Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Any [clear filter]
Tuesday, December 5


Lightning Talk: Watch This! - Johnathon Rippy, NetApp
Rippy will demonstrate Docker running on his rooted Android Wear watch.
To get this working required Docker, OpenEmbedded, Yocto, and AsteroidOS which he'll explain. If all goes well with the demonstration, he'll add the watch as a Kubernetes node and schedule a pod to run on it.

Rippy's initial tweet about Docker running on his watch:

avatar for Jonathan Rippy

Jonathan Rippy

MTS, NetApp
Rippy first installed Linux from a shoebox full of floppy disks in high school and never looked back. He's a native of North Carolina and works at NetApp on their OpenSource Docker and K8S storage plugins.

Tuesday December 5, 2017 6:00pm - 6:05pm
Ballroom A, Level 1


Lightning Talk: Stupid Kubectl Tricks - Jordan Liggitt, Red Hat
A whirlwind tour of some of the most useful, interesting, and under-sold features the Kubernetes command-line has to offer.

avatar for Jordan Liggitt

Jordan Liggitt

Principal Software Engineer, Red Hat
Jordan Liggitt is a principal software engineer at Red Hat, and helps lead Kubernetes authentication and authorization efforts.

Tuesday December 5, 2017 6:10pm - 6:15pm
Ballroom A, Level 1


Lightning Talk: Telepresence: Local Development & Debugging of Remote Kubernetes Services - Abhay Saxena, Datawire
Developers who use Kubernetes for multi-container applications face a conundrum: develop locally or on a remote Kubernetes cluster. Local development adds complexity to your development environment, since you have to run (and maintain!) your entire multi-container app locally. On the other hand, a remote Kubernetes cluster doesn’t lend itself to live coding and debugging.

In this talk, we will talk about Telepresence (https://www.telepresence.io), an open source tool for Kubernetes that lets you develop and debug a service locally, while setting up a bidirectional proxy to a remote Kubernetes cluster. With Telepresence, you can make a quick change to a service, save, and test it -- while that service has full access to Kubernetes environment variables, ConfigMap, secrets, and other services running in your Kubernetes cluster.

avatar for Abhay Saxena

Abhay Saxena

Principal Software Engineer, Datawire
Abhay Saxena is a Principal Software Engineer at Datawire where he is working on building open source tools for developers that are adopting or using microservices. He is currently the lead engineer on Telepresence, an open source tool for local development of Kubernetes microservices... Read More →

Tuesday December 5, 2017 6:20pm - 6:25pm
Ballroom A, Level 1


Lightning Talk: Moving Fast with Microservices: Building and Deploying Containerized Applications in a Cloud-Native World - Micha Hernandez van Leuffen, Wercker
As software becomes more and more complex, we, as software developers, have been splitting up our code into smaller and smaller components. This is also true for the environment in which we run our code: going from bare metal, to VMs to the modern-day Cloud Native world of containers, schedulers and microservices.While we have figured out how to run containerized applications in the cloud using schedulers, we've yet to come up with a good solution to bridge the gap between getting your containers from your laptop to the cloud.

How do we build software for containers? How do we ship containers? How do we do all of it without shooting ourselves in the foot? In this talk, we'll explore how current delivery systems are falling behind, and how we need to change the mental model, create new best-practices and treat containers as a first-class citizen.

avatar for Micha "mies" Hernandez van Leuffen

Micha "mies" Hernandez van Leuffen

CEO, Wercker
Micha “mies” Hernandez van Leuffen is a hacker entrepreneur, and the founder and CEO of Wercker. He set up Wercker in order to make developers’ lives easier by building the next generation of developer automation for the Modern Cloud.

Tuesday December 5, 2017 6:50pm - 6:55pm
Ballroom A, Level 1


Lightning Talk: REST, RPC, and Brokered Messaging - Nathan Murthy, Tesla
Effective communication between distributed and heterogeneous components is essential for modern service-oriented architectures to work well. REST, RPC, and brokered messaging are the most popular communication styles for achieving this, but when is it appropriate for choosing one style over the other? A well-defined microservice architecture should be accompanied by a well-defined communications semantics. This talk draws on my personal experience defining these semantics for systems I’ve built at Tesla.

avatar for Nathan Murthy

Nathan Murthy

Staff Software Engineer, Tesla
Nathan currently works at Tesla developing services for managing distributed energy resources at scale. He is passionate about sustainable energy and has written software for startups, big companies, commercial R&D teams, and academia.

