world infrastructure. | | Over a decade of experience in the financia... Read More →


Wednesday December 6, 2017 3:40pm - 5:00pm
Meeting Room 7, Level 3

3:40pm

3:40pm

CoreDNS Salon - hosted by John Belamaric, Infoblox

Join us for an open discussion on CoreDNS! This will be an opportunity to learn more about CoreDNS, as well as discuss use cases, issues, and other matters with some of the maintainers. We’ll start with a short intro and some CoreDNS basics, then proceed to the open discussion. Some of the topics we can discuss:

  • CoreDNS Roadmap

  • Using CoreDNS for your cluster DNS in Kubernetes

  • Status of plans for CoreDNS to replace Kube-DNS as the default cluster DNS

  • CoreDNS architecture

  • Available plugins and how to use them

  • How to write external plugins

  • Use of CoreDNS with an external policy engine

  • Use of the “autopath” plugin with Kubernetes and what it does

  • General Q&A


Speakers
avatar for John Belamaric

John Belamaric

Distinguished Architect, Infoblox
John Belamaric is an experienced software architect with over 20 years of software design and development experience. He is focused on microservice architectures and on making CoreDNS the best choice for service discovery in those architectures. He is a Distinguished Architect at... Read More →


Wednesday December 6, 2017 3:40pm - 5:00pm
Meeting Room 10C, Level 3

3:40pm

Envoy Salon - hosted by Matt Klein, Lyft

Informal in-person community meeting for Envoy. We will have a short selection of lightening talks and do general Q&A and discussion.


Speakers
avatar for Matt Klein

Matt Klein

Software Engineer, Lyft
Matt Klein is a software engineer at Lyft and the architect of Envoy. Matt has been working on operating systems, virtualization, distributed systems, and networking and making systems easy to operate for 15 years across a variety of companies. Some highlights include leading the... Read More →


Wednesday December 6, 2017 3:40pm - 5:00pm
Meeting Room 4A, Level 3

4:25pm

The Good, the Bad and the Ugly of Migrating Hundreds of Legacy Applications to Kubernetes [B] - Josef Adersberger, QAware
Running applications on Kubernetes can provide a lot of benefits: more dev speed, lower ops costs, and a higher elasticity & resiliency in production. Kubernetes is the place to be for cloud native apps. But what to do if you’ve no shiny new cloud native apps but a whole bunch of JEE legacy systems? No chance to leverage the advantages of Kubernetes? Yes you can!

We’re facing the challenge of migrating hundreds of JEE legacy applications of a major German insurance company onto a Kubernetes cluster within one year. We're now close to the finish line and it worked pretty well so far.

The talk will be about the lessons we've learned - the best practices and pitfalls we've discovered along our way. We'll provide our answers to life, the universe and a cloud native journey like:
- What technical constraints of Kubernetes can be obstacles for applications and how to tackle these?
- How to architect a landscape of hundreds of containerized applications with their surrounding infrastructure like DBs MQs and IAM and heavy requirements on security?
- How to industrialize and govern the migration process?
- How to leverage the possibilities of a cloud native platform like Kubernetes without challenging the tight timeline?

Speakers
avatar for Josef Adersberger

Josef Adersberger

CTO, QAware
Josef Adersberger is #cloudnativenerd, CNCF member, and co-founder & CTO of QAware, an independent cloud native software manufacturer that has been repeatedly awarded Best IT Workplace in Germany. He studied computer science in Rosenheim and Munich and holds a doctoral degree in... Read More →



Wednesday December 6, 2017 4:25pm - 5:00pm
Ballroom A, Level 1

4:25pm

SIG gRPC Update
Wednesday December 6, 2017 4:25pm - 5:00pm
Meeting Room 4B, Level 3

4:25pm

Building Better Containers: A Survey of Container Build Tools [I] - Michael Ducy, Chef
If you stick to the “industry standard” method of building containers (Dockerfiles), it’s easy to build containers that contain libraries, tools, binaries, and more that you don’t need. One survey showed that over 75% of containers contain a full Operating Systems. So how can you build containers that only contain the bits you require to run a particular application, and nothing more. This talk will cover various tools in the open source community that provide better methods for building containers, no matter the underlying container runtime. We will explore Bazel (along with Distroless), Smith (from Oracle), and Habitat (from Chef), and we will cover the benefits and drawbacks of each method. A short demo of each tool will be included.

Speakers
avatar for Michael Ducy

Michael Ducy

Platform Advocate, Chef
Born on the rolling plains of central Illinois corn fields, Michael Ducy started his technology journey at a young age. Always curious, he was once threatened that he’d never have toys bought for him again if he didn’t stop taking them apart to see how they worked. Raised in... Read More →


Wednesday December 6, 2017 4:25pm - 5:00pm
Ballroom B, Level 1

4:25pm

Continuous Integration at Scale on Kubernetes [B] - Karthik Gajjala, eBay
eBay has a large community of developers working on several thousand applications at any time. To improve developer productivity, we offer Continuous Integration As A Service (CIAAS). This system provides capability to build and test several thousand applications concurrently. This talk will walk the users through our journey of building this system on top of Kubernetes, the challenges
we faced, optimizations we deployed and the scale and reliability we achieved at scale of tens of thousands of builds a day. We plan to continue our journey to leverage public clouds and we want to share our thoughts and initial plans.

Speakers
KG

Karthik Gajjala

Director of Engineering, eBay
Karthik Gajjala is a Director of Cloud Engineering at eBay responsible for eBay’s private Cloud that includes Infrastructure As A Service and Platform As A Service. He has been a technologist for close to two decades working in Startups and large enterprises. At eBay, his org... Read More →



Wednesday December 6, 2017 4:25pm - 5:00pm
Meeting Room 9AB, Level 3

4:25pm

A Practical Guide to Prometheus for App Developers [B] - Ilya Dmitrichenko, Weaveworks
Ilya will first briefly outline how Weaveworks run cloud-native apps in production on Kubernetes, and how they use Prometheus for monitoring, as well as some of the open-source tools the team has built to implement continuous delivery.

In the main section Ilya will turn the spotlight on Prometheus and demonstrate step-by-step how simple it is to instrument an app, using a very generic Node.js app as reference.

Speakers
avatar for Ilya Dmitrichenko

Ilya Dmitrichenko

DX Engineer, Weaveworks
Ilya is a Developer Experience Engineer at Weaveworks, focused on making the adoption of microservices easier. Prior to Weaveworks, Ilya worked at Xively, where he personally experienced the shift to a true DevOps culture. He began to shift focus down the stack, becoming one of t... Read More →


Wednesday December 6, 2017 4:25pm - 5:00pm
Meeting Room 10AB, Level 3

4:25pm

“If you Don’t Monitor your Infrastructure, you Don’t Own it!” Regain Control Thanks to Prometheus [I] - Etienne Coutaud & Guillaume Lefevre, OCTO Technology
In the French FedEx company we used Prometheus to monitor the infrastructure. It hosts a CQRS Architecture composed with Kafka, Spark, Cassandra, ElasticSearch, and microservices APIs in scala.

This presentation is about using Prometheus in production, you will see why we choosed Prometheus, how we integrated it, configured it and what kind of insights we extracted from the whole infrastructure.

In addition, you will see how Prometheus changed our way of working, how we implemented self-healing based on Prometheus, how we configured systemd to trigger AlertManager API, integration with slack and other cool stuffs.

Some demonstrations will be performed in addition of the presentation.

Speakers
avatar for Etienne Coutaud

Etienne Coutaud

DevOps Engineer, OCTO Technology
Etienne Coutaud is a French DevOps Engineer working in OCTO Technology for 2 years in Paris. Etienne worked of the implementation on Openshift in production for the health insurance agency. Currently working for the French Fedex he participated on the cloud infrastructure automat... Read More →
avatar for Guillaume Lefevre

Guillaume Lefevre

Guillaume Lefevre is a French DevOps Engineer at OCTO Technology for a year now. He worked in the networking field for various company before moving to DevOps. Currently working for the French Fedex he participated on the cloud infrastructure automation, continuous integration an... Read More →



Wednesday December 6, 2017 4:25pm - 5:00pm
Ballroom C, Level 1

4:25pm

Cloud Native Logging 101 [B] - Eduardo Silva, Treasure Data
In the Cloud Native Era logging is a fundamental piece of the instrumentation life cycle. With applications running as micro services the log information generated is much more and understanding how to implement and manage logging with this new architecture is fundamental.

This 101 presentation will introduce the concepts of log processing (end-to-end) applied to applications running in orchestrated environments managed by Kubernetes (live demos included).

Speakers
avatar for Eduardo Silva

Eduardo Silva

Open Source Software Engineer, Treasure Data
Eduardo is an Open Source Engineer at Treasure Data. He currently leads the efforts to make logging more scalable in Containerized and Orchestrated systems such as Kubernetes.


Wednesday December 6, 2017 4:25pm - 5:00pm
Meeting Room 6AB, Level 3

4:25pm

Building a Secure, Multi-Protocol and Multi-Tenant Cluster for Internet-Facing Services [A] - Bich Le, Platform9
Exposing internal HTTP-based services to the Internet is a well supported and documented feature of Kubernetes. What's less well understood is how to do it for thousands of services running on behalf of hundreds of possibly competing customers, in particular how to do it securely, protect the privacy of each customer, and support binary protocols other than HTTP. This is the problem that our company solved for our SaaS business which requires hosting and operating the control plane of popular infrastructure management software (e.g. Openstack, Big Data, and Kubernetes itself) as a service for our customers. Those control planes contain services exposing protocols as varied as MySQL and AMQP. This talk describes the challenges we faced and how we solved them using multiple technologies from the Kubernetes ecosystem. The solution includes a system that automatically creates namespaces, provisions certificate hierarchies, and manages ingress controllers for new customers, then wraps services with a set of side-car containers to handle tasks such as TLS termination. We describe how we employed Kubernetes native constructs such as Custom Resource Definitions to automate those tasks. For network communications, we discuss how to securely handle ingress, outgress, pod-to-pod, and cross-namespace traffic. To support both HTTP and TCP-based protocols, we describe a two-level network routing system consisting of both a "k8sniff" and an nginx ingress controller. For ensuring customer data privacy we compare these approaches: (1) Network Policy + Layer 2 virtualization; (2) TLS encryption of all pod-to-pod traffic; (3) a combination of the two. Finally, we debate whether the process isolation model of Linux containers is sufficient, and discuss our experience with stronger virtualization-based mechanisms such as Frakti / HyperContainer.

Speakers
avatar for Bich Le

Bich Le

Chief Architect, Platform9
Co-founder of Platform9 and veteran of VMware. Career in virtualization, cloud management and containerization.


Wednesday December 6, 2017 4:25pm - 5:00pm
Meeting Room 5ABC, Level 3

4:25pm

The Service Mesh: Past, Present, and Future [B] - William Morgan, Buoyant
In this talk, we describe the service mesh, a runtime infrastructure layer that’s rapidly rising to prominence with the advent of open source projects like Istio, Envoy, and Linkerd. We trace the evolution of the service mesh model through three-tiered apps and “fat clients” to the modern, sidecar-based implementations, compare and contrast with ESBs and API gateways, and show that, as with most “new” technology, the ideas and principles behind the service mesh have been around for a long time.

Speakers
avatar for William Morgan

William Morgan

CEO, Buoyant
William is the cofounder and CEO of Buoyant, a startup focused on building service mesh technology. Prior to Buoyant, he was an infrastructure engineer at Twitter, where he helped move Twitter from a failing monolithic Ruby on Rails app to a highly distributed, fault-tolerant mic... Read More →


Wednesday December 6, 2017 4:25pm - 5:00pm
Meeting Room 9C, Level 3

5:10pm

Keynote: Service Meshes and Observability - Ben Sigelman, Co-founder & CEO, Lightstep
Speakers
avatar for Ben Sigelman

Ben Sigelman

LightStep, LightStep
Ben is a cofounder at LightStep, a company that makes complex microservice applications more transparent and reliable. Previously, Ben spent nine years at Google where he ate lots of snacks and designed several large (~1M-process) distributed systems. The most significant of thes... Read More →


Wednesday December 6, 2017 5:10pm - 5:30pm
Exhibit Hall 3, Level 1

5:30pm

Keynote: Kubernetes: This Job is Too Hard: Building New Tools, Patterns and Paradigms to Democratize Distributed System Development - Brendan Burns, Distinguished Engineer, Microsoft
Speakers
avatar for Brendan Burns

Brendan Burns

Software Engineer, Microsoft
Brendan Burns is a software engineer at Microsoft Azure and co-founder of the Kubernetes project. Before Kubernetes he worked on search infrastructure at Google. Before Google he was a professor at Union College in Schenectady, NY. He received his PhD in Computer Science from the University of Massachusetts Amherst and his BA in Computer Science and Studio Art from Williams... Read More →


Wednesday December 6, 2017 5:30pm - 5:50pm
Exhibit Hall 3, Level 1

5:50pm

Keynote: Can 100 Million Developers Use Kubernetes? - Alexis Richardson, CEO, Weaveworks
What is the potential for Kubernetes? Is it like Openstack and Hadoop, a technology for expert operators in the enterprise? Or is it like cloud and mobile, a way for every developer to move the business? What is needed for Kubernetes to have an impact equal to the web? Can 100 million people use Kubernetes?

Speakers
avatar for Alexis Richardson

Alexis Richardson

CEO, Weaveworks
Alexis is the co-founder and CEO of Weaveworks. He is also the chairman of the TOC for CNCF, and the co-founder of the Coed:Code meet ups. | | Previously he was at Pivotal, as head of products for Spring, RabbitMQ, Redis, Apache Tomcat and vFabric. Alexis was responsible for r... Read More →


Wednesday December 6, 2017 5:50pm - 5:55pm
Exhibit Hall 3, Level 1

5:55pm

Community Awards
Wednesday December 6, 2017 5:55pm - 6:05pm
Exhibit Hall 3, Level 1

6:10pm

Welcome Reception & Sponsor Booth Crawl
Join us in the Sponsor Showcase at Austin Convention Center to meet our sponsors, network with community members, and enjoy food and drinks as well as live music!

Wednesday December 6, 2017 6:10pm - 8:30pm
Sponsor Showcase

7:00pm

BoF: Grafeas: Using Artifact Metadata to Audit, Govern, and Secure Your Software Supply Chain - hosted by Stephen Elliott, Google
Building software at scale requires strong governance of the software supply chain, and strong governance requires good data. This BoF will be a discussion around the recently launched Grafeas ("scribe") open source project (see grafeas.io), whose goal is to provide organizations with a central source of truth for tracking artifacts and enforcing policies across an ever growing set of software development teams and pipelines. Part of the Grafeas project is Kritis ("judge"), a Kubernetes policy engine that lets organizations do real-time enforcement of container properties at deploy time for Kubernetes clusters. To kick off the discussion, Google and other Grafeas collaborators will give an overview of the Grafeas project.

Speakers

Wednesday December 6, 2017 7:00pm - 8:00pm
Meeting Room 10C, Level 3

7:00pm

BoF: Kubernetes On Metal - hosted by Steven Bower, Bloomberg
Talk about Kube on Metal and the challenges/successes people have had.

Speakers
SB

Steven Bower

Tech Lead Search and Data Science Infrastructure, Bloomberg LP


Wednesday December 6, 2017 7:00pm - 8:00pm
Meeting Room 9C, Level 3

7:00pm

BoF: Machine Learning on Kubernetes - hosted by David Aronchick, Google
Speakers
avatar for David Aronchick

David Aronchick

Product manager, Google
David Aronchick is the Senior Product Manager for the Google Container Engine, and leads product management on behalf of Google for Kubernetes. David has been helping to ship software for nearly 20 years, founding and being part of the management team for three different startups... Read More →


Wednesday December 6, 2017 7:00pm - 8:00pm
TBA
 
Thursday, December 7
 

8:00am

Registration & Breakfast
Thursday December 7, 2017 8:00am - 9:00am
Palazzo, Level 1

9:00am

Keynote: KubeCon Opening Keynote - Project Update - Kelsey Hightower, Staff Developer Advocate, Google
Speakers
avatar for Kelsey Hightower

Kelsey Hightower

Staff Developer Advocate, Google
Kelsey Hightower has worn every hat possible throughout his career in tech, and enjoys leadership roles focused on making things happen and shipping software. Kelsey is a strong open source advocate focused on building simple tools that make people smile. When he is not slinging Go code, you can catch him giving technical workshops covering everything from programming to system administration... Read More →


Thursday December 7, 2017 9:00am - 9:30am
Exhibit Hall 3, Level 1

9:30am

Keynote: Kubernetes Secret Superpower - Chen Goldberg, Engineering Director, Google
Speakers
avatar for Chen Goldberg

Chen Goldberg

Director, Google
Chen Goldberg is a technology leader with +18 years of experience leading engineering teams. In her current role as Engineering Director, she leads Google Container Engine (GKE) and the OSS Kubernetes project engineering team in Google Cloud. Her team is the largest team working... Read More →


Thursday December 7, 2017 9:30am - 9:50am
Exhibit Hall 3, Level 1

9:50am

Keynote: Red Hat: Making Containers Boring (again) - Clayton Coleman, Architect, Kubernetes and OpenShift, Red Hat

By ensuring everything about containers is standardized and boring, we can now focus on the overall Kubernetes experience when it comes to actually running containers. Freeing Kubernetes to just focus on orchestrating containers from now on and setting the stage for exponential growth. We'll take a brief look at how Kubernetes is prepared to explode in usage because the foundation has been solidified. From container standards to customer-resource definitions to pluggable hardware, Kubernetes is ready for broad usage patterns. 


Speakers
avatar for Clayton Coleman

Clayton Coleman

Architect, Kubernetes and OpenShift, Red Hat
Clayton is architect and engineer on cloud orchestration and | containers at Red Hat, in charge of both technical direction for | Kubernetes and OpenShift (Red Hat's platform as a service built on top | of Kubernetes) as well as the broader container and container content | effor... Read More →


Thursday December 7, 2017 9:50am - 9:55am
Exhibit Hall 3, Level 1

9:55am

Keynote: Pushing the Limits of Kubernetes with Game of Thrones - Zihao Yu & Illya Chekrygin, HBO
Do you want to know what it is like to run 15,000 pods in production? Are you interested in seeing how Kubernetes stands up to the record-breaking viewership and a login rate that is beyond belief on Game of Thrones Season 7 premiere? Come and see things we have done for the Game of Thrones preparation. We will talk about how we provision Kubernetes clusters on AWS, and how we monitor them and microservices that are running on the clusters.

In this talk, we will also go over how HBO Go went from deploying and running microservices on virtual machines in AWS EC2 to running the very same services inside the Kubernetes clusters. We were able to dramatically increase the productivity of our engineering teams and efficiency of resource utilization in the process. It wasn’t always a smooth ride and it wasn’t a one shot deal. Instead, it was a long and at times challenging journey starting from operating a reliable, production-ready Kubernetes cluster in AWS, advancing to gradually deploying select services into Kubernetes clusters, load testing them, and running them in parallel to our current EC2 installations, and finally going live. Come and learn some helpful tips and mistakes we made along the way, which could help your organization embrace the Kubernetes world.

Speakers
avatar for Illya Chekrygin

Illya Chekrygin

Sr Staff Engineer, HBO
Illya has been working on Kubernetes adoption at HBO, which includes cluster provisioning, maintenance, telemetry and service migration. He also drove the containerization of HBO's core streaming services and CI/CD integration for their traditional EC2 deployments. Prior to HBO... Read More →
avatar for Zihao Yu

Zihao Yu

Sr Staff Engineer, HBO
Zihao Yu is a Senior Staff Engineer at HBO, helping HBO GO backend services deploy faster and more reliably. He has contributed to the design and development of several iterations of cloud infrastructure and CICD pipelines for deploying microservices at HBO. He is currently worki... Read More →


Thursday December 7, 2017 9:55am - 10:15am
Exhibit Hall 3, Level 1

10:15am

Keynote: Progress Toward Zero Trust Kubernetes Networks - Spike Curtis, Senior Software Engineer, Tigera
Tigera’s Spike Curtis will share how enterprises are starting to embrace a zero trust network security posture, and demonstrate how such an approach can be enabled within an orchestrated environment such as Kubernetes by combining service mesh and network policy with a multi-factor authentication, authorization and encryption strategy.

Speakers
avatar for Spike Curtis

Spike Curtis

Senior Software Engineer, Tigera
Spike Curtis is a lead developer on Istio working for Tigera. He was also a core developer for Calico and worked on the initial integrations with Docker, Kubernetes and Mesos. Spike earned his PhD from the University of Oxford where he worked on quantum computing with ion traps... Read More →


Thursday December 7, 2017 10:15am - 10:20am
Exhibit Hall 3, Level 1

10:20am

Keynote: The Road Ahead on the Kubernetes Journey - Craig McLuckie, CEO, Heptio
Speakers
avatar for Craig McLuckie

Craig McLuckie

CEO, Heptio
CEO and founder of Heptio, a company built to propagate cloud native computing technologies. Previous Googler and founder of Kubernetes, an Open Source cluster manager.


Thursday December 7, 2017 10:20am - 10:40am
Exhibit Hall 3, Level 1

10:30am

Sponsor Showcase
Thursday December 7, 2017 10:30am - 5:30pm
Exhibit Halls 1 & 2

10:40am

Morning Break
Thursday December 7, 2017 10:40am - 11:10am
Palazzo, Level 1

11:10am

The Road to More Usable Kubernetes - Joe Beda, Heptio
At KubeCon EU, in Berlin, I got up on stage and stated that "Kubernetes Sucks (but all software sucks)". While we still have work to do, in the past several months the community has done great work to solve a whole host of issues to make Kubernetes “suck less.” In this talk I will outline the ways that the community has made this happen both in the core project and in the wider ecosystem.

Things are still developing, but here are the areas that I want to highlight. Hopefully we'll have talks on many of these so that I can highlight where and when folks can find out more. I won't be able to cover everything happening in the ecosystem but I can hint at the diversity and commitment to solving these issues.

* *Simpler application description.* As a community we are continuing to build more tcapable and simpler tools for describing applications through projects like ksonnet, OpenCompose, Kompose, and Helm.
* *Serverless platforms.* Through “function as a service” like systems we can abstract much of the nitty gritty around getting code packaged and running. In addition, scaling can be easy and automatic as code is run only when needed.
* *Simpler cluster install and admin.* kubeadm and how it is becoming a common toolkit. Similar work is ongoing to explore the idea of standardizing the description of a cluster at the infrastructure level through projects like Kubicorn. In addition, new APIs, such as the certificates API, are key building blocks for getting secure clusters up and running.
* *Curated development experiences.* Systems like Draft help to automate the build/launch/update cycle for development workflows. Others are also exploring ways to connect developers to clusters.
* *Making Kubernetes boring.* Kubernetes is maturing as a platform. As that happens, things in the "nucleus" are slowing down. In the past 6 months we've seen a concerted effort to encourage new features to be built with extensibility mechanisms as much as possible. This allows those projects to move fast while enabling exploration of the problem space.
* *Conformance.* Another key enabler for widespread Kubernetes adoption is conformance. There has been a wide set of folks involved in describing what should get to be called "Kubernetes". Tools like Sonobuoy point the direction to making this be an automated process that anyone can run against any cluster.
* *Observability.* Prometheus continues to be the go-to OSS solution for monitoring in the Kubernetes world. In additions, systems like linkerd and Istio/envoy enable introspection at the microservice mesh level.

We still have many challenges. Many of these are going to take long concerted efforts to fix. We are trapped, in some ways, by our promise of backward compatibility. It is often better to live with something annoying than to force breaking changes on our user base.

*Call to action:* Great job community! But the job isn't done. Let's keep working hard to bring Kubernetes to a larger and larger set of users and environments.

