Loading…
View analytic

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Monday, December 4
 

9:00am

Running Enterprise Kubernetes w/Tectonic
Registration: Add this training on your KubeCon + CloudNativeCon North America conference registration here. If you are already registered for KubeCon + CloudNativeCon North America 2017, modify your registration to add the training or email us at events {at} cncf {dot} io.

Running Kubernetes in an enterprise production environment requires a in-depth technical knowledge of Kubernetes and the relevant tools you need to keep your applications running properly. This hands-on workshop will introduce the audience to CoreOS Tectonic for running enterprise Kubernetes. CoreOS Tectonic includes an easy to use dashboard that provides access and insights into the many components of your stack.

We will go over the following topics:
  • Tectonic Overview 
  • Installing Tectonic 
  • Exploring the Tectonic Console 
  • Understanding the Tectonic Architecture 
  • Self-Hosted Kubernetes 
  • Security and Identity Monitoring 
  • Auto Updates 
  • The Future of Tectonic

Monday December 4, 2017 9:00am - 12:00pm
Meeting Room 7, Level 3

12:00pm

1:00pm

Running Enterprise Kubernetes w/Tectonic
Registration: Add this training on your KubeCon + CloudNativeCon North America conference registration here. If you are already registered for KubeCon + CloudNativeCon North America 2017, modify your registration to add the training or email us at events {at} cncf {dot} io.

Running Kubernetes in an enterprise production environment requires a in-depth technical knowledge of Kubernetes and the relevant tools you need to keep your applications running properly. This hands-on workshop will introduce the audience to CoreOS Tectonic for running enterprise Kubernetes. CoreOS Tectonic includes an easy to use dashboard that provides access and insights into the many components of your stack. 

We will go over the following topics: 
  • Tectonic Overview 
  • Installing Tectonic 
  • Exploring the Tectonic Console 
  • Understanding the Tectonic Architecture 
  • Self-Hosted Kubernetes 
  • Security and Identity Monitoring 
  • Auto Updates 
  • The Future of Tectonic

Monday December 4, 2017 1:00pm - 4:00pm
Meeting Room 7, Level 3

1:00pm

Introduction to Kubernetes and Containers w/Heptio

Registration: Add this training on your KubeCon + CloudNativeCon North America conference registration here. If you are already registered for KubeCon + CloudNativeCon North America 2017, modify your registration to add the training or email us at events {at} cncf {dot} io.

About: In this half day instructor-led course you will learn the fundamentals of container-based distributed systems, including an overview of the architecture and building blocks of Kubernetes and containers. 

This course is delivered in an intimate setting with a ~10:1 student to teacher ratio, so you can get the help you need.

In addition to learning from our Kubernetes experts, you will have the opportunity to: 

  • Meet Kubernetes creators Craig McLuckie (CEO) and Joe Beda (CTO) and our other Kubernetes committers for a Q&A session after each class
  • Get a copy of "Kubernetes: Up and Running" signed by Joe Beda
  • Join us for happy hour

Course topics include: 

  • Introduction
  • The Motivation for Containers
  • The Motivation for Kubernetes
  • Containers Fundamentals
  • Kubernetes Fundamentals
  • Kubernetes in Action
  • Conclusion
  • Two hands-on excercises:
    • Build container images and publish them to a registry.
    • Deploy services using Kubernetes.

Monday December 4, 2017 1:00pm - 5:00pm
Meeting Room 8C, Level 3
 
Tuesday, December 5
 

7:00am

8:00am

Building a Secure, Production Grade Kubernetes with Ubuntu

In this workshop you'll dive into containers, how they're composed, and their uses. From there you'll stand up a Kubernetes deployment in a cloud or on your local laptop. We'll then dive in to how containers can be managed on platforms like Kubernetes and common workflows for container deployments. Finally, you'll learn about today's security best practices - from building and delivering containers to securing and hardening Kubernetes.

But the end of this workshop, you'll be able to identify the differences in container types, how to setup a secure Kubernetes installation, and the vocabulary + common workflows for running containers on Kubernetes

Prerequisites: Attendees will need to bring a laptop. Temporary cloud credentials will be provided for deployment sections of the workshop. Knowledge of basic Kubernetes components and objects suggested.


Tuesday December 5, 2017 8:00am - 11:00am
Meeting Room 10B, Level 3

8:00am

Contributor Summit
By Invitation Only. 

Badges can be picked up at main registration on Tuesday at 7am on Level 1. 

General session will be in Meeting Room 5 on Level 3. 

More information can be found here

Contributor Summit Sponsors: 


Tuesday December 5, 2017 8:00am - 4:30pm
Meeting Room 5ABC, Level 3

8:30am

Kubernetes Core Concepts Live Training w/Bitnami

Registration: Add this training on your KubeCon + CloudNativeCon North America conference registration here. If you are already registered for KubeCon + CloudNativeCon North America 2017, modify your registration to add the training or email us at events {at} cncf {dot} io.

About: This one day course serves as a crash course to learn the basics of Kubernetes right before KubeCon NA. You will discover the Kubernetes architecture and how to install it. You will then learn how to use its basic primitives (i.e pods, deployments and services) to build your own distributed application. The course will be a mix of lectures, demos and hands-on exercises.

This training course is for you because...

  • You're an administrator and want to understand the overall architecture of a Kubernetes cluster
  • You're an administrator and want to understand how to install Kubernetes yourself
  • You’re an application developer and want to understand the basic primitives of a Kubernetes application
  • You’re an application developer and want to learn the usage of `kubectl` to interact with your Kubernetes cluster and applications
  • You’re an application developer and want to understand how to use your Docker images in a Kubernetes cluster

Speakers
avatar for JuanJo Ciarlante

JuanJo Ciarlante

Senior Site Reliability Engineer, Bitnami
JuanJo has 20yrs+ experience working with open source software. He's the original author of ip aliasing support for the Linux kernel, among other FOSS contributions like Linux IP masquerading optimizations, OpenVPN IPv6 transport support, Open/SWAN crytoalgo modularizations... Read More →
avatar for Sebastien Goasguen

Sebastien Goasguen

Kubernetes Lead, Bitnami
Sebastien Goasguen is a twenty year open source veteran. A member of the Apache Software Foundation, he worked on Apache CloudStack and Libcloud for several years before diving into the container world. He is the founder of Skippbox, a Kubernetes startup acquired by Bitnami where... Read More →


Tuesday December 5, 2017 8:30am - 5:00pm
Meeting Room 1, Level 1

8:45am

Kubernetes: Enterprise Logging Workshop

Registration: Add this training on your KubeCon + CloudNativeCon North America conference registration here. If you are already registered for KubeCon + CloudNativeCon North America 2017, modify your registration to add the training or email us at events {at} cncf {dot} io.

Kubernetes provide a powerful abstraction for you to run microservices anywhere and scale to any size. Monitoring a Kubernetes cluster can be challenging specifically when dealing with Logging.

The Kubernetes Enterprise Logging workshop is a full hands-on session where you will learn the basics of Logging, how to implement an unified logging layer in your cluster focusing on an end-to-end solution ready for production. 

Workshop Outline: 

  • Introduction to Logging
  • Logging and Microservices
  • Fluentd and Fluentd Enterprise
  • Kubernetes: collecting and enrich logs with metadata
  • Enterprise Logging:
    • Performance and optimizations
    • Buffering mechanisms
    • Logs routing
    • Elasticsearch
    • Apache Kafka
    • Splunk

Tuesday December 5, 2017 8:45am - 12:45pm
Meeting Room 8AB, Level 3

9:00am

Running Enterprise Kubernetes w/Tectonic
Registration: Add this training on your KubeCon + CloudNativeCon North America conference registration here. If you are already registered for KubeCon + CloudNativeCon North America 2017, modify your registration to add the training or email us at events {at} cncf {dot} io.

Running Kubernetes in an enterprise production environment requires a in-depth technical knowledge of Kubernetes and the relevant tools you need to keep your applications running properly. This hands-on workshop will introduce the audience to CoreOS Tectonic for running enterprise Kubernetes. CoreOS Tectonic includes an easy to use dashboard that provides access and insights into the many components of your stack. 

We will go over the following topics: 
  • Tectonic Overview 
  • Installing Tectonic 
  • Exploring the Tectonic Console 
  • Understanding the Tectonic Architecture 
  • Self-Hosted Kubernetes 
  • Security and Identity Monitoring 
  • Auto Updates 
  • The Future of Tectonic

Tuesday December 5, 2017 9:00am - 12:00pm
Meeting Room 7, Level 3

9:00am

Using Istio to Build a Cloud Native Service Mesh

Registration: Add this training on your KubeCon + CloudNativeCon North America conference registration here. If you are already registered for KubeCon + CloudNativeCon North America 2017, modify your registration to add the training or email us at events {at} cncf {dot} io.

In the adoption of cloud native technologies developers have found one of the greatest challenges is the integration of services in distributed systems. The challenges include service discovery, load balancing, fault tolerance, end-to-end monitoring, dynamic routing for canary deployments and most importantly securing the communication channels.

Istio solves these problems by providing a layer of infrastructure between the services and the network that allows the service communication to be controlled outside the application code. This fundamentally changes how services are connected, managed and secured.

During thisworkshop you will gain hands-on experience to understand how Istio is changing the landscape of cloud native applications. We will walk through deploying each piece of Istio alongside a microservice application running in Kubernetes and in the process create a service mesh to control the communication. We will show features of Istio such as:

  • Traffic Management, Resilient Communication and Load Balancing between Services
  • Policy Enforcement and Rate Limiting
  • Telemetry, Monitoring and Reporting
  • Securing Communication between
  • Microservices Canary Deployments

Tuesday December 5, 2017 9:00am - 12:00pm
Meeting Room 10A, Level 3

9:00am

Kubernetes on AWS Hands-on Workshop, Taught by AWS
Registration: Add this training on your KubeCon + CloudNativeCon North America conference registration here. If you are already registered for KubeCon + CloudNativeCon North America 2017, modify your registration to add the training or email us at events {at} cncf {dot} io.


Kubernetes is a popular cloud-native open-source orchestration platform for container management, scaling and automated deployment. It includes a rich set of features such as service discovery, multi-tenancy, stateful containers, resource usage monitoring, and rolling updates. Some of the questions we will go over are: 

  • How do we deploy using infrastructure technologies like CloudFormation and Terraform?
  • How can CLI clients such as kops, kubeadm and minikube be used to interact with Kubernetes?
  • What does a clean CI/CD pipeline look like using AWS?
  • How do we integrate with tools such as Maven?

In this code-driven workshop, you will learn how to package, deploy, scale and monitor your Java application using Kubernetes and the AWS cloud.


Tuesday December 5, 2017 9:00am - 4:00pm
Meeting Room 9B, Level 3

9:00am

FD.io Mini Summit

Registration: Add this training on your KubeCon + CloudNativeCon North America conference registration here. If you are already registered for KubeCon + CloudNativeCon North America 2017, modify your registration to add the training or email us at events {at} cncf {dot} io.

FD.io (Fast Data) is the first truly open data plane project focusing on data IO performance, scalability, efficiency, and programmable flexibility for networking and storage. FD.io provides a modular, extensible user space IO services framework that supports rapid development of high-throughput low-latency resource-efficient IO services. The design of FD.io is hardware, kernel, and deployment (bare metal, VM, container) agnostic. FD.io has been integrated with OpenStack Neutron, OpenDaylight, and Calico to provide a drop in upgrade for all of your dataplane needs. A key component of FD.io is the Vector Packet Processing (VPP) library contributed at the foundation of the project. The commercial-ready code targetable to run on standard x86, ARM, and Power servers is already running in products on the market today. VPP when connected to DPDK for network IO has shown to perform two orders of magnitude faster than currently available open source options implementing switching or routing workloads, reaffirming one of the core principles of FD.io: a focus on performance.

Join us at the FD.io Mini Summit to hear and learn from FD.io community experts who will be sharing information about the projects, use cases, capabilities, integration between FD.io and OpenStack/ODL/OPNFV/Other communities, tools and many more exciting topics. This is a great opportunity for the KubeCon + CloudNativeCon attendees to share their thought leadership and innovations at one of the industry’s premier events. 

*No Show Fee - Note that while FD.io Mini Summit is free to attend, anyone that is a no-show onsite will be charged $50 for each event not attended. This helps us in planning accurately for the event.

Agenda

9:00am - 9:20am - Welcome & Introduction - Ed Warnicke, Cisco
9:20am - 9:50am - A Pragmatic Approach to Service Assurance in a Cloud Native World - Balaji Ethirajulu, Ericsson Inc
9:50am - 10:20am - Benchmarking and Analysis of Software Network Data Planes - Maciek Konstantynowicz, Cisco; Patrick Lu, Intel; Shrikant M. Shah, Intel
10:20am - 11:10am - Break 
11:10am - 11:40am - VPP Host Stack - Florian Coras, Cisco
11:40am - 12:10pm - Empowering the User Space Stack on Cloud Native Applications - Hong Lin, Huawei
12:10pm - 12:40pm - Dataplane Networking Journey in Kubernetes - Ivan Coughlan, Intel
12:40pm - 1:40pm - Lunch 
1:40pm - 2:10pm - Ligato: towards a platform for development of cloud-native VNFs - Jan Medved, Cisco
2:10pm - 2:40pm - The Arm Ecosystem Rallies Around FD.io - Tina Tsou, Arm
2:40pm - 3:10pm - Beyond pfSense - a new security router distribution - Jim Thompson, Netgate
3:10pm - 3:40pm - Agentless NIC-Based Security - Scott Schweitzer, Solarflare Communications
3:40pm - 4:00pm - Break 
4:00pm - 4:45pm - Discussion of VPP/FD.io and Kubernetes - Ed Warnicke, Cisco

Tuesday December 5, 2017 9:00am - 5:00pm
Meeting Room 10C, Level 3

9:00am

ONAP Workshop: Automating Networks in a Container World

Registration: This event is Sold Out.  You can add yourself to the waitlist here.

In February 2017, The Linux Foundation introduced the Open Network Automation Platform (ONAP), which is the merger of the open source OPEN-O and ECOMP projects, code bases, and communities. The ONAP project allows operators to automate, design, orchestrate, and manage services and virtual functions. This Mini Summit examines how open source is moving up the stack and value chain, and The Linux Foundation's harmonization efforts underway to forge a unified vision and ultimately architecture to bring together open source projects and relevant standards. In addition, we will provide an in-depth introduction to the ONAP project, including the trends leading up to the project, scope, organization, etc.

Agenda:

Automating Networks in a Container World

9:00 – 9:10 Welcome & Intro - Phil Robb, The Linux Foundation
9:10 – 9:50 Overview & Discussion: Networking & Containers: Where Are We Now? Challenges, Opportunities - Xuan Jia, China Mobile
9:50 – 10:20 How Networking Will Be Transformed by DevOps - Jason Hunt, IBM
10:20-10:30 Break 
10:30 – 11:00 NFV in the Enterprise (Panel) 
11:00 – 11:30 Open Source Cloud Native NFV Operations Management & Security: ONAP Perspective – Ramki Krishnan, VMware and Sastry Isukapalli, AT&T
11:30– 12:00 Toward Container Support As VNF-based Cloud Infrastructure - Isaku Yamahata, Intel
12:00 – 12:40 Overview & Discussion: Security In The Modern Virtualized Data Center - Gadi Naor, Alcide and Phil Robb, LF
12:40 – 1:45 Lunch
1:45 - 2:15 Open Source Multi-Cloud Orchestration for Kubernetes with a Single Provider – DeWayne Filppi, Cloudify
2:15 – 3:45 BoF/Unconference 
3:45 – 4:00 Closing Remarks - Phil Robb, The Linux Foundation

 

*No Show Fee - Note that while ONAP Mini Summit is free to attend, anyone that is a no-show onsite will be charged $50 for each event not attended. This helps us in planning accurately for the event.


Tuesday December 5, 2017 9:00am - 5:00pm
Meeting Room 3, Level 1

9:00am

Kubernetes Hands-on Workshop w/Heptio

Registration: Add this training on your KubeCon + CloudNativeCon North America conference registration here. If you are already registered for KubeCon + CloudNativeCon North America 2017, modify your registration to add the training or email us at events {at} cncf {dot} io.

In this one day hands-on course you will deploy Kubernetes and containers to build out a distributed, highly available, fault tolerant application architecture. 

This course is delivered in an intimate setting with a ~10:1 student to teacher ratio, so you can get the help you need. Throughout the course, hands-on exercises reinforce the topics being discussed.

In addition to learning from our Kubernetes experts, you will have the opportunity:

  • Meet Kubernetes creators, Craig McLuckie (CEO) and Joe Beda (CTO) and our other Kubernetes committers for a Q&A session after each class
  • Get a copy of "Kubernetes: Up and Running" signed by Joe Beda
  • Join us for happy hour

Course topics include: 

  • Introduction
  • Deploy a Kubernetes Cluster
  • Containerize Applications
  • Deploy Applications
  • Manage and Modify Applications
  • ConfigMaps and Secrets
  • Persistent Volumes

Tuesday December 5, 2017 9:00am - 5:00pm
Meeting Room 8C, Level 3

1:00pm

Running Enterprise Kubernetes w/Tectonic
Registration: Add this training on your KubeCon + CloudNativeCon North America conference registration here. If you are already registered for KubeCon + CloudNativeCon North America 2017, modify your registration to add the training or email us at events {at} cncf {dot} io.

Running Kubernetes in an enterprise production environment requires a in-depth technical knowledge of Kubernetes and the relevant tools you need to keep your applications running properly. This hands-on workshop will introduce the audience to CoreOS Tectonic for running enterprise Kubernetes. CoreOS Tectonic includes an easy to use dashboard that provides access and insights into the many components of your stack. 

We will go over the following topics: 
  • Tectonic Overview 
  • Installing Tectonic 
  • Exploring the Tectonic Console 
  • Understanding the Tectonic Architecture 
  • Self-Hosted Kubernetes 
  • Security and Identity Monitoring 
  • Auto Updates 
  • The Future of Tectonic

Tuesday December 5, 2017 1:00pm - 4:00pm
Meeting Room 7, Level 3

1:00pm

Kubernetes Docs Sprint
The Kubernetes Docs special interest group (SIG docs) is running a Docs Sprint at Kubecon. Anyone with an interest in documentation or contributing to the Kubernetes website is welcome to join. We’ll be working in small teams to write content and improve documentation processes for Kubernetes. The projects we’ll be focusing on include improving user journeys through https://kubernetes.io, adding to the Kubernetes glossary, and improving our release notes process. This is a great opportunity to contribute to Kubernetes. All experience levels welcome. GitHub account required.

Tuesday December 5, 2017 1:00pm - 5:00pm
Mezzanine Office 6 & 7, Level 2

1:00pm

Istio Mini Summit

Registration: Add this training on your KubeCon + CloudNativeCon North America conference registration here. If you are already registered for KubeCon + CloudNativeCon North America 2017, modify your registration to add the training or email us at events {at} cncf {dot} io.

Join experts from Google, IBM, Tigera, and more to hear the latest developments on the Istio project. Connect with the community to hear about use cases, capabilities, and more.


Tuesday December 5, 2017 1:00pm - 5:00pm
Meeting Room 10A, Level 3

1:00pm

Container Troubleshooting with Sysdig Open Source

Registration: Add this training on your KubeCon + CloudNativeCon North America conference registration here. If you are already registered for KubeCon + CloudNativeCon North America 2017, modify your registration to add the training or email us at events {at} cncf {dot} io.

About: Join us for a 4-hour use-case driven training session on container visibility, troubleshooting and run-time security monitoring with the Sysdig open source tools (Sysdig and Falco) and learn how containers work under the hood.

Agenda:

  • Visibility and troubleshooting (~1 hour)
    • Learn how to debug a 502 error on a containerized LB with HPproxy, a Python webapp that crashes after working for 5 minutes or finding where you configured the wrong credentials in a microservices app.
  • Analyzing performance and bottlenecks (~1 hour)
    • Compare the performance of different web servers running in containers, use system call tracing to find the bottleneck in your application or learn how to use spectograms (flame graphs) to visualize system call performance. 
  • Debugging Kubernetes (~1 hour)
    • Dive into Kubernetes internals using reverse engineering: Why is that Kubernetes service valid but doesn't work? How does service resolution work? How does Kubernetes instruct Docker Engine?
  • Security run-time monitoring and forensics (~1 hour)
    • Last but not least, all these previous lessons can also be applied for security. Not only with forensics on an attack attempt, but Sysdig Falco can alert on containers with anomalous behaviour as well.

Speakers
avatar for Jorge Salamero Sanz

Jorge Salamero Sanz

Technical Marketing Manager, Sysdig
Jorge enjoys monitoring all the things, from his Docker containers and Kubernetes clusters to writing sensors plugins for DIY IoT projects with Raspberry PI and ESP8266. Currently he is part of the Sysdig team, and in the past was one of the promoters of HumanOps and a Debian developer... Read More →


Tuesday December 5, 2017 1:00pm - 5:00pm
Meeting Room 10B, Level 3

1:00pm

OpenContrail Governance Summit - Day 1
OpenContrail Community facilitates the development, evolution and adoption of OpenContrail project across various open source ecosystems, including public and private clouds, container ecosystem and other computational platforms. OpenContrail is the leading open source, scalable, production grade  network fabric that provides a robust overlay SDN and network security. The Community goal is to maintain and improve the production ready and scalable nature of OpenContrail project while accelerating development, and attracting additional developers and users to the platform.


For the latest agenda, please refer to the OpenContrail Events page.

1:00-1:15pm Welcome and Introduction - Randy Bias

1:15- 1:45pm Community Status Recap - Greg Elkinbard

○      Review the progress of community creation over the last several mini-summits 

1:45 - 2:45pm Status Updates from the project working groups

○      Governance - Greg Elkinbard

○      Technical Steering Committee - Joseph Gasparakis

○      Architecture Review Board - Joseph Gasparakis, Paul Caver, Suhkdev Kapur

○      Infra - Paul Carver, Greg Elkinbard

2:45 - 3:00pm Break

3:00 - 5:00pm Charter and process document review (forum)

○      Governance

○      Technical Steering Committee

○      Architecture Review Board

5:00 - 5:15pm High Level community goals for 2018 (forum)

○      Discuss and set high level community goals for 2018

○      Events priority - identify key marketing events to support next year.

■      OpenStack

■      CNCF/Kubecon and Others

5:15 - 5:30 Outreach to other projects (OpenStack, Kubernetes, ONAP, OPNFV, others)

○      Our goal is to become ubiquitous SDN so we need to identify key projects which community will directly support, currently we integrate with OpenStack and CNCF CNI based projects such as Kubernetes and Mesos. Community discuss and set priorities in participating in other projects such as OPNFV, ONAP and others

 

For any questions, please contact gelkinbard@juniper.net


Tuesday December 5, 2017 1:00pm - 5:30pm
Hilton Austin - Meeting Room #410 500 East 4th Street Austin, TX USA 78701

1:00pm

Free Kubernetes 101 Workshop for the Enterprise w/VMware

This free workshop led by The Linux Foundation and VMware will provide an overview and walkthrough of containers and Kubernetes, with key concepts, architecture, and how Kubernetes is used in enterprise environments. The session will include running Kubernetes in enterprise use case scenarios and how enterpises can operationalize Kubernetes adressing day 1 and day 2 needs. 

  • Introduction to Containers
  • Overview of Kubernetes and Architecture
  • Kubernetes Deployment Walkthrough
  • Kubernetes Demos
  • Enterprise use case scenarios
  • Operationalizing Kubernetes
  • Mechanics of rolling upgrades
  • Monitoring Kubernetes

The workshop will finish with a reception right afterwards to allow time for some networking.


Tuesday December 5, 2017 1:00pm - 6:30pm
Ballroom C, Level 1

2:00pm

DevOps with K8s Meetup
On Dec 5, 2017, Huawei and patterns of CNCF community will be hosting a DevOps Meetup of Kubernetes in Austin. In this event, you will get over 3 sessions from Huawei, Loose and CoreOS. These topics focus on DevOps include CI/CD, modern infrastructure, networks and others in Kubernetes ecosystem.

The tickets are free, and we will have a great event with a lot of interesting discussion and some surprises.

More details on https://www.meetup.com/devops-for-kubernetes/events/243970695 Please join us!

Tuesday December 5, 2017 2:00pm - 5:00pm
Meeting Room 9C, Level 3

2:00pm

Event Registration
Tuesday December 5, 2017 2:00pm - 7:00pm
Palazzo, Level 1

5:00pm

CNCF Storage Working Group Meeting - Hosted by Clint Kitson, {code} & Ben Hindman, Mesosphere
The storage working group is tasked with discussing all things storage in the cloud native space. Important topics like the cloud native storage landscape, and upcoming CNCF sponsored storage projects are on the agenda to be discussed.

Speakers
avatar for Ben Hindman

Ben Hindman

Mesosphere Founder - Apache Mesos Co-Creator, Mesosphere
Ben is one of the creators of Apache Mesos, a platform for building and running resource-efficient distributed systems at scale. Ben started working on Mesos as a PhD student at Berkeley before he brought it to Twitter where it runs on thousands of machines. An academic at heart... Read More →
avatar for Clint Kitson

Clint Kitson

Technical Director, {code}
Clint is the Technical Director for the {code} open source initiative. He focuses on contributing and building community around emerging trends in software-based infrastructure, containers, open source, and DevOps. He represents Dell Technologies as a CNCF governing board member... Read More →


Tuesday December 5, 2017 5:00pm - 7:00pm
Mezzanine Room 1, Level 2

5:00pm

Lightning Talks - hosted by Sarah Zelechoski
Speakers
avatar for Sarah Zelechoski

Sarah Zelechoski

VP of Engineering, ReactiveOps
Sarah is the Vice President of Engineering at ReactiveOps. She and her team focus on providing expert-level guidance and a curated framework around using Kubernetes and other Open Source tools to solve interesting business problems. Sarah is active in both the kops and SIG AWS Kubernetes... Read More →


Tuesday December 5, 2017 5:00pm - 7:30pm
Ballroom A, Level 1

5:01pm

Lightning Talk: Building Scalable Test Infrastructure with Kubernetes [I] - Allan Schiebold, Codefresh
In this talk I'll quickly cover how we build scalable test infrastructure with Kubernetes. I'll cover common practices, and present some new ways to approach them.

Speakers
avatar for Allan Schiebold

Allan Schiebold

Solution Architect, Codefresh
Allan was born and raised in the suburbs of Detroit, MI. He started building personal computers at the young age of twelve, learned programming in high school with Visual Basic and JavaScript and continued on to earn his bachelors in Computer Science from the University of Michigan... Read More →


Tuesday December 5, 2017 5:01pm - 5:06pm
Ballroom A, Level 1

5:10pm

Lightning Talk: How to Contribute to Kubernetes [B] - Nikhita Raghunath, Student
Do you want to contribute to Kubernetes? Not sure how or where to begin? It can be overwhelming! But fear not - you can join the thousands of successful contributors too!

In this talk we’ll explore the different parts of Kubernetes and how they work, see how the various components are related, discuss the skills you need to get started and learn the best ways to get your first Pull Request accepted.

You don’t have to be an expert; even mere mortals like us can make contributions. This talk will also walk through how I implemented my Google Summer of Code project even though I was completely new to Kubernetes. Once you see how easy it is, you’ll want to do it too!

Speakers
avatar for Nikhita Raghunath

Nikhita Raghunath

Nikhita is a Kubernetes contributor and works on the extensibility of the Kubernetes API. She was also a Google Summer of Code intern with the Cloud Native Computing Foundation.



Tuesday December 5, 2017 5:10pm - 5:15pm
Ballroom A, Level 1

5:20pm

Lightning Talk: Essentials for Building Your Own Database-as-a-Service [B] - Balachandran Chandrasekaran, Dell EMC
This session will discuss about essential blueprint for building and operating a database platform as a service by taking advantage of Kubernetes and its persistent storage support for stateful containerized applications.

Speakers
avatar for Balachandran Chandrasekaran

Balachandran Chandrasekaran

Sr. Advisor, Product Marketing, Dell EMC
I work for Dell EMC's emerging storage technologies including software-defined storage (ScaleIO). I have over 10 years of experience working on relational databases in the product development, database operations and administration roles. I currently enjoy evangelizing containers... Read More →



Tuesday December 5, 2017 5:20pm - 5:25pm
Ballroom A, Level 1

5:30pm

Lightning Talk: How Kubernetes is Helpful for Accelerating Machine Learning Research and Engineering [I] - Hitoshi Mitake, NTT Labs
In this lightning talk, the presenter shares his experience on helping machine learning research and engineering with kubernetes. k8s is not only a tool for managing microservices but also helpful for executing batch jobs like learning phase of deep learning frameworks and stateful services that provides data for the learning tasks. The presenter and his collaborators has been building and managing k8s cluster for TensorFlow learning tasks and HDFS as its learning data source. In addition, thanks to the pluggable scheduler architecture of k8s, their custom scheduler enshorts execution the learning tasks effecitvely and hides usage of network equipments and complex heterogeneous computational devices (e.g. GPUs) from researchers.

Speakers
avatar for Hitoshi Mitake

Hitoshi Mitake

Research Engineer, NTT Labs.
Hitoshi Mitake is a software engineer working for NTT Laboratories. He has been working on distributed storage systems for 5 years. His recent activities includes developing etcd, especially auth related stuff, as one of the maintainers. He is also working on techniques of effectively... Read More →



Tuesday December 5, 2017 5:30pm - 5:35pm
Ballroom A, Level 1

5:40pm

Lightning Talk: Cluster Insights [B] - Xin Ma, eBay
As the footprint of our K8 clusters increased across eBay data centers, many work loads were on boarded onto these clusters. With different work loads running across different clusters, cluster operations and insights into these applications has become an interesting problem. We wanted to know the footprint of these applications across different clusters in our data centers. One of the most obvious solutions is to query against different api servers and derive insights. However as the scale increased querying api servers has become a challenge and we could not get data in real time. To solve these problems, we developed an application called kube watch. Kube watch helps collects data for various resources from different clusters and persists into data stores. By building different dashboards using this data it helped us gain insights into the clusters in real time. During this talk we shall go through the kube watch system, its architecture and the problems it has helped us to solve.

Speakers
avatar for Xin Ma

Xin Ma

Principal Cloud Engineer, eBay
DevOps engineer focusing on OS and Kernel, Container runtime, Kubernetes deployment and operations. Currently a member in the eBay Kubernetes team, before that Xin was in the eBay cloud team working on compute&provisioning, reliability engineering and deploying Openstack at scale... Read More →


Tuesday December 5, 2017 5:40pm - 5:45pm
Ballroom A, Level 1

5:50pm

Lightning Talk: Why is Community so Important? [B] - Yeni Capote Diaz, Samsung SDS
I believe one of the reasons Kubernetes has grown in popularity so rapidly in the past few years has a bit to do with its community. I want to share my experience as a member of the Kubernetes community and discuss how the interactions I've had have contributed towards my development as an engineer. As a woman of color and a recent graduate of a bootcamp, I know firsthand the power of a strong community. I also want to cover what helps a beginner engineer such as myself to thrive, contribute, and be successful in this industry. I want to share some important qualities that I have experienced in the Kubernetes community and where we can potentially improve.

Speakers
avatar for Yeni Capote Diaz

Yeni Capote Diaz

DevOps Engineer, Samsung SDS
In my past life I was a nanny. I found my love for programming quite accidentally. I started looking at online courses and found that the only option I could see myself doing was programming, so I took a couple classes. I wanted more, and then I discovered Ada Developer's Academy... Read More →



Tuesday December 5, 2017 5:50pm - 5:55pm
Ballroom A, Level 1

6:00pm

Lightning Talk: Watch This! - Johnathon Rippy, NetApp
Rippy will demonstrate Docker running on his rooted Android Wear watch.
To get this working required Docker, OpenEmbedded, Yocto, and AsteroidOS which he'll explain. If all goes well with the demonstration, he'll add the watch as a Kubernetes node and schedule a pod to run on it.

Rippy's initial tweet about Docker running on his watch:
https://twitter.com/jkrippy/status/826661130693128194

Speakers
avatar for Jonathan Rippy

Jonathan Rippy

MTS, NetApp
Rippy first installed Linux from a shoebox full of floppy disks in high school and never looked back. He's a native of North Carolina and works at NetApp on their OpenSource Docker and K8S storage plugins.



Tuesday December 5, 2017 6:00pm - 6:05pm
Ballroom A, Level 1

6:10pm

Lightning Talk: Stupid Kubectl Tricks - Jordan Liggitt, Red Hat
A whirlwind tour of some of the most useful, interesting, and under-sold features the Kubernetes command-line has to offer.

Speakers
avatar for Jordan Liggitt

Jordan Liggitt

Principal Software Engineer, Red Hat
Jordan Liggitt is a principal software engineer at Red Hat, and helps lead Kubernetes authentication and authorization efforts.



Tuesday December 5, 2017 6:10pm - 6:15pm
Ballroom A, Level 1

6:20pm

Lightning Talk: Telepresence: Local Development & Debugging of Remote Kubernetes Services - Abhay Saxena, Datawire
Developers who use Kubernetes for multi-container applications face a conundrum: develop locally or on a remote Kubernetes cluster. Local development adds complexity to your development environment, since you have to run (and maintain!) your entire multi-container app locally. On the other hand, a remote Kubernetes cluster doesn’t lend itself to live coding and debugging.

In this talk, we will talk about Telepresence (https://www.telepresence.io), an open source tool for Kubernetes that lets you develop and debug a service locally, while setting up a bidirectional proxy to a remote Kubernetes cluster. With Telepresence, you can make a quick change to a service, save, and test it -- while that service has full access to Kubernetes environment variables, ConfigMap, secrets, and other services running in your Kubernetes cluster.

Speakers
avatar for Abhay Saxena

Abhay Saxena

Principal Software Engineer, Datawire
Abhay Saxena is a Principal Software Engineer at Datawire where he is working on building open source tools for developers that are adopting or using microservices. He is currently the lead engineer on Telepresence, an open source tool for local development of Kubernetes microservices... Read More →



Tuesday December 5, 2017 6:20pm - 6:25pm
Ballroom A, Level 1

6:30pm

Lightning Talk: Templating K8s: Easily Managing Applications via Common Configuration [B] - Don Steffy & Anubhav Aaeron, Oath
Like many other companies, Yahoo is working to containerize many legacy applications, managed with Kubernetes. In order to onboard several hundred applications and libraries, Kubernetes configuration files are created for each application and multiple CI/CD environments, which leads to thousands of similar YAML files across all applications.

In order to onboard all applications seamlessly, and also be able to centrally make incremental updates to the Kubernetes configuration files with no disruption to customers, some kind of standardization is required. We tested many existing options, looking for a tradeoff between simplicity and power, and decided on centrally-managed templates for the configuration files.

A very simple yaml interface with standard technical verbiage was provided for customers to onboard their applications. This paper describes the design, user experience, and outcomes of creating these templates, which allowed developers with no Kubernetes experience to onboard their application quickly, often in less than a day.

Speakers
AA

Anubhav Aaeron

Anubhav Aaeron: DevOps Engineer at Yahoo and Oath.
avatar for Don Steffy

Don Steffy

Software Engineer, Oath
Tools and DevOps Engineer at Extricity, Kodak Gallery, Yahoo, Oath.



Tuesday December 5, 2017 6:30pm - 6:35pm
Ballroom A, Level 1

6:30pm

EmpowHER Evening Event
Register here

Join other women attending KubeCon + CloudNativeCon North America for sparkling conversation and dazzling cocktails. Attendees will have an opportunity to get to know one another and network with other women in the tech industry from around the globe. Conversation during the evening event happy hour will include adoption, usability and life-hacks of distributed systems and containers, app development and current events in Kubernetes and other cloud native technologies, ways to increase inclusivity in our fast-growing ecosystem, and how to get involved with different Cloud Native projects. Space is limited and registration is required.

*Please note the start time is subject to change.

Tuesday December 5, 2017 6:30pm - 10:00pm
Moonshine Patio Bar & Grill 303 Red River Street, Austin, TX 78701

6:40pm

Lightning Talk: Testing Kubernetes Patches with kube-spawn, the a local, multi-node Kubernetes Cluster Tool [B] - Chris Kuhl, Kinvolk
kube-spawn is a tool for running local, multi-node Kubernetes clusters on Linux machines. It was originally created as a means to test Kubernetes patches locally in a multi-node environment. Unlike other tools of its kind, it does not use VMs nor Docker app containers. Instead, it utilizes OS containers run with systemd-nspawn. As such, one can run a local, many-node cluster on modest hardware, with each node running a full OS, by default CoreOS's Container Linux.