Tuesday December 5, 2017 7:10pm - 7:15pm
Ballroom A, Level 1
Wednesday, December 6


DevOps Friendly Doc Publishing for APIs & Microservices - Amanda Whaley, Cisco DevNet
Microservices create an explosion of internal and external APIs. These APIs need great docs. Many organizations end up with a jungle of wiki pages, swagger docs and API consoles. Keeping docs updated and in sync with code can be a challenge. We’ve been working on a project to help solve this problem for engineering teams internally across Cisco. The goal is to create a forward looking developer and API doc publishing pipeline that:

- Has a developer friendly editing flow
- Accepts many API spec formats (Swagger, RAML, etc)
- Supports long form documentation in markdown
- Is CI/CD pipeline friendly so that code and docs stay in sync
- Is flexible enough to be used by a wide scope of teams and technologies

This session will share many lessons learned about tooling and attendees will learn how to solve documentation challenges for internal and external facing APIs. We have found that solving this doc publishing flow is a key component of a building modern infrastructure.

avatar for Mandy Whaley

Mandy Whaley


Wednesday December 6, 2017 11:55am - 12:30pm
Meeting Room 8ABC, Level 3


Deploying to Kubernetes Thousands of Times Per/Day - Dan Garfield, Codefresh & William Denniss, Google
Connecting all the pieces to make zero downtime continuous delivery happen at scale. We'll show real teams bring all the components come together to make high-velocity deployment to Kubernetes scale. Get a hands on view of the critical steps that go into making container management a scalable process that not only allows teams to delivery faster but with more confidence in the final result.

avatar for William Denniss

William Denniss

Product Manager, Google
William is a Product Manager at Google on Google Kubernetes Engine. He chairs the Kubernetes Conformance working group, and has a passion for interoperability and developer experience. Previously he worked in the OAuth community, authoring RFC 8252 and creating AppAuth, the leading... Read More →
avatar for Dan Garfield

Dan Garfield

Chief Technology Evangelist, Codefresh
Dan Garfield is a full-stack engineer, Google Developer Expert, and member of the Forbes Technology Council. As a Kubernaut and CI/CD expert, Dan has built tools for advanced deployment methodologies with Kubernetes, Helm, and Istio. His code and talks have been featured at conferences... Read More →

Wednesday December 6, 2017 11:55am - 12:30pm
Meeting Room 9AB, Level 3


Full Stack Visibility with Elastic: Logs, Metrics and Traces - Carlos Pérez-Aradros, Elastic
"With microservices every outage is like a murder mystery" is a common complaint. But it doesn't have to be! This talk gives an overview on how to monitor distributed applications. We dive into:

System metrics: Keep track of network traffic and system load.
Application logs: Collect structured logs in a central location.
Audit info: Watch for user and processes activity in the system.
Uptime monitoring: Ping services and actively monitor their availability and response time.
Application metrics: Get metrics and health information from for application via REST or JMX.
Request tracing: Gather timing data by using tools like Zipkin to retrieve and show call traces.

avatar for Carlos Pérez-Aradros

Carlos Pérez-Aradros

Software Engineer, Elastic
Carlos is a Software Engineer working for Elastic, he is a core developer of the Beats project. With love for distributed systems, he has experience in many container technologies and focuses on bringing the right tools to monitor them. When he is not coding you may find him playing... Read More →

Wednesday December 6, 2017 11:55am - 12:30pm
Ballroom C, Level 1


Kata Containers: Hypervisor-Based Container Runtime - Xu Wang, HyperHQ & Samuel Ortiz, Intel

Kata Containers is a merge of 2 hypervisor based container runtime efforts: Hyper's runV and Intel's Clear Containers. With Kata Containers, each container is hypervisor isolated just like an EC2 or GCE instance. It is an OCI compatible runtime and as such can seamlessly work with containerd or hyperd. Moreover it fully supports the Kubernetes CRI APIs and thus can run and manage hypervisor isolated Kubernetes pods through CRI-O, containerd-cri or frakti. Finally, Kata Containers is a multi architecture project as it supports x86, ARM, Power and s390x platforms.

During this talk we will describe the Kata Containers architecture and how it drastically reduces the virtualization overhead in order to be as fast as a namepace based container runtime while being as secure as a legacy VM. We will also run a multi tenant Kubernetes demo in order to show how Kata Containers could become the cornerstone of a secure, infrastructure free, container cloud.


Samuel Ortiz

Principal Software Engineer, Intel
I work at the Intel Open Source Technology Center where I spend my time playing with containers, virtual machines, hypervisors and orchestrators. Although I am currently contributing to Kata Containers, CRI-O, QEMU, NEMU and rust-vmm, I used to work on obscure networking protocols... Read More →
avatar for Xu Wang

Xu Wang

Senior Staff Engineer, Ant Financial
Xu Wang is a senior staff engineer at Ant Financial and an initial member of Kata Containers Architecture Committee. He was the CTO and Cofounder of hyper.sh and created hypervisor-based open source container runtime runV (secure as VM, fast as container). runV merged with clear containers... Read More →

Wednesday December 6, 2017 2:00pm - 2:35pm
Ballroom B, Level 1


Would You Like Some Tracing With Your Monitoring? - Yuri Shkuro, Uber Technologies
Understanding how your microservices based application is executing in a highly distributed and elastic cloud environment can be complicated. Distributed tracing has emerged as an invaluable technique that succeeds where traditional monitoring tools falter. Yet deploying it can be quite challenging, especially in the large scale, polyglot environments of modern companies that mix together many different technologies. In this talk we share what we have learned while building and rolling out Jaeger, our open source, OpenTracing-native distributed tracing system, to hundreds of microservices at Uber. We showcase new and exciting features that make it even more valuable to engineers.

avatar for Yuri Shkuro

Yuri Shkuro

Staff Engineer, Uber Technologies
Yuri is a Staff engineer at Uber Technologies, working on distributed tracing, reliability, monitoring, and performance. He is a member of the CNCF OpenTracing Specification Council, and the founder of Jaeger, Uber's open source distributed tracing system.