Speakers
avatar for Joe Beda

Joe Beda

CTO and Founder, Heptio, Inc
Joe Beda is CTO of Heptio, a startup focused on unleashing the technology driven enterprise. We aim to realize the full potential of Kubernetes and transform IT into a business accelerator. Prior to Heptio, Joe was at Google for over 10 years. While there, Joe started Google Comp... Read More →


Thursday December 7, 2017 11:10am - 11:45am
Ballroom A, Level 1
  • Difficulty Level Any

11:10am

SIG Jaeger Update - hosted by Yuri Shkuro, Uber Technologies & Pavol Loffay, Red Hat

The Jaeger project was open sourced at the beginning of this year. In this update we will go through the current Jaeger features, give a short demo, and talk about the roadmap for the upcoming year. After this session everybody is welcome to attend the Jaeger Deep Dive Session and Salon. 

(Audience: Anybody)


Speakers
avatar for Yuri Shkuro

Yuri Shkuro

Staff Engineer, Uber Technologies
Yuri is a Staff engineer at Uber Technologies, working on distributed tracing, reliability, monitoring, and performance. He is a member of the CNCF OpenTracing Specification Council, and the founder of Jaeger, Uber's open source distributed tracing system.


Thursday December 7, 2017 11:10am - 11:45am
Meeting Room 5ABC, Level 3

11:10am

SIG Linkerd: Data Plane Under the Hood - hosted by William Morgan, Buoyant
Speakers
avatar for William Morgan

William Morgan

CEO, Buoyant
William is the cofounder and CEO of Buoyant, a startup focused on building service mesh technology. Prior to Buoyant, he was an infrastructure engineer at Twitter, where he helped move Twitter from a failing monolithic Ruby on Rails app to a highly distributed, fault-tolerant mic... Read More →


Thursday December 7, 2017 11:10am - 11:45am
Meeting Room 7, Level 3

11:10am

All You Need to Know to Build Your GPU Machine Learning Cloud [B] - Ye Lu, Qunar
GPU is becoming the new common, but at the moment, GPU resources are still hard to find for people who wants to have a taste. So how to build your GPU machine learning cloud?

Resource management & App templating
Even if your company or organization have purchased some GPU devices. Environment and resource isolation is always a problem. Also at the beginning the cloud is more used as a playground, so another consideration is to improve usage rate of resources. How we use Kubernetes to solve this problems.

How to use a wizard to generate machine learning, you can choose using tensorflow or theano, how many GPUs you need, etc.

Make the “customized changes” in immutable container be played back.
The features of container is immutable, which is a double-edged sword, which can ensure the environment can be unique/portable. On the other side, any changes inside the running container can be lost after recreation. How the customed env is saved and reuse?

Managing persistence storage in Kubernetes
How to turn our RBD served as hosted s3, to save models, training data, and so on. So The data scientist can access their data both as a volume and s3 standard api.
Support the running machine learning app,like tensorflow to do online resize.

App model & permission control
We'll talk about the app center , design of appcode and permission control.

Speakers
YL

Ye Lu

Devops Engineer, Qunar
Devops Engineer @Qunar. Experienced in operating and managing OpenStack cloud, including Qunar OpenStack Cloud in 7 regions. Started constructing and using kubernetes Cloud since 2015. | OpenStack Ambassador.


Thursday December 7, 2017 11:10am - 11:45am
Meeting Room 9C, Level 3

11:10am

Extending Kubernetes 101 [A] - Travis Nielsen, Quantum Corp
Kubernetes provides the ability to extend the platform with your own custom types and controllers. We will walk through a tutorial to write a custom controller, also known as an operator. Patterns will be reviewed that will make your application a natural extension of the platform through CRDs and desired state management, all with the same security, lifecycle management, and API surface that native Kubernetes applications expect.

Speakers
TN

Travis Nielsen

Principal SDE, Quantum Corp
Travis Nielsen is a Principal Software Engineer for Quantum Corporation where he works on Rook – a software defined storage initiative based in Seattle. Prior to Quantum, Travis was the storage platform tech lead at Symform, a P2P storage startup acquired by Quantum. Before joi... Read More →



Thursday December 7, 2017 11:10am - 11:45am
Meeting Room 6AB, Level 3

11:10am

Building a Cluster Management API using Kubicorn [A] - Robert Bailey, Google & Kris Nova, Microsoft
Kris Nova (Microsoft) and Robert Bailey (Google) join forces and begin the difficult task of looking into the future of the infrastructure layer of Kubernetes. We start the talk with a brief summary of the state of infrastructure today and explain the differences between “infrastructure as code” and “infrastructure as software”. We look at how the lack of definition in the most fundamental layer of the stack has fragmented our community and caused problems with adoption of Kubernetes.

We propose a new way of representing infrastructure (the cluster API) for the Kubernetes community and take a deep dive into its implementation in kubicorn. We look at the structure of the cluster API and share valuable insight on how we took lessons from other areas of Kubernetes to form what it is today. Furthermore we look at the power of having a declarative approach to infrastructure as we start to treat the infrastructure layer the same as the application layer.

The audience will walk away with a clear understanding of the infrastructure layer, as well as a new way of thinking about the infrastructure in the future via the cluster API.

Speakers
avatar for Robert Bailey

Robert Bailey

Software Engineer, Google
Robert is a lead for the cluster lifecycle SIG and has been working on Kubernetes for more than 3 years. He was one of the founding members of the Google Container Engine team. Prior to Kubernetes, he was a Site Reliability Engineer helping teams at Google launch new products and... Read More →
avatar for Kris Nova

Kris Nova

Senior Developer Advocate, Microsoft
Kris Nova is a Senior Developer Advocate for Microsoft with an emphasis in containers and the Linux operating system. She lives and breathes open source. She believes in advocating for the best interest of the software, and keeping the design process open and honest. She is a bac... Read More →


Thursday December 7, 2017 11:10am - 11:45am
Meeting Room 8ABC, Level 3

11:10am

Embracing Cloud Native at a Thriving, Established Company - Brian Akins, MailChimp
We are in the midst of a major shift at MailChimp. In many ways, we are a microcosm of the industry as a whole: moving from large monoliths to microservices and trying to figure out what that even means. I will discuss the hands-on, real world experiences we have had as we embrace microservice techniques and technologies. I’ll discuss why we choose Kubernetes, Prometheus, and other cloud native technologies. I’ll show our approach to building and operating multiple on premise, bare metal clusters. We’ll talk about our existing development and deployment pipeline as well as our current experimental projects. We’ve had a few false starts and failures and will discuss those to help others possibly avoid the same issues. Finally, I’ll speak candidly about the struggles we’ve had getting organizational momentum for this transformation.

Speakers
avatar for Brian Akins

Brian Akins

Staff Engineer, MailChimp
Brian is a 20 year industry veteran.He has done a bit of everything - from assembly to CSS racking servers to building distributed systems. For the last few years, Brian has been focused on building and operating infrastructure using components such as containers, Kubernetes, Pro... Read More →



Thursday December 7, 2017 11:10am - 11:45am
Ballroom B, Level 1
  • Difficulty Level Any

11:10am

Kubernetes Deconstructed: Understanding Kubernetes by Breaking It Down [I] - Carson Anderson, DOMO
Understanding Kubernetes as a whole can be daunting. With so many different components working together it can be hard to know how the pieces work together or where new products and features fit in. I will start at the highest level and then peel off the layers one at time to explain how some of the "magic" happens. Over the course of the presentation I will break Kubernetes into the following layers:

"Kubernetes for the End User": A quick summary on some of the core components of Kubernetes: Namespaces, Deployments, Pods, Services, and Ingress Rules. At this layer the user just needs to understand the promises made by Kubernetes, not necessarily the way it keeps them. This layer primarily serves to establish a typical cluster workload. The resources defined here will be used when explaining all of the deeper layers.

"Kubernetes for the Cluster Admin": This Layer peels away some of the cluster "Magic". I will cover how the service account, default tokens, ReplicaSet and Pods from the previous layer got created by the kube-controller-manager. I will also explain how the kube-scheduler decided which node the workload should run on and how that decision could have been influenced by fields in the pod spec. This section will touch on the core concepts of Ingress controllers, Admission Controllers, scheduling, and core controller loops.

"Kubernetes for the Cloud Admin": This layer covers Kubernetes at an infrastructure level. Core concepts covered are: Horizontal Scaling, Load Balancing, high availability for masters and nodes, node management, and fault-tolerance levels. Here is also where I set the stage for the network layer that is covered next.

"Kubernetes for the Network Admin": Now we dig deeper into the network infrastructure. Explaining how pods and services work together, how your network traffic figures out where to go, and how it gets there. This section covers the concepts of East-West and North-South load balancing. The goal is to provide an basic understanding of the network promises made by Kubernetes and how you might replace them with other software and services.

"Kubernetes for the Linux Admin": A discussion of Kubernetes at the OS layer. This layer digs into the processes and configuration of the base OS. This includes pluggable container engines ex: Docker vs. Rkt, logging, CNI, metric gathering and volume mounting.

"Kubernetes for the Power-User": Time permitting, the final section will put all of the previous ones together to show how a next-generation application might be deployed on top of Kubernetes and take advantage of the more advanced features.

Speakers
avatar for Carson Anderson

Carson Anderson

Sr. Systems Admin, DOMO
I've been working as a Sys Admin 8 years. I have been focused on Docker, Kubernetes, and container infrastructure at scale for the last 2 years.



Thursday December 7, 2017 11:10am - 11:45am
Meeting Room 19AB, Level 4

11:10am

GitOps - Operations by Pull Request [B] - Alexis Richardson, Weaveworks & William Denniss, Google
GitOps is the latest exciting evolution in empowering developers to do operations and CICD. Imagine describing your entire infra in Git declaratively and then continually using that to verify your state. Well, with Kubernetes, and tools like Terraform, and Ansible, you can. We've taken this forward by adding continuous diffs and alerting - and even some of our observability stack itself. An introduction is here: https://www.weave.works/blog/gitops-operations-by-pull-request

William (Google PM) and Alexis (Weaveworks, CNCF) will talk about how we jointly developed this pattern based around our own use cases. We shall make reference to other companies using the approach like Github and Atlassian. This is NOT a product pitch - we are going to teach you the PATTERNS.

Speakers
avatar for William Denniss

William Denniss

Product Manager, Google
William is a Product Manager at Google and works on Google Cloud and Kubernetes. He has a passion for open source and open standards, is the author of several IETF Internet-Drafts including OAuth 2.0 for Native Apps, and founded AppAuth, the leading open source OAuth client for n... Read More →
avatar for Alexis Richardson

Alexis Richardson

CEO, Weaveworks
Alexis is the co-founder and CEO of Weaveworks. He is also the chairman of the TOC for CNCF, and the co-founder of the Coed:Code meet ups. | | Previously he was at Pivotal, as head of products for Spring, RabbitMQ, Redis, Apache Tomcat and vFabric. Alexis was responsible for r... Read More →


Thursday December 7, 2017 11:10am - 11:45am
Ballroom C, Level 1

11:10am

Deploying Kubernetes Without Scaring Off Your Security Team [I] - Paul CzarkowskI, Pivotal & Major Hayden, Rackspace
subtitle: "The Major Hayden Center For Kubernauts Who Can't Security Good And Wanna Learn To Do Other Stuff Good Too"

One of the larger roadblocks we face in the enterprise when trying to adopt new technologies is getting the security and compliance teams onboard.

Tools like kubicorn and kubeadm are likely the foundation on which Kubernetes deployments will be performed in the future as they help simplify the deployment and operations of Kubernetes a very complex distributed system.

However concerns about security and compliance, which are not as yet addressed by those tools, may act as inhibitors and road blocks to using these them and thus Kubernetes in the enterprise.

Thankfully the techniques and tools for deploying Enterprise Linux distributions, securing them, and ensuring compliance already exist and can be very easily combined with kubernetes.

In this talk we’ll expand upon these enterprise requirements and use cases and show how we can use existing Ansible tooling to deploy kubernetes on bare metal or the cloud, monitor it with common enterprise monitoring tools, secure it with a 2fa SSH bastion, and ensure [DISA STIG] compliance.

Speakers
avatar for Paul Czarkowski

Paul Czarkowski

Principal Technologist, Pivotal Software
Paul Czarkowski is a recovering Systems Administrator who has run infrastructure for longer than he cares to admit. After cutting his teeth in the ISP and Gaming industries Paul changed his focus to using (and contributing to) Open Source Software to improve the Operability of co... Read More →
avatar for Major Hayden

Major Hayden

Principal Architect, Rackspace



Thursday December 7, 2017 11:10am - 11:45am
Meeting Room 12AB, Level 4

11:10am

State of Serverless [B] - Mark Peek, VMware & Doug Davis, IBM
Serverless and FaaS computing is gaining in popularity to easily create microservice applications. In this talk we will discuss what are the characteristics of serverless, the status of the serverless working group within the CNCF, and the open source options available for running serverless and associated services with a focus on kubernetes.

Speakers
avatar for Doug Davis

Doug Davis

STSM, IBM
Doug works in IBM's Open Source and Standards division. He's been working on Cloud related technologies for many years and has worked on many of the most popular OSS projects, including OpenStack, CloudFoundry, Docker and Kubernetes.
MP

Mark Peek

Principal Engineer, VMware
Mark is a Principal Engineer at VMware working across areas of interest such as cloud management, cloud native applications, and open source. Currently he is leading the work on serverless within VMware. Mark contributes to a wide range of open source projects and is the VMware r... Read More →


Thursday December 7, 2017 11:10am - 11:45am
Meeting Room 9AB, Level 3

11:10am

SIG API-Machinery Deep Dive Session - hosted by Daniel Smith, Google
Speakers
DS

Daniel Smith

Sr. Software Engineer, Google
Currently TL of Kubernetes’ API Machinery sub-team, Daniel has been working on Kubernetes since before it was open sourced, and contributed enough in the early days that he’s still one of the top contributors overall. Before that, Daniel worked on Google’s borg and AppEngin... Read More →


Thursday December 7, 2017 11:10am - 12:30pm
Meeting Room 10C, Level 3

11:10am

SIG Architecture Deep Dive - hosted by Brian Grant, Google
Speakers
avatar for Brian Grant

Brian Grant

Principal Engineer, Google
Brian Grant is the primary architect for the Kubernetes project, responsible for defining the core domain model and API design. He was previously the technical lead of Google’s internal cluster-management projects, Borg and Omega.


Thursday December 7, 2017 11:10am - 12:30pm
Meeting Room 4BC, Level 3

11:10am

TUF/Notary Salon - hosted by Justin Cappos, NYU & David Lawrence, Docker
Speakers
avatar for Justin Cappos

Justin Cappos

NYU Tandon Professor / TUF Lead
Justin Cappos is a professor in the Computer Science and Engineering department at New York University.  His research includes the TUF project, which provides a compromise-resilient mechanism for the secure distribution of software.  His research advances are adopted into production use by Docker, git, Python, VMware, automobiles, Cloudflare, Digital Ocean, and most Linux distributions. Due to the practical impact of his work, Cappos was named to Popular Science's Brilliant 10 list in 2013 recognizing him as one of 10 brilliant scientists under... Read More →
DL

David Lawrence

Senior Security Engineer, Docker
Lay security developer that has learned a lot of mistakes the hard way. David started off building authentication systems, moved on to encrypted cloud storage for a few years, and is now working on the Security Team at Docker, presently focused on securing software distribution


Thursday December 7, 2017 11:10am - 12:30pm
Meeting Room 4A, Level 3

11:55am

Squash: A Debugger for Kubernetes Apps - Idit Levine, solo.io
Squash is a tool for debugging distributed applications.

Most cloud native applications written today follow the microservice architecture. These applications are distributed by nature, and therefore hard to debug.

Microservice engineers debug their applications by printing values of select variables into log files. This leaves them with the daunting task of sorting through reams of log data, which at best provide a partial view of the state of application. This approach is cumbersome, time consuming and works better with "easy" bugs.

Many advanced tools to debug monolitic applications exist in the market, and provide users with powerful ways to dissect their programs and to interact with them on the fly. However, these tools cannot be used directly for debugging applications that follow the microservice architecture pattern.

Squash is designed to bring the strength of modern debuggers and the convenience of their IDEs to microservices developers. Squash uses popular, powerful and mature debuggers (gdb, dlv, java debugging) and integrates them seamlessly with Kubernetes. This allows devs to use the debugger of their choice, and the IDEs that support it, to develop microservices on any platform.

Thursday December 7, 2017 11:55am - 12:30pm
Meeting Room 10AB, Level 3
  • Difficulty Level Any

11:55am

SIG Windows - hosted by Michael Michael, Apprenda
Speakers
avatar for Michael Michael

Michael Michael

Sr. Director, Apprenda
Michael Michael (or M2 as he's known) is Apprenda's Senior Director of Product Management. Michael also leads the Kubernetes SIG-Windows which is tasked to bring Windows Server support natively to Kubernetes. He is an experienced, detail-oriented software engineer with problem-so... Read More →


Thursday December 7, 2017 11:55am - 12:30pm
Meeting Room 5ABC, Level 3

11:55am

Building GPU-Accelerated Workflows with TensorFlow and Kubernetes [I] - Daniel Whitenack, Pachyderm
GPUs are critical to some artificial intelligence workflows. In particular, workflows that utilize TensorFlow, or other deep learning frameworks, need GPUs to efficiently train models on image data. These same workflows typically also involve mutli-stage data pre-processing and post-processing. Thus, a unified framework is needed for scheduling multi-stage workflows, managing data, and offloading certain workloads to GPUs.

In this talk, we will introduce a stack of open source tooling, built around Kubernetes, that is powering these types of GPU-accelerated workflows in production. We will do a live demonstration of a GPU enabled pipeline, illustrating how easy it is to trigger, update, and manage multi-node, accelerated machine learning at scale. The pipeline will be fully containerized, will be deployed on Kubernetes via Pachyderm, and will utilize TensorFlow for model training and inference.

Speakers
avatar for Daniel Whitenack

Daniel Whitenack

Data Scientist, Lead Developer Advocate, Pachyderm
Daniel (@dwhitena) is a Ph.D. trained data scientist working with Pachyderm (@pachydermIO). Daniel develops innovative, distributed data pipelines which include predictive models, data visualizations, statistical analyses, and more. He has spoken at conferences around the world... Read More →



Thursday December 7, 2017 11:55am - 12:30pm
Meeting Room 9C, Level 3

11:55am

Kubernetes Feature Prototyping with External Controllers and Custom Resource Definitions [I] - Tomas Smetana, Red Hat
Getting patch into Kubernetes might be difficult. Getting a new feature into Kubernetes is... even more interesting experience. When working on the persistent volume snapshotting feature we realized that the straightest path might not lead us where we wanted, Our original idea of adding few API objects and a controller become more complicated when we presented it to the community. So we took a small detour by creating the feature out-of-tree first.

In the talk I will describe the journey of the volume snapshotting feature, how do the external controllers work, what are Custom Resource Definitions and how to add features to Kubernetes without changing its code base.

Speakers
TS

Tomas Smetana

Engineering Manager, Red Hat
Tomas is a an Engineering manager in Red Hat. He is an Open Source enthusiast who used to work on various userspace Linux components contributing to several FOSS projects. For the past one year he is active in the Kubernetes Storage SIG.



Thursday December 7, 2017 11:55am - 12:30pm
Meeting Room 6AB, Level 3

11:55am

Building Helm Charts From the Ground Up: An Introduction to Kubernetes [I] - Amy Chen, Heptio
Learn the basics of Kubernetes from the perspective of creating a Helm Chart from scratch!

The Kubernetes cluster will be launched from Rancher, an open source container management software. At the end of this workshop, you will have a functional understanding of pods, services, deployments, Helm, Rancher, and more!


Why learn Kubernetes with Helm Charts?
Much of today's beginner educational content for Kubernetes uses the Kubernetes CLI tool. This can make it hard to visualize the relationship between each command and debug your cluster. Learning how to incrementally build Helm Charts provides a bigger picture of your cluster and is more reproducible.

Why is Rancher cool?
Rancher makes it easy to configure, deploy and manage Kubernetes, on any infrastructure!

I'm in, what are we doing?
- Gain a high level understanding of key Kubernetes concepts accompanied with a lot of diagrams
- Gain an understanding of Rancher's open source container management platform
- Incrementally build a Nginx Helm Chart
- Deploy Nginx from a Kubernetes cluster managed by Rancher

Speakers
avatar for Amy Chen

Amy Chen

Software Engineer, Heptio
Amy Chen is a systems software engineer at heptio. She is passionate about containers, orchestration tools, Go, and salsa dancing. In her free time, Amy runs a youtube channel called Amy Codes where she talks about technical and non-technical aspects of being a software enginee... Read More →


Thursday December 7, 2017 11:55am - 12:30pm
Ballroom A, Level 1

11:55am

Managing and Running Multiple Kubernetes Clusters in Hybrid Setups [I] - Sebastian Scheele, Loodse & Simon Pearce, SysEleven
As hosting provider, SysEleven, runs and manages multiple Kubernetes clusters for various customers on different platforms. In this talk, we will give you a breakdown on how we run one single Google-like container engine for various clouds and also for bare metal. Moreover, we show how we provide high-availability clusters by running Kubernetes on Kubernetes.

Speakers
avatar for Simon Pearce

Simon Pearce

System Architect, SysEleven
Simon Pearce is a System Architect at SysEleven in Berlin Germany since 2013. He has over 15 years of experience in the web hosting industry. With a focus on building distributed systems on public and private clouds. He is responsible for the kubernetes service team at SysEleven... Read More →
avatar for Sebastian Scheele

Sebastian Scheele

Co-Founder, Loodse
Sebastian Scheele is the CEO and co-founder of Loodse. With Loodse, he wants to empower IT teams to focus on their core: write groundbreaking applications and design the digital future. Sebastian is passionate about the potential of container and cloud native technologies and has... Read More →


Thursday December 7, 2017 11:55am - 12:30pm
Meeting Room 8ABC, Level 3

11:55am

Running Mixed Workloads on Kubernetes at the Institute for Health Metrics and Evaluation - Dr. Tyrone Grandison, Institute for Health Metrics and Evaluation (IHME), University of Washington & Rob Lalonde, Univa
The mission of the IHME is to apply rigorous measurement and analysis to help policy makers make better decisions on a range of health policy issues. Like other organizations, the IHME have embraced containers and micro-services aggressively to better support hundreds of collaborating researchers.
In addition to containerized workloads, the IHME run a wide-variety of traditional analytic, simulation and high-performance computing workloads on an HPC cluster with 15,000 cores and 13PB of storage. Researchers increasingly need to combine both containerized and non-containerized elements into workflow pipelines, and a key challenge has been ensuring SLAs for various departments and avoiding duplicate infrastructure and unnecessary data movement and duplication. In collaboration with industry partners, IHME have deployed a unique solution based on Univa’s Navops technology that allows them to combine containerized and traditional analytic and high-performance application workloads on a single shared Kubernetes cluster, ensuring departmental SLAs and helping contain infrastructure costs.
In this talk Dr. Grandison will discuss IHME, their experience deploying containerized applications and how they went about using Kubernetes to support a variety of new containerized applications as well as a variety of traditional analytic applications.

Speakers
DT

Dr Tyrone Grandison

Chief Information Officer, Institute for Health Metrics and Evaluation (IHME), University of Washington
Tyrone is the Chief Information Officer leading the IT team at the IHME, independent global health research center at the University of Washington. The IHME provides rigorous and comparable measurement of the world’s most important health problems and evaluates the strategies u... Read More →
RL

Robert Lalonde

General Manager, Navops Business Unit, Univa
Rob is the General Manager of Univa Corporations Navops business unit. He’s responsible for business and product strategy related to container technology solutions at Univa, a company with a heritage managing large-scale, multi-tenant grid computing deployments. | Rob has comp... Read More →


Thursday December 7, 2017 11:55am - 12:30pm
Ballroom B, Level 1
  • Difficulty Level Any

11:55am

Kubernetes on AWS: Practices & Opinions [I] - Arun Gupta, Amazon Web Services & Raffaele di Fazio, Zalando
A lot of progress has been made on how to bootstrap a cluster since Kubernetes' first commit. It is now only a matter of minutes to go from zero to a running cluster on Amazon Web Services. There are still many fundamental topics to take a simple setup to something that can be run in production in a large enterprise and it is easy to get confused by the number of options and customizations.
In this talk we will show both common practices for running Kubernetes on AWS and an opinionated view of those. Specifically, we will cover options and recommendations on how to install and manage clusters, configure high availability, perform rolling upgrades and handle disaster recovery, as well as continuous integration and deployment of applications, logging, and security.
At the same time, we will explain how those topics are addressed at Zalando, Europe's leading fashion platform, based upon their experience of operating tens of Kubernetes clusters in production on AWS.