Speakers
avatar for Chris Kühl

Chris Kühl

CEO, Kinvolk
After getting hooked on open source software as a hobby through the GNOME project, Chris turned his passion into a career and has since co-founded Kinvolk in Berlin, which focuses exclusively on foundational Linux technologies such as the Linux kernel, systemd, rkt, Kubernetes, etc... Read More →


Tuesday December 5, 2017 6:40pm - 6:45pm
Ballroom A, Level 1

6:50pm

Lightning Talk: Moving Fast with Microservices: Building and Deploying Containerized Applications in a Cloud-Native World - Micha Hernandez van Leuffen, Wercker
As software becomes more and more complex, we, as software developers, have been splitting up our code into smaller and smaller components. This is also true for the environment in which we run our code: going from bare metal, to VMs to the modern-day Cloud Native world of containers, schedulers and microservices.While we have figured out how to run containerized applications in the cloud using schedulers, we've yet to come up with a good solution to bridge the gap between getting your containers from your laptop to the cloud.

How do we build software for containers? How do we ship containers? How do we do all of it without shooting ourselves in the foot? In this talk, we'll explore how current delivery systems are falling behind, and how we need to change the mental model, create new best-practices and treat containers as a first-class citizen.

Speakers
avatar for Micha "mies" Hernandez van Leuffen

Micha "mies" Hernandez van Leuffen

CEO, Wercker
Micha “mies” Hernandez van Leuffen is a hacker entrepreneur, and the founder and CEO of Wercker. He set up Wercker in order to make developers’ lives easier by building the next generation of developer automation for the Modern Cloud.


Tuesday December 5, 2017 6:50pm - 6:55pm
Ballroom A, Level 1

7:00pm

Lightning Talk: CRI Proxy: Solving the Chicken-and-Egg Problem of Running a CRI Implementation as a DaemonSet [I] - Piotr Skamruk, Mirantis
CRI allows for special-purpose CRI implementations such as Virtlet, which makes it possible to run VMs as if they were containers. Still, deployment of these CRI implementations may bring us back to pre-container days, because we run into problems with additional required software such as libvirt, the need to configure the operating system on the node in different ways, and so on. We can also have problems with upgrading the CRI implementation apps, because unlike other components, they require special treatment. It would be nice if we could use the deployment power of k8s to install these apps on some of the nodes.
Further complicating matters is the fact that if your CRI doesn't support Docker images, and is too different from Docker, you need to install Kubernetes components such as kube-proxy and a CNI plugin in a special way, meaning that you have to prepare special-purpose CRI nodes in a very special way.
Even if you just want to create a quick demo of your CRI that runs on Kubernetes clusters deployed using a popular tool such as kubeadm, you may need to tweak the node config just a bit to make this happen.

DaemonSet seems like it might be the right choice for a CRI implementation, but here we run into the chicken-and-egg problem, as a CRI implementation is required to be running on the node in order to run any pods there.
Enter CRI Proxy. CRI requests that deal with plain pods are handled by the primary CRI implementation (such as docker-shim), while requests that are marked in special way (using pod annotations and image name conventions) get directed to the special-purpose CRI implementation. This way, the deployment headache almost goes away - all you have to do is install CRI Proxy on the node, and the proxy has minimal dependencies. For demo installations, the proxy provides “bootstrap” mode, which automagically installs CRI Proxy on clusters installed with kubeadm, and possibly some other cluster setup tools, too.

(If we have time, I may also say a few words about hyper’s approach; they have something like CRI proxy built into their CRI implementation, which solves problem of running k8s components on the node, though it doesn’t help much with deployment problem.)

Speakers
avatar for Piotr Skamruk

Piotr Skamruk

Senior Kubernetes Engineer, Mirantis
Piotr Skamruk is long time GNU/Linux and Forth language enthusiast, system administrator, sys developer. Was working on kernel sources, backend applications and even on frontends in wide variety of languages. While working at Intel - one of the main creators of the kvm flavor for... Read More →



Tuesday December 5, 2017 7:00pm - 7:05pm
Ballroom A, Level 1

7:10pm

Lightning Talk: REST, RPC, and Brokered Messaging - Nathan Murthy, Tesla
Effective communication between distributed and heterogeneous components is essential for modern service-oriented architectures to work well. REST, RPC, and brokered messaging are the most popular communication styles for achieving this, but when is it appropriate for choosing one style over the other? A well-defined microservice architecture should be accompanied by a well-defined communications semantics. This talk draws on my personal experience defining these semantics for systems I’ve built at Tesla.

Speakers
avatar for Nathan Murthy

Nathan Murthy

Staff Software Engineer, Tesla
Nathan currently works at Tesla developing services for managing distributed energy resources at scale. He is passionate about sustainable energy and has written software for startups, big companies, commercial R&D teams, and academia.



Tuesday December 5, 2017 7:10pm - 7:15pm
Ballroom A, Level 1

7:20pm

Lightning Talk: Minikube Developer Workflow and Advanced Tips [B] - Matt Rickard, Google
A brief overview of the tools available in minikube to simplify building and testing your applications on a local Kubernetes cluster.

- Bootstrapping minikube with kubeadm,
- Running minikube in TravisCI
- Minikube addons (ingress controller, registry credentials helper)
- Preloading and caching images in minikube, and other tips to help you develop your applications on top of Kubernetes even faster.

Speakers
avatar for Matt Rickard

Matt Rickard

Software Engineer, Google
Matt Rickard is a Software Engineer at Google. He works on Kubernetes developer experience and container tooling products at Google, with a focus on local development and CI/CD tooling. He is a maintainer of many open source repositories, including kubernetes/minikube, GoogleCloudPlatform/container-diff... Read More →



Tuesday December 5, 2017 7:20pm - 7:25pm
Ballroom A, Level 1

7:30pm

BoF: Identity & Microservices - Hosted by Sunil James, Scytale
This BoF will focus on bringing together individuals who are passionate about presenting use cases that benefit from injecting identity into microservices (a la SPIFFE). This knowledge sharing will not only help build common ground, but the F2F conversations will help to build direct relationships.

Speakers
avatar for Sunil James

Sunil James

Scytale, Inc.
Come speak with me if you're interested in using technologies like SPIFFE (https://github.com/spiffe/) to securely and easily build identity-driven, cloud-native, distributed software systems. Even if you're not, still come speak with me!


Tuesday December 5, 2017 7:30pm - 9:00pm
Meeting Room 7, Level 3
 
Wednesday, December 6
 

7:00am

Registration
Wednesday December 6, 2017 7:00am - 6:00pm
Palazzo, Level 1

7:45am

The NewStack Pancake Breakfast & Podcast: What is service mesh technology, why are we hearing about it and why should we care?
Service mesh technologies have arrived and will be all the talk at KubeCon. But what is service mesh technology and why are we hearing so much about it? At the KubeCon+CloudNativeCon pancake breakfast, William Morgan, one of the pioneers of service mesh technology, will be joined by his peers for a lively discussion about these important new technologies and what software engineers should know about them as they adopt Kubernetes and microservices.

Pancake breakfast provided.

Speakers
avatar for William Morgan

William Morgan

CEO, Buoyant
William Morgan is the cofounder and CEO of Buoyant, creators of Linkerd. Prior to Buoyant, he was an infrastructure engineer at Twitter, where he helped move Twitter from monolith to microservices. He was a software engineer at Powerset, Microsoft, and Adap.tv, and a research scientist... Read More →
avatar for Kris Nova

Kris Nova

Senior Developer Advocate, Heptio
Kris Nova is a senior developer advocate at Heptio focusing on containers, infrastructure, and Kubernetes. Kris is also an ambassador for the Cloud Native Computing Foundation. Previously, she was a developer advocate and an engineer on Kubernetes in Azure at Microsoft. Kris has a... Read More →
avatar for Borys Pierov

Borys Pierov

DevOps Tech Lead, NCBI
Borys is a DevOps Tech Lead at "National Center for Biotechnology Information" (NCBI), the world's go-to resource for biomedical and genomic info. There he works on migra­­ting large and diver­­se legac­­y portf­­olio to a hybrid multi-cloud native infrastructure. On a daily... Read More →


Wednesday December 6, 2017 7:45am - 8:45am
Meeting Room 3, Level 1

7:45am

Breakfast
Wednesday December 6, 2017 7:45am - 9:00am
Palazzo, Level 1

9:00am

Keynote: A Community of Builders: CloudNativeCon Opening Keynote - Dan Kohn, Executive Director, Cloud Native Computing Foundation
Speakers
avatar for Dan Kohn

Dan Kohn

Executive Director, Cloud Native Computing Foundation
Dan Kohn is Executive Director of the Cloud Native Computing Foundation, which sustains and integrates open source technologies like Kubernetes and Prometheus. He also helped create and launch The Linux Foundation’s Core Infrastructure Initiative as an industry-wide response to... Read More →



Wednesday December 6, 2017 9:00am - 9:20am
Exhibit Hall 3, Level 1

9:00am

Live Stream of Keynotes - Overflow Room
Wednesday December 6, 2017 9:00am - 10:40am
Ballroom A, Level 1

9:20am

Keynote: CNCF Project Updates - Michelle Noorali, Senior Software Engineer, Microsoft Azure
Project representatives will share their updates:
  • Linkerd update, presented by Oliver Gould
  • Fluentd update, presented by Eduardo Silva
  • Prometheus update, presented by Tom Wilkie

Moderators
avatar for Michelle Noorali

Michelle Noorali

Senior Software Engineer 高级软件工程师, Microsoft
Michelle Noorali is a Sr. Software Engineer at Microsoft. She is a core maintainer on open source projects in the Kubernetes ecosystem including Helm and Draft. She has been involved in the Kubernetes community since 2015 and serves on the Kubernetes Steering Committee. She is passionate... Read More →

Speakers
avatar for Oliver Gould

Oliver Gould

CTO, Buoyant
Oliver is the CTO of Buoyant, where he leads open source development efforts. Prior to joining Buoyant, he was a staff infrastructure engineer at Twitter, where he was the tech lead of Observability, Traffic, and Configuration & Coordination teams. He is the creator of linkerd and... Read More →
avatar for Eduardo Silva

Eduardo Silva

Principal Engineer, ARM Treasure Data
Eduardo is a Principal Engineer at "ARM / Treasure Data". He currently leads the efforts to make logging more scalable in Containerized and Orchestrated systems such as Kubernetes. Maintainer of Fluent Bit.
avatar for Tom Wilkie

Tom Wilkie

VP Product, Grafana Labs
Tom is VP Product at Grafana Labs, but really he is a software engineer. Previous Tom founded Kausal, a company working on Prometheus, and worked at companies such as Weaveworks, Google, Acunu and XenSource. In his spare time, Tom likes to make craft beer and build 3D printers


Wednesday December 6, 2017 9:20am - 9:50am
Exhibit Hall 3, Level 1

9:50am

Keynote: Accelerating the Digital Transformation - Imad Sousou, VP, Software Services Group & GM, OpenSource Technology Center, Intel Corporation

What happens when you need to get software to run reliably when moving from one computing environment to another? Imad Sousou, Vice President of the Software and Services Group and General Manager of the Open Source Technology Center for Intel Corporation, will highlight how we can use open source software to support our rapidly changing world.


Speakers
avatar for Imad Sousou

Imad Sousou

CVP, SSG | GM, Open Source Technology Center, Intel Corporation
Imad Sousou is corporate vice president and general manager of the Open Source Technology Center at Intel Corporation. Sousou is responsible for leading Intel's efforts in open source software across technologies and market segments. These include: Linux-based operating systems such... Read More →


Wednesday December 6, 2017 9:50am - 9:55am
Exhibit Hall 3, Level 1

9:55am

Keynote: Cloud Native CD: Spinnaker and the Culture Behind the Tech - Dianne Marsh, Director of Engineering, Netflix

Created at Netflix, Spinnaker is an open source, multi-cloud continuous delivery and infrastructure management platform for releasing software changes with high velocity and confidence. Spinnaker’s open source community includes Netflix, Google, Microsoft, Oracle, Target, Kenzan, Schibsted, and many others.

In this keynote, you’ll learn how various aspects of Netflix culture, and open source have shaped Spinnaker and how Spinnaker, in turn, has influenced the engineering culture at Netflix. We’ll discuss how lessons learned from an earlier open source product, Asgard, influenced us and drove a Cloud Native first approach.


Speakers
avatar for Dianne Marsh

Dianne Marsh

Director of Engineering, Netflix
Engineering Tools, Developer Productivity, Continuous Delivery, Women in Tech


Wednesday December 6, 2017 9:55am - 10:15am
Exhibit Hall 3, Level 1

10:15am

Keynote: Cloud Native at AWS - Adrian Cockcroft, Vice President Cloud Architecture Strategy, Amazon Web Services
Speakers
avatar for Adrian

Adrian

VP Cloud Architecture Strategy, AWS
Adrian Cockcroft has had a long career working at the leading edge of technology, and is fascinated by what happens next. In his role at AWS, Cockcroft is focused on the needs of cloud native and “all-in” customers, and leads the AWS open source community development program... Read More →


Wednesday December 6, 2017 10:15am - 10:35am
Exhibit Hall 3, Level 1

10:30am

Sponsor Showcase
Wednesday December 6, 2017 10:30am - 8:30pm
Exhibit Halls 1 & 2

10:40am

Morning Break
Wednesday December 6, 2017 10:40am - 11:10am
Palazzo, Level 1

11:10am

Panel: Kubernetes, Cloud Native and the Public Cloud [B] - Moderated by Dan Kohn, Cloud Native Computing Foundation
The six largest public cloud providers -- AWS, Microsoft, Google Cloud, IBM Cloud, Alibaba Cloud and Oracle -- are all now major backers of CNCF and Kubernetes. This is a chance to hear their perspective on investments they are making into Kubernetes and other CNCF technologies. How are they using these technologies internally? What changes are they making in their offerings to better suit cloud native enterprises? What is their perspective on the future of container runtimes? How do they deal with customers that need a hybrid cloud solution? Is the infrastructure layer becoming commoditized? What is their ability to differentiate in value added services at the higher layers? What projects should CNCF bring in to help fill out its stack?

Moderators
avatar for Dan Kohn

Dan Kohn

Executive Director, Cloud Native Computing Foundation
Dan Kohn is Executive Director of the Cloud Native Computing Foundation, which sustains and integrates open source technologies like Kubernetes and Prometheus. He also helped create and launch The Linux Foundation’s Core Infrastructure Initiative as an industry-wide response to... Read More →

Speakers
avatar for Jon

Jon

VP of Engineering, Oracle, Inc.
Jon runs engineering for the Container Native Platform team at Oracle (which includes all of Oracle’s Kubernetes offerings). Jon is considered one of the founding fathers of the World Wide Web with more than 20 years of open source and engineering management experience.  He wrote... Read More →
avatar for Gabe Monroy

Gabe Monroy

Microsoft
avatar for Todd Moore

Todd Moore

VP, Open Technology, IBM
Todd leads the IBM global team working to develop open communities that fuel both innovation and new business models. Todd can be found engaged with communities and technologies that span Cloud Computing, Mobile, Social Business, and Analytics. He has the pulse of where open innovation... Read More →
avatar for Aparna Sinha

Aparna Sinha

Group Product Manager for Kubernetes, Google
Aparna Sinha leads the product team for Kubernetes at Google. Her work is focused on transforming the way we work through technology innovation. Before Kubernetes, Aparna worked on the Android platform at Google. Prior to that she was Director of Product at NetApp where she led storage... Read More →
avatar for Hong Tang

Hong Tang

Chief Architect, Alibaba Cloud
Dr. Hong serves as Chief Architect at Alibaba Cloud, the cloud computing arm of Alibaba Group. He joined Alibaba Cloud in 2010 and has been instrumental in the development of Apsara, Alibaba Cloud’s large-scale computational engine.  | | Prior to Alibaba Cloud, he was a Director... Read More →


Wednesday December 6, 2017 11:10am - 11:45am
Ballroom A, Level 1

11:10am

Container Runtime and Image Format Standards - What it Means to be “OCI-Certified” [I] - Jeff Borek, IBM & Stephen Walli, Microsoft
With the proliferation and rapid growth of container-based solutions over the past few years— including container-based solutions from almost all major IT vendors, cloud providers, and emerging start-ups—the industry needed a standard on which to support container image formats and runtimes while also ensuring interoperability and neutrality. The Open Container Initiative (OCI) was launched with the goal of developing common, minimal, open standards and specifications around container technology without the fear of lock-in. OCI has recently issued v1.0 of its container image format and runtime specifications, which enable a consistent and stable platform for running containerized applications.

The next phase in ensuring broad adoption of common container image format and runtime specifications is the OCI Certification program, which will be launching soon. This session will provide an overview and goals of the program, factors to consider if becoming OCI-certified makes sense for your container project, how to get your container project OCI-certified, and how you might be able to gain interoperability benefits from OCI-certified solutions. This session will also include a demo of the OCI Image validator being run against container images from container image registries from multiple vendors.

Speakers
avatar for Jeff Borek

Jeff Borek

WW Program Director of Open Technology, IBM
Jeffrey Borek is a WW Program Director of Open Technology in the IBM Digital Business Group responsible for IBM Open Source Program Office, WW Standards, and open technologies. He has 20+ years of experience in the software industry including assignments in business and technical... Read More →
SW

Stephen Walli

Principal Program Mgr., Microsoft
I'm a principal program manager at Microsoft in the Azure engineering team. I've worked with Docker, been a Distinguished Technologist at Hewlett-Packard, technical director at the Outercurve Foundation, founded a start-up, and been a writer and consultant. I've been around open source... Read More →



Wednesday December 6, 2017 11:10am - 11:45am
Ballroom B, Level 1

11:10am

Using Containers for Continuous Integration and Continuous Delivery [I] - Carlos Sanchez, CloudBees
Building and testing is a great use case for containers, both due to the dynamic and isolation aspects, but it increases complexity when scaling to multiple nodes and clusters.

Jenkins is an example of an application that can take advantage of Kubernetes technology to run Continuous Integration and Continuous Delivery workloads. Jenkins and Kubernetes can be integrated to transparently use on demand containers to run build agents and jobs, and isolate job execution. It also supports CI/CD-as-code using Jenkins Pipelines and automated deployments to Kubernetes clusters. The presentation will allow a better understanding of how to use Jenkins on Kubernetes for container based, totally dynamic, large scale CI and CD.

Speakers
avatar for Carlos Sanchez

Carlos Sanchez

Principal Software Engineer, CloudBees
Carlos Sanchez specializes in software automation, from build tools to Continuous Delivery. He has spoken at several conferences around the world, including ApacheCON, KubeCon, JavaOne, Fosdem,... Involved in Open Source for more than ten years, he is the author of the Jenkins Kubernetes... Read More →



Wednesday December 6, 2017 11:10am - 11:45am
Meeting Room 9AB, Level 3

11:10am

The Makers of Marvels: How Developers Are Rebuilding the Enterprise, One Brick at a Time [B] - Abby Kearns, Cloud Foundry Foundation
History teaches us that astonishing feats occur not when a singular leader envisions them, but when a mass of skilled workers collaborates to transform that vision into something material. The Pyramids of Giza, for example, were not built overnight by a Pharaoh, but constructed by tens of thousands of workers over a period of years. Today’s “pyramid” is quite a bit smaller, but a wonder of the world in its own right: The iPhone has transformed the world as we know it -- but most of its power comes from the app store, which offers thousands of apps created from the imaginations of thousands of developers. These developers are the makers of marvels in our time. They instantiate the very concept of digital transformation -- that notion of infrastructure disruption and re-assembly on the mind of every CIO. Business development is driven by software development, and software development is shaped by developers in the open source community.

In her talk, Abby Kearns empowers developers to think of themselves as the doers and makers who hold the key to unlocking digital transformation. She will cover the importance of diversity among developers for the technology industry to evolve and to reflect its user base, and will highlight the key open source concepts and technologies powering this trans-industrial transformation.

Speakers
avatar for Abby Kearns

Abby Kearns

Executive Director, Cloud Foundry Foundation


Wednesday December 6, 2017 11:10am - 11:45am
Meeting Room 10AB, Level 3

11:10am

Unified Monitoring of Containers and Microservices [I] - Nishant Sahay, Wipro Limited
Microservices are become critical for enterprise strategy towards simplifying their IT landscape. For a successful journey of microservice adoption, Container management, DevOps and Monitoring play an important role. Managing microservices in large-scale deployments are fraught with many unique challenges for enterprise IT.

Following are some of the key metrics of microservice monitoring which will enable the enterprises to manage their container platforms better:

1. Collecting logs, metrics from containers
2. Monitoring application running inside the container
3. Distributed tracing and the time taken by each service call.
4. Storage, analysis of collected metrics, logs
5. Performing RCA and anomaly detection on the collected logs and metrics

This session would explain how to harness the power of Zipkin with the intelligence of Spark ecosystem and the flexibility of ELK+ Beats to create a unified monitoring solution. Key features of this solution are – utilization of distributed tracing, infrastructure metrics to manage containers. All this is done through visualization, correlation and predictive monitoring

Speakers
avatar for Nishant Sahay

Nishant Sahay

Senior Architect, Wipro Limited
Nishant Sahay is a senior architect in the Open Source COE lab at Wipro, where he is responsible for research and solution development in the area of machine learning and deep learning. Nishant has extensive experience in data analysis, design, and visualization. He has written articles... Read More →



Wednesday December 6, 2017 11:10am - 11:45am
Ballroom C, Level 1

11:10am

Establishing Container Trust at Scale [I] - Tim Mackey, Black Duck Software
Quantifying risks in a container image is a critical aspect of production deployments. With orchestration clusters supporting thousands of nodes, any risk assessment solution must work at production scale. Once a trusted image is deemed vulnerable, application risk increases, but which applications are impacted, and how far has trust been broken? Trust is established through best practices including the use of trusted image registries, static code analysis, fuzzing, strong perimeter defenses and deployment controls. Unfortunately, this trust model omits information flow.
Malicious actors succeed when applications are most vulnerable. When devising action plans in response to security disclosures, defenders must quickly assess both the impact and scope of the disclosure. This time to remediation requires accurate and actionable vulnerability assessments as applications are created, deployed and scaled. Enhancing security information flow accelerates risk mitigation at production scale.

Speakers
avatar for Tim Mackey

Tim Mackey

Senior Technical Evangelist, Black Duck by Synopsys
Tim Mackey is a technology evangelist for Black Duck Software specializing in the secure deployment of applications using virtualization, cloud and container technologies. Prior to joining Black Duck, Tim was most recently the community manager for XenServer and was part of the Citrix... Read More →



Wednesday December 6, 2017 11:10am - 11:45am
Meeting Room 6AB, Level 3

11:10am

Panel: Ask Me Anything: Microservices and Service Mesh [B] - Moderated by Jason McGee, IBM
Have you heard the buzz around microservices and containers lately? With containers becoming the new standard to building microservice based applications for production, users are leveraging the service mesh to solve common issues with routing, re-routing for graceful degradation as services fail, secure inter-service communication and rate limiting between services. Join us for a live interactive session where our panel of experts from IBM, Google, Envoy, Linkerd and RedHat will address your most challenging inquiries around microservice and service mesh!

Moderators
avatar for Jason McGee

Jason McGee

IBM Fellow, VP and CTO, IBM Cloud Platform, IBM
Jason McGee, IBM Fellow, is VP and CTO, IBM Cloud Platform. Jason is currently responsible for the IBM Cloud’s foundation services, including Kubernetes Containers, Functions, MessageHub, Logging, Monitoring, Container Registry, Terraform and Activity Tracker. Jason is also responsible... Read More →

Speakers
avatar for Matt Klein

Matt Klein

Software Engineer, Lyft
avatar for Sven Mawson

Sven Mawson

Senior Staff Software Engineer, Google
Sven is a Senior Staff Software Engineer at Google, and one of the founders of the open source Istio project. He joined Google in 2006, and has spent the past 10 years working on several generations of Google's API Management platform, starting with the AtomPub-based Google Data APIs... Read More →
avatar for William Morgan

William Morgan

CEO, Buoyant
William Morgan is the cofounder and CEO of Buoyant, creators of Linkerd. Prior to Buoyant, he was an infrastructure engineer at Twitter, where he helped move Twitter from monolith to microservices. He was a software engineer at Powerset, Microsoft, and Adap.tv, and a research scientist... Read More →
avatar for Christian Posta

Christian Posta

Chief Architect, Cloud Application Development, Red Hat
Christian Posta is a Chief Architect of cloud applications at Red Hat and well known in the community for being an author (Microservices for Java Developers, O’Reilly 2016), frequent blogger, speaker, open-source enthusiast and committer on various open-source projects. Christian... Read More →
avatar for Lin Sun

Lin Sun

Senior Technical Staff Member, IBM
Lin is an Istio contributor and maintainer, a member of the Istio steering committee and technical oversight committee. She is passionate about new technologies and love to play with them. She is a master inventor, currently, holds 100+ patents filed or pending with USPTO along with... Read More →


Wednesday December 6, 2017 11:10am - 11:45am
Meeting Room 9C, Level 3

11:10am

Prometheus Salon - hosted by Frederic Branczyk, CoreOS, Bob Cotton, FreshTracks.io, Goutham Veeramanchaneni, & Tom Wilkie, Kausal

The Prometheus Salon will feature talks from Prometheus developers, including an introduction to Prometheus for beginners, a closer look at how you can use Prometheus to monitor your Kubernetes cluster, and a discussion of the new features in Prometheus 2.0. 

The session will include hands-on access to a live Prometheus and Kubernetes cluster, allowing you to experiment with PromQL queries to gain deeper insights into your Kubernetes clusters.


Speakers
avatar for Frederic Branczyk

Frederic Branczyk

Software Engineer, CoreOS
Frederic is an engineer at CoreOS contributing to Prometheus and Kubernetes to build state of the art modern infrastructure and monitoring tools. He discovered his interest in monitoring tools and distributed systems in his previous jobs, where he used machine learning to detect anomalies... Read More →
avatar for Bob Cotton

Bob Cotton

Cofounder, FreshTracks.io
Bob Cotton is a co-founder of FreshTracks.io, a Kubernetes and Prometheus focused monitoring startup. Mr. Cotton bleeds observability based on 22 years designing, architecting, building and running distributed SaaS solutions. Infrastructure and application metrics, full-stack distributed... Read More →
avatar for Goutham Veeramanchaneni

Goutham Veeramanchaneni

Student, IIT Hyderabad
Goutham is a student and a developer from India. His enthusiasm for Ops got him an internship on the infra team of a large company where he worked on Production infrastructure and built the company's monitoring system on top of Prometheus. That was his first encounter with production... Read More →
avatar for Tom Wilkie

Tom Wilkie

VP Product, Grafana Labs
Tom is VP Product at Grafana Labs, but really he is a software engineer. Previous Tom founded Kausal, a company working on Prometheus, and worked at companies such as Weaveworks, Google, Acunu and XenSource. In his spare time, Tom likes to make craft beer and build 3D printers



Wednesday December 6, 2017 11:10am - 12:30pm
Meeting Room 10C, Level 3

11:10am

When the Going Gets Tough, Get TUF Going! [I] - David Lawrence & Ashwini Oruganti, Docker
Software distribution and packaging systems are rapidly becoming the weak link in the software lifecycle. In this talk we will look at the security landscape of existing software update systems and signing strategies. We will then introduce The Update Framework (TUF), a new signing framework that looks to address many of the challenges found in existing systems and more.

TUF provides protections against data tampering, rollbacks, key compromise, and other more esoteric attacks. We will investigate how it achieves these protections and show you how to start using it today.

While TUF is a general signing framework, we will also address use cases specific to the Cloud Native Ecosystem. These include how to use TUF signing to de-privilege cluster managers and attach metadata to images and containers in a decentralized manner which can be leveraged for policy management.

Speakers
DL

David Lawrence

Senior Security Engineer, Docker
Lay security developer that has learned a lot of mistakes the hard way. David started off building authentication systems, moved on to encrypted cloud storage for a few years, and is now working on the Security Team at Docker, presently focused on securing software distribution
AO

Ashwini Oruganti

Ashwini is a Security Engineer at Docker and an open source developer. She is the author of pyca/tls, a pure-python TLS 1.2 implementation with opinionated and secure APIs. In the past, she has worked on Twisted - an asynchronous event-driven networking framework, and Hippy - a PHP... Read More →


Wednesday December 6, 2017 11:10am - 11:45pm
Meeting Room 5ABC, Level 3

11:55am

DevOps Friendly Doc Publishing for APIs & Microservices - Amanda Whaley, Cisco DevNet
Microservices create an explosion of internal and external APIs. These APIs need great docs. Many organizations end up with a jungle of wiki pages, swagger docs and API consoles. Keeping docs updated and in sync with code can be a challenge. We’ve been working on a project to help solve this problem for engineering teams internally across Cisco. The goal is to create a forward looking developer and API doc publishing pipeline that:

- Has a developer friendly editing flow
- Accepts many API spec formats (Swagger, RAML, etc)
- Supports long form documentation in markdown
- Is CI/CD pipeline friendly so that code and docs stay in sync
- Is flexible enough to be used by a wide scope of teams and technologies

This session will share many lessons learned about tooling and attendees will learn how to solve documentation challenges for internal and external facing APIs. We have found that solving this doc publishing flow is a key component of a building modern infrastructure.

Speakers


Wednesday December 6, 2017 11:55am - 12:30pm
Meeting Room 8ABC, Level 3

11:55am

SIG Scalability Update - hosted by Bob Wise, Samsung
Speakers
BW

Bob Wise

Chief Cloud Technologist, Samsung SDS
Bob is the Chief Cloud Technologist for Samsung SDS Research America, and opened the Seattle office for Samsung SDS as home base for the SDS Cloud Native Computing Team. Previously he was the CIO at MTN Satellite Communications, where he was responsible for product strategy and development... Read More →


Wednesday December 6, 2017 11:55am - 12:30pm
Meeting Room 4A, Level 3

11:55am

SIG Testing Update - hosted by Aaron Crickenberger, Samsung SDS
Speakers
avatar for Aaron Crickenberger

Aaron Crickenberger

Senior Test Engineer 高级测试工程师, Google
Aaron has been involved in open source since 2007, cloud since 2009, and Kubernetes since 2015. He was elected to the Kubernetes Steering Committee in 2017.He co-founded the Kubernetes Testing SIG, and actively contributes in the Architecture, Contributor Experience, Release, and... Read More →


Wednesday December 6, 2017 11:55am - 12:30pm
Meeting Room 4C, Level 3

11:55am

Embedding the Containerd Runtime for Fun and Profit [I] - Phil Estes, IBM
The containerd project, one of the youngest in CNCF, is purpose-built to be an embeddable container runtime expected for use within higher layer container systems like the Docker engine and the Kubernetes orchestrator. Of course, the intent is that it will be used and embedded within a variety of software systems and has been designed for easy consumption via a gRPC API and client library.

In this talk we'll walk through a straightforward example of building up a container "client" written in Go, using today's containerd client library and API. Similar to how the Kubernetes CRI uses the containerd endpoints or how the Docker engine's libcontainerd operates, our small client will have access to all the same capabilities of container lifecycle management and registry interactions provided by containerd.

To finish our tour of building a fully functioning containerd client, we will pair our new sample application with LinuxKit and the Moby tool project. Using these tools, we'll build a simple virtual machine that embeds containerd and our sample client to test interesting aspects of containerd's capabilities in our own customized Linux OS image.

Speakers
avatar for Phil Estes

Phil Estes

Distinguished Engineer & CTO, Container Architecture Strategy, IBM Cloud
Phil is a Distinguished Engineer and CTO, leading Linux OS and Container Architecture Strategy for the IBM Watson & Cloud Platform organization. Phil is a core contributor and maintainer on the Docker engine project where he has contributed key features like user namespace support... Read More →


Wednesday December 6, 2017 11:55am - 12:30pm
Ballroom B, Level 1

11:55am

Deploying to Kubernetes Thousands of Times Per/Day - Dan Garfield, Codefresh & William Denniss, Google
Connecting all the pieces to make zero downtime continuous delivery happen at scale. We'll show real teams bring all the components come together to make high-velocity deployment to Kubernetes scale. Get a hands on view of the critical steps that go into making container management a scalable process that not only allows teams to delivery faster but with more confidence in the final result.

Speakers
avatar for William Denniss

William Denniss

Product Manager, Google
William is a Product Manager at Google on Google Kubernetes Engine. He chairs the Kubernetes Conformance working group, and has a passion for interoperability and developer experience. Previously he worked in the OAuth community, authoring RFC 8252 and creating AppAuth, the leading... Read More →
avatar for Dan Garfield

Dan Garfield

VP of Marketing, Codefresh
Dan Garfield is a Full-stack Engineer and VP of Marketing at Codefresh, a complete DevOps platform built for Kubernetes and Helm. He is a Kubernaut, *nix native, and all around technology enthusiast.



Wednesday December 6, 2017 11:55am - 12:30pm
Meeting Room 9AB, Level 3

11:55am

Next Generation Services at Indeed Using gRPC [I] - Jaye Pitzeruse, Indeed.com
At Indeed, we use an internal framework for interprocess communication called Boxcar. Boxcar was developed in 2010 and provides built-in advantages when used with Indeed’s infrastructure. This framework was originally built as a proof of concept and only targeted Java as a supported language. Due to this limitation, it has not scaled with Indeed’s growth and adoption of more and more languages. Recently, Indeed has started to experiment with gRPC as a replacement for the framework. In this talk, we’ll describe our existing service infrastructure and the changes we made in order to support gRPC. We’ll also discuss the strategy we used to migrate existing Boxcar services over to using gRPC. Finally, we’ll compare benchmarks between Boxcar and the new gRPC-based system. Other technologies mentioned in the talk: linkerd for load balancing, opentracing.

Speakers
avatar for Mya Pitzeruse

Mya Pitzeruse

Senior Software Engineer, Indeed.com
Senior Software Engineer working out of Indeed's Austin tech office for the last 4 years. Today, I own the distributed services framework that drives many of the systems at Indeed. I also work with our Services Infrastructure Group to expand our service capabilities. Such capabilities... Read More →



Wednesday December 6, 2017 11:55am - 12:30pm
Meeting Room 10AB, Level 3

11:55am

Istio: Weaving the Service Mesh [I] - Shriram Rajagopalan, IBM & Louis Ryan, Google
With the rapid adoption of microservices new tools are needed to load-balance, route, secure and monitor the traffic that flows between them. Istio provides a common networking, security, policy and telemetry substrate for services that we call a ‘Service-Mesh’. Come learn how the service-mesh helps with the transition to microservices, to empower operations teams, to adopt security best-practices and much more. We’ll also cover the state of the project, where it’s headed and how you can get involved.

Speakers
avatar for Shriram Rajagopalan

Shriram Rajagopalan

Staff Engineer, VMware
Shriram Rajagopalan is a staff engineer at VMware's NSX division working on advanced networking solutions. He is one of the founding engineers behind the Istio service mesh project and currently maintains the networking subsystem within Istio. Prior to working on Istio/Envoy, he worked... Read More →
avatar for Louis Ryan

Louis Ryan

Principal Software Engineer, Google
Louis Ryan is a Principal Engineer at Google working on APIs and microservices. Prior to working on Istio he co-authored the GRPC spec and ran the infrastructure that supports Google's consumer-facing APIs.


Wednesday December 6, 2017 11:55am - 12:30pm
Ballroom A, Level 1

11:55am

Full Stack Visibility with Elastic: Logs, Metrics and Traces - Carlos Pérez-Aradros, Elastic
"With microservices every outage is like a murder mystery" is a common complaint. But it doesn't have to be! This talk gives an overview on how to monitor distributed applications. We dive into:

System metrics: Keep track of network traffic and system load.
Application logs: Collect structured logs in a central location.
Audit info: Watch for user and processes activity in the system.
Uptime monitoring: Ping services and actively monitor their availability and response time.
Application metrics: Get metrics and health information from for application via REST or JMX.
Request tracing: Gather timing data by using tools like Zipkin to retrieve and show call traces.

Speakers
avatar for Carlos Pérez-Aradros

Carlos Pérez-Aradros

Software Engineer, Elastic
Carlos is a Software Engineer working for Elastic, he is a core developer of the Beats project. With love for distributed systems, he has experience in many container technologies and focuses on bringing the right tools to monitor them. When he is not coding you may find him playing... Read More →



Wednesday December 6, 2017 11:55am - 12:30pm
Ballroom C, Level 1

11:55am

How We Built a Framework at Twitter to Solve Service Ownership & Improve Infrastructure Utilization at Scale [I] - Vinu Charanya, Twitter
Twitter is powered by thousands of microservices that run on our internal Cloud platform which consists of a suite of multi-tenant platform services that offer Compute, Storage, Messaging, Monitoring, etc as a service. These platforms have thousands of tenants and run atop hundreds of thousands of servers, across on-prem & the public cloud. The scale & diversity in multi-tenant infrastructure services makes it extremely difficult to effectively forecast capacity, compute resource utilization & cost and drive efficiency.