Wednesday December 6, 2017 2:00pm - 2:35pm
Ballroom C, Level 1


The Mechanics of Deploying Envoy at Lyft - Matt Klein, Lyft
The idea of the "service mesh" is becoming very popular in microservice design circles. However, the mechanics of deploying one into an existing infrastructure are far from simple. In this talk we will cover the logistical details of how Envoy was developed and deployed incrementally at Lyft, focusing primarily on the evolution of service mesh configuration management. We will also discuss why high level systems such as Istio are likely to be the main mechanism by which most customers ultimately get access to the technology.

avatar for Matt Klein

Matt Klein

Creator, Envoy
Matt Klein is the creator of Envoy and a software engineer at Lyft. He has been working on operating systems, virtualization, distributed systems, networking and making systems easy to operate for nearly 20 years across a variety of companies. Some highlights include leading the development... Read More →

Wednesday December 6, 2017 2:00pm - 2:35pm
Meeting Room 6AB, Level 3


Ask Your Proxy, It Knows Everything - Blake Mizerany, Backplane
Proxies have long been layered into distributed systems but rarely do we lean on them to do more than route, and balance load. In this talk we will go over how to use proxies to replace Service Discovery, control Release Managment and Traffic Shaping, and streamline Employee on-boarding/off-boarding. You'll talk away never looking at your proxies/load-balancers the same.

avatar for Blake Mizerany

Blake Mizerany

Founder / CTO, Backplane
Sinatra, Heroku, Doozer, Etcd, Backplane

Wednesday December 6, 2017 2:00pm - 2:35pm
Meeting Room 9C, Level 3


Bottoms-Up Adoption of a Microservices Workflow Using Kubernetes & Envoy - Rafael Schloming & Phil Lombardi, Datawire
Many organizations start their microservices journey by (re)designing their application architecture and operational infrastructure. We started building our cloud application using this approach. We discovered that this takes a long time.

In this talk, we’ll talk about how we ended up with a different approach when we started thinking about microservices as a workflow, and not an architecture. We’ll talk about our first goal: enabling a single developer to be able to code, ship, and manage a microservice, as quickly as possible. We’ll show how we integrated Kubernetes, Docker, Prometheus, and Envoy to achieve this goal.

Finally, we’ll talk about scaling this initial goal beyond a single developer. We’ll talk about the tradeoffs of this bottoms up approach to the conventional PAAS / service mesh / application architecture strategy, and show how you can get to the same place in the end.


Phil Lombardi

Phil Lombardi is a Senior Platform Engineer at Datawire.io where he is building a development platform aimed at small companies adopting or using microservices and with a need for their platform to be simple, resilient and adaptable to the ever-changing tech landscape. He has spoken... Read More →
avatar for Rafael Schloming

Rafael Schloming

Co-founder and Chief Architect, Datawire
Rafael Schloming is Co-founder and Chief Architect of Datawire. He is a globally recognized expert on messaging and distributed systems and a spec author of the AMQP specification. He has spoken on microservices at numerous technical conferences including ApacheCon, the O’Reilly... Read More →

Wednesday December 6, 2017 3:40pm - 4:15pm
Meeting Room 8ABC, Level 3


CRI-O: All the Runtime Kubernetes Needs, and Nothing More - Mrunal Patel, Red Hat
CRI-O is a brand new container runtime dedicated and optimized to support kubernetes workload. Its goal is to be a stable container runtime tied to kubernetes releases, replacing the docker daemon.

Historically every update of Docker has broken Kubernetes. This has led to major rewriting and fixes of Kubernetes, which is understandable since Docker is not primarily for Kubernetes. Kubernetes needs a container runtime dedicated to its specifications.

CRI-O, the name comes from the Container Runtime Interface for Open container runtimes, takes advantages of emerging standards like OCI Runtime and Image Specification, as well as open source projects to handle container images (github.com:containers/image, github.com:containers/storage) . This means as these projects advance CRI-O will be able to take advantage of the improvements and features, but all the while guaranteeing that it will not break any functionality required by the Kubernetes CRI. CRI-O works with runc and Clear Containers runtimes.

CRI-O was designed from the ground up to satisfy Kubernetes Container Runtime Interface, and currently passes all node and E2E tests. The github repository has been setup to not accept any pull requests that causes these tests to break. We will be tying the versions of CRI-O to the Kubernetes versions, to maintain complete compatibility.

This talk will describe the CRI-O architecture as well as demonstrate different kubernetes features running on top of CRI-O exercising the CRI API. The attendees will learn how to configure CRI-O with kubernetes and use it for their workloads.


Mrunal Patel

Principal Software Engineer, Red Hat
Mrunal Patel is a Principal Software Engineer at Red Hat working on containers for Openshift. He is a maintainer of runc/libcontainer and the OCI runtime specification. He is the lead developer of CRI-O. He has helped contribute support for user namespaces to the Go programming language... Read More →

Wednesday December 6, 2017 3:40pm - 4:15pm
Ballroom B, Level 1
Thursday, December 7


The Road to More Usable Kubernetes - Joe Beda, Heptio
At KubeCon EU, in Berlin, I got up on stage and stated that "Kubernetes Sucks (but all software sucks)". While we still have work to do, in the past several months the community has done great work to solve a whole host of issues to make Kubernetes “suck less.” In this talk I will outline the ways that the community has made this happen both in the core project and in the wider ecosystem.