Speakers
avatar for Raffaele Di Fazio

Raffaele Di Fazio

Software Engineer, Zalando SE
Raffaele works with the Zalando's Platform Engineering team in Berlin since 2015. There he is working on container technologies, currently focusing on Kubernetes and cluster orchestration. Over the years, Raffaele developed a genuine passion for simplicity and the Golang language... Read More →
AG

Arun Gupta

Principal Open Source Technologist, Amazon Web Services
Arun Gupta is a Principal Open Source Technologist at Amazon Web Services. He has built and led developer communities for 12+ years at Sun, Oracle, Red Hat and Couchbase. He has deep expertise in leading cross-functional teams to develop and execute strategy, planning and executi... Read More →


Thursday December 7, 2017 11:55am - 12:30pm
Ballroom C, Level 1

11:55am

Building Serverless Application Pipelines [A] - Sebastien Goasguen, Bitnami
The serverless paradigm is bringing a new type of applications to the forefront of application architecture. Distributed, containerized, scalable, event-driven and ephemeral with fine grained billing. In this talk we will go through several application use-cases that are driving the serverless movement (e.g data processing, IoT, mobile-backends,machine learning) and demonstrate how these applications can be developed and deployed on top of Kubernetes using an open source serverless solution called kubeless. Through live demos and examples, we will show that Kubernetes with its rich and stable core API is the perfect platform to build FaaS solutions.

Speakers
avatar for Sebastien Goasguen

Sebastien Goasguen

Kubernetes Lead, Bitnami
Sebastien Goasguen is a twenty year open source veteran. A member of the Apache Software Foundation, he worked on Apache CloudStack and Libcloud for several years before diving into the container world. He is the founder of Skippbox, a Kubernetes startup acquired by Bitnami where... Read More →


Thursday December 7, 2017 11:55am - 12:30pm
Meeting Room 9AB, Level 3

11:55am

Preventing Attacks at Scale [I] - Dino Dai Zovi, Capsule8

Security hardening for containers, clusters, and operating systems is a very important part of setting up infrastructure and always "Plan A". The world of "Plan A" defends the importance of making sure your cluster is set up securly. Dino comes from the world of "Plan B" and will focus on detecting when security boundaries have been breached. This is necessary for environments where you don't have ability to ensure base OS is fully patched, etc.

Step into the world of Linux kernel features such as seccomp, eBPF, kprobes and Kubernetes tunable security features and learn how to detect and defend against attacks at scale.


Speakers
DD

Dino Dai Zovi

Dino Dai Zovi is the Co-Founder and CTO at Capsule8. Dino is also a | regular speaker at information security conferences having presented | his independent research at conferences around the world including DEF | CON, Black Hat, and CanSecWest. He is a co-author of the books... Read More →


Thursday December 7, 2017 11:55am - 12:55pm
Meeting Room 12AB, Level 4

12:30pm

OCI Community F2F

Join the OCI Community for a face-to-face meeting on planning for the future, from technical discussions to future roadmap discussions.


Thursday December 7, 2017 12:30pm - 2:00pm
Meeting Room 1, Level 1

12:30pm

Diversity Luncheon (pre-registration required)
We invite everyone attending KubeCon + CloudNativeCon North America 2017 to join us for a special luncheon & program featuring discussions around diversity and inclusion.  

Attendees must be registered to attend KubeCon + CloudNativeCon North America in order to attend this event.

Space is limited and registration is required.
Click here to sign-up now!

Thursday December 7, 2017 12:30pm - 2:00pm
Meeting Room 18CD, Level 4

12:30pm

Lunch (Attendees on Own)
Check out these local deals for event attendees: 

  1.  Café Blue -  10% off your bill excluding alcohol (expires COB 12/9/17)
  2.  Michelada’s – Free Queso with purchase of entrée
  3.  Max’s Wine Dive – 15% off your bill excluding alcohol (Expires COB 12/8/17)

*Must have event badge to receive discounts*

Thursday December 7, 2017 12:30pm - 2:00pm
Sponsor Showcase

2:00pm

Kube-smash! Testing your Distributed Software with Kubernetes and Kube-Smash [I] - Mikolaj Pawlikowski, Independent
When it's about distributed systems, testing is hard. But it can be fun.

Enter kube-smash, our tool for testing your software resiliency to failure by applying pressure where it hurts, designed specifically for Kubernetes.

Kube-smash works both in autonomous mode (a la Chaos Monkey) or interactive mode and allows you to:
- target specific pods, deployments and daemon sets at specific times (k8s integration)
- target specific nodes and take them down or delete alltogether (drivers for OpenStack)
- generate HTTP load to see how your application behaves during the failures
- wreak havoc through policies and see the results on the UI


Don't wait for your software to break, break it yourself, so that you can fix it before its too late !

The presentation will come with the public release of version 1.0.0 of Kube-smash. Stay tuned !

Speakers
MP

Mikolaj Pawlikowski

Software Engineer, Independent
Mikolaj Pawlikowski previously built 2 startups, worked as a freelance consultant and collaborated on open source projects like Cozy Cloud. He has been evangelizing containers and their orchestration tirelessly at Bloomberg. In his free time he's researching productivity and happ... Read More →


Thursday December 7, 2017 2:00pm - 2:35pm
Meeting Room 10AB, Level 3

2:00pm

SIG Cluster-Ops Update - hosted by Rob Hirschfeld, RackN

Operators of Kubernetes, Unite!  SIG Cluster Ops was formed nearly two years ago with the goal of being a installer neutral place for operations to collaborate.  Frankly, we've had challenges getting critical mass because operators cluster around their installer groups.  This session will discuss rechartering as Working Group and review the mission of the group.  We'll also review plans for the next 6 months.  If you're hoping Kubernetes can limit the installer explosion, then this session is a good one for you too.


Speakers
avatar for Rob Hirschfeld

Rob Hirschfeld

CEO, RackN
Rob Hirschfeld is CEO and co-founder of RackN. He co-chairs the ClusterOps SIG and served four years on the OpenStack Board. With over 15+ years of cloud and physical infrastructure automation experience, he brings a unique technology and process perspective to DevOps and SRE fie... Read More →


Thursday December 7, 2017 2:00pm - 2:35pm
Meeting Room 7, Level 3

2:00pm

''Hot Dogs or Not' - At Scale with Kubernetes' [I] - Vish Kannan & David Aronchick, Google
Kubernetes promises to be a multi workload platform. This talk will explore how Kubernetes can be easily leveraged to build a complete Deep Learning pipelines starting all the way from data ingestion/aggregation, pre-processing, ML training, and serving with the mighty Kubernetes APIs. This talk will use Tensorflow and other other ML frameworks to highlight the value that Kubernetes brings to Machine Learning. Along the way, key infrastructure features introduced to abstract and handle hardware accelerators which make Machine Learning possible will also be presented.

Speakers
avatar for David Aronchick

David Aronchick

Product manager, Google
David Aronchick is the Senior Product Manager for the Google Container Engine, and leads product management on behalf of Google for Kubernetes. David has been helping to ship software for nearly 20 years, founding and being part of the management team for three different startups... Read More →
VK

Vish Kannan

Senior Software Engineer, Google Inc
Vishnu Kannan is a Senior Software Engineer at Google. Vishnu received his Masters in ECE from Georgia Tech. He has been a systems engineer ever since he graduated. He hacked on the Linux Kernel for a couple of years at Cisco. He then worked on Borg at Google. He is currently foc... Read More →


Thursday December 7, 2017 2:00pm - 2:35pm
Meeting Room 9C, Level 3

2:00pm

Extending the Kubernetes API: What the Docs Don't Tell You [I] - James Munnelly, Jetstack
At the heart of Kubernetes is its API. Whilst on the surface it may appear relatively simple to use, under the hood is a beast of complex conversions, codecs and generators. In this talk, I'll show you how the Kubernetes maintainers have created their own tooling to make this process easy when contributing to core, and how you can use this to build your own custom controllers, operators and API servers. I'll then demonstrate this technique with a pager extension to Kubernetes.

Speakers
avatar for James Munnelly

James Munnelly

Solutions Engineer, Jetstack
I'm a Solutions Engineer at Jetstack, which involves helping customers bend and break Kubernetes to their will. I've created a number of extensions to Kubernetes core, including cert-manager (a kube-lego successor), Navigator (DBaaS for Kubernetes), and built my own simple cloud... Read More →


Thursday December 7, 2017 2:00pm - 2:35pm
Meeting Room 6AB, Level 3

2:00pm

Kubernetes Distributions and 'Kernels' - Tim Hockin & Michael Rubin, Google
Kubernetes has historically released a full fledged distribution - everything you need. As the project gets more modular, that will become more complicated. This talk will explore the problems we face with this, and some ways can solve them, considering other analogous OSS ecosystems.

Speakers
TH

Tim Hockin

Principal Software Engineer, Google
Tim is a Principal Software Engineer at Google, where he works on the Kubernetes and Google Container Engine (GKE).  He is a co-founder of the project, and he is responsible for topics like networking, storage, node, federation, resource isolation, and cluster sharing. Before Ku... Read More →
avatar for Michael Rubin

Michael Rubin

Senior Staff Eningeer & TLM, Google
Twenty years in the Systems Software Industry, from developing enterprise file servers and systems. The past ten years he has worked at Google where he founded the Linux Storage group for its data centers and worked on world wide WAN and BGP technologies. Today he is co-leading a... Read More →


Thursday December 7, 2017 2:00pm - 2:35pm
Ballroom A, Level 1
  • Difficulty Level Any

2:00pm

Hybrid-Cloud, HIPAA Compliant Enterprise with Kubernetes - Steve Sloka, UPMC Enterprises
This talk will outline how UPMC Enterprises utilizes Kubernetes on-premises and in a public cloud (AWS). We’ll see how a large enterprise balances SaaS offerings vs Kubernetes hosted services. We will walk through our approach to meet HIPAA compliance and how our deployments and underlying infrastructure changed to meet those requirements.

We'll also look at the Elasticsearch Operator which is an example of how we implement stateful applications. The operator ensures encryption at rest, in transit and provides a managed cloud offering inside Kubernetes. Also, we’ll look at how we implement Kong, an API Gateway in combination with Kubernetes Network Policies to ensure applications are limited to what they can access as well as how security is implemented outside of code.

Healthcare systems have a history of being large and complex, but Kubernetes has allowed UPMC Enterprises to be more agile and bring startup innovations to the enterprise.

Speakers
avatar for Steve Sloka

Steve Sloka

Sr. Systems Software Engineer, Heptio
Steve Sloka is a Sr. Systems Software Engineer from Pittsburgh, PA currently working at Heptio dealing with all things Cloud, Containers, and Kubernetes. At UPMC Enterprises he managed the open source initiative and has been working with k8s since early 2015.



Thursday December 7, 2017 2:00pm - 2:35pm
Meeting Room 8ABC, Level 3
  • Difficulty Level Any

2:00pm

Scaling to 5000+ Unique K8s Deployments, How We Did It [I] - Nicole Hubbard, WP Engine
Most organizations only need to run a couple deployments of their application in Kubernetes. In these situations, deploying onto Kubernetes clusters is relatively straightforward. What happens when you need to simultaneously deploy 5,000 unique instance of your application to different Kubernetes clusters at different providers worldwide?

Over the last year, we have worked to move over 60,000 of our customers' unique workloads from virtual machines onto Kubernetes. I will share our experiences on how to automate and simplify managing unique Kubernetes workloads at scale.

Speakers
avatar for Nicole Hubbard

Nicole Hubbard

Architect, WP Engine
Nicole is an Architect at WP Engine where she focuses on building container based infrastructure, automation and helping teams deploy their applications.



Thursday December 7, 2017 2:00pm - 2:35pm
Ballroom B, Level 1

2:00pm

The Easy--Don't Drive Yourself Crazy--Way to Kubernetes Networking [B] - Gerard Hickey, Smartsheet
Implementing Kubernetes is not technically difficult, but the networking layer continues to confuse and cause implementation problems for those new to Kubernetes. Not everyone is capable of using GKE and may need to implement Kubernetes in an on-prem facility. Certainly there is a wealth of online documentation to assist new users but some of this documentation is contradictory due when the documentation was written and the multitude of network stacks available.

This presentation attempts to provide clarity for new implementers and those wishing to understand Kubernetes networking better. The content covers how networking is accomplished in the Kubernetes environment and the reasons why it is implemented differently than traditional network environments. In addition, several of the popular network stacks will be reviewed to provide attendees with knowledge to make a better informed decision when choosing between network stacks.

Speakers
GH

Gerard Hickey

Principle Systems Engineer, Smartsheet
Gerard Hickey is a Principal Systems Engineer at Smartsheet where he is building the next generation data center for the world's leading collaboration solution. He has spent the past decade working with and implementing the latest technologies in an effort to provide better autom... Read More →



Thursday December 7, 2017 2:00pm - 2:35pm
Meeting Room 19AB, Level 4

2:00pm

Certifik8s: All You Need to Know About Certificates in Kubernetes [I] - Alexander Brand, Apprenda
Certificates are an integral part of a secure Kubernetes cluster deployment. They are mainly used to secure the Kubernetes API server using TLS, but certificates (and keys) are also used for other cluster functions such as client authentication, encryption of secrets, TLS bootstrapping, and the generation of service account tokens.

Certificates pose interesting challenges to cluster operators. What does the certificate setup look like in an ideal scenario? How long should certificates be valid for? When nearing expiration dates, how can certificates be rotated to ensure the cluster remains operational? These challenges must be understood when it comes to deploying and operating a Kubernetes cluster.

After this talk, you should have a better understanding of:
- How each cluster component uses certificates for secure communications
- How certificates can be used for authentication, including service account tokens
- How the Kubelet TLS bootstrapping process works
- How to plan, generate and deploy the certificates required for a secure cluster
- How to rotate certificates that are nearing their expiration date

Speakers
avatar for Alexander Brand

Alexander Brand

Senior Systems Analyst, Apprenda
Alex works on the Kismatic Enterprise Toolkit at Apprenda, making the deployment of production Kubernetes clusters easier. He has been involved with Kubernetes and related projects since early 2016. Before Apprenda, Alex attended Queen's University in Canada, where he majored in... Read More →



Thursday December 7, 2017 2:00pm - 2:35pm
Meeting Room 12AB, Level 4

2:00pm

FaaS and Furious - 0 to Serverless in 60 Seconds, Anywhere - Alex Ellis, ADP

OpenFaaS (or Functions as a Service) is a Cloud Native framework for building serverless functions with containers (as popularised by AWS Lambda). With OpenFaaS you can package any process or container as a serverless function for either Linux or Windows - just bring your Kubernetes or Docker cluster. Avoid vendor lock-in by running functions in your own datacenter or the cloud with your existing CI/CD and container ecosystem. The project focuses on ease of use through its UI and CLI which can be used to test and monitor functions in tandem with Prometheus integration that enables auto-scaling as demand increases.

You can deploy OpenFaaS in 60 seconds on Kubernetes and thanks to concise code templates all you need to write is a handler in your favourite programming language then let your cluster do the heavy lifting. OpenFaaS was recently trending as the top open-source project on GitHub and has a thriving community with 35 contributors, 900 commits and over 6k stars. Come and find out how and why people are leveraging an event-driven architecture along with some cool interactive demos and swag.

https://blog.alexellis.io/introducing-functions-as-a-service/

https://github.com/openfaas

Note - OpenFaaS is an independent project started by Alex Ellis and is now being shaped by a growing community of contributors and users.


Speakers
avatar for Alex Ellis

Alex Ellis

Principal Developer, ADP
Alex is a Docker Captain and Principal Developer @ ADP where he has years of experience in the enterprise supporting payroll and HCM for up to 500k clients. He's a polyglot, blogger, published writer and mentor in the Docker/container and Raspberry Pi community.


Thursday December 7, 2017 2:00pm - 2:35pm
Meeting Room 9AB, Level 3
  • Difficulty Level Any

2:00pm

Public TOC Meeting
Thursday December 7, 2017 2:00pm - 2:45pm
TBA

2:00pm

Kubernetes SIG Storage - Ask me Anything - hosted by Stephen Watt, Red Hat

The Kubernetes Storage SIG will be attending the salon to hang out with the community and discuss general storage topics. If you have questions you would like answered or want to talk to the storage SIG about using k8s storage or the future storage roadmap, swing by!


Speakers
avatar for Stephen Watt

Stephen Watt

Chief Architect, Emerging Technologies, Red Hat
Steve Watt is the Chief Architect for Emerging Technologies within Red Hat’s Office of Technology. The Emerging Technologies group is responsible for the early identification and incubation of emerging and disruptive technologies. Presently, Steve’s teams are working on Red Hat’s Platform and Storage community and product engineering initiatives related to Container Storage and the Kubernetes Project. Prior to their focus on containers... Read More →


Thursday December 7, 2017 2:00pm - 3:20pm
Meeting Room 10C, Level 3

2:00pm

SIG Jaeger Deep Dive Session - hosted by Yuri Shkuro, Uber Technologies & Pavol Loffay, Red Hat

This session is dedicated to an in-depth understanding of the Jaeger project. We will give a short demo, talk about various topics including the architecture, adaptive sampling, multi-tenancy, and configuration,  and review the roadmap for the upcoming year. After the session attendees should better understand the Jaeger architecture and be ready to make contributions to the project.

(Audience: Developers)

Speakers
avatar for Yuri Shkuro

Yuri Shkuro

Staff Engineer, Uber Technologies
Yuri is a Staff engineer at Uber Technologies, working on distributed tracing, reliability, monitoring, and performance. He is a member of the CNCF OpenTracing Specification Council, and the founder of Jaeger, Uber's open source distributed tracing system.


Thursday December 7, 2017 2:00pm - 3:20pm
Meeting Room 5ABC, Level 3

2:00pm

Virtualizing Workloads on Kubernetes - hosted by Fabian Deutsch, Red Hat

There are several projects related to Kubernetes which are about virtualization in one way or the other.

In this saloon users and developers have the opportunity to get an overview and discuss the different virtualization related projects.

The first part of the session will focus around differentiating the use-cases of the individual projects. And the second part is about discussing and identifying shared problems in order to understand how a potential collaboration between the groups could look.

After this session an attendee should have a clear picture on each projects use-cases and goals, as well as their technical differences and similarities.


Speakers
avatar for Fabian Deutsch

Fabian Deutsch

Associate Manager, Red Hat


Thursday December 7, 2017 2:00pm - 3:20pm
Meeting Room 4A, Level 3

2:00pm

WG Multitenancy Deep Dive - hosted by David Oppenheimer, Google & Quinton Hoole, Huawei

Kubernetes has supported "soft" multitenancy since the beginning, with features such as namespaces, ResourceQuota, and resource-based scheduling. Over the years Kubernetes has added a number of sophisticated features to strengthen its multitenancy support, for example RBAC, PodSecuityPolicy, NetworkPolicy, priority/preemption, etc.

Now is a good time to take stock of Kubernetes' multitenancy support from the perspective of different types of users -- for example small organizations where everyone trusts each other, large enterprises that need isolation between many internal teams and applications sharing a cluster, SaaS providers hosting instances of their SaaS for many users in a single cluster, and infrastructure providers offering hosted "Kubernetes as a Service" -- and ask what are the key gaps remaining to be filled. Do we need hierarchical namespaces? Better mechanisms to hide shared resources so users can't see who they're sharing the cluster with? Multitenancy policies (quota, RBAC, etc.) that span namespaces, or that apply to a label-selected subset of objects within a namespace? Split-horizon DNS? Resource scheduling within the control plane to ensure no tenant monopolizes the API server, controllers, scheduler, etc.? Where on the spectrum from "soft multitenancy" to "hard multitenancy" should Kubernetes aim (and what do these terms mean, anyway?)

In this session we will discuss what multitenancy means to us as a community, and where we should focus our multitenancy efforts in 2018.


Speakers
QH

Quinton Hoole

Quinton is currently Technical Vice President of Cloud Computing at Huawei. Previously he spent five years at Google, where he was an Engineering Lead on the Kubernetes team, and Technical Lead and Manager of Ads Serving SRE. He was also the founding engineer of the Amazon EC2 cl... Read More →
avatar for David Oppenheimer

David Oppenheimer

software engineer, Google
David Oppenheimer is a software engineer on the Kubernetes team at Google. Prior to working on Kubernetes, he worked on the Borg and Omega cluster management systems.


Thursday December 7, 2017 2:00pm - 3:20pm
Meeting Room 4BC, Level 3

2:45pm

Developing Locally with Kubernetes [I] - Ryan Jarvinen, Independent
This talk will cover several common local development scenarios, and will review the major tradeoffs found when adopting minikube, minishift, draft, and other popular tools for enabling local development of distributed web solutions.

Learn how using Kubernetes locally can help your web teams deliver solutions faster and more reliably.

Speakers
avatar for Ryan Jarvinen

Ryan Jarvinen

Developer Advocate, Red Hat
Ryan Jarvinen is a Developer Advocate and Open Source Evangelist focusing on improving developer experience in the container community. He lives in Oakland, California and is passionate about open source, open standards, open government, and digital rights. You can reach him as... Read More →



Thursday December 7, 2017 2:45pm - 3:20pm
Meeting Room 10AB, Level 3

2:45pm

SIG API-Machinery Update - hosted by Daniel Smith, Google
Speakers
DS

Daniel Smith

Sr. Software Engineer, Google
Currently TL of Kubernetes’ API Machinery sub-team, Daniel has been working on Kubernetes since before it was open sourced, and contributed enough in the early days that he’s still one of the top contributors overall. Before that, Daniel worked on Google’s borg and AppEngin... Read More →


Thursday December 7, 2017 2:45pm - 3:20pm
Meeting Room 7, Level 3

2:45pm

eBay Geo-Distributed Database on Kubernetes [A] - Chengyuan Li & Xinglang Wang, eBay
Database as a Service is one of the most interesting and challenging domains on the cloud industry. In eBay, we implemented a cloud-native geo-distributed document service based on the kubernetes. eBay extended the kubernetes to support local disk volume on bare metal machine, which enables the high performance DB can be deployed on the kubernetes as a Pod. On top of the kubernetes platform, we develop a control layer to orchestrate the databased pods and enable it can be distributed on multiple cluster, and expand the WISB model to use a workflow to auto manage the database cluster.

Speakers
CL

Chengyuan Li

Sr MTS Software Engineer, eBay
Chengyuan Li is a member in eBay Kubernetes team, his focus area is host-runtime and storage in Kubernetes. Before joining Kubernetes project, he worked in computer and network area for eBay cloud.
XW

Xinglang Wang

Sr. MTS, eBay
Xinglang Wang is a architect in eBay Data platform, he is working on ebay next generation geo-distribute database, and his main focus is the distribution and control layer of the database. Before he is the architect of ebay real-time behaviour data pipeline, focus on real-time st... Read More →


Thursday December 7, 2017 2:45pm - 3:20pm
Meeting Room 9C, Level 3

2:45pm

client-go: The Good, The Bad and The Ugly - Lili Cosic, Kinvolk
This talk will focus on client-go, a go client for talking to Kubernetes clusters. At Kinvolk we have used client-go in various Kubernetes projects. Lili will share the general use-case of client-go and explain how powerful it is to customize, optimize, and automate tasks with it. Furthermore she will explore the parts that client-go is great at, as well as the parts that can still be improved. Lili will end with a demo showing how easy it is to harvest the power of client-go, and showcase how it can be used to customize your Kubernetes experience and solve real problems.