In this talk, I would like to share how my team is building a system (Kite - A unified service manager) to help define, model, provision, meter & charge infrastructure resources. The infrastructure resources include primitive bare metal servers / VMs on the public cloud and abstract resources offered by multi-tenant services such as our Compute platform (powered by Apache Aurora/Mesos), Storage (Manhattan for key/val, Cache, RDBMS), Observability. Along with how we solved this problem, I also intend to share a few case-studies on how we were able to use this data to better plan capacity & drive a cultural change in engineering that helped improve overall resource utilization & drive significant savings in infrastructure spend.

Speakers
VC

Vinu Charanya

Senior Software Engineer, Twitter
Vinu Charanya is a Senior Software Engineer at Twitter where she works in the Compute Platform building Twitter’s internal cloud infrastructure management platform. She is also a core team member of Women who code, a non-profit organization dedicated to inspiring women to excel... Read More →


Wednesday December 6, 2017 11:55am - 12:30pm
Meeting Room 6AB, Level 3

11:55am

The Power of Application Intent Analysis for Container Security [I] - John Morello, Twistlock
As containers gain mainstream momentum and cloud-native applications surge, practices such as DevOps culture, continuous delivery, cloud development and containerization require a reinvention of security. The threats targeting organizations only continue to increase in severity and frequency, and even simple attacks can cause considerable damage. Cloud-native development is a vital evolution for security in the enterprise, as it equips organizations with the same tools and processes that modern fast-moving organizations rely on.

Cloud-native needs to be considered a new culture, not just a technological shift, when it comes to IT. This is because cloud-native changes the processes of DevOps, which requires automated security processes and application awareness. With cloud-native culture, security needs to be truly application aware and based upon developer intent. Using application intent analysis, developers have a new way of looking at applications, specifically containerized apps. They can produce produce a more predictable and secure container environment that can be effectively enforced.

The unique nature of container technology allows the developer intent-based security model to capitalize on the following pillars:

1. Containers are declarative. When a developer writes the code, he/she does not just write the code, he/she writes a manifest that describes how this code should work and how it should interact with its environment. While the developer does not provide you with a real security manifest, you can translate the extra information that you have and try to create a security profile. With containers, you have a Docker file, you might have a pod, and you might have an application group if you’re running on top of mesosphere. There is a lot of information in the system that you could use in order to understand what is supposed to happen.

2. Containers are predictable. When you look at containers, they contain less specific logic and more common building blocks because containers are typically made out of downloadable layers that someone else created.

3. Containers are immutable. In the past, it was hard to understand if something happening with the application was really an attack or not. But in the case of containers, whenever you patch a container or change its real intent, it should not happen in real time. What happens is the developer changes things and then he/she pushes in a new version. He patches the OS or adds new functionality and then pushes in a new container and scratches the old one. This gives you a lot of power from a security standpoint because, for the first time ever, if you see a polymorphic change in the behavior of the application (if it starts behaving differently) that means it’s either a configuration drift or a real attack.

By leveraging these three pillars -- declarative nature, predictability and immutability -- there’s a powerful opportunity to use whitelisting, for example, to approve known good processes. In combination with application intent analysis, enforcement measures help support the intent-based security model and preserve the original intent of the application.

Speakers
avatar for John Morello

John Morello

CTO, Twistlock
In his day to day role as CTO of Twistlock, John Morello blends his CISO pedigree with a prescient view of the future of enterprise cloud technologies. Instead of seeing containers and cloud infrastructure as inherently less secure, John viewed the unique technology of containers... Read More →



Wednesday December 6, 2017 11:55am - 12:30pm
Meeting Room 5ABC, Level 3

12:30pm

Lunch (Attendees on Own)
Check out these local deals for event attendees: 

  1.  Café Blue -  10% off your bill excluding alcohol (expires COB 12/9/17)
  2.  Michelada’s – Free Queso with purchase of entrée
  3.  Max’s Wine Dive – 15% off your bill excluding alcohol (Expires COB 12/8/17)

*Must have event badge to receive discounts*

Wednesday December 6, 2017 12:30pm - 2:00pm
Sponsor Showcase

1:00pm

OpenContrail User and Developer Group - Day 2
OpenContrail Community facilitates the development, evolution and adoption of OpenContrail project across various open source ecosystems, including public and private clouds, container ecosystem and other computational platforms. OpenContrail is the leading open source, scalable, production grade  network fabric that provides a robust overlay SDN and network security.


For the latest agenda, please refer to the OpenContrail Events page.

1:00- 5:00 Developer Track - Come and learn how to be an OpenContrail project contributor. Leading OpenContrail architects from Juniper Networks will walk you through the code base, teach you how to build, install and test OpenContrail and will answer your OpenContrail questions.  This will be an interactive session, so bring your laptop and get ready to play with code.

 

5:15 - 6:45 User Track

○      OpenContrail and Kubernetes Integration – James Kelly will lead an interactive session focused on integration of OpenContrail and Kubernetes. This session will introduce new OpenContrail users to key features of OpenContrail available in Kubernetes environment and will walk users through installation, configuration and operation of OpenContrail in Kubernetes clusters. Bring your laptop and an Amazon EC2 account and get ready to follow along.

○      Real World Deployments - Leading Community members will provide brief overview of their operational OpenContrail/Juniper Contrail environments.

 

For any questions, please contact gelkinbard@juniper.net


Wednesday December 6, 2017 1:00pm - 6:45pm
Hilton Austin - Meeting Room #410 500 East 4th Street Austin, TX USA 78701

2:00pm

Pinterest's Journey from VMs to Containers [I] - Michael Benedict, Pinterest
Pinterest helps you discover and do what you love. A visual discovery engine at heart, Pinterest guides you through a billion possibilities to quickly discover & get inspired to do something. With over 150MM MAUs across the globe contributing & combing through a billion pins, Pinterest's Infrastructure is built to cater to this scale with very unique requirements -- Today, I'll be talking about how a company operating on the public cloud on VMs since its inception decided to move to containers.

This talk will primarily focus on four things:
1. Pinterest Infrastructure Overview (Offline Compute / Online Serving)
Pinterest was born on AWS. As of today, we operate tens and thousands of instances and process tens and hundreds of PBs of data. Data is the cornerstone of our business where freshness & relevance is key. We will deep dive into our processing & serving stack.

2. VMs vs. Containers - The Pros and Cons
In this section, we will cover the challenges along four key pillars:
a. Developer Velocity - We will discuss the overall job lifecycle workflow i.e build, setup, deploy, operations when using VMs or Containers.
b. Service Reliability - Constraints around resource isolation and standardization across health checks.
c. Infrastructure Governance - Attribution of resources both on utilization & Spend, Quotas
d. Efficiency - Specifically around auto scaling -- our learnings from using ASGs at scale & how this impacts VM vs. Container from an efficiency & operations perspective.

3. Move to Containers
Here we will discuss the use of Docker at Pinterest and more importantly the steps we took around evaluating various orchestration systems. I'll share the various dimensions we evaluated and our learnings when running on a public cloud environment. For ex, docker integration, scheduling, networking, community, stateful support, big data support, security support

4. Vision of the Compute Platform at Pinterest
Finally we will close out with the larger vision (next 18 months) for the Compute Platform at Pinterest.

Speakers
avatar for Micheal Benedict

Micheal Benedict

Technical Product Manager, Pinterest
Micheal Benedict leads product management for Pinterest's cloud and data infrastructure. Previously, Micheal led products for Twitter Cloud Platform, building next-generation compute services that span internal and public clouds. He and his team built Kite, a service lifecycle manager... Read More →


Wednesday December 6, 2017 2:00pm - 2:35pm
Meeting Room 8ABC, Level 3

2:00pm

SIG Multi-Cluster (formerly Federation) Update - hosted by Christian Bell, Google
Speakers
CB

Christian Bell

Software Engineer, Google
I am co-lead of the Kubernetes Multicluster SIG (previously Federation SIG). I am interested in how users can make use of multiple clusters for high availability, regional proximity and consistent deployments across regions and multiple cloud providers.


Wednesday December 6, 2017 2:00pm - 2:35pm
Meeting Room 7, Level 3

2:00pm

Kata Containers: Hypervisor-Based Container Runtime - Xu Wang, HyperHQ & Samuel Ortiz, Intel

Kata Containers is a merge of 2 hypervisor based container runtime efforts: Hyper's runV and Intel's Clear Containers. With Kata Containers, each container is hypervisor isolated just like an EC2 or GCE instance. It is an OCI compatible runtime and as such can seamlessly work with containerd or hyperd. Moreover it fully supports the Kubernetes CRI APIs and thus can run and manage hypervisor isolated Kubernetes pods through CRI-O, containerd-cri or frakti. Finally, Kata Containers is a multi architecture project as it supports x86, ARM, Power and s390x platforms.

During this talk we will describe the Kata Containers architecture and how it drastically reduces the virtualization overhead in order to be as fast as a namepace based container runtime while being as secure as a legacy VM. We will also run a multi tenant Kubernetes demo in order to show how Kata Containers could become the cornerstone of a secure, infrastructure free, container cloud.


Speakers
SO

Samuel Ortiz

Principal Engineer, Intel
TBD
avatar for Xu Wang

Xu Wang

CTO, HyperHQ
Xu Wang is the CTO and Cofounder of Hyper HQ, and an initial member of Kata Containers Architecture Committee. HyperHQ created hypervisor-based open source container runtime runV (secure as VM, fast as container). runV merged with clear containers from Intel, and become Kata Containers... Read More →



Wednesday December 6, 2017 2:00pm - 2:35pm
Ballroom B, Level 1

2:00pm

Continuous Delivery with Kubernetes at Box [I] - Greg Lyons, Box
Deploying and managing applications with Kubernetes can be challenging. Organizing configuration across multiple environments, rolling out changes incrementally, safely killing or rolling back failed deployments - these are just a few difficulties that organizations face when running containers in production.

At Box, we've dealt with these issues and more, at the scale of thousands of servers across multiple data centers and public cloud providers. In this talk, we'll share how we set up a continuous delivery pipeline with Jenkins, Docker, Artifactory, and Kubernetes to test, build, and release our software rapidly and reliably. We'll discuss how our pipeline reduces time to ship to production, provides greater visibility into the deployment process, and empowers our engineers to deploy quality code with confidence.

Speakers
GL

Greg Lyons

Software Engineer, Box
Greg is a software engineer at Box, where he works on tooling for running microservices with Kubernetes. He built and open-sourced kube-applier, a containerized service for deploying Kubernetes apps with declarative configuration.


Wednesday December 6, 2017 2:00pm - 2:35pm
Ballroom A, Level 1

2:00pm

The Art of Documentation and Readme.md for Open Source Projects - Ben Hall, Katacoda
The Readme is becoming essential to successful Open Source projects. The Readme is a gateway to welcoming new users and potential contributors. It defines the tone of the project, how to get started and most importantly, the aim.

While many Open Source projects have amazing code-bases, the Readme and documentation are letting them down and as a result they are losing influence and opportunities for adoption and feedback.

In this talk, Ben uses his expertise of building an Interactive Learning Platform to highlight The Art of Documentation and the Readme file. The aim of the talk is to help open source contributors understand how small changes to their documentation approach can have an enormous impact on how users get started.

Ben will discuss:
- How to create engaging documentation
- Defining technical details in an accessible way
- Building documentation that encourages users to get started
- How to manage documentation and keeping it up-to-date and relevant

In the end, attendees will have an understanding of how to build beautiful, useful documentation. This will be backed by examples from some of the best open source projects.

Speakers
avatar for Ben Hall

Ben Hall

Founder, Katacoda
Ben is the founder of Katacoda (Katacoda.com), an interactive learning and training platform for software engineers. Katacoda specialises in enabling developers to understand Cloud-Native technologies including Docker, Kubernetes and OpenShift.Ben 是 Katacoda (Katacoda.com)的创始人,这是一家为软件工程师设计的交互式学习和培训平台。Katacoda... Read More →



Wednesday December 6, 2017 2:00pm - 2:35pm
Meeting Room 10AB, Level 3

2:00pm

Would You Like Some Tracing With Your Monitoring? - Yuri Shkuro, Uber Technologies
Understanding how your microservices based application is executing in a highly distributed and elastic cloud environment can be complicated. Distributed tracing has emerged as an invaluable technique that succeeds where traditional monitoring tools falter. Yet deploying it can be quite challenging, especially in the large scale, polyglot environments of modern companies that mix together many different technologies. In this talk we share what we have learned while building and rolling out Jaeger, our open source, OpenTracing-native distributed tracing system, to hundreds of microservices at Uber. We showcase new and exciting features that make it even more valuable to engineers.

Speakers
avatar for Yuri Shkuro

Yuri Shkuro

Staff Engineer, Uber Technologies
Yuri is a Staff engineer at Uber Technologies, working on distributed tracing, reliability, monitoring, and performance. He is a member of the CNCF OpenTracing Specification Council, and the founder of Jaeger, Uber's open source distributed tracing system.



Wednesday December 6, 2017 2:00pm - 2:35pm
Ballroom C, Level 1

2:00pm

The Mechanics of Deploying Envoy at Lyft - Matt Klein, Lyft
The idea of the "service mesh" is becoming very popular in microservice design circles. However, the mechanics of deploying one into an existing infrastructure are far from simple. In this talk we will cover the logistical details of how Envoy was developed and deployed incrementally at Lyft, focusing primarily on the evolution of service mesh configuration management. We will also discuss why high level systems such as Istio are likely to be the main mechanism by which most customers ultimately get access to the technology.

Speakers
avatar for Matt Klein

Matt Klein

Software Engineer, Lyft



Wednesday December 6, 2017 2:00pm - 2:35pm
Meeting Room 6AB, Level 3

2:00pm

Introducing SPIFFE: An Open Standard for Identity in Cloud Native Environments [I] - Evan Gilman, Scytale
Modern infrastructure patterns like microservices, container orchestration, and hybrid/multi-cloud deployments have turned conventional models for datacenter authentication and security on their heads. In the face of highly dynamic compute and network resources, a new challenge has risen: how to authenticate and secure service-to-service traffic in this brave new world? Enter the problem known as service identity.

Getting service identity right is surprisingly hard, with requirements extending well beyond simple secret management. What kind of credentials to settle on, how to rotate them, how to automatically (and securely) bootstrap them... and even more importantly, how to make sure a wide variety of external systems can authenticate them appropriately? These questions represent only a subset of the points that must be solved for.

In this talk, we introduce both SPIFFE and SPIRE - a new open source project designed to solve exactly these problems. SPIRE, backed by the SPIFFE open standard, performs seamless node and workload attestation across various platforms, and automatically issue short-lived certificates based on those attestations in a controlled manner. Even better, these certificates work across organizational boundaries and heterogeneous environments thanks to SPIFFE, which introduces a standardized identity format and validation methodology for X.509 certificates.

Speakers
avatar for Evan Gilman

Evan Gilman

Engineer, Scytale
Evan Gilman is an engineer with a background in computer networks. With roots in academia, and currently working on the SPIFFE project, he has been building and operating systems in hostile environments his entire professional career. An open source contributor, speaker, and author... Read More →


Wednesday December 6, 2017 2:00pm - 2:35pm
Meeting Room 5ABC, Level 3

2:00pm

Ask Your Proxy, It Knows Everything - Blake Mizerany, Backplane
Proxies have long been layered into distributed systems but rarely do we lean on them to do more than route, and balance load. In this talk we will go over how to use proxies to replace Service Discovery, control Release Managment and Traffic Shaping, and streamline Employee on-boarding/off-boarding. You'll talk away never looking at your proxies/load-balancers the same.

Speakers
avatar for Blake Mizerany

Blake Mizerany

Founder / CTO, Backplane
Sinatra, Heroku, Doozer, Etcd, Backplane


Wednesday December 6, 2017 2:00pm - 2:35pm
Meeting Room 9C, Level 3

2:00pm

CNCF Kubernetes Conformance Working Group - hosted by William Denniss, Google
Speakers
avatar for William Denniss

William Denniss

Product Manager, Google
William is a Product Manager at Google on Google Kubernetes Engine. He chairs the Kubernetes Conformance working group, and has a passion for interoperability and developer experience. Previously he worked in the OAuth community, authoring RFC 8252 and creating AppAuth, the leading... Read More →


Wednesday December 6, 2017 2:00pm - 3:20pm
Meeting Room 4B, Level 3

2:00pm

gRPC Community Meeting - hosted by April Kyle Nassi, Google

Live from Austin! Join the gRPC community to stump the devs, meet the contributors, and hear about project updates.


Speakers
avatar for April Nassi

April Nassi

Community Manager, Google
April Kyle Nassi is an Istio and gRPC community manager at Google focused on open source strategy. Previously, she created the Salesforce Developer community program and put on many a Dreamforce DevZone. She’s a CNCF Ambassador, crazy dog lady, and native Texan. You can find her... Read More →


Wednesday December 6, 2017 2:00pm - 3:20pm
Meeting Room 4C, Level 3

2:00pm

Fluentd Salon - hosted by Eduardo Silva, Treasure Data

The Fluentd Salon is an unconference session for attendees interested in logging in the context of Kubernetes, containers and standalone applications.

The Salon will be facilitated by Fluentd core developers and community members. We will give a brief update about Fluentd v1.0, roadmap and tools around the Fluent ecosystem plus an a space for lightning talks and open discussions. This will be a great networking opportunity.

If you are interested in suggesting a topic or giving a lightning talk (5 minutes presentation), please go ahead and fill the form with the required information.


Speakers
avatar for Eduardo Silva

Eduardo Silva

Principal Engineer, ARM Treasure Data
Eduardo is a Principal Engineer at "ARM / Treasure Data". He currently leads the efforts to make logging more scalable in Containerized and Orchestrated systems such as Kubernetes. Maintainer of Fluent Bit.


Wednesday December 6, 2017 2:00pm - 3:20pm
Meeting Room 10C, Level 3

2:00pm

rkt Salon - hosted by Alban Crequy, Kinvolk

The rkt salon will feature talks and demos of rkt and rktlet from, and discussions with, core contributors. The salon will include a general update on the rkt project, a demonstration of some core rkt concepts and of rktlet, the Kubernetes CRI implementation using rkt. We'll conclude with an open discussion.

 We are also eager to have community members speak about their use of rkt. Please contact us at cncf-rkt-maintainers@lists.cncf.io if you'd like to be added to the schedule.


Speakers
avatar for Alban Crequy

Alban Crequy

CTO 首席技术官, Kinvolk GmBH
Originally from France, Alban currently lives in Berlin where he is a CTO & co-founder at Kinvolk. He is a contributor to rkt, a container runtime for Linux, Weave Scope, a container visualization & monitoring tool, and is actively working on BPF-related projects. Before falling into... Read More →


Wednesday December 6, 2017 2:00pm - 3:20pm
Meeting Room 4A, Level 3

2:45pm

The True Costs of Running Cloud Native Infrastructure [B] - Dmytro Dyachuk, Pax Automa
Never before have organizations wrestled with as much choice in how they compute and where they compute. The public cloud offers freedom from lead times and elasticity to manage changing workloads, but once a workload reaches a certain size or can be forecasted over a longer period of time it may be much more expensive than building and operating the compute infrastructure in-house. In the following talk we estimate when this threshold is crossed. We then explore what a modern datacentre should look like, why running an efficient compute infrastructure requires a spirit of radical simplification, and finally how focusing on important abstractions enables workload portability in an era with an abundance of choice.

Speakers
avatar for Dmytro Dyachuk

Dmytro Dyachuk

Co-founder, Chief Research Officer, Pax Automa
Dmytro Dyachuk is a co-founder of PaxAutoma. Prior to that he was a lead capacity planning engineer at Demonware, a subsidiary of Activision-Blizzard. Dmytro specializes in performance modeling and capacity management of distributed systems.



Wednesday December 6, 2017 2:45pm - 3:20pm
Meeting Room 8ABC, Level 3

2:45pm

WG Container Identity Update - hosted by Greg Castle, Google & Clayton Coleman, Red Hat
Decomposing applications into containers and microservices has many advantages but it creates a foundational problem: we need a reliable and secure way to identify all of the pieces. Kubernetes runs your containers, but how do those containers prove who they are to other containers, services, clusters, and infrastructure?  Some concepts of identity exist in Kubernetes and could be improved, and others are just outright missing.

In August 2017 we started the Kubernetes Container Identity Working Group, a cross-SIG effort, with the goal of improving this situation. In this session we’ll give a short introduction to the problem space and the work that's underway. We’ll reserve most of the time for discussion, and to hear about identity pain points, use cases, and ideas from the community.

Speakers
avatar for Greg Castle

Greg Castle

Kubernetes/GKE Security Tech Lead, Google
Greg is the tech lead for the Kubernetes and Google Kubernetes Engine (GKE) security team at Google. Prior to GKE, Greg worked on the Google incident response team developing open-source investigation tools, and on OS X platform hardening. His pre-Google job roles have included pentester... Read More →
avatar for Clayton Coleman

Clayton Coleman

Architect, Kubernetes and OpenShift, Red Hat
Clayton is architect and engineer on cloud orchestration and containers at Red Hat, in charge of both technical direction for Kubernetes and OpenShift (Red Hat's platform as a service built on top of Kubernetes) as well as the broader container and container content efforts at Red... Read More →



Wednesday December 6, 2017 2:45pm - 3:20pm
Meeting Room 7, Level 3

2:45pm

Building Specialized Container-Based Systems with Moby: A Few Use Cases [I] - Patrick Chanezon, Docker
Moby is an open source project providing a "LEGO set" of dozens of components, the framework to assemble them into specialized container-based systems, and a place for all container enthusiasts to experiment and exchange ideas.
One of these assemblies is Docker CE, an open source product that lets you build, ship, and run containers.

This talk will explain how you can leverage the Moby project to assemble your own specialized container-based system, whether for IoT, cloud or bare metal scenarios.
We will cover Moby itself, the framework, and tooling around the project, as well as many of it’s components: LinuxKit, InfraKit, containerd, SwarmKit, Notary.
Then we will present a few use cases and demos of how different companies have leveraged Moby and some of the Moby components to create their own container-based systems.

Speakers
avatar for Patrick Chanezon

Patrick Chanezon

Chief Developer Advocate, Docker
As the Chief Developer Advocate for Docker, Patrick Chanezon helps drive the direction of the company’s open source projects, acting as an advocate for the developer community to assure that their requirements and issues are addressed in the Docker platform. From 2013 to 2015, he... Read More →


Wednesday December 6, 2017 2:45pm - 3:20pm
Ballroom B, Level 1

2:45pm

Microservices, Service Mesh, and CI/CD Pipelines: Making It All Work Together [I] - Brian Redmond, Microsoft
Microservices come with many advantages for massively scaling applications. With that comes many challenges around service communication and application updates. It is pretty simple to do blue/green deployment and canary releases with a basic web site. But what about thousands of microservices? How can we have blue/green deployments at the service level while still allowing for efficient communication? This is one of the areas where service mesh technology is a huge benefit in Kubernetes.

In this session, I will show how to use common CI/CD tooling such as Spinnaker or Jenkins to drive microservices deployments with Kubernetes. I will show how service mesh technologies such as istio and linkerd ease the ability to efficiently deliver and test microservices in Kubernetes. All without substantial changes for the microservice developer. Additionally, I will provide comparisons of the wide variety of tools available in this area.

The overall goal of this demo heavy session is to show the value of these technologies working together to ease the delivery of cloud native applications.

Speakers
avatar for Brian Redmond

Brian Redmond

Cloud Architect, Microsoft
I am a Cloud Architect on the Azure Global Black Belt team at Microsoft. I focus on containers, microservices, DevOps, and cloud native applications in the Azure cloud platform. I have been working in technology for over 20 years and have a mixed background from application development... Read More →



Wednesday December 6, 2017 2:45pm - 3:20pm
Ballroom A, Level 1

2:45pm

Distributed Workflows for Microservices-Style Applications [I] - Yun Qin, Nirmata
Microservices-style architectures solve several problems but also introduce new complexities. With Microservices, a best practice is to keep services isolated and loosely coupled. However, in the real world, it is not uncommon to encounter business logic which requires coordination across multiple business functions i,e. microservices.

The distributed workflow pattern addresses this problem. In this presentation we will describe the distributed workflow pattern and its use cases. We will then look at various implementations of this pattern, such as Netflix Conductor, AWS Simple Workflow Service and NirmataOSS Workflow.

We will end by showing a demonstration of a distributed workflow, running on a Kubernetes cluster and show how workflow managers can leverage Kubernetes features like Horizontal Pod Autoscaling.

Speakers
avatar for YUN QIN

YUN QIN

Software Engineer, Nirmata
Yun is a software enginner in Nirmata, a company deliverring integrated solutions for multi-cloud application management. Yun has extensive experience in distributed system application development and operations. Prior to joining Nirmata, Yun worked as a senior network engineer at... Read More →



Wednesday December 6, 2017 2:45pm - 3:20pm
Meeting Room 10AB, Level 3

2:45pm

The RED Method: How To Instrument Your Services [B] - Tom Wilkie, Kausal
The RED Method defines three key metrics you should measure for every microservice in your architecture; inspired by the USE Method from Brendan Gregg, it gives developers a template for instrumenting their services and building dashboards in a consistent, repeatable fashion.

In this talk we will discuss patterns of application instrumentation, where and when they are applicable, and how they can be implemented with Prometheus. We’ll cover Google’s Four Golden Signals, the RED Method, the USE Method, and Dye Testing. We’ll also discuss why consistency is an important approach for reducing cognitive load. Finally we’ll talk about the limitations of these approaches and what can be done to overcome them.

Speakers
avatar for Tom Wilkie

Tom Wilkie

VP Product, Grafana Labs
Tom is VP Product at Grafana Labs, but really he is a software engineer. Previous Tom founded Kausal, a company working on Prometheus, and worked at companies such as Weaveworks, Google, Acunu and XenSource. In his spare time, Tom likes to make craft beer and build 3D printers


Wednesday December 6, 2017 2:45pm - 3:20pm
Ballroom C, Level 1

2:45pm

Kubernetes, Metadata and You [I] - Liz Rice, Aqua Security & Gareth Rushgrove, Puppet
The combination of CI/CD tools and Kubernetes means we can set up a pipeline for deploying code changes as they happen, triggering a container image build and a rolling update to pull the new image. But what about changes that are about the application and how it should run, rather than the code itself?

This talk will explore tools and approaches for managing application metadata alongside the application code. We will look at:

- The importance of metadata to managing modern Cloud Native systems
- Built-in metadata capabilities in Kubernetes like ConfigMaps, Annotations and Labels
- Ways of making a deployment self-describing as part of a CI/CD workflow
- Using metadata to make the life of Kubernetes operators easier
- Examples of open source tools (like Manifesto, Lumogon and Skopeo) which work with Kubernetes ecosystem metadata

Speakers
avatar for Liz Rice

Liz Rice

Technology Evangelist, Aqua Security
Liz Rice is the technology evangelist at container security specialists Aqua Security, where she works on container-related open source projects including kube-bench and kube-hunter. This year she is Co-Chair of the CNCF’s KubeCon + CloudNativeCon events in Copenhagen, Shanghai... Read More →
avatar for Gareth Rushgrove

Gareth Rushgrove

Product Manager, Docker
Gareth Rushgrove is a product manager at Docker. He works remotely from Cambridge, UK, helping to build interesting tools for people to better manage infrastructure and applications. Previously he worked for the UK Government Digital Service focused on infrastructure, operations and... Read More →


Wednesday December 6, 2017 2:45pm - 3:20pm
Meeting Room 6AB, Level 3

2:45pm

IAM on Hybrid Cloud: Next Generation Security Model to Create an Interoperable Cloud [I] - Jeyappragash JJ & Kamil Pawlowski, padme.io

Those developing and operating modern software infrastructure face a myriad of complexity when trying to secure it.  While environments like amazon have vastly simplified the supply chain associated with brining up new physical and virtual infrastructure or services, complexity around managing access to and between these services has grown, and continues to expand.  The proliferation of configurations, management tools, and management schemes that exists in the modern datacenter has exploded when dealing with multi-cloud, hybrid (cloud + dc), or legacy systems.

Complexity is the enemy of security.  This heterogeneity is its embodiment. Having many different ways to configure access policies on different cloud providers or with different vendors, makes it impossible to understand whom has access to what in any given infrastructure.  Without this visibility it is impossible to have intelligibility, and hence security.  

Worse, today developers and operators must exist in and support a highly dynamic service environment.  That is to say existing services must evolve to support new functionality, and new services must be rapidly brought on line to support features in a highly competitive business environment.  The miasma of different configuration schemes creates a great deal of friction against this, and impedes security because it is difficult to holistically understand the impact of changes (let alone make them rapidly).  Security must be able to accommodate this temporality.

In this talk we introduce PADME as an architecture for policy admission aimed at solving these problems in a distributed environment.  PADME operates by normalizing access policy information across underlying clouds and system.  It allows policies to be operated up as known fixed building blocks in order to establish end to end security.  Finally, it attacks the problem of policy distribution in a distributed environment so that assertions can be made about the security of a system over time, and in the face of CAP theorem issues.


Speakers
avatar for Jeyappragash Jeyakeerthi

Jeyappragash Jeyakeerthi

tetrate.io
Jeyappragash previously built the team and lead the technical roadmap for Twitter's Cloud Infrastructure Management Platform. This platform helps developers manage their services and provides detailed visibility to the infrastructure and the services that use the infrastructures... Read More →
KP

Kamil Pawlowski

Kamil Pawlowski (Software Engineer) has worked on everything from mobile to high scale/availability systems, network protocols to web stacks. His experience includes early stage startups, large companies, and stages in between. He is presently building services infrastructure for... Read More →


Wednesday December 6, 2017 2:45pm - 3:20pm
Meeting Room 5ABC, Level 3

2:45pm

Microservices Patterns with NGINX Proxy in an Istio Services Mesh [I] - A.J. Hunyady, NGINX Inc
Building a cloud native application is only half the battle; running it reliably is the other half.

NGINX, the leading provider of ingress controller functionality in Kubernetes environments, has partnered with Istio to enhance Sidecar proxy capabilities in the Istio' Services Mesh architecture.

A service mesh is highly dependent on the strength of the proxy, and NGINX is the most powerful service proxy in the market. It offers a small footprint high performance engine with advance load balancing algorithms, caching, SSL termination, API gateway, extensibility through broad range of third-party modules, sciptability with Lau and nginScript and various security features with granular access control.

Microservices also require a Web Server to be deployed side-by-side with the service proxy. While optional, deploying NGINX as Web Server technology provides additional benefits in performance, manageability, security and the overall monitoring of the Application.

NGINX is already used by more than half of the top 100,000 websites and this talk will describe how NGINX in Istio environments is a natural extension of this technology.

Our demo will show a sample application running in a Kubernetes/Istio/NGINX environment and we will answer questions from the audience.

Speakers
AH

A.J. Hunyady

Product Managemenet, NGINX
A.J. Is a technology enthusiast and a Silicon Valley veteran. He founded Zokets where he developed software for managing containerized services in highly dynamic environments. A.J. is now at NGINX, where he leads innovations in new product development.


Wednesday December 6, 2017 2:45pm - 3:20pm
Meeting Room 9C, Level 3

3:00pm

3:20pm

Afternoon Break
Wednesday December 6, 2017 3:20pm - 3:40pm
Palazzo, Level 1

3:40pm

Bottoms-Up Adoption of a Microservices Workflow Using Kubernetes & Envoy - Rafael Schloming & Phil Lombardi, Datawire
Many organizations start their microservices journey by (re)designing their application architecture and operational infrastructure. We started building our cloud application using this approach. We discovered that this takes a long time.

In this talk, we’ll talk about how we ended up with a different approach when we started thinking about microservices as a workflow, and not an architecture. We’ll talk about our first goal: enabling a single developer to be able to code, ship, and manage a microservice, as quickly as possible. We’ll show how we integrated Kubernetes, Docker, Prometheus, and Envoy to achieve this goal.

Finally, we’ll talk about scaling this initial goal beyond a single developer. We’ll talk about the tradeoffs of this bottoms up approach to the conventional PAAS / service mesh / application architecture strategy, and show how you can get to the same place in the end.

Speakers
PL

Phil Lombardi

Phil Lombardi is a Senior Platform Engineer at Datawire.io where he is building a development platform aimed at small companies adopting or using microservices and with a need for their platform to be simple, resilient and adaptable to the ever-changing tech landscape. He has spoken... Read More →
avatar for Rafael Schloming

Rafael Schloming

Co-founder and Chief Architect, Datawire
Rafael Schloming is Co-founder and Chief Architect of Datawire. He is a globally recognized expert on messaging and distributed systems and a spec author of the AMQP specification. He has spoken on microservices at numerous technical conferences including ApacheCon, the O’Reilly... Read More →



Wednesday December 6, 2017 3:40pm - 4:15pm
Meeting Room 8ABC, Level 3

3:40pm

SIG Cluster Lifecycle Update - hosted by Robert Bailey, Google & Lucas Käldström

The Cluster Lifecycle SIG is the Special Interest Group that is responsible for building the user experience for deploying and upgrading Kubernetes clusters. Since splitting out of SIG Cluster Ops in mid-2016 we have primarily focused on creating kubeadm, a streamlined installer tool and building block to simplify the installation and upgrade experience. We have recently begun building a Cluster API to provide an abstraction of machines across different deployment environments along with a common control plane configuration. 

In this update session we will present the SIG's mission statement, review recent accomplishments, and discuss our future plans, where you are very welcome to contribute to the discussion. We will also focus on how new contributors can get involved in helping shape the future of Kubernetes cluster lifecycle management. 


Speakers
avatar for Robert Bailey

Robert Bailey

Software Engineer, Google
Robert is a lead for the cluster lifecycle SIG and has been working on Kubernetes for more than 3 years. He was one of the founding members of the Google Container Engine team. Prior to Kubernetes, he was a Site Reliability Engineer helping teams at Google launch new products and... Read More →
avatar for Lucas Käldström

Lucas Käldström

CNCF 代表, Independent
Lucas is a passionate Kubernetes subproject owner and approver that is excited about all things cloud native. Lucas has been engaged in Kubernetes work for over three years now and been involved in work like porting Kubernetes to multiple platforms, getting minikube off the ground... Read More →



Wednesday December 6, 2017 3:40pm - 4:15pm
Meeting Room 4C, Level 3

3:40pm

CRI-O: All the Runtime Kubernetes Needs, and Nothing More - Mrunal Patel, Red Hat
CRI-O is a brand new container runtime dedicated and optimized to support kubernetes workload. Its goal is to be a stable container runtime tied to kubernetes releases, replacing the docker daemon.

Historically every update of Docker has broken Kubernetes. This has led to major rewriting and fixes of Kubernetes, which is understandable since Docker is not primarily for Kubernetes. Kubernetes needs a container runtime dedicated to its specifications.

CRI-O, the name comes from the Container Runtime Interface for Open container runtimes, takes advantages of emerging standards like OCI Runtime and Image Specification, as well as open source projects to handle container images (github.com:containers/image, github.com:containers/storage) . This means as these projects advance CRI-O will be able to take advantage of the improvements and features, but all the while guaranteeing that it will not break any functionality required by the Kubernetes CRI. CRI-O works with runc and Clear Containers runtimes.

CRI-O was designed from the ground up to satisfy Kubernetes Container Runtime Interface, and currently passes all node and E2E tests. The github repository has been setup to not accept any pull requests that causes these tests to break. We will be tying the versions of CRI-O to the Kubernetes versions, to maintain complete compatibility.

This talk will describe the CRI-O architecture as well as demonstrate different kubernetes features running on top of CRI-O exercising the CRI API. The attendees will learn how to configure CRI-O with kubernetes and use it for their workloads.

Speakers
MP

Mrunal Patel

Principal Software Engineer, Red Hat, Inc.
Mrunal Patel is a Principal Software Engineer at Red Hat working on containers for Openshift. He is a maintainer of runc/libcontainer and the OCI runtime specification. He is the lead developer of CRI-O. He has helped contribute support for user namespaces to the Go programming language... Read More →



Wednesday December 6, 2017 3:40pm - 4:15pm
Ballroom B, Level 1

3:40pm

Expand Your Spinnaker Pipeline to the Desktop [I] - Sean Korten, Kenzan
Commit, build, test, push, build, test, deploy, test, promote, test, repeat. You can already use Kubernetes as the common platform for your entire lifecycle, but wouldn’t it be cool to use one tool to manage it? Spinnaker is a multi-cloud CI/CD platform that works well with Kubernetes on many cloud providers. In this talk we will discuss how to turn your workstation running minikube into another cloud provider in your cloud based production Spinnaker and add it to your CI/CD pipeline.

