KubeCon + CloudNativeCon Europe 2025: Full Schedule

In-person
1-4 April 2025
Learn More and Register to Attend

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon Europe 2025 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in British Summer Time (BST) (UTC +1). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change and session seating is available on a first-come, first-served basis.

Project Lightning Talk: Protect your Kubernetes Clusters with Ratify and Attestations - Yi Zha, Maintainer

Tuesday April 1, 2025 10:48 - 10:53 BST

Platinum Suite | Level 3

Attestations consist of authenticated statements about a software artifact or a collection of artifacts, as defined by the SLSA attestation. Examples include signed provenance files or signed SBOM files for container images. Attestations are vital for ensuring the integrity and trustworthiness of the software supply chain for container images.

Ratify, a CNCF sandbox project, provides a comprehensive framework for verifying artifact security metadata, such as signatures and attestations, to ensure artifacts are trustworthy and compliant before they are used.

In this lightning talk, Yi Zha will give an overview of the Ratify project and attestations, and a demo showcasing using Ratify for securing K8s deployments through attestation verification. Attendees will gain valuable insights into improving their Kubernetes security posture by leveraging Ratify's capabilities.

Tuesday April 1, 2025 10:48 - 10:53 BST
Platinum Suite | Level 3

Project Opportunities, Project Lightning Talks

Project Lightning Talk: Break

Tuesday April 1, 2025 12:46 - 13:30 BST

Platinum Suite | Level 3

Tuesday April 1, 2025 12:46 - 13:30 BST
Platinum Suite | Level 3

Project Opportunities

12:50 BST

Cloud Native Telco Day Hosted by CNCF - Half Day Event | ALL ACCESS PASS REQUIRED

Tuesday April 1, 2025 12:50 - 17:30 BST

Cloud Native Telco schedule is now LIVE!

Network Service Providers and Telco operators are rapidly adopting the latest CNCF technologies and transforming their infrastructure to become agile and address end user demands. While doing so they are blurring the lines between the network and the Cloud, creating synergy opportunities between the CNCF ecosystem and the Networking industry verticals.

The Cloud Native Telco Day brings together the Networking and Cloud Native open source communities, where telecom operators, vendors and Cloud Service Providers collaborate with the to share lessons learned and new concepts applicable across both worlds. To learn more please visit the event's website.

For questions regarding this event, please reach out to cncfcolocatedevents@linuxfoundation.org.

Tuesday April 1, 2025 12:50 - 17:30 BST

CNCF-hosted Co-located Events

13:00 BST

SUSE Rancher Day Hosted by SUSE

Hands-On Cloud Native Security Workshop Hosted by Sysdig + Google

Tuesday April 1, 2025 14:00 - 18:00 BST

Level 2 | South Gallery | Room 11 - 12

Join this hands-on workshop to master cloud-native threat detection with open-source Falco. Co-hosted by Sysdig and Google Cloud, this session is perfect for security professionals looking to enhance Kubernetes security.

What can you expect from attending?

Gain hands-on experience creating custom Falco rules, extending MITRE ATT&CK coverage, and using Atomic Red Team to detect threats in real time.
Learn to operationalize security rules aligned with MITRE, NIST, HIPAA, and SOC2, while reducing false positives and noise.
Discover how to automate updates with falcoctl for seamless integration with your cloud-native setup, and explore Falco Feeds by Sysdig for continuously updated security rules powered by their Threat Research Team.

Recent years have seen a proliferation of large language models (LLMs) that extend beyond traditional language tasks to generative AI. This includes models like ChatGPT and Stable Diffusion. As this generative AI focus continues to grow, there is a rising need for a cloud native infrastructure that

Provides solid and scalable multi-cluster machine learning platform.

This talks will explore how these rising needs are addressed by leverage Volcano and Karmada that enable multi-cluster job queuing, management, enhanced scheduling.

This talk will cover:
- The challenges for LLM training in single Kubernetes cluster\
- How to combine Volcano and Karmada to build a multi-cluster training platform
- How to handle to job queuing across multi-cluster to ensure the fairness and SLA
- How to balance the workload performance and multi-cluster utilization.
- Scheduling policies to avoid busy waiting and dead lock

Tuesday April 1, 2025 15:04 - 15:09 BST
Platinum Suite | Level 3

Project Opportunities, Project Lightning Talks

Badge Pick-Up

Wednesday April 2, 2025 07:30 - 18:15 BST

Level 1 | Hall Entrance S5

Wednesday April 2, 2025 07:30 - 18:15 BST
Level 1 | Hall Entrance S5

Registration

09:00 BST

Keynote: Welcome + Opening Remarks - Chris Aniszczyk, CTO, Cloud Native Computing Foundation

Wednesday April 2, 2025 09:00 - 09:25 BST

Level 0 | ICC Auditorium

Speakers

Chris Aniszczyk

CTO, Linux Foundation (CNCF)

Chris Aniszczyk is an open source executive and engineer with a passion for building a better world through open collaboration. He's currently a CTO at the Linux Foundation focused on developer relations and running the Open Container Initiative (OCI) / Cloud Native Computing Foundation... Read More →

Wednesday April 2, 2025 09:00 - 09:25 BST
Level 0 | ICC Auditorium

Keynote Sessions

09:26 BST

Keynote: Into the Black Box: Observability in the Age of LLMs - Christine Yen, CEO and Cofounder, Honeycomb

Wednesday April 2, 2025 09:26 - 09:41 BST

Level 0 | ICC Auditorium

LLMs can provide a quick injection of magic into an existing product (or product concept)! Most of us looking to build on LLMs aren't ML engineers or AI experts, after all, and this new wave of LLM offerings makes it easy for any of us to build something delightful.

But once that product or feature is shipped, in production, in front of users, the problems all collapse back into something that feels awfully familiar: performance challenges, questionable accuracy, and unhappy or confused users.

This talk will assert that building on LLMs is just like buliding on top of any other sort of black box in our architecture (APIs, DBs, etc)—this one just happens to be inherently unpredictable and probablistic.

We'll cover how to leverage observability best practices (like SLOs!) in this highly parameterized and rapidly evolving world, with nondeterministic outputs and a bunch of perceived risks—and you'll emerge more confident and ready to deal with this new AI-driven world.

Speakers

Christine Yen

CEO/Cofounder, Honeycomb

Christine is the CEO/cofounder of Honeycomb, an observability tool for teams who build and manage software that matters. She cares deeply about bridging the gap between devs and ops with technological and cultural improvements—and thinks that observability is really just a way... Read More →

Wednesday April 2, 2025 09:26 - 09:41 BST
Level 0 | ICC Auditorium

Keynote Sessions, Observability

Content Experience Level Intermediate

09:42 BST

09:48 BST

Keynote: AI Enabled Observability Explainers - We Actually Did Something With AI! - Vijay Samuel, Principal MTS, Architect, eBay

Wednesday April 2, 2025 09:48 - 10:03 BST

Level 0 | ICC Auditorium

If folks think that this will be yet another hand wavy AI talk, prepared to be disappointed! Over the last few quarters, the Observability platform team at eBay has embarked on the journey of building "Explainers" for telemetry signals. "So, you are just shoving data into an LLM, big deal!" - one might say. The approach that we took was slightly different. Yes, an LLM does know how to interpret an OTEL trace waterfall but does it do it predictably? No! For various reasons. This is where AI and Engineering have a beautiful marriage. For each signal, we have carefully married crafty algorithms and LLMs to create more predictable and accurate AI enabled experiences. Some of which include explaining traces, metrics and logs.

We have also cumulated these building block explainers to create compound explainers that can explain dashboards. This talk describes how things like critical path detection along with LLMs are better than just giving entire traces to the LLMs and more.

Speakers

Vijay Samuel

Principal MTS, Architect, eBay

Vijay Samuel works with eBay's Reliability Engineering as its architect. During his time at eBay Vijay has transformed eBay's observability platform into a cloud native offering that is primarily built on top of open source technologies. He loves to code in Go and play video game... Read More →

Wednesday April 2, 2025 09:48 - 10:03 BST
Level 0 | ICC Auditorium

Keynote Sessions, Observability

Content Experience Level Intermediate

10:04 BST

10:10 BST

Keynote: The Observability Platform Engineering Advantage: From Zero-Code to Monitoring as Code - Kasper Borg Nissen, Developer Relations Engineer, Dash0

Wednesday April 2, 2025 10:10 - 10:25 BST

Level 0 | ICC Auditorium

Observability is often an afterthought in platform engineering and many organizations settle for a "good enough" approach, leading to fragmented data, complex query languages, and vendor lock-in. But a cohesive observability strategy is critical, not just for applications running on the platform, but also for the platform itself and the services it depends on.

Enter OpenTelemetry, a CNCF project that unifies observability data across traces, logs, and metrics, reducing metadata fragmentation and vendor-specific lock-in. With zero-code instrumentation, developers can collect insights effortlessly, while platform engineers can enforce observability as code, enabling scalable, repeatable monitoring.

This session explores how platform engineers can bridge the gap between developers, operators, and observability by integrating OpenTelemetry into cloud-native stacks. You'll learn how to simplify instrumentation, leverage monitoring as code with OpenTelemetry Operator and Perses (CNCF Sandbox project), and optimize observability across multiple layers of your platform. By embracing open standards, you can enhance visibility, reduce complexity, and build a more resilient, insight-driven platform.

Speakers

Kasper Borg Nissen

Developer Relations Engineer, Dash0

Kasper is a Developer Relations Engineer at Dash0, where he is thrilled to step into the observability space. He looks forward to promoting open standards with OpenTelemetry and Perses, helping teams gain deeper insights into their systems. Previously, Kasper served as a Staff Platform... Read More →

Wednesday April 2, 2025 10:10 - 10:25 BST
Level 0 | ICC Auditorium

Keynote Sessions

10:26 BST

Keynote: Empowering Accessibility Through Kubernetes: The Future of Real-Time Sign Language Interpretation - Rob Koch, Principal, Slalom Build

Wednesday April 2, 2025 10:26 - 10:41 BST

Level 0 | ICC Auditorium

Communication barriers exclude millions of people from fully participating in everyday interactions. For the deaf and hard-of-hearing community, the absence of scalable, real-time sign language interpretation remains a persistent challenge. In this session, we will demonstrate a forward-looking AI-powered application that translates sign language into spoken language, deployed and orchestrated on Kubernetes. This application leverages generative AI (LxMs) to scale for multiple users, representing a step toward a future where communication is accessible to all.
Using the sign language translation use case, the session will demonstrate how Kubernetes is well positioned to support AI workloads, how it optimizes cluster resources for video and language processing, and how it integrates seamlessly with generative AI use-cases.

Speakers

Rob Koch

Principal, Slalom Build

A tech enthusiast who thrives on steering projects from their initial spark to successful fruition, Rob Koch is Principal at Slalom Build, AWS Hero, and Co-chair of the CNCF Deaf and Hard of Hearing Working Group. His expertise in architecting event-driven systems is firmly rooted... Read More →

Wednesday April 2, 2025 10:26 - 10:41 BST
Level 0 | ICC Auditorium

Keynote Sessions, AI + ML

Content Experience Level Intermediate

10:42 BST

Keynote: Closing Remarks

Wednesday April 2, 2025 10:42 - 10:45 BST

Level 0 | ICC Auditorium

Wednesday April 2, 2025 10:42 - 10:45 BST
Level 0 | ICC Auditorium

Keynote Sessions

10:45 BST

Coffee Break ☕

Wednesday April 2, 2025 10:45 - 11:15 BST

Level 1 | Hall Entrances S8 - S9, N8 - N9

Wednesday April 2, 2025 10:45 - 11:15 BST
Level 1 | Hall Entrances S8 - S9, N8 - N9

Breaks

10:45 BST

Solutions Showcase

Wednesday April 2, 2025 10:45 - 19:45 BST

Level 1 | Hall Entrances S8 - S9, N8 - N9

Explore the exhibit booths to learn more about the latest technologies, browse special offers and job posts, and much more.

In order to facilitate networking and business relationships at the event, you may choose to visit a third party’s booth or access sponsored content. You are never required to visit third party booths or to access sponsored content. When visiting a booth or participating in sponsored activities, the third party will receive some of your registration data. This data includes your first name, last name, title, company, address, email, standard demographics questions (i.e. job function, industry), and details about the sponsored content or resources you interacted with. If you choose to interact with a booth or access sponsored content, you are explicitly consenting to receipt and use of such data by the third-party recipients, which will be subject to their own privacy policies.

Wednesday April 2, 2025 10:45 - 19:45 BST
Level 1 | Hall Entrances S8 - S9, N8 - N9

Solutions Showcase

11:15 BST

Scaling GPU Clusters Without Melting Down! - Alay Patel & Ryan Hallisey, NVIDIA

Wednesday April 2, 2025 11:15 - 11:45 BST

Level 1 | Hall Entrance S10 | Room A

As GPUs become more powerful, their capacity to handle concurrent workloads increases, presenting new scaling challenges for Kubernetes clusters. In this session, we will share insights and strategies from NVIDIA’s experience right-sizing a Kubernetes control plane, while scaling up to meet business demand.

We will demonstrate how we measure the control plane resource consumption and share techniques and configuration parameters used that improved control-plane performance and scalability, such as: changing golang tunables, the goaway-chance parameter in kube-apiserver and some scheduler configurations. We will also share an often overlooked factor - the volume of YAML per API call. Finally, we will share how we use simulation techniques like KWOK (Kubernetes WithOut Kubelet) to measure new Kubernetes features, like DRA (Dynamic Resource Allocation), for control-plane scalability and performance before we roll it out in production.

Speakers

Ryan Hallisey

Software Engineer, NVIDIA

Ryan is a software engineer at NVIDIA. He works on building data centers powered by Kubernetes and KubeVirt for NVIDIA products.

Alay Patel

Senior Software Engineer, Nvidia

Alay is a Senior Software Engineer at Nvidia where he works on cloud gaming service, managing infrastructure for GPU workloads. He is passionate about open source with a focus on Kubernetes and platform engineering.

Wednesday April 2, 2025 11:15 - 11:45 BST
Level 1 | Hall Entrance S10 | Room A

AI + ML

Content Experience Level Beginner

11:15 BST

Dapr + Score: Mixing the Perfect Cocktail for an Enhanced Developer Experience - Mathieu Benoit, Humanitec & Kendall Roden, Diagrid

Wednesday April 2, 2025 11:15 - 11:45 BST

Level 1 | Hall Entrance N10 | Room H

Developer Experience (DevEx) is an important concept in Platform Engineering and in the cloud native space, advocating for self-service and reduced cognitive load. Its primary goal is to empower developers, allowing them to focus on coding rather than fighting with infrastructure intricacies. What is the right level of abstraction? Which type of tooling is essential? How can teams identify the concepts and workflows that drive value and success?
Tools such as Dapr and Score are being used in innovative ways to make a wider range of developers more productive. On one hand, they allow the Developers to be abstracted from underlying infrastructure and dependencies. On the other hand, Platform Engineers can easily configure the building blocks and associated infrastructure, seamlessly for the Developers.
This talk demonstrates a practical blueprint between Dapr and Score, where you will see how to deploy any Dapr containerized workloads defined by Score, to Docker Compose or Kubernetes.

Speakers

Mathieu Benoit

Cloud Native Ambassador & Customer Success Engineer, Humanitec

I’m passionate about Cloud Native Computing technologies driven by Open Source, Cloud, Security, SRE, Containers, DevOps, Platform Engineering and Kubernetes. Based on my past experiences as software engineer, IT consultant, solution architect and customer success engineer, I now... Read More →

Kendall Roden

Technical Product Lead, Diagrid

Kendall is a Technical Product Lead at Diagrid, helping shape the future of cloud-native development through the creation of developer-centric products. After 6+ years at Microsoft in a variety of roles in the application development space, Kendall transitioned into product management... Read More →

Wednesday April 2, 2025 11:15 - 11:45 BST
Level 1 | Hall Entrance N10 | Room H

Application Development

Content Experience Level Intermediate

11:15 BST

A Comparative Analysis of Kueue, Volcano, and YuniKorn - Wei Huang, Apple & Shiming Zhang, DaoCloud

Wednesday April 2, 2025 11:15 - 11:45 BST

Level 1 | Hall Entrance N10 | Room G

Choosing the best solution for running batch workloads on Kubernetes can be frustrating. Kueue, Volcano, and Apache YuniKorn were designed to address similar challenges but differ in how they tackle them. Deciding which is most suitable for a specific use case is often confusing.

Batch workloads like big data, data engineering, HPC, AI, and machine learning share common requirements, especially around batch-scheduling. Managing resource sharing and isolation between tenants while balancing utilization and meeting SLAs presents a significant challenge on Kubernetes.

This session dives into three community-driven solutions: Kueue, Volcano, and Apache YuniKorn. We’ll explore their features, use-case suitability, and design trade-offs, providing a comprehensive comparison. Attendees will leave with the insights needed to answer a crucial question: which solution best addresses the batch-scheduling needs of my workloads?

Speakers

Shiming Zhang

Software Engineer, DaoCloud

Shiming Zhang is a contributor to Kubernetes with the main focus on scalability, performance, reliability and testing, he gained experience and contributed to many Kubernetes features and most of its components.

Wei Huang

Staff Software Engineer, Apple

Wei Huang is a Software Engineer at Apple, focusing on Kube scheduling and control plane. He has served as a co-chair of Kubernetes SIG-Scheduling for years. He is also the founder of two Kubernetes sub-projects, scheduler-plugins, and kwok.

Wednesday April 2, 2025 11:15 - 11:45 BST
Level 1 | Hall Entrance N10 | Room G

Cloud Native Experience

Content Experience Level Beginner

11:15 BST

"Izzy Saves the Birthday" - A Story-Driven Live Demo Exploring the Magic of Service Mesh - Lin Sun, solo.io & Faseela Kundattil, Ericsson Software Technology

Wednesday April 2, 2025 11:15 - 11:45 BST

Level 1 | Hall Entrance N10 | Room F

Ahoy, Kubernetes fans! Captain Kube is thrilled to host a grand cruise celebrating Kubernetes’ 10th birthday. But trouble looms on the horizon—three pirates have sneaked into the party, intent on disrupting the celebration and looting the precious birthday gifts.

Can Captain Kube and his friends uncover the pirates’ identities and safely evict them before the festivities are ruined? Join Phippy, Izzy, Owlina, Goldie, Tiago, Hazel, Zee, and the rest of the crew as they work together to protect the party. Will they get to enjoy cocktails and cake, or will the pirates spoil all the fun?

Istio maintainer and authors of the CNCF Phippy book-”Izzy saves the Birthday”, Faseela K and Lin Sun invite you to an engaging first look at their new book. This interactive session will also include live demos showcasing how CNCF projects like Kubernetes, Istio, Prometheus, SPIFFE, Envoy, and more come together to tackle challenges, ensuring a fun, safe, and seamless cruise experience.

Speakers

Faseela K

Experienced Cloud-native Developer, Ericsson Software Technology

Faseela is a cloud-native developer at Ericsson, and a maintainer and Steering Committee member at Istio. She has given talks and workshops at several conferences evangelizing CNCF projects, including the recent KubeCons. She is a CNCF Ambassador, LFX Mentor, and the winner of the... Read More →

Lin Sun

CNCF TOC member and Head of Open-Source, solo.io

Lin is the Head of Open Source at Solo.io, and a CNCF TOC member and ambassador. She has worked on the Istio service mesh since the beginning of the project in 2017 and serves on the Istio Steering Committee and Technical Oversight Committee. Previously, she was a Senior Technical... Read More →

Wednesday April 2, 2025 11:15 - 11:45 BST
Level 1 | Hall Entrance N10 | Room F

Cloud Native Novice

Content Experience Level Beginner

11:15 BST

Stateful Superpowers: Explore High Performance and Scaleable Stateful Workloads on K8s - Alex Chircop & Chris Milsted, Akamai

Wednesday April 2, 2025 11:15 - 11:45 BST

Level 1 | Hall Entrance S10 | Room D

There is no such thing as a stateless application - All applications need to store state somewhere!

Stateful workloads like databases and key value stores are often deployed outside of K8s, missing out on all the benefits of declarative config, scaling, failover and automatic healing.

In this talk we show how running stateful workloads in K8s is not only performant and scalable but are also resilient, and can facilitate Disaster Recovery.

We will discuss the cloud native ecosystem and provide live demos of:
* Running a million RPS on a KV store with TiKV
* Running scalable, replicated and resilient Postgres databases with CloudNativePG
* Running analytics & ML on a distributed filesystem with CubeFS
… all in K8s, using K8s features to scale, failover and run day 2 operations. Working examples for the demos will be shared to enable the audience to run their own databases and stateful workloads in K8s.

Finally, we will end with a discussion of use cases and best practices.

Speakers

Alex Chircop

Chief Architect, Akamai

Chief Architect at Akamai. Previously a founder and CTO of Ondat (formerly StorageOS), building software defined solutions for cloud native environments. Alex is also a co-chair of the CNCF Storage TAG. Before embarking on the startup adventure he spent over 25 years engineering infrastructure... Read More →

Chris Milsted

Senior Product Architect, Akamai

Chris has been working with Kubernetes since pre 1.0 when it was the Beta for OpenShift version 3 at Red Hat. Since then he has moved, via VMware and Tanzu, to Akamai (via Ondat) as a Senior Product Architect, helping to design and deliver cloud scale technologies. Outside of work... Read More →

Wednesday April 2, 2025 11:15 - 11:45 BST
Level 1 | Hall Entrance S10 | Room D

Data Processing + Storage

Content Experience Level Intermediate

11:15 BST

Advancements in AI/ML Inference Workloads on Kubernetes From WG Serving and Ecosystem Projects - Yuan Tang, Red Hat & Eduardo Arango Gutierrez, NVIDIA

Wednesday April 2, 2025 11:15 - 11:45 BST

Level 3 | ICC Capital Suite 7-9

The emergence of Generative AI (GenAI) has introduced new challenges and demands in AI/ML inference, necessitating advanced solutions for efficient serving infrastructures. The Kubernetes Working Group Serving (WG Serving) is dedicated to enhancing serving workload on K8s, especially for hardware-accelerated AI/ML inference. This group prioritizes compute-intensive inference scenarios using specialized accelerators, benefiting various serving workloads such as web services and stateful databases.

This session will dive into recent progress and updates on WG Serving's initiatives and workstreams. We will spotlight discussions and advancements in each workstream. We are also actively looking for feedback and partnership with model server authors and other practitioners who want to utilize powers of K8s for their serving workloads. Join us to gain insight into our work and learn how to contribute to advancing AI/ML inference on K8s.

Speakers

Eduardo Arango Gutierez DE

Senior Systems Software Engineer, NVIDIA

Eduardo is a Senior Systems Software Engineer at NVIDIA, working on the Cloud Native Technologies team. Eduardo has focused on enabling users to build and deploy containers on distributed environments.

Yuan Tang

Principal Software Engineer, Red Hat

Yuan is a principal software engineer at Red Hat, working on OpenShift AI. He has led AI infrastructure and platform teams at various companies. He holds leadership positions in open source projects, including Argo, Kubeflow, and Kubernetes. He's a maintainer and author of many popular... Read More →

Wednesday April 2, 2025 11:15 - 11:45 BST
Level 3 | ICC Capital Suite 7-9

Maintainer Track, Serving

11:15 BST

OpenFeature Update From the Maintainers - Thomas Poignant, Adevinta & Lukas Reining, codecentric AG

Wednesday April 2, 2025 11:15 - 11:45 BST

Level 3 | ICC Capital Suite 10-12

OpenFeature is an open specification that provides a vendor-agnostic, community-driven API for feature flagging that works with your favorite feature flag management tool or in-house solution.

Come along to hear all the news about OpenFeature (including: code generation, support of tracking events, OTEL semantic conventions, distributed flag evaluation) and the projects future plans.

We also wants to open the floor to all the questions about the current state and future of OpenFeature.

Speakers

Thomas Poignant

Head Of Engineering, Adevinta

French guy living in Paris, I'm on a thrilling journey as a tech enthusiast, currently working as a Head of Engineering at AdevintaProudly contributing to the CNCF's OpenFeature project as a member of the Technical Committee, I'm immersed in the dynamic world of open source.

Lukas Reining

OpenFeature TC Member and IT Consultant & Developer, codecentric AG

Lukas is a software developer and IT consultant at codecentric. His main interest is centered around software architecture and cloud native applications.

Wednesday April 2, 2025 11:15 - 11:45 BST
Level 3 | ICC Capital Suite 10-12

Maintainer Track, OpenFeature

11:15 BST

OpenTelemetry Project Update - Daniel Gomez Blanco, Skyscanner; Severin Neumann, Independent; Alolita Sharma, Apple; Trask Stalnaker, Microsoft; Pablo Baeyens, Datadog

Wednesday April 2, 2025 11:15 - 11:45 BST

Level 3 | ICC Capital Suite 14-16

Join us for the official OpenTelemetry project updates session at KubeCon+CloudNativeCon. In this session, Governance Committee members will share some of the latest project developments and milestones achieved, and they will offer a glimpse into the future of OpenTelemetry. This session is your chance to engage with other contributors present at the event, ask questions about the project, and receive direct responses from core project maintainers. Don't miss this opportunity to stay informed and contribute to the discussion on the exciting advancements within OpenTelemetry.

Speakers

Severin Neumann

OpenTelemetry Governance Committee Member, Independent

Severin is an elected member of the OTel Governance Committee and a co-maintainer of the OpenTelemetry (OTel) SIG Communications, which is reponsibile for the website, documentation, blog and social media channels of the project. He is currently focusing on a project which aims to... Read More →

Alolita Sharma

OpenTelemetry Governance Committee Member, Observability Engineering at Apple, Apple

Alolita Sharma is a member of OpenTelemetry GC, Observability TAG co-chair, CNCF End-User TAB Chair and Governing Board member. She leads Apple’s AIML observability teams. She contributes to open source, open standards at OpenTelemetry, Unicode, W3C. She has served on the boards... Read More →

Daniel Gomez Blanco

Principal Software Engineer, OpenTelemetry Governance Committee, Skyscanner

Observability lead at Skyscanner, member of the OpenTelemetry Governance Committee, and author of "Practical OpenTelemetry: Adopting Open Observability Standards Across Your Organization". Throughout my career, my main focus has been reducing the cognitive load required to operate... Read More →

Trask Stalnaker

Principal Software Engineer, Microsoft

OpenTelemetry Governance Committee, OpenTelemetry Semantic Convention and Java Instrumentation Maintainer, Java @ Microsoft

Pablo Baeyens

Software Engineer, Datadog

Pablo Baeyens is a Senior Software Engineer working at Datadog. He lives in Granada, Spain and since late 2020 he has been involved in the OpenTelemetry project, where he is part of the OpenTelemetry Governance Committee and maintains the OpenTelemetry Collector. Outside of open source... Read More →

Wednesday April 2, 2025 11:15 - 11:45 BST
Level 3 | ICC Capital Suite 14-16

Maintainer Track, OpenTelemetry

11:15 BST

Prometheus 3.0 Has Released – Deep Dive Into Features and Roadmap - Richard Hartman, Grafana Labs

Wednesday April 2, 2025 11:15 - 11:45 BST

Platinum Suite | Level 3 | Room 1-2

Join us for

* A short intro on what Prometheus is, why it is the cloud native default, and why everyone using Kubernetes successfully is using Prometheus in some way or form
* A deep dive into the newest developments
* A Q&A with the Prometheus maintainers

Speakers

Richard Hartmann

Office of the CTO, Grafana Labs

Richard "RichiH" Hartmann is the Director of Community at Grafana Labs, a member of the Office of the CTO of Grafana Labs, Prometheus team member, OpenMetrics founder, OpenTelemetry member, CNCF Technical Oversight Committee member, CNCF Governing Board member, and more. He also leads... Read More →

Wednesday April 2, 2025 11:15 - 11:45 BST
Platinum Suite | Level 3 | Room 1-2

Maintainer Track, Prometheus

11:15 BST

Rook: Intro and Deep Dive With Ceph Storage - Travis Nielsen, Blaine Gardner & Madhu Rajanna, IBM, Artem Torubarov & Deepika Upadhyay, Clyso

Wednesday April 2, 2025 11:15 - 11:45 BST

Platinum Suite | Level 3 | Room 3-4

The Rook project will be introduced to attendees of all levels and experience. Rook is an open source cloud-native storage operator for Kubernetes, providing the platform, framework, and support for Ceph to natively integrate with Kubernetes. The panel will discuss various scenarios to show how Rook configures Ceph to provide stable block, shared file system, and object storage for your production data. Rook was accepted as a graduated project by the Cloud Native Computing Foundation in October 2020.

Speakers

Madhu R

Software Architect at IBM Deutschland RD GmbH, IBM Deutschland RD GmbH

Software Architect at IBM Storage on the OpenShift Data Foundation (ODF) team. He is a maintainer of the Ceph-CSI and CSI-Addons and a reviewer of the Rook project.

Travis Nielsen

Rook Lead Maintainer, IBM

Travis Nielsen is a Senior Technical Staff Member for IBM where he is a maintainer on Rook and member of the ODF and Ceph engineering team. Prior to IBM and Red Hat, Travis worked in storage at Quantum and Symform, a P2P storage startup, and was an engineering lead for the Windows... Read More →

Blaine Gardner

Rook Maintainer, IBM

Blaine is a Senior Advisory Software Engineer at IBM Storage on the Ceph OpenShift/Fusion Data Foundation (ODF) team. He is a maintainer of the CNCF-graduated Rook project making sure Ceph and Kubernetes live together in harmony. Their current focus topics are the Container Object... Read More →

Deepika Upadhyay

Ceph Engineer, Clyso

I’m Deepika, a Ceph Engineer at Clyso working on the Rook project. With over 5 years in the Ceph community, I specialize in deploying large-scale Rook Ceph clusters for enterprises, particularly in containerized environments. My career started with Ceph Storage Engineering, focusing... Read More →

Artem Torubarov

Software engineer, Clyso GmbH

Senior software engineer with over 10 years of experience. I’m a passionate advocate for Go, Kubernetes, and the CNCF ecosystem. Most part of my careed developed deistributed backend applications. Currently, I work at Clyso, focusing on storage technologies, including running Ceph... Read More →

Wednesday April 2, 2025 11:15 - 11:45 BST
Platinum Suite | Level 3 | Room 3-4

Maintainer Track, Rook

11:15 BST

First Day Foresight: Anomaly Detection for Observability - Prashant Gupta & Kruthika Prasanna Simha, Apple

Wednesday April 2, 2025 11:15 - 11:45 BST

Level 1 | Hall Entrance N10 | Room E

Picture this! You are deploying an application on a cloud platform, and you want to ensure seamless performance for the application from day one. Early anomaly detection is crucial for identifying issues before they escalate and maintaining system reliability. Ideally, you will leverage historical data to train an ML model for real-time anomaly detection. However, the complexity of training and deploying ML models makes them impractical at launch. What if you could skip training and still spot anomalies in your application health metrics the moment your system is live?

In this session you’ll learn about the benefits of using pre-trained ML models for day one anomaly detection. We’ll discuss how to deploy lightweight, unsupervised pre-trained models using cloud-native tools like Kubeflow for model fine-tuning. Attendees will learn techniques to setup and refine models to detect anomalies and observe application health from the first deployment.

Speakers

Kruthika Prasanna Simha

Machine Learning Engineer, Apple

Kruthika is a software engineer at Apple specializing in building ML enabled observability solutions. She holds a Masters in Computer Engineering and has specialized in ML. Kruthika is on a mission to identify how the ML and cloud-native worlds converge towards bigger and better ML... Read More →

Prashant Gupta

Senior Software Engineer, Apple Inc

Prashant is a software engineer at Apple, specializing in building ML-enabled observability solutions focused on reducing MTTD and MTTR. He holds a master’s degree in Machine Learning and NLP and enjoys exploring how these domains intersect with Observability, Automation, and Root... Read More →

Wednesday April 2, 2025 11:15 - 11:45 BST
Level 1 | Hall Entrance N10 | Room E

Observability

Content Experience Level Any

11:15 BST

Taking Care of Your Control Plane With API Priority and Fairness and Resource Quotas - Matteo Ruina & Ayaz Badouraly, Datadog

Wednesday April 2, 2025 11:15 - 11:45 BST

Level 1 | Hall Entrance S10 | Room C

In a Kubernetes multi-tenant environment, cluster administrators face the challenge of keeping the platform stable amid competing and diverse workloads. A single misbehaving user can overload the Control Plane or use much more than their share of resources.

API Priority and Fairness (APF) and Resource Quotas are the Kubernetes tools for administrators to address these concerns. APF provides a fine-grained classification to throttle API Server requests, while Resource Quotas provides constraints that limit resource consumption per namespace. However, tuning them to be effective and not too restrictive at the same time can be complex.

In this session, we will talk about what we learned implementing both across hundreds of clusters and thousands of workloads. We will cover our setup and configuration, the challenges we faced and our tips to address them, the drawbacks you need to be aware of, and how to reuse what we learned for your own clusters.