Speakers
avatar for Lili Cosic

Lili Cosic

Software Developer, Kinvolk
Lili is a Software Developer at Kinvolk, a Berlin-based Linux development consultancy, where she works on a variety of projects surrounding Linux. Currently she is working on a Habitat Operator, a controller to easily create and manage Habitat Services on Kubernetes. In her free... Read More →


Thursday December 7, 2017 2:45pm - 3:20pm
Meeting Room 6AB, Level 3
  • Difficulty Level Any

2:45pm

Vault and Secret Management in Kubernetes [I] - Armon Dadgar, HashiCorp
Secret data is everywhere, from database credentials, TLS certificates, API tokens, to encryption keys. Manageing secrets is a difficult challenge, but HashiCorp Vault provides an answer. In this talk, we discuss the challenges in secret management, provide an overview of Vault, and discuss how Vault and Kubernetes can be integrated. Integrating Vault solves the basic secret management challenge of securely distributing credentials, but also gives applications running Kubernetes access to features like dynamic secrets which are generated on demand and cryptographic offload to securely manage data in transit and at rest.

Speakers
avatar for Armon Dadgar

Armon Dadgar

CTO, HashiCorp
Armon (@armon) has a passion for distributed systems and their application to real-world problems. He is a founder and CTO of HashiCorp, where he brings distributed systems into the world of DevOps tooling. He has worked on Nomad, Vault, Terraform, Consul, and Serf at HashiCorp... Read More →



Thursday December 7, 2017 2:45pm - 3:20pm
Ballroom A, Level 1

2:45pm

Kuberneters in Hybrid Environments Using Cloud Interconnect [A] - Marc Chisinevski, F5 Networks
Solutions to enable customers to apply consistent traffic management and security policies regardless of whether their applications are running on-premises, in a Public Cloud or in a managed Kubernetes environment.


The demos (please below) use Equinix as the cloud interconnection; however, the solution would work very similarly with other colo/interconnect providers.
The demos are using Google Container Engine but this would work very similarly in AWS, Azure and Oracle Baremetal Cloud.

Demo
------------
How it works
---------------------
The F5 Container Connector configures the F5 BIG-IPs to expose applications in a Kubernetes cluster as virtual servers, serving North-South traffic.

Components
---------------------
F5 Container Connector (http://clouddocs.f5.com/containers/v1/kubernetes/)
running in Google Container Engine (GKE).

F5 BIG-IPs running in Equinix and doing IPSec VPN to Google Cloud Platform (using Google Compute Engine VPN gateway).
The F5 BIG-IP routes traffic to the container networks via the IPSec tunnel.

Speakers
avatar for Marc Chisinevski

Marc Chisinevski

Solution Architect (worldwide), F5 Networks
https://www.linkedin.com/in/chisinevski



Thursday December 7, 2017 2:45pm - 3:20pm
Meeting Room 8ABC, Level 3

2:45pm

Automating and Testing Production Ready Kubernetes Clusters in the Public Cloud - Ron Lipke, Gannet/USA Today Network
As a large enterprise organization with legacy infrastructure, we were interested in adopting Kubernetes in our internal Platform as a Service in the public cloud. However, we faced several challenges not addressed by the turn key offerings on the market, such as:

- Maintain control over network architecture within the public cloud to integrate with our internal resource
- Allow teams to easily spin up kubernetes clusters on their own for faster development cycles while retaining cost boundaries and charge-back insight
- Quickly iterate as new kubernetes versions are released and make new features available to end-users (most recently: Role Based Access Controls and StatefulSets)

We will share our experience of using configuration management to automate the testing, building and deployment of production ready cloud agnostic kubernetes clusters to the AWS and Google clouds. We will also discuss examples of moving some of our largest application workloads to these clusters.

Speakers
avatar for Ron Lipke

Ron Lipke

Senior Developer, Platform as a Service, Gannet/USA Today Network
Nuclear plant operator turned cloud person



Thursday December 7, 2017 2:45pm - 3:20pm
Ballroom B, Level 1
  • Difficulty Level Any

2:45pm

The Elements of Kubernetes - Foundational Concepts for Apps Running on Kubernetes [I] - Aaron Schlesinger, Microsoft Azure
“The Elements of Style” is one of the most important and foundational guidelines on how to write well. It has effectively summarized, in a list of seminal guidelines, how to harness the power of the English language to write high quality prose of almost any kind.

In computing, we have similar guides for various technologies. Python offers “The Zen Of Python”, Ruby has “The Rails Doctrine”, and so on...

One of the powers these documents wield is that they help serve as a “north star” that guides an entire community toward the same goals.

I believe we need a similar guide for Kubernetes. It would describe how app developers and operators should think about and use the features in Kubernetes to build and deploy reliable, stable apps. Armed with such a guide, we could all hope to better understand the “essence” of Kubernetes in pursuit of building better cloud native apps.

We don’t have anything like this today, but many in the Kubernetes community have strong, detailed opinions for what should go in this guide. Much of it is tribal knowledge or scattered in blog posts.

In this talk, I’ll try to bring many of these opinions together and lay out an “Elements of Kubernetes” guide for app developers and operators alike. I’ll do so by relating each “element” to stories and details I’ve seen in the community that reveal what makes a good Kubernetes and cloud native app.

Speakers
AS

Aaron Schlesinger

Sr. Software Engineer, Microsoft Azure
Aaron Schlesinger is a Sr. Software Engineer on the Microsoft Azure Containers team where he works on Kubernetes and related projects. He’s involved with the Kubernetes project on multiple levels, most prominently as a co-lead in the Kubernetes Service-Catalog SIG. Outside of K... Read More →


Thursday December 7, 2017 2:45pm - 3:20pm
Meeting Room 19AB, Level 4

2:45pm

Load Testing Kubernetes: How to Optimize Your Cluster Resource Allocation in Production - Harrison Harnisch, Buffer
So you've carefully crafted your first Kubernetes service, and you're ready to deploy it to production. Well, not quite: there are still some important unknowns to understand before your service will be ready for production traffic. It's still unclear how the new service behaves when it's being pushed, and it's possible that Kubernetes will kill the service before serving a single request. At Buffer, we've developed a technique to optimize Kubernetes deployment limits by using load testing to identify optimal values for resource limits. When the service is under heavy load there are a few key metrics to watch to identify bottlenecks. These key metrics can be used to adjust resource limits. This real world approach allowed us to safely and efficiently switch over more than half our production traffic to our Kubernetes cluster and can be applied to any application.

This talk will include a live demo of how to tune Etcd using methods we do at Buffer.

Speakers
avatar for Harrison Harnisch

Harrison Harnisch

Senior Software Engineer, Buffer
Senior Software Engineer at Buffer, implementing the transition to microservices with Kubernetes and Docker


Thursday December 7, 2017 2:45pm - 3:20pm
Ballroom C, Level 1
  • Difficulty Level Any

2:45pm

Fission: Serverless Functions for Kubernetes [B] - Soam Vasani, Platform9 Systems
"Serverless" functions allow users to easily create services from source code without dealing with packaging, deployment, scaling, etc.

Fission is a serverless function framework built on Kubernetes. Users write functions and map them to event sources, such as HTTP requests, timers, Kubernetes watches, and message queues. Users don't have to deal with container images, registries or even learn Kubernetes in much detail.

Functions consume CPU and memory resources only when running. Fission makes on-demand function loading very fast by keeping an idle pool of containers running, in effect creating a distributed "threadpool".

Fission is useful for:
* Creating web app backends or REST APIs
* Implementing webhooks
* Watching Kubernetes Resources for changes to implement simple custom
controllers
* Creating Kubernetes Initializers with minimal work

In this talk we'll give a few demos for these use cases, and cover:

* How fission works with function dependencies in a language-agnostic manner
* The development lifecycle of Functions: testing and incremental deployment
* The composition of functions into workflows using the Fission Workflow project
* Observability: log aggregation, metrics with Prometheus, tracing with Opentracing/Zipkin
* The interaction of functions with service meshes (Istio/Envoy)

Speakers
SV

Soam Vasani

Software Engineer, Platform9 Systems
| Soam Vasani created and works on the Fission framework at Platform9 | Systems. He's also worked on Platform9's Kubernetes cluster deployment | and management product. His past work includes distributed | filesystems, a log analysis stack, and infrastructure management | p... Read More →


Thursday December 7, 2017 2:45pm - 3:20pm
Meeting Room 9AB, Level 3

3:20pm

Afternoon Break
Thursday December 7, 2017 3:20pm - 3:50pm
Palazzo, Level 1

3:50pm

Helm Chart Patterns [I] - Vic Iglesias, Google
You will learn about the patterns and best practices we have learned from reviewing and maintaining the charts in the public Helm Charts repo. You will learn how to make your charts reproducible, scalable, flexible, configurable, and composable.

Speakers
avatar for Vic Iglesias

Vic Iglesias

Staff Solutions Architect, Google
Vic Iglesias is a Staff Solutions Architect at Google with years of experience in both on-premise and in-cloud workload deployment, orchestration and management. He is a maintainer of the Kubernetes Charts repo and focuses on helping customers adopt Container Engine reliably, sec... Read More →


Thursday December 7, 2017 3:50pm - 4:25pm
Ballroom A, Level 1

3:50pm

SIG OpenStack Update - hosted by Stephen Gordon, Red Hat & Chris Hoge, OpenStack

SIG OpenStack coordinates the cross-community efforts of the OpenStack and Kubernetes communities. This includes co-ordinating improvements to and documentation of the OpenStack cloud provider implementation in Kubernetes as well as supporting efforts to deploy OpenStack itself using Kubernetes. Attend this session to learn more about the SIG's mission, recent accomplishments, and future plans.


Speakers
avatar for Stephen Gordon

Stephen Gordon

Principal Product Manager, Red Hat Canada
Stephen is a Sr. Technical Product Manager focused on OpenStack Compute and supporting technologies at Red Hat. Previously Stephen was a technical writer producing documentation for Red Hat Enterprise Linux OpenStack Platform, Red Hat Enterprise Virtualization, and related open source projects including the OpenStack documentation project. | | Stephen is an avid collector of... Read More →
avatar for Chris Hoge

Chris Hoge

Interop Engineer, OpenStack Foundation
Chris Hoge is the Interop Engineer for the OpenStack Foundation. He's been an active contributor to the Interop Working Group (formerly DefCore), and helps run the trademark program for the OpenStack Foundation. He also works on collaborations between the OpenStack and Kubernetes... Read More →


Thursday December 7, 2017 3:50pm - 4:25pm
Meeting Room 4BC, Level 3

3:50pm

Running MySQL on Kubernetes [I] - Patrick Galbraith, Consultant
MySQL is the world's most popular open source database and there are a number of ways to run it on Kubernetes. This talk will cover each type of MySQL deployment strategy starting from a simple MySQL pod, to a asynchronous replicated master-slave, synchronous Galera cluster, and on to a Vitess clustering system which allows for horizontal scaling of MySQL and innately has built-in sharding, explaining how each is deployed, what features are available, and what type of application they lend themselves to.


Speakers
avatar for Patrick Galbraith

Patrick Galbraith

Principal Platform Engineer, Oracle
Patrick Galbraith has been involved in MySQL, Linux, and other Open Source (OSS) projects back to the early days of Slackware. He has worked broad spectrum of companies throughout his career, including Slashdot, MySQL, Blue Gecko, Hewlett-Packard, and landing recently at Dyn, an... Read More →



Thursday December 7, 2017 3:50pm - 4:25pm
Meeting Room 9C, Level 3

3:50pm

Using Custom Resources to Provide Cloud Native API Management - Frank B Greco Jr, Northwestern Mutual
API management is an essential component for all production services. Northwestern Mutual uses it to secure 100s of microservices deployed to our Kubernetes clusters every day! Learning from our API management journey over the past few years, we found many ways to innovate in this space. Using Custom Resource Definitions as a catalyst, we created an open source project called Kanali, a Kubernetes native API management solution. In this talk, we will take you through our API management journey that led up to Kanali and then discuss how to use Kanali to secure your Kubernetes workloads. We will also look at how Kanali integrates with open source developer tooling such as Opentracing, Jaeger, and Grafana.

Speakers
avatar for Frank Basil Greco

Frank Basil Greco

Cloud Native Engineer, Northwestern Mutual
Hi I’m Frank! I’m an extremely passionate tech engineer, developer, and architect from Milwaukee. My current passions lie in highly available and scalable infrastructure, containerization, serverless architecture, automation, artificial intelligence, web development, API management and algorithm theory. I am also very passionate about open source software and contribute regularly. I love working in a fun, collaborative and startup-like atmosphere with passionate individuals. For fun... Read More →


kanali pdf

Thursday December 7, 2017 3:50pm - 4:25pm
Meeting Room 6AB, Level 3
  • Difficulty Level Any

3:50pm

Multi-Cluster Ops in a Hybrid World [A] - Vitaliy Zinchenko & Kire Filipovski, Oracle
The reality of multiple Kubernetes deployments typically leaves you with varied cluster profiles, deployed on a mix of on-prem and public cloud environments. Production ops for large distributed systems is hard enough in a single environment, but becomes even more complex with hybrid conditions.
In this talk, we’ll dissect how to leverage federation for Kubernetes governance across capacity management, micro service dependencies, infrastructure upgrades, versioning, and security, as well as, global high availability, continuity, and resiliency, in a hybrid environment.

Speakers
KF

Kire Filipovski

Kire Filipovski works as a Cloud Architect at Oracle leading design and implementation of a distributed containerized application management system. Previously Kire worked as a Distinguished Cloud Architect at Walmart where he designed computing platforms that transformed the w... Read More →
VZ

Vitaliy Zinchenko

Cloud Architect, Oracle
Vitaliy Zinchenko is Oracle’s Cloud Architect working on the design and implementation of a Global Application System for Oracle Cloud customers. Prior to joining Oracle, Vitaliy was with Walmart Labs as a Principal System Engineer, where he implemented a cloud based applicatio... Read More →


Thursday December 7, 2017 3:50pm - 4:25pm
Meeting Room 8ABC, Level 3

3:50pm

Large Scale Teaching Infrastructure with Kubernetes - Yuvi Panda, Berkeley University

Data Science & Programming literacy is an important aspect of literacy in the 21st century, but teaching these skills at scale is quite difficult. At UC Berkeley, we are trying - our 'Foundations of Data Science' course has no pre-requisites, and routinely attracts more than a 1000 students from across majors. 

Requiring students to have local programming environments installed & debugged is a non-starter at this scale. We have been running a Kubernetes based JupyterHub environment that allows them to do all their programming with a web based environment with Jupyter Notebooks. This is an important change in many ways:

1. Lets students start instantly with writing code, rather than dealing with the accidental complexity of installing software locally

2. Acts as an equalizer - a student using a chromebook borrowed from the library has no disadvantage over someone using an expensive Macbook Pro

3. This is course critical infrastructure, and needs high availability at low human / dollar cost

In this talk we'll go over how we have:

1. Used Kubernetes to make reduce our costs while allowing a larger group of people to deploy safely to various cloud providers.

2. Extracted our JupyterHub deployment into a project part of Project Jupyter (Zero to JupyterHub) that is being adopted at other universities & organizations.


Speakers
YP

Yuvi Panda

Berkeley University


Thursday December 7, 2017 3:50pm - 4:25pm
Ballroom B, Level 1
  • Difficulty Level Any

3:50pm

Welcome to Kubernetes - Introduction and Toolkit for Getting Started with Kubernetes [B] - Guinevere Saenger, Samsung SDS
This talk will focus on the beginning Kubernetes user by providing a basic introduction with explanations and example use cases. The presenter is herself a newcomer to Kubernetes and is thus uniquely placed to present information from a beginner’s perspective and share her personal strategies for success. Specific examples include: how to find mentors; how to find answers when the docs are confusing; how to get involved with local Kubernetes groups; and finding the best online learning tools. Attendees who are fairly new to tech itself or entered tech through non-traditional ways are especially encouraged to attend in order to add to their toolbox of resources.

Speakers
GS

Guinevere Saenger

Software Engineer, Samsung SDS
In 2016, Guinevere Saenger transitioned from being a full-time professional pianist to a career in tech. To do so, she obtained a spot at the highly competitive Ada Developers Academy in Seattle, a year-long, tuition-free, bootcamp-style software development training program for... Read More →



Thursday December 7, 2017 3:50pm - 4:25pm
Meeting Room 19AB, Level 4

3:50pm

Whither Deployment: Distributions or Tool Chains? [B] - James Turnbull, Empatico
Kubernetes is a complex platform. Additional complexity is added with every release. Kubernetes also has a fast growing ecosystem of supporting tools that can provide monitoring, networking, deployment, and security. The functionality of tools in the ecosystem overlaps and opposes, both with other tools and Kubernetes itself. Working out how to deploy Kubernetes and what combination of components and tools to deploy with it is often based on the last blog post you read or the current tool du jour. This poses a serious risk for building longer term, stable deployments of Kubernetes.

In this talk, we'll step through a variety of methods for deploying Kubernetes. We'll look at scaling from lab environments to multi-tier, multi-environment lifecycles. We'll also examine what you'll need to make a robust production deployment work and what tooling you'll need to build a continuous deployment lifecycle based around Kubernetes.

Attendees will come away from the talk with several potential deployment patterns for Kubernetes with a clear articulation of the pros and cons of each approach. They'll understand the levers available to them to scale those patterns and when those patterns will require refactoring or replacement.

Speakers
avatar for James Turnbull

James Turnbull

CTO, Empatico
James Turnbull is the author of ten technical books about open source software, including books on Docker, Terraform, monitoring and security. James is CTO at Empatico and was previously CTO at Kickstarter. He was also previously in leadership roles at Docker, Venmo and Puppet. J... Read More →


Thursday December 7, 2017 3:50pm - 4:25pm
Ballroom C, Level 1

3:50pm

Compliance and Identity Management in Kubernetes [I] - Marc Boorshtein, Tremolo Security, Inc.
Compliance with what? Depends on your industry. As k8s continues to expand into regulated enterprises such as government, health care and financials deployments will need to understand how managing users and their access relates to compliance obligations. This session will focus on how identity management can be approached for solving this issue. How do you onboard users? Authorize their access to a namespace? Offboard them? Is there a need to differentiate between a privileged user and an unprivileged user? I'll go beyond the technical implementation in k8s and tie it to specific compliance requirements in FISMA and demo how solving the compliance issue can also improve the usability and security of your k8s deployment. This talk will follow a similar form to https://www.tremolosecurity.com/openshift-compliance-and-identity-management/ but specifically on k8s.

Speakers
avatar for Marc Boorshtein

Marc Boorshtein

CTO, Tremolo Security, Inc.
Marc has nearly fifteen years of identity and access management experience as a software engineer, product developer, and consultant. He is experienced building, deploying, and managing identity systems from most major vendors across numerous industries as well as working with se... Read More →



Thursday December 7, 2017 3:50pm - 4:25pm
Meeting Room 12AB, Level 4

3:50pm

Pontoon: An Enterprise Grade Serverless Framework Using Kubernetes – As Used in VMware Cloud Services [I] - Kumar Gaurav & Mageshwaran Rajendran, VMware
In VMware Cloud services, we perform both batch and real-time computations based on periodic schedules and on-demand events, using our in-house developed serverless framework called Pontoon. This provides better utilization of resources and enables our service developers to write serverless functions with simple declarations.
Kubernetes provides Jobs and Deployments as design constructs to handle such needs, while other frameworks like IronIO Functions, Fabric8, et al aim to solve end-to-end use case . However, we had to extend on top of Kubernetes Jobs & Deployments to define the packaging and I/O interactions of the function, implement a priority queue for execution, and provide declarative retry policy while ensuring high availability. A developer 'writes' a function supporting common EAI patterns for start time parameterized variables, and defines it's packaging and scheduling using a yaml file. The framework then packages it as a Container alongwith an 'observer' container in a pod, 'registers' it with the scheduler while ensuring choice of 'warm' vs on-demand requisite replicas of the pod, and then through a 'Scalar' manages the execution and life cycle of job, while logging and tracing failures/success.
This framework is in use over months in VMware Cloud services and we are now open sourcing it.

Speakers
avatar for Kumar Gaurav

Kumar Gaurav

Director R&D, VMware
Kumar Gaurav is working on the first set of services under VMware Cloud Services umbrella, a SaaS offering. He is a veteran in VMware, having built many cloud management products over 9 years and holds dozens of US patents, and few academic publications in Container space. He is... Read More →
MR

Mageshwaran Rajendran

Mageshwaran Rajendran is a lead designer and co-architect of Cost Insight- one of the service under VMware Cloud Services SaaS offering. He has earlier built big data based batch & real-time data pipelines handling TB’s data for financial institution and distributed application... Read More →



Thursday December 7, 2017 3:50pm - 4:25pm
Meeting Room 9AB, Level 3

3:50pm

Enabling NFV Features in Kubernetes - hosted by Kuralamudhan Ramakrishnan & Ivan Coughlan, Intel

Network Orchestration using Containers and Kubernetes, are being considered by Communication Service Providers for next-gen cloud-based network deployments. While these technologies have been around and deployed for years now, more needs to be done in order to allow managed, performant and predictable service delivery, as required by Communication Service Providers. Intel has been working with partners and with open source communities to address those requirements and to deliver consumable capabilities and performance by enabling NFV Features in Kubernetes.

Through this hands on lab session,  you will learn about Intel’s Container Bare Metal Experience Kits, the new capabilities introduced by Intel and Kubernetes features that will enable you to develop NFV use cases in Container-bare-metal deployments. Attendees that register will also get an Intel USB stick with information on K8S NFV features.


Speakers
IC

Ivan Coughlan

SW Architect, Intel
avatar for Kuralamudhan Ramakrishnan

Kuralamudhan Ramakrishnan

Senior Software Engineer, Intel
Kuralamudhan Ramakrishnan is working as a Senior Network Software Engineer in Intel, Shannon Ireland. Kuralamudhan has specialised in the field of Networking for past 7 years in storage and data management and worked in Telco industries. He is very new to could computing and cont... Read More →


Thursday December 7, 2017 3:50pm - 5:10pm
Meeting Room 5ABC, Level 3

3:50pm

SIG Multicluster Deep Dive - hosted by Christian Bell, Google
Speakers
CB

Christian Bell

Software Engineer, Google
I am co-lead of the Kubernetes Multicluster SIG (previously Federation SIG). I am interested in how users can make use of multiple clusters for high availability, regional proximity and consistent deployments across regions and multiple cloud providers.


Thursday December 7, 2017 3:50pm - 5:10pm
Meeting Room 4A, Level 3

3:50pm

Containerd Salon - hosted by Derek McGowan & Stephen Day, Docker & Lantao Liu, Google

The Containerd Salon will include an introduction to containerd and cri-containerd, a getting started with Containerd, and a walk-through for setting up Kubernetes with cri-containerd. There will also be time for Q&A and discussion with the developers of both projects.


Speakers
avatar for Stephen Day

Stephen Day

Senior Software Engineer, Docker
Stephen Day is a software engineer at Docker. His many contributions to Docker ecosystem projects include SwarmKit and the version 2 specification for the Docker Registry HTTP API, and evolving the available models for container image distribution. He currently works on container... Read More →
avatar for Derek McGowan

Derek McGowan

Software Engineer, Docker


Thursday December 7, 2017 3:50pm - 5:10pm
Meeting Room 7, Level 3

3:50pm

OpenTracing Salon - hosted by Yuri Shkuro, Uber Technologies & Pavol Loffay, Red Hat
Speakers
avatar for Yuri Shkuro

Yuri Shkuro

Staff Engineer, Uber Technologies
Yuri is a Staff engineer at Uber Technologies, working on distributed tracing, reliability, monitoring, and performance. He is a member of the CNCF OpenTracing Specification Council, and the founder of Jaeger, Uber's open source distributed tracing system.


Thursday December 7, 2017 3:50pm - 5:10pm
Meeting Room 10C, Level 3

4:35pm

Developer Tooling for Kubernetes Configuration [I] - Gareth Rushgrove, Puppet
Writing Kubernetes YAML files provides a simple starting point for most users of Kubernetes. Mainly through the power of copy and paste we all get our first examples working. But as usage of Kubernetes grows, spanning teams and time, we build up a lot of those YAML files. Many people reach for templating, or look at higher-level tooling like Helm packages next. But catching errors is still mainly a manual process of running the resulting configuration against a working Kubernetes cluster.