Speakers
avatar for Sean Korten

Sean Korten

Director of Engineering, Kenzan
Sean is a Lead Platform/DevOps Engineer with Kenzan, a professional services company that provides customized end-to-end solutions to a diverse group of clients. Since joining Kenzan he has contributed to the Spinnaker OSS project and helped implement it internally and with multiple... Read More →



Wednesday December 6, 2017 3:40pm - 4:15pm
Meeting Room 9AB, Level 3

3:40pm

Modifying gRPC Services Over Time [I] - Eric Anderson, Google
Services grow and stretch over time to accommodate features, bugs, and basic maintenance. Learn how gRPC services can change while managing existing clients.

Speakers
avatar for Eric Anderson

Eric Anderson

Staff Software Engineer, Google
Eric Anderson is the tech lead of gRPC Java as a Staff Software Engineer at Google. He contributed to the gRPC wire protocol and is experienced with HTTP/2. Previously, he developed the Connectors v4 framework for the Google Search Appliance. Prior to Google, Eric maintained data-driven... Read More →



Wednesday December 6, 2017 3:40pm - 4:15pm
Meeting Room 10AB, Level 3

3:40pm

How Netflix Is Solving Authorization Across Their Cloud [I] - Manish Mehta & Torin Sandall, Netflix
Since 2008, Netflix has been on the cutting edge of cloud-based microservices deployments. In 2017, Netflix is recognized as one of the industry leaders at building and operating “cloud native” systems at scale. Like many organizations, Netflix has unique security requirements for many of their workloads. This variety requires a holistic approach to authorization to address “who can do what” across a range of resources, enforcement points, and execution environments.

In this talk, Manish Mehta (Senior Security Software Engineer at Netflix) and Torin Sandall (Technical Lead of the Open Policy Agent project) will present how Netflix is solving authorization across the stack in cloud native environments. The presentation shows how Netflix enforces authorization decisions at scale across various kinds of resources (e.g., HTTP APIs, gRPC methods, SSH), enforcement points (e.g., microservices, proxies, host-level daemons), and execution environments (e.g., VMs, containers) without introducing unreasonable latency. The presentation includes a deep dive into the architecture of the cloud native authorization system at Netflix as well as how authorization decisions can be offloaded to an open source, general-purpose policy engine (Open Policy Agent).

This talk is targeted at engineers building and operating cloud native systems who are interested in security and authorization. The audience can expect to take away fresh ideas about how to enforce fine-grained authorization policies across stackthe cloud environment.

Speakers
avatar for Manish Mehta

Manish Mehta

Senior Security Software Engineer, Netflix
Manish Mehta is Senior Security Software Engineer at Netflix, Los Gatos, CA. He has designed and developed solutions around secure bootstrapping, authentication (service and user), and authorization for cloud-native infrastructure. His professional interests and expertise are cyber... Read More →
avatar for Torin Sandall

Torin Sandall

Technical Lead, Styra
Torin Sandall is the technical lead of the recent open source Open Policy Agent project. Torin has spent 10 years as a software engineer working on large-scale distributed systems projects. Previously, Torin was a senior software engineer at Cyan (acquired by Ciena), where he designed... Read More →



Wednesday December 6, 2017 3:40pm - 4:15pm
Ballroom A, Level 1

3:40pm

Fluentd and Distributed Logging [I] - Masahiro Nakagawa, Treasure Data
In container era, logging is very important because applications are distributed. This session talks about why Fluentd is needed and how fluentd resolves the distributed logging problem by flexible and robust ways.

Speakers
MN

Masahiro Nakagawa

Senior Software Engineer 高级软件工程师, Treasure Data
Fluentd maintainer



Wednesday December 6, 2017 3:40pm - 4:15pm
Ballroom C, Level 1

3:40pm

Queueing Theory, In Practice: Performance Modelling in Cloud-Native Territory [I] - Eben Freeman, Honeycomb.io
Kubernetes and similar cloud-native infrastructure make it easier than ever to adjust a service's capacity based on variable demand. In practice, it's still hard to take observed metrics, and translate them into quantitative predictions about what will happen to service performance as load changes. Resource limits are often chosen by guesstimation, and teams are likely to find themselves reacting to slowdowns and bottlenecks, rather than anticipating them.

Queueing theory can help, by treating large-scale software systems as mathematical models. But it's not easy to translate between real-world systems and textbook models. This talk will cover practical techniques for turning operational data into actionable predictions. We'll show how to use results from queueing theory to develop a model of system performance. We'll discuss what data to gather in production to better inform its predictions -- for example, why it's important to capture the shape of a latency distribution, and not just a few percentiles. We'll also talk about some of the limitations and pitfalls of performance modelling.

Speakers
EF

Eben Freeman

Engineer, Honeycomb.io
Now largely reformed after stints studying theoretical math and living as an itinerant rock climber, Eben is fascinated by tools that help humans better understand the systems they create. He works as an engineer at Honeycomb.io.



Wednesday December 6, 2017 3:40pm - 4:15pm
Meeting Room 6AB, Level 3

3:40pm

Building an Edge Computing Platform for Network Services Using Cloud Native Technology [I] - Stephen Wong & Vikram Dham, Huawei Technologies, Inc.
Edge computing have become increasingly important due to the demands of latency sensitive applications and explosion of data from end user devices in cases such as Internet of Things (IoT). One common intelligent edge deployment is the buildout of mini data centers on network edge that are centrally managed and operated by the cloud. Unlike traditional data centers, these mini data centers are constrained by limited resources and minimal operational supervision, and as such they impose challenges on traditional data center infrastructure including network services, here defined as L3-7 network services such as packet gateway and application firewall. These services usually are implemented with the need for heavy manual configurations and complex provisioning, which are particularly ill-fitted to deploy at the edge.

In this session we will discuss how we built a new edge computing platform for network services that can achieve auto provisioning, dynamic service deployments and updates, and high resiliency. By running componentized network services in containers orchestrated by Kubernetes, and utilizing projects such as gRPC, linkerd, and fluentd, as well as making use of cloud native related projects including etcd and IOvisor, this platform essentially treats network services as cloud native applications, and thereby able to achieve the associated benefits. We will show a demo of the platform as part of the presentation.

Speakers
SW

Stephen Wong

Senior Architect, Huawei Technologies, Inc.
Stephen Wong has had 20 years of software development experience in the networking industry. Currently he is a software architect at FutureWei Technologies, the US Research Center of Huawei Technologies. His focus at FutureWei is to advance the field of Network Function Virtualization... Read More →



Wednesday December 6, 2017 3:40pm - 4:15pm
Meeting Room 9C, Level 3

3:40pm

Kubernetes SIG Schedule + Resource Management Working Group Deep Dive - hosted by Jeremy Eder, Red Hat
Intro
  • Introduce the leads
  • Cover logistics, where to find SIGs, and how to participate
  • Remote participation (i.e., Zoom, if possible)

Topics
  • Roadmap Triage: Leads to discuss roadmap for each SIG

- RMWG Roadmap 

  • Areas of overlap between SIG/WG:

- How is the two-level scheduling working out?
- What use-caes are we trying to cover in the coming year that would generate features from each other? 

  • Resource API, we need something written down

  • Graduating features... Beta -> GA

  • How does anyone keep track of anything on Github? 
- Tracker issues are needle in haystack...

Speakers
avatar for Jeremy Eder

Jeremy Eder

Senior Principal Software Engineer, Performance Engineering, Red Hat, Inc.
Jeremy leads a high-output team of engineers focused on performance, scalability and capacity planning of container-based infrastructures in the Atomic and OpenShift family of Red Hat products, including the application of these next generation technologies to the high performance... Read More →



Wednesday December 6, 2017 3:40pm - 5:00pm
Meeting Room 7, Level 3

3:40pm

SIG Testing Deep Dive Session - hosted by Aaron Crickenberger, Samsung SDS
Speakers
avatar for Aaron Crickenberger

Aaron Crickenberger

Senior Test Engineer 高级测试工程师, Google
Aaron has been involved in open source since 2007, cloud since 2009, and Kubernetes since 2015. He was elected to the Kubernetes Steering Committee in 2017.He co-founded the Kubernetes Testing SIG, and actively contributes in the Architecture, Contributor Experience, Release, and... Read More →


Wednesday December 6, 2017 3:40pm - 5:00pm
Meeting Room 4B, Level 3

3:40pm

CoreDNS Salon - hosted by John Belamaric, Infoblox

Join us for an open discussion on CoreDNS! This will be an opportunity to learn more about CoreDNS, as well as discuss use cases, issues, and other matters with some of the maintainers. We’ll start with a short intro and some CoreDNS basics, then proceed to the open discussion. Some of the topics we can discuss:

  • CoreDNS Roadmap

  • Using CoreDNS for your cluster DNS in Kubernetes

  • Status of plans for CoreDNS to replace Kube-DNS as the default cluster DNS

  • CoreDNS architecture

  • Available plugins and how to use them

  • How to write external plugins

  • Use of CoreDNS with an external policy engine

  • Use of the “autopath” plugin with Kubernetes and what it does

  • General Q&A


Speakers
avatar for John Belamaric

John Belamaric

Distinguished Architect, Infoblox
John Belamaric is a software architect with over 20 years of software design and development experience. He is focused on microservice architectures and on making CoreDNS the best choice for service discovery in those architectures. He is a Distinguished Architect at Infoblox, holds... Read More →



Wednesday December 6, 2017 3:40pm - 5:00pm
Meeting Room 4A, Level 3

3:40pm

Envoy Salon - hosted by Matt Klein, Lyft

Informal in-person community meeting for Envoy. We will have a short selection of lightening talks and do general Q&A and discussion.


Speakers
avatar for Matt Klein

Matt Klein

Software Engineer, Lyft


Wednesday December 6, 2017 3:40pm - 5:00pm
Meeting Room 10C, Level 3

4:25pm

The Good, the Bad and the Ugly of Migrating Hundreds of Legacy Applications to Kubernetes [B] - Josef Adersberger, QAware
Running applications on Kubernetes can provide a lot of benefits: more dev speed, lower ops costs, and a higher elasticity & resiliency in production. Kubernetes is the place to be for cloud native apps. But what to do if you’ve no shiny new cloud native apps but a whole bunch of JEE legacy systems? No chance to leverage the advantages of Kubernetes? Yes you can!

We’re facing the challenge of migrating hundreds of JEE legacy applications of a major German insurance company onto a Kubernetes cluster within one year. We're now close to the finish line and it worked pretty well so far.

The talk will be about the lessons we've learned - the best practices and pitfalls we've discovered along our way. We'll provide our answers to life, the universe and a cloud native journey like:
- What technical constraints of Kubernetes can be obstacles for applications and how to tackle these?
- How to architect a landscape of hundreds of containerized applications with their surrounding infrastructure like DBs MQs and IAM and heavy requirements on security?
- How to industrialize and govern the migration process?
- How to leverage the possibilities of a cloud native platform like Kubernetes without challenging the tight timeline?

Speakers
avatar for Josef Adersberger

Josef Adersberger

CTO, QAware
Josef Adersberger is co-founder & CTO of QAware, a German custom software development company and CNCF silver member. He studied computer science in Rosenheim and Munich and holds a doctoral degree in software engineering. He is currently responsible for a large-scale cloud migration... Read More →



Wednesday December 6, 2017 4:25pm - 5:00pm
Ballroom A, Level 1

4:25pm

gRPC WG Update: Easy Instrumentation with OpenCensus - hosted by April Kyle Nassi, Jaana Burcu Dogan & Morgan McLean, Google

Join the gRPC contributors for a session looking at OpenCensus and gRPC integrations!

Getting traces and application-level metrics out of an application often requires headaches and a nontrivial amount of manual work, which is a challenge for developers and vendors alike. This is especially true when you have a microservice architecture. OpenCensus offers a simple and automatic way for developers to extract correlated traces and metrics from their application so that they can be processed by the backend of their choice. 


Speakers
avatar for Jaana B. Dogan

Jaana B. Dogan

Engineer, Google
Jaana is a well known figure in the the software development community via her work on Go and OpenCensus, and from her blog and Twitter presence (@rakyll). In her work at Google, she focuses on observability and making Go even better. | | Jaana has given talks at PromCon, Kubecon... Read More →
avatar for Morgan McLean

Morgan McLean

Product Manager, Google
Morgan has spent much of his career as an engineer and product manager on distributed systems and tools for developers. At Google, he is the product manager for tools that span distributed tracing, debugging, and profiling, including internal applications, Stackdriver, and OpenCensus... Read More →
avatar for April Nassi

April Nassi

Community Manager, Google
April Kyle Nassi is an Istio and gRPC community manager at Google focused on open source strategy. Previously, she created the Salesforce Developer community program and put on many a Dreamforce DevZone. She’s a CNCF Ambassador, crazy dog lady, and native Texan. You can find her... Read More →


Wednesday December 6, 2017 4:25pm - 5:00pm
Meeting Room 4C, Level 3

4:25pm

Building Better Containers: A Survey of Container Build Tools [I] - Michael Ducy, Chef
If you stick to the “industry standard” method of building containers (Dockerfiles), it’s easy to build containers that contain libraries, tools, binaries, and more that you don’t need. One survey showed that over 75% of containers contain a full Operating Systems. So how can you build containers that only contain the bits you require to run a particular application, and nothing more. This talk will cover various tools in the open source community that provide better methods for building containers, no matter the underlying container runtime. We will explore Bazel (along with Distroless), Smith (from Oracle), and Habitat (from Chef), and we will cover the benefits and drawbacks of each method. A short demo of each tool will be included.

Speakers
avatar for Michael Ducy

Michael Ducy

Director of Community & Evangelism, Sysdig
Michael Ducy currently works as Director of Community & Evangelism for Sysdig where he is responsible for growing adoption of Sysdig’s open source solutions. Previously, Michael worked at Chef where we held a variety of roles helping customers and community members leverage Chef’s... Read More →



Wednesday December 6, 2017 4:25pm - 5:00pm
Ballroom B, Level 1

4:25pm

Continuous Integration at Scale on Kubernetes [B] - Karthik Gajjala, eBay
eBay has a large community of developers working on several thousand applications at any time. To improve developer productivity, we offer Continuous Integration As A Service (CIAAS). This system provides capability to build and test several thousand applications concurrently. This talk will walk the users through our journey of building this system on top of Kubernetes, the challenges
we faced, optimizations we deployed and the scale and reliability we achieved at scale of tens of thousands of builds a day. We plan to continue our journey to leverage public clouds and we want to share our thoughts and initial plans.

Speakers
avatar for Karthik Gajjala

Karthik Gajjala

Director of Engineering, eBay
Karthik Gajjala is a Director of Cloud Engineering at eBay responsible for eBay’s private Cloud that includes Infrastructure As A Service and Platform As A Service. He has been a technologist for close to two decades working in Startups and large enterprises. At eBay, his organization... Read More →



Wednesday December 6, 2017 4:25pm - 5:00pm
Meeting Room 9AB, Level 3

4:25pm

A Practical Guide to Prometheus for App Developers [B] - Ilya Dmitrichenko, Weaveworks
Ilya will first briefly outline how Weaveworks run cloud-native apps in production on Kubernetes, and how they use Prometheus for monitoring, as well as some of the open-source tools the team has built to implement continuous delivery.

In the main section Ilya will turn the spotlight on Prometheus and demonstrate step-by-step how simple it is to instrument an app, using a very generic Node.js app as reference.

Speakers
avatar for Ilya Dmitrichenko

Ilya Dmitrichenko

DX Engineer, Weaveworks
Ilya is a Developer Experience Engineer at Weaveworks, focused on making the adoption of microservices easier. Prior to Weaveworks, Ilya worked at Xively, where he personally experienced the shift to a true DevOps culture. He began to shift focus down the stack, becoming one of the... Read More →


Wednesday December 6, 2017 4:25pm - 5:00pm
Meeting Room 10AB, Level 3

4:25pm

“If you Don’t Monitor your Infrastructure, you Don’t Own it!” Regain Control Thanks to Prometheus [I] - Etienne Coutaud & Guillaume Lefevre, OCTO Technology
In the French FedEx company we used Prometheus to monitor the infrastructure. It hosts a CQRS Architecture composed with Kafka, Spark, Cassandra, ElasticSearch, and microservices APIs in scala.

This presentation is about using Prometheus in production, you will see why we choosed Prometheus, how we integrated it, configured it and what kind of insights we extracted from the whole infrastructure.

In addition, you will see how Prometheus changed our way of working, how we implemented self-healing based on Prometheus, how we configured systemd to trigger AlertManager API, integration with slack and other cool stuffs.

Some demonstrations will be performed in addition of the presentation.

Speakers
avatar for Etienne Coutaud

Etienne Coutaud

DevOps Engineer, OCTO Technology
Etienne Coutaud is a French DevOps Engineer working in OCTO Technology for 2 years in Paris. Etienne worked of the implementation on Openshift in production for the health insurance agency. Currently working for the French Fedex he participated on the cloud infrastructure automation... Read More →
avatar for Guillaume Lefevre

Guillaume Lefevre

Guillaume Lefevre is a French DevOps Engineer at OCTO Technology for a year now. He worked in the networking field for various company before moving to DevOps. Currently working for the French Fedex he participated on the cloud infrastructure automation, continuous integration and... Read More →


slides pdf

Wednesday December 6, 2017 4:25pm - 5:00pm
Ballroom C, Level 1

4:25pm

Cloud Native Logging 101 [B] - Eduardo Silva, Treasure Data
In the Cloud Native Era logging is a fundamental piece of the instrumentation life cycle. With applications running as micro services the log information generated is much more and understanding how to implement and manage logging with this new architecture is fundamental.

This 101 presentation will introduce the concepts of log processing (end-to-end) applied to applications running in orchestrated environments managed by Kubernetes (live demos included).

Speakers
avatar for Eduardo Silva

Eduardo Silva

Principal Engineer, ARM Treasure Data
Eduardo is a Principal Engineer at "ARM / Treasure Data". He currently leads the efforts to make logging more scalable in Containerized and Orchestrated systems such as Kubernetes. Maintainer of Fluent Bit.


Wednesday December 6, 2017 4:25pm - 5:00pm
Meeting Room 6AB, Level 3

4:25pm

Building a Secure, Multi-Protocol and Multi-Tenant Cluster for Internet-Facing Services [A] - Bich Le, Platform9
Exposing internal HTTP-based services to the Internet is a well supported and documented feature of Kubernetes. What's less well understood is how to do it for thousands of services running on behalf of hundreds of possibly competing customers, in particular how to do it securely, protect the privacy of each customer, and support binary protocols other than HTTP. This is the problem that our company solved for our SaaS business which requires hosting and operating the control plane of popular infrastructure management software (e.g. Openstack, Big Data, and Kubernetes itself) as a service for our customers. Those control planes contain services exposing protocols as varied as MySQL and AMQP. This talk describes the challenges we faced and how we solved them using multiple technologies from the Kubernetes ecosystem. The solution includes a system that automatically creates namespaces, provisions certificate hierarchies, and manages ingress controllers for new customers, then wraps services with a set of side-car containers to handle tasks such as TLS termination. We describe how we employed Kubernetes native constructs such as Custom Resource Definitions to automate those tasks. For network communications, we discuss how to securely handle ingress, outgress, pod-to-pod, and cross-namespace traffic. To support both HTTP and TCP-based protocols, we describe a two-level network routing system consisting of both a "k8sniff" and an nginx ingress controller. For ensuring customer data privacy we compare these approaches: (1) Network Policy + Layer 2 virtualization; (2) TLS encryption of all pod-to-pod traffic; (3) a combination of the two. Finally, we debate whether the process isolation model of Linux containers is sufficient, and discuss our experience with stronger virtualization-based mechanisms such as Frakti / HyperContainer.

Speakers
avatar for Bich Le

Bich Le

Chief Architect, Platform9
Co-founder of Platform9 and veteran of VMware. Career in virtualization, cloud management and containerization.



Wednesday December 6, 2017 4:25pm - 5:00pm
Meeting Room 5ABC, Level 3

4:25pm

The Service Mesh: Past, Present, and Future [B] - William Morgan, Buoyant
In this talk, we describe the service mesh, a runtime infrastructure layer that’s rapidly rising to prominence with the advent of open source projects like Istio, Envoy, and Linkerd. We trace the evolution of the service mesh model through three-tiered apps and “fat clients” to the modern, sidecar-based implementations, compare and contrast with ESBs and API gateways, and show that, as with most “new” technology, the ideas and principles behind the service mesh have been around for a long time.

Speakers
avatar for William Morgan

William Morgan

CEO, Buoyant
William Morgan is the cofounder and CEO of Buoyant, creators of Linkerd. Prior to Buoyant, he was an infrastructure engineer at Twitter, where he helped move Twitter from monolith to microservices. He was a software engineer at Powerset, Microsoft, and Adap.tv, and a research scientist... Read More →


Wednesday December 6, 2017 4:25pm - 5:00pm
Meeting Room 9C, Level 3

5:10pm

Keynote: Service Meshes and Observability - Ben Sigelman, Co-founder & CEO, Lightstep

Service mesh technology facilitates the discovery, interconnection, and authentication of microservices. While it’s straightforward to use a service mesh to measure peer performance, actually explaining the behavior of transactions in a microservices deployment requires distributed tracing.

In this keynote, Ben will explain why distributed tracing is important, where the service mesh comes into play, and how OpenTracing makes it all elegant and portable. We will illustrate these concepts with a live, audience-interactive demo, and provide guidance for those who want to add these technologies to their own microservice deployments.


Speakers
avatar for Ben Sigelman

Ben Sigelman

CEO and Co-founder, LightStep
Ben Sigelman is the co-creator of the OpenTracing project (incubated by CNCF). An expert in distributed monitoring, he previously built Dapper, Google’s production distributed systems tracing infrastructure, and Monarch, Google’s fleet-wide time series collection, storage, analysis... Read More →


Wednesday December 6, 2017 5:10pm - 5:30pm
Exhibit Hall 3, Level 1

5:30pm

Keynote: Kubernetes: This Job is Too Hard: Building New Tools, Patterns and Paradigms to Democratize Distributed System Development - Brendan Burns, Distinguished Engineer, Microsoft

The simple truth is that there are more reliable online systems that need to be built then there are people who know how to build them. Building a distributed system is bespoke, manual and hard.

Fortunately, with the development of containers and Kubernetes, a foundation has been created for a new type of development environment to make building systems dramatically easier and more modular. But containers and Kubernetes, while necessary, are not sufficient. In this talk I introduce Metaparticle, a new standard library for easy distributed systems development on Kubernetes.

Metaparticle uses familiar, standard programming languages to enable developers and architects to design, develop and deploy their application from a single, easy to use environment.


Speakers
avatar for Brendan Burns

Brendan Burns

Software Engineer, Microsoft
Brendan Burns is a software engineer at Microsoft Azure and co-founder of the Kubernetes project. Before Kubernetes he worked on search infrastructure at Google. Before Google he was a professor at Union College in Schenectady, NY. He received his PhD in Computer Science from the... Read More →


Wednesday December 6, 2017 5:30pm - 5:50pm
Exhibit Hall 3, Level 1

5:50pm

Keynote: Can 100 Million Developers Use Kubernetes? - Alexis Richardson, CEO, Weaveworks
What is the potential for Kubernetes? Is it like Openstack and Hadoop, a technology for expert operators in the enterprise? Or is it like cloud and mobile, a way for every developer to move the business? What is needed for Kubernetes to have an impact equal to the web? Can 100 million people use Kubernetes?

Speakers
avatar for Alexis Richardson

Alexis Richardson

Founder & CEO, Weaveworks
Alexis is the co-founder and CEO of Weaveworks. He is also the chairman of the TOC for CNCF, and the co-founder of the Coed:Code meet ups. | | Previously he was at Pivotal, as head of products for Spring, RabbitMQ, Redis, Apache Tomcat and vFabric. Alexis was responsible for resetting... Read More →


Wednesday December 6, 2017 5:50pm - 5:55pm
Exhibit Hall 3, Level 1

5:55pm

Community Awards
Wednesday December 6, 2017 5:55pm - 6:05pm
Exhibit Hall 3, Level 1

6:10pm

Welcome Reception & Sponsor Booth Crawl
Join us in the Sponsor Showcase at Austin Convention Center to meet our sponsors, network with community members, and enjoy food and drinks as well as live music!

Wednesday December 6, 2017 6:10pm - 8:30pm
Sponsor Showcase

7:30pm

BoF: Grafeas: Using Artifact Metadata to Audit, Govern, and Secure Your Software Supply Chain - hosted by Stephen Elliott & Wendy Dembowski, Google & Graeme Hay, Morgan Stanley
Building software at scale requires strong governance of the software supply chain, and strong governance requires good data. This BoF will be a discussion around the recently launched Grafeas ("scribe") open source project (see grafeas.io), whose goal is to provide organizations with a central source of truth for tracking artifacts and enforcing policies across an ever growing set of software development teams and pipelines. Part of the Grafeas project is Kritis ("judge"), a Kubernetes policy engine that lets organizations do real-time enforcement of container properties at deploy time for Kubernetes clusters. To kick off the discussion, Google and other Grafeas collaborators will give an overview of the Grafeas project.

Speakers
avatar for Wendy Dembowski

Wendy Dembowski

Staff Software Engineer, Google
Wendy is a Staff Software Engineer at Google. She is a co-founder and the Khaleesi of Grafeas.
avatar for Stephen Elliott

Stephen Elliott

Product Manager, Google
avatar for Graeme Hay

Graeme Hay

Managing Director, Global Head of Enterprise and Cloud Engineering, Morgan Stanley



Wednesday December 6, 2017 7:30pm - 9:00pm
Meeting Room 10C, Level 3

7:30pm

BoF: Kubernetes and IoT - hosted by Ian Skerrett, Eclipse Foundation
In this BOF we will discuss how Kubernetes can be used to support Internet of Things use cases. This may include using Kubernetes at the 'edge', using Kubernetes on IoT cloud platforms and any other use cases people might bring forward. The goal is to better understand the opportunities and challenges for using Kubernetes in IoT deployments.

Speakers

Wednesday December 6, 2017 7:30pm - 9:00pm
Meeting Room 9AB, Level 3

7:30pm

BoF: Kubernetes On Metal - hosted by Steven Bower, Bloomberg
Talk about Kube on Metal and the challenges/successes people have had.

Speakers
avatar for Steven Bower

Steven Bower

Data and Analytics Infrastructure Lead, Bloomberg
Over my years working with computers/software I have had time to absorb many different aspects of the industry. From doing routine hardware maintenance and support to developing large-scale search systems and everything else in between. I find search and information retrieval problems... Read More →


Wednesday December 6, 2017 7:30pm - 9:00pm
Meeting Room 9C, Level 3

7:30pm

BoF: Open Discussion on Hybrid Cloud - hosted by Allan Naim, Google & Rohit Agarwalla, Cisco

Application components can reside within a single or multiple data centers and clouds. Istio’s goal is to connect, manage and secure service endpoints but hybrid cloud scenarios bring certain challenges to effectively achieve those goals. In this BoF session, we would like to discuss the current efforts within the Istio community for Hybrid cloud scenarios and identify Istio/Envoy requirements/gaps. 


Speakers
avatar for Rohit Agarwalla

Rohit Agarwalla

Senior Technical Leader, Cisco
Rohit Agarwalla is currently part of the Cloud Platform and Solutions Group within Cisco. As a cloud computing expert, Rohit is the primary architect for the Cisco-Google open hybrid cloud solution and is a cloud architect and technical product manager in areas of cloud native, multi-cloud... Read More →
avatar for Allan Naim

Allan Naim

Senior Manager, Google
Allan is a Kubernetes Platform Lead at Google focused on Kubernetes and Kubernetes Engine. Prior to Kubernetes, Allan played a key role in developing Google Compute Engine’s go-to-market. Prior to Google, Allan held a variety of global roles spanning from Solutions Architecture... Read More →


Wednesday December 6, 2017 7:30pm - 9:00pm
Meeting Room 6AB, Level 3

7:30pm

BoF: Cross-Cloud Continuous Integration (CI) of all CNCF Projects Across All Public Clouds - hosted by Chris McClimans, ii.coop; Denver Williams, Goppa; Taylor Carpenter, Vulk.Coop; & Dan Kohn, Cloud Native Computing Foundation
Cross-cloud is a project to continually validate the interoperability of each CNCF project, for every commit on stable and HEAD, for all supported cloud providers with the results published to the cross-cloud public dashboard. See a demo of https://github.com/cncf/cross-cloud/, talk with the developers and help shape the future directions of the project.

Speakers
avatar for Taylor Carpenter

Taylor Carpenter

Partner, Vulk Coop
Partner at Vulk Co-operative - http://vulk.coop Co-Lead Cross-Cloud CI project - http://crosscloud.ci OpsDev geek. Elixir and Ruby programmer. Father, book devourer, dark beer lover. I think the concept of a delightful user experience should be applied to all parts of life including... Read More →
avatar for Hippie Hacker

Hippie Hacker

Curate 助理传道者, ii.coop
Hippie Hacker's unique approach to storytelling includes practical application of technology with a focus on humanity as a whole. He has a lifelong interest in the creation of vehicles of viral generosity. | | Though his travels started in an avocado green Volkswagen bus, they... Read More →
avatar for Dan Kohn

Dan Kohn

Executive Director, Cloud Native Computing Foundation
Dan Kohn is Executive Director of the Cloud Native Computing Foundation, which sustains and integrates open source technologies like Kubernetes and Prometheus. He also helped create and launch The Linux Foundation’s Core Infrastructure Initiative as an industry-wide response to... Read More →
DW

Denver Williams

Cross-Cloud Project Founder 跨云项目创始人, Debian


Wednesday December 6, 2017 7:30pm - 9:00pm
Meeting Room 5ABC, Level 3

7:30pm

BoF: Machine Learning on Kubernetes - hosted by David Aronchick, Google
Speakers
avatar for David Aronchick

David Aronchick

Head of OSS Machine Learning Strategy, Microsoft
David Aronchick leads open source machine learning strategy at Azure. He previously was the Senior Product Manager for the Google Container Engine and led product management on behalf of Google for Kubernetes. David has been helping to ship software for nearly 20 years, founding and... Read More →


Wednesday December 6, 2017 7:30pm - 9:00pm
Meeting Room 7, Level 3

8:00pm

CNCF Community Awards Reception & {code} Assembly

{code} is proud to sponsor the Cloud Native Computing Foundation Community Awards, which will honor the individuals who have made the greatest impact over the last year throughout the cloud native ecosystem.

Awards will be announced at the ceremony during the Wednesday night keynote, at 5:55pm. Following this, a reception will be held at Cedar Street Courtyard

  • 8:00pm: Doors Open for KubeCon + CloudNativeCon attendees – Food and drink hosted
  • 9:00pm: Make sure you get here before this time to beat the line!
  • 9:40pm: Winners recognized
  • 9:45pm: Live music from Spazmatic's 80's New Wave Cover Band 
  • 11pm: Go home or stay and hang out – but remember, you have more KubeCon + CloudNativeCon tomorrow!

Click here for more information

Wednesday December 6, 2017 8:00pm - 11:00pm
Cedar Street Courtyard 208 W. Fourth Street, Austin, TX 78701
 
Thursday, December 7
 

7:45am

The NewStack Pancake Breakfast & Podcast: Evolving Patterns in Kubernetes and Cloud Native Technologies

The patterns for Kubernetes and how they are changing as more companies start thinking through how they will connect their internal and external resources in one loosely coupled environment. What are the new security patterns and how do they fit with existing infrastructure environments?

Pancake breakfast included. Space is limited.

Speakers
avatar for Tasha Drew

Tasha Drew

Product Manager, VMware
product management, kubernetes, multitenancy, federation, application development, application deployment, workflow, cheese, empanadas, wine, food, cute fluffy animals
avatar for Gadi Naor

Gadi Naor

Co-founder & CTO, Alcide
Gadi Naor brings 15 years of experience in leading the development of cyber security products to his role as CTO and Co-Founder of Alcide. Gadi has blended his management and technological background in various positions. From 2001-2008, Gadi worked at CheckPoint where he served as... Read More →


Thursday December 7, 2017 7:45am - 8:45am
Meeting Room 18CD, Level 4

8:00am

Breakfast
Thursday December 7, 2017 8:00am - 9:00am
Palazzo, Level 1

8:00am

Registration
Thursday December 7, 2017 8:00am - 5:00pm
Palazzo, Level 1

9:00am

Keynote: KubeCon Opening Keynote - Project Update - Kelsey Hightower, Staff Developer Advocate, Google
Speakers
avatar for Kelsey Hightower

Kelsey Hightower

Staff Developer Advocate, Google
Kelsey Hightower has worn every hat possible throughout his career in tech, and enjoys leadership roles focused on making things happen and shipping software. Kelsey is a strong open source advocate focused on building simple tools that make people smile. When he is not slinging Go... Read More →


Thursday December 7, 2017 9:00am - 9:20am
Exhibit Hall 3, Level 1

9:00am

Live Stream of Keynotes - Overflow Room
Thursday December 7, 2017 9:00am - 10:40am
Ballroom A, Level 1

9:20am

Keynote: Kubernetes Secret Superpower - Chen Goldberg & Anthony Yeh, Google
Speakers
avatar for Chen Goldberg

Chen Goldberg

Director of Engineering, Google Cloud
Chen Goldberg is a technology leader with 18+ years of experience leading engineering teams. In her current role as Engineering Director, she leads Google Kubernetes Engine (GKE) and the OSS Kubernetes and Istio projects teams in Google Cloud. Her team is committed to enable open... Read More →
avatar for Anthony Yeh

Anthony Yeh

Software Engineer, Google
Anthony is an engineer on the Kubernetes Engine team at Google, focused on developing tools and best practices for making complex workloads self-managing. Before Kubernetes, Anthony worked on Vitess, the cloud-native MySQL clustering system at the heart of YouTube's main database... Read More →


Thursday December 7, 2017 9:20am - 9:40am
Exhibit Hall 3, Level 1

9:40am

Keynote: Red Hat: Making Containers Boring (again) - Clayton Coleman, Architect, Kubernetes and OpenShift, Red Hat

By ensuring everything about containers is standardized and boring, we can now focus on the overall Kubernetes experience when it comes to actually running containers. Freeing Kubernetes to just focus on orchestrating containers from now on and setting the stage for exponential growth. We'll take a brief look at how Kubernetes is prepared to explode in usage because the foundation has been solidified. From container standards to customer-resource definitions to pluggable hardware, Kubernetes is ready for broad usage patterns. 


Speakers
avatar for Clayton Coleman

Clayton Coleman

Architect, Kubernetes and OpenShift, Red Hat
Clayton is architect and engineer on cloud orchestration and containers at Red Hat, in charge of both technical direction for Kubernetes and OpenShift (Red Hat's platform as a service built on top of Kubernetes) as well as the broader container and container content efforts at Red... Read More →


Thursday December 7, 2017 9:40am - 9:45am
Exhibit Hall 3, Level 1

9:45am

Keynote: Pushing the Limits of Kubernetes with Game of Thrones - Zihao Yu & Illya Chekrygin, HBO
Do you want to know what it is like to run 15,000 pods in production? Are you interested in seeing how Kubernetes stands up to the record-breaking viewership and a login rate that is beyond belief on Game of Thrones Season 7 premiere? Come and see things we have done for the Game of Thrones preparation. We will talk about how we provision Kubernetes clusters on AWS, and how we monitor them and microservices that are running on the clusters.

In this talk, we will also go over how HBO Go went from deploying and running microservices on virtual machines in AWS EC2 to running the very same services inside the Kubernetes clusters. We were able to dramatically increase the productivity of our engineering teams and efficiency of resource utilization in the process. It wasn’t always a smooth ride and it wasn’t a one shot deal. Instead, it was a long and at times challenging journey starting from operating a reliable, production-ready Kubernetes cluster in AWS, advancing to gradually deploying select services into Kubernetes clusters, load testing them, and running them in parallel to our current EC2 installations, and finally going live. Come and learn some helpful tips and mistakes we made along the way, which could help your organization embrace the Kubernetes world.