Speakers

Matteo Ruina

Senior Software Engineer, Datadog

Matteo is a Senior Software Engineer at Datadog in the Compute Control Plane team, where he has been managing hundreds of self-hosted Kubernetes control planes since 2022. Prior to Datadog, Matteo worked at Skyscanner on Kubernetes, operators and progressive rollout controllers... Read More →

Ayaz Badouraly

Senior Software Engineer, Datadog

Ayaz Badouraly is a Senior Software Engineer at Datadog in the Compute Control Plane team. With his background on Site Reliability Engineering, his current work focuses on the availability and scalability of Kubernetes control planes. He also enjoys understanding counterintuitive... Read More →

Wednesday April 2, 2025 11:15 - 11:45 BST
Level 1 | Hall Entrance S10 | Room C

Operations + Performance

Content Experience Level Any

11:15 BST

Dashboards & Dragons: Crafting SLOs To Tame the AI Platform Chaos - Alexa Griffith & Ankita Chaudhari, Bloomberg

Wednesday April 2, 2025 11:15 - 11:45 BST

Level 1 | Hall Entrance S10 | Room B

Scaling a Kubernetes platform is no fairy tale—it’s a quest with unexpected twists, chaos, and the occasional missing treasure map. In this talk, we’ll recount our journey taming the complexity of multi-cluster platforms with SLIs, SLOs, and observability dashboards.
From defining meaningful metrics to designing actionable SLO dashboards, we’ll share insights, lessons learned, and practical tips for maintaining platform reliability — regardless of if you’re deploying in the cloud, on-prem or in a hybrid environment. Through real-life lessons and battle-tested strategies, we’ll dive into the role of SLIs and SLOs in helping ensure platform robustness, discuss how to design platform observability, and highlight best practices for maintaining reliability at scale. You’ll leave equipped with the knowledge to design observability practices that ensure your AI workloads run smoothly, even at scale. Join us as we demystify SLI/SLO strategies with practical examples from our AI platform.

Speakers

Ankita Chaudhari

Senior Technical Product Manager, Bloomberg

Ankita is a Senior Technical Product Manager for the AI Platforms team in the Office of the CTO at Bloomberg. She focuses on the product strategy and development of cutting-edge solutions that power GenAI workloads at scale. She drives initiatives that involve optimizing performance... Read More →

Alexa Nicole Griffith

Senior Software Engineer, Bloomberg LP

Alexa Griffith is a Senior Software Engineer on Bloomberg’s Cloud Native Compute Services organization. She works on building an inference platform for ML workflows and the open source project KServe. She enjoys solving engineering challenges at scale and writing code in Go. She... Read More →

Wednesday April 2, 2025 11:15 - 11:45 BST
Level 1 | Hall Entrance S10 | Room B

Platform Engineering

Content Experience Level Any

11:15 BST

Lessons Learned From Architecting the Highest-scale Operational Systems in the World - Artur Bergman, Fastly

Wednesday April 2, 2025 11:15 - 11:45 BST

Level 0 | ICC Capital Hall | Room 2

Platform engineering for accelerating modern, resilient cloud-native systems requires a ruthless focus on the experience of both your customers and your developers. Restrictive vendor experiences, made worse by overreliance on single-point solutions, and the isolated bash script approaches from the past introduce unacceptable compromises to performance, security, and quality for continuous operations. As the founder and CTO of Fastly, Artur Bergman has spent decades optimizing the vendors in his stack and how he uses them to build a cohesive developer toolchain for Fastly’s internal teams and customer platform teams worldwide. This talk will cover: lessons learned from testing the limits of vendor systems to meet business needs, evaluating when to build versus buy platform engineering systems from first principles, and how to apply a rigorous experience design lens when architecting platforms for team success.

Speakers

Artur Bergman

Founder and CTO, Fastly

Artur Bergman currently serves as Chief Technology Officer of Fastly, Inc., a leading edge cloud platform. Artur founded Fastly in 2011 and served as its CEO until 2020, guiding the company through its IPO in 2019. Prior to becoming CTO in 2024, he held the role of Chief Architect... Read More →

Wednesday April 2, 2025 11:15 - 11:45 BST
Level 0 | ICC Capital Hall | Room 2

Platform Engineering

Content Experience Level Intermediate

11:15 BST

Tutorial: Exploring Multi-Tenant Kubernetes APIs and Controllers With Kcp - Robert Vasek, Clyso GmbH; Nabarun Pal, Broadcom; Varsha Narsing, Red Hat; Marko Mudrinic, Kubermatic GmbH; Mangirdas Judeikis, Cast AI

Wednesday April 2, 2025 11:15 - 12:30 BST

Level 1 | Hall Entrance N11

While Kubernetes transformed container orchestration, creating multi-tenant platforms remains a significant challenge. kcp goes beyond DevOps and workload management, to reimagine how we deliver true SaaS experiences for platform engineers. Think workspaces and multi-tenancy, not namespaces in a singular cluster. Think sharding and horizontal scaling, not overly large and hard to maintain deployments. With novel approaches to well-established building blocks in Kubernetes API-Machinery, this CNCF sandbox project gives engineers a framework to host and consume any kind of API they need to support their platforms.

In this hands-on workshop, participants will learn how to extend Kubernetes with KCP, build APIs, and design controllers to tackle multi-tenancy challenges. By exploring real-world scenarios like DBaaS across clusters, attendees will gain practical skills to create scalable, multi-tenant platforms for their Kubernetes environments.

Speakers

MJ / Mangirdas Judeikis

Staff Engineer, kcp maintainer, Cast AI

Control planes, distributed systems and opensource. All Kubernetes and kcp! A decade of Kubernetes experience, focusing on platform engineering based on Kubernetes over the last decade. Doing platform engineering before it was cool. :)I thrive on Go, Kubernetes, and an Open Source... Read More →

Marko Mudrinić

Senior Software Engineer, Kubermatic GmbH & University Union

Marko is a Senior Software Engineer at Kubermatic, working on the development of Kubernetes, kcp, and platforms for managing Kubernetes clusters at scale. He currently serves as a Subproject Lead for Kubernetes Release Engineering, a Senior Release Manager, and a Tech Lead for SIG... Read More →

Varsha Narsing

Senior Software Engineer, Red Hat

Varsha is a software engineer at Red Hat. She is passionate about solving problems by developing and leveraging various software technologies. She currently works with the Portfolio Enablement team (Operator Framework) and is an active contributor to Kubernetes SIGs projects like... Read More →

Nabarun Pal

Principal Software Engineer, Broadcom

Nabarun is a Principal Software Engineer at Broadcom, a maintainer of the Kubernetes project, a chair of Kubernetes SIG Contributor Experience and an emeritus Kubernetes Steering Committee member. He is contributing to kcp in various ways in the recent past.He is a Release Manager... Read More →

Robert Vasek

Software Engineer, Clyso GmbH

Robert is a software engineer working on storage and container technologies.

Wednesday April 2, 2025 11:15 - 12:30 BST
Level 1 | Hall Entrance N11

Tutorials, Platform Engineering

Content Experience Level Intermediate

11:15 BST

🚨 Contribfest: Contribution Guide and Workshop: Help Us Improve the Prometheus Ecosystem!

Wednesday April 2, 2025 11:15 - 12:30 BST

Level 3 | ICC Capital Suite 17

Have you ever wondered how to introduce that quick fix you always wanted to do to Prometheus or Alertamanger server? What about proposing bigger changes to Prometheus like improving TSDB storage, API or Prometheus standards likePromQL, OpenMetrics or Remote Write?

It might be easier than you thought! In this workshop, we will, together, propose an example (or yours!) code change to Prometheus! The participants will learn and exercise:
How to find various code components in the Go codebases for Prometheus and auxiliary projects like Alertmanager, avalanche, etc.
Proposing the bigger changes through the Prometheus proposal process.
Testing and benchmarking Prometheus.
Documenting changes.
What it takes to become a maintainer one day!

Prerequisites for the active participation: Linux or Mac dev machine, git and Go 1.23 installed.

Speakers

Arthur Silva Sens

Software engineer, Grafana

Arthur Sens is a Software Engineer at Grafana, focusing on Prometheus and OpenTelemetry interoperability. He is also an active member and maintainer for both communities. The only things that can take Arthur away from the computer are his passion for lifting unnecessarily heavy weights... Read More →

Bartłomiej Płotka

Sr Software Engineer, Google

Bartek Płotka is a Senior Software Engineer at Google. SWE by heart, with an SRE background, currently working on Cloud Observability. Previously Principal Software Engineer at Red Hat. Author of "Efficient Go" book with O'Reilly. As the co-founder of the CNCF Thanos project and... Read More →

Björn Rabenstein

Engineer, Grafana Labs

Björn “Beorn” Rabenstein is an engineer at Grafana Labs and a Prometheus developer. Previously, he was a Production Engineer at SoundCloud, a Site Reliability Engineer at Google, and a number cruncher for science.

Arianna Vespri

Software Engineer, Self-employed

Arianna Vespri is a Go developer with a background in the music industry. Passionate about monitoring and observability, is a Prometheus contributor and a maintainer of Prometheus client_golang. Active as an electronic musician for decades under a pseudonym, is very familiar with... Read More →

Wednesday April 2, 2025 11:15 - 12:30 BST
Level 3 | ICC Capital Suite 17

🚨 Contribfest, Prometheus

11:15 BST

🚨 Contribfest: Kyverno - Let's Automate SecOps With Policy as Code!

Wednesday April 2, 2025 11:15 - 12:30 BST

Level 3 | ICC Capital Suite 1

This session will help you to learn about and contribute to Kyverno, the “Swiss army knife” of Kubernetes that elegantly solves key challenges across security, automation, and compliance.

In this interactive session, Kyverno maintainers will discuss Kyverno’s architecture, the role of each component, show you how to set up your development environment, and guide you on how you can contribute to the project. They will also discuss the project roadmap, and key areas for future development.

Bring your questions, ideas, and use cases and engage with the community to get started as a CNCF

Join us to shape the future of Kubernetes security and compliance together!

Speakers

Jim Bugwadia

Founder and CEO, Nirmata

Jim Bugwadia is a co-founder and the CEO of Nirmata, the Kubernetes policy and governance company. Jim is an active contributor in the cloud native community and currently serves as co-chair of the Kubernetes Policy and Multi-Tenancy Working Groups. Jim is also a co-creator and maintainer... Read More →

Frank Jogeleit

Senior Software Engineer, Nirmata

Frank works as a Senior Software Engineer for Nirmata and works with cloud technologies on a daily basis. In addition to his daily job, he supports various cloud native organizations such as Falco and Kyverno. Since 2021 he has been developing various tools, such as his tool "Policy... Read More →

Charles-Edouard Brétéché

Kyverno maintainer, Nirmata

Charles-Edouard Brétéché is a Staff Engineer at Nirmata, a maintainer for Kyverno, and has created and contributed to various open source projects. including a Terraform provider for kOps. He has been building and delivering software for more than 20 years, as a software engineer... Read More →

Wednesday April 2, 2025 11:15 - 12:30 BST
Level 3 | ICC Capital Suite 1

🚨 Contribfest, Kyverno

12:00 BST

Slinky: Slurm in Kubernetes, Performant AI and HPC Workload Management in Kubernetes - Marlow Warnicke (Weston) & Tim Wickberg, SchedMD

Wednesday April 2, 2025 12:00 - 12:30 BST

Level 1 | Hall Entrance S10 | Room A

Kubernetes was designed for microservices. With AI rapidly advancing, Kubernetes must adapt to also support both AI training and multi-node inference. It needs to improve not only at scheduling these workloads within the cluster, but also at fine-grained resource assignment on the nodes.

High Performance Computing (HPC) systems use workload managers such as Slurm. Slurm, the most used HPC workload manager with over two decades of development, excels at gang scheduling, fair usage, job planning, and batch scheduling.

We will show the current state of Slinky, a fully open-source toolset designed to integrate Slurm with Kubernetes and to solve the difficulties of getting AI clusters working more performantly and efficiently. Slinky includes a Slurm operator, a Slurm client library, and a metrics exporter. Here, we will outline our architecture and discuss the challenges of achieving the fine-grained control needed in Kubernetes for full functionality for AI and HPC workloads.

Speakers

Tim Wickberg

CTO, SchedMD LLC

Tim Wickberg is the Chief Technology Officer of SchedMD, and is responsible for the technical direction and development of the open-source Slurm Workload Manager.

Marlow Warnicke (Weston)

Principal Cloud Architect, SchedMD

Marlow is a Principal Cloud Engineer working on scheduling at SchedMD. She also is a chair for the CNCF Environmental Sustainability TAG. Marlow has expertise in resource management, the AI/ML Kubernetes cloud compute ecosystem, embedded systems, high performance compute system tools... Read More →

Wednesday April 2, 2025 12:00 - 12:30 BST
Level 1 | Hall Entrance S10 | Room A

AI + ML

Content Experience Level Any

12:00 BST

From 0 To Production-Grade With Kubernetes Native Development - Thomas Vitale, Systematic & Kevin Dubois, Red Hat

Wednesday April 2, 2025 12:00 - 12:30 BST

Level 1 | Hall Entrance N10 | Room H

This session will give you an overview of cloud native fundamentals from a Java developer’s perspective. You will learn step-by-step how to get your application to production on Kubernetes without sacrificing your developer experience.

Kevin and Thomas will cover:
- Building and deploying containers easily, featuring Buildpacks, Podman, and Knative.
- Optimizing your application’s performance in cloud native and serverless environments.
- Coding and testing cloud native Java applications with Podman Desktop and Microcks.
- Enabling observability for your cloud native applications using OpenTelemetry to pinpoint errors and performance issues in production.
- Integrating with other services using Kubernetes Service Bindings.

This session will help you develop better cloud-native Java applications, including a comprehensive understanding of the development and operational perspectives in a Kubernetes environment.

Speakers

Thomas Vitale

Software Architect, Systematic

Thomas is a software engineer focused on building cloud native solutions. He is the author of the "Cloud Native Spring in Action" book and plays an active role in the community as a CNCF Ambassador and Co-Chair of the CNCF App Development Working Group. A strong advocate of open... Read More →

Kevin Dubois

Senior Principal Developer Advocate, Red Hat

Kevin is a Java Champion, software engineer, author and international speaker with a passion for Open Source, Java, and Cloud Native Development & Deployment practices. He currently works as developer advocate at Red Hat where he gets to enjoy working with Open Source projects and... Read More →

Wednesday April 2, 2025 12:00 - 12:30 BST
Level 1 | Hall Entrance N10 | Room H

Application Development

Content Experience Level Any

12:00 BST

KubeEdge Graduation Journey: Creating a Diverse and Collaborative Open Source Community From Scratch - Yue Bao, Huawei & Hongbing Zhang, DaoCloud

Wednesday April 2, 2025 12:00 - 12:30 BST

Level 1 | Hall Entrance N10 | Room G

Recently,the health of open-source projects,particularly,vendor diversity and neutrality,has become a key topic of discussion. Many projects have faced challenges due to a lack of vendor diversity,threatening their sustainability. It is increasingly clear that setting up the right governance structure and project team during a project’s growth is critical.
KubeEdge,the industry's first cloud-native open-source edge computing project,has grown from its initial launch in 2018 to achieving CNCF graduation this year. Over the past few years, KubeEdge has evolved from a small project into a diverse, collaborative and multi-vendor community.
In this session, we will discuss the KubeEdge graduation journey, focusing on key strategies in technical planning, community governance, developer growth, and project maintenance that enabled its transformation into a thriving ecosystem. Join us to explore how to build a multi-vendor and diverse community, and how to expand into different industries.

Speakers

Yue Bao

Senior Software Engineer, Huawei

Yue Bao serves as a software engineer of Huawei Cloud. She is now working 100% on open source, focusing on lightweight edge for KubeEdge. She is the maintainer of KubeEgde and also the tech leader of KubeEdge SIG Release and Node. Before that, Yue worked on Huawei Cloud Intelligent... Read More →

Hongbing Zhang

KubeEdge TSC Member, Chief Operating Officer, DaoCloud

Hongbing Zhang is Chief Operating Officer of DaoCloud. He is a veteran in open source areas, he founded IBM China Linux team in 2011 and organized team to make significant contributions in Linux Kernel/openstack/hadoop projects. Now he is focusing on cloud native domain and leading... Read More →

Wednesday April 2, 2025 12:00 - 12:30 BST
Level 1 | Hall Entrance N10 | Room G

Cloud Native Experience

Content Experience Level Any

12:00 BST

Explain How Kubernetes Works With GPU Like I’m 5 - Carlos Santana, AWS

Wednesday April 2, 2025 12:00 - 12:30 BST

Level 1 | Hall Entrance N10 | Room F

Want to understand how Kubernetes handles GPUs? Join us for a beginner-friendly deep dive into GPU integration using a homelab setup with NVIDIA Jetson hardware. Rather than relying solely on operators, we'll break down the entire stack to reveal how Kubernetes orchestrates GPU workloads. This session walks through the complete journey of enabling GPU support in Kubernetes, from bare metal to running GPU-accelerated containers.

Using a practical homelab example with a Jetson NUC, we'll explore how Kubernetes detects and manages GPU hardware, the critical role of drivers and container toolkit, and how kubelet plugins enable GPU support. You'll understand the mechanics of node labeling, GPU resource allocation, and the process of requesting GPU resources in Pod specifications. We'll also demystify CUDA and its essential role in GPU computing. Whether you're new to GPU computing or looking to understand the internals beyond operator abstractions, this talk is for you.

Speakers

Carlos Santana

Sr. Specialist Solutions Architect, AWS

Senior Specialist Solutions Architect at AWS leading Container solutions in the Worldwide Application Modernization (AppMod). He is experienced in distributed cloud application architecture, emerging technologies, open source, serverless, devops. kubernetes, gitops. He is CNCF Ambassador... Read More →

Wednesday April 2, 2025 12:00 - 12:30 BST
Level 1 | Hall Entrance N10 | Room F

Cloud Native Novice

Content Experience Level Beginner

12:00 BST

Streamlined Efficiency: Unshackling Kubernetes Image Volumes for Rapid AI Model and Dataset Loading - Esteban Rey, Microsoft & Yifan Yuan, AlibabaCloud

Wednesday April 2, 2025 12:00 - 12:30 BST

Level 1 | Hall Entrance S10 | Room D

In this presentation, we will introduce a novel approach to utilizing Kubernetes’ new Image Volumes for quickly and efficiently loading large language models and extensive datasets. We will explain how streaming loading and open-source technologies speed up mounting Open Container Initiative (OCI) artifacts without packaging existing object storage blobs. This ensures effective usage of storage space and faster loading times.

Packaging large models and petabyte-level datasets into OCI artifacts presents two challenges:

1. Converting existing datasets is time-consuming.
2. Pulling time and disk space usage are unacceptable.

Our approach eliminates the need to convert existing data and uses streaming loading technology to mount image volumes without pulling. It ensures high performance for accessing numerous small files and loading large models, making it practical for new and demanding scenarios.

Speakers

Yifan Yuan

senior software engineer, AlibabaCloud

Yifan Yuan is a software engineer in the Alibaba Cloud storage team and is a major maintainer of containerd/overlaybd project. He has rich experience in improving the startup efficiency of containers and large-scale data distribution. Yifan has collaborated with companies such as... Read More →

Esteban Rey

Software Engineer II, Microsoft

Esteban Rey is a Software Engineer at Azure and a maintainer of the containerd/accelerated-container-image project. Over the past four years, he has played a key role in developing the Azure Container Registry, ensuring Open Container Initiative conformance, and integrating open-source... Read More →

Wednesday April 2, 2025 12:00 - 12:30 BST
Level 1 | Hall Entrance S10 | Room D

Data Processing + Storage

Content Experience Level Intermediate

12:00 BST

KEDA: Unlocking Advanced Event-Driven Scaling for Kubernetes - Zbynek Roubalik, Kedify & Jorge Turrado, SCRM Lidl International Hub

Wednesday April 2, 2025 12:00 - 12:30 BST

Platinum Suite | Level 3 | Room 3-4

KEDA continues to evolve, introducing powerful new capabilities that make event-driven scaling in Kubernetes more flexible, secure, and insightful. In this session, we’ll delve into the latest enhancements launched over the past year, including:
- OpenTelemetry Integration: Gain richer observability of autoscaling behavior and system performance.
- Admission Webhooks: Achieve finer-grained control and streamlined validation of scaling actions.
- Security Improvements: Protect your production environments with strengthened, built-in security measures.
- Expanded Scalers & HTTP Scaling: Scale from an even broader range of event sources and natively handle HTTP-based scaling.
- Additional Fixes & Improvements: Benefit from smaller adjustments and refinements that further enhance performance and usability.
- Future?!

Join us to learn how these innovations can reshape your approach to dynamic autoscaling in event-driven workloads, helping you maximize resource efficiency and reliability.

Speakers

Zbynek Roubalik

CTO, Kedify

Zbynek is a founder and CTO of Kedify, a company specializing in enterprise-grade autoscaling of Kubernetes applications. He is also the maintainer of KEDA, a CNCF project focused on enabling autoscaling for event-driven applications on Kubernetes. Zbynek has previously served as... Read More →

Jorge Turrado

Principal SRE, SCRM Lidl International Hub

I have over 8 years of experience working in software development, including development, infrastructure architecture, and monitoring. Currently, I am an SRE at SCRM Lidl International Hub, as well as a Microsoft MVP award recipient for 6 years in a row and a CNCF Ambassador. I... Read More →

Wednesday April 2, 2025 12:00 - 12:30 BST
Platinum Suite | Level 3 | Room 3-4

Maintainer Track, Keda

12:00 BST

SIG Instrumentation Introduction and Deep Dive - Damien Grisonnet & Pranshu Srivastava, Red Hat; Yongrui Lin & Richa Banker, Google

Wednesday April 2, 2025 12:00 - 12:30 BST

Level 3 | ICC Capital Suite 7-9

Kubernetes SIG Instrumentation is responsible for ensuring high quality and consistent instrumentation across the Kubernetes project. We will begin with an introductory overview of the efforts the SIG Instrumentation has worked on in the past and is currently working on. This deep dive session will go into detail about currently ongoing efforts happening within SIG Instrumentation to share with the audience concrete pieces of work to encourage future collaboration. Software engineering and operations are both disciplines practiced in SIG Instrumentation, and any experience will help the special interest group's mission. Join this session to learn how to get involved in SIG Instrumentation to make instrumentation even better!

Speakers

Pranshu Srivastava

Senior Software Engineer, Red Hat

I work on improving O11y for Red Hat's OpenShift cloud platform, and Kubernetes' instrumentation APIs, as well as its sub-projects, as a SIG Instrumentation co-chair.

Damien Grisonnet

Senior Software Engineer, Red Hat

Damien Grisonnet is a Software Engineer at Red Hat, he is very active in the monitoring ecosystem of Kubernetes for which he serves as a technical lead for Kubernetes SIG Instrumentation as well as a maintainer for projects such as kube-state-metrics, metrics-server, and prometheus-adapter... Read More →

Richa Banker

Software Engineer, Google

Co-chair for SIG Instrumentation, with some ongoing contributions to SIG API machinery. Working on GKE upgrades at Google.

Yongrui Lin

Software Engineer, Google

Software Engineer since 2018.

Wednesday April 2, 2025 12:00 - 12:30 BST
Level 3 | ICC Capital Suite 7-9

Maintainer Track, Instrumentation

12:00 BST

Standardizing CI/CD Observability With OpenTelemetry: Insights From the CI/CD Observability SIG - Dotan Horovits, OpenObservability Talks & Adriel Perkins, Liatrio

Wednesday April 2, 2025 12:00 - 12:30 BST

Level 3 | ICC Capital Suite 10-12

We all know that observability is a must-have for operating systems in production. But we often neglect our own backyard - our software release process. As a result, we also lack standardization, and each CI/CD tool invent its own way of reporting about pipeline runs, which causes fragmentation, lock-in and difficulty to leverage existing observability tools.

We've been talking about the need for a common "language" for reporting and observing CI/CD pipelines for years, and finally, we see the first "words" of this language entering the "dictionary" of observability - the OpenTelemetry open specification and semantic conventions. On this talk the OTel CI/CD SIG leads will share the need, and the work of the SIG.

Join us to learn about this new SIG, its role, the milestones achieved and roadmap ahead. The talk will also discuss the alignment with adjacent open source communities such as the CDF's Jenkins and CDEvents and the Eiffel community.

Speakers

Dotan Horovits

Ambassador, CNCF

Horovits is an international speaker and thought leader, as well as a CNCF Ambassador and the host of the successful OpenObservability Talks podcast.Currently working as senior developer advocate for the Open Source Strategy & Marketing team at AWS, Horovits evangelizes on Observability... Read More →

Adriel Perkins

Principal Engineer, Liatrio

Adriel is a Principal Engineer at Liatrio with a passion for Security and Observability. His journey has led him through the intricate corridors of FedRAMP JAB authorizations in the government sector to the dynamic and collaborative realm of OpenTelemetry in the open-source community... Read More →

Wednesday April 2, 2025 12:00 - 12:30 BST
Level 3 | ICC Capital Suite 10-12

Maintainer Track, Instrumentation

12:00 BST

Wasm I Right or Wasm I Wrong? a Review of the Wasm Ecosystem - Taylor Thomas, Cosmonic & David Justice, Microsoft

Wednesday April 2, 2025 12:00 - 12:30 BST

Level 3 | ICC Capital Suite 14-16

WebAssembly (Wasm) has long been touted as the next era of compute, with its portability, security, and efficiency. But many people still question if it is ready for production usage. Once rooted in browsers, Wasm has found a home at the edge, in serverless platforms, and in many of the CNCF projects you know and love. Early experiments often meant fumbling with custom ABIs, but the advent of the component model makes interoperability and composability a breeze. In this talk, David and Taylor, two of the Wasm WG chairs, will cover Wasm’s journey from its browser origins to its role as a building block of cloud-native applications. They’ll show how CNCF projects are leveraging Wasm today, from spinning up services to extending existing stacks, all without getting bogged down in bespoke ABIs. Then they’ll finish with a candid discussion about the component model, its strengths and weaknesses, and how you can successfully use it in your projects today.

Speakers

David Justice

Principal Engineer Lead, Microsoft

David Justice is a Principal Software Engineer Lead in Microsoft's Azure Container Upstream team. He leads teams focused on high performance Kubernetes cloud infrastructure, micro-virtual machines, and server-side WebAssembly. David is also a co-chair of the TAG-Runtime Wasm working... Read More →

Taylor Thomas

Engineering Director, Cosmonic

Taylor Thomas is an Engineering Director working on WebAssembly platforms at Cosmonic. He actively participates in the open source community and is one of the creators of Krustlet and Bindle. He is a CNCF Ambassador and a regular speaker at various open source conferences and meetups... Read More →

Wednesday April 2, 2025 12:00 - 12:30 BST
Level 3 | ICC Capital Suite 14-16

Maintainer Track, Runtime

12:00 BST

What's New With Kubectl and Kustomize … and How You Can Help! - Eddie Zaneski, Defense Unicorns; Marly Salazar, Integral Ad Science; Maciej Szulik, Defense Unicorns

Wednesday April 2, 2025 12:00 - 12:30 BST

Platinum Suite | Level 3 | Room 1-2

Have you ever wondered how kubectl and kustomize enhancements are designed and built? Curious why your favorite feature request wasn't accepted? Join the folks from Kubernetes SIG CLI to find out!

In this session, the SIG CLI maintainers will provide an introduction to the tooling they are working on and an overview of how to get started contributing. They will share the work done over the past year and the roadmap for what is next. Join us to help shape your favorite tools!

Speakers

Maciej Szulik

Staff Platform Engineer, Defense Unicorns

Maciej is a passionate developer with almost two decades of experience in many languages. Currently he's working on Kubernetes for Defense Unicorns. Whereas at night he is hacking on side projects with python. In his spare time he enjoys reading a good book or taking photos.

Eddie Zaneski

Technical Advisor to the CTO, Defense Unicorns

Eddie lives in Denver, CO with his wife and dog. He loves open source and works on the Kubernetes project. When not hacking on random things you'll most likely find him climbing rocks somewhere.

Marly Salazar

Staff Engineer, Integral Ad Science

I am a software engineer with a heavy background in legacy and on premises systems, and migrating those to the cloud, modernizing and automating them. I have been working on the kubernetes project for a year and a half, primarily on kubectl.

Wednesday April 2, 2025 12:00 - 12:30 BST
Platinum Suite | Level 3 | Room 1-2

Maintainer Track, CLI

12:00 BST

Expanding eBPF’s Reach: From Batteries-Included Auto-Instrumentation To E2E Observability Pipelines - Dom Del Nano, Cosmic

Wednesday April 2, 2025 12:00 - 12:30 BST

Level 1 | Hall Entrance N10 | Room E

Traditional monitoring and o11y were defined by the painstaking process of manual instrumentation—an inconsistent and error-prone effort, especially with the rise of cloud environments. eBPF promised a breakthrough, introducing auto-instrumentation that could eliminate these challenges. When the magic of eBPF works, it’s transformative, but there are times where its auto instrumentation comes up empty. Rigid, black box tooling is frustrating—at its best it’s magical and at its worst it’s distrusted quickly.

What if eBPF provided a “batteries included but removable” experience, enabling engineers to customize o11y to their needs? In this talk, we’ll discuss how CNCF Pixie and Inspektor Gadget provide the right abstraction for unlocking eBPF’s full potential with their powerful post-processing and k8s enrichment capabilities. We’ll also explore how this vision transformed Pixie’s data collector into a universal agent that can power observability pipelines like Fluentbit and Vector.

Speakers

Dom Delnano

Pixie core maintainer, Cosmic

Dom is a core maintainer of the Pixie open source project and founder/CEO at Cosmic. He previously worked at Crowdstrike, focusing on the eBPF Linux sensor, and at New Relic, working on Pixie full-time. Dom first began building observability tooling at Twitter, where he scaled the... Read More →

Wednesday April 2, 2025 12:00 - 12:30 BST
Level 1 | Hall Entrance N10 | Room E

Observability

Content Experience Level Intermediate

12:00 BST

Taming 50 Billion Time Series: Operating Global-Scale Prometheus Deployments on Kubernetes - Orcun Berkem & Alan Protasio, AWS

Wednesday April 2, 2025 12:00 - 12:30 BST

Level 1 | Hall Entrance S10 | Room C

Scaling Prometheus to support 50 billion active time series across 20 regions on Kubernetes is a monumental challenge. This session delves into the architecture, processes, and tools that make it possible. We will explore the design of stateful sets and zone-aware deployments to ensure reliability and scalability, alongside deployment processes tailored for high availability and fault tolerance. Learn how cellular architecture enables granular scaling and fault isolation, and discover our approach to multi-tenancy, including protection mechanisms against noisy neighbors such as shuffle sharding, throttling with token buckets . We’ll also discuss the journey of scaling each cell to 1 billion active time series, highlighting the Kubernetes challenges we faced and solved along the way. Attendees will leave with actionable insights into building resilient, efficient, and scalable systems using Kubernetes in the cloud-native ecosystem.

Speakers

Alan Protasio

Software Developer Enginner, AWS

Alan is a core contributor and maintainer of Cortex and currently serves as a Senior Software Engineer at AWS, where he works on the Amazon Managed Prometheus Service. With over 15 years of experience in the tech industry, Alan has played a pivotal role in shaping several AWS services... Read More →

Orcun Berkem

Principal Engineer, AWS

Orcun is a seasoned engineer with expertise in building scalable, resilient systems and leading large teams. As a Principal Engineer at AWS Open Source Observability, he focuses on scaling Cortex, along with working on AWS Distribution of OpenTelemetry, Grafana, and OpenSearch, and... Read More →

Wednesday April 2, 2025 12:00 - 12:30 BST
Level 1 | Hall Entrance S10 | Room C

Operations + Performance

Content Experience Level Intermediate

12:00 BST

Day-2’000 - Migration From Kubeadm+Ansible To ClusterAPI+Talos: A Swiss Bank’s Journey - Clément Nussbaumer, PostFinance

Wednesday April 2, 2025 12:00 - 12:30 BST

Level 1 | Hall Entrance S10 | Room B

Is it even possible to migrate 35 clusters in an air-gapped environment with a custom PKI infrastructure to ClusterAPI without Downtime? We'll show you why and how this can be pulled off, and how you could do the same.

The journey starts with our legacy provisioning setup (a mix of kubeadm/ansible/puppet), followed by the migration path and tooling. Along the road, we'll discover a series of challenges such as loss of etcd quorum, matching legacy/new kube-apiserver configuration, mismatching etcd encryption keys, and more.

After a live demo of a migration, the session explores managing our fleet of clusters with ArgoCD (with a focus on simple Talos configuration files in our repositories thanks to a few templating tricks, and a clean ClusterAPI workload cluster overview through ArgoCD ApplicationSets).

The presentation concludes by addressing a critical puzzle: solving the chicken/egg bootstrapping problem of the first ClusterAPI management cluster(s).