In this talk we’ll look at what’s missing in this workflow, looking for inspiration from developer tooling from other languages and frameworks. In particular we’ll consider:

* Ways of providing feedback about invalid configuration in our text editors
* Validating configuration against the Kubernetes types, especially useful when generating that configuration from templates
* Checking Kubernetes configuration is valid for different versions of Kubernetes
* What unit testing our Kubernetes configuration looks like
* How to integrate all of this together into a continuous integration based workflow

We’ll show examples using straight YAML files, templating and higher-level tooling like Helm and Jsonnet. The talk will also cover the benefits of a standard development environment, especially for new users, and provide tips for those getting started and more experienced users. The audience should come away with ideas for making there Kubernetes experience more efficient and more developer friendly.

Speakers
GR

Gareth Rushgrove

Principal Staff Engineer, Puppet
Gareth Rushgrove is a principal software engineer at Puppet. He works remotely from Cambridge, UK, building interesting tools for people to better manage infrastructure. Previously he worked for the UK Government Digital Service focused on infrastructure, operations and informati... Read More →


Thursday December 7, 2017 4:35pm - 5:10pm
Meeting Room 10AB, Level 3

4:35pm

SIG Apps Update - hosted by Matt Farina, Samsung SDS

SIG Apps is the Special Interest Group that covers deploying and operating applications in Kubernetes. Being an area with a large surface area there's a lot going on. In this update session we'll look at how SIG Apps is setup along with a little history followed by updates on:

  1. The Workloads API in Kubernetes
  2. Ecosystem projects run by the Kuberentes organization such as Helm, Charts, Monocular, and others
  3. The state of the broader ecosystem and how we're looking to better enable that

Speakers
avatar for Matt Farina

Matt Farina

Samsung SDS
Matt works on the Cloud Native Computing Team at Samsung SDS where he focuses on cloud native applications. He is an author, speaker, and regular contributor to open source. Matt has a particular interest in developer tooling and experience, CI/CD, dependency management, and, of... Read More →


Thursday December 7, 2017 4:35pm - 5:10pm
Meeting Room 4BC, Level 3

4:35pm

Accelerating Humanitarian Relief with Kubernetes [I] - Erik Schlegel & Christoph Schittko, Microsoft
How can UN humanitarian aid field experts use social media to gain insight, understand trends and track key humanitarian issues? Through a collaboration with Microsoft and UN OCHA, Project Fortis was created to accelerate the surveillance around humanitarian disasters and health epidemics around the world.
This talk discusses the architecture of a high-available native spark pipeline running across multiple Kubernetes clusters to support Fortis customers.

Speakers
avatar for Christoph Schittko

Christoph Schittko

Principal Software Development Engineer, Microsoft
Christoph Schittko is an engineer with Microsoft working with customers on innovative solutions in the areas of containerization and AI. He's been working with Microsoft customers on building cloud solutions since Azure was called "Red Dog". He’s recently been a contributor t... Read More →
ES

Erik Schlegel

Senior Engineer, Microsoft
Erik is an open source engineer at Microsoft, and based in the Austin area. He's one of the original contributors to the React Native Universal Windows Platform (UWP). Erik leads the engineering effort of Project Fortis, an open source data gathering / surveillance insight platfo... Read More →



Thursday December 7, 2017 4:35pm - 5:10pm
Meeting Room 9C, Level 3

4:35pm

Extending Kubernetes: Our Journey & Roadmap [I] - Daniel Smith & Eric Tune, Google
What is the vision for Kubernetes Extensibility? Do you know the difference between initializers, cloud providers, and the CRI? In this talk we will describe how extension points in Kubernetes have evolved and go over the options today, and what they let you do. As we go over the extension points, we’ll give our vision for how they will evolve in the future, and talk about the sorts of things we expect the broader Kubernetes ecosystem to build out of them.

Speakers
DS

Daniel Smith

Sr. Software Engineer, Google
Currently TL of Kubernetes’ API Machinery sub-team, Daniel has been working on Kubernetes since before it was open sourced, and contributed enough in the early days that he’s still one of the top contributors overall. Before that, Daniel worked on Google’s borg and AppEngin... Read More →
ET

Eric Tune

Eric has worked on Kubernetes since before the first public release. He has contributed to Security, Tenancy, Application Controllers, Charts, Jobs, documentation, and more. Before Kubernetes, he worked on Google's Borg system, on datacenter-scale efficiency and performance measu... Read More →


Thursday December 7, 2017 4:35pm - 5:10pm
Meeting Room 6AB, Level 3

4:35pm

The Architecture of a Multi-Cloud Environment with Kubernetes [I] - Brian Redbeard, CoreOS
Kubernetes is an orchestration platform that enables running distributed systems, which are designed with the philosophy of spreading wide to best prepare for outages. This is achieved by deploying your cloud applications at least across multiple hosts, and at best across multiple cloud vendors. Getting Kubernetes configured to run across multiple cloud environments, including on-premises, hybrid deployments, is a tricky undertaking. Hybrid deployments are a feature many organizations want to implement for a variety of reasons, including security over their data, reliability, and more.

Brian Redbeard, chief architect at CoreOS, will discuss the importance of using open source tools to prevent cloud vendors from locking their users into their walled gardens, and will explore the challenges of making Tectonic, CoreOS’s Kubernetes implementation, able to run on multiple cloud platforms.

Speakers
BR

Brian Redbeard

Chief Architect, CoreOS
Brian Harrington, also known as Redbeard, is chief architect at CoreOS. He is a developer, hacker, and technical writer in the areas of open-source development and systems administration. His time spent in both defensive and offensive computing have combined with his readings of... Read More →


Thursday December 7, 2017 4:35pm - 5:10pm
Ballroom A, Level 1

4:35pm

101 Ways to Crash Your Cluster [I] - Marius Grigoriu & Emmanuel Gomez, Nordstrom
Running a kubernetes cluster requires operating many components. One must be good at running and scaling etcd, multiple control plane components, a monitoring system, a logging pipeline, Docker, rkt, and Linux itself. And this list isn't even close to being complete. With such a long list of technologies comes the potential to make a mistake that brings the whole cluster down. Come hear war stories from the Nordstrom's Kubernetes cluster admins. Each is a true story of how the cluster melted down, how they recovered, and what they did to prevent it from happening again. Don't let any of these happen to you...

Speakers
avatar for Emmanuel Gomez

Emmanuel Gomez

Principal Engineer, Nordstrom
Emmanuel initiated and served as tech lead on the Kubernetes platform efforts at Nordstrom for the last three years. He was working with and advocating for containers before the Kubernetes 1.0 release and has continuously (and tirelessly) developed, operated, educated, and led co... Read More →
avatar for Marius Grigoriu

Marius Grigoriu

Sr. IT Manager, Nordstrom
Marius Grigoriu leads the teams responsible for all of the major tools along the software delivery pipeline: issue tracking, version control, continuous integration and deployment, and production through the use of Kubernetes. His focus is to help teams ship high quality systems... Read More →


Thursday December 7, 2017 4:35pm - 5:10pm
Ballroom B, Level 1

4:35pm

Using Kubernetes API from Go [B] - Alena Prokharchyk, Rancher Labs
As Kubernetes becomes increasingly popular, the number of integration and monitoring services around it are also growing. The key component of any such service written in Golan is kubernetes/client-go – a package that is used to talk to Kubernetes cluster APIs. During this talk, we will discuss the basics of client-go usage and how they can save the developer time needed for writing an actual app logic.
We will also demonstrate the best practices for using the package and lessons learned from the perspective of a developer who does integration work with Kubernetes on a daily basis. Following items will be covered:

* Client authentication in cluster vs outside of cluster
* Basic list, create and delete operations for Kubernetes objects with client-go
* How to watch and react on Kubernetes events using ListWatch and Informers
* Package dependencies (vendor) management

Speakers
avatar for Alena Prokharchyk

Alena Prokharchyk

Principal Software Engineer, Rancher Labs
Alena Prokharchyk is a Software Engineer at Rancher Labs. Before Rancher Labs, Alena joined Citrix through the Cloud.com acquisition, where she worked on CloudStack - Infrastructure as a Service (IaaS) cloud computing platform. For the past three years with Rancher Labs, Alena wo... Read More →



Thursday December 7, 2017 4:35pm - 5:10pm
Meeting Room 19AB, Level 4

4:35pm

kubeadm Cluster Creation Internals: From Self-Hosting to Upgradability and HA [A] - Lucas Käldström, Student
kubeadm is the Kubernetes tool that helps you set up a Kubernetes cluster quickly and easily. kubeadm is different from other Kubernetes setup tools in that it doesn’t assume or depend on any special infrastructure. It assumes that you have one or more machine available and those machines can connect to each other via the network.

The master plan is to make kubeadm work both as the “fast path” to getting a best-practice Kubernetes cluster with a couple of easy-to-remember commands and as a toolbox for higher-level solutions like GKE, kops and Tectonic.

But how does kubeadm actually set up a cluster? How is it so easy to add a node with the Bootstrap Token? How does it self-host the control plane? How does it upgrade clusters smoothly with only one command? What is the plan for achieving HA without relying on any external infrastructure?

After this talk, you will be able to describe how:
  • kubeadm runs the different tasks in different stages
  • the network traffic between the cluster components flow
  • self-hosting of the control plane works
  • the Bootstrap Token works
  • the `kubeadm upgrade` command works
  • kubeadm will support multiple masters that are dynamically rotated
  • you can extend kubeadm to build your higher-level Kubernetes deployment tool

Speakers
avatar for Lucas Käldström

Lucas Käldström

Individual Maintainer, Student
Lucas is a passionate Kubernetes Maintainer and CNCF Ambassador that is excited about all things cloud native. Lucas has been engaged in Kubernetes work for about two years now and been involved in work like porting Kubernetes to multiple platforms, getting Minikube off the groun... Read More →



Thursday December 7, 2017 4:35pm - 5:10pm
Ballroom C, Level 1

4:35pm

Multi-Tenancy Support & Security Modeling with RBAC and Namespaces [I] - Fred Vong & Michael Y. Chen, VMware
As container technologies mature, Kubernetes is clearly gaining momentum with developers as a means to deploy their distributed applications. As more applications and clusters are deployed by more developers, multi-tenancy and isolation become concerns not only for the app developer, but also for the cluster admins. In this talk, we will discuss the various cluster security models available today, and how to use namespaces to provide tenant isolation. We will also demonstrate how to use Kubernetes’ Role Based Access Control (RBAC) feature as means of enforcing a multi-tenant security model. By assigning roles and role bindings and creating namespaces, we can implement restrictions on resource consumption and provide tenant isolation throughout the cluster. We’ll also demonstrate how the RBAC feature provides granularity of access control that can be adjusted to suit varying requirements—from granting full access to users or groups to a cluster to only granting access to specific resources within a namespace. Following the discussion of how to build a security model with namespaces and RBAC, this talk will also feature a live demonstration of RBAC and namespaces in action to illustrate the concepts and show how both admins and developers are affected by the model.

Speakers
avatar for Michael Chen

Michael Chen

Senior Manager, VMware
FV

Fred Vong

Staff Engineer, VMware
Fred Vong is passionate about the cloud and data center automation technologies. Currently, he is actively working on both OpenStack and container orchestration area in VMware. He believes deployment of whole software stack should be as simple as clicking a button.


Thursday December 7, 2017 4:35pm - 5:10pm
Meeting Room 12AB, Level 4

4:35pm

Building and Running an Enterprise-grade Serverless Platform on Kubernetes - Ying Huang & Quinton Hoole, Huawei
Serverless platforms provide functions as a service, and have become a hot topic largely because they allow developers to focus on core business logic, leaving packaging, deployment, monitoring, event propagation, scaling and load balancing to the infrastructure. The serverless billing model is simple - pay-per-invocation - which can being significant benefits for many event-driven applications.

Huawei launched its FunctionStage serverless platform, which is built on Kubernetes, in 2017. In this talk we will explain in detail the design and implementation of FunctionStage. This involved both fairly straightforward function packaging, scheduling, auto-scaling, event triggering and load balancing, as well as some significantly more interesting challenges related to container re-use, on-the-fly micro service provisioning, reliable operation and much more. We will demonstrate the use of our system to solve some complex real-world problems in Huawei Public Cloud.

Speakers
QH

Quinton Hoole

Quinton is currently Technical Vice President of Cloud Computing at Huawei. Previously he spent five years at Google, where he was an Engineering Lead on the Kubernetes team, and Technical Lead and Manager of Ads Serving SRE. He was also the founding engineer of the Amazon EC2 cl... Read More →
YH

Ying Huang

Senior Software Architect, Huawei
Ying is currently a senior software architect at PaaS (Platform-as-a-Service) team at Huawei. She played a key role leading the design and implementation of FaaS (Function-as-a-Service) platform in Huawei. Before that, she worked in Microsoft Azure Identity team as an engineer fo... Read More →



Thursday December 7, 2017 4:35pm - 5:10pm
Meeting Room 9AB, Level 3
  • Difficulty Level Any

6:00pm

All Attendee Party - Join us on Rainey Street!

Join us for an evening filled with the best eats, libations, live music and games the city has to offer!

The KubeCon + CloudNativeCon North America 2017 All-Attendee Party will be hosted along Austin’s famed Rainey Street on the evening of Thursday, December 7, spread out across eight different venues.  Check the website for details on each venue. 

Badges and ID are required to get in to all venues. Don't forget a jacket!

Note: Banger's is the only all ages venue. 


Thursday December 7, 2017 6:00pm - 10:00pm
Rainey Street
 
Friday, December 8
 

8:00am

9:00am

Keynote: Opening Remarks
Friday December 8, 2017 9:00am - 9:10am
Exhibit Hall 3, Level 1

9:10am

Keynote: Kubernetes Community - Sarah Novotny, Head of Open Source Strategy, Google Cloud Platform, Google
Speakers
avatar for Sarah Novotny

Sarah Novotny

Head of Open Source Strategy for GCP, Google
Sarah Novotny is head of Open Source Strategy group for Google Cloud Platform. She has long been an Open Source community champion in communities such as Kubernetes, NGINX and MySQL and ran large scale technology infrastructures before web-scale had a name. She co-founded Blue Ge... Read More →


Friday December 8, 2017 9:10am - 9:30am
Exhibit Hall 3, Level 1

9:30am

Keynote: Kubernetes at GitHub - Jesse Newland, Principal Site Reliability Engineer, GitHub

In this talk, Jesse will provide an overview of the premises Kubernetes deployments that currently power 20% of GitHub's production services. He'll also review the challenges GitHub has faced and overcome so far during their Kubernetes journey, and highlight ongoing and future Kubernetes enhancements that GitHub is excited about.


Speakers
avatar for Jesse Newland

Jesse Newland

Principal Engineer, GitHub
Experimenting with Kubernetes at GitHub.


Friday December 8, 2017 9:30am - 9:50am
Exhibit Hall 3, Level 1

9:50am

Keynote: Manage the App on Kubernetes - Brandon Philips, CTO, CoreOS

Kubernetes has yet to close the developer gap from source code to app running in a production Kubernetes cluster. Many build bespoke tools. How can the Kubernetes community come together to build decomposable solutions that help people define their app, deploy it, and manage its lifecycle over time? Learn about the progress we are making together to elevate the conversation from container orchestration to application lifecycles management.


Speakers
avatar for Brandon Philips

Brandon Philips

CTO, CoreOS, Inc.
Brandon Philips is helping to build modern Linux server infrastructure at CoreOS as CTO. Prior to CoreOS, he worked at Rackspace hacking on cloud monitoring and was a Linux kernel developer at SUSE. As a graduate of Oregon State's Open Source Lab he is passionate about open sourc... Read More →


Friday December 8, 2017 9:50am - 9:55am
Exhibit Hall 3, Level 1

9:55am

Keynote: What's Next? Getting Excited about Kubernetes in 2018 - Clayton Coleman, Architect, Kubernetes and OpenShift, Red Hat

The Kubernetes ecosystem has grown tremendously over the last three years.  Each release pushes the boundaries of what we can accomplish and brings new participants and new success stories.  That success has a price: how do we do what's best for the community and for our users, and what's on deck for 2018?


Speakers
avatar for Clayton Coleman

Clayton Coleman

Architect, Kubernetes and OpenShift, Red Hat
Clayton is architect and engineer on cloud orchestration and | containers at Red Hat, in charge of both technical direction for | Kubernetes and OpenShift (Red Hat's platform as a service built on top | of Kubernetes) as well as the broader container and container content | effor... Read More →


Friday December 8, 2017 9:55am - 10:15am
Exhibit Hall 3, Level 1

10:15am

Keynote: What is Kubernetes? - Brian Grant, Principal Engineer, Google

Kubernetes has been described many different ways. How should one think about the platform? It partly depends on the problems you are trying to solve with it. I will discuss 10 ways to view Kubernetes based on use cases, how those uses relate to its features and architecture, how Kubernetes supports the features, and how the architecture is evolving to support them better. 


Speakers
avatar for Brian Grant

Brian Grant

Principal Engineer, Google
Brian Grant is the primary architect for the Kubernetes project, responsible for defining the core domain model and API design. He was previously the technical lead of Google’s internal cluster-management projects, Borg and Omega.


Friday December 8, 2017 10:15am - 10:35am
Exhibit Hall 3, Level 1

10:30am

Sponsor Showcase
Friday December 8, 2017 10:30am - 4:00pm
Exhibit Halls 1 & 2

10:35am

Closing Remarks
Friday December 8, 2017 10:35am - 10:40am
Exhibit Hall 3, Level 1

10:40am

Morning Break
Friday December 8, 2017 10:40am - 11:10am
Palazzo, Level 1

11:10am

A Scheduling Simulator for Capacity Estimation of Kubernetes Clusters - Avesh Agarwal, Red Hat
Capacity planning is very important for meeting dynamic demands in any clusters. Without having an approximate view of the remaining capacity in a cluster, it is hard for cluster operators to decide if and when the cluster should be provisioned with more capacity or not. In Kubernetes clusters, capacity is associated with worker nodes in terms of resources such as cpu, memory or storage. Discussing capacity in terms of individual resources may be a bit ambiguous because a Pod is the smallest schedulable unit in Kubernetes clusters. Therefore, cluster operators may be more interested in knowing an approximate number of pods of a specific size (amount of resources) that can be scheduled on a cluster. This talk will introduce a new tool, called cluster capacity, that can be used to analyze the capacity of a Kubernetes cluster in this way. First, the talk will discuss about its use cases, followed by its design and implementation as a scheduling simulator. The talk will also include a demo to demonstrate various ways the tool can be run against a Kubernetes cluster. This talk will conclude with the discussion of future directions for this tool.

Speakers
AA

Avesh Agarwal

Red Hat
Avesh Agarwal works at Red Hat. He is a core contributor to Openshift and Kubernetes projects.



Friday December 8, 2017 11:10am - 11:45am
Meeting Room 10AB, Level 3
  • Difficulty Level Any

11:10am

Hybrid Cloud Powered by Kubernetes [I] - Aparna Sinha & Eric Brewer, Google
Open Source Software (OSS) is great because it gives us freedom. OSS users by nature want to roll their own on premises, and use best-of-breed services in public clouds an without lock-in. Fortunately, Kubernetes runs everywhere so developers and operators don't need to learn new technologies to run hybrid and multi-cloud applications. In this talk, we will demonstrate the use of two new extensibility features in Kubernetes to connect legacy on-premises applications and managed public cloud services with services running on Kubernetes in both places, creating an environment where users can have the best of all worlds. We will show the type of use cases this technology enables using examples from Google's cloud platform.

Speakers
avatar for Eric Brewer

Eric Brewer

VP Infrastructure, Google
Eric joined Google in 2011 and leads the company’s compute infrastructure design, including Google Cloud Platform.  He focuses on all aspects of Internet-based systems including cloud computing, scalability, containers, and storage. As a researcher, he has led projects on scalab... Read More →
avatar for Aparna Sinha

Aparna Sinha

Group Product Manager, Google
Aparna Sinha leads the product team at Google for Kubernetes and Container Engine. She started and co-leads the community PM Special Interest Group (SIG) to maintain an open backlog for the Kubernetes project on Github. Aparna is currently a secondary member of the CNCF Governing... Read More →


Friday December 8, 2017 11:10am - 11:45am
Meeting Room 8ABC, Level 3

11:10am

SIG Service Catalog Update - hosted by Paul Morie, Red Hat
Speakers
PM

Paul Morie

Principal Software Engineer, Red Hat
Paul is a Principal Engineer at Red Hat and is a committer to the Kubernetes project. He is currently leading the Kubernetes Service Catalog SIG and the champion of the service-catalog Kubernetes incubator repository. Before Kubernetes, he worked on the first three versions of Re... Read More →


Friday December 8, 2017 11:10am - 11:45am
Meeting Room 7, Level 3

11:10am

Modern Big Data Pipelines over Kubernetes [I] - Eliran Bivas, Iguazio
Big data used to be synonymous with Hadoop, but our ecosystem has evolved over time with new database, streaming and machine learning solutions which don’t necessarily benefit from the Hadoop deployment model of Map/Reduce, YARN and HDFS. These solutions require a generic cluster scheduling layer to host multiple workloads such as Kafka, Spark and TensorFlow, alongside databases such as Cassandra, Elasticsearch and cloud-based storage.

Eliran Bivas is a senior big data architect with years of hands-on experience working on both big data and cloud native solutions. Eliran will go over a common solution framework to create cloud native end-to-end analytics applications. It involves using Kubernetes as an alternative to Yarn, running Spark, Presto, machine learning frameworks (TensorFlow, Python and Spark ML kits) and serverless functions coupled with local and cloud-based storage. The session will showcase customer use-cases from IoT, automotive, cloud SaaS and finance. It will also include a live solution demo which demonstrates the benefits of using big data and analytics over a cloud native architecture, eliminating the existing challenges of complexity and moving towards a continuous integration and development architecture for big data.

Speakers
avatar for Eliran Bivas

Eliran Bivas

Senior Big Data Architect, iguazio
Eliran Bivas is a senior big data architect at iguazio and a self-proclaimed tech junkie with a passion for innovation. Eliran is skilled with object-oriented design and development, having worked extensively on cloud native environments. He has broad experience developing with c... Read More →


Friday December 8, 2017 11:10am - 11:45am
Meeting Room 9C, Level 3

11:10am

You Have Stateful Apps - What if Kubernetes Would Also Run Your Storage? - Annette Clewett & Sudhir Prasad, Red Hat
Kubernetes supports Stateful Applications by connecting to your existing storage. But what if you don’t have any? Or the storage capabilities differs between your environments? Wouldn’t it be nice if Kubernetes itself would be able provide storage services without any external dependency from Day1?

gluster-kubernetes is an umbrella project, currently being submitted for inclusion in CNCF, tying together various open source technologies to do just this. It takes the concept of “container-native storage” literally and orchestrates containerized GlusterFS, a scalable, software-defined storage solution to provide object storage, file storage and block storage for your applications. In this session you will learn about the components in play and how they make Kubernetes provide Persistent Storage and S3 Object Storage that scales with the cluster and runs everywhere.

Speakers
avatar for Annette Clewett

Annette Clewett

Senior Storage Architect, Red Hat
Red Hat Storage Architect with broad knowledge across a spectrum of technologies – network, storage, virtual, and platform. Have successfully delivered countless studies that improved end-user experience and created more efficient and available infrastructures. Current projects... Read More →
avatar for Sudhir Prasad

Sudhir Prasad

Product Management Director, RedHat
Sudhir drives Container Native Storage and Container Ready Storage Red Hat portfolio for Kubernetes. Before joining Red Hat, Sudhir led Product Management and Strategy at Violin Memory and led Manageability product portfolio for automation & orchestration at NetApp. Before movin... Read More →



Friday December 8, 2017 11:10am - 11:45am
Ballroom A, Level 1

11:10am

Moving from Mesos to Kubernetes Without Anyone Noticing. [I] - Anubhav Mishra, Hootsuite
At Hootsuite, we’ve been using Mesos and Marathon as our microservices platform for over two years but last year, we made the decision to bet on Kubernetes as its replacement. Eight months later, a small team of three operations engineers had migrated our first microservice from Mesos to Kubernetes. All without developers making any code changes. This was possible by architecting our applications with the proper set of abstractions. Fast-forward three months later and we have almost 20 microservices running on Kubernetes in production.