Speakers
avatar for Illya Chekrygin

Illya Chekrygin

Sr Staff Engineer, HBO
Illya has been working on Kubernetes adoption at HBO, which includes cluster provisioning, maintenance, telemetry and service migration. He also drove the containerization of HBO's core streaming services and CI/CD integration for their traditional EC2 deployments. Prior to HBO, Illya... Read More →
avatar for Zihao Yu

Zihao Yu

Sr Staff Engineer, HBO
Zihao Yu is a Senior Staff Engineer at HBO, helping HBO GO backend services deploy faster and more reliably. He has contributed to the design and development of several iterations of cloud infrastructure and CICD pipelines for deploying microservices at HBO. He is currently working... Read More →



Thursday December 7, 2017 9:45am - 10:05am
Exhibit Hall 3, Level 1

10:15am

Keynote: Progress Toward Zero Trust Kubernetes Networks - Spike Curtis, Senior Software Engineer, Tigera
Tigera’s Spike Curtis will share how enterprises are starting to embrace a zero trust network security posture, and demonstrate how such an approach can be enabled within an orchestrated environment such as Kubernetes by combining service mesh and network policy with a multi-factor authentication, authorization and encryption strategy.

Speakers
avatar for Spike Curtis

Spike Curtis

Senior Software Engineer, Tigera
Spike Curtis is a software developer at Tigera. He co-leads the Istio Security Working Group and is a contributing author of SPIFFE specifications.  He is also a core developer for Calico.



Thursday December 7, 2017 10:15am - 10:20am
Exhibit Hall 3, Level 1

10:20am

Keynote: The Road Ahead on the Kubernetes Journey - Craig McLuckie, CEO, Heptio

It has been amazing to watch Kubernetes emerge as a standard operating environment for distributed systems development over the past few years. In a short few years it has become embraced by almost every significant vendor in the ecosystem and is going from strength to strength. It is emerging not only as a way to not only solve hard problems deploying and running applications, but is supporting the development of new approaches to building and running applications that power the world.  

 During this session, Craig McLuckie, one of the Kubernetes founders and CEO of Heptio will look ahead to the coming years and talk about some important trends in the ecosystem that will continue to support and drive the success of the project. We will focus on the emergence of expert operations and talk about how Kubernetes is starting to change the organizations that build and manage distributed systems. This will touch on how SRE values are starting to find their way into modern development teams, what tools are still needed to drive ops maturity and the overall value of this trend to companies adopting cloud native technologies. We will discuss the value of continued focus on modularity and extensibility in the cloud native ecosystem as a way to foster innovation in the ecosystem, and also discuss the the emerging role Kubernetes is playing in the increasingly heterogeneous world of cloud.


Speakers
avatar for Craig McLuckie

Craig McLuckie

CEO, Heptio
Craig McLuckie is the CEO of Heptio. Previously he worked at Google where co-founded the Kubernetes project, bootstrapped the Cloud Native Computing Foundation and launched Google Compute Engine.


Thursday December 7, 2017 10:20am - 10:40am
Exhibit Hall 3, Level 1

10:30am

10:30am

Sponsor Showcase
Thursday December 7, 2017 10:30am - 5:30pm
Exhibit Halls 1 & 2

10:40am

Morning Break
Thursday December 7, 2017 10:40am - 11:10am
Palazzo, Level 1

11:10am

The Road to More Usable Kubernetes - Joe Beda, Heptio
At KubeCon EU, in Berlin, I got up on stage and stated that "Kubernetes Sucks (but all software sucks)". While we still have work to do, in the past several months the community has done great work to solve a whole host of issues to make Kubernetes “suck less.” In this talk I will outline the ways that the community has made this happen both in the core project and in the wider ecosystem.

Things are still developing, but here are the areas that I want to highlight. Hopefully we'll have talks on many of these so that I can highlight where and when folks can find out more. I won't be able to cover everything happening in the ecosystem but I can hint at the diversity and commitment to solving these issues.

* *Simpler application description.* As a community we are continuing to build more tcapable and simpler tools for describing applications through projects like ksonnet, OpenCompose, Kompose, and Helm.
* *Serverless platforms.* Through “function as a service” like systems we can abstract much of the nitty gritty around getting code packaged and running. In addition, scaling can be easy and automatic as code is run only when needed.
* *Simpler cluster install and admin.* kubeadm and how it is becoming a common toolkit. Similar work is ongoing to explore the idea of standardizing the description of a cluster at the infrastructure level through projects like Kubicorn. In addition, new APIs, such as the certificates API, are key building blocks for getting secure clusters up and running.
* *Curated development experiences.* Systems like Draft help to automate the build/launch/update cycle for development workflows. Others are also exploring ways to connect developers to clusters.
* *Making Kubernetes boring.* Kubernetes is maturing as a platform. As that happens, things in the "nucleus" are slowing down. In the past 6 months we've seen a concerted effort to encourage new features to be built with extensibility mechanisms as much as possible. This allows those projects to move fast while enabling exploration of the problem space.
* *Conformance.* Another key enabler for widespread Kubernetes adoption is conformance. There has been a wide set of folks involved in describing what should get to be called "Kubernetes". Tools like Sonobuoy point the direction to making this be an automated process that anyone can run against any cluster.
* *Observability.* Prometheus continues to be the go-to OSS solution for monitoring in the Kubernetes world. In additions, systems like linkerd and Istio/envoy enable introspection at the microservice mesh level.

We still have many challenges. Many of these are going to take long concerted efforts to fix. We are trapped, in some ways, by our promise of backward compatibility. It is often better to live with something annoying than to force breaking changes on our user base.

*Call to action:* Great job community! But the job isn't done. Let's keep working hard to bring Kubernetes to a larger and larger set of users and environments.

Speakers
avatar for Joe Beda

Joe Beda

CTO, Heptio
Joe is the CTO and co-founder of Heptio. H started his career at Microsoft working on Internet Explorer (he was young and naive). Throughout his 7 years at Microsoft and 10 years at Google, Joe has worked on GUI frameworks, real-time voice and chat, telephony, machine learning for... Read More →


Thursday December 7, 2017 11:10am - 11:45am
Ballroom A, Level 1

11:10am

SIG Jaeger Update - hosted by Yuri Shkuro, Uber Technologies & Pavol Loffay, Red Hat

The Jaeger project was open sourced at the beginning of this year. In this update we will go through the current Jaeger features, give a short demo, and talk about the roadmap for the upcoming year. After this session everybody is welcome to attend the Jaeger Deep Dive Session and Salon. 

(Audience: Anybody)


Speakers
avatar for Pavol Loffay

Pavol Loffay

Software Engineer, Red Hat
avatar for Yuri Shkuro

Yuri Shkuro

Staff Engineer, Uber Technologies
Yuri is a Staff engineer at Uber Technologies, working on distributed tracing, reliability, monitoring, and performance. He is a member of the CNCF OpenTracing Specification Council, and the founder of Jaeger, Uber's open source distributed tracing system.



Thursday December 7, 2017 11:10am - 11:45am
Meeting Room 5ABC, Level 3

11:10am

SIG Linkerd: Data Plane Under the Hood - hosted by William Morgan, Buoyant
Speakers
avatar for William Morgan

William Morgan

CEO, Buoyant
William Morgan is the cofounder and CEO of Buoyant, creators of Linkerd. Prior to Buoyant, he was an infrastructure engineer at Twitter, where he helped move Twitter from monolith to microservices. He was a software engineer at Powerset, Microsoft, and Adap.tv, and a research scientist... Read More →


Thursday December 7, 2017 11:10am - 11:45am
Meeting Room 7, Level 3

11:10am

All You Need to Know to Build Your GPU Machine Learning Cloud [B] - Ye Lu, Qunar
GPU is becoming the new common, but at the moment, GPU resources are still hard to find for people who wants to have a taste. So how to build your GPU machine learning cloud?

Resource management & App templating
Even if your company or organization have purchased some GPU devices. Environment and resource isolation is always a problem. Also at the beginning the cloud is more used as a playground, so another consideration is to improve usage rate of resources. How we use Kubernetes to solve this problems.

How to use a wizard to generate machine learning, you can choose using tensorflow or theano, how many GPUs you need, etc.

Make the “customized changes” in immutable container be played back.
The features of container is immutable, which is a double-edged sword, which can ensure the environment can be unique/portable. On the other side, any changes inside the running container can be lost after recreation. How the customed env is saved and reuse?

Managing persistence storage in Kubernetes
How to turn our RBD served as hosted s3, to save models, training data, and so on. So The data scientist can access their data both as a volume and s3 standard api.
Support the running machine learning app,like tensorflow to do online resize.

App model & permission control
We'll talk about the app center , design of appcode and permission control.

Speakers
YL

Ye Lu

DevOPS, Bytedance
Devops Engineer @Qunar. Experienced in operating and managing OpenStack cloud, including Qunar OpenStack Cloud in 7 regions. Started constructing and using kubernetes Cloud since 2015. | OpenStack Ambassador.


Thursday December 7, 2017 11:10am - 11:45am
Meeting Room 9C, Level 3

11:10am

Extending Kubernetes 101 [A] - Travis Nielsen, Quantum Corp
Kubernetes provides the ability to extend the platform with your own custom types and controllers. We will walk through a tutorial to write a custom controller, also known as an operator. Patterns will be reviewed that will make your application a natural extension of the platform through CRDs and desired state management, all with the same security, lifecycle management, and API surface that native Kubernetes applications expect.

Speakers
avatar for Travis Nielsen

Travis Nielsen

Principal Software Engineer, Quantum Corp
Travis Nielsen is a Principal Software Engineer for Quantum Corporation where he works on Rook – a software defined storage initiative based in Seattle. Prior to Quantum, Travis was the storage platform tech lead at Symform, a P2P storage startup acquired by Quantum. Before joining... Read More →



Thursday December 7, 2017 11:10am - 11:45am
Meeting Room 6AB, Level 3

11:10am

Building a Cluster Management API using Kubicorn [A] - Robert Bailey, Google & Kris Nova, Heptio
Kris Nova (Heptio) and Robert Bailey (Google) join forces and begin the difficult task of looking into the future of the infrastructure layer of Kubernetes. We start the talk with a brief summary of the state of infrastructure today and explain the differences between “infrastructure as code” and “infrastructure as software”. We look at how the lack of definition in the most fundamental layer of the stack has fragmented our community and caused problems with adoption of Kubernetes.

We propose a new way of representing infrastructure (the cluster API) for the Kubernetes community and take a deep dive into its implementation in kubicorn. We look at the structure of the cluster API and share valuable insight on how we took lessons from other areas of Kubernetes to form what it is today. Furthermore we look at the power of having a declarative approach to infrastructure as we start to treat the infrastructure layer the same as the application layer.

The audience will walk away with a clear understanding of the infrastructure layer, as well as a new way of thinking about the infrastructure in the future via the cluster API.

Speakers
avatar for Robert Bailey

Robert Bailey

Software Engineer, Google
Robert is a lead for the cluster lifecycle SIG and has been working on Kubernetes for more than 3 years. He was one of the founding members of the Google Container Engine team. Prior to Kubernetes, he was a Site Reliability Engineer helping teams at Google launch new products and... Read More →
avatar for Kris Nova

Kris Nova

Senior Developer Advocate, Heptio
Kris Nova is a senior developer advocate at Heptio focusing on containers, infrastructure, and Kubernetes. Kris is also an ambassador for the Cloud Native Computing Foundation. Previously, she was a developer advocate and an engineer on Kubernetes in Azure at Microsoft. Kris has a... Read More →



Thursday December 7, 2017 11:10am - 11:45am
Meeting Room 8ABC, Level 3

11:10am

Embracing Cloud Native at a Thriving, Established Company - Brian Akins, MailChimp
We are in the midst of a major shift at MailChimp. In many ways, we are a microcosm of the industry as a whole: moving from large monoliths to microservices and trying to figure out what that even means. I will discuss the hands-on, real world experiences we have had as we embrace microservice techniques and technologies. I’ll discuss why we choose Kubernetes, Prometheus, and other cloud native technologies. I’ll show our approach to building and operating multiple on premise, bare metal clusters. We’ll talk about our existing development and deployment pipeline as well as our current experimental projects. We’ve had a few false starts and failures and will discuss those to help others possibly avoid the same issues. Finally, I’ll speak candidly about the struggles we’ve had getting organizational momentum for this transformation.

Speakers
avatar for Brian Akins

Brian Akins

Principal Engineer, MailChimp
Brian is a 20 year industry veteran.He has done a bit of everything - from assembly to CSS racking servers to building distributed systems. For the last few years, Brian has been focused on building and operating infrastructure using components such as containers, Kubernetes, Prometheus... Read More →



Thursday December 7, 2017 11:10am - 11:45am
Ballroom B, Level 1

11:10am

Kubernetes Deconstructed: Understanding Kubernetes by Breaking It Down [I] - Carson Anderson, DOMO
Understanding Kubernetes as a whole can be daunting. With so many different components working together it can be hard to know how the pieces work together or where new products and features fit in. I will start at the highest level and then peel off the layers one at time to explain how some of the "magic" happens. Over the course of the presentation I will break Kubernetes into the following layers:

"Kubernetes for the End User": A quick summary on some of the core components of Kubernetes: Namespaces, Deployments, Pods, Services, and Ingress Rules. At this layer the user just needs to understand the promises made by Kubernetes, not necessarily the way it keeps them. This layer primarily serves to establish a typical cluster workload. The resources defined here will be used when explaining all of the deeper layers.

"Kubernetes for the Cluster Admin": This Layer peels away some of the cluster "Magic". I will cover how the service account, default tokens, ReplicaSet and Pods from the previous layer got created by the kube-controller-manager. I will also explain how the kube-scheduler decided which node the workload should run on and how that decision could have been influenced by fields in the pod spec. This section will touch on the core concepts of Ingress controllers, Admission Controllers, scheduling, and core controller loops.

"Kubernetes for the Cloud Admin": This layer covers Kubernetes at an infrastructure level. Core concepts covered are: Horizontal Scaling, Load Balancing, high availability for masters and nodes, node management, and fault-tolerance levels. Here is also where I set the stage for the network layer that is covered next.

"Kubernetes for the Network Admin": Now we dig deeper into the network infrastructure. Explaining how pods and services work together, how your network traffic figures out where to go, and how it gets there. This section covers the concepts of East-West and North-South load balancing. The goal is to provide an basic understanding of the network promises made by Kubernetes and how you might replace them with other software and services.

"Kubernetes for the Linux Admin": A discussion of Kubernetes at the OS layer. This layer digs into the processes and configuration of the base OS. This includes pluggable container engines ex: Docker vs. Rkt, logging, CNI, metric gathering and volume mounting.

"Kubernetes for the Power-User": Time permitting, the final section will put all of the previous ones together to show how a next-generation application might be deployed on top of Kubernetes and take advantage of the more advanced features.

Speakers
avatar for Carson Anderson

Carson Anderson

Sr. Systems Admin, DOMO
I've been working as a Sys Admin 8 years. I have been focused on Docker, Kubernetes, and container infrastructure at scale for the last 2 years. | | Previous Presentations: | * Kubernetes Deconstructed - https://vimeo.com/245778144/4d1d597c5e | * Dynamic Kubernetes - http://dynamic-kubernetes.carson-anderson.com... Read More →



Thursday December 7, 2017 11:10am - 11:45am
Meeting Room 19AB, Level 4

11:10am

GitOps - Operations by Pull Request [B] - Alexis Richardson, Weaveworks & William Denniss, Google
GitOps is the latest exciting evolution in empowering developers to do operations and CICD. Imagine describing your entire infra in Git declaratively and then continually using that to verify your state. Well, with Kubernetes, and tools like Terraform, and Ansible, you can. We've taken this forward by adding continuous diffs and alerting - and even some of our observability stack itself. An introduction is here: https://www.weave.works/blog/gitops-operations-by-pull-request

William (Google PM) and Alexis (Weaveworks, CNCF) will talk about how we jointly developed this pattern based around our own use cases. We shall make reference to other companies using the approach like Github and Atlassian. This is NOT a product pitch - we are going to teach you the PATTERNS.

Speakers
avatar for William Denniss

William Denniss

Product Manager, Google
William is a Product Manager at Google on Google Kubernetes Engine. He chairs the Kubernetes Conformance working group, and has a passion for interoperability and developer experience. Previously he worked in the OAuth community, authoring RFC 8252 and creating AppAuth, the leading... Read More →
avatar for Alexis Richardson

Alexis Richardson

Founder & CEO, Weaveworks
Alexis is the co-founder and CEO of Weaveworks. He is also the chairman of the TOC for CNCF, and the co-founder of the Coed:Code meet ups. | | Previously he was at Pivotal, as head of products for Spring, RabbitMQ, Redis, Apache Tomcat and vFabric. Alexis was responsible for resetting... Read More →


Thursday December 7, 2017 11:10am - 11:45am
Ballroom C, Level 1

11:10am

Deploying Kubernetes Without Scaring Off Your Security Team [I] - Paul CzarkowskI, Pivotal & Major Hayden, Rackspace
subtitle: "The Major Hayden Center For Kubernauts Who Can't Security Good And Wanna Learn To Do Other Stuff Good Too"

One of the larger roadblocks we face in the enterprise when trying to adopt new technologies is getting the security and compliance teams onboard.

Tools like kubicorn and kubeadm are likely the foundation on which Kubernetes deployments will be performed in the future as they help simplify the deployment and operations of Kubernetes a very complex distributed system.

However concerns about security and compliance, which are not as yet addressed by those tools, may act as inhibitors and road blocks to using these them and thus Kubernetes in the enterprise.

Thankfully the techniques and tools for deploying Enterprise Linux distributions, securing them, and ensuring compliance already exist and can be very easily combined with kubernetes.

In this talk we’ll expand upon these enterprise requirements and use cases and show how we can use existing Ansible tooling to deploy kubernetes on bare metal or the cloud, monitor it with common enterprise monitoring tools, secure it with a 2fa SSH bastion, and ensure [DISA STIG] compliance.

Speakers
avatar for Paul Czarkowski

Paul Czarkowski

Principal Technologist, Pivotal Software
Paul Czarkowski is a recovering Systems Administrator who has run infrastructure for longer than he cares to admit. After cutting his teeth in the ISP and Gaming industries Paul changed his focus to using (and contributing to) Open Source Software to improve the Operability of complex... Read More →
avatar for Major Hayden

Major Hayden

Principal Architect, Rackspace
Major Hayden is a principal architect at Rackspace and lives just outside San Antonio, Texas. He automates infrastructure deployments while improving security along the way. He runs icanhazip.com and blogs on major.io. Don't give him new ideas for domain names -- he owns far too many... Read More →



Thursday December 7, 2017 11:10am - 11:45am
Meeting Room 12AB, Level 4

11:10am

State of Serverless [B] - Mark Peek, VMware & Doug Davis, IBM
Serverless and FaaS computing is gaining in popularity to easily create microservice applications. In this talk we will discuss what are the characteristics of serverless, the status of the serverless working group within the CNCF, and the open source options available for running serverless and associated services with a focus on kubernetes.

Speakers
avatar for Doug Davis

Doug Davis

STSM, IBM
Doug works in IBM's Digital Business Group. He's been working on Cloud related technologies for many years and has worked on many of the most popular OSS projects, including OpenStack, CloudFoundry, Docker and Kubernetes. He's currently co-leading the CNCF's Serverless WG, the Cloud... Read More →
avatar for Mark Peek

Mark Peek

Principal Engineer, VMware
Mark is a Principal Engineer at VMware working across areas of interest such as cloud management, cloud native applications, and open source. Currently, he is leading the work on serverless within VMware. Mark contributes to a wide range of open source projects and is the VMware representative... Read More →



Thursday December 7, 2017 11:10am - 11:45am
Meeting Room 9AB, Level 3

11:10am

SIG API-Machinery Deep Dive Session - hosted by Daniel Smith, Google
Speakers
avatar for Daniel Smith

Daniel Smith

Staff Software Engineer, Google
Daniel has been working on Kubernetes since before it was open sourced, contributing enough in the early days that he’s still one of the top contributors overall. Currently, he is co-Chair and co-TL of the Kubernetes API Machinery SIG, and TL of the corresponding Google team. Before... Read More →


Thursday December 7, 2017 11:10am - 12:30pm
Meeting Room 10C, Level 3

11:10am

SIG Architecture Deep Dive - hosted by Brian Grant, Google
Speakers
avatar for Brian Grant

Brian Grant

Principal Engineer, Google
Brian is the co-Technical Lead of Google Kubernetes Engine, co-Chair of Kubernetes SIG Architecture, Kubernetes API approver, Kubernetes Steering Committee member, and CNCF Technical Oversight Committee member, where he's sponsored 11 CNCF projects (not including Kubernetes). His... Read More →


Thursday December 7, 2017 11:10am - 12:30pm
Meeting Room 4BC, Level 3

11:10am

TUF/Notary Salon - hosted by Justin Cappos, NYU & David Lawrence, Docker
Speakers
avatar for Justin Cappos

Justin Cappos

Professor, NYU
Justin Cappos is a professor in the Computer Science and Engineering department at New York University. His research includes the TUF project (which is hosted by the Linux Foundation / CNCF), which provides a compromise-resilient mechanism for the secure distribution of software... Read More →
DL

David Lawrence

Senior Security Engineer, Docker
Lay security developer that has learned a lot of mistakes the hard way. David started off building authentication systems, moved on to encrypted cloud storage for a few years, and is now working on the Security Team at Docker, presently focused on securing software distribution


Thursday December 7, 2017 11:10am - 12:30pm
Meeting Room 4A, Level 3

11:55am

Squash: A Debugger for Kubernetes Apps - Idit Levine, solo.io
Squash is a tool for debugging distributed applications.

Most cloud native applications written today follow the microservice architecture. These applications are distributed by nature, and therefore hard to debug.

Microservice engineers debug their applications by printing values of select variables into log files. This leaves them with the daunting task of sorting through reams of log data, which at best provide a partial view of the state of application. This approach is cumbersome, time consuming and works better with "easy" bugs.

Many advanced tools to debug monolitic applications exist in the market, and provide users with powerful ways to dissect their programs and to interact with them on the fly. However, these tools cannot be used directly for debugging applications that follow the microservice architecture pattern.

Squash is designed to bring the strength of modern debuggers and the convenience of their IDEs to microservices developers. Squash uses popular, powerful and mature debuggers (gdb, dlv, java debugging) and integrates them seamlessly with Kubernetes. This allows devs to use the debugger of their choice, and the IDEs that support it, to develop microservices on any platform.

Speakers
avatar for Idit Levine

Idit Levine

CEO, Solo.io
Idit Levine is the founder and CEO of solo.io, which develops open-source tools to help the enterprise adopt innovative cloud technologies.



Thursday December 7, 2017 11:55am - 12:30pm
Meeting Room 10AB, Level 3

11:55am

SIG Windows - hosted by Michael Michael, Apprenda
Speakers
avatar for Michael Michael

Michael Michael

Sr. Director, Apprenda
Michael Michael (or M2 as he's known) is Apprenda's Senior Director of Product Management. Michael also leads the Kubernetes SIG-Windows which is tasked to bring Windows Server support natively to Kubernetes. He is an experienced, detail-oriented software engineer with problem-solving... Read More →


Thursday December 7, 2017 11:55am - 12:30pm
Meeting Room 5ABC, Level 3

11:55am

Building GPU-Accelerated Workflows with TensorFlow and Kubernetes [I] - Daniel Whitenack, Pachyderm
GPUs are critical to some artificial intelligence workflows. In particular, workflows that utilize TensorFlow, or other deep learning frameworks, need GPUs to efficiently train models on image data. These same workflows typically also involve mutli-stage data pre-processing and post-processing. Thus, a unified framework is needed for scheduling multi-stage workflows, managing data, and offloading certain workloads to GPUs.

In this talk, we will introduce a stack of open source tooling, built around Kubernetes, that is powering these types of GPU-accelerated workflows in production. We will do a live demonstration of a GPU enabled pipeline, illustrating how easy it is to trigger, update, and manage multi-node, accelerated machine learning at scale. The pipeline will be fully containerized, will be deployed on Kubernetes via Pachyderm, and will utilize TensorFlow for model training and inference.

Speakers
avatar for Daniel Whitenack

Daniel Whitenack

Lead Data Scientist and Advocate, Pachyderm
Daniel Whitenack (@dwhitena) is a Ph.D. trained data scientist working with Pachyderm (@pachydermIO). Daniel develops innovative, distributed data pipelines which include predictive models, data visualizations, statistical analyses, and more. He has spoken at conferences around the... Read More →



Thursday December 7, 2017 11:55am - 12:30pm
Meeting Room 9C, Level 3

11:55am

Kubernetes Feature Prototyping with External Controllers and Custom Resource Definitions [I] - Tomas Smetana, Red Hat
Getting patch into Kubernetes might be difficult. Getting a new feature into Kubernetes is... even more interesting experience. When working on the persistent volume snapshotting feature we realized that the straightest path might not lead us where we wanted, Our original idea of adding few API objects and a controller become more complicated when we presented it to the community. So we took a small detour by creating the feature out-of-tree first.

In the talk I will describe the journey of the volume snapshotting feature, how do the external controllers work, what are Custom Resource Definitions and how to add features to Kubernetes without changing its code base.

Speakers
TS

Tomas Smetana

Engineering Manager, Red Hat
Tomas is a an Engineering manager in Red Hat. He is an Open Source enthusiast who used to work on various userspace Linux components contributing to several FOSS projects. For the past one year he is active in the Kubernetes Storage SIG.



Thursday December 7, 2017 11:55am - 12:30pm
Meeting Room 6AB, Level 3

11:55am

Building Helm Charts From the Ground Up: An Introduction to Kubernetes [I] - Amy Chen, Heptio
Learn the basics of Kubernetes from the perspective of creating a Helm Chart from scratch!

The Kubernetes cluster will be launched from Rancher, an open source container management software. At the end of this workshop, you will have a functional understanding of pods, services, deployments, Helm, Rancher, and more!


Why learn Kubernetes with Helm Charts?
Much of today's beginner educational content for Kubernetes uses the Kubernetes CLI tool. This can make it hard to visualize the relationship between each command and debug your cluster. Learning how to incrementally build Helm Charts provides a bigger picture of your cluster and is more reproducible.

Why is Rancher cool?
Rancher makes it easy to configure, deploy and manage Kubernetes, on any infrastructure!

I'm in, what are we doing?
- Gain a high level understanding of key Kubernetes concepts accompanied with a lot of diagrams
- Gain an understanding of Rancher's open source container management platform
- Incrementally build a Nginx Helm Chart
- Deploy Nginx from a Kubernetes cluster managed by Rancher

Speakers
avatar for Amy Chen

Amy Chen

Software Engineer, Heptio
Amy Chen is a systems software engineer at heptio. She is passionate about containers, orchestration tools, Go, and salsa dancing. In her free time, Amy runs a youtube channel called Amy Codes where she talks about technical and non-technical aspects of being a software engineer... Read More →


Thursday December 7, 2017 11:55am - 12:30pm
Ballroom A, Level 1

11:55am

Managing and Running Multiple Kubernetes Clusters in Hybrid Setups [I] - Sebastian Scheele, Loodse & Simon Pearce, SysEleven
As hosting provider, SysEleven, runs and manages multiple Kubernetes clusters for various customers on different platforms. In this talk, we will give you a breakdown on how we run one single Google-like container engine for various clouds and also for bare metal. Moreover, we show how we provide high-availability clusters by running Kubernetes on Kubernetes.

Speakers
avatar for Simon Pearce

Simon Pearce

System Architect, SysEleven
Simon Pearce is a System Architect at SysEleven in Berlin Germany since 2013. He has over 15 years of experience in the web hosting industry. With a focus on building distributed systems on public and private clouds. He is responsible for the kubernetes service team at SysEleven... Read More →
avatar for Sebastian Scheele

Sebastian Scheele

Co-founder and CEO, Loodse
Sebastian Scheele is the CEO and co-founder of Loodse. With Loodse, he wants to empower IT teams to focus on their core expertise: writing groundbreaking applications. Sebastian is passionate about the potential of container and cloud native technologies and has published several... Read More →



Thursday December 7, 2017 11:55am - 12:30pm
Meeting Room 8ABC, Level 3

11:55am

Running Mixed Workloads on Kubernetes at the Institute for Health Metrics and Evaluation - Dr. Tyrone Grandison, Institute for Health Metrics and Evaluation (IHME), University of Washington
The mission of the IHME is to apply rigorous measurement and analysis to help policy makers make better decisions on a range of health policy issues. Like other organizations, the IHME have embraced containers and micro-services aggressively to better support hundreds of collaborating researchers.

In addition to containerized workloads, the IHME run a wide-variety of traditional analytic, simulation and high-performance computing workloads on an HPC cluster with 15,000 cores and 13PB of storage. Researchers increasingly need to combine both containerized and non-containerized elements into workflow pipelines, and a key challenge has been ensuring SLAs for various departments and avoiding duplicate infrastructure and unnecessary data movement and duplication. In collaboration with industry partners, IHME have deployed a unique solution based on Univa’s Navops technology that allows them to combine containerized and traditional analytic and high-performance application workloads on a single shared Kubernetes cluster, ensuring departmental SLAs and helping contain infrastructure costs.

In this talk Dr. Grandison will discuss IHME, their experience deploying containerized applications and how they went about using Kubernetes to support a variety of new containerized applications as well as a variety of traditional analytic applications.

Speakers
avatar for Dr Tyrone Grandison

Dr Tyrone Grandison

Chief Information Officer, Institute for Health Metrics and Evaluation (IHME), University of Washington
Tyrone is the Chief Information Officer leading the IT team at the IHME, independent global health research center at the University of Washington. The IHME provides rigorous and comparable measurement of the world’s most important health problems and evaluates the strategies used... Read More →



Thursday December 7, 2017 11:55am - 12:30pm
Ballroom B, Level 1

11:55am

Kubernetes on AWS: Practices & Opinions [I] - Arun Gupta, Amazon Web Services & Raffaele di Fazio, Zalando
A lot of progress has been made on how to bootstrap a cluster since Kubernetes' first commit. It is now only a matter of minutes to go from zero to a running cluster on Amazon Web Services. There are still many fundamental topics to take a simple setup to something that can be run in production in a large enterprise and it is easy to get confused by the number of options and customizations.
In this talk we will show both common practices for running Kubernetes on AWS and an opinionated view of those. Specifically, we will cover options and recommendations on how to install and manage clusters, configure high availability, perform rolling upgrades and handle disaster recovery, as well as continuous integration and deployment of applications, logging, and security.
At the same time, we will explain how those topics are addressed at Zalando, Europe's leading fashion platform, based upon their experience of operating tens of Kubernetes clusters in production on AWS.

Speakers
avatar for Raffaele Di Fazio

Raffaele Di Fazio

Software Engineer, Zalando SE
Raffaele works with the Zalando's Platform Engineering team in Berlin since 2015. There he is working on container technologies, currently focusing on Kubernetes and cluster orchestration. Over the years, Raffaele developed a genuine passion for simplicity and the Golang language... Read More →
avatar for Arun Gupta

Arun Gupta

Principal Technologist, Amazon Web Services
Arun Gupta is a Principal Technologist at Amazon Web Services. He is responsible for the Cloud Native Computing Foundation (CNCF) strategy within AWS, and participates at CNCF Board and technical meetings actively. He particularly enjoys AMA on Containers and Serverless. He has built... Read More →



Thursday December 7, 2017 11:55am - 12:30pm
Ballroom C, Level 1

11:55am

Building Serverless Application Pipelines [A] - Sebastien Goasguen, Bitnami
The serverless paradigm is bringing a new type of applications to the forefront of application architecture. Distributed, containerized, scalable, event-driven and ephemeral with fine grained billing. In this talk we will go through several application use-cases that are driving the serverless movement (e.g data processing, IoT, mobile-backends,machine learning) and demonstrate how these applications can be developed and deployed on top of Kubernetes using an open source serverless solution called kubeless. Through live demos and examples, we will show that Kubernetes with its rich and stable core API is the perfect platform to build FaaS solutions.

Speakers
avatar for Sebastien Goasguen

Sebastien Goasguen

Kubernetes Lead, Bitnami
Sebastien Goasguen is a twenty year open source veteran. A member of the Apache Software Foundation, he worked on Apache CloudStack and Libcloud for several years before diving into the container world. He is the founder of Skippbox, a Kubernetes startup acquired by Bitnami where... Read More →


Thursday December 7, 2017 11:55am - 12:30pm
Meeting Room 9AB, Level 3

11:55am

Preventing Attacks at Scale [I] - Dino Dai Zovi, Capsule8

Security hardening for containers, clusters, and operating systems is a very important part of setting up infrastructure and always "Plan A". The world of "Plan A" defends the importance of making sure your cluster is set up securly. Dino comes from the world of "Plan B" and will focus on detecting when security boundaries have been breached. This is necessary for environments where you don't have ability to ensure base OS is fully patched, etc.

Step into the world of Linux kernel features such as seccomp, eBPF, kprobes and Kubernetes tunable security features and learn how to detect and defend against attacks at scale.


Speakers
DD

Dino Dai Zovi

CTO, Capsule8
Dino Dai Zovi is the Co-Founder and CTO at Capsule8. Dino is also a regular speaker at information security conferences having presented his independent research at conferences around the world including DEF CON, Black Hat, and CanSecWest. He is a co-author of the books "The iOS Hacker's... Read More →



Thursday December 7, 2017 11:55am - 12:55pm
Meeting Room 12AB, Level 4

12:30pm

OCI Community F2F

Join the OCI Community for a face-to-face meeting on planning for the future, from technical discussions to future roadmap discussions.


Thursday December 7, 2017 12:30pm - 2:00pm
Meeting Room 3, Level 1

12:30pm

Diversity Luncheon (pre-registration required)
We invite everyone attending KubeCon + CloudNativeCon North America 2017 to join us for a special luncheon & program featuring discussions around diversity and inclusion.  

Attendees must be registered to attend KubeCon + CloudNativeCon North America in order to attend this event.

Space is limited and registration is required.
Click here to sign-up now!

Thursday December 7, 2017 12:30pm - 2:00pm
Meeting Room 18CD, Level 4

12:30pm

Lunch (Attendees on Own)
Check out these local deals for event attendees: 

  1.  Café Blue -  10% off your bill excluding alcohol (expires COB 12/9/17)
  2.  Michelada’s – Free Queso with purchase of entrée
  3.  Max’s Wine Dive – 15% off your bill excluding alcohol (Expires COB 12/8/17)

*Must have event badge to receive discounts*

Thursday December 7, 2017 12:30pm - 2:00pm
Sponsor Showcase

2:00pm

Testing Distributed Software on Kubernetes with PowerfulSeal [I] - Mikolaj Pawlikowski, Bloomberg
When it's about distributed systems, testing is hard. But it's more fun when you have a Seal.

Come and meet PowerfulSeal, a simple solution to introduce some chaos to your systems.

PowerfulSeal understands Kubernetes and lets you:
- write simple yaml policies to describe scenarios of destruction
- target specific pods and deployments (k8s integration)
- target specific nodes and take them up and down
- discover things in interactive mode with awesome auto-complete

Don't wait for your software to break, break it yourself, and fix it before it's too late!

Speakers
MP

Mikolaj Pawlikowski

Software Engineer, Bloomberg
Mikolaj Pawlikowski previously built 2 startups, worked as a freelance consultant and collaborated on open source projects like Cozy Cloud. He has been evangelizing containers and their orchestration tirelessly at Bloomberg. In his free time he's researching productivity and happ... Read More →


Thursday December 7, 2017 2:00pm - 2:35pm
Meeting Room 10AB, Level 3

2:00pm

SIG Cluster-Ops Update - hosted by Rob Hirschfeld, RackN

Operators of Kubernetes, Unite!  SIG Cluster Ops was formed nearly two years ago with the goal of being a installer neutral place for operations to collaborate.  Frankly, we've had challenges getting critical mass because operators cluster around their installer groups.  This session will discuss rechartering as Working Group and review the mission of the group.  We'll also review plans for the next 6 months.  If you're hoping Kubernetes can limit the installer explosion, then this session is a good one for you too.


Speakers
avatar for Rob Hirschfeld

Rob Hirschfeld

CEO, RackN
Rob's first startup literally patented the cloud. He has been in the cloud and infrastructure space for 20 years and has done everything from working with early ESX betas to serving four terms on the OpenStack Foundation Board and as an executive at Dell. As a co-founder of the Digital... Read More →


Thursday December 7, 2017 2:00pm - 2:35pm
Meeting Room 7, Level 3

2:00pm

''Hot Dogs or Not" - At Scale with Kubernetes [I] - Vish Kannan & David Aronchick, Google
Kubernetes promises to be a multi workload platform. This talk will explore how Kubernetes can be easily leveraged to build a complete Deep Learning pipelines starting all the way from data ingestion/aggregation, pre-processing, ML training, and serving with the mighty Kubernetes APIs. This talk will use Tensorflow and other other ML frameworks to highlight the value that Kubernetes brings to Machine Learning. Along the way, key infrastructure features introduced to abstract and handle hardware accelerators which make Machine Learning possible will also be presented.