Speakers

Clément Nussbaumer

Systems Engineer, PostFinance

🇨🇭 Systems Engineer living on a farm 🐄Kubernetes Clusters during the day, helping out on the farm whenever needed, and playing music in the evening 🎺

Wednesday April 2, 2025 12:00 - 12:30 BST
Level 1 | Hall Entrance S10 | Room B

Platform Engineering

Content Experience Level Intermediate

12:00 BST

Leveraging Internal Knowledge: Building AiKA at Spotify - Majd Salman & Jofre Mateu Matesanz, Spotify

Wednesday April 2, 2025 12:00 - 12:30 BST

Level 0 | ICC Capital Hall | Room 2

In the fast-paced world of technology, access to the right information at the right time is crucial for innovation and efficiency. Enter AiKA, Spotify's RAG based internal “artificial intelligence knowledge assistance” platform, designed to empower our developers by providing instant access to the vast pool of internal knowledge through various surfaces. We'll cover why we developed AiKA, detailing the challenges of managing and retrieving info across a large organization. Learn about the technologies and methodologies we employed and how we integrated AiKA seamlessly into our existing infrastructure

We'll highlight how AiKA's flexible API allows engineers to ingest their own custom knowledge, tailoring the tool to meet the unique needs of different teams. Discover how it not only enhances productivity but also fosters a culture of self-service and continuous learning.

Speakers

Jofre Mateu Matesanz

Software Engineer, Spotify

Jofre is a Senior Data Engineer at Spotify with a focus on making internal knowledge assistance and productivity tools for engineers.

Majd Salman

Senior Data Engineer, Spotify

Majd Salman is a Senior Data Engineer at Spotify with a focus on making internal knowledge assistance and productivity tools for engineers.

Wednesday April 2, 2025 12:00 - 12:30 BST
Level 0 | ICC Capital Hall | Room 2

Platform Engineering

Content Experience Level Intermediate

12:30 BST

Lunch 🍲

Wednesday April 2, 2025 12:30 - 14:30 BST

Level 1 | Hall Entrances S8 - S9, N8 - N9

Wednesday April 2, 2025 12:30 - 14:30 BST
Level 1 | Hall Entrances S8 - S9, N8 - N9

Breaks

13:30 BST

🪧 Poster Session: A New Approach To Cluster Infrastructure Management for Kubernetes Service Providers - Pascal Fries & Sascha Rauch, ATIX AG

Wednesday April 2, 2025 13:30 - 14:30 BST

Level 1 | Hall Entrances S8 - S9, N8 - N9

Providing Kubernetes as a service is difficult, since clusters have to be administered extrinsically (i.e., at infrastructure level), as well as intrinsically (i.e., at API level). While platform providers will often want to delegate the latter task to their customers, separating responsibilities is not always easy because infrastructure components are usually deployed as API resources themselves. Externalising the control plane partially solves this issue, yet components such as network, storage, and monitoring still run as pods in the cluster.

In this session, we present a novel approach to cluster infrastructure that we call “ephemeral nodes”. Utilizing two kubelets, our method achieves separate interfaces for platform providers and users. Along with a general discussion, we provide an implementation based on mutating webhooks and a CSI shim plugin. Along the way, we also show how the present method can be used for bare metal node pooling without the need for virtualisation.

Speakers

Pascal Fries

Senior IT Consultant, ATIX AG

Pascal Fries is a Senior IT Consultant working at ATIX AG, Germany. He is passionate about optimising workflows in Kubernetes and container infrastructures in general. As a former high energy physicist, he loves taking things apart, see how they work in detail, and reassemble them... Read More →

Sascha Rauch

Lead DevOps Consultant, ATIX AG

Sascha has several years of experience in managing cloud projects and designing highly available cloud architectures. He is a specialist in DevSecOps and container orchestration and primarily supports companies in building cluster solutions, CI/CD chains and analytics stacks.

Wednesday April 2, 2025 13:30 - 14:30 BST
Level 1 | Hall Entrances S8 - S9, N8 - N9

🪧 Poster Sessions, Platform Engineering

Content Experience Level Advanced

13:30 BST

🪧 Poster Session: Catch More Hackers With Koney: Automated Honeytokens for Cloud Native Apps - Mario Kahlhofer, Dynatrace & Matteo Golinelli, University of Trento

Wednesday April 2, 2025 13:30 - 14:30 BST

Level 1 | Hall Entrances S8 - S9, N8 - N9

Techniques to deceive hackers are not new. Placing honeytokens, such as a fake "passwords.txt" file in your container, wastes hackers' time and provides strong indicators of compromise when accessed. But do you set traps in your workloads? Probably not. Manually injecting a fleet of decoys into your applications and detecting access attempts to them isn't straightforward.

Kubernetes offers a great foundation into which we can easily integrate traps to detect hackers. This poster will introduce Koney, an operator that lets you define so-called deception policies for your clusters. Koney automates the setup, rotation, and teardown of honeytokens and fake API endpoints, and uses eBPF to detect, log, and forward alerts when your traps have been accessed.

Our poster will cover prior research on cyber deception, discuss why this concept is still rarely applied in practice, and how using cloud-native design patterns may finally accelerate the adoption of cyber deception.

Speakers

Mario Kahlhofer

Senior Research Scientist, Dynatrace

Mario is passionate about Cyber Security and Data Science, and is currently researching methods to detect hackers in cloud-native environments. In his spare time, Mario enjoys running, mountain biking, and tinkering with electronics.

Matteo Golinelli

PhD Student, University of Trento

Matteo Golinelli is a PhD student in cybersecurity at the University of Trento, Italy. He is mainly interested in web and cloud security and is focused on web caches and complex interactions between HTTP entities.

Wednesday April 2, 2025 13:30 - 14:30 BST
Level 1 | Hall Entrances S8 - S9, N8 - N9

🪧 Poster Sessions, Security

Content Experience Level Any

13:30 BST

🪧 Poster Session: Effortlessly Build High-Performance AI/ML Pipelines With Accelerator Chaining and K8s Native Tech - Kazuki Yamamoto, NTT & Derek Wang, Intuit

Wednesday April 2, 2025 13:30 - 14:30 BST

Level 1 | Hall Entrances S8 - S9, N8 - N9

Join us for an enlightening presentation on effortlessly building advanced, high-performance processing infrastructure for AI/ML workloads with low power consumption.

In streaming processing, accelerators are assigned only for specific tasks in the workload. By assigning each task to the appropriate accelerator and "chaining" them, we obtain high-performance infrastructure with low power consumption at the service level.

Native Kubernetes is a popular choice for deploying AI/ML workloads. However, more is needed to create a new processing form, described above, "Accelerator Chaining Pipelines."

This presentation will demonstrate how we leverage Numaflow and "Dynamic Resource Allocation"(DRA) to overcome challenges, and effortlessly build an "Accelerator Chaining Pipeline" in NTT. You will see a glimpse of future innovations, including direct data transfer and CNI extensions for high-speed communication between accelerators.

Speakers

Derek Wang

Principal Software Engineer, Intuit

Derek Wang is a Principal Software Engineer working for Intuit, his main focus is on the architecture of event-driven systems, as well as streaming data processing platforms. He is the project lead of a couple of open source projects: CNCF graduated project Argo Events, and Numaflow... Read More →

Kazuki Yamamoto

Software Research Engineer, NIPPON TELEGRAPH AND TELEPHONE CORPORATION（NTT）

Yamamoto Kazuki is a research engineer at NTT Software Innovation Center, engaging in distributed systems and virtualization. He has researched computing technology, optimizing compiler, and worked on CI/CD tasks. Currently, he focuses on disaggregated computing Infrastructure and... Read More →

Wednesday April 2, 2025 13:30 - 14:30 BST
Level 1 | Hall Entrances S8 - S9, N8 - N9

🪧 Poster Sessions, AI + ML

Content Experience Level Beginner

13:30 BST

🪧 Poster Session: Enhancing Research and Data Delivery With the Data Delivery System (DDS) - Álvaro Revuelta M., SciLifeLab Data Centre & Valentin Georgiev, Uppsala Universtet

Wednesday April 2, 2025 13:30 - 14:30 BST

Level 1 | Hall Entrances S8 - S9, N8 - N9

The Data Delivery System (DDS) is a cloud-based platform developed by the SciLifeLab Data Centre for the secure and efficient delivery of research data from SciLifeLab Facilities to their users, specifically research groups. The application is containerized and running in Kubernetes clusters. The deployments are synchronized with ArgoCD and uses modern GitOps tools such as SealedSecrets.

This poster session will present the architecture and key features of DDS, including its use of containerization, automated deployment, and robust data management capabilities. Attendees will gain insights into how DDS facilitates fast and secure data transfers, supporting the needs of the life sciences research community.

Speakers

Valentin Georgiev

Systems developer, Uppsala Universtet

With over 10 years of experience in High-Performance Computing (HPC), I have been working with microservices architecture since 2016 and have specialized in Kubernetes (k8s) and Kubernetes application development since 2020. My expertise spans designing, deploying, and managing scalable... Read More →

Álvaro Revuelta M.

System Developer, SciLifeLab Data Centre

System Developer, working to build reliable systems that enable life sciences research

Wednesday April 2, 2025 13:30 - 14:30 BST
Level 1 | Hall Entrances S8 - S9, N8 - N9

🪧 Poster Sessions, Platform Engineering

Content Experience Level Intermediate

13:30 BST

🪧 Poster Session: Extensible Kubernetes CRDs Via Inheritance for Modularity and Reuse - Nik Dijkema & Mostafa Hadadian, University of Groningen

Wednesday April 2, 2025 13:30 - 14:30 BST

Level 1 | Hall Entrances S8 - S9, N8 - N9

Maintainability and adaptability are crucial for continuous deployment in dynamic cloud environments, emphasizing the need for modularity.

Kubernetes CRDs and controllers provide declarative APIs. But extensibility and reusability limitations pose a challenge and impair custom resource modularity. Extending CRD schemas induces API changes or requires weaker schemas, control logic is not reusable for similar resource types, and many operators are complex monolithic controllers.

This work solves these limitations by implementing inheritance to enable extension and reuse of CRD schemas and controllers. Schema inheritance enables extending an existing CRD schema without changing its API, providing APIs at different levels of abstraction. This allows reuse of common controller functionality through generalisation, promoting separation of concerns in operators. Finally, inheritance enables reasoning about substitutability of custom resources, providing opportunities for adaptability.

Speakers

Nik Dijkema

Graduate Student, University of Groningen

Nik is a Master's student in Software Engineering and Distributed Systems at the University of Groningen, where he also obtained his Bachelor's degree in Computing Science. His interests lie in cloud computing and cloud-native infrastructure.

Mostafa Hadadian

AI/MLOps Innovator| Founder & CEO, University of Groningen | CAIDEL

Mostafa is Founder and CEO of CAIDEL: Continuous AI Deliver. He is also completing his PhD in Computer Science at the University of Groningen. His work lies in cloud native and machine learning development, emphasizing MLOps. Complementing his academic pursuits, he brings a wealth... Read More →

Wednesday April 2, 2025 13:30 - 14:30 BST
Level 1 | Hall Entrances S8 - S9, N8 - N9

🪧 Poster Sessions, Emerging + Advanced

Content Experience Level Intermediate

13:30 BST

🪧 Poster Session: Helmless: Fast Serverless Deployments Without the Overhead of Kubernetes and Terraform - Michael Reichenbach, 1KOMMA5°

Wednesday April 2, 2025 13:30 - 14:30 BST

Level 1 | Hall Entrances S8 - S9, N8 - N9

Discover how helmless.io, an open-source solution, simplifies serverless deployments with Helm Charts and CI/CD pipelines. It delivers the GitOps-style workflows and velocity of Kubernetes CICD, tailored for serverless environments like AWS Fargate and Google Cloud Run—without the complexity of managing Kubernetes itself.

This poster showcases real-world results, including a tenfold increase in deployment frequency and a 95% reduction in change lead time, powering hundreds of Google Cloud Run containers in production for over a year. Visuals include architecture diagrams, before-and-after comparisons, key metrics, and a roadmap for extending to other cloud providers.

Attendees will learn how to improve serverless workflows, reduce complexity, and adopt a cloud-agnostic GitOps approach, while contributing to the future of this innovative, developer-friendly solution.

Speakers

Michael Reichenbach

Senior Platform Engineer, 1KOMMA5°

Michael is a Senior Platform Engineer at 1KOMMA5°, leveraging over ten years of experience building developer-centric platforms. Michael has pioneered Helm-based deployments for Google Cloud Run, introduced service catalogues, and implemented Backstage in multiple organizations... Read More →

Wednesday April 2, 2025 13:30 - 14:30 BST
Level 1 | Hall Entrances S8 - S9, N8 - N9

🪧 Poster Sessions, Platform Engineering

Content Experience Level Any

13:30 BST

🪧 Poster Session: Introducing the Last Level Cache Alignment Feature in Kubernetes for Performance Optimization - Charles Wong, AMD

Wednesday April 2, 2025 13:30 - 14:30 BST

Level 1 | Hall Entrances S8 - S9, N8 - N9

The increasing complexity and diversity of computing workloads are driving System-On-Chip (SoC) architectures towards modular designs to meet growing performance demands. These modular SoCs incorporate specialized optimizations such as split cache structures to enable higher core density. However, to fully leverage these hardware-level advancements, corresponding optimizations are required in the software layer. Kubernetes must adapt to capture these hardware optimizations effectively. We introduce a new Kubernetes feature, “prefer-align-cpus-by-uncorecache”, designed to automatically align workloads with the Last-Level-Cache in modular SoCs. This enhancement improves workload performance by reducing latency and optimizing resource utilization, bridging the gap between advance hardware capabilities and orchestration efficiency. This session will elaborate on how the feature assigns CPU resources and the potential performance improvements it can deliver to users.

Speakers

Charles Wong

Software System Design Engineer, AMD

Charles Wong is a Software Engineer and has worked at AMD for 2 years. His work focuses on optimization of Kubernetes on AMD hardware.

Wednesday April 2, 2025 13:30 - 14:30 BST
Level 1 | Hall Entrances S8 - S9, N8 - N9

🪧 Poster Sessions, Operations + Performance

Content Experience Level Any

14:30 BST

Scaling To Thousands of GPUs With Ease: Multi-Region Large Model Training on Kubernetes - Yongxi Zhang, Meng Duan & Rongrong Wu, China Mobile

Wednesday April 2, 2025 14:30 - 15:00 BST

Level 1 | Hall Entrance S10 | Room A

With the development of large model technology, industry-leading large models now have the capability to train at a scale of up to 100,000 GPUs. This scale often exceeds the capacity limits of a single K8s cluster. A feasible solution is to adopt a multi-K8s cluster joint training approach.
To achieve multi-K8s cluster joint training, two key challenges need to be addressed: adapting single K8s cluster training tasks to run in a multi-K8s cluster environment, and ensuring the synchronization and efficient transmission of training parameters and checkpoint data across clusters.
In this presentation, we will share China Mobile’s practical experience in achieving parallel training on cross-region multi-K8s clusters, utilizing over 10,000 GPUs with Kubeflow’s Training Operator and VolcanoJob, with no modifications required. Additionally, we will introduce optimized methods to accelerate cross-region data synchronization during training.

Speakers

Rongrong Wu

China Mobile Cloud

Meng Duan

Senior Software Engineer, China Mobile Cloud

I work as a software engineer in the Cloud Native team at China Mobile Cloud, participating in the architectural design of the Cloud Native infrastructure for China Mobile Cloud. Throughout my career, I have made contributions to the CNCF open-source community and have held positions... Read More →

Yongxi Zhang

Senior Software Engineer, China Mobile (Suzhou) Software Technology Co., Ltd.

I am a Software Engineer in the Cloud Native team at Ecloud,I works on Multi-cluster Kubernetes within the Multi-cluster Kubernetes project.Throughout my career, I have made some contributions to the open-source community. In particular, I have contributed to Clusterpedia, a renowned... Read More →

Wednesday April 2, 2025 14:30 - 15:00 BST
Level 1 | Hall Entrance S10 | Room A

AI + ML

Content Experience Level Any

14:30 BST

Building WebAssembly Like It's 2011 - David Justice, Microsoft

Wednesday April 2, 2025 14:30 - 15:00 BST

Level 1 | Hall Entrance N10 | Room H

Building WebAssembly (Wasm) components is a complex process which causes folks a lot of pain getting started with Wasm. In this talk we are going to take it back to 2011 when Buildpacks were introduced, discuss how Buildpacks smoothed over difficulties building software, and how we can apply Buildpacks to solve the same developer experience problems we were solving back then. The old is new again, and by the end, you too will be building your Wasm components across languages with ease using Buildpacks.

Speakers

David Justice

Principal Engineer Lead, Microsoft

Wednesday April 2, 2025 14:30 - 15:00 BST
Level 1 | Hall Entrance N10 | Room H

Application Development

Content Experience Level Beginner

14:30 BST

Navigating the Waters: Balancing Open Source Activities in Corporate Environments - Kim McMahon, Sidero Labs & Amanda Katona, NetApp Instaclustr

Wednesday April 2, 2025 14:30 - 15:00 BST

Level 1 | Hall Entrance N10 | Room G

Achieving a balance between corporate goals and open source activities is essential for organizations that offer and rely on both commercial and open source technologies. This balance can be hard to achieve when you have goals, needed results, and resource constraints all pulling in different directions.

In this session, open source industry veterans Amanda and Kim will share best practices built from a decade in the Linux, Kubernetes, Apache, and open source operating system communities. Key topics will include:
* How to take organizational goals and craft a plan to support both open source and corporate products.
* How to take users on a journey to determine the technologies (open source or otherwise) that are best for them.
* How to communicate to your leadership and organization what you do, why you are doing it, and what you hope to accomplish.

Speakers

Amanda Katona

Director of Developer and Open Source Engagement, NetApp Instaclustr

Amanda is a driven community and partnership builder. She creates, and nurtures end-to-end ecosystems that support some of the most innovative technologies on the market. She oversaw Harbor, Contour, and Antrea Sandbox donations, and Harbor's promotion to Graduated. She's also provided... Read More →

Kim McMahon

Head of Marketing, Sidero Labs

Kim McMahon is well-known in the open source and cloud native ecosystem as a marketer of open source and growing healthy and productive communities. She led the marketing and community activities at several Linux Foundation projects including CNCF and RISC-V, building member participation... Read More →

Wednesday April 2, 2025 14:30 - 15:00 BST
Level 1 | Hall Entrance N10 | Room G

Cloud Native Experience

Content Experience Level Any

14:30 BST

Choose Your Own Adventure: The Dignified Pursuit of a Developer Platform - Whitney Lee, CNCF Ambassador & Viktor Farcic, Upbound

Wednesday April 2, 2025 14:30 - 15:00 BST

Level 1 | Hall Entrance N10 | Room F

Our hero, a running app in a K8s prod environment, knows they are destined for greater things! They’re serving end users, but the value of the cloud is not realized. Hero’s devs toil on custom integrations, deployment is brittle and slow, and security and governance are HARD. Hero longs for a developer platform with consistent and repeatable system building blocks.

It is up to you, the audience, to guide our hero’s transformation from a lost and confused app to one built on a solid foundation that abstracts away complexity and promotes innovation. In their fifth KubeCon ‘Choose Your Own Adventure’-style talk, Whitney and Viktor will present choices that an anthropomorphized app must make as they build an Internal Developer Platform, enabling the devs to have self-service access to widely used system capabilities. Throughout the presentation, the audience (YOU!) will vote to decide our hero's path! Can we navigate CNCF projects and build a platform before the session time elapses?

Speakers

Viktor Farcic

Developer Advocate, Upbound

Viktor Farcic is a lead rapscallion at Upbound, a member of the CNCF Ambassadors, Google Developer Experts, CDF Ambassadors, and GitHub Stars groups, and a published author. He is a host of the YouTube channel DevOps Toolkit and a co-host of DevOps Paradox.

Whitney Lee

Developer Advocate, CNCF Ambassador

Whitney is a CNCF Ambassador who enjoys understanding and using tools in the cloud native landscape. Creative and driven, she has created and delivered two KubeCon keynotes, a VMware Explore keynote, and countless fun, funny, and informative community conference keynotes. You can... Read More →

Wednesday April 2, 2025 14:30 - 15:00 BST
Level 1 | Hall Entrance N10 | Room F

Cloud Native Novice

Content Experience Level Any

14:30 BST

The Future of Data on Kubernetes: From Database Management To AI Foundation - Melissa Logan, Constantia; Nimisha Mehta, Confluent; Gabriele Bartolini, EDB; Akshay Ram, Google

Wednesday April 2, 2025 14:30 - 15:00 BST

Level 1 | Hall Entrance S10 | Room D

The Data on Kubernetes (DoK) ecosystem has expanded beyond persistent storage to support critical data workloads including databases and AI/ML operations. While databases remain the primary DoK use case per the 2024 DoK Report, organizations increasingly use Kubernetes to power next-gen data infrastructure and AI initiatives.

Panelists from the Data on Kubernetes Community will discuss:

* The evolution of workload patterns from basic stateful services to advanced AI/ML deployments

* Critical considerations for running production database workloads, which remain the #1 use case

* Emerging patterns in AI/ML operations, including batch scheduling, preemption, and gang scheduling

* Technical approaches to common challenges, including feature maturity and integration with existing tools

* Strategies for optimizing resource utilization and reducing infrastructure costs for data-intensive workloads

Speakers

Akshay Ram

Google

Melissa Logan

CEO, Constantia

Melissa Logan is a technology industry veteran and CEO of Constantia.io, a technology marketing agency she founded in 2018. With over 25 years of experience, she specializes in developing marketing and community strategies for enterprise technology and open source organizations. Prior... Read More →

Gabriele Bartolini

CloudNativePG maintainer, EDB

Gabriele, a passionate open-source advocate, has played a pivotal role in shaping PostgreSQL's global growth. His focus on enhancing business continuity for large-scale databases aligns with his advocacy for stateful workloads in cloud-native environments since 2019. As a co-founder... Read More →

Nimisha Mehta

Software Engineer, Confluent

Nimisha is a Software Engineer working on Confluent's Kubernetes Platform team. She has been in the cloud infra space for over 5 years, and has been an end-user of Kubernetes and many other open source technologies. Apart from learning about distributed systems and infrastructure... Read More →

Wednesday April 2, 2025 14:30 - 15:00 BST
Level 1 | Hall Entrance S10 | Room D

Data Processing + Storage

Content Experience Level Any

14:30 BST

A Practical Guide To Kubernetes Policy as Code - Jim Bugwadia, Nirmata; Rita Zhang, Microsoft; Andy Suderman, Fairwinds; Joe Betz, Google

Wednesday April 2, 2025 14:30 - 15:00 BST

Level 3 | ICC Capital Suite 7-9

Policies play a critical role in ensuring Kubernetes security, compliance, and governance in your clusters. However, navigating the evolving array of options and implementation strategies can be overwhelming.

Join Rita (Gatekeeper, SIG-Auth), Joe (ValidatingAdmissionPolicy, SIG-API-Machinery), Jim (Kyverno, Policy WG), and Andy (Goldilocks, Policy WG) as they share their collective expertise to help you build a robust Policy as Code (PaC) solution for your organization.

In this session, they’ll explain what PaC is, why it’s essential, and demonstrate how to effectively use built-in Kubernetes features like ValidatingAdmissionPolicy and MutatingAdmissionPolicy alongside CNCF policy engines such as OPA/Gatekeeper and Kyverno to manage your PaC lifecycle.

Speakers

Jim Bugwadia

Founder and CEO, Nirmata

Rita Zhang

Principal software engineer, Kubernetes SIG Auth co-chair, Security Response Committee, Microsoft

Rita Zhang is a Principal software engineer at Microsoft, based in San Francisco bay area. She leads the Azure Container Upstream team of maintainers and contributors building features for Kubernetes upstream and CNCF projects. She is a Kubernetes sig-auth chair, a member of the Kubernetes... Read More →

Joe Betz

Staff Software Engineer, sig-api-machinery TL, Google

Joe Betz is a tech lead of the Kubernetes api-machinery SIG. Joe has contributed to extensibility features including custom resources, admission webhooks, and CEL. Joe has also contributed to etcd as a project maintainer.

Andy Suderman

CTO, Fairwinds

Andy Suderman is CTO at Fairwinds, a managed Kubernetes-as-a-Service provider. Andy has worked with cloud native technologies for the last eight years helping organizations adopt and manage Kubernetes. Andy is the creator and primary developer of Goldilocks—an open source tool that... Read More →

Wednesday April 2, 2025 14:30 - 15:00 BST
Level 3 | ICC Capital Suite 7-9

Maintainer Track, Policy

14:30 BST

Cloud Native Storage and Data: The CNCF Storage TAG Projects, Technology & Landscape - Raffaele Spazzoli, Red Hat; Alex Chircop, Akamai

Wednesday April 2, 2025 14:30 - 15:00 BST

Scalable DNS With CoreDNS Plugins: A Deep Dive - Yong Tang, Ivanti & John Belamaric, Google

Wednesday April 2, 2025 14:30 - 15:00 BST

Platinum Suite | Level 3 | Room 3-4

CoreDNS is a highly flexible and extensible DNS server widely recognized as the default DNS solution in Kubernetes. With its strong focus on service discovery, CoreDNS has gained popularity in various cloud-native environments. Its adaptability is largely driven by a plugin-based architecture, allowing developers to easily introduce new features and optimize performance at various levels. In this session, we will dive deep into CoreDNS’s extensive plugin ecosystem, examining several plugins that significantly enhance DNS scalability in Kubernetes. We’ll also walk through developing a Go-based demo plugin that leverages source IP for service discovery. Finally, we will look at the latest project updates and outline the roadmap for the CoreDNS community moving forward.

Speakers

Yong Tang

Senior Director of Engineering, Ivanti

Yong Tang is Senior Director of Engineering at Ivanti. He is a core maintainer of CoreDNS and contributes to many container, cloud-native, and machine learning projects for the open source community. In addition to CoreDNS, he is a maintainer of Docker/Moby. He is also a maintainer... Read More →

John Belamaric

Senior Staff Software Engineer, Google

John is a Sr Staff SWE, co-chair of K8s SIG Architecture and of K8s WG Device Management, helping lead efforts to improve how GPUs, TPUs, NICs and other devices are selected, shared, and configured in Kubernetes. He is also co-founder of Nephio, an LF project for K8s-based automation... Read More →

Wednesday April 2, 2025 14:30 - 15:00 BST
Platinum Suite | Level 3 | Room 3-4

Maintainer Track, CoreDNS

14:30 BST

Enhancing Database Observability With OpenTelemetry - Marylia Gutierrez, Grafana Labs

Wednesday April 2, 2025 14:30 - 15:00 BST

Level 1 | Hall Entrance N10 | Room E

With the recent stabilization of the OpenTelemetry semantic conventions for databases, it's an excellent time for OSS libraries to provide users with the observability they've been seeking. This talk dives into how you can instrument your application with OpenTelemetry SDKs to improve observability and collect actionable telemetry data from your databases. Learn about the SDK implementations that are currently available by language and database, their current gaps and how you can contribute and develop missing instrumentation.
Whether you're an SRE, developer, or database administrator, this talk will equip you with the tools and knowledge to bring clarity and efficiency to your database systems.

Speakers

Marylia Gutierrez

Staff Software Engineer, Grafana Labs

Marylia is a Staff Software Engineer at Grafana Labs, focusing on Observability with OpenTelemetry. In the OpenTelemetry project, she is an approver for Database Semantic Conventions, JS SDK and Portuguese localization and also a maintainer for Contributor Experience. Before that... Read More →

Wednesday April 2, 2025 14:30 - 15:00 BST
Level 1 | Hall Entrance N10 | Room E

Observability

Content Experience Level Intermediate

14:30 BST

Superpowers for Humans of Kubernetes: How K8sGPT Is Transforming Enterprise Ops - Alex Jones, AWS & Anais Urlichs, JP Morgan Chase

Wednesday April 2, 2025 14:30 - 15:00 BST

Level 1 | Hall Entrance S10 | Room C

Humans cannot scale like software, and our ability to diagnose and triage is finite. Imagine the burden of operating dozens of tenants across multiple clusters. It’s going to take a team, no lone hero can keep the lights on and the customers happy.

Until now.

The CNCF project, K8sGPT has unlocked a fast track for managing clusters, triaging issues and identifying a problem before they impact users. Using AI to simplify complex errors, we demonstrate how this project is elevating humans to scale at a rate never seen before, and able to do more with less.

Never before has there been a crisper example of getting AI to focus on the toil so humans can do the things we’re good at - problem solving.

Our Enterprise adopters share of how they’ve used K8sGPT to lower the bar to entry, uplifting the skills of their teams.
We chart a course together, presenter and audience, as we reset the expectation of what great looks for operating Kubernetes at planet scale.

Speakers

Alex Jones

Principal Engineer, AWS

Alex works at AWS. When he's not obsessing over customers via the delivery of high quality products and tools, he's working passionately on open-source. Alex lives in the UK and has two kids.

Anais Urlichs

Platform Engineer, JP Morgan Chase

Anaïs is a Platform Engineer at JPM Chase, where she contributes to the company’s cloud implementation. Before working as Platform Engineer, Anais worked for 7 years as Developer Advocate. Most recently, as part of the open source team at Aqua Security, her work was focused on... Read More →

Wednesday April 2, 2025 14:30 - 15:00 BST
Level 1 | Hall Entrance S10 | Room C

Operations + Performance

Content Experience Level Any

14:30 BST

Don't Write Controllers Like Charlie Don't Does: Avoiding Common Kubernetes Controller Mistakes - Nick Young, Isovalent at Cisco

Wednesday April 2, 2025 14:30 - 15:00 BST

Level 1 | Hall Entrance S10 | Room B

So you've learned about Custom Resource Definition (CRD) design errors, you've designed your CRD to avoid common mistakes, and now you're ready to write the controller.

Turns out there's a lot of gotchas in that process as well!

This talk explores the common pitfalls that the ever-unlucky Charlie Don't, who always makes the worst decisions, runs into when implementing a controller.

The talk should be particularly useful for anyone writing reconciliation loops that use Kubernetes objects, whether they are CRDs or not. You can expect to come away from this talk having learned about common mistakes like: straining the apiserver with too many status updates, missing updates in complex systems of CRDs, and having scaling problems from not using caching correctly.

No knowledge of the previous talks is required, so come and have a chuckle at poor old Charlie Don't's bad luck while picking up some tips for yourself.

Speakers

Nick Young

Senior Software Engineer, Isovalent at Cisco

Nick has been working to prevent the entropic downfall of systems for 25 years, across datacenters, clouds, networking, and others. He's a Staff Engineer at Isovalent, and a maintainer on the Kubernetes Gateway API project, where he works on improving the ingress and mesh experiences... Read More →

Wednesday April 2, 2025 14:30 - 15:00 BST
Level 1 | Hall Entrance S10 | Room B

Platform Engineering

Content Experience Level Intermediate

14:30 BST

Many Cooks, One Platform: Balancing Ownership and Contribution for the Perfect Broth - Lian Li, lianmakesthings

Wednesday April 2, 2025 14:30 - 15:00 BST

Level 0 | ICC Capital Hall | Room 2

When I started contracting with the Dutch government to build a new internal developer platform, I found myself navigating competing demands from different teams. Development teams wanted support tailored to their processes, neighboring infrastructure teams aimed to protect their areas of responsibility, and management expected visible progress. These conflicting priorities kept pulling my team in multiple directions, making it challenging to stay aligned and focused.

Since I have a background in Developer Relations, I soon made it my goal to engage all involved parties, giving users a sense of ownership and collaboration, while keeping the platform cohesive.

In this talk, I’ll share the tools and processes that helped address these challenges. I’ll provide practical insights for aligning diverse stakeholders. If you’ve ever faced the challenge of “too many cooks” this session will show how to turn competing demands into a recipe for success.

Speakers

Lian Li

Cloud Native Human, lianmakesthings

Lian always wanted to save the world. After leaving law school, she decided to work with computers instead. While in Web Dev, she started attending tech events, and soon fell in love with the community. In her roles as Consultant and DevRel, Lian combined technical knowledge with... Read More →

Wednesday April 2, 2025 14:30 - 15:00 BST
Level 0 | ICC Capital Hall | Room 2

Platform Engineering

Content Experience Level Any

14:30 BST

Trust No One: Secure Storage With Confidential Containers - Aurélien Bombo, Microsoft

Wednesday April 2, 2025 14:30 - 15:00 BST

Level 0 | ICC Auditorium

If you are processing and storing sensitive data in the cloud, can you really trust anyone (including the cloud)? The answer is no. Confidential Containers (CoCo) is a CNCF project that leverages Trusted Execution Environments (TEEs) to tackle this challenge. A critical aspect in this effort is providing secure and confidential storage solutions that can be seamlessly deployed across cloud providers.

This session explores the implementation of trusted storage in CoCo, highlighting key aspects such as Kubernetes storage drivers, device virtualization, and the role of attestation in secure key release and data encryption. We also demonstrate how we prevent attackers from injecting data into the TEE using the CNCF Rego policy language.