In this session, we’ll do a live demo of migrating a service from Mesos to Kubernetes, just like how we did it at Hootsuite! We will cover why architecting your infrastructure with the “right” abstractions helps you do these huge migrations with ease and how Kubernetes already contains these abstractions. We will explore how having a service mesh helps routing between two platforms while doing the migration. Also, how a mature CI/CD pipeline can help you deploy to two platforms with ease. To conclude we will explore the differences in running a service in Mesos and Kubernetes.

Speakers
avatar for Anubhav Mishra

Anubhav Mishra

Senior Software Engineer, Hootsuite
Anubhav Mishra is an Infrastructure Engineer focused on building cloud infrastructure and distributed systems. His work spans developers and operators. He currently works at Hootsuite on creating the next generation microservice delivery platform using Kubernetes. He loves DJing... Read More →



Friday December 8, 2017 11:10am - 11:45am
Ballroom B, Level 1

11:10am

IoK: Istio-on-Kubernetes Deep Dive [I] - Daneyon Hansen, Cisco
Running microservices at scale is not easy. Istio is an open platform to connect, manage, and secure microservices. Did I mention that Istio runs on Kubernetes? During the talk I will cover the following content:
- Istio Introduction
- Istio Key Concepts- Traffic Management, Auth, Policy, etc.
- Istio Demonstration
- Istio-on-Kubernetes Roadmap
- Q&A

Speakers
avatar for Daneyon Hansen

Daneyon Hansen

Software Engineer, Cisco
Daneyon is a software engineer at Cisco responsible for developing distributed applications. As part of the Cloud CTO Office, Daneyon focuses on contributing to emerging cloud computing technologies such as Kubernetes, Istio and others.



Friday December 8, 2017 11:10am - 11:45am
Meeting Room 9AB, Level 3

11:10am

CNI, CRI, and OCI - Oh My! [I] - Elsie Phillips & Paul Burt, CoreOS
If you work with containers, it’s easy to get lost in the emerging standards and foundations. You might have questions like:
What is OCI? What happened to appc? Do I need to do anything to take advantage? Don’t we already have container runtimes? So, why do we need CRI? Similarly, what’s the use of CNI with all of the container networking solutions already out there?

Our aim is to answer all of these questions, and showcase places you can find (and use!) each of them. We’ll discuss how these specs affect you when using Kubernetes or other container orchestrated projects. Kubernetes will serve as a handy vehicle for some short, live demos. We’ll explore how each standard is improving our lives today, and what kinds of innovation they open up for the future.

Speakers
avatar for Paul Burt

Paul Burt

Community + Product Marketing, CoreOS
Paul Burt is a Community Manager at CoreOS. He’s upvoting your /r/kubernetes threads and answering your #coreos questions on freeNode. Paul has a knack for and demystifying infrastructure, and making gnarly, complex topics approachable. He enjoys home brewing beer, reading inde... Read More →
EP

Elsie Phillips

Community Manager, CoreOS
Elsie herds the CoreOS Community and Co-Leads the Kubernetes Contributor Experience SIG. She's a northwest native who got her start in open source working at the Oregon State University Open Source Lab. In her free time she throws wild one woman dance parties and makes a mean veg... Read More →


Friday December 8, 2017 11:10am - 11:45am
Meeting Room 19AB, Level 4

11:10am

Highly Available Services During Maintenance Events - Maisem Ali & Eric Tune, Google
Maintenance events occur and require taking down nodes for various reasons. Eric and Maisem talk about the best practices and lessons learned trying to minimize downtime during routine maintenance events.

They show how to use StatefulSets and PodDisruptionBudgets to achieve highly available services. They go on to explain what the best practices for performing node maintenance are using scenarios like failed pod evictions, non-responsive kubelets and network bisections.

Speakers
avatar for Maisem Ali

Maisem Ali

Software Engineer, Google
Maisem has been working on Kubernetes for the last two years. He has heavily contributed to upgradability and upgrade testing between Kubernetes versions, and primarily focuses on the Google Container Engine control plane
ET

Eric Tune

Eric has worked on Kubernetes since before the first public release. He has contributed to Security, Tenancy, Application Controllers, Charts, Jobs, documentation, and more. Before Kubernetes, he worked on Google's Borg system, on datacenter-scale efficiency and performance measu... Read More →



Friday December 8, 2017 11:10am - 11:45am
Ballroom C, Level 1
  • Difficulty Level Any

11:10am

Shipping in Pirate-Infested Waters: Practical Attack and Defense in Kubernetes [A] - Greg Castle & CJ Cullen, Google
Kubernetes has a growing array of security controls available, but knowing where they all fit in, what the highest priorities are, and how it all helps against real attacks is still far from obvious. In this talk we’ll take a vulnerable application, exploit it, install tools, escalate privileges, propagate between containers and gain control of the cluster. At each stage of the attack we’ll demonstrate how proactive steps could have prevented these actions (or at least made them more difficult), from the container build process to writing RBAC/PodSecurity/AppArmor/Network policies, and more. Since configuration of each defence could be the subject of it’s own deep-dive talk, we’ll mainly focus on the big picture of “what” technologies you’d use to configure your cluster securely and “why”.

Speakers
avatar for Greg Castle

Greg Castle

Kubernetes/GKE Security Tech Lead, Google
Greg is the tech lead for the Kubernetes and Google Container Engine (GKE) security team at Google. Prior to GKE, Greg worked on the Google incident response team developing open-source investigation tools, and on OS X platform hardening. His pre-Google job roles have included p... Read More →
avatar for CJ Cullen

CJ Cullen

Software Engineer, Google
CJ works on the Google Container Engine (GKE) Security team. CJ has helped develop the Kubernetes authentication and authorization system, as well as building the cluster deployment and management infrastructure of Google Container Engine.



Friday December 8, 2017 11:10am - 11:45am
Meeting Room 12AB, Level 4

11:10am

SIG Apps Deep Dive Session - hosted by Matt Farina, Samsung SDS

SIG Apps is the Special Interest Group that covers deploying and operating applications in Kubernetes. In this working session we'll organize around application development and operation topics and then attempt to move forward on the highest priority ones, as decided by those in attendance. This is a working session where the audience is involved. Topics in this session could involve Helm, Charts, the workload APIs, Jobs and CronJobs, shared libraries for tool development, interoperability between tools, and more. So, bring you ideas and interest, come to the deep dive, and help make the application development and operation experience better.


Speakers
avatar for Matt Farina

Matt Farina

Samsung SDS
Matt works on the Cloud Native Computing Team at Samsung SDS where he focuses on cloud native applications. He is an author, speaker, and regular contributor to open source. Matt has a particular interest in developer tooling and experience, CI/CD, dependency management, and, of... Read More →


Friday December 8, 2017 11:10am - 12:30pm
Meeting Room 4BC, Level 3

11:10am

11:55am

Webhooks for Automated Updates [B] - Rajashree Mandaogane, Rancher Labs
In most software projects, there is a tremendous focus on increasing efficiency and reliability. Rolling updates in Kubernetes is a really good example of how real-time updates to applications can be made reliable, without any downtime. Once you have a reliable system, you then need to make your software development process even more efficient. A key component in efficiency is automation. Automated builds on Docker cloud are a great way to efficiently build images when new code is pushed. In this talk we will discuss how we can take automation one step further. We will make use of the Kuberbnetes API calls, along with Docker Hub's webhooks feature, to automatically start rolling updates of deployments when a new image/tag is pushed to Docker Hub. We will demonstrate how you can write a micro-service that will make these calls after consuming the data pushed by Docker Hub's webhook.

Speakers
avatar for Rajashree Mandaogane

Rajashree Mandaogane

Software Engineer, Rancher Labs
Rajashree, an NC State graduate is a Software Engineer at Rancher Labs. She loves programming in Golang and working on container orchestration. She lives by the motto, “You’ll never know what you can do, until you try”. This has led her not only to being a developer, but al... Read More →



Friday December 8, 2017 11:55am - 12:30pm
Meeting Room 10AB, Level 3

11:55am

Zero Configuration Pattern of Kubernetes on Bare Metal [A] - Rob Hirschfeld, RackN
In recent releases, we've enabled node admission and configuration APIs that eliminate configuration requirements for Kubernetes workers. This allows cluster operators to add and remove nodes from clusters without a configuration management tool driving the process. This fully automate node management behavior allows physical data centers to be much more cloud-like and lights-out.

In this session, we'll run this process as a demo and decompose the various parts that must work together for success. We'll discuss the specific APIs and how to implement them in a coordinated way that ensures node security and minimizes workload disruption. We'll also discuss how to improve node security by using trusted platform modules (TPM). By the end of the session, operators will be able to duplicate the steps on their own to learn the process.

While we have a focus on bare metal infrastructure for this session, the lessons learned are equally usable on cloud infrastructure.

Speakers
avatar for Rob Hirschfeld

Rob Hirschfeld

CEO, RackN
Rob Hirschfeld is CEO and co-founder of RackN. He co-chairs the ClusterOps SIG and served four years on the OpenStack Board. With over 15+ years of cloud and physical infrastructure automation experience, he brings a unique technology and process perspective to DevOps and SRE fie... Read More →


Friday December 8, 2017 11:55am - 12:30pm
Meeting Room 8ABC, Level 3

11:55am

SIG Auth Update - hosted by Jordan Liggitt, Red Hat
Speakers
avatar for Jordan Liggitt

Jordan Liggitt

Principal Software Engineer, Red Hat
Jordan Liggitt is a principal software engineer at Red Hat, and helps lead Kubernetes authentication and authorization efforts.


Friday December 8, 2017 11:55am - 12:30pm
Meeting Room 7, Level 3

11:55am

Kafka Operator: Managing and Operating Kafka Clusters in Kubernetes [A] - Nenad Bogojevic, Amadeus
In this talk we will demonstrate an approach to management of kafka clusters in kubernetes deployments. We will show how we can provision kafka clusters and configure it using kubernetes concepts and an operator process. The kafka and zookeeper cluster elements will be provisioned using StatefulSet. As these applications benefit from high performance storage, we will also show how we can use node selectors or persistent volume claims to schedule instances on correct hardware. In order for clients to use it, the necessary message topics have to be configured in kafka cluster. We will show how using an operator process, based on kubernetes custom resources or ConfigMaps we can manage this configuration in descriptive manner and ensure consistent configuration across different development and operations stages as well as cluster restarts. Finally we will discuss how all this ties in with service catalog.

Speakers
avatar for Nenad Bogojevic

Nenad Bogojevic

Software Architect, Amadeus
Nenad Bogojevic, platform solutions architect at Amadeus, has 20+ years of experience in software development. He has worked on e-commerce applications, natural language processing tools, and high-performance network middleware. In his job, Nenad is an architect who codes, a tech... Read More →


Friday December 8, 2017 11:55am - 12:30pm
Meeting Room 9C, Level 3

11:55am

Istio: Sailing to a Secure Services Mesh [I] - Spike Curtis, Tigera & Dan Berg, IBM
Istio is an open platform that provides a uniform way to connect, manage, and secure microservices. In this presentation we describe the security features of the Istio service mesh: how it helps you secure service-to-service communication across clouds without application code changes, provide robust identity and strong authentication, and enforce powerful authorization policies for your applications. We discuss the current project status and look ahead to the roadmap for security features.

Speakers
avatar for Dan Berg

Dan Berg

Distinguished Engineer, IBM
As a Distinguished Engineer within the IBM Cloud unit, Daniel is responsible for the technical strategy, and implementation of the containers and microservices platform available in IBM Cloud. Within this role, Daniel has deep knowledge of container technologies including Docker... Read More →
avatar for Spike Curtis

Spike Curtis

Senior Software Engineer, Tigera
Spike Curtis is a lead developer on Istio working for Tigera. He was also a core developer for Calico and worked on the initial integrations with Docker, Kubernetes and Mesos. Spike earned his PhD from the University of Oxford where he worked on quantum computing with ion traps... Read More →



Friday December 8, 2017 11:55am - 12:30pm
Ballroom A, Level 1

11:55am

Kubernetes in the Datacenter: Squarespace’s Journey Towards Self-Service Infrastructure [I] - Kevin Lynch, Squarespace
As Squarespace’s engineering organization evolved, microservices became an obvious solution to quickly deliver new features and improve infrastructure reliability. We encountered significant challenges in our transition to a microservice-based architecture. Each new service increased the operations burden to provision and maintain a growing fleet of servers, frequently slowing the process of adding new services and scaling existing services in our datacenters.

I’ll discuss how we used Kubernetes to containerize our microservice ecosystem and solve those challenges. To effectively work with ephemeral Kubernetes pods, we replaced Graphite with Prometheus and Sensu with AlertManager to monitor service health rather than individual instances. We discovered massive performance issues containerizing our Java services and worked around JVM complexities. To ease our transition from virtualization to containerization, services running inside and outside of Kubernetes must seamlessly discover each other with Consul and communicate with each other. Thanks to Calico, BGP, and our Leaf-Spine Layer 3 network topology, we efficiently route pod network traffic with the rest of our network.

Speakers
KL

Kevin Lynch

Squarespace, Squarespace
Kevin Lynch is a Staff Engineer on the Site Reliability team at Squarespace. He focuses his efforts on eliminating the complexities of datacenters with the help of automation. He received his BSc and MSc degrees in Computer Science from Drexel University. During his time there h... Read More →


Friday December 8, 2017 11:55am - 12:30pm
Ballroom B, Level 1

11:55am

Let's Build Kubernetes, With a Spreadsheet and Volunteers! - Justin Garrison, Independent
An introduction to the core responsibilities of Kubernetes. A visual representation of how Kubernetes works and what each component does. Building from nothing until we have a fully functional Kubernetes cluster built from people.

Our Kubernetes in meat space will teach you where to look when things break and help you remember what every component does. We'll show you how the system behaves when components fail and what you can do to fix it.

Speakers
avatar for Justin Garrison

Justin Garrison

Sr Systems Engineer, Independent
Justin is the co-author of Cloud Native Infrastructure and has his name in multiple move credits. What he enjoys most is helping people and learning new things. He likes to teach with unconventional approaches and being part of community.


Friday December 8, 2017 11:55am - 12:30pm
Meeting Room 19AB, Level 4

11:55am

UDP in K8S: Signed, Sealed, but Delivered? [I] - Amanpreet Singh, Crowdfire
This talk is based on my personal experience working with Kubernetes in production. I will talk about the UDP failures we encountered in production, how we found out the root cause, how we mitigated and fixed the bug in kube-proxy. This will help the members of the audience who are - either planning to, or already using Kubernetes - to better understand the Kubernetes networking design and debug any issues they face.

Speakers
avatar for Amanpreet Singh

Amanpreet Singh

Software Engineer, Crowdfire
Amanpreet is an engineer at Crowdfire & moonlights as a crowd entertainer. He’s an Open Source enthusiast who loves Go & can eat-drink-sleep Kubernetes. He gained extensive knowledge of Kubernetes while handling the migration of infrastructure with 50+ microservices from tradit... Read More →



Friday December 8, 2017 11:55am - 12:30pm
Ballroom C, Level 1

11:55am

Enforcing Bespoke Policies in Kubernetes [I] - Torin Sandall, Styra
Kubernetes enables fully-automated, self-service management of large-scale, heterogenous deployments. These deployments are often managed by distributed engineering teams that have unique requirements for how the platform treats their workloads, but at the same time, they must conform to organization-wide constraints around cost, security, and performance. As Kubernetes matures, extensibility has become a critical feature that organizations can leverage to enforce their organization’s bespoke policies.

In this talk, Torin explains how to use extensibility features in Kubernetes (e.g., External Admission Control) to enforce custom policies over workloads. The talk shows how to build custom admission controllers using Initializers and Webhooks, and shows how the same features lay the groundwork for policy-based control through integration with third party policy engines like the Open Policy Agent project.

Speakers
TS

Torin Sandall

Software Engineer, Styra
Torin Sandall is the technical lead of the recent open source Open Policy Agent (OPA) project. He has spent 10 years as a software engineer working on large-scale distributed systems projects. Prior to working on the Open Policy Agent project, Torin was a senior software engineer... Read More →



Friday December 8, 2017 11:55am - 12:30pm
Meeting Room 12AB, Level 4

11:55am

Local Ephemeral Storage Resource Management - Jing Xu, Google
Currently Kubernetes does not support storage resource usage guarantee and isolation like compute resources such as CPU and memory. This talk will present out effort for improving Storage Resource Management in Kubernetes with focus on capacity isolation in ephemeral storage. It will explain how we support resource guarantee and isolation at node, pod, and container levels.

Speakers
JX

Jing Xu

Software Engineer, Google
Jing Xu obtained her Ph.D. from Electrical and Computer Engineering Department, University of Florida in May 2011. After graduation, she had been a lecture in School of Computer Science in Florida International University for about 4 years. She moved to Bay area in late 2014 and... Read More →


Friday December 8, 2017 11:55am - 12:30pm
Meeting Room 6AB, Level 3
  • Difficulty Level Any

12:30pm

Lunch (Attendees on Own)
Check out these local deals for event attendees: 

  1.  Café Blue -  10% off your bill excluding alcohol (expires COB 12/9/17)
  2.  Michelada’s – Free Queso with purchase of entrée
  3.  Max’s Wine Dive – 15% off your bill excluding alcohol (Expires COB 12/8/17)

*Must have event badge to receive discounts*

Friday December 8, 2017 12:30pm - 2:00pm
Sponsor Showcase

2:00pm

CrashLoopBackoff, Pending, FailedMount and Friends: Debugging Common Kubernetes Cluster and Application Issues [B] - Joe Thompson, Oteemo
Nothing is more frustrating than deploying a shiny new application on Kubernetes and having it fail immediately (usually five minutes before the big demo). Is it a problem with the pod network? Pods Pending or in CrashLoopBackoff, Services not serving, images not pulling? Maybe you're just plain out of resources. If you're new to Kubernetes, figuring it out from scratch can take hours you don't have. We'll show you how to dig in, identify the problem, resolve it, and learn what to watch for so you aren't taken by surprise next time.

Speakers
avatar for Joe Thompson

Joe Thompson

Senior Consultant, Oteemo
I'm a senior consultant in the container practice at Oteemo, a consultancy specializing in innovative IT automation, and also a co-organizer of the NOVA Kubernetes Meetup. Prior to Oteemo I worked at CoreOS and Red Hat, providing practical solutions and training in and for Kubern... Read More →



Friday December 8, 2017 2:00pm - 2:35pm
Meeting Room 10AB, Level 3

2:00pm

Cost-effective Compute Clusters with Spot and Pre-emptible Instances [I] - Bich Le & Arun Sriraman, Platform9
Kubernetes and Spot/Pre-emptible Instances (SPIs) are arguably a match made in heaven. Traditionally, the uncertainty of SPIs (they can be terminated at any time due to price fluctuations) have made managing them tricky, and restricted them to specific workloads and use cases.

Kubernetes, in contrast, not only handles node failure very well, it has trained developers and architects to design applications to tolerate and even embrace failure. The prospect of Kubernetes abstracting the complexities of SPIs is now a reality, enabling applications to take advantage of low-cost compute across different clouds and possibly vendors.

The purpose of this talk is to educate the audience on strategies for making the most out of this powerful combination. Specifically, we will discuss these topics:

1. What are spot bidding strategies, and what is their cost vs. predictability trade-off?
2. What class of Kubernetes applications would benefit the most from SPIs?
3. Available Kubernetes mechanisms (e.g taints/tolerations, affinity, availability zones) for placing applications based on their tolerance with SPIs
3. Implementation strategies (e.g. blending multiple autoscaling groups to satisfy both SPI-optimized applications vs. applications that are more mission-critical or stateful)
4. What out-of-the box solutions exist, either free or commercial?
5. How to take abstract away clouds from different regions and vendors, allowing workloads to always take advantage of the best available pricing?

The talk concludes with real-world test results involving multiple use cases and configurations, giving the audience an idea of the potential cost savings and trade-offs (if any) of combining Kubernetes and SPIs.

Speakers
avatar for Bich Le

Bich Le

Chief Architect, Platform9
Co-founder of Platform9 and veteran of VMware. Career in virtualization, cloud management and containerization.
avatar for Arun Sriraman

Arun Sriraman

Software Engineer, Platform9 Systems Inc.
At Platform9 Systems I work on everything networking with deeper focus on Kubernetes and Openstack. Architecting, designing and writing code to solve interesting problems gets me on and recently I've been dabbling with the internals of container technology. Before Platform9, I've... Read More →


Friday December 8, 2017 2:00pm - 2:35pm
Meeting Room 8ABC, Level 3

2:00pm

Distributed Database DevOps Dilemmas? Kubernetes to the Rescue - Denis Magda, GridGain
Distributed databases can make so many things easier for a developer... but not always for DevOps.  OK, almost never for DevOps.  Kubernetes has come to the rescue with an easy application orchestration! 

It’s straightforward to do the orchestration leaning on relational databases as a data layer. However, it’s becoming a bit trickier to do the same when a distributed SQL database or other kind of distributed storage is used instead.

In this talk you will learn how Kubernetes can orchestrate distributed database like Apache Ignite, in particular:
  • Cluster Assembling - database nodes auto-discovery in Kubernetes.
  • Database Resilience - automated horizontal scalability.
  • Database Availability - what’s the role of Kubernetes and the database.
  • Utilizing both RAM and disk - set up Apache Ignite in a way to get in-memory performance with durability of disk.

Speakers
avatar for Denis Magda

Denis Magda

Product Manager, GridGain
Denis is an expert in distributed systems and platforms who developed his skills by consistently contributing to Apache Ignite In-Memory Data Fabric and helping GridGain In-Memory Data Fabric customers build a distributed and fault-tolerant solution on top of their platform... Read More →


Friday December 8, 2017 2:00pm - 2:35pm
Meeting Room 9C, Level 3

2:00pm

Disaster Recovery for your Kubernetes Clusters [I] - Andy Goldstein & Steve Kriss, Heptio
It’s 3am. Your pager is beeping. Your Kubernetes cluster is down. Don’t panic - we’ve got you covered. In this talk, we’ll describe a variety of disaster scenarios you may encounter. We’ll arm you with the knowledge you need to overcome them. Whether you’re a systems administrator, application developer, or end user, after this talk you’ll walk away with a thorough understanding of Kubernetes disaster recovery, including:

A disaster recovery overview
- Strategies for Kubernetes
- Comparisons to federation and high availability
- Which components to back up vs recreating from scratch

How to minimize your time to recovery
- Automate cluster creation and infrastructure configuration
- Back up and quickly restore your cluster applications, workloads, and persistent volumes using tools such as Heptio Ark

How to handle specific disaster scenarios
- Losing nodes
- Recovering from bad configuration updates
- Cloud provider outages

Speakers
avatar for Andy Goldstein

Andy Goldstein

Staff Software Engineer, Heptio
Andy Goldstein is an engineer at Heptio where he works on tooling to make operating Kubernetes clusters easier, and he also contributes to Kubernetes. Prior to his current role, Andy worked on Kubernetes and OpenShift at Red Hat. Andy lives in Rockville, MD, with his wife, two ch... Read More →
SK

Steve Kriss

Steve Kriss is a systems engineer at Heptio working on building tools and products to help Kubernetes users be successful, and has been a contributor to upstream Kubernetes as well as a member of the Kubernetes release team in the past. Steve recently relocated to Seattle from Ne... Read More →



Friday December 8, 2017 2:00pm - 2:35pm
Ballroom A, Level 1

2:00pm

Using Kubernetes to Change Legacy Systems and Processes in the Public Sector [B] - Audun Fauchald Strand, Norwegian Welfare Administration
Kubernetes is the implementation of the modern software development process. Continuous Release and “you built it, you run it”. For the last few years I have been working on introducing kubernetes into an organization with continuous release, microservices and “you build it, you run it”, as presented at Kubecon in Berlin 2017.