Speakers
avatar for David Aronchick

David Aronchick

Head of OSS Machine Learning Strategy, Microsoft
David Aronchick leads open source machine learning strategy at Azure. He previously was the Senior Product Manager for the Google Container Engine and led product management on behalf of Google for Kubernetes. David has been helping to ship software for nearly 20 years, founding and... Read More →
VK

Vishnu Kannan

Software Engineer, Google Inc
Vishnu Kannan is a Senior Software Engineer at Google. | Vishnu received his Masters in ECE from Georgia Tech. | He has been a systems engineer ever since he graduated. He hacked on the Linux Kernel for a couple of years at Cisco. He then worked on Borg at Google. | He is currently... Read More →


Thursday December 7, 2017 2:00pm - 2:35pm
Meeting Room 9C, Level 3

2:00pm

Extending the Kubernetes API: What the Docs Don't Tell You [I] - James Munnelly, Jetstack
At the heart of Kubernetes is its API. Whilst on the surface it may appear relatively simple to use, under the hood is a beast of complex conversions, codecs and generators. In this talk, I'll show you how the Kubernetes maintainers have created their own tooling to make this process easy when contributing to core, and how you can use this to build your own custom controllers, operators and API servers. I'll then demonstrate this technique with a pager extension to Kubernetes.

Speakers
avatar for James Munnelly

James Munnelly

Solutions Engineer, Jetstack
I'm a Solutions Engineer at Jetstack, which involves helping customers bend and break Kubernetes to their will. I've created a number of extensions to Kubernetes core, including cert-manager (a kube-lego successor), Navigator (DBaaS for Kubernetes), and built my own simple cloud provider... Read More →



Thursday December 7, 2017 2:00pm - 2:35pm
Meeting Room 6AB, Level 3

2:00pm

Kubernetes Distributions and 'Kernels' - Tim Hockin & Michael Rubin, Google
Kubernetes has historically released a full fledged distribution - everything you need. As the project gets more modular, that will become more complicated. This talk will explore the problems we face with this, and some ways can solve them, considering other analogous OSS ecosystems.

Speakers
avatar for Tim Hockin

Tim Hockin

Principal Software Engineer, Google
Tim is a principal software engineer at Google, where he works on the Kubernetes and Google Container Engine (GKE). He is a co-founder of the Kubernetes project, and he is responsible for topics like networking, storage, node, multi-cluster, resource isolation, and cluster sharing... Read More →
avatar for Michael Rubin

Michael Rubin

Senior Staff Eningeer & TLM, Google
Twenty years in the Systems Software Industry, from developing enterprise file servers and systems. The past ten years he has worked at Google where he founded the Linux Storage group for its data centers and worked on world wide WAN and BGP technologies. Today he is co-leading and... Read More →



Thursday December 7, 2017 2:00pm - 2:35pm
Ballroom A, Level 1

2:00pm

Hybrid-Cloud, HIPAA Compliant Enterprise with Kubernetes - Steve Sloka, Heptio
This talk will outline how UPMC Enterprises utilizes Kubernetes on-premises and in a public cloud (AWS). We’ll see how a large enterprise balances SaaS offerings vs Kubernetes hosted services. We will walk through our approach to meet HIPAA compliance and how our deployments and underlying infrastructure changed to meet those requirements.

We'll also look at the Elasticsearch Operator which is an example of how we implement stateful applications. The operator ensures encryption at rest, in transit and provides a managed cloud offering inside Kubernetes. Also, we’ll look at how we implement Kong, an API Gateway in combination with Kubernetes Network Policies to ensure applications are limited to what they can access as well as how security is implemented outside of code.

Healthcare systems have a history of being large and complex, but Kubernetes has allowed UPMC Enterprises to be more agile and bring startup innovations to the enterprise.

Speakers
avatar for Steve Sloka

Steve Sloka

Sr. Systems Software Engineer, Heptio
Steve Sloka is a Sr. Systems Software Engineer from Pittsburgh, PA currently working at Heptio dealing with all things Cloud, Containers, and Kubernetes. At UPMC Enterprises he managed the open source initiative and has been working with k8s since early 2015.



Thursday December 7, 2017 2:00pm - 2:35pm
Meeting Room 8ABC, Level 3

2:00pm

Scaling to 5000+ Unique K8s Deployments, How We Did It [I] - Nicole Hubbard, WP Engine
Most organizations only need to run a couple deployments of their application in Kubernetes. In these situations, deploying onto Kubernetes clusters is relatively straightforward. What happens when you need to simultaneously deploy 5,000 unique instance of your application to different Kubernetes clusters at different providers worldwide?

Over the last year, we have worked to move over 60,000 of our customers' unique workloads from virtual machines onto Kubernetes. I will share our experiences on how to automate and simplify managing unique Kubernetes workloads at scale.

Speakers
avatar for Nicole Hubbard

Nicole Hubbard

Architect, WP Engine
Nicole Hubbard is an Architect at WP Engine where she focuses on building container based infrastructure, automation and helping teams deploy their applications.



Thursday December 7, 2017 2:00pm - 2:35pm
Ballroom B, Level 1

2:00pm

The Easy--Don't Drive Yourself Crazy--Way to Kubernetes Networking [B] - Gerard Hickey, Smartsheet
Implementing Kubernetes is not technically difficult, but the networking layer continues to confuse and cause implementation problems for those new to Kubernetes. Not everyone is capable of using GKE and may need to implement Kubernetes in an on-prem facility. Certainly there is a wealth of online documentation to assist new users but some of this documentation is contradictory due when the documentation was written and the multitude of network stacks available.

This presentation attempts to provide clarity for new implementers and those wishing to understand Kubernetes networking better. The content covers how networking is accomplished in the Kubernetes environment and the reasons why it is implemented differently than traditional network environments. In addition, several of the popular network stacks will be reviewed to provide attendees with knowledge to make a better informed decision when choosing between network stacks.

Speakers
GH

Gerard Hickey

Principle Systems Engineer, Smartsheet
Gerard Hickey is a Principal Systems Engineer at Smartsheet where he is building the next generation data center for the world's leading collaboration solution. He has spent the past decade working with and implementing the latest technologies in an effort to provide better automation... Read More →



Thursday December 7, 2017 2:00pm - 2:35pm
Meeting Room 19AB, Level 4

2:00pm

Certifik8s: All You Need to Know About Certificates in Kubernetes [I] - Alexander Brand, Apprenda
Certificates are an integral part of a secure Kubernetes cluster deployment. They are mainly used to secure the Kubernetes API server using TLS, but certificates (and keys) are also used for other cluster functions such as client authentication, encryption of secrets, TLS bootstrapping, and the generation of service account tokens.

Certificates pose interesting challenges to cluster operators. What does the certificate setup look like in an ideal scenario? How long should certificates be valid for? When nearing expiration dates, how can certificates be rotated to ensure the cluster remains operational? These challenges must be understood when it comes to deploying and operating a Kubernetes cluster.

After this talk, you should have a better understanding of:
- How each cluster component uses certificates for secure communications
- How certificates can be used for authentication, including service account tokens
- How the Kubelet TLS bootstrapping process works
- How to plan, generate and deploy the certificates required for a secure cluster
- How to rotate certificates that are nearing their expiration date

Speakers
avatar for Alexander Brand

Alexander Brand

Senior Systems Analyst, Apprenda
Alex works on the Kismatic Enterprise Toolkit at Apprenda, making the deployment of production Kubernetes clusters easier. He has been involved with Kubernetes and related projects since early 2016. Before Apprenda, Alex attended Queen's University in Canada, where he majored in Biomedical... Read More →



Thursday December 7, 2017 2:00pm - 2:35pm
Meeting Room 12AB, Level 4

2:00pm

FaaS and Furious - 0 to Serverless in 60 Seconds, Anywhere - Alex Ellis, ADP

OpenFaaS (or Functions as a Service) is a Cloud Native framework for building serverless functions with containers (as popularised by AWS Lambda). With OpenFaaS you can package any process or container as a serverless function for either Linux or Windows - just bring your Kubernetes or Docker cluster. Avoid vendor lock-in by running functions in your own datacenter or the cloud with your existing CI/CD and container ecosystem. The project focuses on ease of use through its UI and CLI which can be used to test and monitor functions in tandem with Prometheus integration that enables auto-scaling as demand increases.

You can deploy OpenFaaS in 60 seconds on Kubernetes and thanks to concise code templates all you need to write is a handler in your favourite programming language then let your cluster do the heavy lifting.

OpenFaaS was recently trending as the top open-source project on GitHub, won Best Cloud Computing Software 2017 from InfoWorld and has a thriving community with 65 contributors, 1400 commits and over 8k stars.

Come and find out how and why people are leveraging an event-driven architecture along with some cool interactive demos and swag.

https://blog.alexellis.io/introducing-functions-as-a-service/

https://github.com/openfaas

Note - OpenFaaS is an independent project started by Alex Ellis and is now being shaped by a growing community of contributors and users.


Speakers
avatar for Alex Ellis

Alex Ellis

Senior Staff Engineer, OpenFaaS/VMware
Alex Ellis is the founder and lead of OpenFaaS, the open-source Serverless project. Alex has 12 years of experience writing enterprise software and scaling distributed systems for over 500k clients and currently works as a Senior Staff Engineer at VMware’s Open Source Technology... Read More →


Thursday December 7, 2017 2:00pm - 2:35pm
Meeting Room 9AB, Level 3

2:00pm

Public Technical Oversight Committee (TOC) Meeting

The Technical Oversight Committee (TOC) provides technical leadership to the cloud native community. The CNCF will host a public TOC meeting, inviting the community to discuss the project roadmap for 2018, the upcoming TOC Election Schedule for 2018, along with holding an open Q&A for the community with TOC members. The agenda deck can be viewed here


Thursday December 7, 2017 2:00pm - 2:45pm
Meeting Room 17A, Level 4

2:00pm

Kubernetes SIG Storage - Ask me Anything - hosted by Stephen Watt, Red Hat

The Kubernetes Storage SIG will be attending the salon to hang out with the community and discuss general storage topics. If you have questions you would like answered or want to talk to the storage SIG about using k8s storage or the future storage roadmap, swing by!


Speakers
avatar for Stephen Watt

Stephen Watt

Chief Architect, Emerging Technologies, Red Hat
Steve Watt is the Chief Architect for Emerging Technologies within Red Hat’s Office of Technology. The Emerging Technologies group is responsible for the early identification and incubation of emerging and disruptive technologies. Presently, Steve’s teams are working on Red Hat’s... Read More →


Thursday December 7, 2017 2:00pm - 3:20pm
Meeting Room 10C, Level 3

2:00pm

SIG Jaeger Deep Dive Session - hosted by Yuri Shkuro, Uber Technologies & Pavol Loffay, Red Hat

This session is dedicated to an in-depth understanding of the Jaeger project. We will give a short demo, talk about various topics including the architecture, adaptive sampling, multi-tenancy, and configuration,  and review the roadmap for the upcoming year. After the session attendees should better understand the Jaeger architecture and be ready to make contributions to the project.

(Audience: Developers)

Speakers
avatar for Pavol Loffay

Pavol Loffay

Software Engineer, Red Hat
avatar for Yuri Shkuro

Yuri Shkuro

Staff Engineer, Uber Technologies
Yuri is a Staff engineer at Uber Technologies, working on distributed tracing, reliability, monitoring, and performance. He is a member of the CNCF OpenTracing Specification Council, and the founder of Jaeger, Uber's open source distributed tracing system.



Thursday December 7, 2017 2:00pm - 3:20pm
Meeting Room 5ABC, Level 3

2:00pm

Virtualizing Workloads on Kubernetes - hosted by Fabian Deutsch, Red Hat

There are several projects related to Kubernetes which are about virtualization in one way or the other.

In this saloon users and developers have the opportunity to get an overview and discuss the different virtualization related projects.

The first part of the session will focus around differentiating the use-cases of the individual projects. And the second part is about discussing and identifying shared problems in order to understand how a potential collaboration between the groups could look.

After this session an attendee should have a clear picture on each projects use-cases and goals, as well as their technical differences and similarities.


Speakers
avatar for Fabian Deutsch

Fabian Deutsch

Manager, Red Hat
Fabian Deutsch is working at Red Hat and used to be much more active in the Fedora community as he is today. In the past he has worked on oVirt and oVirt Node in particular, and is now involved in KubeVirt.


Thursday December 7, 2017 2:00pm - 3:20pm
Meeting Room 4A, Level 3

2:00pm

WG Multitenancy Deep Dive - hosted by David Oppenheimer, Google & Quinton Hoole, Huawei

Kubernetes has supported "soft" multitenancy since the beginning, with features such as namespaces, ResourceQuota, and resource-based scheduling. Over the years Kubernetes has added a number of sophisticated features to strengthen its multitenancy support, for example RBAC, PodSecuityPolicy, NetworkPolicy, priority/preemption, etc.

Now is a good time to take stock of Kubernetes' multitenancy support from the perspective of different types of users -- for example small organizations where everyone trusts each other, large enterprises that need isolation between many internal teams and applications sharing a cluster, SaaS providers hosting instances of their SaaS for many users in a single cluster, and infrastructure providers offering hosted "Kubernetes as a Service" -- and ask what are the key gaps remaining to be filled. Do we need hierarchical namespaces? Better mechanisms to hide shared resources so users can't see who they're sharing the cluster with? Multitenancy policies (quota, RBAC, etc.) that span namespaces, or that apply to a label-selected subset of objects within a namespace? Split-horizon DNS? Resource scheduling within the control plane to ensure no tenant monopolizes the API server, controllers, scheduler, etc.? Where on the spectrum from "soft multitenancy" to "hard multitenancy" should Kubernetes aim (and what do these terms mean, anyway?)

In this session we will discuss what multitenancy means to us as a community, and where we should focus our multitenancy efforts in 2018.


Speakers
QH

Quinton Hoole

Quinton is currently Technical Vice President of Cloud Computing at Huawei. Previously he spent five years at Google, where he was an Engineering Lead on the Kubernetes team, and Technical Lead and Manager of Ads Serving SRE. He was also the founding engineer of the Amazon EC2 cloud... Read More →
avatar for David Oppenheimer

David Oppenheimer

software engineer, Google
David Oppenheimer is a software engineer working on Kubernetes and GKE at Google. He is co-lead of the newly-formed Kubernetes multi-tenancy working group, and was previously co-lead of the Kubernetes scheduling SIG. He has been working on Kubernetes since 2014, and prior to that... Read More →



Thursday December 7, 2017 2:00pm - 3:20pm
Meeting Room 4BC, Level 3

2:45pm

Developing Locally with Kubernetes [I] - Ryan Jarvinen, Independent
This talk will cover several common local development scenarios, and will review the major tradeoffs found when adopting minikube, minishift, draft, and other popular tools for enabling local development of distributed web solutions.

Learn how using Kubernetes locally can help your web teams deliver solutions faster and more reliably.

Speakers
avatar for Ryan Jarvinen

Ryan Jarvinen

Developer Advocate, Red Hat
Ryan Jarvinen is a Developer Advocate and Open Source Evangelist focusing on improving developer experience in the container community. He lives in Oakland, California and is passionate about open source, open standards, open government, and digital rights. You can reach him as "RyanJ... Read More →



Thursday December 7, 2017 2:45pm - 3:20pm
Meeting Room 10AB, Level 3

2:45pm

SIG API-Machinery Update - hosted by Daniel Smith, Google
Speakers
avatar for Daniel Smith

Daniel Smith

Staff Software Engineer, Google
Daniel has been working on Kubernetes since before it was open sourced, contributing enough in the early days that he’s still one of the top contributors overall. Currently, he is co-Chair and co-TL of the Kubernetes API Machinery SIG, and TL of the corresponding Google team. Before... Read More →



Thursday December 7, 2017 2:45pm - 3:20pm
Meeting Room 7, Level 3

2:45pm

eBay Geo-Distributed Database on Kubernetes [A] - Chengyuan Li & Xinglang Wang, eBay
Database as a Service is one of the most interesting and challenging domains on the cloud industry. In eBay, we implemented a cloud-native geo-distributed document service based on the kubernetes. eBay extended the kubernetes to support local disk volume on bare metal machine, which enables the high performance DB can be deployed on the kubernetes as a Pod. On top of the kubernetes platform, we develop a control layer to orchestrate the databased pods and enable it can be distributed on multiple cluster, and expand the WISB model to use a workflow to auto manage the database cluster.

Speakers
CL

Chengyuan Li

Sr MTS Software Engineer, eBay
Chengyuan Li is a member in eBay Kubernetes team, his focus area is host-runtime and storage in Kubernetes. Before joining Kubernetes project, he worked in computer and network area for eBay cloud.
avatar for Xinglang Wang

Xinglang Wang

Principle MTS 首席工程师, eBay
Xinglang Wang is an architect in eBay Data platform, he is working on ebay next generation geo-distribute database, and his main focus is the distribution and control layer of the database. Before he is the architect of ebay real-time behaviour data pipeline, focus on real-time stream... Read More →


Thursday December 7, 2017 2:45pm - 3:20pm
Meeting Room 9C, Level 3

2:45pm

client-go: The Good, The Bad and The Ugly - Lili Cosic, Kinvolk
This talk will focus on client-go, a go client for talking to Kubernetes clusters. At Kinvolk we have used client-go in various Kubernetes projects. Lili will share the general use-case of client-go and explain how powerful it is to customize, optimize, and automate tasks with it. Furthermore she will explore the parts that client-go is great at, as well as the parts that can still be improved. Lili will end with a demo showing how easy it is to harvest the power of client-go, and showcase how it can be used to customize your Kubernetes experience and solve real problems.

Speakers
avatar for Lili Cosic

Lili Cosic

Software Developer, Kinvolk
Lili is a Software Developer at Kinvolk, a Berlin-based Linux development consultancy, where she works on a variety of projects surrounding Linux. Currently she is working on a Habitat Operator, a controller to easily create and manage Habitat Services on Kubernetes. In her free time... Read More →



Thursday December 7, 2017 2:45pm - 3:20pm
Meeting Room 6AB, Level 3

2:45pm

Vault and Secret Management in Kubernetes [I] - Armon Dadgar, HashiCorp
Secret data is everywhere, from database credentials, TLS certificates, API tokens, to encryption keys. Manageing secrets is a difficult challenge, but HashiCorp Vault provides an answer. In this talk, we discuss the challenges in secret management, provide an overview of Vault, and discuss how Vault and Kubernetes can be integrated. Integrating Vault solves the basic secret management challenge of securely distributing credentials, but also gives applications running Kubernetes access to features like dynamic secrets which are generated on demand and cryptographic offload to securely manage data in transit and at rest.

Speakers
avatar for Armon Dadgar

Armon Dadgar

CTO, HashiCorp
Armon (@armon) has a passion for distributed systems and their application to real-world problems. He is a founder and CTO of HashiCorp, where he brings distributed systems into the world of DevOps tooling. He has worked on Nomad, Vault, Terraform, Consul, and Serf at HashiCorp, and... Read More →



Thursday December 7, 2017 2:45pm - 3:20pm
Ballroom A, Level 1

2:45pm

Kuberneters in Hybrid Environments Using Cloud Interconnect [A] - Marc Chisinevski, F5 Networks
Solutions to enable customers to apply consistent traffic management and security policies regardless of whether their applications are running on-premises, in a Public Cloud or in a managed Kubernetes environment.


The demos (please below) use Equinix as the cloud interconnection; however, the solution would work very similarly with other colo/interconnect providers.
The demos are using Google Container Engine but this would work very similarly in AWS, Azure and Oracle Baremetal Cloud.

Demo
------------
How it works
---------------------
The F5 Container Connector configures the F5 BIG-IPs to expose applications in a Kubernetes cluster as virtual servers, serving North-South traffic.

Components
---------------------
F5 Container Connector (http://clouddocs.f5.com/containers/v1/kubernetes/)
running in Google Container Engine (GKE).

F5 BIG-IPs running in Equinix and doing IPSec VPN to Google Cloud Platform (using Google Compute Engine VPN gateway).
The F5 BIG-IP routes traffic to the container networks via the IPSec tunnel.

Speakers
avatar for Marc Chisinevski

Marc Chisinevski

Solution Architect (worldwide), F5 Networks
https://www.linkedin.com/in/chisinevski



Thursday December 7, 2017 2:45pm - 3:20pm
Meeting Room 8ABC, Level 3

2:45pm

Automating and Testing Production Ready Kubernetes Clusters in the Public Cloud - Ron Lipke, Gannet/USA Today Network
As a large enterprise organization with legacy infrastructure, we were interested in adopting Kubernetes in our internal Platform as a Service in the public cloud. However, we faced several challenges not addressed by the turn key offerings on the market, such as:

- Maintain control over network architecture within the public cloud to integrate with our internal resource
- Allow teams to easily spin up kubernetes clusters on their own for faster development cycles while retaining cost boundaries and charge-back insight
- Quickly iterate as new kubernetes versions are released and make new features available to end-users (most recently: Role Based Access Controls and StatefulSets)

We will share our experience of using configuration management to automate the testing, building and deployment of production ready cloud agnostic kubernetes clusters to the AWS and Google clouds. We will also discuss examples of moving some of our largest application workloads to these clusters.

Speakers
avatar for Ron Lipke

Ron Lipke

Senior Developer, Platform as a Service, Gannet/USA Today Network
Nuclear plant operator turned cloud person



Thursday December 7, 2017 2:45pm - 3:20pm
Ballroom B, Level 1

2:45pm

The Elements of Kubernetes - Foundational Concepts for Apps Running on Kubernetes [I] - Aaron Schlesinger, Microsoft Azure
“The Elements of Style” is one of the most important and foundational guidelines on how to write well. It has effectively summarized, in a list of seminal guidelines, how to harness the power of the English language to write high quality prose of almost any kind.

In computing, we have similar guides for various technologies. Python offers “The Zen Of Python”, Ruby has “The Rails Doctrine”, and so on...

One of the powers these documents wield is that they help serve as a “north star” that guides an entire community toward the same goals.

I believe we need a similar guide for Kubernetes. It would describe how app developers and operators should think about and use the features in Kubernetes to build and deploy reliable, stable apps. Armed with such a guide, we could all hope to better understand the “essence” of Kubernetes in pursuit of building better cloud native apps.

We don’t have anything like this today, but many in the Kubernetes community have strong, detailed opinions for what should go in this guide. Much of it is tribal knowledge or scattered in blog posts.

In this talk, I’ll try to bring many of these opinions together and lay out an “Elements of Kubernetes” guide for app developers and operators alike. I’ll do so by relating each “element” to stories and details I’ve seen in the community that reveal what makes a good Kubernetes and cloud native app.

Speakers
avatar for Aaron Schlesinger

Aaron Schlesinger

Cloud Developer Advocate, Microsoft
Aaron is a developer advocate at Microsoft Azure and a core maintainer of the Athens Project. He is an emeritus core maintainer and chair of the Kubernetes SIG-Service-Catalog and a contributor to various other projects in the Kubernetes community. He enjoys distilling his wide ranging... Read More →



Thursday December 7, 2017 2:45pm - 3:20pm
Meeting Room 19AB, Level 4

2:45pm

Load Testing Kubernetes: How to Optimize Your Cluster Resource Allocation in Production - Harrison Harnisch, Buffer
So you've carefully crafted your first Kubernetes service, and you're ready to deploy it to production. Well, not quite: there are still some important unknowns to understand before your service will be ready for production traffic. It's still unclear how the new service behaves when it's being pushed, and it's possible that Kubernetes will kill the service before serving a single request. At Buffer, we've developed a technique to optimize Kubernetes deployment limits by using load testing to identify optimal values for resource limits. When the service is under heavy load there are a few key metrics to watch to identify bottlenecks. These key metrics can be used to adjust resource limits. This real world approach allowed us to safely and efficiently switch over more than half our production traffic to our Kubernetes cluster and can be applied to any application.

This talk will include a live demo of how to tune Etcd using methods we do at Buffer.

Speakers
avatar for Harrison Harnisch

Harrison Harnisch

Staff Software Engineer, ZEIT
Harrison is a Staff Software Engineer at Buffer, implementing the transition to microservices with Kubernetes and Docker. He's given talks at KubeconEU and KubeconUS about setting resource limits.



Thursday December 7, 2017 2:45pm - 3:20pm
Ballroom C, Level 1

2:45pm

Fission: Serverless Functions for Kubernetes [B] - Soam Vasani, Platform9 Systems
"Serverless" functions allow users to easily create services from source code without dealing with packaging, deployment, scaling, etc.

Fission is a serverless function framework built on Kubernetes. Users write functions and map them to event sources, such as HTTP requests, timers, Kubernetes watches, and message queues. Users don't have to deal with container images, registries or even learn Kubernetes in much detail.

Functions consume CPU and memory resources only when running. Fission makes on-demand function loading very fast by keeping an idle pool of containers running, in effect creating a distributed "threadpool".

Fission is useful for:
* Creating web app backends or REST APIs
* Implementing webhooks
* Watching Kubernetes Resources for changes to implement simple custom
controllers
* Creating Kubernetes Initializers with minimal work

In this talk we'll give a few demos for these use cases, and cover:

* How fission works with function dependencies in a language-agnostic manner
* The development lifecycle of Functions: testing and incremental deployment
* The composition of functions into workflows using the Fission Workflow project
* Observability: log aggregation, metrics with Prometheus, tracing with Opentracing/Zipkin
* The interaction of functions with service meshes (Istio/Envoy)

Speakers
SV

Soam Vasani

Software Engineer, Platform9 Systems
| Soam Vasani created and works on the Fission framework at Platform9 | Systems. He's also worked on Platform9's Kubernetes cluster deployment | and management product. His past work includes distributed | filesystems, a log analysis stack, and infrastructure management | products... Read More →


Thursday December 7, 2017 2:45pm - 3:20pm
Meeting Room 9AB, Level 3

3:20pm

Afternoon Break
Thursday December 7, 2017 3:20pm - 3:50pm
Palazzo, Level 1

3:30pm

3:50pm

Welcome to Kubernetes - Introduction and Toolkit for Getting Started with Kubernetes [B] - Guinevere Saenger, Samsung SDS
This talk will focus on the beginning Kubernetes user by providing a basic introduction with explanations and example use cases. The presenter is herself a newcomer to Kubernetes and is thus uniquely placed to present information from a beginner’s perspective and share her personal strategies for success. Specific examples include: how to find mentors; how to find answers when the docs are confusing; how to get involved with local Kubernetes groups; and finding the best online learning tools. Attendees who are fairly new to tech itself or entered tech through non-traditional ways are especially encouraged to attend in order to add to their toolbox of resources.

Speakers
avatar for Guinevere Saenger

Guinevere Saenger

Software Engineer, GitHub
In 2016, Guinevere Saenger transitioned from being a full-time professional pianist to a career in tech. To do so, she obtained a spot at the highly competitive Ada Developers Academy in Seattle, a year-long, tuition-free, bootcamp-style software development training program for women... Read More →



Thursday December 7, 2017 3:50pm - 4:25pm
Meeting Room 19AB, Level 4

3:50pm

Helm Chart Patterns [I] - Vic Iglesias, Google
You will learn about the patterns and best practices we have learned from reviewing and maintaining the charts in the public Helm Charts repo. You will learn how to make your charts reproducible, scalable, flexible, configurable, and composable.

Speakers
avatar for Vic Iglesias

Vic Iglesias

Solutions Architect, Google
Vic Iglesias is a Staff Solutions Architect at Google with years of experience in both on-premise and in-cloud workload deployment, orchestration and management. He is a maintainer of the Kubernetes Charts repo and focuses on helping customers adopt Container Engine reliably, securely... Read More →


Thursday December 7, 2017 3:50pm - 4:25pm
Ballroom A, Level 1

3:50pm

SIG OpenStack Update - hosted by Stephen Gordon, Red Hat & Chris Hoge, OpenStack

SIG OpenStack coordinates the cross-community efforts of the OpenStack and Kubernetes communities. This includes co-ordinating improvements to and documentation of the OpenStack cloud provider implementation in Kubernetes as well as supporting efforts to deploy OpenStack itself using Kubernetes. Attend this session to learn more about the SIG's mission, recent accomplishments, and future plans.


Speakers
avatar for Stephen Gordon

Stephen Gordon

Principal Product Manager, Red Hat
Geographically displaced Australian. Focused on building infrastructure solutions for compute use cases using a spectrum of virtualization, containerization, and bare-metal provisioning technologies. Stephen is currently a Principal Product Manager at Red Hat based in Toronto, Canada... Read More →
avatar for Chris Hoge

Chris Hoge

Strategic Program Manager, OpenStack Foundation
Chris Hoge is a Strategic Program Manager for the OpenStack Foundation. He works on collaborations between OpenStack and container development communities, including Airship, Kata Containers, and Kubernetes. He also administers the trademark program for the OpenStack Foundation, and... Read More →


Thursday December 7, 2017 3:50pm - 4:25pm
Meeting Room 4BC, Level 3

3:50pm

Running MySQL on Kubernetes [I] - Patrick Galbraith, Consultant
MySQL is the world's most popular open source database and there are a number of ways to run it on Kubernetes. This talk will cover each type of MySQL deployment strategy starting from a simple MySQL pod, to a asynchronous replicated master-slave, synchronous Galera cluster, and on to a Vitess clustering system which allows for horizontal scaling of MySQL and innately has built-in sharding, explaining how each is deployed, what features are available, and what type of application they lend themselves to.


Speakers
avatar for Patrick Galbraith

Patrick Galbraith

Principal Platform Engineer, Oracle
Patrick Galbraith has been involved in MySQL, Linux, and other Open Source (OSS) projects back to the early days of Slackware. He has worked broad spectrum of companies and in a wide array of roles throughout his career, including Slashdot, MySQL, Blue Gecko, Hewlett-Packard, and... Read More →



Thursday December 7, 2017 3:50pm - 4:25pm
Meeting Room 9C, Level 3

3:50pm

Using Custom Resources to Provide Cloud Native API Management - Frank B Greco Jr, Northwestern Mutual
API management is an essential component for all production services. Northwestern Mutual uses it to secure 100s of microservices deployed to our Kubernetes clusters every day! Learning from our API management journey over the past few years, we found many ways to innovate in this space. Using Custom Resource Definitions as a catalyst, we created an open source project called Kanali, a Kubernetes native API management solution. In this talk, we will take you through our API management journey that led up to Kanali and then discuss how to use Kanali to secure your Kubernetes workloads. We will also look at how Kanali integrates with open source developer tooling such as Opentracing, Jaeger, and Grafana.

Speakers
avatar for Frank Basil Greco

Frank Basil Greco

Cloud Native Engineer, Northwestern Mutual
Hi I’m Frank! I’m an extremely passionate tech engineer, developer, and architect from Milwaukee. My current passions lie in highly available and scalable infrastructure, containerization, serverless architecture, automation, artificial intelligence, web development, API management... Read More →


kanali pdf

Thursday December 7, 2017 3:50pm - 4:25pm
Meeting Room 6AB, Level 3

3:50pm

Multi-Cluster Ops in a Hybrid World [A] - Vitaliy Zinchenko & Kire Filipovski, Oracle
The reality of multiple Kubernetes deployments typically leaves you with varied cluster profiles, deployed on a mix of on-prem and public cloud environments. Production ops for large distributed systems is hard enough in a single environment, but becomes even more complex with hybrid conditions.

In this talk, we’ll dissect how to leverage federation for Kubernetes governance across capacity management, micro service dependencies, infrastructure upgrades, versioning, and security, as well as, global high availability, continuity, and resiliency, in a hybrid environment.

Speakers
KF

Kire Filipovski

Kire Filipovski works as a Cloud Architect at Oracle leading design and implementation of a distributed containerized application management system. Previously Kire worked as a Distinguished Cloud Architect at Walmart where he designed computing platforms that transformed the world's... Read More →
VZ

Vitaliy Zinchenko

Cloud Architect, Oracle
Vitaliy Zinchenko is Oracle’s Cloud Architect working on the design and implementation of a Global Application System for Oracle Cloud customers. Prior to joining Oracle, Vitaliy was with Walmart Labs as a Principal System Engineer, where he implemented a cloud based application... Read More →


Thursday December 7, 2017 3:50pm - 4:25pm
Meeting Room 8ABC, Level 3

3:50pm

Large Scale Teaching Infrastructure with Kubernetes - Yuvi Panda, Berkeley University

Data Science & Programming literacy is an important aspect of literacy in the 21st century, but teaching these skills at scale is quite difficult. At UC Berkeley, we are trying - our 'Foundations of Data Science' course has no pre-requisites, and routinely attracts more than a 1000 students from across majors. 

Requiring students to have local programming environments installed & debugged is a non-starter at this scale. We have been running a Kubernetes based JupyterHub environment that allows them to do all their programming with a web based environment with Jupyter Notebooks. This is an important change in many ways:

1. Lets students start instantly with writing code, rather than dealing with the accidental complexity of installing software locally

2. Acts as an equalizer - a student using a chromebook borrowed from the library has no disadvantage over someone using an expensive Macbook Pro

3. This is course critical infrastructure, and needs high availability at low human / dollar cost

In this talk we'll go over how we have:

1. Used Kubernetes to make reduce our costs while allowing a larger group of people to deploy safely to various cloud providers.

2. Extracted our JupyterHub deployment into a project part of Project Jupyter (Zero to JupyterHub) that is being adopted at other universities & organizations.


Speakers
YP

Yuvi Panda

UC Berkeley, Data Science Education Program


Thursday December 7, 2017 3:50pm - 4:25pm
Ballroom B, Level 1

3:50pm

Securing Cluster Networking with Network Policies - Ahmet Balkan, Google
In a secure microservices cluster, you should only have the pods that need to communicate with each other to be able to establish network connections, and block all others. But how? Until recently, Kubernetes users could not enforce policies for container networking.

First introduced in Kubernetes 1.3, Network Policies are now a stable feature in Kubernetes 1.7. In this talk, we will discuss use cases for network policies, the Network Policy API, how to configure network policies, and how the configured policies are enforced. We will also present some network policies that address some common use cases and are relevant to securing your Kubernetes clusters.

Also, we will discuss the roadmap for Network Policies feature, other methods you can use to secure applications at network and application layers, and how Network Policies relate to service mesh projects such as Istio that offer similar functionality.

Speakers
avatar for Ahmet Alp Balkan

Ahmet Alp Balkan

Software Engineer, Google
Ahmet is a software engineer at Google Kubernetes Engine, working on optimizing the developer experiences. He creates developer tools and tells stories about complicated features. | | Previously, he has worked on Microsoft Azure on projects like porting Docker to Windows and... Read More →



Thursday December 7, 2017 3:50pm - 4:25pm
Ballroom C, Level 1

3:50pm

Compliance and Identity Management in Kubernetes [I] - Marc Boorshtein, Tremolo Security, Inc.
Compliance with what? Depends on your industry. As k8s continues to expand into regulated enterprises such as government, health care and financials deployments will need to understand how managing users and their access relates to compliance obligations. This session will focus on how identity management can be approached for solving this issue. How do you onboard users? Authorize their access to a namespace? Offboard them? Is there a need to differentiate between a privileged user and an unprivileged user? I'll go beyond the technical implementation in k8s and tie it to specific compliance requirements in FISMA and demo how solving the compliance issue can also improve the usability and security of your k8s deployment. This talk will follow a similar form to https://www.tremolosecurity.com/openshift-compliance-and-identity-management/ but specifically on k8s.

Speakers
avatar for Marc Boorshtein

Marc Boorshtein

CTO, Tremolo Security, Inc.
Marc has nearly fifteen years of identity and access management experience as a software engineer, product developer, and consultant. He is experienced building, deploying, and managing identity systems from most major vendors across numerous industries as well as working with security... Read More →



Thursday December 7, 2017 3:50pm - 4:25pm
Meeting Room 12AB, Level 4

3:50pm

Pontoon: An Enterprise Grade Serverless Framework Using Kubernetes – As Used in VMware Cloud Services [I] - Kumar Gaurav & Mageshwaran Rajendran, VMware
In VMware Cloud services, we perform both batch and real-time computations based on periodic schedules and on-demand events, using our in-house developed serverless framework called Pontoon. This provides better utilization of resources and enables our service developers to write serverless functions with simple declarations.
Kubernetes provides Jobs and Deployments as design constructs to handle such needs, while other frameworks like IronIO Functions, Fabric8, et al aim to solve end-to-end use case . However, we had to extend on top of Kubernetes Jobs & Deployments to define the packaging and I/O interactions of the function, implement a priority queue for execution, and provide declarative retry policy while ensuring high availability. A developer 'writes' a function supporting common EAI patterns for start time parameterized variables, and defines it's packaging and scheduling using a yaml file. The framework then packages it as a Container alongwith an 'observer' container in a pod, 'registers' it with the scheduler while ensuring choice of 'warm' vs on-demand requisite replicas of the pod, and then through a 'Scalar' manages the execution and life cycle of job, while logging and tracing failures/success.
This framework is in use over months in VMware Cloud services and we are now open sourcing it.