Things are still developing, but here are the areas that I want to highlight. Hopefully we'll have talks on many of these so that I can highlight where and when folks can find out more. I won't be able to cover everything happening in the ecosystem but I can hint at the diversity and commitment to solving these issues.

* *Simpler application description.* As a community we are continuing to build more tcapable and simpler tools for describing applications through projects like ksonnet, OpenCompose, Kompose, and Helm.
* *Serverless platforms.* Through “function as a service” like systems we can abstract much of the nitty gritty around getting code packaged and running. In addition, scaling can be easy and automatic as code is run only when needed.
* *Simpler cluster install and admin.* kubeadm and how it is becoming a common toolkit. Similar work is ongoing to explore the idea of standardizing the description of a cluster at the infrastructure level through projects like Kubicorn. In addition, new APIs, such as the certificates API, are key building blocks for getting secure clusters up and running.
* *Curated development experiences.* Systems like Draft help to automate the build/launch/update cycle for development workflows. Others are also exploring ways to connect developers to clusters.
* *Making Kubernetes boring.* Kubernetes is maturing as a platform. As that happens, things in the "nucleus" are slowing down. In the past 6 months we've seen a concerted effort to encourage new features to be built with extensibility mechanisms as much as possible. This allows those projects to move fast while enabling exploration of the problem space.
* *Conformance.* Another key enabler for widespread Kubernetes adoption is conformance. There has been a wide set of folks involved in describing what should get to be called "Kubernetes". Tools like Sonobuoy point the direction to making this be an automated process that anyone can run against any cluster.
* *Observability.* Prometheus continues to be the go-to OSS solution for monitoring in the Kubernetes world. In additions, systems like linkerd and Istio/envoy enable introspection at the microservice mesh level.

We still have many challenges. Many of these are going to take long concerted efforts to fix. We are trapped, in some ways, by our promise of backward compatibility. It is often better to live with something annoying than to force breaking changes on our user base.

*Call to action:* Great job community! But the job isn't done. Let's keep working hard to bring Kubernetes to a larger and larger set of users and environments.

avatar for Joe Beda

Joe Beda

CTO, Heptio
Joe is the CTO and co-founder of Heptio. H started his career at Microsoft working on Internet Explorer (he was young and naive). Throughout his 7 years at Microsoft and 10 years at Google, Joe has worked on GUI frameworks, real-time voice and chat, telephony, machine learning for... Read More →

Thursday December 7, 2017 11:10am - 11:45am
Ballroom A, Level 1


Embracing Cloud Native at a Thriving, Established Company - Brian Akins, MailChimp
We are in the midst of a major shift at MailChimp. In many ways, we are a microcosm of the industry as a whole: moving from large monoliths to microservices and trying to figure out what that even means. I will discuss the hands-on, real world experiences we have had as we embrace microservice techniques and technologies. I’ll discuss why we choose Kubernetes, Prometheus, and other cloud native technologies. I’ll show our approach to building and operating multiple on premise, bare metal clusters. We’ll talk about our existing development and deployment pipeline as well as our current experimental projects. We’ve had a few false starts and failures and will discuss those to help others possibly avoid the same issues. Finally, I’ll speak candidly about the struggles we’ve had getting organizational momentum for this transformation.

avatar for Brian Akins

Brian Akins

Principal Engineer, MailChimp
Brian is a 20 year industry veteran.He has done a bit of everything - from assembly to CSS racking servers to building distributed systems. For the last few years, Brian has been focused on building and operating infrastructure using components such as containers, Kubernetes, Prometheus... Read More →

Thursday December 7, 2017 11:10am - 11:45am
Ballroom B, Level 1


Squash: A Debugger for Kubernetes Apps - Idit Levine, solo.io
Squash is a tool for debugging distributed applications.

Most cloud native applications written today follow the microservice architecture. These applications are distributed by nature, and therefore hard to debug.

Microservice engineers debug their applications by printing values of select variables into log files. This leaves them with the daunting task of sorting through reams of log data, which at best provide a partial view of the state of application. This approach is cumbersome, time consuming and works better with "easy" bugs.

Many advanced tools to debug monolitic applications exist in the market, and provide users with powerful ways to dissect their programs and to interact with them on the fly. However, these tools cannot be used directly for debugging applications that follow the microservice architecture pattern.

Squash is designed to bring the strength of modern debuggers and the convenience of their IDEs to microservices developers. Squash uses popular, powerful and mature debuggers (gdb, dlv, java debugging) and integrates them seamlessly with Kubernetes. This allows devs to use the debugger of their choice, and the IDEs that support it, to develop microservices on any platform.

avatar for Idit Levine

Idit Levine

Founder & CEO, Solo.io
Idit Levine is the founder and CEO of Solo.io, a company that develops tools to help enterprises adopt and extend innovative cloud technologies alongside modernizing their existing IT investments. The Solo.io portfolio of open source and commercial products includes Gloo (commun... Read More →

Thursday December 7, 2017 11:55am - 12:30pm
Meeting Room 10AB, Level 3


Running Mixed Workloads on Kubernetes at the Institute for Health Metrics and Evaluation - Dr. Tyrone Grandison, Institute for Health Metrics and Evaluation (IHME), University of Washington
The mission of the IHME is to apply rigorous measurement and analysis to help policy makers make better decisions on a range of health policy issues. Like other organizations, the IHME have embraced containers and micro-services aggressively to better support hundreds of collaborating researchers.