Overall, we aim to show how cloud providers and end users can securely store and protect sensitive data, enabling the adoption of confidential computing across numerous use cases.

Speakers

Aurélien Bombo

Software Engineer, Microsoft

Aurélien is a contributor to the Confidential Containers project and serves on the Architecture Committee of sister project Kata Containers. At Microsoft, he works on the Linux confidential platform.

Wednesday April 2, 2025 14:30 - 15:00 BST
Level 0 | ICC Auditorium

Security

Content Experience Level Intermediate

14:30 BST

Tutorial: "Working Code Wins": Win Big With a Cloud Native Hackathon Starter Pack - Phill Morton, The Access Group & Abby Bangser, Syntasso

Wednesday April 2, 2025 14:30 - 15:45 BST

Level 1 | Hall Entrance N11

It can be easy to look at the CNCF landscape and think that the CNCF is only focused on tools and technologies. However, the Cloud Native Maturity Model helps re-centre the conversation on the real mission: Business outcomes, people, process, and policy – and of course, also technology.

Join this workshop to learn about our experiences running a company-wide hackathon at The Access Group using only open source software, which not only launched innovative business ideas but also created a whole new awareness and adoption of cloud native technologies.

You will get hands-on with creating effective developer experience using a Backstage Portal, managing infrastructure with OpenTofu, and everything in between. Most importantly, at the end of this session, you will have the working platform blueprint to take back ready for hacking in your organisation.

Speakers

Abby Bangser

Principal Engineer, Syntasso

Abby is a Principal Engineer at Syntasso delivering Kratix, an open-source cloud-native framework for building internal platforms on Kubernetes. Her keen interest in supporting internal development comes from over a decade of experience in consulting and product delivery roles across... Read More →

Phill Morton

Platform Architect, The Access Group

Phill is a dedicated software engineer turned platform engineer, with a strong passion for automating processes and enabling team success. With extensive experience in app modernization, cloud engineering, performance tuning, and observability. Phill brings a wealth of knowledge... Read More →

Wednesday April 2, 2025 14:30 - 15:45 BST
Level 1 | Hall Entrance N11

Tutorials, Platform Engineering

Content Experience Level Intermediate

14:30 BST

🚨 Contribfest: Dive Into Cert-manager and Start Contributing!

Wednesday April 2, 2025 14:30 - 15:45 BST

Level 3 | ICC Capital Suite 1

Join us for a hands-on, interactive session with the cert-manager maintainers and community! cert-manager, a graduated CNCF project, automates certificate management for Kubernetes and is a critical component for securing cloud-native applications. This workshop is perfect for both first-time contributors and seasoned open-source enthusiasts. You'll learn about cert-manager's architecture, the role of its key components, and how to set up your environment to start contributing. We’ll walk through the contribution process, tackle curated GitHub issues, and provide guidance tailored to your skill level. Whether you're interested in improving code, documentation, or community engagement, this session offers a great way to make an impact while learning valuable skills. Let’s build cert-manager together!

Speakers

Maël Valais

Software Engineer, cert-manager Maintainer, CyberArk

Maël Valais is a Software Engineer at CyberArk. Maël has been working in the cloud-native space for the past 6 years and has been a maintainer on the cert-manager project for the past 3 years. Before becoming a software engineer, Maël used to be in academia and defended his PhD... Read More →

Erik Godding Boye

Platform Engineer, Zenior

Erik has 25+ years of experience as a software developer working as a contractor for multiple companies in various industries in Norway, For the last five years, he has been building value-added services on top of large multi-tenant Kubernetes clusters ensuring development teams... Read More →

Richard Wall

Programmer, Venafi (A CyberArk Company)

cert-manager maintainer.

Wednesday April 2, 2025 14:30 - 15:45 BST
Level 3 | ICC Capital Suite 1

🚨 Contribfest, cert-manager

14:30 BST

🚨 Contribfest: Extending Image Based Systems Using Systemd System Extensions

Wednesday April 2, 2025 14:30 - 15:45 BST

Level 3 | ICC Capital Suite 17

On general purpose image based systems such as Flatcar and Bootable Containers, users are encouraged to run all their applications using containers. To make updates safe and predictable, the system is mounted as read only and local modifications are discouraged.

While containers offer a lot of flexibility on Linux, there are still cases where installing binaries or running applications directly on the host operating system is preferred.

As a trade-off, Systemd's system extensions (sysexts) provide a mechanism to extend host's content while preserving the safety guarentees around updates. Some image based OS like Flatcar, Fedora CoreOS or Atomic Desktops are leveraging sysext images to provide container runtimes.

In this tutorial, Timothée and Mathieu will give you the fundamentals of sysexts to help you building, running and updating your very first sysext images. From simple sysext-images like Containerd to more complex ones: learn how to securely extend image based systems.

Speakers

Timothée Ravier

CoreOS engineer, Red Hat

CoreOS engineer at Red Hat, Fedora Silverblue and Kinoite maintainer, KDE developer and KDE Flatpak maintainer.

Mathieu Tortuyaux

Software Engineer, Microsoft

Mathieu is working as a Linux OS software engineer @ Microsoft mainly involved in the Flatcar development (an open-source Container OS Linux distribution). He's involved in the test automation, release cycle and features development. Outside of the work, he co-founded SRE France... Read More →

Wednesday April 2, 2025 14:30 - 15:45 BST
Level 3 | ICC Capital Suite 17

🚨 Contribfest, Flatcar

15:15 BST

Production-Ready LLMs on Kubernetes: Patterns, Pitfalls, and Performance - Priya Samuel, Elsevier & Luke Marsden, MLOps Consulting

Wednesday April 2, 2025 15:15 - 15:45 BST

Level 1 | Hall Entrance S10 | Room A

Many orgs are evaluating running open source LLMs on their own infrastructure, and Kubernetes is a natural platform choice. However, running open source LLMs in production on Kubernetes is, honestly, a bit of an undocumented mess.

This technical presentation shares the experience of both speakers in deploying production-grade LLM infrastructure on Kubernetes. Through practical demonstrations, we'll explore the complete deployment lifecycle, from GPU setup to optimization techniques like Flash Attention, quantization tradeoffs and GPU sharing.

You'll learn:

* Architectural patterns for efficient LLM deployment using Ollama and vLLM
* Solutions for model weight management and context length optimization
* Techniques for GPU sharing and improving resource utilization
* Production approaches to fine-tuning with Axolotl and serving multiple models with LoRAX

You'll leave with a complete blueprint for building reliable, scalable LLM infrastructure on Kubernetes.

Speakers

Priya Samuel

Full stack engineer, Software Architect, Elsevier

Priya Samuel is a seasoned technology leader with a passion for transforming complex challenges into actionable solutions. With extensive expertise in DevOps, and cloud-native technologies, and Identity and Access Management (IAM). Priya has helped organizations scale their data and... Read More →

Luke Marsden

Founder, MLOps Consulting

Technical leader and startup founder who participated in the early development of Docker and Kubernetes. Former SIG lead for SIG-cluster-lifecycle.

Wednesday April 2, 2025 15:15 - 15:45 BST
Level 1 | Hall Entrance S10 | Room A

AI + ML

Content Experience Level Intermediate

15:15 BST

gRPC: 5 Years Later, Is It Still Worth It? - Konstantin Ostrovsky, Torq.io

Wednesday April 2, 2025 15:15 - 15:45 BST

Level 1 | Hall Entrance N10 | Room H

Ever found yourself at a crossroads, deciding on a communication protocol for your backend applications? It's a pivotal choice that can shape your project's future. Five years ago, I took the plunge and went all-in on gRPC, embracing it for both backend-to-backend and frontend-to-backend communication.

Join me as I unravel the twists and turns of my gRPC adventure. I'll shine a light on the hurdles we faced and the victories we celebrated. But more importantly, I'll reveal why, looking back, I'm convinced we made the right call.

Whether you're a gRPC veteran or just protocol-curious, this talk will equip you with insights to make informed decisions for your own projects. Let's decode the gRPC experience together!

Speakers

Konstantin Ostrovsky

Software Architect, Torq.io

I'm a long time software engineer. Currently work at Torq.io as Chief Architect. I started my journey as a Windows Internals engineer (C,C++) in the field of cyber security. For the past 10 years I've been working at multiple early stage SaaS startup companies in different roles... Read More →

Wednesday April 2, 2025 15:15 - 15:45 BST
Level 1 | Hall Entrance N10 | Room H

Application Development

Content Experience Level Beginner

15:15 BST

The Bricks That Make Us – How the LEGO Group Avoids 50 Mediocre Kubernetes Implementations - Thomas Øther Rasmussen & Paul Farver, The LEGO Group

Wednesday April 2, 2025 15:15 - 15:45 BST

Level 1 | Hall Entrance N10 | Room G

Striking the balance between Autonomy and Governance is surprisingly difficult. At The LEGO Group, developers are free to choose the tools they believe suit their task best. Limiting this autonomy will stifle developer creativity and lead to shadow IT, so how can you leverage Platform Engineering without becoming a Kragle-wielding Lord Business?

More than 100 product teams run their applications in LEGO factories across the globe, and that requires good communication between infrastructure-, platform-, and application teams. This session will focus on how the LEGO Container Platform Team successfully onboards new applications, engages with developers, and keeps them happy.

Speakers

Paul Farver

Platform Engineer, The LEGO Group

Paul has been working with Kubernetes since 2018, and has a passion for developer experience. He has been with The LEGO Group for 2 years, and spends most lunches trying to get his co-workers to laugh rather than eating. Outside of work, he sings classical choir, and plays D&D

Thomas Øther Rasmussen

Platform Engineer, The LEGO Group

What do you do when you love learning new things? Become a teacher of course! After all, if you learn how to teach others, perhaps you might be able to teach yourself too. With that mindset, Thomas' knowledge and experience has spread far and wide, not just in the Cloud Native landscape... Read More →

Wednesday April 2, 2025 15:15 - 15:45 BST
Level 1 | Hall Entrance N10 | Room G

Cloud Native Experience

Content Experience Level Any

15:15 BST

Yes You Can Run LLMs on Kubernetes - Abdel Sghiouar & Mofi Rahman, Google Cloud

Wednesday April 2, 2025 15:15 - 15:45 BST

Level 1 | Hall Entrance N10 | Room F

As LLMs become increasingly powerful and ubiquitous, the need to deploy and scale these models in production environments grows. However, the complexity of LLMs can make them challenging to run reliably and efficiently. In this talk, we'll explore how Kubernetes can be leveraged to run LLMs at scale.

We'll cover the key considerations and best practices for packaging LLM inference services as containerized applications using popular OSS inference servers like TGI, vLLM and Ollama, and deploying them on Kubernetes. This includes managing model weights, handling dynamic batching and scaling, implementing advanced traffic routing, and ensuring high availability and fault tolerance.

Additionally, we'll discuss accelerators management and serving models on multiple hosts. By the end of this talk, attendees will have a comprehensive understanding of how to successfully run their LLMs on Kubernetes, unlocking the benefits of scalability, resilience, and DevOps-friendly deployments.

Speakers

Abdel Sghiouar

Cloud Developer Advocate, Google Cloud

Abdel Sghiouar is a senior Cloud Developer Advocate @Google Cloud. A co-host of the Kubernetes Podcast by Google and a CNCF Ambassador. His focused areas are GKE/Kubernetes, Service Mesh and Serverless.

Mofi Rahman

Developer Relations Engineer, Google Cloud

Mofi Rahman (@moficodes) is a Developer Advocate at Google. His favorite programming language these days is Go. He is a strong believer of the power of open source and importance of giving back to the community. He is a self proclaimed sticker collecting addict and has collected several... Read More →

Wednesday April 2, 2025 15:15 - 15:45 BST
Level 1 | Hall Entrance N10 | Room F

Cloud Native Novice

Content Experience Level Beginner

15:15 BST

The Great Sidecar Debate - William Morgan, Buoyant

Wednesday April 2, 2025 15:15 - 15:45 BST

Level 0 | ICC Capital Hall | Room 1

Sidecars, long the defining characteristic of the service mesh, are now the subject of its latest debate. While Kubernetes itself has recently added native support for sidecar containers, for service meshes, the question remains: does this architecture still hold water? Or, in the world of ambient and eBPF, are sidecars an antiquated approach already surpassed?

In this session, we'll take a pragmatic and engineering-focused approach to the debate. Every engineering choice is ultimately a tradeoff, so what are the tradeoffs at play here? Are there situations where sidecars provide value vs alternatives? Situations in which they suffer by comparison? We'll evaluate the practical considerations for service meshes: resource consumption, operational considerations (e.g. blast radius), security considerations (e.g. threat models), and more, and attempt to paint a comprehensive and unbiased picture of the pros and cons between approaches.

Speakers

William Morgan

CEO, Buoyant

William is the co-founder and CEO of Buoyant, the creator of the open source service mesh project Linkerd. Prior to Buoyant, he was an infrastructure engineer at Twitter, where he helped move Twitter from a failing monolithic Ruby on Rails app to a highly distributed, fault-tolerant... Read More →

Wednesday April 2, 2025 15:15 - 15:45 BST
Level 0 | ICC Capital Hall | Room 1

Connectivity

Content Experience Level Intermediate

15:15 BST

Trino and Data Governance on Kubernetes - Sung Yun & Aki Sukegawa, Bloomberg

Wednesday April 2, 2025 15:15 - 15:45 BST

Level 1 | Hall Entrance S10 | Room D

As secure and seamless data discovery and exploration become top priorities for data science platforms and their generative AI workflows, intelligent solutions for data access, catalog management, and distributed data analytics are becoming critical for cloud platform teams. One extremely popular solution is to utilize Trino in combination with Open Policy Agent (OPA) to deliver a distributed and secure SQL solution that can answer authorization checks at runtime, in a cloud native manner.

In this talk, we will walk through how we designed various Trino CustomResources on top of Kubernetes, Envoy Proxy, and Istio to enable a self-service and scalable data exploration platform. This design, in conjunction with a granular and centralized data governance framework, enables secure data discovery at a company-wide level within Bloomberg.

Speakers

Aki Sukegawa

Principal Engineer, Bloomberg

Aki Sukegawa is a Senior Software Engineer with the Enterprise Data Science Infrastructure team at Bloomberg. He is a contributor to various open source projects and is an Apache Thrift committer and PMC member.

Sung Yun

Team Lead, Bloomberg

Sung Yun is the Team Lead of Bloomberg's Cloud Native Compute Services (CNCS) Trino & Catalog engineering team, based out of New York City. His team focuses on utilizing open source tools like Kubernetes, Trino and Apache Iceberg to build a scalable data exploration platform for the... Read More →

Wednesday April 2, 2025 15:15 - 15:45 BST
Level 1 | Hall Entrance S10 | Room D

Data Processing + Storage

Content Experience Level Intermediate

15:15 BST

SIG-Node: Intro and Deep Dive - Sergey Kanzhelev & Dixita Narang, Google; Francesco Romani & Peter Hunt, Red Hat

Wednesday April 2, 2025 15:15 - 15:45 BST

Level 3 | ICC Capital Suite 14-16

This session covers the latest updates in the Kubernetes Node subsystem. SIG Node owns components like Kubelet, Container Runtime Interface (CRI), Node API. SIG Node is responsible for Pod lifecycle from allocation to teardown, shared (“classic”) resource management, topology alignment and device access via device plugins. SIG Node is also a major contributor of the Dynamic Resource Allocation (DRA) which is becoming the bedrock of the new generation or resource management. We work with container runtimes, kernels, networking, storage, and more; anything between the pod and the underlying hardware that runs them is in SIG Node’s purview!

The session will be interesting for end users, seasoned contributors, and people seeking to get involved. Attendees will leave the session with a better understanding of the latest developments like DRA, PSI, pod level resources, in-place VPA and more, as well as understand the roadmap in these days of AI/ML and other workloads adoption.

Speakers

Narang Dixita Sohanlal

Software Engineer, Google

Dixita Narang is a Software Engineer at Google on the Kubernetes Node team. With a primary focus on resource management within Kubernetes, Dixita is deeply involved in the development and advancement of the Memory QoS feature, which is currently in the alpha stage. She is a new contributor... Read More →

Peter Hunt

Senior Software Engineer, Red Hat

Peter Hunt is a Senior Software Engineer working at Red Hat. Passionate about free software, Peter focuses on being a chair for SIG node, maintaining CRI-O, and ~writing~ squashing bugs. Outside of the virtual world, Peter likes collecting floral-printed pants, cooking, and danci... Read More →

Francesco Romani

software engineer, Red Hat

Principal software engineer, joined Red Hat in late 2013, involved in open source projects since 2006. Worked in Red Hat about all things virtualization, then moved to the cloud native virtualization and now on cloud-native network functions. Currently works in the resource management... Read More →

Sergey Kanzhelev

Staff Software Engineer, Google

Sergey Kanzhelev is a seasoned cloud native maintainer. Sergey a chair of Kubernetes SIG node and one of the approvers. He is a co-founder of OpenTelemetry. He is working on both - engineering aspect of software and its practical application. With the Kubernetes, he is contributing... Read More →

Wednesday April 2, 2025 15:15 - 15:45 BST
Level 3 | ICC Capital Suite 14-16

Maintainer Track, Kubernetes, SIG Node

15:15 BST

Simplifying Apache Kafka on Kubernetes With Strimzi - Lukáš Král & Gantigmaa Selenge, Red Hat

Wednesday April 2, 2025 15:15 - 15:45 BST

Level 3 | ICC Capital Suite 10-12

When it comes to data streaming platforms for modern event driven architectures, Apache Kafka has become the most popular choice. However managing Kafka clusters on Kubernetes brings its own set of challenges such as upgrades, topics management and scaling. This is where Strimzi shines, it’s a CNCF incubating project that makes running Kafka on Kubernetes seamless.

In this talk, we will briefly introduce Strimzi and its key features, exploring how it simplifies not just Day 1 but also Day 2 operations in a Kubernetes native way. We will then deep dive into Strimzi’s recent enhancements such as KRaft migration, auto rebalancing, and tiered storage. Finally, we will give you a sneak peek into what’s next for Strimzi, including exciting upcoming features.

Whether you're a beginner or an experienced Kubernetes practitioner, this talk will equip you with the knowledge and tools to leverage Strimzi for Kafka on Kubernetes.

Speakers

Gantigmaa Selenge

Senior Software Engineer, Red Hat

Gantigmaa Selenge is a Senior Software Engineer working on Red Hat AMQ Streams, where she focuses on adapting the Apache Kafka ecosystem to be offered as a distributed and high-performance data streaming platform. She contributes to the development of both Apache Kafka and Strimzi... Read More →

Lukáš Král

Senior Software Quality Engineer, Red Hat

Lukas Kral is a Senior Software Quality Engineer at RedHat, working on projects related to Apache Kafka. One of them is Strimzi, a CNCF project for running Apache Kafka on Kubernetes, where he is also one of the maintainers. His main focus is on testing and providing automation of... Read More →

Wednesday April 2, 2025 15:15 - 15:45 BST
Level 3 | ICC Capital Suite 10-12

Maintainer Track, Strimzi

15:15 BST

Simplifying the Networking and Security Stack With Cilium, Hubble, and Tetragon - Bill Mulligan & Anna Kapuścińska, Isovalent at Cisco; Dorde Lapcevic, Google; Amir Kheirkhahan, DBSchenker

Wednesday April 2, 2025 15:15 - 15:45 BST

Level 3 | ICC Capital Suite 7-9

Join us as we celebrate nearly a decade of Cilium, now the de-facto standard CNI for Kubernetes and a cornerstone of cloud native networking, observability, and security. This session provides updates on the latest Cilium release and showcases how its unified eBPF-powered stack is transforming Kubernetes environments by replacing fragmented toolchains with seamless, secure, scalable, and simplified solutions.

We’ll explore features like multi-cluster networking, scaling to 65,000 nodes, and service mesh use cases and dive into sub-projects Hubble for network observability and Tetragon’s security observability and runtime enforcement. Hear from contributors and adopters DB Schenker, Google, and Isovalent about how Cilium is simplifying the cloud native stack and solidifying its role as the comprehensive networking and security solution for modern cloud native architectures.

Speakers

Bill Mulligan

Community Builder, Isovalent at Cisco

Bill Mulligan is a cloud native pollinator and community builder. He has given talks, written articles, and appeared on podcasts on a wide range of topics around cloud native. While at CNCF he restarted the Kubernetes Community Day program. He is currently at Isovalent growing the... Read More →

Amir Kheirkhahan

Platform engineer, DBSchenker

Amir is a platform engineer at DB Schenker, responsible for designing and implementing infrastructure solutions for development squads.His key responsibilities encompass the deployment and maintenance of a comprehensive toolchain within Kubernetes environments, the optimization of... Read More →

Dorde Lapcevic

Senior Software Engineer, Google

Dorde is a software engineer at Google, working on networking performance and scalability of GKE (Google Kubernetes Engine). The main part of the work is designing scalable networking features, optimizing their performance and reliability and testing the system to the limits, to be... Read More →

Anna Kapuścińska

Software Engineer, Isovalent at Cisco

Anna is a software engineer at Isovalent, focusing on eBPF-based observability and security. Her previous roles span the industry: she wore both developer and SRE hats, and worked in AdTech, FinTech, public healthcare, end-user SaaS company and a hosting provider. On good weather... Read More →

Wednesday April 2, 2025 15:15 - 15:45 BST
Level 3 | ICC Capital Suite 7-9

Maintainer Track, Cilium

15:15 BST

What's New in gRPC - Kevin Nilson, Google

Wednesday April 2, 2025 15:15 - 15:45 BST

Platinum Suite | Level 3 | Room 3-4

This talk will go through all the exciting new features we have recently added to gRPC. We will be covering topics such as OpenTelemetry, Service Mesh, K8s Gateway APIs and GAMMA. We will also cover tips and tricks for building a Microservices Application with gRPC.

Speakers

Kevin Nilson

Software Engineering Manager, Google

Kevin works at Google as a Software Engineer Manager on the gRPC team. At Google Kevin has worked on projects such as Chromecast, Google Home, Stadia and now gRPC. Kevin is a Java Champion and four time JavaOne Rock Star. Kevin has spoken at conferences such as Google I/O, JavaOne... Read More →

Wednesday April 2, 2025 15:15 - 15:45 BST
Platinum Suite | Level 3 | Room 3-4

Maintainer Track, gRPC

15:15 BST

What's New in Knative Eventing: Security, Discovery, Integrations, and JobSink - Pierangelo Di Pilato & Christoph Stäbler, Red Hat

Wednesday April 2, 2025 15:15 - 15:45 BST

Platinum Suite | Level 3 | Room 1-2

Knative Eventing continues to evolve, empowering developers with robust tools to build event-driven applications in the cloud-native ecosystem. In this session, we'll explore the latest features, including:

- Security: HTTPS endpoints, OIDC token integration, and per-source service accounts for secure communication
- Event Discovery: the event registry enables you to discover and understand the types of events that your event meshes can handle
- Integrations: the growing ecosystem of event sources and sinks, designed to broaden the reach of Knative Eventing in diverse workflows
- JobSink: unlocks long-running asynchronous jobs by leveraging Kubernetes batch jobs and queuing systems, addressing the limitations of traditional serverless event processing

Whether you're a seasoned Knative user or just getting started, this talk will provide actionable insights and demonstrate how Knative Eventing continues to enable event-driven architecture for cloud-native applications.

Speakers

Christoph Stäbler

Senior Software Engineer, Red Hat

Christoph is a Software Developer at Red Hat and an active contributor to the Knative project. He specializes in serverless technologies with a focus on event-based architectures and the further development of Knative Eventing.

Pierangelo Di Pilato

Principal Software Engineer, Red Hat

Pierangelo is a principal software engineer at Red Hat. He leads the Knative Eventing Working Group and has a passion for data, event-driven and streaming systems.

Wednesday April 2, 2025 15:15 - 15:45 BST
Platinum Suite | Level 3 | Room 1-2

Maintainer Track, Knative, Eventing

15:15 BST

Deep Dive To AI Agent Observability - Guangya Liu, IBM & Karthik Kalyanaraman, Langtrace AI

Wednesday April 2, 2025 15:15 - 15:45 BST

Level 1 | Hall Entrance N10 | Room E

OpenTelemetry has emerged as a powerful framework for observability in cloud-native applications, but how does it apply to the intricate needs of AI Agent observability? This session explores the journey of leveraging OpenTelemetry to monitor, trace, and analyze AI Agents. We’ll cover key challenges such as capturing metrics for multi-agent systems, tracing inference workflows, and correlating AI-specific data like model performance and decision latency.

Attendees will gain insights into extending OpenTelemetry to address AI-specific requirements, integrating with popular observability tools, and building actionable insights for production-grade AI systems. Through practical demonstrations and real-world use cases, this talk will showcase how OpenTelemetry provides transparency, reliability, and optimization for AI-driven architectures running on Kubernetes. Join us to unlock the potential of OpenTelemetry for AI Agent observability.

Speakers

Guangya Liu

Senior Technical Staff Member, IBM

Guangya Liu is a Senior Technical Staff Member (STSM) for IBM Instana. He is the technical leader driving the IBM Instana development and customer support. He is also the open source leader for IBM Instana team, driving the cloud-native open source contribution to integrate with... Read More →

Karthik Kalyanaraman

Co-Founder & CTO, Langtrace AI

Karthik Kalyanaraman is the co-founder and CTO of Langtrace AI. Prior to Langtrace, Karthik built and scaled products at Coinbase, HP and VMware. Karthik is a thought leader and has deep experience in infrastructure and observability.

Wednesday April 2, 2025 15:15 - 15:45 BST
Level 1 | Hall Entrance N10 | Room E

Observability

Content Experience Level Any

15:15 BST

The Life (or Death) of a Kubernetes API Request, 2025 Edition - Abu Kashem, Red Hat Inc. & Stefan Schimanski, Upbound

Wednesday April 2, 2025 15:15 - 15:45 BST

Level 1 | Hall Entrance S10 | Room C

This presentation takes an in-depth look at the path of an API request (e.g. a user sends a request to create a Pod through kubectl create). We take a deep dive into the phases a request passes through, in a chronological order, starting with its arrival at the k8s API Server, and ending in its departure carrying a response to the caller.

This talk will not dive into any code snippets, but rather will use easy to understand diagrams that dig deep into k8s architecture, and side by side, it will show the related observability artifacts (log, audit, metrics snapshot, and error messages) and clarify their implications. To our knowledge, no kubecon talk has covered this topic from an operator's perspective.

After attending this talk, the audience, whether they are an admin, an SRE, or a DevOps professional, will walk away with a much clearer understanding of "how things work in Kubernetes"; the new insights will make them more effective at finding root causes for complex cluster issues.

Speakers

Stefan Schimanski

Senior Principal Engineer, Upbound

Stefan is a Senior Principal Engineer at Upbound working on control planes, Kubernetes, kcp, and as a tech-lead in Sig API Machinery. He contributed a major part of the CRD feature set. Stefan is a 2nd time GoogleSummer of Code mentor with CNCF, loves to teach and help people to learn... Read More →

Abu Kashem

Software Engineer, Red Hat Inc.

Abu is a Software Engineer at Red Hat, Inc., working on Kubernetes Control Plane technology, he is a maintainer of sig-api-machinery, he is also an active contributor to the API Priority and Fairness feature of the k8s APIServer

Wednesday April 2, 2025 15:15 - 15:45 BST
Level 1 | Hall Entrance S10 | Room C

Operations + Performance

Content Experience Level Any

15:15 BST

More Data Please: Hands on Green Cloud Experiments - Leonard Pahlke, BWI GmbH & Antonio Di Turi, Data Reply

Wednesday April 2, 2025 15:15 - 15:45 BST

Level 0 | ICC Capital Hall | Room 2

Sustainable cloud computing has been a topic for over a decade, but we lack concrete data on Kubernetes energy consumption. This session shares a case study of a microservice running on a k3s clusters, providing real energy metrics at every stage of Platform Engineering: Day 0 (manual setup with k3s, Cilium, microservice deployment), Day 1 (introducing ArgoCD, Falco for security), and Day 2 (adding observability with Prometheus, Grafana, OpenTelemetry, and Kepler). We use bare metal environments ensuring clean, measurable energy data, from idle setup to fully operational.

We’ll explore how tools like Kepler estimate energy consumption for Kubernetes components and compare them to actual plug measurements. For Day 3, we’ll present experiments: changing programming languages, OS images, VPA and KEDA. By sharing practical insights and data, we aim to inspire engineers to innovate and build a more sustainable cloud-native ecosystem.

Presented by TAG Environmental Sustainability Leads.

Speakers

Antonio Di Turi

Data Engineer, Data Reply

Co-chair of WG Green review in the CNCF TAG-environmental-sustainability. I am determined and dynamic, I like the crowd and I like to be exposed to new stimuli. DevOps and Sustainability are my passions. I feel very lucky because in my job I always find some fun.

Leonard Pahlke

Senior Expert Cloud Native Engineering, BWI GmbH

Leonard is a dedicated open source contributor and leader, currently chairing the CNCF TAG Environmental Sustainability. Previously, Leonard led the K8s release team for v1.26 and as the emeritus advisor for v1.28. With a strong focus on emerging technologies, he advocates for open... Read More →

Wednesday April 2, 2025 15:15 - 15:45 BST
Level 0 | ICC Capital Hall | Room 2

Platform Engineering

Content Experience Level Intermediate

15:15 BST

Zero Forks Given: Minimizing Friction When Adopting OSS - Alexander Perlman & Narayanamurthi Mari, Capital One

Wednesday April 2, 2025 15:15 - 15:45 BST

Level 1 | Hall Entrance S10 | Room B

Open source software often does not meet internal requirements at large enterprises, especially those with elevated security and regulation requirements. Leveraging said projects often requires modifying or extending them to meet these internal mandates.

In this talk, we will review different patterns for “internalizing” external open source projects and discuss the pros and cons of each approach. These patterns are upstream contribution, forking, wrapping, and mutation.

We will review specific case studies using popular open source projects (including Kubeflow, Argo Workflows, Dask, and more) and how we fulfilled internal requirements using the four aforementioned approaches.

In particular, we want to highlight the comparative benefits of Kubernetes mutating admission control (with Kyverno) when adopting open source projects. We hope that audiences will walk away with concrete tools to streamline open source adoption.

Speakers

Alexander Perlman

Senior Lead Software Engineer, Capital One

Alexander Perlman is a senior lead software engineer at Capital One's Machine Learning Experience organization. His areas of focus include distributed compute and workflow orchestration. He lives in the NYC metro area (aka NJ and ashamed) with his wife and three young children. He... Read More →

Narayanamurthi Mari

Distinguished Engineer @ Capitalone, Capitalone

Moorthy is a distinguished engineer at Capital One's Machine Learning Experience organization. His areas of focus include Site Reliability, Platform Engineering and Workflow Orchestration. He lives in the New Jersey with his wife and two young children.

Wednesday April 2, 2025 15:15 - 15:45 BST
Level 1 | Hall Entrance S10 | Room B

Platform Engineering

Content Experience Level Intermediate

15:15 BST

The Security Challenges of Running Untrusted Code in Production on Kubernetes at Internet Scale - Christian Weichel & Alejandro de Brito Fontes, Gitpod

Wednesday April 2, 2025 15:15 - 15:45 BST

Level 0 | ICC Auditorium

Running untrusted code from 1.5 million developers presents unique security challenges that push container isolation to its limits. At Gitpod, we spent six years building secure boundaries for development environments on Kubernetes, ultimately discovering fundamental security limitations that led us to rearchitect our platform. Our recent technical deep-dive blog ended up on Hacker News and sparked quite the intense debate (speakers are the OP).

This deep-dive examines our security evolution from standard container isolation to custom security implementations involving user namespaces, seccomp profiles, and network isolation. We'll explore how we handled privileged operations like Docker-in-Docker, FUSE filesystems, and root access requests while maintaining isolation. Whether you're dealing with multi-tenant workloads or running untrusted code, you'll gain practical insights about our learnings on real-world security boundaries in Kubernetes.

Speakers

Alejandro de Brito Fontes

Senior Engineer, Gitpod

Alejandro is a software entrepreneur and systems architect with more than 20 years of experience designing, building, and operating mission-critical IT infrastructure.

Christian Weichel

Chief Technology Officer, Gitpod

Chris Weichel is the Chief Technology Officer at Gitpod, where he leads the engineering team that builds and maintains the cloud-native platform for software development. With over 20 years of experience in software engineering and human-computer interaction, he has a comprehensive... Read More →

Wednesday April 2, 2025 15:15 - 15:45 BST
Level 0 | ICC Auditorium

Security

Content Experience Level Advanced

15:45 BST

Coffee Break ☕

Wednesday April 2, 2025 15:45 - 16:15 BST

Level 1 | Hall Entrances S8 - S9, N8 - N9

Wednesday April 2, 2025 15:45 - 16:15 BST
Level 1 | Hall Entrances S8 - S9, N8 - N9

Breaks

16:15 BST

Orchestrating AI Models in Kubernetes: Deploying Ollama as a Native Container Runtime - Samuel Veloso, Cast AI & Lucas Fernández, Red Hat

Wednesday April 2, 2025 16:15 - 16:45 BST

Level 1 | Hall Entrance S10 | Room A

Existing solutions for serving AI models in Kubernetes are often difficult to deploy and manage with complex workflows and a lack of user-friendly design. This talk introduces a custom container runtime that leverages Ollama as the serving backend, simplifying the deployment and operation of AI models in Kubernetes environments.