Speakers
avatar for Kumar Gaurav

Kumar Gaurav

Director R&D, VMware
Kumar Gaurav is working on the first set of services under VMware Cloud Services umbrella, a SaaS offering. He is a veteran in VMware, having built many cloud management products over 9 years and holds dozens of US patents, and few academic publications in Container space. He is the... Read More →
avatar for Mageshwaran Rajendran

Mageshwaran Rajendran

Staff Developer, VMware
Mageshwaran Rajendran is a lead designer and co-architect of Cost Insight- one of the service under VMware Cloud Services SaaS offering. He has earlier built big data based batch & real-time data pipelines handling TB’s data for financial institution and distributed applications... Read More →



Thursday December 7, 2017 3:50pm - 4:25pm
Meeting Room 9AB, Level 3

3:50pm

Enabling NFV Features in Kubernetes - hosted by Kuralamudhan Ramakrishnan & Ivan Coughlan, Intel
  • Concerned about your application performance, IO throughput and determinism?
  • Are you struggling to meet customer SLAs?
  • Does your use case require more granular resource scheduling?
  • Are you using latest hardware but feel that the application is not aware of or able to leverage those hardware features?


If your answer is YES to any of the above questions this salon is the one stop shop for you!!!

We will introduce you to a range of technologies that work with kubernetes allowing you to enhance your container solution with focus on optimizing  performance of your containerized application followed by an interactive hands-on session.

We are eagerly waiting for you to share our experience in creating and using these technology ingredients for creating our recipe “high performance data plane in NFV use cases”.

Attendees that register will also get an Intel USB stick* with information on K8S NFV features.

*Hurry!! Limited spaces available.

 


Speakers
IC

Ivan Coughlan

Senior Software Architect, Intel
Ivan Coughlan is a Senior Software Architect working for the Intel Software Defined Datacenter Solutions Group (SDSG) with a broad range of experience from embedded real time product development for the Telecoms industry to manufacturing IT systems development, integration and control.Currently... Read More →
avatar for Kuralamudhan Ramakrishnan

Kuralamudhan Ramakrishnan

Senior Software Engineer, Intel
Kuralamudhan Ramakrishnan is working as a Senior Network Software Engineer in Intel, Shannon Ireland. Kuralamudhan has specialised in the field of Networking for past 8 years in storage and data management and worked in Telco industries. He is very new to could computing and containers... Read More →



Thursday December 7, 2017 3:50pm - 5:10pm
Meeting Room 5ABC, Level 3

3:50pm

SIG Multicluster Deep Dive - hosted by Christian Bell, Google
Speakers
CB

Christian Bell

Software Engineer, Google
I am co-lead of the Kubernetes Multicluster SIG (previously Federation SIG). I am interested in how users can make use of multiple clusters for high availability, regional proximity and consistent deployments across regions and multiple cloud providers.


Thursday December 7, 2017 3:50pm - 5:10pm
Meeting Room 4A, Level 3

3:50pm

Containerd Salon - hosted by Derek McGowan & Stephen Day, Docker & Lantao Liu, Google

The Containerd Salon will include an introduction to containerd and cri-containerd, a getting started with Containerd, and a walk-through for setting up Kubernetes with cri-containerd. There will also be time for Q&A and discussion with the developers of both projects.


Speakers
avatar for Stephen Day

Stephen Day

Senior Software Engineer, Cruise
Stephen Day is a software engineer at Docker. His many contributions to Docker ecosystem projects include SwarmKit and the version 2 specification for the Docker Registry HTTP API, and evolving the available models for container image distribution. He currently works on containerd... Read More →
avatar for Derek McGowan

Derek McGowan

Software Engineer, Docker


Thursday December 7, 2017 3:50pm - 5:10pm
Meeting Room 7, Level 3

3:50pm

OpenTracing Salon - hosted by Yuri Shkuro, Uber Technologies, Pavol Loffay, Red Hat, & Ben Sigelman, Lightstep

This session will be an interactive discussion around distributed tracing, metrics, logging and how to use them all together via OpenTracing APIs. There will be a self-guided demo for tracing for beginners up to experienced users. We will work as a group and include brainstorming how to add visibility into your distributed systems. There will be a Birds of a Feather session to discuss the changes to the OpenTracing APIs and the direction of the project. The Salon will be facilitated by OpenTracing core developers and community members.


Speakers
avatar for Pavol Loffay

Pavol Loffay

Software Engineer, Red Hat
avatar for Yuri Shkuro

Yuri Shkuro

Staff Engineer, Uber Technologies
Yuri is a Staff engineer at Uber Technologies, working on distributed tracing, reliability, monitoring, and performance. He is a member of the CNCF OpenTracing Specification Council, and the founder of Jaeger, Uber's open source distributed tracing system.
avatar for Ben Sigelman

Ben Sigelman

CEO and Co-founder, LightStep
Ben Sigelman is the co-creator of the OpenTracing project (incubated by CNCF). An expert in distributed monitoring, he previously built Dapper, Google’s production distributed systems tracing infrastructure, and Monarch, Google’s fleet-wide time series collection, storage, analysis... Read More →


Thursday December 7, 2017 3:50pm - 5:10pm
Meeting Room 10C, Level 3

4:35pm

Developer Tooling for Kubernetes Configuration [I] - Gareth Rushgrove, Puppet
Writing Kubernetes YAML files provides a simple starting point for most users of Kubernetes. Mainly through the power of copy and paste we all get our first examples working. But as usage of Kubernetes grows, spanning teams and time, we build up a lot of those YAML files. Many people reach for templating, or look at higher-level tooling like Helm packages next. But catching errors is still mainly a manual process of running the resulting configuration against a working Kubernetes cluster.

In this talk we’ll look at what’s missing in this workflow, looking for inspiration from developer tooling from other languages and frameworks. In particular we’ll consider:

* Ways of providing feedback about invalid configuration in our text editors
* Validating configuration against the Kubernetes types, especially useful when generating that configuration from templates
* Checking Kubernetes configuration is valid for different versions of Kubernetes
* What unit testing our Kubernetes configuration looks like
* How to integrate all of this together into a continuous integration based workflow

We’ll show examples using straight YAML files, templating and higher-level tooling like Helm and Jsonnet. The talk will also cover the benefits of a standard development environment, especially for new users, and provide tips for those getting started and more experienced users. The audience should come away with ideas for making there Kubernetes experience more efficient and more developer friendly.

Speakers
avatar for Gareth Rushgrove

Gareth Rushgrove

Product Manager, Docker
Gareth Rushgrove is a product manager at Docker. He works remotely from Cambridge, UK, helping to build interesting tools for people to better manage infrastructure and applications. Previously he worked for the UK Government Digital Service focused on infrastructure, operations and... Read More →


Thursday December 7, 2017 4:35pm - 5:10pm
Meeting Room 10AB, Level 3

4:35pm

SIG Apps Update - hosted by Matt Farina, Samsung SDS

SIG Apps is the Special Interest Group that covers deploying and operating applications in Kubernetes. Being an area with a large surface area there's a lot going on. In this update session we'll look at how SIG Apps is setup along with a little history followed by updates on:

  1. The Workloads API in Kubernetes
  2. Ecosystem projects run by the Kuberentes organization such as Helm, Charts, Monocular, and others
  3. The state of the broader ecosystem and how we're looking to better enable that

Speakers
avatar for Matt Farina

Matt Farina

Samsung SDS
Matt works on the Cloud Native Computing Team at Samsung SDS where he focuses on cloud native applications. He is an author, speaker, and regular contributor to open source. Matt has a particular interest in developer tooling and experience, CI/CD, dependency management, and, of course... Read More →



Thursday December 7, 2017 4:35pm - 5:10pm
Meeting Room 4BC, Level 3

4:35pm

Accelerating Humanitarian Relief with Kubernetes [I] - Erik Schlegel & Christoph Schittko, Microsoft
How can UN humanitarian aid field experts use social media to gain insight, understand trends and track key humanitarian issues? Through a collaboration with Microsoft and UN OCHA, Project Fortis was created to accelerate the surveillance around humanitarian disasters and health epidemics around the world.

This talk discusses the architecture of a high-available native spark pipeline running across multiple Kubernetes clusters to support Fortis customers.

Speakers
avatar for Christoph Schittko

Christoph Schittko

Principal Software Development Engineer, Microsoft
Christoph Schittko is an engineer with Microsoft working with customers on innovative solutions in the areas of containerization and AI. He's been working with Microsoft customers on building cloud solutions since Azure was called "Red Dog". He’s recently been a contributor to... Read More →
ES

Erik Schlegel

Senior Engineer, Microsoft
Erik is an open source engineer at Microsoft, and based in the Austin area. He's one of the original contributors to the React Native Universal Windows Platform (UWP). Erik leads the engineering effort of Project Fortis, an open source data gathering / surveillance insight platform... Read More →



Thursday December 7, 2017 4:35pm - 5:10pm
Meeting Room 9C, Level 3

4:35pm

Extending Kubernetes: Our Journey & Roadmap [I] - Daniel Smith & Eric Tune, Google
What is the vision for Kubernetes Extensibility? Do you know the difference between initializers, cloud providers, and the CRI? In this talk we will describe how extension points in Kubernetes have evolved and go over the options today, and what they let you do. As we go over the extension points, we’ll give our vision for how they will evolve in the future, and talk about the sorts of things we expect the broader Kubernetes ecosystem to build out of them.

Speakers
avatar for Daniel Smith

Daniel Smith

Staff Software Engineer, Google
Daniel has been working on Kubernetes since before it was open sourced, contributing enough in the early days that he’s still one of the top contributors overall. Currently, he is co-Chair and co-TL of the Kubernetes API Machinery SIG, and TL of the corresponding Google team. Before... Read More →
ET

Eric Tune

Eric has worked on Kubernetes since before the first public release. He has contributed to Security, Tenancy, Application Controllers, Charts, Jobs, documentation, and more. Before Kubernetes, he worked on Google's Borg system, on datacenter-scale efficiency and performance measurement... Read More →



Thursday December 7, 2017 4:35pm - 5:10pm
Meeting Room 6AB, Level 3

4:35pm

The Architecture of a Multi-Cloud Environment with Kubernetes [I] - Brian Redbeard, CoreOS
Kubernetes is an orchestration platform that enables running distributed systems, which are designed with the philosophy of spreading wide to best prepare for outages. This is achieved by deploying your cloud applications at least across multiple hosts, and at best across multiple cloud vendors. Getting Kubernetes configured to run across multiple cloud environments, including on-premises, hybrid deployments, is a tricky undertaking. Hybrid deployments are a feature many organizations want to implement for a variety of reasons, including security over their data, reliability, and more.

Brian Redbeard, chief architect at CoreOS, will discuss the importance of using open source tools to prevent cloud vendors from locking their users into their walled gardens, and will explore the challenges of making Tectonic, CoreOS’s Kubernetes implementation, able to run on multiple cloud platforms.

Speakers
BR

Brian Redbeard

Chief Architect, CoreOS
Brian Harrington, also known as Redbeard, is chief architect at CoreOS. He is developer, hacker, and technical writer in the areas of open-source development and systems administration. His time spent in both defensive and offensive computing have combined with his readings of classical... Read More →



Thursday December 7, 2017 4:35pm - 5:10pm
Ballroom A, Level 1

4:35pm

101 Ways to Crash Your Cluster [I] - Marius Grigoriu & Emmanuel Gomez, Nordstrom
Running a kubernetes cluster requires operating many components. One must be good at running and scaling etcd, multiple control plane components, a monitoring system, a logging pipeline, Docker, rkt, and Linux itself. And this list isn't even close to being complete. With such a long list of technologies comes the potential to make a mistake that brings the whole cluster down. Come hear war stories from the Nordstrom's Kubernetes cluster admins. Each is a true story of how the cluster melted down, how they recovered, and what they did to prevent it from happening again. Don't let any of these happen to you...

Speakers
avatar for Emmanuel Gomez

Emmanuel Gomez

Principal Engineer, Nordstrom
Emmanuel initiated and served as tech lead on the Kubernetes platform efforts at Nordstrom for the last three years. He was working with and advocating for containers before the Kubernetes 1.0 release and has continuously (and tirelessly) developed, operated, educated, and led containerization... Read More →
avatar for Marius Grigoriu

Marius Grigoriu

Sr Manager, Nordstrom
Marius Grigoriu leads the teams responsible for all of the major tools along the software delivery pipeline: issue tracking, version control, continuous integration and deployment, and production through the use of Kubernetes. His focus is to help teams ship high quality systems on... Read More →



Thursday December 7, 2017 4:35pm - 5:10pm
Ballroom B, Level 1

4:35pm

Using Kubernetes API from Go [B] - Alena Prokharchyk, Rancher Labs
As Kubernetes becomes increasingly popular, the number of integration and monitoring services around it are also growing. The key component of any such service written in Golan is kubernetes/client-go – a package that is used to talk to Kubernetes cluster APIs. During this talk, we will discuss the basics of client-go usage and how they can save the developer time needed for writing an actual app logic.
We will also demonstrate the best practices for using the package and lessons learned from the perspective of a developer who does integration work with Kubernetes on a daily basis. Following items will be covered:

* Client authentication in cluster vs outside of cluster
* Basic list, create and delete operations for Kubernetes objects with client-go
* How to watch and react on Kubernetes events using ListWatch and Informers
* Package dependencies (vendor) management

Speakers
avatar for Alena Prokharchyk

Alena Prokharchyk

Principal Software Engineer, Rancher Labs, Inc.
Alena is a Principal Software Engineer at Rancher Labs, who's been working on building infrastructure services first for Virtual Machines, now for containers with main focus on Kubernetes. She enjoys helping others make sense of problems and explore solutions together. In her free... Read More →



Thursday December 7, 2017 4:35pm - 5:10pm
Meeting Room 19AB, Level 4

4:35pm

kubeadm Cluster Creation Internals: From Self-Hosting to Upgradability and HA [A] - Lucas Käldström, Student
kubeadm is the Kubernetes tool that helps you set up a Kubernetes cluster quickly and easily. kubeadm is different from other Kubernetes setup tools in that it doesn’t assume or depend on any special infrastructure. It assumes that you have one or more machine available and those machines can connect to each other via the network.

The master plan is to make kubeadm work both as the “fast path” to getting a best-practice Kubernetes cluster with a couple of easy-to-remember commands and as a toolbox for higher-level solutions like GKE, kops and Tectonic.

But how does kubeadm actually set up a cluster? How is it so easy to add a node with the Bootstrap Token? How does it self-host the control plane? How does it upgrade clusters smoothly with only one command? What is the plan for achieving HA without relying on any external infrastructure?

After this talk, you will be able to describe how:
  • kubeadm runs the different tasks in different stages
  • the network traffic between the cluster components flow
  • self-hosting of the control plane works
  • the Bootstrap Token works
  • the `kubeadm upgrade` command works
  • kubeadm will support multiple masters that are dynamically rotated
  • you can extend kubeadm to build your higher-level Kubernetes deployment tool

Speakers
avatar for Lucas Käldström

Lucas Käldström

CNCF 代表, Independent
Lucas is a passionate Kubernetes subproject owner and approver that is excited about all things cloud native. Lucas has been engaged in Kubernetes work for over three years now and been involved in work like porting Kubernetes to multiple platforms, getting minikube off the ground... Read More →



Thursday December 7, 2017 4:35pm - 5:10pm
Ballroom C, Level 1

4:35pm

Multi-Tenancy Support & Security Modeling with RBAC and Namespaces [I] - Fred Vong & Michael Y. Chen, VMware
As container technologies mature, Kubernetes is clearly gaining momentum with developers as a means to deploy their distributed applications. As more applications and clusters are deployed by more developers, multi-tenancy and isolation become concerns not only for the app developer, but also for the cluster admins. In this talk, we will discuss the various cluster security models available today, and how to use namespaces to provide tenant isolation. We will also demonstrate how to use Kubernetes’ Role Based Access Control (RBAC) feature as means of enforcing a multi-tenant security model. By assigning roles and role bindings and creating namespaces, we can implement restrictions on resource consumption and provide tenant isolation throughout the cluster. We’ll also demonstrate how the RBAC feature provides granularity of access control that can be adjusted to suit varying requirements—from granting full access to users or groups to a cluster to only granting access to specific resources within a namespace. Following the discussion of how to build a security model with namespaces and RBAC, this talk will also feature a live demonstration of RBAC and namespaces in action to illustrate the concepts and show how both admins and developers are affected by the model.

Speakers
avatar for Michael Chen

Michael Chen

Senior Manager, VMware
avatar for Fred Vong

Fred Vong

Staff Engineer, VMware
Fred Vong is passionate about the cloud and data center automation technologies. Currently, he is actively working on both OpenStack and container orchestration area in VMware. He believes deployment of whole software stack should be as simple as clicking a button.



Thursday December 7, 2017 4:35pm - 5:10pm
Meeting Room 12AB, Level 4

4:35pm

Building and Running an Enterprise-grade Serverless Platform on Kubernetes - Ying Huang & Quinton Hoole, Huawei
Serverless platforms provide functions as a service, and have become a hot topic largely because they allow developers to focus on core business logic, leaving packaging, deployment, monitoring, event propagation, scaling and load balancing to the infrastructure. The serverless billing model is simple - pay-per-invocation - which can being significant benefits for many event-driven applications.

Huawei launched its FunctionStage serverless platform, which is built on Kubernetes, in 2017. In this talk we will explain in detail the design and implementation of FunctionStage. This involved both fairly straightforward function packaging, scheduling, auto-scaling, event triggering and load balancing, as well as some significantly more interesting challenges related to container re-use, on-the-fly micro service provisioning, reliable operation and much more. We will demonstrate the use of our system to solve some complex real-world problems in Huawei Public Cloud.

Speakers
QH

Quinton Hoole

Quinton is currently Technical Vice President of Cloud Computing at Huawei. Previously he spent five years at Google, where he was an Engineering Lead on the Kubernetes team, and Technical Lead and Manager of Ads Serving SRE. He was also the founding engineer of the Amazon EC2 cloud... Read More →
YH

Ying Huang

Senior Software Architect, Huawei
Ying is currently a senior software architect at PaaS (Platform-as-a-Service) team at Huawei. She played a key role leading the design and implementation of FaaS (Function-as-a-Service) platform in Huawei. Before that, she worked in Microsoft Azure Identity team as an engineer for... Read More →



Thursday December 7, 2017 4:35pm - 5:10pm
Meeting Room 9AB, Level 3

6:00pm

All Attendee Party - Join us on Rainey Street!

Join us for an evening filled with the best eats, libations, live music and games the city has to offer!

The KubeCon + CloudNativeCon North America 2017 All-Attendee Party will be hosted along Austin’s famed Rainey Street on the evening of Thursday, December 7, spread out across eight different venues.  Check the website for details on each venue. 

Badges and ID are required to get in to all venues. Don't forget a jacket!

Note: Banger's is the only all ages venue. 


Thursday December 7, 2017 6:00pm - 10:00pm
Rainey Street
 
Friday, December 8
 

7:00am

Yoga by Lauran Janes

Yoga by Lauran Janes will be offered from 7:00 - 8:00am at the ACC. Bring your favorite yoga mat or towel, or use one of the complimentary ones provided. Please be sure to wear loose fitting, comfortable clothing. No mat? No problem we will have 25 mats available to those who need one. 

Yoga is open to all attendees, and no prior experience is needed! Space is limited and will be first come, first served.


Friday December 8, 2017 7:00am - 8:00am
Mezzanine Office 6, Level 2

8:00am

Breakfast
Friday December 8, 2017 8:00am - 9:00am
Palazzo, Level 1

8:00am

Registration
Friday December 8, 2017 8:00am - 5:00pm
Palazzo, Level 1

9:00am

Keynote: Opening Remarks
Friday December 8, 2017 9:00am - 9:10am
Exhibit Hall 3, Level 1

9:00am

Live Stream of Keynotes - Overflow Room
Friday December 8, 2017 9:00am - 10:40am
Ballroom A, Level 1

9:10am

Keynote: Kubernetes Community - Sarah Novotny, Head of Open Source Strategy, Google Cloud Platform, Google
Speakers
avatar for Sarah Novotny

Sarah Novotny

Head of Open Source Strategy, Google Cloud Platform
Sarah Novotny is head of Open Source Strategy group for Google Cloud Platform. She has long been an Open Source community champion in communities such as Kubernetes, NGINX and MySQL and ran large scale technology infrastructures before web-scale had a name. She co-founded Blue Gecko... Read More →


Friday December 8, 2017 9:10am - 9:30am
Exhibit Hall 3, Level 1

9:30am

Keynote: Kubernetes at GitHub - Jesse Newland, Principal Site Reliability Engineer, GitHub

In this talk, Jesse will provide an overview of the on-premesis Kubernetes deployments that currently power 20% of GitHub's production services. He'll also review the challenges GitHub has faced and overcome so far during their Kubernetes journey, and highlight ongoing and future Kubernetes enhancements that GitHub is excited about.


Speakers
avatar for Jesse Newland

Jesse Newland

Principal Site Reliability Engineer, GitHub



Friday December 8, 2017 9:30am - 9:50am
Exhibit Hall 3, Level 1

9:50am

Keynote: Manage the App on Kubernetes - Brandon Philips, CTO, CoreOS

Kubernetes has yet to close the developer gap from source code to app running in a production Kubernetes cluster. Many build bespoke tools. How can the Kubernetes community come together to build decomposable solutions that help people define their app, deploy it, and manage its lifecycle over time? Learn about the progress we are making together to elevate the conversation from container orchestration to application lifecycles management.


Speakers
avatar for Brandon Philips

Brandon Philips

CTO, CoreOS, Inc.
Brandon Philips is helping to build modern Linux server infrastructure at CoreOS as CTO. Prior to CoreOS, he worked at Rackspace hacking on cloud monitoring and was a Linux kernel developer at SUSE. As a graduate of Oregon State's Open Source Lab he is passionate about open source... Read More →



Friday December 8, 2017 9:50am - 9:55am
Exhibit Hall 3, Level 1

9:55am

Keynote: What's Next? Getting Excited about Kubernetes in 2018 - Clayton Coleman, Architect, Kubernetes and OpenShift, Red Hat

The Kubernetes ecosystem has grown tremendously over the last three years.  Each release pushes the boundaries of what we can accomplish and brings new participants and new success stories.  That success has a price: how do we do what's best for the community and for our users, and what's on deck for 2018?


Speakers
avatar for Clayton Coleman

Clayton Coleman

Architect, Kubernetes and OpenShift, Red Hat
Clayton is architect and engineer on cloud orchestration and containers at Red Hat, in charge of both technical direction for Kubernetes and OpenShift (Red Hat's platform as a service built on top of Kubernetes) as well as the broader container and container content efforts at Red... Read More →


Friday December 8, 2017 9:55am - 10:15am
Exhibit Hall 3, Level 1

10:15am

Keynote: What is Kubernetes? - Brian Grant, Principal Engineer, Google

Kubernetes has been described many different ways. How should one think about the platform? It partly depends on the problems you are trying to solve with it. I will discuss 10 ways to view Kubernetes based on use cases, how those uses relate to its features and architecture, how Kubernetes supports the features, and how the architecture is evolving to support them better. 


Speakers
avatar for Brian Grant

Brian Grant

Principal Engineer, Google
Brian is the co-Technical Lead of Google Kubernetes Engine, co-Chair of Kubernetes SIG Architecture, Kubernetes API approver, Kubernetes Steering Committee member, and CNCF Technical Oversight Committee member, where he's sponsored 11 CNCF projects (not including Kubernetes). His... Read More →


Friday December 8, 2017 10:15am - 10:35am
Exhibit Hall 3, Level 1

10:30am

10:30am

Sponsor Showcase
Friday December 8, 2017 10:30am - 4:00pm
Exhibit Halls 1 & 2

10:35am

Closing Remarks
Friday December 8, 2017 10:35am - 10:40am
Exhibit Hall 3, Level 1

10:40am

Morning Break
Friday December 8, 2017 10:40am - 11:10am
Palazzo, Level 1

11:10am

CNI, CRI, and OCI - Oh My! [I] - Elsie Phillips & Paul Burt, CoreOS
If you work with containers, it’s easy to get lost in the emerging standards and foundations. You might have questions like:
What is OCI? What happened to appc? Do I need to do anything to take advantage? Don’t we already have container runtimes? So, why do we need CRI? Similarly, what’s the use of CNI with all of the container networking solutions already out there?

Our aim is to answer all of these questions, and showcase places you can find (and use!) each of them. We’ll discuss how these specs affect you when using Kubernetes or other container orchestrated projects. Kubernetes will serve as a handy vehicle for some short, live demos. We’ll explore how each standard is improving our lives today, and what kinds of innovation they open up for the future.

Speakers
avatar for Paul Burt

Paul Burt

Community + Product Marketing, CoreOS
Paul Burt is a Community Manager at CoreOS. He’s upvoting your /r/kubernetes threads and answering your #coreos questions on freeNode. Paul has a knack for and demystifying infrastructure, and making gnarly, complex topics approachable. He enjoys home brewing beer, reading independent... Read More →
EP

Elsie Phillips

Community Manager, CoreOS
Elsie herds the CoreOS Community and Co-Leads the Kubernetes Contributor Experience SIG. She's a northwest native who got her start in open source working at the Oregon State University Open Source Lab. In her free time she throws wild one woman dance parties and makes a mean vegan... Read More →



Friday December 8, 2017 11:10am - 11:45am
Meeting Room 19AB, Level 4

11:10am

A Scheduling Simulator for Capacity Estimation of Kubernetes Clusters - Avesh Agarwal, Red Hat
Capacity planning is very important for meeting dynamic demands in any clusters. Without having an approximate view of the remaining capacity in a cluster, it is hard for cluster operators to decide if and when the cluster should be provisioned with more capacity or not. In Kubernetes clusters, capacity is associated with worker nodes in terms of resources such as cpu, memory or storage. Discussing capacity in terms of individual resources may be a bit ambiguous because a Pod is the smallest schedulable unit in Kubernetes clusters. Therefore, cluster operators may be more interested in knowing an approximate number of pods of a specific size (amount of resources) that can be scheduled on a cluster. This talk will introduce a new tool, called cluster capacity, that can be used to analyze the capacity of a Kubernetes cluster in this way. First, the talk will discuss about its use cases, followed by its design and implementation as a scheduling simulator. The talk will also include a demo to demonstrate various ways the tool can be run against a Kubernetes cluster. This talk will conclude with the discussion of future directions for this tool.

Speakers
AA

Avesh Agarwal

Red Hat
Avesh Agarwal works at Red Hat. He is a core contributor to Openshift and Kubernetes projects.



Friday December 8, 2017 11:10am - 11:45am
Meeting Room 10AB, Level 3

11:10am

Hybrid Cloud Powered by Kubernetes [I] - Aparna Sinha, Eric Brewer & Matthew DeLio, Google
Open Source Software (OSS) is great because it gives us freedom. OSS users by nature want to roll their own on premises, and use best-of-breed services in public clouds an without lock-in. Fortunately, Kubernetes runs everywhere so developers and operators don't need to learn new technologies to run hybrid and multi-cloud applications.

In this talk, we will demonstrate the use of two new extensibility features in Kubernetes to connect legacy on-premises applications and managed public cloud services with services running on Kubernetes in both places, creating an environment where users can have the best of all worlds. We will show the type of use cases this technology enables using examples from Google's cloud platform.

Speakers
avatar for Eric Brewer

Eric Brewer

VP Infrastructure, Google
Eric joined Google in 2011 and leads the company’s compute infrastructure design, including Google Cloud Platform.  He focuses on all aspects of Internet-based systems including cloud computing, scalability, containers, and storage. As a researcher, he has led projects on scalable... Read More →
MD

Matthew DeLio

Product Manager, Google, Inc.
Matthew DeLio is product manager at Google for Kubernetes multi-cluster, networking, and storage. He's also the PM SIG representative for storage. Prior to product management, Matthew was a software engineer at Google and has worked on search and platforms. He holds and MBA from the... Read More →
avatar for Aparna Sinha

Aparna Sinha

Group Product Manager for Kubernetes, Google
Aparna Sinha leads the product team for Kubernetes at Google. Her work is focused on transforming the way we work through technology innovation. Before Kubernetes, Aparna worked on the Android platform at Google. Prior to that she was Director of Product at NetApp where she led storage... Read More →


Friday December 8, 2017 11:10am - 11:45am
Meeting Room 8ABC, Level 3

11:10am

SIG Service Catalog Update - hosted by Paul Morie, Red Hat
Speakers
PM

Paul Morie

Principal Software Engineer, Red Hat
Paul is a Principal Engineer at Red Hat and has held various roles in different areas of the Kubernetes ecosystem. His current focus areas include multicluster, serverless, and service catalog. Before Kubernetes, he worked on the first three versions of Red Hat's OpenShift Container... Read More →


Friday December 8, 2017 11:10am - 11:45am
Meeting Room 7, Level 3

11:10am

Modern Big Data Pipelines over Kubernetes [I] - Eliran Bivas, Iguazio
Big data used to be synonymous with Hadoop, but our ecosystem has evolved over time with new database, streaming and machine learning solutions which don’t necessarily benefit from the Hadoop deployment model of Map/Reduce, YARN and HDFS. These solutions require a generic cluster scheduling layer to host multiple workloads such as Kafka, Spark and TensorFlow, alongside databases such as Cassandra, Elasticsearch and cloud-based storage.

Eliran Bivas is a senior big data architect with years of hands-on experience working on both big data and cloud native solutions. Eliran will go over a common solution framework to create cloud native end-to-end analytics applications. It involves using Kubernetes as an alternative to Yarn, running Spark, Presto, machine learning frameworks (TensorFlow, Python and Spark ML kits) and serverless functions coupled with local and cloud-based storage. The session will showcase customer use-cases from IoT, automotive, cloud SaaS and finance. It will also include a live solution demo which demonstrates the benefits of using big data and analytics over a cloud native architecture, eliminating the existing challenges of complexity and moving towards a continuous integration and development architecture for big data.

Speakers
avatar for Eliran Bivas

Eliran Bivas

Senior Big Data Architect, iguazio
Eliran Bivas is a senior big data architect at iguazio and a self-proclaimed tech junkie with a passion for innovation. Eliran is skilled with object-oriented design and development, having worked extensively on cloud native environments. He has broad experience developing with cloud... Read More →



Friday December 8, 2017 11:10am - 11:45am
Meeting Room 9C, Level 3

11:10am

You Have Stateful Apps - What if Kubernetes Would Also Run Your Storage? - Annette Clewett & Sudhir Prasad, Red Hat
Kubernetes supports Stateful Applications by connecting to your existing storage. But what if you don’t have any? Or the storage capabilities differs between your environments? Wouldn’t it be nice if Kubernetes itself would be able provide storage services without any external dependency from Day1?

gluster-kubernetes is an umbrella project, currently being submitted for inclusion in CNCF, tying together various open source technologies to do just this. It takes the concept of “container-native storage” literally and orchestrates containerized GlusterFS, a scalable, software-defined storage solution to provide object storage, file storage and block storage for your applications. In this session you will learn about the components in play and how they make Kubernetes provide Persistent Storage and S3 Object Storage that scales with the cluster and runs everywhere.

Speakers
avatar for Annette Clewett

Annette Clewett

Senior Storage Architect, Red Hat
Red Hat Storage Architect with broad knowledge across a spectrum of technologies – network, storage, virtual, and platform. Have successfully delivered countless studies that improved end-user experience and created more efficient and available infrastructures. Current projects... Read More →
avatar for Sudhir Prasad

Sudhir Prasad

Product Management Director, RedHat
Sudhir drives Container Native Storage and Container Ready Storage Red Hat portfolio for Kubernetes. Before joining Red Hat, Sudhir led Product Management and Strategy at Violin Memory and led Manageability product portfolio for automation & orchestration at NetApp. Before moving... Read More →



Friday December 8, 2017 11:10am - 11:45am
Ballroom A, Level 1

11:10am

Moving from Mesos to Kubernetes Without Anyone Noticing [I] - Anubhav Mishra, Hootsuite
At Hootsuite, we’ve been using Mesos and Marathon as our microservices platform for over two years but last year, we made the decision to bet on Kubernetes as its replacement. Eight months later, a small team of three operations engineers had migrated our first microservice from Mesos to Kubernetes. All without developers making any code changes. This was possible by architecting our applications with the proper set of abstractions. Fast-forward three months later and we have almost 20 microservices running on Kubernetes in production.

In this session, we’ll do a live demo of migrating a service from Mesos to Kubernetes, just like how we did it at Hootsuite! We will cover why architecting your infrastructure with the “right” abstractions helps you do these huge migrations with ease and how Kubernetes already contains these abstractions. We will explore how having a service mesh helps routing between two platforms while doing the migration. Also, how a mature CI/CD pipeline can help you deploy to two platforms with ease. To conclude we will explore the differences in running a service in Mesos and Kubernetes.

Speakers
avatar for Anubhav Mishra

Anubhav Mishra

Developer Advocate, HashiCorp
Anubhav Mishra is a Developer Advocate at HashiCorp. He previously worked at Hootsuite. At Hootsuite he was focused on building cloud infrastructure and distributed systems. His work spans developers and operators. He helped create the next generation microservice delivery platform... Read More →



Friday December 8, 2017 11:10am - 11:45am
Ballroom B, Level 1

11:10am

IoK: Istio-on-Kubernetes Deep Dive [I] - Daneyon Hansen, Cisco
Running microservices at scale is not easy. Istio is an open platform to connect, manage, and secure microservices. Did I mention that Istio runs on Kubernetes? During the talk I will cover the following content:
- Istio Introduction
- Istio Key Concepts- Traffic Management, Auth, Policy, etc.
- Istio Demonstration
- Istio-on-Kubernetes Roadmap
- Q&A

Speakers
avatar for Daneyon Hansen

Daneyon Hansen

Principal Software Engineer, Cisco
Daneyon is a software engineer at Cisco responsible for developing distributed applications. As part of the Cloud CTO Office, Daneyon focuses on contributing to emerging cloud computing technologies such as Kubernetes, Istio and others.



Friday December 8, 2017 11:10am - 11:45am
Meeting Room 9AB, Level 3

11:10am

Highly Available Services During Maintenance Events - Maisem Ali & Eric Tune, Google
Maintenance events occur and require taking down nodes for various reasons. Eric and Maisem talk about the best practices and lessons learned trying to minimize downtime during routine maintenance events.

They show how to use StatefulSets and PodDisruptionBudgets to achieve highly available services. They go on to explain what the best practices for performing node maintenance are using scenarios like failed pod evictions, non-responsive kubelets and network bisections.

Speakers
avatar for Maisem Ali

Maisem Ali

Software Engineer, Google
Maisem has been working on Kubernetes for the last two years. He has heavily contributed to upgradability and upgrade testing between Kubernetes versions, and primarily focuses on the Google Kubernetes Engine control plane
ET

Eric Tune

Eric has worked on Kubernetes since before the first public release. He has contributed to Security, Tenancy, Application Controllers, Charts, Jobs, documentation, and more. Before Kubernetes, he worked on Google's Borg system, on datacenter-scale efficiency and performance measurement... Read More →



Friday December 8, 2017 11:10am - 11:45am
Ballroom C, Level 1

11:10am

Shipping in Pirate-Infested Waters: Practical Attack and Defense in Kubernetes [A] - Greg Castle & CJ Cullen, Google
Kubernetes has a growing array of security controls available, but knowing where they all fit in, what the highest priorities are, and how it all helps against real attacks is still far from obvious. In this talk we’ll take a vulnerable application, exploit it, install tools, escalate privileges, propagate between containers and gain control of the cluster. At each stage of the attack we’ll demonstrate how proactive steps could have prevented these actions (or at least made them more difficult), from the container build process to writing RBAC/PodSecurity/AppArmor/Network policies, and more. Since configuration of each defence could be the subject of it’s own deep-dive talk, we’ll mainly focus on the big picture of “what” technologies you’d use to configure your cluster securely and “why”.