In addition to containerized workloads, the IHME run a wide-variety of traditional analytic, simulation and high-performance computing workloads on an HPC cluster with 15,000 cores and 13PB of storage. Researchers increasingly need to combine both containerized and non-containerized elements into workflow pipelines, and a key challenge has been ensuring SLAs for various departments and avoiding duplicate infrastructure and unnecessary data movement and duplication. In collaboration with industry partners, IHME have deployed a unique solution based on Univa’s Navops technology that allows them to combine containerized and traditional analytic and high-performance application workloads on a single shared Kubernetes cluster, ensuring departmental SLAs and helping contain infrastructure costs.

In this talk Dr. Grandison will discuss IHME, their experience deploying containerized applications and how they went about using Kubernetes to support a variety of new containerized applications as well as a variety of traditional analytic applications.

avatar for Dr Tyrone Grandison

Dr Tyrone Grandison

Chief Information Officer, Institute for Health Metrics and Evaluation (IHME), University of Washington
Tyrone is the Chief Information Officer leading the IT team at the IHME, independent global health research center at the University of Washington. The IHME provides rigorous and comparable measurement of the world’s most important health problems and evaluates the strategies used... Read More →

Thursday December 7, 2017 11:55am - 12:30pm
Ballroom B, Level 1


Kubernetes Distributions and 'Kernels' - Tim Hockin & Michael Rubin, Google
Kubernetes has historically released a full fledged distribution - everything you need. As the project gets more modular, that will become more complicated. This talk will explore the problems we face with this, and some ways can solve them, considering other analogous OSS ecosystems.

avatar for Tim Hockin

Tim Hockin

Principle Software Engineer, Google
Tim is a Principal Software Engineer at Google, where he works on the Kubernetes, Google Kubernetes Engine (GKE), and Anthos. He has been working on Kubernetes since before it was announced, and mostly pays attention to topics like APIs, networking, storage, nodes, multi-cluster... Read More →
avatar for Michael Rubin

Michael Rubin

Senior Staff Eningeer & TLM, Google
Twenty years in the Systems Software Industry, from developing enterprise file servers and systems. The past ten years he has worked at Google where he founded the Linux Storage group for its data centers and worked on world wide WAN and BGP technologies. Today he is co-leading and... Read More →

Thursday December 7, 2017 2:00pm - 2:35pm
Ballroom A, Level 1


Hybrid-Cloud, HIPAA Compliant Enterprise with Kubernetes - Steve Sloka, Heptio
This talk will outline how UPMC Enterprises utilizes Kubernetes on-premises and in a public cloud (AWS). We’ll see how a large enterprise balances SaaS offerings vs Kubernetes hosted services. We will walk through our approach to meet HIPAA compliance and how our deployments and underlying infrastructure changed to meet those requirements.

We'll also look at the Elasticsearch Operator which is an example of how we implement stateful applications. The operator ensures encryption at rest, in transit and provides a managed cloud offering inside Kubernetes. Also, we’ll look at how we implement Kong, an API Gateway in combination with Kubernetes Network Policies to ensure applications are limited to what they can access as well as how security is implemented outside of code.

Healthcare systems have a history of being large and complex, but Kubernetes has allowed UPMC Enterprises to be more agile and bring startup innovations to the enterprise.

avatar for Steve Sloka

Steve Sloka

Sr. Member of Technical Staff, VMware
Steve Sloka is a Sr. Systems Software Engineer from Pittsburgh, PA currently working at Heptio dealing with all things Cloud, Containers, and Kubernetes. At UPMC Enterprises he managed the open source initiative and has been working with k8s since early 2015.

Thursday December 7, 2017 2:00pm - 2:35pm
Meeting Room 8ABC, Level 3


FaaS and Furious - 0 to Serverless in 60 Seconds, Anywhere - Alex Ellis, ADP

OpenFaaS (or Functions as a Service) is a Cloud Native framework for building serverless functions with containers (as popularised by AWS Lambda). With OpenFaaS you can package any process or container as a serverless function for either Linux or Windows - just bring your Kubernetes or Docker cluster. Avoid vendor lock-in by running functions in your own datacenter or the cloud with your existing CI/CD and container ecosystem. The project focuses on ease of use through its UI and CLI which can be used to test and monitor functions in tandem with Prometheus integration that enables auto-scaling as demand increases.

You can deploy OpenFaaS in 60 seconds on Kubernetes and thanks to concise code templates all you need to write is a handler in your favourite programming language then let your cluster do the heavy lifting.

OpenFaaS was recently trending as the top open-source project on GitHub, won Best Cloud Computing Software 2017 from InfoWorld and has a thriving community with 65 contributors, 1400 commits and over 8k stars.

Come and find out how and why people are leveraging an event-driven architecture along with some cool interactive demos and swag.