A custom container runtime extends the standard container execution workflow by integrating additional capabilities directly into the container lifecycle. Solutions like gVisor and Kata Containers are prominent examples, leveraging this technology to enhance container security by isolating workloads or providing lightweight virtualized environments. In our case, we apply the same principle to AI model serving, enabling native deployment of open-source AI models within Kubernetes.

Speakers

Samuel Veloso

Software Engineer, Cast AI

Samu Veloso is a Software Engineer at Cast AI where he contributes to the future of Kubernetes security.

Lucas Fernández

Senior Software Engineer, Red Hat

I'm a technology fan and I love to explore as many fields as I can, such as Development, Ciber-Security or Artificial Intelligence. You can see what I am up to on lucferbux.dev. Feel free to contact me on my linkedin.

Wednesday April 2, 2025 16:15 - 16:45 BST
Level 1 | Hall Entrance S10 | Room A

AI + ML

Content Experience Level Intermediate

16:15 BST

OSS = Open Source ... Strategy!? Google Is Doubling Down on K8s in the AI Era, and You Should Too! - Jago Macleod, Google

Wednesday April 2, 2025 16:15 - 16:45 BST

Level 1 | Hall Entrance N10 | Room G

Kubernetes is Ten Years Old… Yikes - maybe it’s time to bail and find the next new hotness before it’s too late? Is it Ray? Or wait maybe it’s Spark or Run:ai or WASM or… ? Turns out it’s a trick question - all of these and more will play a role in the next hockey stick growth graph. And Kubernetes has a key role to play too.

I lead Open Source Kubernetes at Google. In this talk I’ll share our open source strategy and how it changed recently. I'll present the strategic framework and supporting pillars. I’ll share where we will focus our energy in the Kubernetes project in the next couple of years, and some concrete goals and risks. And I'll share how we rationalize work in open source in a world of limited resources.

The world has never changed so fast. Fortunately, the Kubernetes community created an extensible platform that is (just about) ready for the next trillion core hours. It’s not time to jump ship - we’re doubling down on Kubernetes and we think you will too.

Speakers

Jago Macleod

Engineering Director, Kubernetes & GKE, Google

Jago Macleod is an Engineering Director at Google, where he leads Open Source Kubernetes and GKE Release and Upgrades, which gives him the opportunity to work with some of Google Cloud’s largest customers. Prior to working at Google, Jago helped make the smart homes that may eventually... Read More →

Wednesday April 2, 2025 16:15 - 16:45 BST
Level 1 | Hall Entrance N10 | Room G

Cloud Native Experience

Content Experience Level Any

16:15 BST

K8s in Wonderland: Why Many of Unknown Code in My Workload? - Hoon Jo, Megazone

Wednesday April 2, 2025 16:15 - 16:45 BST

Level 1 | Hall Entrance N10 | Room F

When you look at the YAML after you've deployed in kubernetes, surprisingly (from a novice perspective), there's a bunch of unknown code in addition.
In fact, it is essential to work properly, and moreover, it almost matches in best practice way to work for highly compatible purpose.
For example, the service has a key value called "sessionAffinity". This value is set to "None" by default.
We could replace it with a value called "ClientIP" instead of None, but this needs to be carefully considered to avoid side effects.
So in this session it is important to understand the implications of having such a default value in there, and being able to do so will help us when we study each of these objects in more detail in the future.
I'm sure you'll find it useful and thought provoking! :)

Speakers

Hoon Jo

Cloud Solutions Architect | Cloud Native Engineer, Megazone

Hoon Jo is Cloud Solutions Architect as well as Cloud Native engineer at Megazone. He has many times of speaker experience for cloud native technologies. And spread out Cloud Native Ubiquitous in the world. He has written several books and latest books is 『CONTAINER INFRASTRUCTURE... Read More →

Wednesday April 2, 2025 16:15 - 16:45 BST
Level 1 | Hall Entrance N10 | Room F

Cloud Native Novice

Content Experience Level Beginner

16:15 BST

Taming the Traffic: Selecting the Perfect Gateway Implementation for You - Spencer Hance, Google; Arko Dasgupta, Tetrate; Christine Kim, Isovalent at Cisco; Kate Osborn, NGINX/F5; Mike Morris, Microsoft

Wednesday April 2, 2025 16:15 - 16:45 BST

Level 0 | ICC Capital Hall | Room 1

The Kubernetes Gateway API has emerged as the next-generation standard for managing ingress traffic, promising greater flexibility and expressiveness than traditional Ingress resources. But with a growing ecosystem of almost 30 implementations, choosing the right one for your specific needs can feel overwhelming. This panel discussion brings together 5 experts at the forefront of Gateway API development to help you navigate this evolving landscape. Each panelist is actively involved in implementing the Gateway API and contributing to the OSS project itself. Together, the panelists represent all the different categories of implementations you might be considering - including service mesh.

This session will provide a comprehensive overview of the key considerations when selecting a Gateway API implementation. We will discuss things like API conformance, scalability, performance, integrations, installation, management, and much more!

Speakers

Kate Osborn

Senior Software Engineer, NGINX/F5

Maintainer of NGINX Gateway Fabric. Kubernetes fanatic since 2018.

Spencer Hance

Software Engineer, Google

Spencer Hance is a Software Engineer focused on Kubernetes Networking at Google. He is currently a tech lead for Gateway API on GKE (Google Kubernetes Engine) and was previously a tech lead for Ingress API on GKE. Spencer has been at Google since 2019 and is based in San Francisc... Read More →

Arko Dasgupta

Software Engineer, Tetrate

Software Engineer at Tetrate spending most of his time building & debugging networking features with Envoy Gateway, Envoy Proxy and Gateway API.

Mike Morris

Senior Product Manager, Microsoft

Mike is a product manager at Microsoft working on upstream open source projects with a focus on Istio service mesh, and a Gateway API for service mesh co-lead. He is interested in building healthy, sustainable communities and scalable distributed systems, and working collaboratively... Read More →

Christine Kim

OSS Dev Experience, Isovalent at Cisco

Christine Kim focuses on developer experience at Isovalent, where she dabbles in the world of Kubernetes and Service Meshes.

Wednesday April 2, 2025 16:15 - 16:45 BST
Level 0 | ICC Capital Hall | Room 1

Connectivity

Content Experience Level Beginner

16:15 BST

Unleashing the Power of Init Containers: Reducing Database Management Toil at Yelp - Muhammad Junaid Muzammil, Yelp

Wednesday April 2, 2025 16:15 - 16:45 BST

Level 1 | Hall Entrance S10 | Room D

Init containers are specialized containers that are launched during pod initialization and complete their tasks before the main containers in the pod start. But how do they unleash their potential in real-life situations, particularly when it comes to database management?
At Yelp, we run several Cassandra clusters in production on Kubernetes. Init containers have been instrumental in transforming the operational efficiency for managing these Cassandra clusters, especially during horizontal scaling, upgrades, and restoring clusters from backups. Join us to explore the strategic use of init containers by the Database Reliability Engineering team at Yelp.

Speakers

Muhammad Junaid Muzammil

Tech Lead, Yelp

Muhammad Junaid Muzammil is a Tech Lead in the Database Reliability Engineering team at Yelp. His primary focus is on distributed datastores like Cassandra and Zookeeper, including their interactions and automation. Outside of work, you'd find him playing different games with his... Read More →

Wednesday April 2, 2025 16:15 - 16:45 BST
Level 1 | Hall Entrance S10 | Room D

Data Processing + Storage

Content Experience Level Intermediate

16:15 BST

Dapr in 2025: Durable Execution for AgenticAI Systems and Becoming the Backbone of App Platforms - Yaron Schneider, Diagrid

Wednesday April 2, 2025 16:15 - 16:45 BST

Platinum Suite | Level 3 | Room 3-4

In this maintainer track we'll cover existing and upcoming features that allow developers to more easily create Agentic AI systems. We will also showcase Dapr's role as an Application Developer Platform that is filling the gap required to govern and regulate access from applications to their underlying infrastructure and providing zero-trust security across both service to service and service to infrastructure interactions.

Speakers

Yaron Schneider

CTO, Diagrid

Yaron co-created the CNCF projects Dapr and KEDA while at Microsoft and led the engineering architecture for serverless container platforms that run at scale using open source technologies. Yaron is an avid lover of open source tech and distributed systems, and is a co-founder and... Read More →

Wednesday April 2, 2025 16:15 - 16:45 BST
Platinum Suite | Level 3 | Room 3-4

Maintainer Track, Dapr

16:15 BST

Flux Ecosystem Evolution - Stefan Prodan, ControlPlane & Sanskar Jaiswal, Kong

Wednesday April 2, 2025 16:15 - 16:45 BST

Platinum Suite | Level 3 | Room 1-2

In this session, Stefan and Sanskar will talk about the latest developments in the Flux CD ecosystem and how the Flux project has evolved over the past year.

Stefan will introduce Flux Operator, a new component that enhances the Flux UX with high-level abstractions for defining GitOps workflows. He will showcase Headlamp's new plugin that comes with a set of dashboards for monitoring Flux and debugging GitOps pipelines.

Sanskar will present the latest features of Flagger and how Gateway API plays an essential role in enabling progressive delivery for Kubernetes applications.

Finally, they will discuss the roadmap for Flux & Flagger and how the community can contribute to the project's success.

Speakers

Sanskar Jaiswal

Software Engineer, Kong

Sanskar works as a software engineer at Kong Inc. working on building serverless API gateways. He's also a maintainer of Flux and Flagger. He is passionate about contributing to OSS with him being involved in Kubernetes SIG-Network projects and kube-rs. He loves reading about distributed... Read More →

Stefan Prodan

Principal Engineer, ControlPlane

Stefan is a Principal Engineer at ControlPlane and an open source contributor to cloud-native projects. He is the creator of Flagger the progressive delivery operator for Kubernetes, and a core maintainer of the CNCF's Flux project. Stefan has over 20 years of experience with software... Read More →

Wednesday April 2, 2025 16:15 - 16:45 BST
Platinum Suite | Level 3 | Room 1-2

Maintainer Track, Flux

16:15 BST

Kubernetes Data Protection WG Deep Dive - Dave Smith-Uchida, Veeam

Wednesday April 2, 2025 16:15 - 16:45 BST

Level 3 | ICC Capital Suite 7-9

Data Protection WG is dedicated to promoting data protection support in Kubernetes. The Working Group is working on identifying missing functionalities and collaborating across multiple SIGs to design features to enable data protection in Kubernetes. In this session, we will discuss what is the current state of data protection in Kubernetes and where it is heading in the future. We will also talk about how interested parties (including storage and backup vendors, cloud providers, application developers, and end users, etc.) can join this WG and contribute to this effort. Details of the WG can be found here: https://github.com/kubernetes/community/tree/master/wg-data-protection.

Speakers

Dave Smith-Uchida

Technical Leader, Veeam

Dave has been a leader in data protection for Kubernetes for the last several years. In addition to his work at Veeam on K10, he is a founding member of the Kubernetes Data Protection Working Group and was formerly the architect for the Velero Open Source Kubernetes backup project... Read More →

Wednesday April 2, 2025 16:15 - 16:45 BST
Level 3 | ICC Capital Suite 7-9

Maintainer Track, Data Protection

16:15 BST

SIG Cloud Provider Deep Dive: Testing Cloud Controller Managers - Michael McCune, Red Hat; Bridget Kromhout, Microsoft; Walter Fender, Google

Wednesday April 2, 2025 16:15 - 16:45 BST

Level 3 | ICC Capital Suite 10-12

Recent discussions in SIG Cloud Provider have focused on improving our testing, and it turns out that testing cloud controllers is complicated. In this presentation the maintainers will explain in detail how such testing is accomplished, and what you can do to help ensure that the cloud controller tests cover more infrastructure providers.

Testing isn’t just a technical topic to discuss in the bike shed though; it is also vital to ensuring the confidence in, and quality of, Kubernetes. The SIG maintainers will discuss how doing more testing in the Kubernetes community will lead to a better platform for everyone. Expect to walk away from this talk with a clear vision for what SIG Cloud Provider is planning for the next generation of tests, and how you can contribute to that effort!

Speakers

Michael McCune

Senior Principal Software Engineer, Red Hat

Michael McCune is a software developer creating open source infrastructure and applications for cloud platforms. He has a passion for problem solving and team building, and a lifelong love of music, food, and culture.

Bridget Kromhout

Principal Product Manager, Microsoft

Bridget Kromhout is a Principal Product Manager at Microsoft Azure, focusing on the open source cloud native ecosystem. Her CS degree emphasis was in theory, but she now deals with the concrete (if 'cloud' can be considered tangible). After years on call for production (from enterprise... Read More →

Walter Fender

Staff Engineer, Google

Graduated from U.C. Berkeley. Working at Google and on Kubernetes API Machinery and Cloud Provider for eight years. Maintainer for the APIServer Network Proxy and Config Connector projects.

Wednesday April 2, 2025 16:15 - 16:45 BST
Level 3 | ICC Capital Suite 10-12

Maintainer Track, Cloud Provider

16:15 BST

The State of Backstage in 2025 - Ben Lambert, Camila Loiola, Fredrik Adelöw, Patrik Oldsberg & Vincenzo Scamporlino, Spotify

Wednesday April 2, 2025 16:15 - 16:45 BST

Level 3 | ICC Capital Suite 14-16

The Backstage project has seen a big push for stability and maturity in the last year. Backstage’s new backend system had its stable 1.0 release, and a lot of work has gone into the new frontend system as well, all towards the end goal of making Backstage easier to manage and extend. During this work there has still been space to ship many new features and improvements, both big and small.

Join the maintainers for a session featuring project updates, feature highlights, and live demos, as is tradition. Among the topics covered will be success stories from running Backstage at Spotify's scale with thousands of members of the engineering organization and an ever growing catalog.

Finally there will be a look toward the future, highlighting the upcoming roadmap items and what to be excited for in the coming year!

Speakers

Patrik Oldsberg

Senior Engineer, Spotify

Patrik is a Senior Software Engineer at Spotify and a core maintainer of Backstage. In 2019 he joined the team in Spotify’s platform organization that owned the Backstage platform, and worked together with the rest of the team to bring it out in the open. Before joining Spotify... Read More →

Ben Lambert

Senior Software Engineer, Spotify

Ben is a Senior Engineer at Spotify, where he spends most of his time working on Backstage, the Open Source framework for building Developer Portals. Ben's passion for modern software engineering is evident in his contributions to Backstage and commitment to fostering a thriving developer... Read More →

Vincenzo Scamporlino

Senior Software Engineer, Spotify

Vincenzo is a Senior Software Engineer at Spotify, based in Stockholm, and members of the Backstage core team. With a career that began as a Mobile Engineer in Digital Creative Agencies, he later transitioned to Full-Stack Engineering. Today, you might find him on Discord, engaging... Read More →

Camila Loiola

Software Engineer, Spotify

Software engineer, teacher, and speaker who loves developer experience tools.

Fredrik Adelöw

August Simonelli is a Principal Product Manager at Red Hat. He has worked with customers around the world to help them adopt, use, improve, and implement open source technologies. Raised in Boulder, Colorado, August now lives in Sydney, Australia and is a strong advocate for using... Read More →

Ryan Zhang

Principal Software Engineering Manager, Microsoft

Dr. Ryan Zhang is a Principal Software Engineer Manager at Microsoft, working on Azure Kubernetes Service Team. Ryan has been working on Cloud Native open source projects for the past few years including CloudEvents, Open Application Model (OAM) and multi-cluster related initiati... Read More →

Wednesday April 2, 2025 16:15 - 16:45 BST
Level 1 | Hall Entrance N10 | Room H

Platform Engineering

Content Experience Level Intermediate

16:15 BST

Making CRDs Delightful: Beyond the Pitfalls - Evan Anderson, Stacklok, Inc

Wednesday April 2, 2025 16:15 - 16:45 BST

Level 0 | ICC Capital Hall | Room 2

CRDs have a lot of traps for new operator authors; this is a different talk about developing for Kubernetes! If you're building Kubernetes resource types, let's talk about how to make them satisfying and enjoyable for your users. Using examples from multiple popular projects, Evan will provide 10 tips on how to make your APIs friendly to Kubernetes beginners and experts alike.

* Use status for humans and machines
* Condition super-powers with one simple rule!
* How to avoid needing to build a CLI
* When to build one anyway
* Day-1 RBAC for everyone
* Supporting GitOps gracefully
* Status-free objects: Policies and Classes
* The beauty of zero
* Borrowing is best: embedding known types
* Operating someone else's CRD: labels and annotations

Evan has been extending and operating Kubernetes for the last 6 years. The above patterns will be illustrated with examples from his experience with ArgoCD, Cert-Manager, Gateway-API, Knative, and Kubernetes, among others.

Speakers

Evan Anderson

Software Engineer, Stacklok, Inc

Founder and maintainer on Knative serverless project. Currently at Stacklok working on supply chain security, previously at Google and VMware; recovering SRE.

Wednesday April 2, 2025 16:15 - 16:45 BST
Level 0 | ICC Capital Hall | Room 2

Platform Engineering

Content Experience Level Advanced

16:15 BST

The GPUs on the Bus Go ‘Round and ‘Round - Natalie Bandel & Ryan Hallisey, NVIDIA

Wednesday April 2, 2025 16:15 - 16:45 BST

Level 1 | Hall Entrance S10 | Room B

Come take a behind-the-scenes look at NVIDIA’s large-scale GPU deployment. NVIDIA’s GPU Cloud has taken on the challenges of day-2 maintenance for 60,000+ GPUs in production, uncovering hard truths and surprising revelations along the way. From problems we didn’t even know existed, to pushing the limits of device uptime. We’ve spent years experimenting, fine-tuning, and learning what works—and what doesn’t.

As Kubernetes is increasing support for allocating accelerators with DRA, day-2 device management is becoming more important. We’ll speak about:
- Techniques we use to uncover device failures
- How we keep devices healthy
- How we remediate failures with operational transparency and without impacting running workloads.

Speakers

Ryan Hallisey

Software Engineer, NVIDIA

Ryan is a software engineer at NVIDIA. He works on building data centers powered by Kubernetes and KubeVirt for NVIDIA products.

Natalie Bandel

Senior Software Engineer, Cloud Computing, NVIDIA

Natalie is a Senior Software Engineer at NVIDIA. She works on building software for cloud infrastructure powered by Kubernetes, KubeVirt and strong coffee.

Wednesday April 2, 2025 16:15 - 16:45 BST
Level 1 | Hall Entrance S10 | Room B

Platform Engineering

Content Experience Level Beginner

16:15 BST

Signed, Sealed, Delivered - Sign and Verify All the Things - Jeremy Rickard, Microsoft

Wednesday April 2, 2025 16:15 - 16:45 BST

Level 0 | ICC Auditorium

You're a cluster operator facing evolving supply chain threats. You're getting hit with rate-limits causing service availability issues. A configuration change made it into production and deployed unapproved images. Someone got access to your registry and tampered with an image. How do we handle these threat vectors? Digital signing and policy enforcement can help! In this talk, we'll look at how CNCF projects like ORAS, Notary, Flux, and Kyverno can be used together to ensure that everything in your production clusters, from images to configuration YAML, comes from a trusted source and has been digitally signed to ensure it hasn't been tampered with and. how to do this with a registry you control. You'll leave this session with knowledge of how these tools work together to enable you to protect your clusters, some of the gaps, and how you can address them. Jeremy will walk through a complete end-to-end experience and provide a Github repo with samples to take home.

Speakers

Jeremy Rickard

Principal Software Engineer, Microsoft

Jeremy Rickard is a principal software engineer at Microsoft where he works on the Azure Container Upstream team. He is currently a co-chair for SIG Release and serves on both the CNCF and the Kubernetes Code of Conduct Committees. He was also the Kubernetes 1.20 Release Lead.

Wednesday April 2, 2025 16:15 - 16:45 BST
Level 0 | ICC Auditorium

Security

Content Experience Level Any

16:15 BST

Tutorial: Build, Operate, and Use a Multi-Tenant AI Cluster Based Entirely on Open Source - Claudia Misale, IBM Research; Olivier Tardieu & David Grove, IBM

Wednesday April 2, 2025 16:15 - 17:30 BST

Level 1 | Hall Entrance N11

With GPUs being scarce and costly, multi-tenant Kubernetes clusters that can queue and prioritize complex, heterogeneous AI/ML workloads while achieving both high utilization and fair sharing, are a necessity for many organizations. This tutorial will teach the audience how to build, operate, and use an AI cluster. Starting from either a managed or on-premise Kubernetes cluster, we will demonstrate how to install and configure a number of open source projects (and only open source projects) such as Kueue, Kubeflow, PyTorch, Ray, vLLM, and Autopilot to support the full AI model lifecycle (from data preprocessing to LLM training and inference), configure teams and quotas, monitor GPUs, and to a large degree automate fault detection and recovery. By the end of the tutorial the participants will have a thorough understanding of the AI software stack refined by IBM Research over several years to effectively manage and utilize thousands of GPUs. Come to learn the recipe and try it at home!

Speakers

David Grove

Distinguished Research Scientist, IBM Research

David Grove is a Distinguished Research Scientist at IBM T.J. Watson, NY, USA. He has been a software systems researcher at IBM since 1998, specializing in programming language implementation and scalable runtime systems. His current research focuses on cloud-related technologies... Read More →

Olivier Tardieu

Principal Research Scientist, Manager, IBM Research

Dr. Olivier Tardieu is a Principal Research Scientist and Manager at IBM T.J. Watson, NY, USA. He joined IBM Research in 2007. His current research focuses on cloud-related technologies, including Serverless Computing and Kubernetes, as well as their application to Machine Learning... Read More →

Claudia Misale

Staff Research Scientist, IBM Research

Claudia Misale is a Staff Research Scientist in the Hybrid Cloud Infrastructure Software group at IBM T.J. Watson Research Center (NY). Her research is focused on Kubernetes and targets monitoring, observability and scheduling for HPC and AI training workloads. She is mainly interested... Read More →

Wednesday April 2, 2025 16:15 - 17:30 BST
Level 1 | Hall Entrance N11

Tutorials, AI + ML

Content Experience Level Intermediate

16:15 BST

🚨 Contribfest: Expanding the Helm Ecosystem With Helm 4

Wednesday April 2, 2025 16:15 - 17:30 BST

Level 3 | ICC Capital Suite 17

Are you passionate about Helm and looking for ways to contribute? Join Helm maintainers at this ContribFest to help shape the future of the project and its ecosystem! This session focuses on three exciting initiatives:

**Exploring the Helm Ecosystem:** From Chart Testing to Chart Releaser, Chart Museum, docs, and traditional plugins, discover how these projects support end-user workflows and where your skills can fit in.

**Building a Triage Team:** Helm’s biggest bottleneck is issue and PR triage. Learn how to make an immediate impact here—contributors who excel and commit time can be nominated as Triage Maintainers.

**Diving into Helm 4:** Helm 4 is on the horizon, with a revamped architecture and an expanded plugin system. Explore how to contribute plugins, ideas, and code to shape this new era.

Whether new to Helm or experienced, this session is your chance to connect, learn, and make a difference. Let’s build Helm’s future together!

Speakers

Scott Rigby

Helm Maintainer, Navteca

Scott is an artist, engineer & dad, collaborating on a different kind of world. Into collective art, activism, therapy & open source nerdy stuff. Scott is a Cloud Native Ambassador, speaker, organizer of CNCF community events including the New York Kubernetes Meetup, and international... Read More →

George Jenkins

Mr, Bloomberg

George is a software engineer working on Cloud based data analytics and compute platforms for at Bloomberg. He enjoys working with and contributing back to open source, and utilizing the best in technology to solve business problems.

Robert Sirchia

Director of Technical & Community Marketing, SUSE

I am Robert Sirchia the Director of Technical & Community Marketing at SUSE. I have been working in technology for over 20 years. Most of that time has been spent in the .NET and Microsoft space. Moved towards the cloud when .NET became a first-class citizen on them. And I have never... Read More →

Wednesday April 2, 2025 16:15 - 17:30 BST
Level 3 | ICC Capital Suite 17

🚨 Contribfest, Helm

16:15 BST

🚨 Contribfest: OpenTelemetry Contribfest

Wednesday April 2, 2025 16:15 - 17:30 BST

Level 3 | ICC Capital Suite 1

We are bringing the OpenTelemetry ContribFest to Europe! This hands-on session is the perfect opportunity for new contributors to dive into one of the most impactful open-source projects in observability. Guided by maintainers from across the project—spanning the Collector, Go, Java, JavaScript, and more—you’ll receive personalized support to make your first contribution.

Building on the success of previous ContribFests in Chicago and Salt Lake City, this session promises an engaging and supportive environment. As one of the KubeCon staff in Salt Lake City remarked, "It’s the ContribFest where most people stayed until the very end," even when it was scheduled in the last slot on a Friday!

Whether you’re a developer, SRE, or just curious about OpenTelemetry, this session is designed to empower you with the skills and confidence to contribute to open source. No prior experience with OpenTelemetry is required—just bring your laptop and enthusiasm!

Speakers

Jason Plumb

Software Engineer, Splunk

Jason Plumb (he/him) is a hacker, artist, experimenter, polyglot programmer, and dad from Portland, OR, USA. He is co-maintainer of OpenTelemetry Android and an approver in various OpenTelemetry java projects. When not at work, Jason volunteers with Futel to install and maintain a... Read More →

Jamie Danielson

Senior Software Engineer, Honeycomb

Jamie is a Senior Software Engineer at Honeycomb where she works on instrumentation libraries. She is an active contributor to multiple OpenTelemetry projects, and is a maintainer for OpenTelemetry JavaScript. When she’s not working she’s playing dek hockey.

Marc Pichler

Maintainer, OpenTelemetry JavaScript, Dynatrace

Marc is a Senior Software Engineer at Dynatrace and a Maintainer for OpenTelemetry JavaScript. Previously working internally on various open source integrations, Marc transitioned to a more upstream-focused role and joined the group of OpenTelemetry JavaScript Maintainers in 2023... Read More →

Tyler Yahn

Software Engineer, Splunk

Tyler Yahn is a Senior Software Engineer at Splunk and a Maintainer of the OpenTelemetry Go project. He has a background in designing, building, and running distributed systems. Currently, he devotes his time to building and improving OpenTelemetry.

Wednesday April 2, 2025 16:15 - 17:30 BST
Level 3 | ICC Capital Suite 1

🚨 Contribfest, OpenTelemetry

17:00 BST

Optimizing Training Performance for Large Language Model(LLM) in Kubernetes - William Wang, Huawei Cloud Technologies Co., LTD & Peng Gu, Tech Starup

Wednesday April 2, 2025 17:00 - 17:30 BST

Level 1 | Hall Entrance S10 | Room A

Large Language Models are increasing in popularity and the training performance in Kubernetes at scale has become the biggest challenges for enterprises. How to achieve the optimal performance and linearity for a huge training job, such as 100k GPUs? What are the three most critical factors that affect performance? How to optimize performance step by step?

In this talk we will present an end to end analysis of the bottleneck of LLM training in Kubernetes at scale. And then show how the insufficient resource management and network topology awareness in Kubernetes affect the performance. Finally we will introduce the new resource management model, LLM dedicated training workload and scheduling solution which are initiated in the Volcano open source community and demonstrate how to use it to get optimal performance and linearity.

Speakers

Peng Gu

Software Architect, Tech Starup

Peng Gu holds a PhD degree in Computer Engineering from the University of Central Florida, specializing in high-performance computing. As a tech lead and cloud software architect at an AI infrastructure startup, he designs scalable, cutting-edge solutions to support highly demanding... Read More →

William Wang (Leibo Wang)

Senior software engineer, Nvidia

Cloud native architect, open-source enthusiast, technical lead and maintainer of CNCF Volcano, software developer with a decade of experience in diverse domains including cloud native technology, large-scale cluster resource management, batch scheduling, BigData, and AI acceleration... Read More →

Wednesday April 2, 2025 17:00 - 17:30 BST
Level 1 | Hall Entrance S10 | Room A

AI + ML

Content Experience Level Intermediate

17:00 BST

Why Allyship Matters and Your Role in Creating a More Diverse Cloud Native Community - Catherine Paganini, Buoyant; Milad Vafaeifard, Epam Systems; Sandeep Kanabar, Gen; Anastasiia Gubska, BT Group; Rob Koch, Slalom Build

Wednesday April 2, 2025 17:00 - 17:30 BST

Level 1 | Hall Entrance N10 | Room G

Despite many DEI initiatives, diversity in open source is still lacking. That's not only bad for underrepresented groups, it's also bad for OSS (studies have shown time and again that diverse teams produce better outcomes). While there isn't much you can do about the industry's hiring practices, you can help make a difference!

As companies scale back on DEI efforts, community-driven change becomes essential—and that’s where allies come in. Minorities are, by definition, in the minority, and their advocacy alone has limits. Allies have the power to amplify underrepresented voices, raise awareness among peers, and advocate for change. When allies take a stand for inclusivity, accessibility, and ethical responsibility, they hold the power to influence the industry's values and priorities.

Join this panel with CNCF Deaf and Hard of Hearing WG members to learn how you can drive meaningful change and contribute to a more diverse, inclusive, and innovative open-source community.

Speakers

Catherine Paganini

CTO, Buoyant

Catherine Paganini is co-chair of the TAG Contributor Strategy, founder of the Deaf and Hard of Hearing WG and Cloud Native Glossary, and Head of Marketing and Community at Buoyant, the creator of the CNCF graduated service mesh. A marketing leader passionate about open source, Catherine... Read More →

Rob Koch

Principal, Slalom Build

Sandeep Kanabar

Lead Software Engineer, Gen (formerly NortonLifeLock)

Hailing from India, Sandeep is a passionate software engineer working at Gen (formerly NortonLifeLock). A frequent meetup speaker, Sandeep enjoys sharing his lessons learned from 15+ years in the tech space with the community. He's a staunch advocate for diversity and inclusion and... Read More →

Anastasiia Gubska

SRE/DevOps Engineer, BT Group

Anastasiia Gubska, a Deaf CNCF Ambassador and SRE/DevOps Engineer at BT Group, develops and implements best practices for software delivery at the UK-based multinational telecommunications company. Passionate about discovering new communities and embracing diverse cultures, Anastasiia... Read More →

Milad Vafaeifard

Lead Software Engineer, Epam Systems

Milad Vafaeifard, a Lead Software Engineer at EPAM Systems, has 9+ years of web design and development expertise. Deaf but undeterred, he is the creative force behind Sign Language Tecn YouTube channel focused on tech content for the signing tech community. Deeply committed to creating... Read More →

Wednesday April 2, 2025 17:00 - 17:30 BST
Level 1 | Hall Entrance N10 | Room G

Cloud Native Experience

Content Experience Level Any

17:00 BST

Learning Kubernetes Through the Lens of Metrics - Priyanka Saggu, SUSE & Mario Jason Braganza, Janusworx

Wednesday April 2, 2025 17:00 - 17:30 BST

Level 1 | Hall Entrance N10 | Room F

Metrics are often seen as tools for monitoring CPU, memory, or I/O—but Kubernetes metrics offer so much more. They provide a window into your cluster’s inner workings.

Did you know Kubernetes metrics can tell you which (alpha, beta, stable) features are enabled in your cluster? Or reveal how many pods a kubelet is running, how many are waiting to be scheduled, or how much byte space container logs are consuming? They can even track mirror pods, live goroutines, or the latest etcd compaction revision. These seemingly small data points hold huge insights—and that’s just scratching the surface.

In this talk, Priyanka and Jason will explore Kubernetes metrics, their different types, and how to use them for actionable insights. You'll also learn how to add custom metrics to Kubernetes components.

Whether you’re a beginner or a seasoned contributor, this session will transform how you understand Kubernetes metrics.