Now I work for the public sector in Norway, where the systems are old, and the processes are older. I will present the experiences from working on changing these legacy organisations, using containers and kubernetes as the main tool. I will cover:
  • migrating old legacy apps to kubernetes, is it possible
  • manual testing done easy with containers
  • monitoring for everyone
  • making a PAAS that everyone can use
  • stable and robust deployment, but not just 4 times a year
  • how to leverage all the hardware that is owned by the public sector

Speakers
avatar for Audun Fauchald Strand

Audun Fauchald Strand

Team Lead - Platform and automation, NAV - Norwegian Welfare Administration
k8s, ddd, jvm, Kafka, distributed systems, testing, Tottenham. Almost called "Large viking shaped Norwegian" in LWN



Friday December 8, 2017 2:00pm - 2:35pm
Ballroom B, Level 1

2:00pm

Setting Sail with Istio [B] - Lachlan Evenson, Microsoft
Even with Kubernetes, doing microservices is hard. In this session we will dive into Istio, A platform that builds on Kubernetes primitives and simplifies building and securing microservices. This session is a soup to nuts walkthrough of the Istio architecture along with diving into deploying a microservice onto Istio from a user perspective. For those interested in learning more about Istio, this session is a great introduction and will be very hands on.

Speakers
avatar for Lachlan Evenson

Lachlan Evenson

Principal Program Manager - ACS, Microsoft
Lachlan Evenson is a cloud native evangelist and mercenary. Lachlan has spent the last two and a half years working with Kubernetes and enabling cloud native journeys. He is a believer in open source and is an active community member. Lachlan spends his days helping make cloud na... Read More →



Friday December 8, 2017 2:00pm - 2:35pm
Meeting Room 9AB, Level 3

2:00pm

Planes, Raft, and Pods: A Tour of Distributed Systems Within Kubernetes [B] - Bo Ingram, Craftsy
Kubernetes does some pretty neat things for you — autoscaling your app, rolling deploys, and more! In this talk, we’ll take a look at how Kubernetes leverages distributed systems to make its magic happen. We’ll do an overview of all components, but we’ll be concentrating on etcd, the controllers, and the scheduler. We’ll examine etcd and take a dive into the Raft algorithm to show how Kubernetes handles distributed state. We’ll take a look at some of the controllers to show how they reconcile the cluster’s state. We’ll also be shining a spotlight on the scheduler and show how we go from unscheduled to happy and running. Lastly, we’ll take the things we’ve learned and show how they work together to deploy an app by tracing an actual deployment through a cluster.

Speakers
avatar for Bo Ingram

Bo Ingram

Engineer, Craftsy
Bo Ingram is a Java platform engineer at Craftsy who spends his time flipping back and forth between backend feature development and infrastructure work. He has a problem where he buys more books than he can ever hope to read.



Friday December 8, 2017 2:00pm - 2:35pm
Meeting Room 19AB, Level 4

2:00pm

Hacking and Hardening Kubernetes Clusters by Example [I] - Brad Geesaman, Symantec
While Kubernetes offers new and exciting ways to deploy and scale container-based workloads in production, many organizations may not be aware of the security risks inherent in the out-of-the-box state of most Kubernetes installations and the common practices for deploying workloads that could lead to unintentional compromise. Join Brad Geesaman, the Cyber Skills Development team lead at Symantec, on an eye-opening journey examining real compromises and sensitive data leaks that can occur inside a Kubernetes cluster, highlighting the configurations that allowed them to succeed, applying practical applications of the latest built-in security features and policies to prevent those attacks, and providing actionable steps for future detection.

The hardening measures taken in response to the attacks demonstrated will include guidelines for improving configurations installed by common deployment tools, securing the sources of containers, implementing firewall and networking plugin policies, isolating workloads with namespaces and labels, controlling container security contexts, better handling of secrets and environment variables, limiting API server access, examining audit logs for malicious attack patterns, and more.

Speakers
avatar for Brad Geesaman

Brad Geesaman

Engineering Lead, Independent
Brad was recently the Cyber Skills Development Engineering Lead at Symantec Corporation where he supported the operations and delivery of ethical hacking learning simulations on top of Kubernetes in AWS. Although he spent several years as a penetration-tester, his real passion is... Read More →



Friday December 8, 2017 2:00pm - 2:35pm
Meeting Room 12AB, Level 4

2:00pm

Block Volumes Support in Kubernetes [I] - Mitsuhiro Tanino, Hitachi Data Systems
Storage is an essential part of any computing systems. In current Kubernetes, user can utilize storage volume with filesystem in a container but can't be utilized volume without filesystem called raw block volume.

By adding a feature to enable raw block storage directly, for example, user can use the raw block volume for database applications such as MariaDB and this improves I/O performance.

In this session, I will explain current activity and feature plan of Block Volumes Support in Kubernetes.

Speakers
avatar for Mitsuhiro Tanino

Mitsuhiro Tanino

Principal Software Engineer, Hitachi Data Systems
Mitsuhiro Tanino is a software engineer who has been working for Hitachi since 2004 and a principal software engineer Hitachi Data systems since 2014. He has experience about development of virtual machine manager for heterogeneous cloud systems and RAS features for KVM virtual e... Read More →


Friday December 8, 2017 2:00pm - 2:35pm
Meeting Room 6AB, Level 3

2:00pm

Open Service Broker API - hosted by Paul Morie, Red Hat
Speakers
PM

Paul Morie

Principal Software Engineer, Red Hat
Paul is a Principal Engineer at Red Hat and is a committer to the Kubernetes project. He is currently leading the Kubernetes Service Catalog SIG and the champion of the service-catalog Kubernetes incubator repository. Before Kubernetes, he worked on the first three versions of Re... Read More →


Friday December 8, 2017 2:00pm - 3:20pm
Meeting Room 4A, Level 3

2:00pm

Jaeger Salon - hosted by Yuri Shkuro, Uber Technologies & Pavol Loffay, Red Hat

In this session we will start with basic tracing concepts, give an overview of the Jaeger project, and finish with more advanced topics like adaptive sampling, dependency graphs and tracing with Envoy proxy. There will be a demonstration using Jaeger with OpenTracing in a real world application. The session will also cover the roadmap for the next year and an open discussion.

(Audience: Anybody)

Speakers
avatar for Yuri Shkuro

Yuri Shkuro

Staff Engineer, Uber Technologies
Yuri is a Staff engineer at Uber Technologies, working on distributed tracing, reliability, monitoring, and performance. He is a member of the CNCF OpenTracing Specification Council, and the founder of Jaeger, Uber's open source distributed tracing system.


Friday December 8, 2017 2:00pm - 3:20pm
Meeting Room 10C, Level 3

2:00pm

Linkerd Salon - hosted by William Morgan, Buoyant
Speakers
avatar for William Morgan

William Morgan

CEO, Buoyant
William is the cofounder and CEO of Buoyant, a startup focused on building service mesh technology. Prior to Buoyant, he was an infrastructure engineer at Twitter, where he helped move Twitter from a failing monolithic Ruby on Rails app to a highly distributed, fault-tolerant mic... Read More →


Friday December 8, 2017 2:00pm - 3:20pm
Meeting Room 7, Level 3

2:45pm

One Chart to Rule Them All: Continuous Deployment with Helm at Ticketmaster - Michael Goodness & Raphael Deem, Ticketmaster
As Kubernetes continues to mature, it's increasingly hard for users to keep track of the latest resource types, much less the best way to employ them. ReplicationControllers and Services were easy enough. Then came Deployments and Ingresses. Now we have PodDisruptionBudgets, ClusterRoleBindings, and HorizontalPodAutoscalers. Luckily, we also have Helm to package and deploy these various components (and more) as a single unit.

In this talk we'll dissect the single, flexible Helm chart Ticketmaster developed for use by multiple product teams. We'll show how we use just a handful of variables to enable log collection with Fluentd, metric scraping with Prometheus, and automatic scaling of pods. Then we'll demonstrate the GitLab CI workflow through which we deploy multiple builds of an application to multiple Kubernetes clusters running both on-prem and in AWS.

Speakers
RD

Raphael Deem

Raphael is a Systems Engineer at Ticketmaster and open source contributor. He is a relative newcomer to the community, having started working with Kubernetes within the last six months. Prior to working at Ticketmaster, he was a remote engineer for Platform.sh, a Paris-based PaaS... Read More →
avatar for Michael Goodness

Michael Goodness

Lead Systems Engineer, Kubernauts, Ticketmaster
Mike is a Lead Systems Engineer on the Kubernauts team at Ticketmaster and a CNCF Ambassador. He began working with Kubernetes in late 2015, and quickly became an avid member of the community. While primarily involved with day-to-day cluster operations, he is also keenly interest... Read More →


Friday December 8, 2017 2:45pm - 3:20pm
Meeting Room 10AB, Level 3
  • Difficulty Level Any

2:45pm

Self-Hosted Kubernetes: How and Why [I] - Diego Pontoriero, CoreOS
How Kubernetes is deployed and managed has changed since the first release of the project. From configuration management systems and unit files to deploying Kubernetes using Kubernetes, a lot has changed. Self-hosted Kubernetes has many benefits as a deployment option, and this talk will highlight those benefits, as well as explain the history and nuances of making self-hosted Kubernetes possible.

In this talk I will describe what self-hosted Kubernetes means, why it exists, how it came into existence, and what you need to know if you're running a self-hosted cluster. Many tools now deploy self-hosted clusters including bootkube and kubeadm, so knowledge of how this works can be very important for anybody running a Kubernetes cluster.

What are the benefits of self-hosting? How does it work? What do I need to know if I'm administering a self-hosted cluster?

All those questions and more will be discussed in detail in this talk. In addition, I will discuss how various projects and products take advantage of the many benefits of self-hosting, such as Tectonic.

Speakers
avatar for Diego Pontoriero

Diego Pontoriero

CoreOS
Diego Pontoriero is a Software Engineer on the Tectonic team at CoreOS, where he works on software that deploys, manages, and upgrades self-hosted Kubernetes clusters. Prior to CoreOS Diego worked at Google building a video-based learning platform, a mobile phone carrier, and a p... Read More →


Friday December 8, 2017 2:45pm - 3:20pm
Meeting Room 8ABC, Level 3

2:45pm

SIG Network Update - hosted by Casey Davenport, Tigera

SIG Network is responsible for maintaining and enhancing the various Kubernetes networking components and APIs. We've been hard at work on a number changes in recent Kubernetes releases. In this session we'll present a summary of that work, discussing the latest and greatest in Kubernetes networking. We'll also review the SIG's plan for the future.


Speakers
avatar for Casey Davenport

Casey Davenport

Software Engineer, Tigera
Casey Davenport is a core developer at Tigera working on Project Calico and has worked on software defined networking solutions since 2012. He is an active technology evangelist for containers and simplified networking, and has spoken recently on related topics at multiple meetup... Read More →


Friday December 8, 2017 2:45pm - 3:20pm
Meeting Room 4BC, Level 3

2:45pm

Democratizing Machine Learning on Kubernetes [I] - Joy Qiao & Lachlan Evenson, Microsoft
One of the largest challenges facing the machine learning community today is understanding how to build a platform to run common open-source machine learning libraries such as Tensorflow. Both Joy and Lachie are both passionate about making machine learning accessible to the masses using Kubernetes. In this session they'll share how to deploy a distributed Tensorflow training cluster complete with GPU scheduling on Kubernetes. We’ll also share how distributed Tensorflow training works, various options for distributed training, and when to choose what option. We’ll also share some best practices on using distributed Tensorflow on top of Kubernetes, based on our latest performance tests performed on public cloud providers. All work presented in this session will be accessible via a public Github repository.

Speakers
avatar for Lachlan Evenson

Lachlan Evenson

Principal Program Manager - ACS, Microsoft
Lachlan Evenson is a cloud native evangelist and mercenary. Lachlan has spent the last two and a half years working with Kubernetes and enabling cloud native journeys. He is a believer in open source and is an active community member. Lachlan spends his days helping make cloud na... Read More →
avatar for Joy Qiao

Joy Qiao

Senior Solution Architect - AI and Research Group, Microsoft
Joy Qiao is a senior solution architect in the AI & Research Group at Microsoft, where she is responsible for driving end-to-end AI/ML solutions on Azure among the partner eco-system. Joy has over 15 years of IT industry experience including 11 years at Microsoft working as tech... Read More →



Friday December 8, 2017 2:45pm - 3:20pm
Meeting Room 9C, Level 3

2:45pm

Persistent Storage with Kubernetes in Production - Which Solution and Why? [I] - Cheryl Hung, StorageOS
Persistent storage often seems like a confusing plethora of options, from local volumes, NFS, distributed storage like Ceph, cloud storage such as AWS’s EBS and S3, to volume plugins with Docker and Kubernetes integration. This talk compares and contrasts the most popular solutions, and lays out the eight principles for cloud native storage.

Speakers
CH

Cheryl Hung

Product manager, StorageOS
Cheryl is an ex-Google software engineer with a passion for developer tools, experience and community. She founded the Cloud Native London meetup and codes, writes and speaks about containers, storage and cloud computing.


Friday December 8, 2017 2:45pm - 3:20pm
Ballroom A, Level 1

2:45pm

From Monolith to Microservices with Kubernetes and Linkerd - Mason Jones, Credit Karma
After about eight years, Credit Karma had built up an impressive tech infrastructure...based on a PHP monolith. Over the past 18 months we’ve (carefully) adopted Docker, Linkerd, Consul, Kubernetes, and more as we shifted to microservices in order to enable continued engineering innovation. This is the story of our evolution from monolith to microservices, starting with our own homegrown tools. The talk will cover our iterations from basic plumbing to dynamic service discovery; why we started using Linkerd and selected Kubernetes; and how we evolved our systems step by step while continuing to serve 75 million members.

Speakers
avatar for Mason Jones

Mason Jones

Staff Software Engineer, Infrastructure Services, Credit Karma
Mason leads Credit Karma’s infrastructure services team. His team's work provides a foundation for Credit Karma's microservices to enable our 75 million members and financial institution partners in the U.S. and Canada to use data to guide their financial decisions. | | Befo... Read More →



Friday December 8, 2017 2:45pm - 3:20pm
Ballroom B, Level 1
  • Difficulty Level Any

2:45pm

Reliable Application Roll Out and Operations with Istio [B] - Lin Sun, IBM & Mandar Jog, Google
Do you wish for a premium user experience as your team delivers new code to production with speed and agility? Have your users been caught off guard with new feature and enhancement continuously delivered to the cloud? Do you have services go dark while other service can’t handle graceful degradation? Do some of your services get overloaded with too many requests occasionally? If you have experienced some or all of these concerns, we have the answer and it’s service mesh with Istio!

Join us to hear how you can leverage Istio’s intelligent routing feature to roll out newer version of services, apply rate limiting to your services to shed load and gracefully degrade as services fail, and visualize the dependencies and flow of traffic between services to provide optimized user experience to your users as you continuously deliver new updates to your microservice based application.

Speakers
MJ

Mandar Jog

Mandar Jog is a senior software engineer at Google working on Istio. | Mandar is specifically focussed on Istio configuration and Mixer. | | Prior to Google, Mandar has led an engineering team at a startup and worked at Pivotal helping customers deploy Cloud Foundry. Mandar... Read More →
avatar for Lin Sun

Lin Sun

Senior Technical Staff Member, IBM
Lin is a core contributor and maintainer on Istio. She is passionate about new technologies and love to play with them. She is a master inventor, currently, holds 100+ patents filed or pending with USPTO along with hundreds of articles published at IP.com.


Friday December 8, 2017 2:45pm - 3:20pm
Meeting Room 9AB, Level 3

2:45pm

Running Mesos Frameworks on Kubernetes with the Open-Source Universal Resource Broker - Fritz Ferstl & Rob Lalonde, UNIVA
While Kubernetes continues to gain in popularity for cloud applications, many organizations run popular frameworks deployed on Mesos. The need to support multiple orchestration frameworks can result in added cost and complexity as organizations struggle to manage separate, siloed environments. Based on earlier work done for HPC users, Univa has contributed their Universal Resource Broker (URB) Technology to the Kubernetes community as an open-source project. The freely available software allows any Mesos compatible framework including (including Spark, Hadoop, Storm, Jenkins, Marathon and Chronos) to run along-side native Kubernetes services on a shared Kubernetes cluster providing the opportunity simplify environments and consolidate infrastructure. In his talk Mr. Ferstl will discuss the challenge of running mixed workloads on Kubernetes, provide an architectural overview of the URB and provide a demonstration of the technology. He will also explain how Mesos users or application developers can get started quickly with the technology, and consider it for use in their own environments and applications.

Speakers
FF

Fritz Ferstl

Chief Technology Officer, UNIVA
Fritz is the Chief Technology Officer at Univa where he helps set technical direction for the company while also spearheading strategic alliances in EMEA. Fritz is widely regarded as the father of Grid Engine software and its forerunners Codine and GRD. He ran the Grid Engine sof... Read More →
RL

Robert Lalonde

General Manager, Navops Business Unit, Univa
Rob is the General Manager of Univa Corporations Navops business unit. He’s responsible for business and product strategy related to container technology solutions at Univa, a company with a heritage managing large-scale, multi-tenant grid computing deployments. | Rob has comp... Read More →


Friday December 8, 2017 2:45pm - 3:20pm
Ballroom C, Level 1
  • Difficulty Level Any

2:45pm

Securing Shopify's PaaS on GKE [I] - Jonathan Pulsifer, Shopify
Shopify has leveraged Kubernetes through Google Container Engine (GKE) to build its new cloud platform. This PaaS is currently serving the majority of the company's internal tools as well as business-critical production workloads. Moving to Kubernetes and a public cloud is no easy task, especially for a security team.

Unfortunately for us, a hosted solution does not offer all the features we've come to love in Kubernetes including NetworkPolicies, PodSecurityPolicies, and admission controllers among others. Given this, the security team has created a number of Kubernetes controllers and other cloud platform solutions to maintain an effective security posture on our new platform.

In this talk we'll introduce our cloud platform, explore the tools we've created to bridge the security gaps, detail the struggles we've encountered using Google Cloud Platform and GKE, and discuss our growing pains with Kubernetes multi-tenancy. Attendees will gain an understanding of the current state of Kubernetes security controls on GKE, a familiarity with some of the products available on Google Cloud Platform, and insight on how to integrate security controls into their development pipelines.

Speakers
avatar for Jonathan Pulsifer

Jonathan Pulsifer

Infrastructure Security Engineer, Shopify
Jonathan is a Senior Security Engineer at Shopify working on securing their new platform using Kubernetes on GKE. Previously, he was a SANS mentor, network defense instructor, and a team lead at the Canadian Forces Network Operations Centre in Ottawa. Find Jonathan on Twitter @Jo... Read More →



Friday December 8, 2017 2:45pm - 3:20pm
Meeting Room 12AB, Level 4

2:45pm

Providing Containerized Cinder Services to Baremetal Kubernetes Clusters [I] - John Griffith, NetApp & Huamin Chen, Red Hat
Kubernetes deployments running on OpenStack clusters require a full OpenStack: Keystone, Nova, and Cinder services.

This talk presents a more pervasive and simplified deployment architecture by integrating Containerized standalone Cinder services with baremetal Kubernetes. Cinder services offer many storage features that are still missing in Kubernetes. Cinder is supported by many storage vendors, with over 70 storage drivers in its repository. A Containerized standalone Cinder service makes these features and extensive storage products available to Kubernetes cluster.

Key to this architecture is a Kubernetes volume provisioner that provisions Cinder volumes and transparently converts Cinder volumes to Kubernetes supported storage types, such as iSCSI, Fibre Channel, NFS, or Ceph RBD.

Based on the these technologies, the new architecture enables enterprise customers to deploy Container services in a dedicated cluster and consume advanced storage features.

Speakers
avatar for Huamin Chen

Huamin Chen

Principal Software Engineer, Red Hat
A passionate system software developer, Huamin Chen contributes to open source projects spanning from A to Z: Apache BigTop, Ceph, fio, Gluster, Kubernetes, Tachyon, and ZFS. Huamin Chen is currently employed by Red Hat. Follow him at http://github.com/rootfs
avatar for John Griffith

John Griffith

Principal Software Engineer, NetApp
John Griffith, Principal Software Engineer at SolidFire now a part of NetApp, helped to create the Cinder project in OpenStack. Primary responsibilities are upstream contributions to cloud related open source technologies. Currently active in Kubernetes Storage SIG, CNCF CSI pro... Read More →



Friday December 8, 2017 2:45pm - 3:20pm
Meeting Room 6AB, Level 3

3:20pm

Afternoon Break
Friday December 8, 2017 3:20pm - 3:40pm
Palazzo, Level 1

3:40pm

kubectl apply, and The Dark Art of Declarative Object Management [I] - Aaron Levy, CoreOS
kubectl apply is a powerful and commonly used command meant for declaratively managing your applications. However, even if you are using this command today, you may still be surprised by how it functions. In this talk we will go over the inner-workings of the kubectl apply command, and discuss patterns for successfully managing your applications using declarative object management techniques.

We will cover areas such as the interplay between imperative commands (set, scale, edit, etc.) and declarative object management. The different types of patch strategies, and how object merges are calculated. As well as pros/cons of the various approaches, and some subtle gotchas you might run into.

When you leave this talk it will make sense when you describe that your application is managed as a declarative base, with replicas driven imperatively, by an autoscaler that is declaratively configured. In other words, Kubernetes magic.

Speakers
AL

Aaron Levy

Head of Engineering, Enterprise Core Services, CoreOS
Aaron Levy is a software engineer at CoreOS, working on all things Kubernetes. He is also the lead maintainer of Bootkube, a kubernetes-incubator project that enables launching self-hosted kubernetes clusters.


Friday December 8, 2017 3:40pm - 4:15pm
Ballroom A, Level 1

3:40pm

Cluster-in-a-Box: Deploying Kubernetes on lxd [B] - Rye Terrell, Canonical & Marco Ceppi, The Silph Road
Deploying kubernetes on top of lxd allows you to build and operate one or more clusters within a single machine, virtual or bare metal. Architect your cluster to be used for development, testing, and more. Once you're satisfied, create a machine image of your host VM for fast, reproducible deployments.

Speakers
avatar for Marco Ceppi

Marco Ceppi

Marco Ceppi: Operations for The Silph Road, the largest grassroots Pokemon Go community, whose infrastructure is run on Kubernetes
RT

Rye Terrell

Software Engineer, Canonical
Engineer at Canonical working on the Canonical Distribution of Kubernetes, a cloud-agnostic deployment and management tool for kubernetes.


Friday December 8, 2017 3:40pm - 4:15pm
Meeting Room 8ABC, Level 3

3:40pm

Kube-native Postgres [I] - Josh Berkus, RedHat
Database systems remain the last frontier for Kubernetes, and at the Patroni Project we're working on conquering it. Having fully automated PostgreSQL clusters using Patroni, the project is now working on making Patroni more "Kubernetes native", so that SQL databases can be seen simply as a PostgreSQL resource.

In this talk, we will explain and demonstrate the current projects integrating Patroni PostgreSQL with Kubernetes, including:

* Patroni Operator, using the CoreOS Operator pattern
* Kube-native Patroni, which uses the Kubernetes controller instead of its own management

These works in progress will both acquaint attendees with tools they can use for their own high-availability database architectures, and explore some areas where Kubernetes could improve to support database systems better.

Speakers
avatar for Josh Berkus

Josh Berkus

Project Atomic Community Lead, Red Hat Inc.
Josh Berkus works on Project Atomic at Red Hat, where he is helping build the immutable infrastructure of the future. He loves Atomic Host, Kubernetes, distributed systems, Ansible, container building, PostgreSQL, Django, Python, community building, and the Oxford Comma. Josh liv... Read More →


Friday December 8, 2017 3:40pm - 4:15pm
Meeting Room 9C, Level 3

3:40pm

Evolving and Supporting Stateful, Multi-Tenant Decisioning Applications in Production [A] - Keith Gasser & Ravi Dubey, Capital One
With our adoption of Kubernetes at Capital One, we have simultaneously reduced our application delivery time-to-market while providing a common platform for streaming pipelines. We leverage Kubernetes to manage stateful decisioning applications for multiple tenants and provide a host of analytical tools as platform services to help data scientists iteratively improve decision models. We will discuss the challenges in operating these pipelines which consist of Apache Nifi canvases/flows for data ingress/egress, Kafka as persistent stream backbone, Flink for decisioning, and a number of other popular open source data analytics packages such as Apache Drill and Zeppelin forming our “Analytical Environment.”