Speakers
avatar for Greg Castle

Greg Castle

Kubernetes/GKE Security Tech Lead, Google
Greg is the tech lead for the Kubernetes and Google Kubernetes Engine (GKE) security team at Google. Prior to GKE, Greg worked on the Google incident response team developing open-source investigation tools, and on OS X platform hardening. His pre-Google job roles have included pentester... Read More →
avatar for CJ Cullen

CJ Cullen

Software Engineer, Google
CJ works on the Google Container Engine (GKE) Security team. CJ has helped develop the Kubernetes authentication and authorization system, as well as building the cluster deployment and management infrastructure of Google Container Engine.



Friday December 8, 2017 11:10am - 11:45am
Meeting Room 12AB, Level 4

11:10am

SIG Apps Deep Dive Session - hosted by Matt Farina, Samsung SDS

SIG Apps is the Special Interest Group that covers deploying and operating applications in Kubernetes. In this working session we'll organize around application development and operation topics and then attempt to move forward on the highest priority ones, as decided by those in attendance. This is a working session where the audience is involved. Topics in this session could involve Helm, Charts, the workload APIs, Jobs and CronJobs, shared libraries for tool development, interoperability between tools, and more. So, bring you ideas and interest, come to the deep dive, and help make the application development and operation experience better.


Speakers
avatar for Matt Farina

Matt Farina

Samsung SDS
Matt works on the Cloud Native Computing Team at Samsung SDS where he focuses on cloud native applications. He is an author, speaker, and regular contributor to open source. Matt has a particular interest in developer tooling and experience, CI/CD, dependency management, and, of course... Read More →


Friday December 8, 2017 11:10am - 12:30pm
Meeting Room 4BC, Level 3

11:10am

SIG AWS Update & Open Discussion - hosted by Justin Santa Barbara, FathomDB

What's coming up for kubernetes on AWS and general face-to-face discussion of issues, experiences and plans.


Speakers
avatar for Justin Santa Barbara

Justin Santa Barbara

Google
Justin is one of the kubernetes sig-aws leads and started the kops project, so loves to talk about how to install and operate kubernetes, or on all things kubernetes-on-AWS or on other clouds (particularly GCP, having just joined Google!)


Friday December 8, 2017 11:10am - 12:30pm
Meeting Room 5ABC, Level 3

11:10am

SIG Grafeas Community Meet-up - hosted by Wendy Dembowski & Stephen Elliott, Google

Grafeas is an open source project whose goal is to provide organizations with a central source of truth for tracking software artifact metadata across an ever growing set of software development teams, pipeline, and technologies (see grafeas.io and github.com/grafeas). 

This meet-up is an opportunity to meet in person and discuss community collaboration opportunities and priorities for the project. Topics we may discuss include: extending the types of artifacts and metadata we support, metadata signing, Kubernetes integration, hybrid cloud stories, etc.

Looking forward to meeting you and discussing your ideas! (Also, you might consider attending the Grafeas BoF session Wednesday evening.)


Speakers
avatar for Wendy Dembowski

Wendy Dembowski

Staff Software Engineer, Google
Wendy is a Staff Software Engineer at Google. She is a co-founder and the Khaleesi of Grafeas.
avatar for Stephen Elliott

Stephen Elliott

Product Manager, Google



Friday December 8, 2017 11:10am - 12:30pm
Meeting Room 4A, Level 3

11:10am

SIG Node Deep Dive - hosted by Dawn Chen, Google

The Node SIG is the Special Interest Group that is responsible for Kubernetes node management. We work on things including Kubelet, container runtime, node level performance and scalability, node reliability, node lifecycle management, node resource management, node monitoring, node/pod level security, kernel interactions, etc. Basically, most things happen on a Kubernetes node is related to sig node.

In this session, we'll mainly cover 3 topics:

* Secure Container (Tim Allclair, Google): VM sandboxes, docker entitlements, and container hardening. What are the right levels of abstractions for container security, and how can we make secure containers more usable?

* Containerd (Stephen Day, Docker): Status update of containerd 1.0 and cri-containerd, the containerd-based implementation of Kubernetes Container Runtime Interface.

* CRI-O (Mrunal Patel, Red Hat): Status update of cri-o, the OCI-based implementation of Kubernetes Container Runtime Interface.

Besides the topics above, we'll also have free discussion about Node SIG's future plan, where you are very welcome to contribute to the discussion.


Speakers
DC

Dawn Chen

Senior Staff Software Engineer, Google
Dawn Chen (dchen1107@github) is a Senior Staff Software Engineer from Google Kubernetes Team. She has been one of tech leads in both Kubernetes and GKE, mostly focus on Node area. Prior Kubernetes, she was the one of the tech leads for Google internal container infrastructure for... Read More →


Friday December 8, 2017 11:10am - 12:30pm
Meeting Room 10C, Level 3

11:55am

Let's Build Kubernetes, With a Spreadsheet and Volunteers! - Justin Garrison, Independent
An introduction to the core responsibilities of Kubernetes. A visual representation of how Kubernetes works and what each component does. Building from nothing until we have a fully functional Kubernetes cluster built from people.

Our Kubernetes in meat space will teach you where to look when things break and help you remember what every component does. We'll show you how the system behaves when components fail and what you can do to fix it.

Speakers
avatar for Justin Garrison

Justin Garrison

Sr Systems Engineer, Independent
Justin is the co-author of Cloud Native Infrastructure and has his name in multiple movie credits. What he enjoys most is helping people and learning new things. He likes to teach with unconventional approaches and being part of community.



Friday December 8, 2017 11:55am - 12:30pm
Meeting Room 19AB, Level 4

11:55am

Webhooks for Automated Updates [B] - Rajashree Mandaogane, Rancher Labs
In most software projects, there is a tremendous focus on increasing efficiency and reliability. Rolling updates in Kubernetes is a really good example of how real-time updates to applications can be made reliable, without any downtime. Once you have a reliable system, you then need to make your software development process even more efficient. A key component in efficiency is automation. Automated builds on Docker cloud are a great way to efficiently build images when new code is pushed. In this talk we will discuss how we can take automation one step further. We will make use of the Kuberbnetes API calls, along with Docker Hub's webhooks feature, to automatically start rolling updates of deployments when a new image/tag is pushed to Docker Hub. We will demonstrate how you can write a micro-service that will make these calls after consuming the data pushed by Docker Hub's webhook.

Speakers
avatar for Rajashree Mandaogane

Rajashree Mandaogane

Software Engineer, Rancher Labs
Rajashree, an NC State graduate is a Software Engineer at Rancher Labs. She loves programming in Golang and working on container orchestration. She lives by the motto, “You’ll never know what you can do, until you try”. This has led her not only to being a developer, but also... Read More →



Friday December 8, 2017 11:55am - 12:30pm
Meeting Room 10AB, Level 3

11:55am

Zero Configuration Pattern of Kubernetes on Bare Metal [A] - Rob Hirschfeld, RackN
In recent releases, we've enabled node admission and configuration APIs that eliminate configuration requirements for Kubernetes workers. This allows cluster operators to add and remove nodes from clusters without a configuration management tool driving the process. This fully automate node management behavior allows physical data centers to be much more cloud-like and lights-out.

In this session, we'll run this process as a demo and decompose the various parts that must work together for success. We'll discuss the specific APIs and how to implement them in a coordinated way that ensures node security and minimizes workload disruption. We'll also discuss how to improve node security by using trusted platform modules (TPM). By the end of the session, operators will be able to duplicate the steps on their own to learn the process.

While we have a focus on bare metal infrastructure for this session, the lessons learned are equally usable on cloud infrastructure.

Speakers
avatar for Rob Hirschfeld

Rob Hirschfeld

CEO, RackN
Rob's first startup literally patented the cloud. He has been in the cloud and infrastructure space for 20 years and has done everything from working with early ESX betas to serving four terms on the OpenStack Foundation Board and as an executive at Dell. As a co-founder of the Digital... Read More →



Friday December 8, 2017 11:55am - 12:30pm
Meeting Room 8ABC, Level 3

11:55am

SIG Auth Update - hosted by Jordan Liggitt, Red Hat
Speakers
avatar for Jordan Liggitt

Jordan Liggitt

Principal Software Engineer, Red Hat
Jordan Liggitt is a principal software engineer at Red Hat, and helps lead Kubernetes authentication and authorization efforts.



Friday December 8, 2017 11:55am - 12:30pm
Meeting Room 7, Level 3

11:55am

Kafka Operator: Managing and Operating Kafka Clusters in Kubernetes [A] - Nenad Bogojevic, Amadeus
In this talk we will demonstrate an approach to management of kafka clusters in kubernetes deployments. We will show how we can provision kafka clusters and configure it using kubernetes concepts and an operator process. The kafka and zookeeper cluster elements will be provisioned using StatefulSet. As these applications benefit from high performance storage, we will also show how we can use node selectors or persistent volume claims to schedule instances on correct hardware. In order for clients to use it, the necessary message topics have to be configured in kafka cluster. We will show how using an operator process, based on kubernetes custom resources or ConfigMaps we can manage this configuration in descriptive manner and ensure consistent configuration across different development and operations stages as well as cluster restarts. Finally we will discuss how all this ties in with service catalog.

Speakers
avatar for Nenad Bogojevic

Nenad Bogojevic

Software Architect, Amadeus
Nenad Bogojevic, platform solutions architect at Amadeus, has 20+ years of experience in software development. He has worked on e-commerce applications, natural language processing tools, and high-performance network middleware. In his job, Nenad is an architect who codes, a technical... Read More →



Friday December 8, 2017 11:55am - 12:30pm
Meeting Room 9C, Level 3

11:55am

Istio: Sailing to a Secure Services Mesh [I] - Spike Curtis, Tigera & Dan Berg, IBM
Istio is an open platform that provides a uniform way to connect, manage, and secure microservices. In this presentation we describe the security features of the Istio service mesh: how it helps you secure service-to-service communication across clouds without application code changes, provide robust identity and strong authentication, and enforce powerful authorization policies for your applications. We discuss the current project status and look ahead to the roadmap for security features.

Speakers
avatar for Dan Berg

Dan Berg

Distinguished Engineer, IBM
As a Distinguished Engineer within the IBM Cloud unit, Daniel is responsible for the technical strategy, and implementation of the containers and microservices platform available in IBM Cloud. Within this role, Daniel has deep knowledge of container technologies including Docker and... Read More →
avatar for Spike Curtis

Spike Curtis

Senior Software Engineer, Tigera
Spike Curtis is a software developer at Tigera. He co-leads the Istio Security Working Group and is a contributing author of SPIFFE specifications.  He is also a core developer for Calico.



Friday December 8, 2017 11:55am - 12:30pm
Ballroom A, Level 1

11:55am

Kubernetes in the Datacenter: Squarespace’s Journey Towards Self-Service Infrastructure [I] - Kevin Lynch, Squarespace
As Squarespace’s engineering organization evolved, microservices became an obvious solution to quickly deliver new features and improve infrastructure reliability. We encountered significant challenges in our transition to a microservice-based architecture. Each new service increased the operations burden to provision and maintain a growing fleet of servers, frequently slowing the process of adding new services and scaling existing services in our datacenters.

I’ll discuss how we used Kubernetes to containerize our microservice ecosystem and solve those challenges. To effectively work with ephemeral Kubernetes pods, we replaced Graphite with Prometheus and Sensu with AlertManager to monitor service health rather than individual instances. We discovered massive performance issues containerizing our Java services and worked around JVM complexities. To ease our transition from virtualization to containerization, services running inside and outside of Kubernetes must seamlessly discover each other with Consul and communicate with each other. Thanks to Calico, BGP, and our Leaf-Spine Layer 3 network topology, we efficiently route pod network traffic with the rest of our network.

Speakers
avatar for Kevin Lynch

Kevin Lynch

Squarespace, Squarespace
Kevin Lynch is a Staff Engineer on the Infrastructure Engineering team at Squarespace. He focuses his efforts on eliminating the complexities of datacenters with the help of automation. He received his BSc and MSc degrees in Computer Science from Drexel University. During his time... Read More →



Friday December 8, 2017 11:55am - 12:30pm
Ballroom B, Level 1

11:55am

UDP in K8S: Signed, Sealed, but Delivered? [I] - Amanpreet Singh, Crowdfire
This talk is based on my personal experience working with Kubernetes in production. I will talk about the UDP failures we encountered in production, how we found out the root cause, how we mitigated and fixed the bug in kube-proxy. This will help the members of the audience who are - either planning to, or already using Kubernetes - to better understand the Kubernetes networking design and debug any issues they face.

Speakers
avatar for Amanpreet Singh

Amanpreet Singh

Site Reliability Engineer, Crowdfire
Amanpreet is an engineer at Crowdfire & moonlights as a crowd entertainer. He’s an Open Source enthusiast who loves Go & can eat-drink-sleep Kubernetes. He gained extensive knowledge of Kubernetes and other cloud-native technology while handling the migration and continuous improvement... Read More →



Friday December 8, 2017 11:55am - 12:30pm
Ballroom C, Level 1

11:55am

Enforcing Bespoke Policies in Kubernetes [I] - Torin Sandall, Styra
Kubernetes enables fully-automated, self-service management of large-scale, heterogenous deployments. These deployments are often managed by distributed engineering teams that have unique requirements for how the platform treats their workloads, but at the same time, they must conform to organization-wide constraints around cost, security, and performance. As Kubernetes matures, extensibility has become a critical feature that organizations can leverage to enforce their organization’s bespoke policies.

In this talk, Torin explains how to use extensibility features in Kubernetes (e.g., External Admission Control) to enforce custom policies over workloads. The talk shows how to build custom admission controllers using Initializers and Webhooks, and shows how the same features lay the groundwork for policy-based control through integration with third party policy engines like the Open Policy Agent project.

Speakers
avatar for Torin Sandall

Torin Sandall

Technical Lead, Styra
Torin Sandall is the technical lead of the recent open source Open Policy Agent project. Torin has spent 10 years as a software engineer working on large-scale distributed systems projects. Previously, Torin was a senior software engineer at Cyan (acquired by Ciena), where he designed... Read More →



Friday December 8, 2017 11:55am - 12:30pm
Meeting Room 12AB, Level 4

11:55am

Local Ephemeral Storage Resource Management - Jing Xu, Google
Currently Kubernetes does not support storage resource usage guarantee and isolation like compute resources such as CPU and memory. This talk will present out effort for improving Storage Resource Management in Kubernetes with focus on capacity isolation in ephemeral storage. It will explain how we support resource guarantee and isolation at node, pod, and container levels.

Speakers
JX

Jing Xu

Software Engineer 软件工程师, Google
Jing Xu obtained her Ph.D. from Electrical and Computer Engineering Department, University of Florida in May 2011. After graduation, she had been a lecturer in School of Computer Science in Florida International University for about 4 years. She moved to Bay area in late 2014 and... Read More →



Friday December 8, 2017 11:55am - 12:30pm
Meeting Room 6AB, Level 3

12:30pm

Lunch (Attendees on Own)
Check out these local deals for event attendees: 

  1.  Café Blue -  10% off your bill excluding alcohol (expires COB 12/9/17)
  2.  Michelada’s – Free Queso with purchase of entrée
  3.  Max’s Wine Dive – 15% off your bill excluding alcohol (Expires COB 12/8/17)

*Must have event badge to receive discounts*

Friday December 8, 2017 12:30pm - 2:00pm
Sponsor Showcase

1:30pm

2:00pm

Planes, Raft, and Pods: A Tour of Distributed Systems Within Kubernetes [B] - Bo Ingram, Craftsy
Kubernetes does some pretty neat things for you — autoscaling your app, rolling deploys, and more! In this talk, we’ll take a look at how Kubernetes leverages distributed systems to make its magic happen. We’ll do an overview of all components, but we’ll be concentrating on etcd, the controllers, and the scheduler. We’ll examine etcd and take a dive into the Raft algorithm to show how Kubernetes handles distributed state. We’ll take a look at some of the controllers to show how they reconcile the cluster’s state. We’ll also be shining a spotlight on the scheduler and show how we go from unscheduled to happy and running. Lastly, we’ll take the things we’ve learned and show how they work together to deploy an app by tracing an actual deployment through a cluster.

Speakers
avatar for Bo Ingram

Bo Ingram

Engineer, Craftsy
Bo Ingram is a Java platform engineer at Craftsy who spends his time flipping back and forth between backend feature development and infrastructure work. He has a problem where he buys more books than he can ever hope to read.



Friday December 8, 2017 2:00pm - 2:35pm
Meeting Room 19AB, Level 4

2:00pm

CrashLoopBackoff, Pending, FailedMount and Friends: Debugging Common Kubernetes Cluster and Application Issues [B] - Joe Thompson, Oteemo
Nothing is more frustrating than deploying a shiny new application on Kubernetes and having it fail immediately (usually five minutes before the big demo). Is it a problem with the pod network? Pods Pending or in CrashLoopBackoff, Services not serving, images not pulling? Maybe you're just plain out of resources. If you're new to Kubernetes, figuring it out from scratch can take hours you don't have. We'll show you how to dig in, identify the problem, resolve it, and learn what to watch for so you aren't taken by surprise next time.

Speakers
avatar for Joe Thompson

Joe Thompson

Solutions Architect, Mesosphere
I'm a solutions architect for Mesosphere and a regular participant in the Helm and SIG-Apps communities. Prior to Mesosphere, I worked at Capital One, CoreOS and Red Hat (among others), providing practical solutions and training in and for Kubernetes and other cloud environments... Read More →



Friday December 8, 2017 2:00pm - 2:35pm
Meeting Room 10AB, Level 3

2:00pm

Cost-effective Compute Clusters with Spot and Pre-emptible Instances [I] - Bich Le & Arun Sriraman, Platform9
Kubernetes and Spot/Pre-emptible Instances (SPIs) are arguably a match made in heaven. Traditionally, the uncertainty of SPIs (they can be terminated at any time due to price fluctuations) have made managing them tricky, and restricted them to specific workloads and use cases.

Kubernetes, in contrast, not only handles node failure very well, it has trained developers and architects to design applications to tolerate and even embrace failure. The prospect of Kubernetes abstracting the complexities of SPIs is now a reality, enabling applications to take advantage of low-cost compute across different clouds and possibly vendors.

The purpose of this talk is to educate the audience on strategies for making the most out of this powerful combination. Specifically, we will discuss these topics:

1. What are spot bidding strategies, and what is their cost vs. predictability trade-off?
2. What class of Kubernetes applications would benefit the most from SPIs?
3. Available Kubernetes mechanisms (e.g taints/tolerations, affinity, availability zones) for placing applications based on their tolerance with SPIs
3. Implementation strategies (e.g. blending multiple autoscaling groups to satisfy both SPI-optimized applications vs. applications that are more mission-critical or stateful)
4. What out-of-the box solutions exist, either free or commercial?
5. How to take abstract away clouds from different regions and vendors, allowing workloads to always take advantage of the best available pricing?

The talk concludes with real-world test results involving multiple use cases and configurations, giving the audience an idea of the potential cost savings and trade-offs (if any) of combining Kubernetes and SPIs.

Speakers
avatar for Bich Le

Bich Le

Chief Architect, Platform9
Co-founder of Platform9 and veteran of VMware. Career in virtualization, cloud management and containerization.
avatar for Arun Sriraman

Arun Sriraman

Software Engineer, Platform9 Systems Inc.
At Platform9 Systems I work on everything networking with deeper focus on Kubernetes and Openstack. Architecting, designing and writing code to solve interesting problems gets me on and recently I've been dabbling with the internals of container technology. Before Platform9, I've... Read More →



Friday December 8, 2017 2:00pm - 2:35pm
Meeting Room 8ABC, Level 3

2:00pm

Distributed Database DevOps Dilemmas? Kubernetes to the Rescue - Denis Magda, GridGain
Distributed databases can make so many things easier for a developer... but not always for DevOps.  OK, almost never for DevOps.  Kubernetes has come to the rescue with an easy application orchestration! 

It’s straightforward to do the orchestration leaning on relational databases as a data layer. However, it’s becoming a bit trickier to do the same when a distributed SQL database or other kind of distributed storage is used instead.

In this talk you will learn how Kubernetes can orchestrate distributed database like Apache Ignite, in particular:
  • Cluster Assembling - database nodes auto-discovery in Kubernetes.
  • Database Resilience - automated horizontal scalability.
  • Database Availability - what’s the role of Kubernetes and the database.
  • Utilizing both RAM and disk - set up Apache Ignite in a way to get in-memory performance with durability of disk.

Speakers
avatar for Denis Magda

Denis Magda

Director of Product Management, GridGain
Denis Magda is a Director of Product Management at GridGain Systems and Apache Ignite PMC Chair. He is an expert in distributed systems and platforms. Before joining GridGain and becoming a part of Apache Ignite community, he worked for Oracle where he led the Java ME Embedded Porting... Read More →



Friday December 8, 2017 2:00pm - 2:35pm
Meeting Room 9C, Level 3

2:00pm

Disaster Recovery for your Kubernetes Clusters [I] - Andy Goldstein & Steve Kriss, Heptio
It’s 3am. Your pager is beeping. Your Kubernetes cluster is down. Don’t panic - we’ve got you covered. In this talk, we’ll describe a variety of disaster scenarios you may encounter. We’ll arm you with the knowledge you need to overcome them. Whether you’re a systems administrator, application developer, or end user, after this talk you’ll walk away with a thorough understanding of Kubernetes disaster recovery, including:

A disaster recovery overview
- Strategies for Kubernetes
- Comparisons to federation and high availability
- Which components to back up vs recreating from scratch

How to minimize your time to recovery
- Automate cluster creation and infrastructure configuration
- Back up and quickly restore your cluster applications, workloads, and persistent volumes using tools such as Heptio Ark

How to handle specific disaster scenarios
- Losing nodes
- Recovering from bad configuration updates
- Cloud provider outages

Speakers
avatar for Andy Goldstein

Andy Goldstein

Staff Systems Engineer, Heptio
Andy Goldstein is an engineer at Heptio where he works on tooling to make operating Kubernetes clusters easier, such as Ark, a disaster recovery tool for backing up and restoring Kubernetes workloads and persistent data. He is also a contributor to Kubernetes. Prior to his current... Read More →
SK

Steve Kriss

Steve Kriss is a systems engineer at Heptio working on building tools and products to help Kubernetes users be successful, and has been a contributor to upstream Kubernetes as well as a member of the Kubernetes release team in the past. Steve recently relocated to Seattle from New... Read More →



Friday December 8, 2017 2:00pm - 2:35pm
Ballroom A, Level 1

2:00pm

Using Kubernetes to Change Legacy Systems and Processes in the Public Sector [B] - Audun Fauchald Strand, Norwegian Welfare Administration
Kubernetes is the implementation of the modern software development process. Continuous Release and “you built it, you run it”. For the last few years I have been working on introducing kubernetes into an organization with continuous release, microservices and “you build it, you run it”, as presented at Kubecon in Berlin 2017.

Now I work for the public sector in Norway, where the systems are old, and the processes are older. I will present the experiences from working on changing these legacy organisations, using containers and kubernetes as the main tool. I will cover:
  • migrating old legacy apps to kubernetes, is it possible
  • manual testing done easy with containers
  • monitoring for everyone
  • making a PAAS that everyone can use
  • stable and robust deployment, but not just 4 times a year
  • how to leverage all the hardware that is owned by the public sector

Speakers
avatar for Audun Fauchald Strand

Audun Fauchald Strand

Team Lead - Platform and automation, NAV - Norwegian Welfare Administration
k8s, ddd, jvm, Kafka, distributed systems, testing, Tottenham. Almost called "Large viking shaped Norwegian" in LWN



Friday December 8, 2017 2:00pm - 2:35pm
Ballroom B, Level 1

2:00pm

Setting Sail with Istio [B] - Lachlan Evenson, Microsoft
Even with Kubernetes, doing microservices is hard. In this session we will dive into Istio, A platform that builds on Kubernetes primitives and simplifies building and securing microservices. This session is a soup to nuts walkthrough of the Istio architecture along with diving into deploying a microservice onto Istio from a user perspective. For those interested in learning more about Istio, this session is a great introduction and will be very hands on.

Speakers
avatar for Lachlan Evenson

Lachlan Evenson

Principal Program Manager-Azure Containers 首席程序经理—Azure 容器, Microsoft
Lachlan Evenson is a Principal Program Manager on the Azure Containers team. He has spent the last three years working with Kubernetes and enabling Cloud Native journeys. Lachie serves as a Cloud Native ambassador and TOC contributor and has deep operational knowledge of many Cloud... Read More →



Friday December 8, 2017 2:00pm - 2:35pm
Meeting Room 9AB, Level 3

2:00pm

Hacking and Hardening Kubernetes Clusters by Example [I] - Brad Geesaman, Symantec
While Kubernetes offers new and exciting ways to deploy and scale container-based workloads in production, many organizations may not be aware of the security risks inherent in the out-of-the-box state of most Kubernetes installations and the common practices for deploying workloads that could lead to unintentional compromise. Join Brad Geesaman, the Cyber Skills Development team lead at Symantec, on an eye-opening journey examining real compromises and sensitive data leaks that can occur inside a Kubernetes cluster, highlighting the configurations that allowed them to succeed, applying practical applications of the latest built-in security features and policies to prevent those attacks, and providing actionable steps for future detection.

The hardening measures taken in response to the attacks demonstrated will include guidelines for improving configurations installed by common deployment tools, securing the sources of containers, implementing firewall and networking plugin policies, isolating workloads with namespaces and labels, controlling container security contexts, better handling of secrets and environment variables, limiting API server access, examining audit logs for malicious attack patterns, and more.

Speakers
avatar for Brad Geesaman

Brad Geesaman

Engineering Lead, Independent
Brad was recently the Cyber Skills Development Engineering Lead at Symantec Corporation where he supported the operations and delivery of ethical hacking learning simulations on top of Kubernetes in AWS. Although he spent several years as a penetration-tester, his real passion is... Read More →



Friday December 8, 2017 2:00pm - 2:35pm
Meeting Room 12AB, Level 4

2:00pm

Block Volumes Support in Kubernetes [I] - Mitsuhiro Tanino, Hitachi Data Systems
Storage is an essential part of any computing systems. In current Kubernetes, user can utilize storage volume with filesystem in a container but can't be utilized volume without filesystem called raw block volume.

By adding a feature to enable raw block storage directly, for example, user can use the raw block volume for database applications such as MariaDB and this improves I/O performance.

In this session, I will explain current activity and feature plan of Block Volumes Support in Kubernetes.

Speakers
avatar for Mitsuhiro Tanino

Mitsuhiro Tanino

Principal Software Engineer, Hitachi Data Systems
Mitsuhiro Tanino is a software engineer who has been working for Hitachi since 2004 and a principal software engineer Hitachi Data systems since 2014. He has experience about development of virtual machine manager for heterogeneous cloud systems and RAS features for KVM virtual environments... Read More →



Friday December 8, 2017 2:00pm - 2:35pm
Meeting Room 6AB, Level 3

2:00pm

Open Service Broker API - hosted by Paul Morie, Red Hat
Speakers
PM

Paul Morie

Principal Software Engineer, Red Hat
Paul is a Principal Engineer at Red Hat and has held various roles in different areas of the Kubernetes ecosystem. His current focus areas include multicluster, serverless, and service catalog. Before Kubernetes, he worked on the first three versions of Red Hat's OpenShift Container... Read More →


Friday December 8, 2017 2:00pm - 3:20pm
Meeting Room 4A, Level 3

2:00pm

Jaeger Salon - hosted by Yuri Shkuro, Uber Technologies & Pavol Loffay, Red Hat

In this session we will start with basic tracing concepts, give an overview of the Jaeger project, and finish with more advanced topics like adaptive sampling, dependency graphs and tracing with Envoy proxy. There will be a demonstration using Jaeger with OpenTracing in a real world application. The session will also cover the roadmap for the next year and an open discussion.

(Audience: Anybody)

Speakers
avatar for Pavol Loffay

Pavol Loffay

Software Engineer, Red Hat
avatar for Yuri Shkuro

Yuri Shkuro

Staff Engineer, Uber Technologies
Yuri is a Staff engineer at Uber Technologies, working on distributed tracing, reliability, monitoring, and performance. He is a member of the CNCF OpenTracing Specification Council, and the founder of Jaeger, Uber's open source distributed tracing system.



Friday December 8, 2017 2:00pm - 3:20pm
Meeting Room 10C, Level 3

2:00pm

Linkerd Salon - hosted by William Morgan, Buoyant
Speakers
avatar for William Morgan

William Morgan

CEO, Buoyant
William Morgan is the cofounder and CEO of Buoyant, creators of Linkerd. Prior to Buoyant, he was an infrastructure engineer at Twitter, where he helped move Twitter from monolith to microservices. He was a software engineer at Powerset, Microsoft, and Adap.tv, and a research scientist... Read More →


Friday December 8, 2017 2:00pm - 3:20pm
Meeting Room 7, Level 3

2:00pm

Prometheus Salon - hosted by Frederic Branczyk, CoreOS, Bob Cotton, FreshTracks.io, Goutham Veeramanchaneni, & Tom Wilkie, Kausal
Miss the first instance of the The Prometheus Salon or simply can't get enough?

Join Prometheus developers for a closer look at how you can use Prometheus to monitor your Kubernetes cluster, and a discussion of the new features in Prometheus 2.0.  

Speakers
avatar for Frederic Branczyk

Frederic Branczyk

Software Engineer, CoreOS
Frederic is an engineer at CoreOS contributing to Prometheus and Kubernetes to build state of the art modern infrastructure and monitoring tools. He discovered his interest in monitoring tools and distributed systems in his previous jobs, where he used machine learning to detect anomalies... Read More →
avatar for Bob Cotton

Bob Cotton

Cofounder, FreshTracks.io
Bob Cotton is a co-founder of FreshTracks.io, a Kubernetes and Prometheus focused monitoring startup. Mr. Cotton bleeds observability based on 22 years designing, architecting, building and running distributed SaaS solutions. Infrastructure and application metrics, full-stack distributed... Read More →
avatar for Goutham Veeramanchaneni

Goutham Veeramanchaneni

Student, IIT Hyderabad
Goutham is a student and a developer from India. His enthusiasm for Ops got him an internship on the infra team of a large company where he worked on Production infrastructure and built the company's monitoring system on top of Prometheus. That was his first encounter with production... Read More →
avatar for Tom Wilkie

Tom Wilkie

VP Product, Grafana Labs
Tom is VP Product at Grafana Labs, but really he is a software engineer. Previous Tom founded Kausal, a company working on Prometheus, and worked at companies such as Weaveworks, Google, Acunu and XenSource. In his spare time, Tom likes to make craft beer and build 3D printers



Friday December 8, 2017 2:00pm - 3:20pm
Meeting Room 5ABC, Level 3

2:45pm

One Chart to Rule Them All: Continuous Deployment with Helm at Ticketmaster - Michael Goodness & Raphael Deem, Ticketmaster
As Kubernetes continues to mature, it's increasingly hard for users to keep track of the latest resource types, much less the best way to employ them. ReplicationControllers and Services were easy enough. Then came Deployments and Ingresses. Now we have PodDisruptionBudgets, ClusterRoleBindings, and HorizontalPodAutoscalers. Luckily, we also have Helm to package and deploy these various components (and more) as a single unit.

In this talk we'll dissect the single, flexible Helm chart Ticketmaster developed for use by multiple product teams. We'll show how we use just a handful of variables to enable log collection with Fluentd, metric scraping with Prometheus, and automatic scaling of pods. Then we'll demonstrate the GitLab CI workflow through which we deploy multiple builds of an application to multiple Kubernetes clusters running both on-prem and in AWS.

Speakers
RD

Raphael Deem

Raphael is a Systems Engineer at Ticketmaster and open source contributor. He is a relative newcomer to the community, having started working with Kubernetes within the last six months. Prior to working at Ticketmaster, he was a remote engineer for Platform.sh, a Paris-based PaaS... Read More →
avatar for Michael Goodness

Michael Goodness

Lead Systems Engineer, Kubernauts, Ticketmaster
Mike is a Lead Systems Engineer on the Kubernauts team at Ticketmaster and a CNCF Ambassador. He began working with Kubernetes in late 2015, and quickly became an avid member of the community. While primarily involved with day-to-day cluster operations, he is also keenly interested... Read More →



Friday December 8, 2017 2:45pm - 3:20pm
Meeting Room 10AB, Level 3

2:45pm

Self-Hosted Kubernetes: How and Why [I] - Diego Pontoriero, CoreOS
How Kubernetes is deployed and managed has changed since the first release of the project. From configuration management systems and unit files to deploying Kubernetes using Kubernetes, a lot has changed. Self-hosted Kubernetes has many benefits as a deployment option, and this talk will highlight those benefits, as well as explain the history and nuances of making self-hosted Kubernetes possible.

In this talk I will describe what self-hosted Kubernetes means, why it exists, how it came into existence, and what you need to know if you're running a self-hosted cluster. Many tools now deploy self-hosted clusters including bootkube and kubeadm, so knowledge of how this works can be very important for anybody running a Kubernetes cluster.

What are the benefits of self-hosting? How does it work? What do I need to know if I'm administering a self-hosted cluster?

All those questions and more will be discussed in detail in this talk. In addition, I will discuss how various projects and products take advantage of the many benefits of self-hosting, such as Tectonic.

Speakers
avatar for Diego Pontoriero

Diego Pontoriero

CoreOS
Diego Pontoriero is a Software Engineer on the Tectonic team at CoreOS, where he works on software that deploys, manages, and upgrades self-hosted Kubernetes clusters. Prior to CoreOS Diego worked at Google building a video-based learning platform, a mobile phone carrier, and a petabyte-scale... Read More →



Friday December 8, 2017 2:45pm - 3:20pm
Meeting Room 8ABC, Level 3

2:45pm

SIG Network Update - hosted by Casey Davenport, Tigera

SIG Network is responsible for maintaining and enhancing the various Kubernetes networking components and APIs. We've been hard at work on a number changes in recent Kubernetes releases. In this session we'll present a summary of that work, discussing the latest and greatest in Kubernetes networking. We'll also review the SIG's plan for the future.


Speakers
avatar for Casey Davenport

Casey Davenport

Software Engineer, Tigera
Casey Davenport is a core developer at Tigera working on Project Calico and has worked on software defined networking solutions since 2012. He is an active technology evangelist for containers and simplified networking, and has spoken recently on related topics at multiple meetup... Read More →


Friday December 8, 2017 2:45pm - 3:20pm
Meeting Room 4BC, Level 3

2:45pm

Democratizing Machine Learning on Kubernetes [I] - Joy Qiao & Lachlan Evenson, Microsoft
One of the largest challenges facing the machine learning community today is understanding how to build a platform to run common open-source machine learning libraries such as Tensorflow. Both Joy and Lachie are both passionate about making machine learning accessible to the masses using Kubernetes. In this session they'll share how to deploy a distributed Tensorflow training cluster complete with GPU scheduling on Kubernetes. We’ll also share how distributed Tensorflow training works, various options for distributed training, and when to choose what option. We’ll also share some best practices on using distributed Tensorflow on top of Kubernetes, based on our latest performance tests performed on public cloud providers. All work presented in this session will be accessible via a public Github repository.

Speakers
avatar for Lachlan Evenson

Lachlan Evenson

Principal Program Manager-Azure Containers 首席程序经理—Azure 容器, Microsoft
Lachlan Evenson is a Principal Program Manager on the Azure Containers team. He has spent the last three years working with Kubernetes and enabling Cloud Native journeys. Lachie serves as a Cloud Native ambassador and TOC contributor and has deep operational knowledge of many Cloud... Read More →
avatar for Joy Qiao

Joy Qiao

Senior Solution Architect - AI and Research Group, Microsoft
Joy Qiao is a senior solution architect in the AI & Research Group at Microsoft, where she is responsible for driving end-to-end AI/ML solutions on Azure among the partner eco-system. Joy has over 15 years of IT industry experience including 11 years at Microsoft working as technical... Read More →



Friday December 8, 2017 2:45pm - 3:20pm
Meeting Room 9C, Level 3

2:45pm

Persistent Storage with Kubernetes in Production - Which Solution and Why? [I] - Cheryl Hung, StorageOS
Persistent storage often seems like a confusing plethora of options, from local volumes, NFS, distributed storage like Ceph, cloud storage such as AWS’s EBS and S3, to volume plugins with Docker and Kubernetes integration. This talk compares and contrasts the most popular solutions, and lays out the eight principles for cloud native storage.

Speakers
avatar for Cheryl Hung

Cheryl Hung

Product manager, StorageOS
Cheryl is an ex-Google software engineer with a passion for developer tools, experience and community. She founded the Cloud Native London meetup and codes, writes and speaks about containers, storage and cloud computing.



Friday December 8, 2017 2:45pm - 3:20pm
Ballroom A, Level 1

2:45pm