Join us to see Kubernetes through a new lens—metrics! 📈🔍

Speakers

Priyanka Saggu

Kubernetes GitHub Admin, SIG Contribex Technical Lead, 1.31 Emeritus Advisor, 1.29 Release Lead, SUSE

Priyanka Saggu is a Kubernetes Engineer at SUSE, and has made significant contributions to Kubernetes project via Release, ContribEx, Testing and CLI SIGs. She's the Emeritus Advisor for Kubernetes 1.31 release cycle, Release Lead for Kubernetes 1.29, Kubernetes GitHub Admin, and... Read More →

Mario Jason Braganza

Kubernetes New Org Membership Coordinator – SIG Contributer Experience, Janusworx

Jason Braganza is an IT consultant with 20+ years of experience in designing solutions for SMBs. Passionate about FOSS, he mentors youth in Linux, communication, and blogging through the Linux Users' Group of Durgapur.A recipient of the Kubernetes Contributor award 2024, Jason serves... Read More →

Wednesday April 2, 2025 17:00 - 17:30 BST
Level 1 | Hall Entrance N10 | Room F

Cloud Native Novice

Content Experience Level Any

17:00 BST

Uncharted Waters: Dynamic Resource Allocation for Networking - Miguel Duarte Barroso, Red Hat & Lionel Jouin, Ericsson Software Technology

Wednesday April 2, 2025 17:00 - 17:30 BST

Level 0 | ICC Capital Hall | Room 1

In last year’s naval engagement, the multi-network fleet launched a bold assault on Kubernetes SIG-Network’s defenses, led by the flagship proposal, the USS Pod Spec Modification. But under heavy fire from SIG-Network’s coastal batteries, the mission was repelled, leaving both sides to regroup and rethink their strategies.

Now, as the fog of war clears, the fleet has charted a new course. Instead of another frontal assault on the Pod spec stronghold, the focus shifts to the versatile and Kubernetes-native waters of Dynamic Resource Allocation (DRA). This tactical pivot could outflank SIG-Network’s defenses, introducing the DRA CNI Driver and a new era for Kubernetes networking.

Join us to explore how DRA reshapes networking in Kubernetes, what it means for your clusters, and how you can help steer this upstream effort. From strategy to implementation, we’ll unpack what’s next in the ongoing naval battle of Kubernetes networking.

Speakers

Miguel Duarte Barroso

Principal Software Engineer, Red Hat

Miguel is a Principal Software Engineer for Openshift Virtualization at Red Hat.His main interests are SDN / NFV, functional programming, containers, and virtualization.Miguel is a member of the Network Plumbing Working Group, a maintainer of several CNI plugins (whereabouts, macvtap... Read More →

Lionel Joiun

Software Engineer, Ericsson Software Technology

Lionel Jouin is a Software Engineer at Ericsson Software Technology, based in Stockholm, Sweden. He actively contributes to Kubernetes with a focus on bringing native support for secondary networks and its ecosystem including services and policies…. His contributions span SIG Network... Read More →

Wednesday April 2, 2025 17:00 - 17:30 BST
Level 0 | ICC Capital Hall | Room 1

Connectivity

Content Experience Level Intermediate

17:00 BST

Kubernetes Backup Legitimized: CSI Changed Block Tracking Has Arrived - Mark Lavi, Carl Braganza & Prasad Ghangal, Veeam; Xing Yang, VMware by Broadcom

Wednesday April 2, 2025 17:00 - 17:30 BST

Level 1 | Hall Entrance S10 | Room D

Kubernetes storage is compared to traditional facilities for backup, disaster recovery, cyber-resilience against ransomware, and audit compliance. To meet the fastest recovery point operation and return to production objectives, one critical area has been missing: Changed Block Tracking (CBT). Since 2018, Kubernetes has deprecated "in-tree" storage drivers in favor of Container Storage Interface (CSI) specification for industry wide collaboration and standardization. CBT radically improves backup efficiency and to meet business needs, proprietary storage drivers were required. For over two years, the Kubernetes Data Protection Working Group has worked to bring CBT to the CSI specification and Kubernetes API. Join us to learn how cloud native storage backup and disaster recovery can finally compete with traditional infrastructure, progress made with storage and backup vendors and projects, and the architecture, security, testing, and scalability of Kubernetes CSI CBT.

Speakers

Xing Yang

Tech Lead, VMware by Broadcom

Xing Yang is a Tech Lead in the Cloud Native Storage team at VMware by Broadcom. She is a co-chair of CNCF Storage TAG, a co-chair of the Kubernetes Storage SIG, a co-chair of the Data Protection WG, and a maintainer in Kubernetes CSI. Before joining VMware, Xing was the Lead Architect... Read More →

Mark Lavi

Principal Cloud Native Product Manager, Veeam Software

Mark was an early web developer, administrator, and advocate at Netscape, Silicon Graphics, CNN, and News Corp., spending over 20 years in Silicon Valley with numerous start-ups across engineering, IT, and marketing. As a Cloud Native Product Manager at Veeam, Mark drives Kubernetes... Read More →

Carl Braganza

Software Engineer, Veeam

I've worked in the data storage and protection space for most of my career, most recently on Kasten by Veeam, a Kubernetes backup product. I'm a member of the Kubernetes SIG-Storage Data Protection Working Group and have co-authored the Changed Block Tracking KEP and its associated... Read More →

Prasad Ghangal

Member of Technical Staff, Veeam

Prasad works as an MTS at Kasten by Veeam (kasten.io). His main areas of interest are Kubernetes, distributed systems, and Open source. He likes to create and talk about dev tools. He is the creator of an open-source tool BotKube (botkube.io) and a contributor to the Changed Block... Read More →

Wednesday April 2, 2025 17:00 - 17:30 BST
Level 1 | Hall Entrance S10 | Room D

Data Processing + Storage

Content Experience Level Advanced

17:00 BST

How To Gateway With Ingress - 140 Days InGate - Marco Ebert, Giant Swarm & James Strong, Isovalent at Cisco

Wednesday April 2, 2025 17:00 - 17:30 BST

Level 3 | ICC Capital Suite 14-16

It still seems like yesterday when we announced this new project for a Gateway API implementation based on NGINX at KubeCon NA 2024.

Now, around 4.5 months later, we'd like to check in with you on what we've built so far, the features we're glad to support, the challenges we've faced and continue to face, and the exciting times and tasks that still await us.

We'd love for you to stop by and join us on our wonderful journey to a new Gateway API implementation!

Speakers

James Strong

solution architect, isovalent at cisco

James has been working in the cloud for 7 years. He helped build a private cloud at GE Appliances and developed and supported REST API's in AWS on docker. Recently he has passed the CNCF's CKA exam and helps companies migrate their applications to Kubernetes.

Marco Ebert

Site Reliability Engineer, Giant Swarm

I'm Marco - working in Open Source for more than a decade, with Kubernetes since 2016 and as a maintainer of Ingress NGINX since 2023! As an SRE, I'm always interested in infrastructure & networking and love learning new stuff while troubleshooting complex platforms. After work... Read More →

Wednesday April 2, 2025 17:00 - 17:30 BST
Level 3 | ICC Capital Suite 14-16

Maintainer Track, Network

17:00 BST

Jaeger V2: OpenTelemetry at the Core of Modern Distributed Tracing - Jonah Kowall, Paessler & Pavol Loffay, Red Hat

Wednesday April 2, 2025 17:00 - 17:30 BST

Level 3 | ICC Capital Suite 10-12

Discover Jaeger v2, where OpenTelemetry is now fundamentally integrated into the project's core architecture. This session explores how OpenTelemetry has become the central framework driving Jaeger's capabilities, transforming distributed tracing and observability. We'll highlight the key architectural advances and the project's evolution, focusing on how embedding OpenTelemetry at the core enables more powerful, standardized tracing across diverse system environments. Attendees will learn about the fully integrated Helm chart and Kubernetes operator, simplifying observability workflows. The presentation concludes by discussing the project's forward-looking roadmap and opportunities for community involvement through LFX and Google Summer of Code programs.

Speakers

Jonah Kowall

SVP Product and Design, Paessler

Jonah Kowall, computer scientist and open-source contributor to OpenSearch, Jaeger, OpenTelemetry. A technical leader across startups to large enterprises specialized in operations, security, and performance. Led Gartner research on monitoring. Product leadership at AppDynamics, Cisco... Read More →

Pavol Loffay

Principal software engineer, Red Hat

Pavol Loffay is a principal software engineer at Red Hat working on open-source observability technology for modern cloud-native applications. Pavol contributes and maintains Cloud Native Computing Foundation (CNCF) projects OpenTelemetry and Jaeger. In his free time, Pavol likes... Read More →

Wednesday April 2, 2025 17:00 - 17:30 BST
Level 3 | ICC Capital Suite 10-12

Maintainer Track, Jaeger

17:00 BST

Leveraging the Little Known Features of Artifact Hub - Matt Farina, SUSE

Wednesday April 2, 2025 17:00 - 17:30 BST

Level 3 | ICC Capital Suite 7-9

Artifact Hub has numerous special features that sit right below the surface. Did you know that Artifact Hub can notify you when an artifact has a new release? Did you know that artifacts can expose special metadata to Artifact Hub that can be used to show more rich information? These are just a taste of some of the more interesting things about Artifact Hub.

In this session you'll learn about the parts of Artifact Hub that sit below the surface. Those extras you might want to take advantage of in your own use, from delivering artifacts to finding and keeping up with the ones you use.

Speakers

Matt Farina

Distinguished Engineer, SUSE

Matt works as a Distinguished Engineer at SUSE as the chief architect of the Rancher team, focusing on cloud native technologies. He is also a maintainer on Helm and Artifact Hub. Matt is an author, speaker, and regular contributor to open source.

Wednesday April 2, 2025 17:00 - 17:30 BST
Level 3 | ICC Capital Suite 7-9

Maintainer Track, ArtifactHub

17:00 BST

An Exemplary Path: Leveraging EBPFs and OpenTelemetry To Auto-instrument for Exemplars - Charlie Le & Kruthika Prasanna Simha, Apple

Wednesday April 2, 2025 17:00 - 17:30 BST

Level 1 | Hall Entrance N10 | Room E

Have you already adopted eBPF to unlock powerful, dynamic observability at the kernel level? Are you looking to take the next step by integrating exemplars seamlessly into your observability workflows? If so, you’ve likely encountered the challenge of manually instrumenting applications for exemplar support—an approach that’s often tedious, error-prone, and difficult to maintain. But what if you could leverage your existing eBPF setup to automate exemplar creation for your applications without touching your application code?

eBPF's in-kernel aggregation capabilities, paired with OpenTelemetry's flexible observability framework, enable automatic generation of exemplars. We’ll dive into how eBPF dynamically collects metrics and traces, processes them at the source, and works with OpenTelemetry to correlate kernel-level and application-level observability—all with minimal overhead and maximum convenience.

Speakers

Charlie Le

Software Engineer, Apple

Charlie is a software engineer at Apple, specializing in building and scaling cloud native observability solutions and infrastructure. Deeply inspired by the collaborative spirit of open source, he actively contributes to projects like Cortex and OpenTelemetry, shaping the future... Read More →

Kruthika Prasanna Simha

Machine Learning Engineer, Apple

Wednesday April 2, 2025 17:00 - 17:30 BST
Level 1 | Hall Entrance N10 | Room E

Observability

Content Experience Level Intermediate

17:00 BST

The Next Generation of DaemonSet Autoscaling - Adam Bernot, Google Cloud & Bryan Boreham, Grafana Labs

Wednesday April 2, 2025 17:00 - 17:30 BST

Level 1 | Hall Entrance S10 | Room C

Imagine you have small 4-core nodes and larger 64-core nodes in the same cluster, and a DaemonSet that does much more work on the larger nodes. How do you set resource requests and limits appropriately?

Managing resources for workloads deployed as a DaemonSet in Kubernetes can be challenging when load is not evenly distributed across nodes. Static allocation can cause over/under-utilization and scheduling issues. VPA helps, but currently assumes uniform load across all pods, which is a bad assumption for certain types of workloads.

We will discuss our case studies, why this feature will be useful, how our prototype implements per-pod VPA for DaemonSets to improve resource efficiency, stability, and eliminate the need for manual tuning. This is your chance to learn about this upcoming feature and connect with the people who are implementing it!

Speakers

Bryan Boreham

Distinguished Engineer, Grafana Labs

Bryan Boreham is a Distinguished Engineer at Grafana Labs, working on highly scalable storage for metrics, logs and traces. Bryan's career has ranged from charting pie sales at a bakery to real-time pricing of billion-dollar bond trades. A contributor to many Open Source projects... Read More →

Adam Bernot

Software Engineer, Google Cloud

Adam Bernot is a software engineer and Kubernetes enthusiast who works on scaling the Google Cloud Managed Service for Prometheus.

Wednesday April 2, 2025 17:00 - 17:30 BST
Level 1 | Hall Entrance S10 | Room C

Operations + Performance

Content Experience Level Intermediate

17:00 BST

Platform Engineering for Software Developers and Architects (Redux) - Daniel Bryant, Syntasso

Wednesday April 2, 2025 17:00 - 17:30 BST

Level 0 | ICC Capital Hall | Room 2

Building on my KubeCon EU 2022 talk, "From Kubernetes to PaaS to... err, what's next," I aim to introduce platform engineering to the software developer and architect communities.

My primary goal is for developers to understand "what good looks like" with a successful platform build and help them understand how a platform can influence the SDLC (for better or worse!)

Key takeaways from the session:
- Explore how platform architecture influences software architecture and vice versa
- Learn why the principles of coupling and cohesion apply to platform components (and configuration) in the same way as they do with software components
- Understand what to expect from an effective platform, including how applications are built, shipped, and run
- Learn about key platform metrics grounded in developer experience frameworks such as DORA, SPACE, and DevEx

Speakers

Daniel Bryant

Platform Engineer and Head of Product Marketing, Syntasso

Daniel Bryant is a platform engineer and the Head of Product Marketing at Syntasso. Daniel is a long-time coder, platform engineer, and Java Champion, and he contributes to several open source projects. He also writes for InfoQ, O’Reilly, and The New Stack, and regularly presents... Read More →

Wednesday April 2, 2025 17:00 - 17:30 BST
Level 0 | ICC Capital Hall | Room 2

Platform Engineering

Content Experience Level Any

17:00 BST

The Explorer's Guide To Cloud Native GenAI Platform Engineering - Max Körbächer, Liquid Reply & Alexa Griffith, Bloomberg

Wednesday April 2, 2025 17:00 - 17:30 BST

Level 1 | Hall Entrance S10 | Room B

The rapid evolution of generative AI has introduced a complex ecosystem of tools, but many conversations focus narrowly on isolated features and solutions. This can leave engineers wondering: What does a complete, functional GenAI platform actually look like?

This talk provides a practical roadmap for building generative AI infrastructure from the ground up. We’ll guide you through three key phases starting with a Thinnest Viable Platform (TVP), demonstrating the minimal setup needed for LLM inference on Kubernetes. Moving to MVP, we'll explore essential platform components: LLM gateways, vector databases, and KServe deployments. Finally, we'll dive into advanced platform features: intelligent load balancing for LLMs, observability patterns, and performance optimization techniques.

This session is more than a showcase of tools — it’s a roadmap for navigating the AI platform landscape. Join us for practical insights and lessons learned from real-world GenAI platform engineering.

Speakers

Alexa Nicole Griffith

Senior Software Engineer, Bloomberg LP

Max Körbächer

Technology Advisor & Managing Director, Liquid Reply

Max is Founder and Cloud Native Advisor at Liquid Reply based in Munich. His focus is on building cloud-native solutions on/with Kubernetes and platform engineering to simplify the current challenges of complex target environments. He is Co-Chair of the CNCF Environmental Sustainability... Read More →

Wednesday April 2, 2025 17:00 - 17:30 BST
Level 1 | Hall Entrance S10 | Room B

Platform Engineering

Content Experience Level Beginner

17:45 BST

More Nodes, More Problems: Solving Multi-Host GPU/TPU Scheduling With Dynamic Resource Allocation - John Belamaric & Yash Sonthalia, Google

Wednesday April 2, 2025 17:45 - 18:15 BST

Level 1 | Hall Entrance S10 | Room A

Big training jobs and muti-host inference need a lot of nodes and accelerators. More nodes and accelerators mean more chances for failures. How can we be sure to have enough working GPUs for our job? How can we utilize the healthy portions of a 16x16 TPU cluster if one node fails? Simple node labels won’t cut it.

DRA is beta in Kubernetes 1.32. Usually, it’s used for managing individual devices on a node. But did you know that DRA supports modeling resources that are accessible across many nodes? This powerful abstraction can model clusters of nodes and devices. Combining it with the alpha partitionable device model in 1.33, we can correctly model complex multi-host, multi-accelerator topologies, and schedule workloads to them as a unit! This is a real game changer for AI/ML workloads on K8s.

Come learn about these current and upcoming technologies, and how the K8s community is applying them to massive compute clusters like the NVIDIA GB200 and ultra powerful multi-host TPU slices.

Speakers

John Belamaric

Senior Staff Software Engineer, Google

Yash Sonthalia

Google, Staff Software Engineer, Google

7 years of experience working as a software engineer in Google. Tech Lead for TPUs/GPUs in GKE AI.

Wednesday April 2, 2025 17:45 - 18:15 BST
Level 1 | Hall Entrance S10 | Room A

AI + ML

Content Experience Level Intermediate

17:45 BST

Kubernetes CRD Design for the Long Haul: Tips, Tricks, and Lessons Learned - Christian Schlotter, Broadcom & Fabrizio Pandini, VMware by Broadcom

Wednesday April 2, 2025 17:45 - 18:15 BST

Level 1 | Hall Entrance N11

Custom Resource Definitions (CRDs) are the present and future of Kubernetes, serving as the bridge between Kubernetes and your own applications, processes, and tooling.

However, as we’ve all learned the hard way, designing and evolving a good CRD is not as simple as it seems.

Join this talk to discover tips, tricks and lessons learned for designing CRDs that can support your cloud native journey for the next 10 years.

Let’s embark on this journey together to shed light on the intricacies of CRD design and implementation, so we can transform arcane CRDs into simple, consistent API types that everyone can comfortably work with.

Speakers

Christian Schlotter

Software Engineer, Broadcom

Christian is a Software Engineer at Broadcom. He is an active maintainer at the Cluster API and Cluster API Provider vSphere projects of SIG Cluster Lifecycle as well as emeritus maintainer of the Cluster API Provider OpenStack project. Since messing up his fathers internet dial-up... Read More →

Fabrizio Pandini

Software Engineer, VMware by Broadcom

A Kubernetes contributor obsessed with making Kubernetes lifecycle simple and consistent across all types of infrastructures, so everyone can build amazing applications on top of it. When I’m not busy as a SIG Cluster Lifecycle tech lead or as a project maintainer in Cluster API... Read More →

Wednesday April 2, 2025 17:45 - 18:15 BST
Level 1 | Hall Entrance N11

Application Development

Content Experience Level Advanced

17:45 BST

Museum of Weird Bugs: Our Favorites From 8 Years of Service Mesh Debugging - Alex Leong, Buoyant

Wednesday April 2, 2025 17:45 - 18:15 BST

Level 1 | Hall Entrance N10 | Room G

Over the past 8 years we've fixed a lot of bugs in Linkerd. Many of these were straightforward, but some of them manifested in strange ways, or only showed up in unique situations, or otherwise surprised us. Some of them were just plain funny. In this talk we run through a couple of our favorites: the most interesting, weird, and memorable bugs we've found and fixed Linkerd. We describe how they originally manifested (usually in someone else's production system), how we went about tackling them (often by educating the reporter on how to construct a useful bug report), and the sometimes long and windy path to finally fixing them.

Speakers

Alex Leong

Software Engineer, Buoyant

Alex is a software engineer at Buoyant and core maintainer of Linkerd, the open source service mesh for cloud native applications. Prior to Buoyant, she worked at Twitter on core API infrastructure. She enjoys roller derby, woodworking, and type safety.

Wednesday April 2, 2025 17:45 - 18:15 BST
Level 1 | Hall Entrance N10 | Room G

Cloud Native Experience

Content Experience Level Any

17:45 BST

Logs, Metrics, Traces and Mayhem: An Interactive Observability Adventure Game - Jay Clifford & Tom Glenn, Grafana Labs

Wednesday April 2, 2025 17:45 - 18:15 BST

Level 1 | Hall Entrance N10 | Room F

Have you ever wanted to play an actual game on your observability stack? Well, you can. Not only does Doom run on Grafana, we also built an actual text-based adventure game.

Join us to play a real text-based Observability adventure game! Armed with the tools of the trade—metrics, logs, and traces—you’ll learn to navigate the labyrinth of debugging and optimization, rescuing your application from the clutches of the dark wizard!

In this interactive session, we will dive into a game played live to showcase how each telemetry type is used to solve real-world Observability challenges. As players encounter obstacles, they’ll wield the power of OpenTelemetry to gather critical data and use OSS tools like Grafana, Loki, Tempo, and Prometheus to make informed decisions.

Whether you’re an observability novice or a seasoned engineer, this talk will level up your debugging skills and showcase how to gamify observability training for your team. So, gear up, adventurer—your quest awaits!

Speakers

Jay Clifford

Senior Developer Advocate, Grafana Labs

Jay Clifford is a Developer Advocate at Grafana Labs, specializing in Loki. Jay leads the Interactive Sandbox Initiative, designed to enhance Grafana's documentation and provide hands-on learning experiences within the observability space. Previously, Jay worked as a Developer Advocate... Read More →

Tom Glenn

Senior Developer Advocate, Grafana Labs

Tom is a software engineer, developer advocate, and game developer with 17 years of experience. He specializes in full-stack software development, backend game systems, and game development in Unity, Unreal Engine, and Godot. At Grafana Labs, Tom improves the developer experience... Read More →

Wednesday April 2, 2025 17:45 - 18:15 BST
Level 1 | Hall Entrance N10 | Room F

Cloud Native Novice

Content Experience Level Beginner

17:45 BST

Making the Leap: What Gateway API Needs To Support Ingress-NGINX Users - Rob Scott, Google & James Strong, Isovalent at Cisco

Wednesday April 2, 2025 17:45 - 18:15 BST

Level 0 | ICC Capital Hall | Room 1

Ingress-NGINX has been the cornerstone of Kubernetes Ingress for years. As the maintainers transition to a new Gateway API-focused implementation, we face a critical question - how can we provide a seamless migration to Gateway API? What about the Ingress-NGINX features that Gateway API doesn’t support yet? To ensure a smooth transition to Gateway API, the ecosystem must address these gaps - and your input is essential.

In this talk, Rob and James will explore the critical challenges of migrating from Ingress to Gateway. They’ll highlight commonly used Ingress-NGINX features that are not yet supported in Gateway API and discuss how the community can drive the evolution of Gateway API to meet the needs of Ingress-NGINX users.

This session will provide insights into what’s needed to make Gateway API a true successor for Ingress-NGINX users, focusing on collaboration and feedback. Join us in shaping the future of ingress networking in Kubernetes.

Speakers

James Strong

solution architect, isovalent at cisco

Rob Scott

Staff Software Engineer, Google

Rob is an open source enthusiast currently working on Kubernetes Networking at Google. He's been a maintainer of Gateway API since the very early days of the project and led the development of other Kubernetes networking APIs like EndpointSlices.

Wednesday April 2, 2025 17:45 - 18:15 BST
Level 0 | ICC Capital Hall | Room 1

Connectivity

Content Experience Level Intermediate

17:45 BST

Flink on Karmada: Building Resilient Data Pipelines on Multi-Cluster K8s - Michas Szacillo, Bloomberg & Hongcai Ren, Huawei

Wednesday April 2, 2025 17:45 - 18:15 BST

Level 1 | Hall Entrance S10 | Room D

Karmada is an increasingly popular open source tool for deploying and managing cloud-native applications across Kubernetes clusters. It can also be used to boost workload resiliency with its existing failover support. But what happens if we need to conserve state?

Within the context of data processing (e.g., Apache Flink or Apache Spark), the state is often critical to making sure workloads are able to gracefully resume in the event of a disruption. In collaboration with the Karmada community, the Bloomberg Streaming Analytics team has worked to bridge this gap in Karmada’s existing failover features.

During this talk, we’ll use a real-life Flink on Karmada use case to discuss:
- The complexities related to intelligently scheduling stateful workloads, improving resiliency, and ensuring state consistency during failover on multi-cluster K8s
- The open source enhancements to Karmada to manage these challenges
- How to leverage Karmada to support other stateful use cases!

Speakers

Michas Szacillo

Tech Lead, Bloomberg

Michas is a senior software engineer and tech lead on Bloomberg’s Streaming Analytics engineering team. The platform, which is running on Kubernetes, serves as the foundation for many of Bloomberg's data streaming use cases. Michas is also a frequent collaborator to the CNCF community... Read More →

Hongcai Ren

Senior Software Engineer, Huawei

Hongcai Ren(@RainbowMango) is the CNCF Ambassador, who has been working on Kubernetes and other CNCF projects since 2019, and is the maintainer of the Kubernetes and Karmada projects.

Wednesday April 2, 2025 17:45 - 18:15 BST
Level 1 | Hall Entrance S10 | Room D

Data Processing + Storage

Content Experience Level Intermediate

17:45 BST

Attesting and Verifying Your Software Supply-Chain With In-toto - Alan Chung Ma, Keytos & Justin Cappos, New York University

Wednesday April 2, 2025 17:45 - 18:15 BST

Level 3 | ICC Capital Suite 7-9

in-toto is a framework that allows users to protect their software supply chain. The framework achieves this by providing two key capabilities: cryptographically attesting steps along the supply chain and enforcing policies that govern the relationships between the attestations.

This talk aims to introduce new users to in-toto and provide a brief overview of the progress made by all the subprojects and working groups.

Speakers

Justin Cappos

Professor, New York University

I am a professor at NYU who has been working on software supply chain security for more than 20 years. I am a maintainer / creator of the TUF, Uptane, and in-toto projects, which are all under the LF.

Alan Chung Ma

Software Engineer, Keytos

Alan is passionate about open software and has contributed to software supply chain security projects such as in-toto and sigstore. He is a software engineer at Keytos and graduated from Purdue University with a degree in Computer Engineering.

Wednesday April 2, 2025 17:45 - 18:15 BST
Level 3 | ICC Capital Suite 7-9

Maintainer Track, in-toto

17:45 BST

Beyond CloudEvents: Endpoints, Messages, Schemas – CNCF XRegistry - Manuel Ottlik, HDI Global SE & Clemens Vasters, Microsoft Corporation

Wednesday April 2, 2025 17:45 - 18:15 BST

Level 3 | ICC Capital Suite 10-12

The CNCF xRegistry project is an offspring of the graduated CNCF CloudEvents project, motivated by the need to formally declare which events can be raised by services and which are available to handle. This session provides an overview of the xRegistry metadata model, its API and the mirroring document format, dives into reference implementations, explains its use in products, and shows you how you can leverage xRegistry to build robust and type-safe event pipelines.

Speakers

Manuel Ottlik

Manuel Ottlik, HDI Global SE

Manuel is the Product Owner of the Global Integration Platform at HDI Global SE. After he graduated in business computer science and applied computer science, he joined the financial industry in API management and eventually moved to HDI Global SE to merge a service bus, API management... Read More →

Clemens Vasters

Principal Architect, Microsoft Corporation

Clemens Vasters is Lead Architect in Microsoft’s Azure Messaging team that builds and operates a fleet of hyper-scale messaging services, including Event Grid, Service Bus, Event Hubs, Stream Analytics and Microsoft Fabric Eventstreams. Clemens represents Microsoft in messaging... Read More →

Wednesday April 2, 2025 17:45 - 18:15 BST
Level 3 | ICC Capital Suite 10-12

Maintainer Track, Cloudevents, xRegistry

17:45 BST

Buildpacks: Pragmatic Solutions To Quick and Secure Image Builds - Juan Bustamante, DBAccess & Aidan Delaney, Bloomberg

Wednesday April 2, 2025 17:45 - 18:15 BST

Level 3 | ICC Capital Suite 14-16

Buildpacks streamline the process of building, deploying, and managing applications by automating the creation of container images from source code. Their key objectives include detecting application dependencies, configuring runtime environments, and ensuring consistent builds across different platforms. By abstracting away complex infrastructure details, buildpacks enable faster deployments, enhance developer productivity, and ensure better security through standardized and reproducible workflows.

Speakers

Aidan Delaney

Bloomberg

Aidan is a Buildpacks.io maintainer and currently works in Bloomberg's Data License team.

Juan Bustamante

Computer Science Engineer, DBAccess

I joined Cloud Native Buildpacks in 2021, an open-source project that transforms the application source code into OCI images that can run on any cloud.I’ve been contributing to several features and bug fixes, but recently, I helped with the effort to improve the multi-architecture... Read More →

Wednesday April 2, 2025 17:45 - 18:15 BST
Level 3 | ICC Capital Suite 14-16

Maintainer Track, Buildpacks

17:45 BST

How Green Is My OpenTelemetry Collector? - Nancy Chauhan, Student & Adriana Villela, Dynatrace

Wednesday April 2, 2025 17:45 - 18:15 BST

Level 1 | Hall Entrance N10 | Room E

We live in a world heavily dependent on technology, and this comes at an environmental cost. For example, data centres consume 2% of global power. As our systems become more complex, that power consumption will only increase. We strive to understand our systems through Observability, and yet the very telemetry that our systems emit and is ingested by our favorite Observability backends contributes to an increasing global tech carbon footprint.

How can we mitigate this? One way is via the Kepler project. The Kepler Exporter exposes statistics, including power consumption metrics, from an application running in a Kubernetes (k8s) cluster.

In this talk, attendees will learn about:
- Kepler - what is is and what it does
- How to deploy Kepler
- Demo showing Kepler tweaking the power consumption of OTel Collectors in k8s

Attendees will walk away with an understanding of how to deploy greener Collectors, thereby reducing power consumption and costs.

Speakers

Adriana Villela

Principal Developer Advocate, Dynatrace

Adriana Villela is a Principal Developer Advocate, helping companies achieve reliability greatness through Observability, SRE, & DevOps practices. Previously, she managed a Platform Engineering team & an Observability Practices team at Tucows. Adriana has worked at various large-scale... Read More →

Nancy Chauhan

Student, Cornell University

I like hacking through software engineering problems. I have been developing solutions for software reliability and also like to break complicated concepts into easier tech content (blogs and videos).I have also worked in Dev Advocacy, amid the crossover of two things I like the most... Read More →

Wednesday April 2, 2025 17:45 - 18:15 BST
Level 1 | Hall Entrance N10 | Room E

Observability

Content Experience Level Intermediate

17:45 BST

Scaling Shopify's Search: Enhancing Elasticsearch Resilience With Kubernetes and KEDA - Leila Vayghan, Shopify

Wednesday April 2, 2025 17:45 - 18:15 BST

Level 1 | Hall Entrance S10 | Room C

Millions of merchants across the globe use Shopify to sell their products. The cornerstone of this commerce platform is the search infrastructure, which hosts more than two petabytes of data, providing search for millions of users.
This session explains how Shopify improved their search infrastructure resiliency while increasing write performance for Elasticsearch clusters. This was done by isolating production writes from bursts of maintenance writes that degraded search availability for all users. This approach leverages Kubernetes native mechanisms to host production workloads on isolated Google Cloud nodepools protecting them from the heavy writes that are sent to autoscalable nodepools that are dedicated for maintenance tasks. Using Kubernetes based Event Driven Autoscaling (KEDA), an autoscaler that responds to events such as bursts of writes, allowed maintenance nodepools to scale only when needed. Using KEDA saved 40% in costs and improved production write performance by 65%.

Speakers

Leila Vayghan

Senior Site Reliability Engineer, Shopify

Leila is a site reliability engineer at Shopify, where she supports millions of merchants to grow by designing and building a reliable infrastructure. Leila has completed her master’s degree on the availability of stateful applications running on Kubernetes and has presented her... Read More →

Wednesday April 2, 2025 17:45 - 18:15 BST
Level 1 | Hall Entrance S10 | Room C

Operations + Performance

Content Experience Level Any

17:45 BST

Scale Smarter Not Harder: How Extending Cluster Autoscaler Saves Millions - Rahul Rangith & Ben Hinthorne, Datadog

Wednesday April 2, 2025 17:45 - 18:15 BST

Level 0 | ICC Capital Hall | Room 2

“I need 100 instances with 32 CPUs and 128GB of memory each, with remote storage and up to 10GB/s of network bandwidth, and I need them now”! At Datadog, we make scaling requests like this thousands of times a day, across dozens of clusters in multiple cloud providers. At this scale, and with so many machine specifications to choose from, we realized the importance of asking the question: how do I select the best instance type in every environment?
Join us to learn how answering this question with every scale up decision significantly reduces our cloud costs. We’ll discuss the tools we use to score instance types, and strategies to plug these recommendations into the Kubernetes Cluster Autoscaler via its gRPC expander. Whether you’re operating a single cluster or a massive Kubernetes platform, this talk will teach you how to upgrade your infrastructure to make informed instance type selections that minimize your cloud spend.

Speakers

Rahul Rangith

Software Engineer, Datadog

Rahul Rangith has worked at Datadog since 2022 after graduating from the University of Waterloo. He works on Datadog’s Compute team which is responsible for the company’s Kubernetes platform. On the team, he focuses on node management and autoscaling. Rahul is active in the Kubernetes... Read More →

Ben Hinthorne

Software Engineer, Datadog

Ben Hinthorne joined Datadog’s Compute Team in 2021, which is responsible for building and scaling their Kubernetes platform. Recently, he has focused on the autoscaling ecosystem, working to optimize application performance, infrastructure cost, and resiliency through opinionated... Read More →

Wednesday April 2, 2025 17:45 - 18:15 BST
Level 0 | ICC Capital Hall | Room 2

Platform Engineering

Content Experience Level Intermediate

17:45 BST

The API Gateway Maturity Matrix: Where Do You Rank? - Joel Hans, ngrok

Wednesday April 2, 2025 17:45 - 18:15 BST

Level 1 | Hall Entrance S10 | Room B

Every API needs a front door, but many organizations struggle to define what "done" means for their API gateway implementation. Is authentication and rate limiting enough? What about multi-region failover or self-service development environments?