Note - OpenFaaS is an independent project started by Alex Ellis and is now being shaped by a growing community of contributors and users.

avatar for Alex Ellis

Alex Ellis

Founder, OpenFaaS Ltd
Alex is a respected expert on serverless and cloud native computing. He founded OpenFaaS, one of the most popular open-source serverless projects, where he has built the community via writing, speaking, and extensive personal engagement. As a consultant and CNCF Ambassador, he helps... Read More →

Thursday December 7, 2017 2:00pm - 2:35pm
Meeting Room 9AB, Level 3


client-go: The Good, The Bad and The Ugly - Lili Cosic, Kinvolk
This talk will focus on client-go, a go client for talking to Kubernetes clusters. At Kinvolk we have used client-go in various Kubernetes projects. Lili will share the general use-case of client-go and explain how powerful it is to customize, optimize, and automate tasks with it. Furthermore she will explore the parts that client-go is great at, as well as the parts that can still be improved. Lili will end with a demo showing how easy it is to harvest the power of client-go, and showcase how it can be used to customize your Kubernetes experience and solve real problems.

avatar for Lili Cosic

Lili Cosic

Software Developer, Kinvolk
Lili is a Software Developer at Kinvolk, a Berlin-based Linux development consultancy, where she works on a variety of projects surrounding Linux. Currently she is working on a Habitat Operator, a controller to easily create and manage Habitat Services on Kubernetes. In her free time... Read More →

Thursday December 7, 2017 2:45pm - 3:20pm
Meeting Room 6AB, Level 3


Automating and Testing Production Ready Kubernetes Clusters in the Public Cloud - Ron Lipke, Gannet/USA Today Network
As a large enterprise organization with legacy infrastructure, we were interested in adopting Kubernetes in our internal Platform as a Service in the public cloud. However, we faced several challenges not addressed by the turn key offerings on the market, such as:

- Maintain control over network architecture within the public cloud to integrate with our internal resource
- Allow teams to easily spin up kubernetes clusters on their own for faster development cycles while retaining cost boundaries and charge-back insight
- Quickly iterate as new kubernetes versions are released and make new features available to end-users (most recently: Role Based Access Controls and StatefulSets)

We will share our experience of using configuration management to automate the testing, building and deployment of production ready cloud agnostic kubernetes clusters to the AWS and Google clouds. We will also discuss examples of moving some of our largest application workloads to these clusters.

avatar for Ron Lipke

Ron Lipke

Senior Developer, Platform as a Service, Gannet/USA Today Network
Nuclear plant operator turned cloud person

Thursday December 7, 2017 2:45pm - 3:20pm
Ballroom B, Level 1


Load Testing Kubernetes: How to Optimize Your Cluster Resource Allocation in Production - Harrison Harnisch, Buffer
So you've carefully crafted your first Kubernetes service, and you're ready to deploy it to production. Well, not quite: there are still some important unknowns to understand before your service will be ready for production traffic. It's still unclear how the new service behaves when it's being pushed, and it's possible that Kubernetes will kill the service before serving a single request. At Buffer, we've developed a technique to optimize Kubernetes deployment limits by using load testing to identify optimal values for resource limits. When the service is under heavy load there are a few key metrics to watch to identify bottlenecks. These key metrics can be used to adjust resource limits. This real world approach allowed us to safely and efficiently switch over more than half our production traffic to our Kubernetes cluster and can be applied to any application.

This talk will include a live demo of how to tune Etcd using methods we do at Buffer.

avatar for Harrison Harnisch

Harrison Harnisch

Staff Software Engineer, ZEIT
Harrison is a Staff Software Engineer at Buffer, implementing the transition to microservices with Kubernetes and Docker. He's given talks at KubeconEU and KubeconUS about setting resource limits.

Thursday December 7, 2017 2:45pm - 3:20pm
Ballroom C, Level 1


Using Custom Resources to Provide Cloud Native API Management - Frank B Greco Jr, Northwestern Mutual
API management is an essential component for all production services. Northwestern Mutual uses it to secure 100s of microservices deployed to our Kubernetes clusters every day! Learning from our API management journey over the past few years, we found many ways to innovate in this space. Using Custom Resource Definitions as a catalyst, we created an open source project called Kanali, a Kubernetes native API management solution. In this talk, we will take you through our API management journey that led up to Kanali and then discuss how to use Kanali to secure your Kubernetes workloads. We will also look at how Kanali integrates with open source developer tooling such as Opentracing, Jaeger, and Grafana.

avatar for Frank Basil Greco

Frank Basil Greco

Cloud Native Engineer, Northwestern Mutual
Hi I’m Frank! I’m an extremely passionate tech engineer, developer, and architect from Milwaukee. My current passions lie in highly available and scalable infrastructure, containerization, serverless architecture, automation, artificial intelligence, web development, API management... Read More →

kanali pdf

Thursday December 7, 2017 3:50pm - 4:25pm
Meeting Room 6AB, Level 3


Large Scale Teaching Infrastructure with Kubernetes - Yuvi Panda, Berkeley University

Data Science & Programming literacy is an important aspect of literacy in the 21st century, but teaching these skills at scale is quite difficult. At UC Berkeley, we are trying - our 'Foundations of Data Science' course has no pre-requisites, and routinely attracts more than a 1000 students from across majors. 

