Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Operations - CloudNativeCon [clear filter]
Wednesday, December 6


Establishing Container Trust at Scale [I] - Tim Mackey, Black Duck Software
Quantifying risks in a container image is a critical aspect of production deployments. With orchestration clusters supporting thousands of nodes, any risk assessment solution must work at production scale. Once a trusted image is deemed vulnerable, application risk increases, but which applications are impacted, and how far has trust been broken? Trust is established through best practices including the use of trusted image registries, static code analysis, fuzzing, strong perimeter defenses and deployment controls. Unfortunately, this trust model omits information flow.
Malicious actors succeed when applications are most vulnerable. When devising action plans in response to security disclosures, defenders must quickly assess both the impact and scope of the disclosure. This time to remediation requires accurate and actionable vulnerability assessments as applications are created, deployed and scaled. Enhancing security information flow accelerates risk mitigation at production scale.

avatar for Tim Mackey

Tim Mackey

Senior Technical Evangelist, Black Duck by Synopsys
Tim Mackey is a technology evangelist for Black Duck Software specializing in the secure deployment of applications using virtualization, cloud and container technologies. Prior to joining Black Duck, Tim was most recently the community manager for XenServer and was part of the Citrix... Read More →

Wednesday December 6, 2017 11:10am - 11:45am
Meeting Room 6AB, Level 3


How We Built a Framework at Twitter to Solve Service Ownership & Improve Infrastructure Utilization at Scale [I] - Vinu Charanya, Twitter
Twitter is powered by thousands of microservices that run on our internal Cloud platform which consists of a suite of multi-tenant platform services that offer Compute, Storage, Messaging, Monitoring, etc as a service. These platforms have thousands of tenants and run atop hundreds of thousands of servers, across on-prem & the public cloud. The scale & diversity in multi-tenant infrastructure services makes it extremely difficult to effectively forecast capacity, compute resource utilization & cost and drive efficiency.

In this talk, I would like to share how my team is building a system (Kite - A unified service manager) to help define, model, provision, meter & charge infrastructure resources. The infrastructure resources include primitive bare metal servers / VMs on the public cloud and abstract resources offered by multi-tenant services such as our Compute platform (powered by Apache Aurora/Mesos), Storage (Manhattan for key/val, Cache, RDBMS), Observability. Along with how we solved this problem, I also intend to share a few case-studies on how we were able to use this data to better plan capacity & drive a cultural change in engineering that helped improve overall resource utilization & drive significant savings in infrastructure spend.


Vinu Charanya

Senior Software Engineer, Twitter
Vinu Charanya is a Senior Software Engineer at Twitter where she works in the Compute Platform building Twitter’s internal cloud infrastructure management platform. She is also a core team member of Women who code, a non-profit organization dedicated to inspiring women to excel... Read More →

Wednesday December 6, 2017 11:55am - 12:30pm
Meeting Room 6AB, Level 3


The Mechanics of Deploying Envoy at Lyft - Matt Klein, Lyft
The idea of the "service mesh" is becoming very popular in microservice design circles. However, the mechanics of deploying one into an existing infrastructure are far from simple. In this talk we will cover the logistical details of how Envoy was developed and deployed incrementally at Lyft, focusing primarily on the evolution of service mesh configuration management. We will also discuss why high level systems such as Istio are likely to be the main mechanism by which most customers ultimately get access to the technology.

avatar for Matt Klein

Matt Klein

Creator, Envoy
Matt Klein is the creator of Envoy and a software engineer at Lyft. He has been working on operating systems, virtualization, distributed systems, networking and making systems easy to operate for nearly 20 years across a variety of companies. Some highlights include leading the development... Read More →

Wednesday December 6, 2017 2:00pm - 2:35pm
Meeting Room 6AB, Level 3


Kubernetes, Metadata and You [I] - Liz Rice, Aqua Security & Gareth Rushgrove, Puppet
The combination of CI/CD tools and Kubernetes means we can set up a pipeline for deploying code changes as they happen, triggering a container image build and a rolling update to pull the new image. But what about changes that are about the application and how it should run, rather than the code itself?

This talk will explore tools and approaches for managing application metadata alongside the application code. We will look at:

- The importance of metadata to managing modern Cloud Native systems
- Built-in metadata capabilities in Kubernetes like ConfigMaps, Annotations and Labels
- Ways of making a deployment self-describing as part of a CI/CD workflow
- Using metadata to make the life of Kubernetes operators easier
- Examples of open source tools (like Manifesto, Lumogon and Skopeo) which work with Kubernetes ecosystem metadata

avatar for Liz Rice

Liz Rice

Vice President, Open Source Engineering, Aqua Security
Liz Rice is VP Open Source Engineering at cloud native security specialists Aqua Security. She also chairs the CNCF's Technical Oversight Committee, and was Co-Chair of KubeCon + CloudNativeCon in 2018. She has a wealth of software engineering experience working on network protocols... Read More →
avatar for Gareth Rushgrove

Gareth Rushgrove

Director Product Management, Snyk
Gareth works remotely from Cambridge, UK, helping to build interesting tools for people to better manage infrastructure and applications. He currently works at Snyk, working on developer-first security tooling. He has previously worked for the UK Government Digital Service focused... Read More →

Wednesday December 6, 2017 2:45pm - 3:20pm
Meeting Room 6AB, Level 3


Queueing Theory, In Practice: Performance Modelling in Cloud-Native Territory [I] - Eben Freeman, Honeycomb.io
Kubernetes and similar cloud-native infrastructure make it easier than ever to adjust a service's capacity based on variable demand. In practice, it's still hard to take observed metrics, and translate them into quantitative predictions about what will happen to service performance as load changes. Resource limits are often chosen by guesstimation, and teams are likely to find themselves reacting to slowdowns and bottlenecks, rather than anticipating them.

Queueing theory can help, by treating large-scale software systems as mathematical models. But it's not easy to translate between real-world systems and textbook models. This talk will cover practical techniques for turning operational data into actionable predictions. We'll show how to use results from queueing theory to develop a model of system performance. We'll discuss what data to gather in production to better inform its predictions -- for example, why it's important to capture the shape of a latency distribution, and not just a few percentiles. We'll also talk about some of the limitations and pitfalls of performance modelling.


Eben Freeman

Engineer, Honeycomb.io
Now largely reformed after stints studying theoretical math and living as an itinerant rock climber, Eben is fascinated by tools that help humans better understand the systems they create. He works as an engineer at Honeycomb.io.

Wednesday December 6, 2017 3:40pm - 4:15pm
Meeting Room 6AB, Level 3


Cloud Native Logging 101 [B] - Eduardo Silva, Treasure Data
In the Cloud Native Era logging is a fundamental piece of the instrumentation life cycle. With applications running as micro services the log information generated is much more and understanding how to implement and manage logging with this new architecture is fundamental.

This 101 presentation will introduce the concepts of log processing (end-to-end) applied to applications running in orchestrated environments managed by Kubernetes (live demos included).

avatar for Eduardo Silva

Eduardo Silva

Principal Engineer, Arm Treasure Data
Eduardo is a Principal Engineer at Arm Treasure Data. He currently leads the efforts to make logging and data processing more friendly and scalable in Embedded and Containerized systems such as Kubernetes. Maintainer of Fluent Bit, a lightweight log and stream processor Besides his... Read More →

Wednesday December 6, 2017 4:25pm - 5:00pm
Meeting Room 6AB, Level 3