In this talk, we'll build on the CNCF's Cloud Native Maturity Model to create a practical framework for API gateway evolution across five key phases: Build (choosing fundamentals), Operate (implementing CI/CD), Scale (mastering multi-region), Improve (balancing control with velocity), and Adapt (enabling advanced patterns).

Through real-world examples and interactive audience polling, we'll identify where most organizations get stuck and discuss concrete solutions using popular tools. You'll walk away with a clear assessment of your current API gateway maturity and practical tips for implementing critical capabilities like GitOps workflows, nuanced rate limiting, and self-service developer environments.

Speakers

Joel Hans

Senior Developer Educator, ngrok

Joel Hans is a senior developer educator at ngrok. He’s been sharing know-how on infrastructure and networking for more than a decade, with stints in companies doing open source, observability, cloud native tooling, and more. Away from how-to guides and demo apps, you can find him... Read More →

Wednesday April 2, 2025 17:45 - 18:15 BST
Level 1 | Hall Entrance S10 | Room B

Platform Engineering

Content Experience Level Any

17:45 BST

Securing AI Workloads: Building Zero-Trust Architecture for LLM Applications - Rohit Ghumare, Taikun & Joinal Ahmed, NTG

Wednesday April 2, 2025 17:45 - 18:15 BST

Level 0 | ICC Auditorium

As businesses increasingly rely on LLM applications for their important functions, it becomes important to implement strong security measures to protect sensitive information and guarantee smooth operations. This session shows how to build a zero-trust security architecture for AI workloads using cloud native patterns. We'll explore how to implement AI Gateways that have strong authentication and authorization and include audit logging. Keep compliance and governance requirements while you secure model artifacts and implement runtime security and protect against prompt injection attacks.

Speakers

Joinal Ahmed

head of ai, ntg

Joinal is an experienced Data Science professional with a interest on building solutions with quick prototypes, community engagements and influencing technology adoption.

Rohit Ghumare

DevRel As Service, Founder

As a Google Developer Expert specializing in Google Cloud, I am a passionate DevOps Advocate and a dedicated Community Evangelist. I lead and nurture multiple communities across diverse platforms, fostering DevOps and Developer Relations awareness. My commitment to the open-source... Read More →

Wednesday April 2, 2025 17:45 - 18:15 BST
Level 0 | ICC Auditorium

Security

Content Experience Level Intermediate

18:15 BST

🎉 #KubeCrawl + #CloudNativeFest

Keynote: Adventures of Building a Platform as a Service for the Government - Hans Kristian Flaatten, Lead Platform Engineer, Norwegian Labor and Welfare Administration & Audun Fauchald Strand, Principal Software Engineer, NAV

Thursday April 3, 2025 10:10 - 10:25 BST

Level 0 | ICC Auditorium

Who said that Government Tech has to be boring? In Norway the largest administration has been using Kubernetes for over 7 years! StatefulSets had just been introduced (alpha) and RBAC was still in beta. During this time we moved from quarterly releases to thousands of continuous releases each week across our fleet of cloud native applications!

Could we replicate the success we had at NAV for other agencies? Could we provide them with a fully managed platform as a service to let them focus on building new and innovative services for their users and not reinventing the wheel by building yet another platform?

In this session Audun and Hans Kristian will share their experience building and operating one of the largest platforms of its kind in Norway providing a fully fledged application development platform for more than a 100 product teams. And how they set an ambitious goal of being able to provide their platform as a service to other agencies.

Speakers

Audun Fauchald Strand

Principal Software Engineer, and Director of Platforms, NAV

Principal Engineer at NAV. Worked for FINN.no before that. Loves to increase developer speed and make developers happy.

Hans Kristian Flaatten

Lead Platform Engineer, Norwegian Labor and Welfare Administration

CNCF Abassasor, Google Developer Expert (GDE) for Cloud, Grafana Champion and Platform Engineer at the Norwegian Labor and Welfare Administration (NAV) working on NAIS - a platform built to increase development speed by providing the best experience to build, run and operate applications... Read More →

Thursday April 3, 2025 10:10 - 10:25 BST
Level 0 | ICC Auditorium

Keynote Sessions, Platform Engineering

Content Experience Level Any

10:25 BST

Keynote: Closing Remarks

Thursday April 3, 2025 10:25 - 10:30 BST

Level 0 | ICC Auditorium

Thursday April 3, 2025 10:25 - 10:30 BST
Level 0 | ICC Auditorium

Keynote Sessions

10:30 BST

Coffee Break ☕

Thursday April 3, 2025 10:30 - 11:00 BST

Level 1 | Hall Entrances S8 - S9, N8 - N9

Thursday April 3, 2025 10:30 - 11:00 BST
Level 1 | Hall Entrances S8 - S9, N8 - N9

Breaks

10:30 BST

Solutions Showcase

Thursday April 3, 2025 10:30 - 17:00 BST

Level 1 | Hall Entrances S8 - S9, N8 - N9

Thursday April 3, 2025 10:30 - 17:00 BST
Level 1 | Hall Entrances S8 - S9, N8 - N9

Solutions Showcase

11:00 BST

A Practical Guide To Benchmarking AI and GPU Workloads in Kubernetes - Yuan Chen, NVIDIA & Chen Wang, IBM Research

Thursday April 3, 2025 11:00 - 11:30 BST

Level 1 | Hall Entrance S10 | Room B

Effective benchmarking is required to optimize GPU resource efficiency and enhance performance for AI workloads. This talk provides a practical guide on setting up, configuring, and running various GPU and AI workload benchmarks in Kubernetes.

The talk covers benchmarks for a range of use cases, including model serving, model training and GPU stress testing, using tools like NVIDIA Triton Inference Server, fmperf: an open-source tool for benchmarking LLM serving performance, MLPerf: an open benchmark suite to compare the performance of machine learning systems, GPUStressTest, gpu-burn, and cuda benchmark. The talk will also introduce GPU monitoring and load generation tools.

Through step-by-step demonstrations, attendees will gain practical experience using benchmark tools. They will learn how to effectively run benchmarks on GPUs in Kubernetes and leverage existing tools to fine-tune and optimize GPU resource and workload management for improved performance and resource efficiency.

Speakers

Chen Wang

Senior Research Scientist, IBM Research

Chen Wang is a Senior Research Scientist at the IBM T.J. Watson Research Center. Her interests lie in Kubernetes, Container Cloud Resource Management, Cloud Native AI & LLM systems, and applying AI in Cloud system management. She is an open-source advocate, a Kubernetes & CNCF contributor... Read More →

Yuan Chen

Principal Software Enginner, NVIDIA

Yuan Chen is a Principal Software Engineer at Nvidia. Before joining Nvidia, Yuan served as a Staff Software engineer at Apple, where he contributed to the development of Apple's Kubernetes infrastructure beginning in 2019. Yuan has actively contributed to the Kubernetes projects... Read More →

Thursday April 3, 2025 11:00 - 11:30 BST
Level 1 | Hall Entrance S10 | Room B

AI + ML

Content Experience Level Beginner

11:00 BST

A Practical Guide To Cloud Native Solutions: Demonstrating ROI and Business Impact - Danielle Cook, StackGen & Simon Forster, Stackegy

Thursday April 3, 2025 11:00 - 11:30 BST

Level 1 | Hall Entrance N10 | Room H

Navigating the cloud-native landscape can be daunting, especially when deciding whether to buy a commercial solution, invest in open source technologies, plan significant process change, or undertake building platforms. But once you’ve evaluated the technologies, run POCs, and planned out your processes, how do you convince your business to invest? In this practical session, we’ll give real world case studies of companies evaluating technologies and transformation and how they were able to convince “upper management” of the benefits.

We will spend the session going through the different materials and frameworks to create business alignment and even provide templates for calculating ROI, including development and operational efficiency, cost savings, and business agility metrics.

Whether you're a startup or an enterprise, this session will equip you with actionable steps to use when you present cloud native solutions for budget and investment.

Speakers

Simon Forster

Technical Architect and CNCF Ambassador, Stackegy

Simon Forster is a CNCF Ambassador and cloud native technology architect and engineer based in London. Simon has extensive experience working in heavily regulated financial institutions on the design, delivery and security of critical cloud native applications. He has a specific focus... Read More →

Danielle Cook

StackGen, VP

Danielle Cook has worked in the cloud native industry since 2016 helping organizations adopt the technologies that make cloud native enterprise ready. She co-authored and launched the CNCF Cloud Native Maturity Model in 2021, is a co-chair of the CNCF Cartografos Working Group and... Read More →

Thursday April 3, 2025 11:00 - 11:30 BST
Level 1 | Hall Entrance N10 | Room H

Cloud Native Experience

Content Experience Level Any

11:00 BST

Debugging Envoy Tunnels: A Deep Dive - Carlos Sanchez & Alexandra Stoica, Adobe

Thursday April 3, 2025 11:00 - 11:30 BST

Level 1 | Hall Entrance N10 | Room E

Envoy is a powerful proxy for modern microservices architectures that can securely connect services using encryption and mutual authentication with certificates. However, when Envoy tunnels don't work as expected, troubleshooting can become a complex and time-consuming task.

At Adobe, we use Envoy to connect pods running in Kubernetes with customer-dedicated infrastructure, such as on-premise services and databases. This setup allows different pods to have their own dedicated egress IP, or to connect from pods to multiple customer on-premise services using VPN. This relies heavily on Envoy tunnels and mTLS, and we've encountered numerous situations where things can and do go wrong.

Join us as we challenge you through a series of interactive demos to solve various cases of tunnel failures. Are you ready to crack the case and become an Envoy troubleshooting expert?

Speakers

Carlos Sanchez

Principal Scientist, Adobe

Carlos Sanchez is a Principal Scientist at Adobe Experience Manager, specializing in software automation, from build tools to Continuous Delivery and Progressive Delivery. Involved in Open Source for over 20 years, he is the author of the Jenkins Kubernetes plugin and a member of... Read More →

Alexandra Stoica

Site Reliability Engineer, Adobe

Alexandra Stoica is a Site Reliability Engineer at Adobe, specializing in cloud infrastructure, automation, and continuous delivery. With extensive experience in building and maintaining Kubernetes Operators, Alexandra has developed tools to automate networking infrastructure provisioning... Read More →

Thursday April 3, 2025 11:00 - 11:30 BST
Level 1 | Hall Entrance N10 | Room E

Connectivity

Content Experience Level Intermediate

11:00 BST

A Cloud Native Workflow for Hardware-in-the-Loop Software Development - Miguel Angel Ajo, Red Hat

Thursday April 3, 2025 11:00 - 11:30 BST

Level 1 | Hall Entrance S10 | Room D

Does your organization build firmware for hardware devices on Kubernetes? Do you still test firmware on hardware manually? Jumpstarter, an open-source project started by Red Hat, connects your software factory to your hardware, modernizing embedded software development. Developed in collaboration with a leading automotive manufacturer, Jumpstarter bridges the gap between embedded and cloud-native workflows.

This session demonstrates how to automate software testing on physical devices within Kubernetes using Tekton Pipelines and GitLab, leasing devices for tasks like flashing firmware, booting, and interfacing through serial, CAN bus, audio, and video. Eclipse Che will also be showcased for developing and debugging tests.

The presentation will include a live demo and will share deployment instructions, workflow examples, and real-world use cases from Red Hat and other community projects.

Speakers

Miguel Angel Ajo Pelayo

Senior Principal Software Engineer, Red Hat

Miguel has been an upstream contributor to open-source projects throughout his career at Red Hat. He has always been interested in hardware and the low-level details of how technology works. Before joining Red Hat, he ran a small consulting startup that developed embedded systems... Read More →

Thursday April 3, 2025 11:00 - 11:30 BST
Level 1 | Hall Entrance S10 | Room D

Emerging + Advanced

Content Experience Level Intermediate

11:00 BST

Expanding the Contributor Pipeline Through Inclusion - Khallai Taylor, E.ON Digital Technology; Sandeep Kanabar, Gen; Stéphane Este-Gracias, ITQ; Nancy Chauhan, Independent

Thursday April 3, 2025 11:00 - 11:30 BST

Level 3 | ICC Capital Suite 7-9

The growing demand for maintainers and contributors to sustain and evolve projects is an ongoing challenge. Yet, an untapped talent source—individuals from underrepresented groups—is often overlooked. Systemic barriers and a lack of inclusive practices most project members may not even realize.

This panel brings together members of TAG Contributor Strategy initiatives, including BIPOC, Women in Cloud Native, Blind and Visually Impaired, and Deaf and Hard of Hearing, to discuss how fostering inclusivity can unlock this potential. Panelists will share firsthand experiences of the barriers they’ve faced and discuss what a welcoming environment looks like from their perspectives.

Attendees will leave with actionable strategies to create more inclusive project spaces that attract and retain underrepresented contributors, ultimately ensuring the sustainability and vibrancy of open source for years to come.

Speakers

Khallai Taylor

Tech & Security Consultant, E.ON Digital Technology

On a day to day, I advise on OpenTelemetry, eBPF, and Observability architecture and integration at E.ON. I'm always open for a chat about all things OllY and belogining with in the CNCF community, starting with BIPOC! Let's Talk!

Nancy Chauhan

Student, Cornell University

Stéphane Este-Gracias

CNCF Ambassador, ITQ

As an advocate for free and open-source software, I am dedicated to promoting innovation and collaboration. My passion has led me to participate in various initiatives, educating others about the benefits of using open-source software. Leveraging my expertise in cloud-native technologies... Read More →

Sandeep Kanabar

Lead Software Engineer, Gen (formerly NortonLifeLock)

Thursday April 3, 2025 11:00 - 11:30 BST
Level 3 | ICC Capital Suite 7-9

Maintainer Track, Contributor Strategy

11:00 BST

From the Observability TAG: Designing a Common Query Language for Observability Data - Alolita Sharma, Apple & Pereira Braga, Google

Thursday April 3, 2025 11:00 - 11:30 BST

Level 3 | ICC Capital Suite 10-12

Unifying query languages is key in reducing toil for app developers and end users to query and analyze observability data. A common query language that can leverage all observability data such as metrics, traces, profiles, events, logs to facilitate correlation, support trend analytics and provide end-to-end observability for AI applications. The Observability TAG QLS workgroup published a common query language spec in 2024. The workgroup recommended a SQL-like language. This talk will explore the design principles and challenges of creating a generic query language. It will delve into the core concepts, syntax, and semantics of such a language, drawing inspiration from SQL while addressing the unique requirements of observability data. It will also explore the trade-offs between simplicity, expressiveness, and performance. This query language convergence for end-to-end analytics could enhance reliability and operational efficiency for SREs and your app developers. A win-win for all.

Speakers

Alolita Sharma

OpenTelemetry Governance Committee Member, Observability Engineering at Apple, Apple

Pereira Braga

Observability Technical Steward, Principal Engineer, Google

I'm the technical Steward for Observability in xGE (Cross Google Engineering) and I'm the Chief Architect (Über Technical Leader) of a group of 100+ Engineers, who develop observability (monitoring, alerting, performance, investigation and risk) solutions for Google -> P2020 Mon... Read More →

Thursday April 3, 2025 11:00 - 11:30 BST
Level 3 | ICC Capital Suite 10-12

Maintainer Track, Observability

11:00 BST

Kubeflow Ecosystem: What’s Next for Cloud Native AI/ML and LLMOps - Johnu George, Nutanix; Andrey Velichkevich, Apple; Amber Graner, Kubeflow Project; Yuki Iwai, CyberAgent; Yuan Tang, Red Hat

Thursday April 3, 2025 11:00 - 11:30 BST

Level 3 | ICC Capital Suite 14-16

Over the years, Kubeflow has become one of the most widely adopted ML platforms on Kubernetes, managing the entire AI/ML lifecycle, from pipeline orchestration and data processing to distributed training, tuning, and inference. The challenges in the MLOps domain evolved over time with newer ML models and advancements in infrastructure capabilities. With the recent GenAI wave, users want to train and deploy custom LLMs on public clouds or on-premises infrastructure. Unlike traditional ML models, LLMs are massive, requiring significant data processing and computing resources for training and inference. The Kubeflow community has been working hard to provide first-class citizen support to generative models and their core abstractions, focusing more on LLMOps. In this talk, the speakers will discuss the requirements for the next-generation ML platform, its current shortcomings, the roadmap to solving these challenges and how you or your organization can contribute to Kubeflow’s success.

Speakers

Johnu George

Technical Director, Nutanix

Johnu George is a Technical Director at Nutanix with a background in distributed systems and large-scale hybrid data pipelines. He is an active in open-source and has steered several industry collaborations on projects like Kubeflow, Apache Mnemonic and Knative. His research interests... Read More →

Yuan Tang

Principal Software Engineer, Red Hat

Amber Graner

Open Source Community Advocate and Leader, Kubeflow Project

Amber Graner is an open source leader with experience in communities like Ubuntu, Linaro, Open Compute Project (OCP), Zeek, and Kubeflow. A decorated U.S. Army combat veteran, she blends leadership and inclusivity to empower individuals and organizations, fostering collaboration and... Read More →

Andrey Velichkevich

Senior Software Engineer, Apple

Andrey Velichkevich is a Senior Software Engineer at Apple and is a key contributor to the Kubeflow open-source project. He is a member of Kubeflow Steering Committee and a co-chair of Kubeflow AutoML and Training WG. Additionally, Andrey is an active member of the CNCF WG AI. He... Read More →

Yuki Iwai

Software Engineer, CyberAgent, inc

Yuki is a Software Engineer at CyberAgent, Inc. He works on the internal platform for machine-learning applications and high-performance computing. He is currently a Technical Lead for Kubeflow WG AutoML / Training. He is also a Kubernetes WG Batch active member, Job API reviewer... Read More →

Thursday April 3, 2025 11:00 - 11:30 BST
Level 3 | ICC Capital Suite 14-16

Maintainer Track, Kubeflow

11:00 BST

SIG API Machinery Maintainer's Track: The Kubernetes Building Blocks - Federico Bongiovanni, Google

Thursday April 3, 2025 11:00 - 11:30 BST

Platinum Suite | Level 3 | Room 1-2

An overview of the latest features from Extensibility to Admission policies, and what is in the bag for 2025+.

Speakers

Federico Bongiovanni

Senior Engineering Manager, Google

Engineering Manager who is passionate about people development and growth, building diverse and inclusive teams, and solving large scale technical challenges. With a large technical background in development, cloud computing at scale, building and running successful teams, and operating... Read More →

Thursday April 3, 2025 11:00 - 11:30 BST
Platinum Suite | Level 3 | Room 1-2

Maintainer Track, Kubernetes

11:00 BST

The Immediate and Lasting Benefits of TAG Security Assessments - Eddie Knight, Sonatype & Ben Hirschberg, ARMO

Thursday April 3, 2025 11:00 - 11:30 BST

Platinum Suite | Level 3 | Room 3-4

The CNCF community has been doing security assessments through TAG security for years, and the value is clear.

Individual assessors are leveling up their skills, getting more connected with projects, and advancing their careers. Projects are reaching graduation faster, improving their development processes, and finding new ways to provide security features for end users.

This talk from a TAG leader and project maintainer will explore the inner workings of self- and joint-assessments, the value these bring to projects and assessors, as well as the difference between a security assessment and a threat model.

Speakers

Ben Hirschberg

Co-founder and CTO, ARMO

Ben is a veteran cybersecurity and DevOps professional, as well as computer science lecturer. Today, he is the co-founder at ARMO, with a vision of making end-to-end Kubernetes security simple for everyone, and a core maintainer of the open source Kubescape project. He teaches advanced... Read More →

Eddie Knight

OSPO Lead, Sonatype

Eddie Knight is a Software and Cloud Engineer with a background in banking technology. When he isn’t playing with his 2-year-old son, he combines his passion and job duties by working to improve the security of open source software.Eddie helps lead CNCF's Security Technical Advisory... Read More →

Thursday April 3, 2025 11:00 - 11:30 BST
Platinum Suite | Level 3 | Room 3-4

Maintainer Track, Security

11:00 BST

OTel Sucks (But Also Rocks!) - Juraci Paixão Kröhling, OllyGarden & Daniel Dyla, Dynatrace

Thursday April 3, 2025 11:00 - 11:30 BST

Level 1 | Hall Entrance N10 | Room G

OpenTelemetry (OTel) has become a cornerstone of observability, but the journey hasn’t been without challenges. Inspired by the famous "Linux Sucks" format, this talk explores OTel’s pain points and highlights its successes.

We’ll cover:
* SDK Configuration: Once complex for simple scenarios, now simplified by the Config SIG.
* Collector Challenges: Tail-sampling woes and Prometheus performance issues, balanced by OTel’s ability to handle multiple signals in one binary with great performance using OTLP.
* Semantic Conventions: Painful changes, like in HTTP conventions, but with long-term benefits through unified standards.

Featuring real-world user insights, this session delivers a brutally honest yet optimistic take on OTel’s evolution. Perfect for anyone navigating OpenTelemetry’s complexities or celebrating its strengths.

Speakers

Daniel Dyla

Senior Open Source Architect / OpenTelemetry Maintainer, Dynatrace

Daniel is a Senior Architect with 9 years of experience in observability. Daniel is a member of the W3C Distributed Tracing WG, maintainer of OpenTelemetry JS, former OTel Governance Committee member, and OTel specification sponsor, in addition to working on many other areas of the... Read More →

Juraci Paixão Kröhling

Software Engineer, OllyGarden

Juraci Paixão Kröhling is a software engineer, a maintainer of the OpenTelemetry project, a member of the project's governing board and CNCF Ambassador. He has presented about distributed tracing, OpenTelemetry, and other related topics at conferences like KubeCon, OpenSource Summit... Read More →

Thursday April 3, 2025 11:00 - 11:30 BST
Level 1 | Hall Entrance N10 | Room G

Observability

Content Experience Level Intermediate

11:00 BST

Development Environments on Kubernetes: Lessons From Six Years at Internet Scale - Christian Weichel & Alejandro de Brito Fontes, Gitpod

Thursday April 3, 2025 11:00 - 11:30 BST

Level 1 | Hall Entrance S10 | Room A

Running dev environments at scale presents unique challenges that push Kubernetes to the limit. After 6 years of operating development environments for 1.5 million users and as long-time contributors to the Kubernetes community, we encountered fundamental limitations with our use-case that led us to rearchitect Gitpod away from Kubernetes. Our recent technical deep-dive blog ended up on Hacker News and sparked quite the intense debate (speakers are the OP).

This talk dives into our journey of kernel modifications, custom controllers, implementations of user namespaces with shiftfs for UID mapping, seccomp notify for proc masking, and custom device policies for FUSE, tackling CPU throttling with custom CFS controllers, experiments with cgroupv2, and why 1.26's dynamic resource allocation didn’t solve our challenges. These are our hard-won insights to share with the community and continue the discussion around development environment infrastructure both on, or even off Kubernetes.

Speakers

Alejandro de Brito Fontes

Senior Engineer, Gitpod

Alejandro is a software entrepreneur and systems architect with more than 20 years of experience designing, building, and operating mission-critical IT infrastructure.

Christian Weichel

Chief Technology Officer, Gitpod

Thursday April 3, 2025 11:00 - 11:30 BST
Level 1 | Hall Entrance S10 | Room A

Operations + Performance

Content Experience Level Advanced

11:00 BST

Extending Kubernetes Resource Model (KRM) Beyond Kubernetes Workloads - Mangirdas Judeikis, Cast AI & Nabarun Pal, Broadcom

Thursday April 3, 2025 11:00 - 11:30 BST

Level 0 | ICC Capital Hall | Room 2

Writing consistent APIs is hard. The Kubernetes Resource Model (KRM) is the foundation of Kubernetes’ success because it is consistent, predictable, and easy to understand, and it provides a declarative approach to managing infrastructure and applications. But what if KRM could transcend Kubernetes itself?

This talk will explore the paradigm shift of how one could use KRM with kcp or Kubernetes Generic control plane to provide more than just workload management. This is not a new concept, Crossplane and many other tools are already doing this. But if we could take this further? What if each cloud API would look and feel like Kubernetes API? We will extensively cover how “kcp + friends” in the CNCF ecosystem fulfill that vision.

At the end of the talk, the audience will walk away with knowledge of KRM++, the approaches on building a scalable multi-tenant control plane for managing resources in their multi-cluster Kubernetes based infrastructure, possibly hybrid cloud.

Speakers

MJ / Mangirdas Judeikis

Staff Engineer, kcp maintainer, Cast AI

Nabarun Pal

Principal Software Engineer, Broadcom

Thursday April 3, 2025 11:00 - 11:30 BST
Level 0 | ICC Capital Hall | Room 2

Platform Engineering

Content Experience Level Intermediate

11:00 BST

Starting and Scaling a Platform Engineering Team - Camille Fournier, Independent & Ian Nowland, Junction Labs

Thursday April 3, 2025 11:00 - 11:30 BST

Level 1 | Hall Entrance N10 | Room F

This talk will take highlights from our book to discuss the basics of starting and scaling Platform Engineering teams. We will cover highlights including: when to start, the skills the team needs, how to set out a successful product and execution strategy, and dealing with challenging stakeholders in order to create success. The audience will leave this talk with concrete takeaways that will help them wherever they are on the platform engineering journey, and clear ideas for what success looks like.

Speakers

Camille Fournier

Author, CTO, Open Athena AI

Camille Fournier is a writer, speaker, and entrepreneur, who has held technology executive positions at companies ranging from startups to the Fortune 50. She has participated in numerous open source foundations and projects including CNCF, FINOS, and Apache ZooKeeper, and is the... Read More →

Ian Nowland

Co-founder, Junction Labs

Ian Nowland has been in the software industry for 25 years. He is currently a co-founder at a seed stage startup, Junction Labs, building tools for platform teams. Prior to that, he co-authored a book on Platform Engineering with Camille Fournier. This included his learnings from... Read More →

Thursday April 3, 2025 11:00 - 11:30 BST
Level 1 | Hall Entrance N10 | Room F

Platform Engineering

Content Experience Level Any

11:00 BST

Identity-based Trust - Till Death Do We Part? - John Kjell, TestifySec & Kairo De Araujo, Independent

Thursday April 3, 2025 11:00 - 11:30 BST

Level 1 | Hall Entrance S10 | Room C

With the rise in adoption of identity-based trust, it is increasingly important to understand the threats to such systems. PyPI, NPM, RubyGems, and Homebrew have all established models for “trusted publishing” attestation, based on OIDC. Many of these implementations rely on Project Sigstore’s projects Fulcio and Rekor.

Sigstore’s Rekor is an append only log. There’s no way to remove entries, even if they’re illegitimate. In the case of an identity compromise, most individuals would prefer to avoid a divorce from their identity, allowing for recovery and the establishment in future trust of their name.

In this session, we’ll examine a threat model and mechanisms for compromise in a Sigstore-based identity signing system. Once established, we’ll describe ways to mitigate and resolve the threats, leveraging the CNCF projects in-toto and The Update Framework (TUF). Beyond theoretical designs, we’ll look at how this system has been implemented in in-toto’s sub-project Archivista.

Speakers

John Kjell

Director of Open Source, TestifySec

John is responsible for open source at TestifySec, a software supply chain security startup. He is a maintainer for the Witness and Archivista sub-projects under in-toto. Additionally, John is an active contributor to CNCF's TAG Security and multiple projects within the OpenSSF. Before... Read More →

Kairo De Araujo

Open Source Engineer, Independent

Kairo is a Senior Open Source Engineer. Kairo maintains python-tuf and is the author of Repository Service for TUF (RSTUF). His past roles include Senior Open Source Software Engineer at TestifySec, VMware, Senior Software Engineer at IBM, ING, Forescout, and a former System Engineer... Read More →

Thursday April 3, 2025 11:00 - 11:30 BST
Level 1 | Hall Entrance S10 | Room C

Security

Content Experience Level Advanced

11:00 BST

Tutorial: Mind Your Pod's Business: Network Isolation Workshop - Surya Seetharaman & Miguel Duarte Barroso, Red Hat; Keith Burdis, Goldman Sachs

Thursday April 3, 2025 11:00 - 12:15 BST

Level 1 | Hall Entrance N11

Your cluster's network may be secure enough for your boss, but is it secure enough for the EU? Learn how you can use network segmentation to meet regulatory requirements.

By default, Kubernetes allows unrestricted communication between all pods in a cluster, which does not meet the security standards required by the European Union’s NIS2 Directive. NetworkPolicies can restrict traffic, but they are complex and leave gaps for Layer 2 (eg. Ethernet) use cases, such as virtualization networking and telecom services on Kubernetes.

In this interactive tutorial you will gain hands-on experience on how to achieve native isolation for your workloads (pods and VMs) in Kubernetes using CNCF projects CNI, KubeVirt, and OVN-Kubernetes - no prior experience needed! Through step-by-step guidance, you will learn to configure these plugins on your KIND clusters, create isolated networks and attach workloads to these different networks that meet high security standards.

Speakers

Miguel Duarte Barroso

Principal Software Engineer, Red Hat

Keith Burdis

Kubernetes Engineer, Goldman Sachs

Tech lead for Kubernetes engineering running large multi-tenant clusters and virtual machines.

Surya Seetharaman

Principal Software Engineer, Red Hat, Inc

Surya is an Open Source advocate and contributor, active in the Kubernetes SIG-Network working group. She is working as a Principal Software Engineer at Red Hat in the OpenShift Networking team. Her areas of interest include Cloud Infrastructure and Networked Services and Systems... Read More →

Thursday April 3, 2025 11:00 - 12:15 BST
Level 1 | Hall Entrance N11

Tutorials, Connectivity

Content Experience Level Beginner

11:00 BST

🚨 Contribfest: Armada Project Session

Thursday April 3, 2025 11:00 - 12:15 BST

Level 3 | ICC Capital Suite 17

Come work with the maintainers of the Armada Project to get answers and direct support for your questions and issues. Meet other teams using Armada, and share resources.

Speakers

Caterina Rindi

GR Open Source Señor Developer, G-Research Open Source Software

Caterina started her professional career teaching bilingual kindergarten, and is still using those skills in her current role as Director of Community and Developer Relations for the Open Source Software team at G- Research. She has been working with remote teams in the P2P, blockchain... Read More →

Thursday April 3, 2025 11:00 - 12:15 BST
Level 3 | ICC Capital Suite 17

🚨 Contribfest, Armada

11:00 BST

🚨 Contribfest: Contribute With Confidence: Dive Into Backstage!

Thursday April 3, 2025 11:00 - 12:15 BST

Level 3 | ICC Capital Suite 1

Join us for an engaging session on Backstage, a CNCF project that powers Internal Developer Portals with its rich plugin ecosystem. We’ll guide you through setting up your environment with tools like Node.js and TypeScript, introduce you to the Backstage Contributing Guide, and help you explore beginner-friendly GitHub issues with expert support.

For more seasoned Backstage developers, use this session to create a plugin and extend Backstage’s functionality. Engage with maintainers, ask questions, and gain valuable insights into the project. Whether you’re new or experienced, this is your chance to make an impact and contribute to the Backstage community!

Speakers

Bethany Griggs

Senior Software Engineer, Red Hat

Senior Software Engineer at Red Hat and a Node.js Collaborator. Beth has been involved with the Node.js project since 2016 when she joined IBM in their Node.js Runtime Team. Now at Red Hat, she’s continuing her work around Node.js, including contributing to the Node.js project where... Read More →

Patrik Oldsberg

Senior Engineer, Spotify

Peter MacDonald

Software Engineer, VodafoneZiggo

I am Peter Macdonald! A full-stack software engineer currently working at VodafoneZiggo in the Netherlands integrating Backstage as an internal developer platform. I am a big Open Source Software advocate and contributor and love spending my free time thinking of creative ways to... Read More →

André Wanlin

Customer Success Engineer, Spotify

André, a full Stack Developer from Winnipeg, Manitoba, Canada, is an active member of the Backstage open source project having contributed 3 plugins - Azure DevOps, DevTools, and Linguist - as well as various features, bug fixes and documentation updates. He's often found on the... Read More →

Vincenzo Scamporlino

Senior Software Engineer, Spotify

Thursday April 3, 2025 11:00 - 12:15 BST
Level 3 | ICC Capital Suite 1

🚨 Contribfest, Backstage

11:45 BST

AI Pipelines With OPEA: Best Practices for Cloud Native ML Operations - Ezequiel Lanza, Intel & Melissa McKay, JFrog

Thursday April 3, 2025 11:45 - 12:15 BST

Level 1 | Hall Entrance S10 | Room B

The Open Platform for Enterprise AI (OPEA) is an open source project intended to assist organizations with the realities of enterprise-grade deployments of GenAI apps. Beginning from scratch is a costly endeavor, and the ability to quickly iterate on a solution and determine its viability for your organization is essential to ensure you are making the best moves forward.