Requiring students to have local programming environments installed & debugged is a non-starter at this scale. We have been running a Kubernetes based JupyterHub environment that allows them to do all their programming with a web based environment with Jupyter Notebooks. This is an important change in many ways:

1. Lets students start instantly with writing code, rather than dealing with the accidental complexity of installing software locally

2. Acts as an equalizer - a student using a chromebook borrowed from the library has no disadvantage over someone using an expensive Macbook Pro

3. This is course critical infrastructure, and needs high availability at low human / dollar cost

In this talk we'll go over how we have:

1. Used Kubernetes to make reduce our costs while allowing a larger group of people to deploy safely to various cloud providers.

2. Extracted our JupyterHub deployment into a project part of Project Jupyter (Zero to JupyterHub) that is being adopted at other universities & organizations.


Yuvi Panda

UC Berkeley, Data Science Education Program

Thursday December 7, 2017 3:50pm - 4:25pm
Ballroom B, Level 1


Building and Running an Enterprise-grade Serverless Platform on Kubernetes - Ying Huang & Quinton Hoole, Huawei
Serverless platforms provide functions as a service, and have become a hot topic largely because they allow developers to focus on core business logic, leaving packaging, deployment, monitoring, event propagation, scaling and load balancing to the infrastructure. The serverless billing model is simple - pay-per-invocation - which can being significant benefits for many event-driven applications.

Huawei launched its FunctionStage serverless platform, which is built on Kubernetes, in 2017. In this talk we will explain in detail the design and implementation of FunctionStage. This involved both fairly straightforward function packaging, scheduling, auto-scaling, event triggering and load balancing, as well as some significantly more interesting challenges related to container re-use, on-the-fly micro service provisioning, reliable operation and much more. We will demonstrate the use of our system to solve some complex real-world problems in Huawei Public Cloud.


Quinton Hoole

Quinton is currently Technical Vice President of Cloud Computing at Huawei. Previously he spent five years at Google, where he was an Engineering Lead on the Kubernetes team, and Technical Lead and Manager of Ads Serving SRE. He was also the founding engineer of the Amazon EC2 cloud... Read More →

Ying Huang

Senior Software Architect, Huawei
Ying is currently a senior software architect at PaaS (Platform-as-a-Service) team at Huawei. She played a key role leading the design and implementation of FaaS (Function-as-a-Service) platform in Huawei. Before that, she worked in Microsoft Azure Identity team as an engineer for... Read More →

Thursday December 7, 2017 4:35pm - 5:10pm
Meeting Room 9AB, Level 3
Friday, December 8


A Scheduling Simulator for Capacity Estimation of Kubernetes Clusters - Avesh Agarwal, Red Hat
Capacity planning is very important for meeting dynamic demands in any clusters. Without having an approximate view of the remaining capacity in a cluster, it is hard for cluster operators to decide if and when the cluster should be provisioned with more capacity or not. In Kubernetes clusters, capacity is associated with worker nodes in terms of resources such as cpu, memory or storage. Discussing capacity in terms of individual resources may be a bit ambiguous because a Pod is the smallest schedulable unit in Kubernetes clusters. Therefore, cluster operators may be more interested in knowing an approximate number of pods of a specific size (amount of resources) that can be scheduled on a cluster. This talk will introduce a new tool, called cluster capacity, that can be used to analyze the capacity of a Kubernetes cluster in this way. First, the talk will discuss about its use cases, followed by its design and implementation as a scheduling simulator. The talk will also include a demo to demonstrate various ways the tool can be run against a Kubernetes cluster. This talk will conclude with the discussion of future directions for this tool.

Friday December 8, 2017 11:10am - 11:45am
Meeting Room 10AB, Level 3


Highly Available Services During Maintenance Events - Maisem Ali & Eric Tune, Google
Maintenance events occur and require taking down nodes for various reasons. Eric and Maisem talk about the best practices and lessons learned trying to minimize downtime during routine maintenance events.

They show how to use StatefulSets and PodDisruptionBudgets to achieve highly available services. They go on to explain what the best practices for performing node maintenance are using scenarios like failed pod evictions, non-responsive kubelets and network bisections.

avatar for Maisem Ali

Maisem Ali

Software Engineer, VMWare
avatar for Eric Tune

Eric Tune

Senior Staff Software Engineer, Google
Eric is a Senior Staff Software Engineer at Google, where he is an overall lead technical lead on Google Container Engine (GKE). He started contributing to Kubernetes in 2014. Before Kubernetes, he worked on Google's Borg project, and was a co-author of the Borg paper.

Friday December 8, 2017 11:10am - 11:45am
Ballroom C, Level 1


Local Ephemeral Storage Resource Management - Jing Xu, Google
Currently Kubernetes does not support storage resource usage guarantee and isolation like compute resources such as CPU and memory. This talk will present out effort for improving Storage Resource Management in Kubernetes with focus on capacity isolation in ephemeral storage. It will explain how we support resource guarantee and isolation at node, pod, and container levels.