Speakers
RD

Ravi Dubey

Ravi is a Lead Software Engineer, Team Lead/Architect and Senior Manager at Capital One specializing in Cloud Engineering and Platform Delivery.
KG

Keith Gasser

Lead Software Engineer, Capital One
Keith is a Software Engineer specializing in DevOps and Application Security at Capital One currently working on a team which has built a Kubernetes-based streaming and decisioning pipeline for Capital One Bank.


Friday December 8, 2017 3:40pm - 4:15pm
Ballroom B, Level 1

3:40pm

Enable your Microservices with Advanced Resiliency and Fault Tolerance Leveraging Istio [I] - Animesh Singh & Tommy Li, IBM
Building and packaging microservices is one part of the story. Given a highly salable and distributed microservices deployment is going to face failures at different layers, how do we make these microservices resilient and fault tolerant? How do we enforce policy decisions such as fine-grained access control and rate limits? How do we enabled timeouts/retries, health checks etc? Even though some language specific frameworks address these issues, the implementation is often framework or language specific.

If the underlying framework or language changes, the resiliency features need to be reimplemented or ported over. And in some cases, applications also have the responsibility of implementing the code and configuration required for resiliency and fault tolerance. A Service-mesh architecture attempts to solve these issues by extracting the common resiliency features needed by a microservice framework away from the applications and frameworks and into the platform itself. Istio provides an easy way to create this service mesh.

In this talk we will discuss how to build, deploy, connect your Java microservices leveraging Istio service mesh. We then show how to configure and use circuit breakers, timeouts/retries, rate limits and other advanced resiliency features from Istio without changing the application code.

Speakers
avatar for Tommy Li

Tommy Li

Software Developer, IBM
Tommy Li is a software developer for IBM focusing on Cloud, Container, and Infrastructure technology. He has worked on various Developer Journeys on Kubernetes, Microservice, and Hybrid Cloud to provide use cases on cloud-computing solutions. He is also passionate about Machine L... Read More →
avatar for Animesh Singh

Animesh Singh

STSM, IBM Cloud Platform, IBM
Animesh Singh is an STSM and Lead for IBM Cloud, Containers and InfrastructureDeveloper Technology. He is also a member of IBM Academy of Technology, and has been an active open source IBM champion. Over the course of last few years, he has been leading major initiatives for IBM... Read More →


Friday December 8, 2017 3:40pm - 4:15pm
Meeting Room 9AB, Level 3

3:40pm

Monitoring Kubernetes: Follow the Data [B] - Ilan Rabinovitch, Datadog
At Datadog we help thousands of organizations monitor their infrastructure and applications. In this session, we’ll dive deeper into the several hundred trillion data points we’ve gathered to extract information about the real-world use of Kubernetes and see trends in container and orchestrator usage.

As we look at Kubernetes and container usage data, we’ll also discuss the top applications being used in orchestrated environments and, using the data, provide insight into which metrics you should watch and how to troubleshoot based on those metrics. In this session, we will also look at a framework for your metrics and how to use it to find solutions to the issues that come up.

We will cover the three types of monitoring data; what to collect; what should trigger an alert (avoiding an alert storm and pager fatigue); and how to follow the resources to find the root causes of problems.

Although the real-world Kubernetes and container use data is derived from Datadog users, the focus of this session is not tool specific, so attendees will leave with strategies and frameworks they can implement in their container-based environments today regardless of the platforms and tools they use.

Speakers
avatar for Ilan Rabinovitch

Ilan Rabinovitch

Director, Technical Community, Datadog
Ilan Rabinovitch leads the community and product teams at Datadog. He spends his days diving into container monitoring metrics, collaborating with Datadog's open-source community and evangelizing observability best practices. | | Previously, Ilan spent a number of years leadin... Read More →


Friday December 8, 2017 3:40pm - 4:15pm
Meeting Room 19AB, Level 4

3:40pm

Kubernetes Ingress Controller with Apache Traffic Server [I] - Mrunmayi Dhume, Oath (Yahoo) & Suresh Visvanathan, Yahoo!
Today, the Oath Media Brands and Products container platform is serving critical application workloads like Yahoo Sports and Yahoo Finance at a large scale using Kubernetes as the orchestration framework.

For a platform at this scale, it is critical to have a powerful and flexible ingress routing layer (controller) that is able to handle the dynamic behavior of container based applications, such as auto-scaling, frequently changing pod IP addresses, self-serve onboarding and cluster-aware routing. This L7 routing layer must be quick to react to changes on the cluster without affecting its routing capabilities and impacting the in-flight requests. In a multi-tenant system it is even more vital that a single application deployment does not cause an impact to user traffic or hinder the release velocity of other tenants.

We developed an ingress controller based on Apache Traffic Server that satisfies the requirements stated above, while remaining scalable and easy to integrate with both Kubernetes and the Oath ecosystem. In this talk/presentation, we will elaborate on the architecture of the ingress controller, the performance metrics we’ve achieved, and the key learnings from supporting such a critical infrastructure component.

Speakers
MD

Mrunmayi Dhume

Senior Software Engineer, Oath (Yahoo Inc)
Mrunmayi Dhume is a Senior Software Engineer in the Core Infrastructure team at Oath Media Brands and Products. She was involved early on in the introduction of Kubernetes in the organization and took a leadership role in designing and implementing the ingress routing layer compo... Read More →
avatar for Suresh Visvanathan

Suresh Visvanathan

Sr Architect, Oath(Yahoo)
Suresh Visvanathan, Sr Architect, has over 13 years of experience in IT and Software. Suresh’s current responsibilities include the architecture, vision, strategy and design of cloud platform as-a-service (PaaS). Suresh has been architecting solutions and building products arou... Read More →



Friday December 8, 2017 3:40pm - 4:15pm
Ballroom C, Level 1

3:40pm

Real Security for Services on Kubernetes [I] - Nick Lanham & Yun Zhang, Databricks
We all love the ease-of-use Kubernetes provides to engineers to deploy and manage their services. But before you can start running production code and dealing with customer data, you need to ensure that everyone's favorite features are in place: audit logs and access control. (And the crowd goes wild!)

At Databricks, we know that the best way to do security is to make sure the simplest way to do something is the secure one. In this talk, we introduce a system called Genie which uses time-boxed TLS certificates to authorize engineers to talk to certain namespaces within Kubernetes. Additionally, we will discuss how we extended this framework to allow for continuous deployment/continuous integration without weakening our security story!

Speakers
NL

Nick Lanham

Software Engineer, Databricks
Nick is a software engineer on the Cloud team and former systems Ph.D. student at UC Berkeley where he worked on the Alluxio in-memory caching system before dropping out to join Databricks. At Databricks, Nick and his colleagues on the Cloud team work on infrastructure to enable... Read More →
YZ

Yun Zhang

Yun is also a member of the Cloud team at Databricks. He is a graduate of Brown university, where he worked on Puddle Store, a distributed in-memory file system.


Friday December 8, 2017 3:40pm - 4:15pm
Meeting Room 12AB, Level 4

3:40pm

Economics of using Local Storage Attached to VMs on Cloud Providers [I] - Pavel Snagovsky, Quantum
Public cloud storage resource offerings aren't always optimal to run Cloud Native applications. This talk explores several storage options comparing costs, performance, resilience, features and interfaces of file, block and object storage for Cloud Native applications in AWS. EBS vs Instance store for Kubernetes nodes are compared for different scenarios. This talk also covers pros and cons of leveraging object store using resources already provisioned as oppose s3.

Speakers
PS

Pavel Snagovsky

Senior Developer, Quantum
Pavel Snagovsky is a Software Engineer at Quantum Corporation, contributing to several projects advancing storage evolution, including rook.io. Previously worked in Operations at Ticketmaster, Limelight Networks, Yellowpages and other companies.



Friday December 8, 2017 3:40pm - 4:15pm
Meeting Room 6AB, Level 3

3:40pm

BoF: Kubernetes DevStats (devstats.k8s.io) hosted by Dan Kohn & Lukasz Gryglicki, CNCF
Speakers
avatar for Lukasz Gryglicki

Lukasz Gryglicki

Senior Developer, CNCF
I'm a Senior Developer working for CNCF. | I was born in 1982. | I'm a big fan of Linux and Unix systems, started to use them about 1999. | My first work was for Innsoft from 2006 to 2011. | | In 2011-2012 I was a member of a Polish Polar Expedition in Hornsund Spitsbe... Read More →
avatar for Dan Kohn

Dan Kohn

Executive Director, Cloud Native Computing Foundation
Dan is Executive Director of the Cloud Native Computing Foundation, which sustains and integrates open source technologies like Kubernetes and Prometheus. He also helped create and launch the Linux Foundation's Core Infrastructure Initiative as an industry-wide response to the se... Read More →


Friday December 8, 2017 3:40pm - 5:00pm
Meeting Room 10C, Level 3

3:40pm

SIG Network Deep Dive Session - hosted by Casey Davenport, Tigera

SIG Network is responsible for maintaining and enhancing the various Kubernetes networking components and APIs. This session is a round-table technical discussion focused on Kubernetes networking with an aim to clarify or define technical road maps for a number of topics. Topics may include but are not limited to the future of the Ingress API, the next generation of the CNI interface, IPv6 support, and service meshes in Kubernetes. We welcome all interested community members to attend and contribute to the discussion!


Speakers
avatar for Casey Davenport

Casey Davenport

Software Engineer, Tigera
Casey Davenport is a core developer at Tigera working on Project Calico and has worked on software defined networking solutions since 2012. He is an active technology evangelist for containers and simplified networking, and has spoken recently on related topics at multiple meetup... Read More →


Friday December 8, 2017 3:40pm - 5:00pm
Meeting Room 4BC, Level 3

3:40pm

SIG OpenStack Deep Dive Session - hosted by Stephen Gordon, Red Hat & Chris Hoge, OpenStack

SIG OpenStack coordinates the cross-community efforts of the OpenStack and Kubernetes communities. This includes co-ordinating improvements to and documentation of the OpenStack cloud provider implementation in Kubernetes as well as supporting efforts to deploy OpenStack itself using Kubernetes. Attend this session to collaborate on the SIG's future plans. To review the agenda for the session, or to propose an item of your own for discussion, refer to the etherpad at https://etherpad.openstack.org/p/AUS-kubernetes-sig-openstack-deep-dive.


Speakers
avatar for Stephen Gordon

Stephen Gordon

Principal Product Manager, Red Hat Canada
Stephen is a Sr. Technical Product Manager focused on OpenStack Compute and supporting technologies at Red Hat. Previously Stephen was a technical writer producing documentation for Red Hat Enterprise Linux OpenStack Platform, Red Hat Enterprise Virtualization, and related open source projects including the OpenStack documentation project. | | Stephen is an avid collector of... Read More →
avatar for Chris Hoge

Chris Hoge

Interop Engineer, OpenStack Foundation
Chris Hoge is the Interop Engineer for the OpenStack Foundation. He's been an active contributor to the Interop Working Group (formerly DefCore), and helps run the trademark program for the OpenStack Foundation. He also works on collaborations between the OpenStack and Kubernetes... Read More →


Friday December 8, 2017 3:40pm - 5:00pm
Meeting Room 7, Level 3

3:40pm

4:25pm

ConfigMaps 102: Using ConfigMaps in Dynamic Application Deployments - Trevor McKay, Red Hat
ConfigMaps let you “decouple configuration artifacts from image content”. In other words, if you use ConfigMaps wisely in your apps you’ll never have to respin an image just to change a flag. This is a powerful feature which greatly simplifies creating and managing containerized applications. As powerful as they are, however, use of ConfigMaps has typically required a pretty static application deployment -- for example, ConfigMaps must exist before the apps that reference them, their names must be known ahead of time, and it was only recently that the (wonderful) idea of “optional” ConfigMaps was introduced. In this talk we’ll look at several ways we’ve found to use ConfigMaps dynamically in the context of a management platform for Apache Spark clusters we call Oshinko. You’ll leave armed with new ideas of how to leverage the power of ConfigMaps in dynamic applications with a broader set of deployment options.

Speakers
TM

Trevor McKay

Principal Software Engineer, Red Hat, Inc.
Trevor McKay is a Principal Software Engineer at Red Hat with a background in distributed computing and big data processing, having worked extensively with Apache Spark on OpenStack and now on Kubernetes. He is passionate about simplifying user experience in general and making a... Read More →


Friday December 8, 2017 4:25pm - 5:00pm
Meeting Room 10AB, Level 3

4:25pm

Multiple Applications and Environments per Cluster - Kubernetes Segmentation and Isolation for Enterprise Teams [I] - Damien Toledo, Nirmata
Enterprises are adopting Kubernetes to accelerate the development and the delivery of cloud-native applications. However, sharing a Kubernetes cluster between members of a same team can be challenging. And, sharing clusters across multiple teams is even harder!

Kubernetes offers several constructs to help implement segmentation and isolation. However, these primitives can be complex to understand and apply. As a result, it’s becoming common for enterprises to end up with several clusters. This leads to a waste of cloud resources and increased operational overhead.

In this session, we will demonstrate how it’s possible to fully automate the isolation of applications running on shared clusters. We will first cover the multiple levels of segmentation required, from object namespaces to network-level segmentation. The session will then provide best practices usage on several Kubernetes constructs such as namespaces, network policies, storage policies, resource quotas and limits and role based access control.

Speakers
DT

Damien Toledo

Co-founder, VP Engineering, Nirmata Inc
Damien is a co-founder and VP of Engineering at Nirmata Inc. a company providing a cloud service that fully automates the delivery and management of cloud applications. Previously, Damien spent 8 years at Netscout leading the migration of the engineering team to Agile.


Friday December 8, 2017 4:25pm - 5:00pm
Meeting Room 10AB, Level 3

4:25pm

Using Kubo to Manage your Kubernetes Clusters [I] - Oleksandr Slynko & Brendan Nolan, Pivotal
Kubo is an OSS project developed jointly by Pivotal and Google. It provides an uniform way to instantiate, deploy, and manage highly available vanilla Kubernetes clusters using BOSH - on GCE, vSphere, AWS, Openstack and Azure.

Using BOSH and Kubo to manage Kubernetes gives self healing, easily upgradeable clusters with managed secrets rotation. Cluster creation is simplified to the point where clusters can be created and destroyed for use in development or sandbox environments.

In this presentation, Brendan and Oleksandr will demonstrate deployment across multiple IAASes, cluster healing, cluster upgrade and cluster creation.

Speakers
BN

Brendan Nolan

Principal Software Engineer, Pivotal.io
avatar for Oleksandr Slynko

Oleksandr Slynko

Staff Software Engineer, Pivotal
Oleksandr has been working as Software engineer for 11 years. He has worked in Pivotal on Kubo since the project inception. He has background in automation and working on high available cloud solutions.



Friday December 8, 2017 4:25pm - 5:00pm
Meeting Room 8ABC, Level 3

4:25pm

Don’t Hassle Me, I’m Stateful - Jeff Bornemann & Michael Surbey, Red Hat
Stateless, cloud-ready applications are the future for many enterprise users, but what do you do about legacy monoliths, and existing vendor applications? New StatefulSet features within Kubernetes allow developers and administrators to work with these types of applications, and still reap the many rewards of a containerized platform. This session will explore some of these features by deploying a full MongoDB cluster on-top of OpenShift.

Speakers
avatar for Jeff Bornemann

Jeff Bornemann

Senior Consultant, Red Hat
Jeff has worked for over 5 years developing software for Fortune 500 companies, including contributions to multiple OSS projects. Jeff works with Red Hat's OpenShift platform, helping to bring container adoption to Red Hat customers.
avatar for Michael Surbey

Michael Surbey

Solutions Architect, Red Hat, Inc.
With a background in development, design, and management of enterprise IT-driven solutions, Mike enjoys helping U.S. public sector customers, contributors, and partners create better a citizen experience the open source way.



Friday December 8, 2017 4:25pm - 5:00pm
Meeting Room 9C, Level 3

4:25pm

What Happens When Something Goes Wrong? On Kubernetes Reliability. [I] - Marek Grabowski & Tina Zhang, Google
One of the best features of the Kubernetes is that it can automatically recover from various failures and keep your application working despite unfavorable circumstances. There are moments when this works like magic and operators won't even notice something was going on. Sadly, sometimes automation fails.

In this talk we're going to describe various policies and mechanisms that are implemented in the system designed to keep user applications and cluster in general running. We'll talk both about things that will happen automatically and those that users need to configure.

Speakers
avatar for Marek Grabowski

Marek Grabowski

Site Reliability Engineer, Google
Marek is a Software Engineer turned Site Reliability Engineer late 2017. Currently he focuses on reliability of Kubernetes clusters. Since 2013 he has been working on Google’s Technical Infrastructure, where early 2015 he joined Kubernetes engineering team. In Kubernetes his ma... Read More →
avatar for Tina Zhang

Tina Zhang

GKE Site Reliability Engineer, Google



Friday December 8, 2017 4:25pm - 5:00pm
Ballroom A, Level 1

4:25pm

TV in Containers: A New Zealand Kubernetes Story [B] - Nigel Wrigh & JP Senekal, Dimension Data
SkyTV is a premium provider of television services to the New Zealand market and they pride themselves on creating new content ideas, technologies and services for their customers. An ongoing innovation agenda saw SkyTV move to a Hybrid Cloud application delivery model using OpenStack and AWS to start delivering applications in a much faster manner. Part of innovation is always asking "What's next?" and when SkyTV asked this question, the answer was "How do we move even faster?"
After evaluating many options, SkyTV decided on implementing Kubernetes on their existing OpenStack platform for any new applications. This session will describe some of the operational challenges they faced in the creation and management of the platform.
We will also cover the technical challenges SkyTV faced (including a platform team that had very little exposure to Containers and Kubernetes) and the continued culture and learning changes required to start leveraging the new capabilities offered by Kubernetes.
This will be a very honest, open 'warts and all' discussion on how Kubernetes has enabled a media company to move fast enough to be able to keep up in the highly competitive, constantly changing world of entertainment.


Speakers
JS

JP Senekal

Jean-Pierre Senekal is a Hybrid cloud integration specialist and a Hyper Converged Infrastructure evangelist - passionate about seeing technology as the disruptor and enabler that transforms businesses. The question is no longer "Why?", it's "Why not?"
NW

Nigel Wright

Platform Architect, Dimension Data
Nigel Wright is based in Auckland, New Zealand and works as a Cloud Technologist/Architect, with a focus on Digital Transformation and Cloud. Nigel has over 15 years in the IT industry and is a passionate Hybrid Cloud and PaaS Evangelist, focused on innovation using software deve... Read More →


Friday December 8, 2017 4:25pm - 5:00pm
Ballroom B, Level 1

4:25pm

Istio’s Mixer: Policy Enforcement with Custom Adapters [I] - Limin Wang, Google & Torin Sandall, Styra
The Istio service mesh provides a highly extensible platform to connect, manage, and secure microservices. Istio’s highly extensible nature is one of the main selling points as it allows you to enforce your own organization-specific policies across large fleets of microservices. At the same time, new technology always has a learning curve, and with all this extensibility and generality the task can be quite daunting.

In this talk, Limin Wang (Software Engineer at Google) and Torin Sandall (Technical Lead of the Open Policy Agent project) explain how Istio’s Mixer works and lead a deep dive into Mixer Adapter development. The talk shows (with demos) how the Mixer Adapter model enables custom policy enforcement and how the model is used to integrate third party policy engines like the Open Policy Agent.

This talk is targeted at platform engineers interested in using the Istio service mesh to enforce custom policies in their microservices. The talk also provides new ideas about the kinds of policies that can be enforced in Istio today.

Speakers
TS

Torin Sandall

Software Engineer, Styra
Torin Sandall is the technical lead of the recent open source Open Policy Agent (OPA) project. He has spent 10 years as a software engineer working on large-scale distributed systems projects. Prior to working on the Open Policy Agent project, Torin was a senior software engineer... Read More →
LW

Limin Wang

Software Engineer, Google
Limin Wang is a security technical lead for Istio and Cloud Endpoints projects at Google. Before joining Google, she was a senior software engineer at VMware. Limin holds a PhD degree in Computer Science from Michigan State University.



Friday December 8, 2017 4:25pm - 5:00pm
Meeting Room 9AB, Level 3

4:25pm

From Screen to Pods: Bootstrapping a Cloud Agnostic System using Kubernetes [I] - Patrick McQuighan, Algorithmia
Today, Algorithmia runs multiple Kubernetes clusters each with CPU and GPU nodes, 100s of pods, and 10,000s of containers created daily. We can create a copy of our entire stack in a variety of cloud environments in about an hour. Twelve months ago, Algorithmia was limited to AWS and reliant on an enterprise product for deployment management. In that time, we learned how to ensure a highly-available setup in multiple environments, handled networking issues between old applications and pod-based applications, discovered many quirks with cloud components (such as AWS ELB), learned what wrong assumptions we held about the cloud, and migrated our live production services to run within Kubernetes. We also learned the limits of Kubernetes and when to control components on our own. Ultimately, we reduced the number of servers needed to run our full stack, simplified the process of adding services, reduced dependency on particular cloud services, and have a hardened way to deploy our platform.

In this talk I’ll cover why we moved to Kubernetes to build our enterprise product, the benefits it entailed, difficulties we encountered with Kubernetes, containers, cloud providers, and what we’re most excited about in the future of Kubernetes.

Speakers
avatar for Patrick McQuighan

Patrick McQuighan

Senior Software Engineer, Algorithmia
I joined Algorithmia in December 2015 and have been improving system performance and creating the Algorithmia Enterprise product. In that time we have grown from a single pool of workers to heterogenous groups of machines, and developed support for running the platform in multipl... Read More →



Friday December 8, 2017 4:25pm - 5:00pm
Meeting Room 19AB, Level 4

4:25pm

Effective RBAC - Jordan Liggitt, Red Hat
The v1 release of role-based access control (RBAC) in Kubernetes 1.8 provides a flexible way to ensure users and applications have proper access to the Kubernetes API. This talk is for administrators who want to secure their clusters, and for anyone who wants their applications to integrate easily in RBAC-enabled environments. This talk will give an overview of the RBAC design and API, explain how to set up an RBAC-enabled cluster, demonstrate applying policies to existing applications, show how to create custom roles to distribute with applications, and answer the question "Can Bob educate dolphins?"

Speakers
avatar for Jordan Liggitt

Jordan Liggitt

Principal Software Engineer, Red Hat
Jordan Liggitt is a principal software engineer at Red Hat, and helps lead Kubernetes authentication and authorization efforts.


Friday December 8, 2017 4:25pm - 5:00pm
Meeting Room 12AB, Level 4
  • Difficulty Level Any

4:25pm

Kubernetes Storage Evolution: Enabling High Performance Distributed Datastores [A] - Erin A Boyd, Red Hat & Michelle Au, Google
This talk will focus on the recent changes & challenges in Kubernetes to address the need for consistent & secure access to local persistent storage and raw block storage.

Speakers
MA

Michelle Au

Michelle Au is a software engineer at Google and is leading the local storage effort in Kubernetes. Prior to Google, she was at EMC, working on cluster management and cluster communication protocols. She received a BS in Electrical Engineering and Computer Science from UC Berkele... Read More →
avatar for Erin A Boyd

Erin A Boyd

Principal Software Engineer, Red Hat
Erin Boyd joined Red Hat to work on Big Data & Emerging Technologies in 2013. Since that time she has worked on various Open Source projects with most recently contributing to the Kubernetes Storage SIG, Storage E2E testing, and Container Native Storage. Prior to working at Red H... Read More →



Friday December 8, 2017 4:25pm - 5:00pm
Meeting Room 6AB, Level 3