Jing Xu

Software Engineer, Google
Jing Xu obtained her Ph.D. from Electrical and Computer Engineering Department, University of Florida in May 2011. After graduation, she had been a lecturer in School of Computer Science in Florida International University for about 4 years. She moved to Bay area in late 2014 and... Read More →

Friday December 8, 2017 11:55am - 12:30pm
Meeting Room 6AB, Level 3


One Chart to Rule Them All: Continuous Deployment with Helm at Ticketmaster - Michael Goodness & Raphael Deem, Ticketmaster
As Kubernetes continues to mature, it's increasingly hard for users to keep track of the latest resource types, much less the best way to employ them. ReplicationControllers and Services were easy enough. Then came Deployments and Ingresses. Now we have PodDisruptionBudgets, ClusterRoleBindings, and HorizontalPodAutoscalers. Luckily, we also have Helm to package and deploy these various components (and more) as a single unit.

In this talk we'll dissect the single, flexible Helm chart Ticketmaster developed for use by multiple product teams. We'll show how we use just a handful of variables to enable log collection with Fluentd, metric scraping with Prometheus, and automatic scaling of pods. Then we'll demonstrate the GitLab CI workflow through which we deploy multiple builds of an application to multiple Kubernetes clusters running both on-prem and in AWS.


Raphael Deem

Raphael is a Systems Engineer at Ticketmaster and open source contributor. He is a relative newcomer to the community, having started working with Kubernetes within the last six months. Prior to working at Ticketmaster, he was a remote engineer for Platform.sh, a Paris-based PaaS... Read More →
avatar for Michael Goodness

Michael Goodness

Lead Systems Engineer, Kubernauts, Ticketmaster
Mike is a Lead Systems Engineer on the Kubernauts team at Ticketmaster and a CNCF Ambassador. He began working with Kubernetes in late 2015, and quickly became an avid member of the community. While primarily involved with day-to-day cluster operations, he is also keenly interested... Read More →

Friday December 8, 2017 2:45pm - 3:20pm
Meeting Room 10AB, Level 3


From Monolith to Microservices with Kubernetes and Linkerd - Mason Jones, Credit Karma
After about eight years, Credit Karma had built up an impressive tech infrastructure...based on a PHP monolith. Over the past 18 months we’ve (carefully) adopted Docker, Linkerd, Consul, Kubernetes, and more as we shifted to microservices in order to enable continued engineering innovation. This is the story of our evolution from monolith to microservices, starting with our own homegrown tools. The talk will cover our iterations from basic plumbing to dynamic service discovery; why we started using Linkerd and selected Kubernetes; and how we evolved our systems step by step while continuing to serve 75 million members.

avatar for Mason Jones

Mason Jones

Senior Staff Infrastructure Engineer, Credit Karma
Mason is a technical leader in Credit Karma’s platform engineering department. His work has included spearheading the company's migration to microservices; integrating Kubernetes, service mesh, and Vault; and migration to public cloud. Before joining Credit Karma, Mason spent more... Read More →

Friday December 8, 2017 2:45pm - 3:20pm
Ballroom B, Level 1


Running Mesos Frameworks on Kubernetes with the Open-Source Universal Resource Broker - Fritz Ferstl, UNIVA
While Kubernetes continues to gain in popularity for cloud applications, many organizations run popular frameworks deployed on Mesos. The need to support multiple orchestration frameworks can result in added cost and complexity as organizations struggle to manage separate, siloed environments. Based on earlier work done for HPC users, Univa has contributed their Universal Resource Broker (URB) Technology to the Kubernetes community as an open-source project. The freely available software allows any Mesos compatible framework including (including Spark, Hadoop, Storm, Jenkins, Marathon and Chronos) to run along-side native Kubernetes services on a shared Kubernetes cluster providing the opportunity simplify environments and consolidate infrastructure.

In his talk Mr. Ferstl will discuss the challenge of running mixed workloads on Kubernetes, provide an architectural overview of the URB and provide a demonstration of the technology. He will also explain how Mesos users or application developers can get started quickly with the technology, and consider it for use in their own environments and applications.


Fritz Ferstl

Chief Technology Officer, UNIVA
Fritz is the Chief Technology Officer at Univa where he helps set technical direction for the company while also spearheading strategic alliances in EMEA. Fritz is widely regarded as the father of Grid Engine software and its forerunners Codine and GRD. He ran the Grid Engine software... Read More →

Friday December 8, 2017 2:45pm - 3:20pm
Ballroom C, Level 1


Effective RBAC - Jordan Liggitt, Red Hat
The v1 release of role-based access control (RBAC) in Kubernetes 1.8 provides a flexible way to ensure users and applications have proper access to the Kubernetes API. This talk is for administrators who want to secure their clusters, and for anyone who wants their applications to integrate easily in RBAC-enabled environments. This talk will give an overview of the RBAC design and API, explain how to set up an RBAC-enabled cluster, demonstrate applying policies to existing applications, show how to create custom roles to distribute with applications, and answer the question "Can Bob educate dolphins?"

avatar for Jordan Liggitt

Jordan Liggitt

Principal Software Engineer, Red Hat
Jordan Liggitt is a principal software engineer at Red Hat, and helps lead Kubernetes authentication and authorization efforts.

Friday December 8, 2017 4:25pm - 5:00pm
Meeting Room 12AB, Level 4