During this session, Ezequiel and Melissa will introduce you to the OPEA platform and how to empower your team to build, deploy, and manage AI pipelines more effectively. Attendees will gain insights into best practices for handling complex AI/ML workloads, automating dependency management, and integrating Kubernetes for efficient resource utilization. With a focus on real-world applications, this talk not only showcases the transformative potential of these tools but also encourages attendees to explore new ways to contribute, innovate, and collaborate in driving the future of AI adoption in enterprise environments.

Speakers

Melissa McKay

Head of Developer Relations, JFrog

Melissa is the Head of Developer Relations for JFrog. She currently serves on the CNCF Governing Board, and the Technical Steering Committee of OPEA. She loves sharing her knowledge with the community as a developer, speaker, and author. Melissa has been recognized as a Java Champion... Read More →

Ezequiel Lanza

Open Source AI Evangelist, Intel

Passionate about helping people discover the exciting world of artificial intelligence, Ezequiel is a frequent AI conference presenter and the creator of use cases, tutorials, and guides that help developers adopt open source AI tools.

Thursday April 3, 2025 11:45 - 12:15 BST
Level 1 | Hall Entrance S10 | Room B

AI + ML

Content Experience Level Any

11:45 BST

Building a Ubiquitous Cloud Native: Beyond the Intersectionality - Carol Valencia, Elastic; Pawel Piwosz, Tameshi; Satyam Soni, Devtron Inc.; Anita Ihuman, MetalBear; Audra Montenegro, CNCF

Thursday April 3, 2025 11:45 - 12:15 BST

Level 1 | Hall Entrance N10 | Room H

Communities are the backbone of innovation and collaboration, but how do diverse geographies, cultures, problems, and challenges influence the way these communities operate? Leaders from Latam, Africa, Europe, and India will share their unique stories, solutions, and insights, highlighting both the similarities and differences in community building across regions. The discussion will focus on improving guidelines for supporting underrepresented groups, developing strategies to strengthen local chapters, breaking down silos, and addressing regional challenges.

A CNCF Community Manager will moderate the discussion, sharing challenges raised by organizers worldwide and exploring how approaches to community building vary across regions. By the end of this panel, attendees will be inspired to cultivate respectful and inclusive communities for everyone. KubeCon, in particular, embodies a unique blend of cultures and languages.

Speakers

Carolina Valencia

Customer Architect, Elastic

Carol is a passionate software developer dedicated to implementing secure cloud-native practices. She actively contributes to CNCF projects and the Kubernetes community as an open-source contributor. She enjoys learning new technologies and creating material, some of which she shares... Read More →

Anita Ihuman

Developer Adbocate, MetalBear

Anita is a developer advocate and technical writer specializing in cloud native and DevOps engineering. She champions the growth and adoption of cloud-native solutions in Africa as an organizer of Kubernetes Community Days(KCD) Nigeria and the CNCF Abuja community group. She is an... Read More →

Audra Montenegro

Community Program Manager | KCDs & CNCGs, CNCF

Audra Montenegro has spent nearly ten years organizing global events, with seven of those years working on content for large tech conferences and small summits with O’Reilly Media. Currently she is a Community Program Manager at the Cloud Native Computing Foundation (CNCF) running... Read More →

satyam soni

OSS Developer, Devtron Inc.

Satyam is OSS Developer at Devtron, Google Summer of Code Mentee 2024 at OpenSUSE,Kubernetes Release Notes Lead and Shadow v.130 & v1.31, CNCF Ambassador, and Cloud Native Community Groups New Delhi Organizer. He focuses on developing and contributing to open-source software. He holds... Read More →

Pawel Piwosz

Cloud Solution Architect, Tameshi

Docker Captain. DevOps Institute Ambassador. CD.Foundation Ambassador. AWS Community Builder. Engineer, leader, mentor, speaker. My focus is on CALMS. I am building better understanding of DevOps as driver for the organization. I am devoted to Serverless and CI/CD. I authored... Read More →

Thursday April 3, 2025 11:45 - 12:15 BST
Level 1 | Hall Entrance N10 | Room H

Cloud Native Experience

Content Experience Level Any

11:45 BST

Journey at the New York Times: Is Sidecar-Less Service Mesh Disappearing Into Infrastructure? - Lin Sun, Solo.io & Ahmed Bebars, The New York Times

Thursday April 3, 2025 11:45 - 12:15 BST

Level 1 | Hall Entrance N10 | Room E

At The New York Times, we manage a multi-tenant Kubernetes architecture across diverse regions, leveraging projects like Istio, OPA, and Karpenter. With Istio ambient mode now generally available, we’re exploring whether it’s time to eliminate sidecars in our production environment and allow the service mesh to integrate seamlessly into our infrastructure for multiple teams.

In this talk, we’ll take you through our journey of collaborating with the Istio and cloud-native community to build a sidecar-less architecture from scratch, utilizing the broader cloud-native stack we already have. We’ll share the technical challenges we encountered, practical tips for adopting Istio ambient mode, and the tangible benefits we’ve realized along the way. Join us to discover how we’re reshaping our cloud-native architecture for simplicity and efficiency.

Speakers

Ahmed Bebars

Principal Engineer, The New York Times

As a Principal Engineer on the Developer Platforms mission at The New York Times, I specialize in Cloud Infrastructure technologies, focusing on developing robust and scalable Kubernetes-based solutions. My primary focus is crafting a secure runtime environment that empowers service... Read More →

Lin Sun

CNCF TOC member and Head of Open-Source, solo.io

Thursday April 3, 2025 11:45 - 12:15 BST
Level 1 | Hall Entrance N10 | Room E

Connectivity

Content Experience Level Any

11:45 BST

Beyond the Limits: Scaling Kubernetes Controllers Horizontally - Tim Ebert, STACKIT

Thursday April 3, 2025 11:45 - 12:15 BST

Level 1 | Hall Entrance S10 | Room D

Do your Kubernetes controllers struggle to keep up with the demands of your growing infrastructure? As your clusters scale, traditional controller setups face increasing challenges, leading to slow reconciliation times, impacting application performance and overall cluster stability.

This session introduces sharding for Kubernetes controllers as a groundbreaking solution. By horizontally scaling controller workloads across multiple instances, it significantly improves scalability and addresses the inherent limitations of traditional leader election mechanisms.

In this session, we'll dive deep into the technical details of applying proven sharding mechanism from distributed databases to effectively partition controller workloads. We'll explore the underlying concepts and how to implement sharding in your own Kubernetes controllers.

Join us to learn how to overcome the scalability challenges of your Kubernetes controllers and unlock the full potential of your infrastructure.

Speakers

Tim Ebert

Cloud Engineer, STACKIT

Tim loves designing, developing, and operating cloud native systems at STACKIT. He is knee-deep in managing infrastructure and Kubernetes clusters themselves using Kubernetes operators. Tim is a core developer of Gardener, an open source project for managing Kubernetes clusters at... Read More →

Thursday April 3, 2025 11:45 - 12:15 BST
Level 1 | Hall Entrance S10 | Room D

Emerging + Advanced

Content Experience Level Intermediate

11:45 BST

SIG Security: Succession Planting for a Flowering Future - Cailyn Edwards, Okta; Iain Smart, AmberWolf; Rory McCune, Datadog; Mahé Tardy, Isovalent at Cisco

Thursday April 3, 2025 11:45 - 12:15 BST

Platinum Suite | Level 3 | Room 3-4

Kubernetes SIG Security takes a community-building approach to improving security for end users, project maintainers, and the Kubernetes project itself. Much like a garden thrives with careful planning, diverse plants, and collaboration, we use the same techniques to ensure our community is well tended and blooming. Join us as we introduce the next generation of SIG Security leadership and talk about succession plan(t)ing to ensure a smooth transition, encourage growth, and maintain the values that cultivate and foster the community we’ve built together.

Come learn what we’ve been working on, what we have planned for the future, and how you can get involved. We will go over the many roles required to create a rich community, from the gardeners to the pollinators - it really does take a village! Everyone is welcome: we all have something to teach and something to learn, and we would love to learn from you!

Bring questions, share ideas, and let’s plant some seeds. See you there!

Speakers

Iain Smart

Principal Consultant, AmberWolf

Iain is a Principal Security Consultant at AmberWolf, where he attacks and reviews cloud-native environments. Since discovering that public speaking really isn’t that scary, he has presented at various conferences including KubeCon EU and BlackHat. He enjoys playing with new technologies... Read More →

Mahé Tardy

Software Engineer, Isovalent at Cisco

Rory McCune

Senior Security Researcher and Advocate, Datadog

Rory is a senior security researcher & advocate for Datadog who has extensive experience with Cyber security and Cloud native computing. In addition to his work as a security reviewer and architect on containerization technologies like Kubernetes and Docker he has presented at Kubecon... Read More →

Cailyn Edwards

Senior Security Engineer, Okta

Cailyn Edwards (she/her) is a CNCF Ambassador and a Senior Security Engineer at Okta, where she spends her time paving roads, putting up guard rails and generally helping to secure the cloud. She is also an active contributor to SIG-Security and 2022 Contributor Award recipient. Her... Read More →

Thursday April 3, 2025 11:45 - 12:15 BST
Platinum Suite | Level 3 | Room 3-4

Maintainer Track, Security

11:45 BST

The Key To Security: Externalized Service Account Key Management - Mo Khan & Rita Zhang & Stanislav Láznička & Anish Ramasekar, Microsoft

Thursday April 3, 2025 11:45 - 12:15 BST

Level 3 | ICC Capital Suite 10-12

Service account signing keys are critical for JWT signing and authentication in Kubernetes, yet the current model - loading keys from disk during kube-apiserver startup - introduces challenges in key rotation and security. Restarting kube-apiserver for key rotation disrupts operations, while storing signing keys on disk exposes sensitive materials to potential exfiltration. This talk explores KEP 740 which is an enhancement to Kubernetes’ service account key management, enabling seamless integration with HSMs and cloud KMSes. By offloading signing to external systems, we eliminate the need for restarts during key rotations and significantly enhance security by removing signing materials from the filesystem. Join us to learn how these updates can strengthen security and auditability, and provide Kubernetes distributions with the flexibility to choose key management solutions that meet their needs.

Speakers

Standa Láznička

Principal Software Engineer, Microsoft

I've been dealing with authentication, authorization and certificates in Open Source for quite some time.

Rita Zhang

Principal software engineer, Kubernetes SIG Auth co-chair, Security Response Committee, Microsoft

Mo Khan

Software Engineer, Microsoft

Mo Khan is a software engineer who is passionate about open source and security. He started working on Kubernetes in 2016, and currently serves as a chair, technical lead and subproject owner for Kubernetes SIG Auth, a member of the Kubernetes Security Response Committee and a contributor... Read More →

Anish Ramasekar

Principal Software Engineer, Microsoft

Anish Ramasekar is a software engineer at Microsoft. He is on the Azure Container Upstream team building features for Kubernetes upstream and various CNCF projects that are part of the Azure Kubernetes Service. Anish is a maintainer of the Secrets Store CSI Driver project.

Thursday April 3, 2025 11:45 - 12:15 BST
Level 3 | ICC Capital Suite 10-12

Maintainer Track, Auth

11:45 BST

TUF-en up Your Software Supply Chain - Marina Moore, Edera & Kairo De Araujo, Independent

Thursday April 3, 2025 11:45 - 12:15 BST

Platinum Suite | Level 3 | Room 1-2

Has your software distribution gotten overwhelmed with supply chain security metadata? Do you struggle to connect your SBOMs and attestations to images? In this talk we will cover how you can securely distribute your images along with software supply chain metadata for an end-to-end secure software distribution pipeline. We will discuss secure software update and distribution using TUF, and how this ties into other CNCF projects for securing your software supply chain. We will focus on how TUF ensures that images and metadata are current and resilient to tampering, and discuss recent improvements to the project. We will then demo how TUF can be used with in-toto to securely distribute and verify software supply chain metadata and attestations.

Speakers

Marina Moore

Research Scientist, Edera

Marina Moore is a Research Scientist at Edera. She is a maintainer of The Update Framework (TUF), a CNCF graduated project that provides secure software update and delivery. She is also a chair of CNCF's TAG Security where she contributes to security assessments and whitepapers, as... Read More →

Kairo De Araujo

Open Source Engineer, Independent

Thursday April 3, 2025 11:45 - 12:15 BST
Platinum Suite | Level 3 | Room 1-2

Maintainer Track, The Update Framework (TUF)

11:45 BST

Wasm Whiplash: WasmCloud's Wild Ride To Standards - Brooks Townsend, Cosmonic

Thursday April 3, 2025 11:45 - 12:15 BST

Level 3 | ICC Capital Suite 7-9

Everybody loves a standard. The CNCF contains many products and projects that integrate with well-defined standards—allowing them to focus on their own goals. See OpenTelemetry (OTEL) for example, the widely used standard for traces, logs and metrics and the second-most contributed to project in the CNCF (only behind Kubernetes).

In 2019, wasmCloud started as a hand-crafted WebAssembly (Wasm) application platform. We used our own IDL, codegen, and FFI protocol. Over the last five years we’ve broken down these proprietary bits one by one, rebuilding them around WASI 0.2 to become the incubating platform we are today.

This talk will use wasmCloud as a backdrop to explore innovative new standards in the cloud and Wasm-native spaces, and why they matter. You’ll learn why a platform built on standards leads to greater collaboration and the pitfalls of not using those standards based on what we learned from wasmCloud’s evolution towards being the best platform to run Wasm in production.

Speakers

Brooks Townsend

Senior Software Engineer, Cosmonic

Brooks is a Lead Software Engineer at Cosmonic, focusing on harnessing WebAssembly to alleviate the pains of modern software development. Brooks started his software development career with Critical Stack, a Kubernetes container orchestration platform that is now open source. He joined... Read More →

Thursday April 3, 2025 11:45 - 12:15 BST
Level 3 | ICC Capital Suite 7-9

Maintainer Track, wasmCloud

11:45 BST

WG-Batch Updates: What’s New and What Is Next? - Marcin Wielgus, Google

Thursday April 3, 2025 11:45 - 12:15 BST

Level 3 | ICC Capital Suite 14-16

I will present improvements that the WG Batch has promoted in Kubernetes, and the opportunities under discussion to better support batch workloads such as HPC, AI/ML, data-analytics, etc. I will discuss enhancements and improvements to the Job and JobSet APIs as well as new release and roadmap for Kueue, a Kubernetes subproject that offers job queueing and scheduling, to build a multitenant, multicluster batch system. The WG Batch was created in 2022 to serve the demand from the ecosystem to better support batch applications in Kubernetes. The WG is composed of SIGs’ experts and developers from various communities, with the objective to set roadmaps and collaborate in designs and implementations.

Speakers

Marcin Wielgus

Staff Software Engieer, Google

Marcin Wielgus is a Staff Software Engineer at Google. Marcin joined the company in 2010 and since then he has been working on various projects, ranging from Android applications to recommendation engines. He started contributing to Kubernetes before the 1.0 release and currently... Read More →

Thursday April 3, 2025 11:45 - 12:15 BST
Level 3 | ICC Capital Suite 14-16

Maintainer Track, Batch

11:45 BST

Pushing the Limits of Prometheus at Etsy - Chris Leavoy, Etsy & Bryan Boreham, Grafana Labs

Thursday April 3, 2025 11:45 - 12:15 BST

Level 1 | Hall Entrance N10 | Room G

A deep dive into the journey of pushing Prometheus beyond its performance limits. This talk offers an insider's perspective on scaling a single Prometheus instance using a powerhouse 128-core machine with 4TB of RAM, and processing a staggering 500 million metrics at its peak. It’s a story packed with lessons, insights, and actionable takeaways from operating one of the industry's largest Prometheus servers.

The talk will go through:
- Breaking Boundaries: Explore the challenges encountered in Prometheus' design and how they navigated them.
- Diagnosing Bottlenecks: Discover how to combine observability signals—metrics, profiles, and traces—to pinpoint and overcome performance roadblocks.
- Building Resilience: Uncover strategies to optimize metrics volume and enhance Prometheus' reliability under load.

This session isn’t just about pushing technology to the edge—it’s about learning to work smarter, build better systems, and create a more resilient observability stack.

Speakers

Bryan Boreham

Distinguished Engineer, Grafana Labs

Chris Leavoy

Staff Observability Engineer, Etsy

Chris Leavoy is a Staff Engineer who leads Etsy's Observability practice. From the good old days of MRTG to modern-day Cloud Native, Chris has a long track record of helping large enterprises wrangle their distributed systems. Bryan Boreham is a Distinguished Engineer at Grafana... Read More →

Thursday April 3, 2025 11:45 - 12:15 BST
Level 1 | Hall Entrance N10 | Room G

Observability

Content Experience Level Any

11:45 BST

Dancing With the Pods: Live Migration of a Database Fleet While Serving Millions of Queries - Jayme Bird & Manish Gill, ClickHouse

Thursday April 3, 2025 11:45 - 12:15 BST

Level 1 | Hall Entrance S10 | Room A

At ClickHouse, we recently changed the way we orchestrate databases provisioned by customers, specifically the way we use StatefulSets. There was just one big problem: we wanted to migrate our legacy fleet of thousands of services from the old orchestration code-path to the new one without any downtime - even the queries should continue to run as they are.

If there is one thing that people hate doing - it is migrations. They are painful, have lots of corner cases, and take a long time. In our case, it took us almost 6 months to migrate the entire fleet. But we encountered lots of interesting challenges along the way. This talk will walk you through these challenges of live migrating the entire ClickHouse Cloud Fleet's orchestration while continuing to serve customer queries and ingest. The story involves our Operator, deep-dive into StatefulSets, a custom migration controller, durable execution workflows, and many, many database synchronisation challenges.

Speakers

Manish Gill

Engineering Manager, ClickHouse Inc

Manish Gill works at ClickHouse Inc, where he is managing the AutoScaling team for ClickHouse Cloud. He is based out of Berlin and is deeply interested in Databases and Cloud challenges and still considers himself new to Kubernetes. In a past life, he worked in an ML research team... Read More →

Jayme Bird

Senior Software Engineer, ClickHouse

Jayme Bird is a Senior Software Engineer at ClickHouse Inc, working on the development of horizontal and vertical autoscaling solutions for ClickHouse Cloud, a stateful analytics DBaaS running on Kubernetes.

Thursday April 3, 2025 11:45 - 12:15 BST
Level 1 | Hall Entrance S10 | Room A

Operations + Performance

Content Experience Level Intermediate

11:45 BST

Building a 5* Kubernetes Hotel - Dean Fuller, Fidelity International & Rachael Wonnacott, Fidelity International

Thursday April 3, 2025 11:45 - 12:15 BST

Level 0 | ICC Capital Hall | Room 2

When Fidelity International's public cloud journey began to slow it became clear that our barrier to cloud was too high and with lower cognitive load platforms readily available on premises (CloudFoundry) why would anyone move? This sparked the realisation that we needed to build a public cloud container hosting platform that could provide that experience our developers had become used to for so many years, what was born was known as the "Kubernetes Hotel". Abstracting much of the K8s infrastructure complexity from our internal developers it allowed them to focus on the business logic and leaving the platform team to do the heavy engineering. In this talk we'll explore the high's and low's of the K8s hotel business, how our MVP was more of a motel and what we believe a 5* K8s hotel might look like as we progress further on our journey.

Speakers

Rachael Wonnacott

Associate Director - Container Platform Engineering, Fidelity International

Rachael has spent the last decade focused on platform engineering. She places a conscious emphasis on improving flow and is on the quest to smooth the application lifecycle for developers in the enterprise. With a background in astrophysics, Rachael brings her scientific approach... Read More →

Dean Fuller

Director of Developer Platform Engineering, Fidelity International

Dean Fuller has spent the last 20 years working in the technology infrastructure domain, always looking for opportunities to challenge approach and focusing on value and quality of the outcomes. Today Dean oversees the Developer Platform Engineering group at Fidelity International... Read More →

Thursday April 3, 2025 11:45 - 12:15 BST
Level 0 | ICC Capital Hall | Room 2

Platform Engineering

Content Experience Level Any

11:45 BST

Platform Engineering Loves Security: Shift Down To Your Platform, Not Left To Your Developers! - Maxime Coquerel, Royal Bank of Canada - RBC & Mathieu Benoit, Humanitec

Thursday April 3, 2025 11:45 - 12:15 BST

Level 1 | Hall Entrance N10 | Room F

In the evolving cloud native landscape of software development, the paradigm of "shifting left" has championed embedding security, and its complexity into the development lifecycle (SDLC). A well-designed platform security threat model underpins this strategy. By mapping out potential attack surfaces such as API vulnerabilities, misconfigured RBAC, unscanned container images, and lack of runtime anomaly detection.
Platform Engineering promotes a "shift down" approach, embedding a robust security posture directly into the platform. By integrating governance and scalable security controls into the infrastructure, platform teams enable developers to focus on delivering code and business value without being burdened by security complexities or productivity blockers.
With this talk, attendees will walk away with real life examples based on successful implementations for regulated entities like financial companies, including actionable best practices for security controls and threat models.

Speakers

Mathieu Benoit

Cloud Native Ambassador & Customer Success Engineer, Humanitec

Maxime Coquerel

Principal Cloud Security Architect, Royal Bank of Canada - RBC

In my current role at RBC - Royal Bank of Canada, I lead the Kubernetes Security program, overseeing security architecture, cloud threat research, threat modeling, and risk assessment of cloud designs and patterns. Additionally, I collaborate closely with our strategic partners, cultivating... Read More →

Thursday April 3, 2025 11:45 - 12:15 BST
Level 1 | Hall Entrance N10 | Room F

Platform Engineering

Content Experience Level Beginner

11:45 BST

IAM, Agent: Identity for Autonomous AI - Matthew Bates, Cofide

Thursday April 3, 2025 11:45 - 12:15 BST

Level 1 | Hall Entrance S10 | Room C

First there were chatbots, then LLMs and now we're beginning to hear everyone talk about "agents", where multiple AI agents collaborate and execute tasks autonomously. As AI systems evolve toward multi-agent architectures, robust identity and access management (IAM) becomes critical for security. While these share similarities with microservices, AI agents introduce unique challenges around dynamic capabilities, trust and the interplay between human and agent identities.

This talk explores applying zero trust principles to AI agent workloads using CNCF projects like SPIFFE/SPIRE and emerging IETF standards (WIMSE). We'll explore dynamic identity provisioning, agent-to-agent authentication, and cryptographic attestation. Through hands-on demonstrations, you'll learn how to implement secure, standards-compliant identity management in your multi-agent AI systems, addressing both familiar distributed systems challenges and novel security considerations.

Speakers

Matthew Bates

Founder, Cofide

Matt is the founder of Cofide, a startup focused on workload identity and access management. He was previously co-founder and CTO of Jetstack, the company behind cert-manager. Since the launch, he has contributed widely to the Kubernetes project, both to the technology and to the... Read More →

Thursday April 3, 2025 11:45 - 12:15 BST
Level 1 | Hall Entrance S10 | Room C

Security

Content Experience Level Intermediate

12:15 BST

Lunch 🍲

Thursday April 3, 2025 12:15 - 14:15 BST

Level 1 | Hall Entrances S8 - S9, N8 - N9

Thursday April 3, 2025 12:15 - 14:15 BST
Level 1 | Hall Entrances S8 - S9, N8 - N9

Breaks

13:15 BST

🪧 Poster Session: From Pods To Petabytes: Managing Data Objects as Kubernetes Resources - Sebastian Beyvers & Jannis Hochmuth, Giessen University

Thursday April 3, 2025 13:15 - 14:15 BST

Level 1 | Hall Entrances S8 - S9, N8 - N9

As ML and data-intensive applications expand across industries, organizations face growing pressure to integrate more external and internal data sources into their data and compute ecosystems. This raises a crucial question: How do you integrate data lifecycle management in a distributed environment like Kubernetes? It turns out, there are striking parallels between orchestrating containerized applications in Kubernetes and managing datasets across various locations. From lifecycle management to replication to placement strategies, by applying Kubernetes' proven orchestration concepts to data, it is possible to deliver consistent, efficient, and scalable “data orchestration”, which can be a powerful tool for streamlining data-driven applications – all using familiar K8s interfaces. This presentation explores the benefits of rethinking distributed data management with Kubernetes-inspired strategies and showcases a prototypical data orchestration implementation.

Speakers

Sebastian Beyvers

Distributed Systems Researcher, Giessen University

Sebastian Beyvers is a distributed systems researcher in bioinformatics and a cloud-native Rust developer at Giessen University. Sebastian's current work focuses on cloud-native data storage and processing solutions that try to harmonize existing national and international data ecosystems... Read More →

Jannis Hochmuth

Data Management Enthusiast, Giessen University

Jannis Hochmuth is a research assistant at Giessen University with a strong interest in scientific data management, particularly within distributed systems. Currently engaged in the NFDI initiative, his work centers on harmonizing data ecosystems at a national level, advancing collaborative... Read More →

Thursday April 3, 2025 13:15 - 14:15 BST
Level 1 | Hall Entrances S8 - S9, N8 - N9

🪧 Poster Sessions, Data Processing + Storage

Content Experience Level Intermediate

13:15 BST

🪧 Poster Session: GitOps Reinvented: Leveraging Imperative Tools for CAPI Clusters Management - Damien Dassieu, Independent

Thursday April 3, 2025 13:15 - 14:15 BST

Level 1 | Hall Entrances S8 - S9, N8 - N9

The GitOps approach has become a cornerstone of Kubernetes workflows, offering a declarative way to manage infrastructure and applications. However, managing infrastructure like Kubernetes clusters with GitOps presents challenges. For instance, large and complex CAPI manifests can lead to misconfigurations with unintended consequences.

To address this, platform engineers can use tools like kubectl, oc, or web UIs for an imperative, user-friendly experience. These tools validate inputs before sending requests to the Kubernetes API server, reducing errors.

But how can we integrate GitOps principles while using these tools? This session explores how ArgoCD & Syngit enable GitOps workflows for CAPI cluster management, combining declarative and imperative approaches for better results.

Speakers

Damien Dassieu

Kubernetes platform engineer, Independent

I am an active contributor to Kubernetes projects (Kubebuilder, controller-runtime, ...) with a focus on enabling scalable and efficient cluster management. I worked at Orange, the largest telecom company in France and as a tech-leader. I developed a solution to deliver and manage... Read More →

Thursday April 3, 2025 13:15 - 14:15 BST
Level 1 | Hall Entrances S8 - S9, N8 - N9

🪧 Poster Sessions, Platform Engineering

Content Experience Level Intermediate

13:15 BST

🪧 Poster Session: Migrate Smarter, Not Harder: Mastering Object Storage With Chorus - Artem Torubarov & Andrei Ivashchenko, Clyso GmbH

Thursday April 3, 2025 13:15 - 14:15 BST

Level 1 | Hall Entrances S8 - S9, N8 - N9

This poster session showcases Chorus, an open-source tool that simplifies migrating and backing up object storage, like S3 or Swift. It begins with a quick overview of Chorus's features, followed by a live demonstration of its capabilities in action.

Attendees will explore two key migration strategies and their impact on disaster recovery goals—Recovery Time Objective (RTO) and Recovery Point Objective (RPO):

1. Zero-downtime migration: Avoids downtime (zero RTO) during normal operations but risks non-zero RPO if updates are lost during unexpected issues.
2. Zero-RPO migration: Ensures no data loss (zero RPO), even during failures, but requires planned downtime, resulting in non-zero RTO.

The session provides practical insights, trade-offs, and best practices for large-scale S3 migrations. It also empowers users to move beyond vendor-locked solutions with guidance on adopting cloud-native object storage tools like Rook.

Speakers

Artem Torubarov

Software engineer, Clyso GmbH

Andrei Ivashchenko

Tech Lead, Clyso GmbH

Research, development and stuff

Thursday April 3, 2025 13:15 - 14:15 BST
Level 1 | Hall Entrances S8 - S9, N8 - N9

🪧 Poster Sessions, Data Processing + Storage

Content Experience Level Any

13:15 BST

🪧 Poster Session: Navigating the CNCF Wilderness: A Survival Guide To Container Signing and Verification - Ivan Wallis, CyberArk

Thursday April 3, 2025 13:15 - 14:15 BST

Level 1 | Hall Entrances S8 - S9, N8 - N9

Confused about what container and artifact signing tools to use? Fear not! This session is your trusty map and compass for navigating the tricky terrain of container signing and verification. We’ll explore the current projects available, uncover advantages and disadvantages of them, and dodge common pitfalls lurking along the way especially when it comes to deploying in production. Packed with practical tips and a dash of adventure specifically around the Sigstore cosign and Notary Project projects, this session will help you tame the complexities of container signing and build trust in your software supply chain. Areas of focus include key management, PKI, signing and runtime enforcement policy, auditing and observability, and most importantly how to achieve a secure deployment leveraging enterprise infrastructure.

Speakers

Ivan Wallis

Architect, Cloud Native Solutions at Venafi, CyberArk

For more than 20+ years, Ivan has been a trusted advisor to some of the largest enterprise customers with PKI, code signing, SSH, TLS, and cryptographic systems, and is passionate about helping security teams acquire and implement machine identity management solutions. He closely... Read More →

Thursday April 3, 2025 13:15 - 14:15 BST
Level 1 | Hall Entrances S8 - S9, N8 - N9

🪧 Poster Sessions, Security

Content Experience Level Any

13:15 BST

🪧 Poster Session: NOMADIC: How To Build a Flexible and Automated Compute Continuum From a Telco Operator’s Perspective - Xuan Du & Adam Morsman, BT

Thursday April 3, 2025 13:15 - 14:15 BST

Level 1 | Hall Entrances S8 - S9, N8 - N9

Telco cloud infrastructure is challenged on both a horizontal scale, as it extends towards the edge, and a vertical scale, given stringent KPIs from telco workloads. Thus, leveraging a blend of heterogeneous hardware such as multi-arch CPUs, GPUs, and other accelerators, and deploying them at large-scale and highly distributed locations is vital to having the most energy-efficient and cost-effective network.

What technologies from open-source and cloud-native communities can help address these challenges? NOMADIC (Network-oriented Multi-architecture Distributed Infrastructure as Code) is an answer by applying the declarative approach, DevOps practices, and self-service principles to demonstrate automated lifecycle management of telco cloud.

However, this presents yet unanswered questions on how to advertise heterogeneous resources so that intelligence driven workload placement can be achieved. A “single pane of glass” could enable this, but what implementation should this take?

Speakers

Adam Morsman

Research Professional, BT

Adam started his career as an apprentice in the research department at BT studying Digital and Technology Solutions Degree with a specialism in Data Analysis from the University of Exeter. Following completion of the apprenticeship in 2022 he began his current role of Research Professional... Read More →

Xuan Du

Senior Research Specialist, BT Group

Xuan Du is currently a Senior Research Specialist in the Cloud Infrastructure Centre of Excellence at BT Research in the UK, where he focuses on cloud-native technologies and approaches for building and running telco cloud infrastructure to host telco workloads, including radio access... Read More →

Thursday April 3, 2025 13:15 - 14:15 BST
Level 1 | Hall Entrances S8 - S9, N8 - N9

🪧 Poster Sessions, Platform Engineering

Content Experience Level Intermediate

13:15 BST

🪧 Poster Session: Optimising OpenCRVS Deployment With Kubernetes: Lessons for DPI Adoption in the Global South - Andrew Amstrong Musoke, Upanzi DPI Network & Samuel Emmanuel, Carnegie Mellon University-Africa (Upanzi Network)

Thursday April 3, 2025 13:15 - 14:15 BST

Level 1 | Hall Entrances S8 - S9, N8 - N9

Open source Digital Public Infrastructure, DPI is the leading approach for lowering the barrier of digital transformation for governments in the global south and boosting inclusive socio-economic development.
Lower technical skills, heterogeneous digital infrastructure and fragmented digital sovereignty significantly hinder the adoption and scalability of critical public services like OpenCRVS, a project for civil registration and vital statistics.
Learn how a Kubernetes based architecture addresses these challenges, using OpenCRVS as a case study to demo a shift from inefficient, manual deployments with artisanal scripts to an out-of-box and automated process while reducing the resource footprint. Explore the practical strategies employed to optimize and deploy OpenCRVS in a heterogenous air-gapped environment, reducing development and deployment times from months to days while enhancing security and maintainability. The lessons we gleaned are recommendations for DPIs in general.

Speakers

Andrew Amstrong Musoke

Research Engineer, Upanzi DPI Network

Andrew is a Cloud and DevSecOps engineer aspiring to architect affordable, scalable and secure cloud solutions to accelerate the digitalization of Africa.He is currently exploring DPI deployability as a research engineer with CMU in Rwanda. He also has a passion for capacity building... Read More →

Samuel Emmanuel

Research Engineer at Carnegie Mellon University-Africa, Carnegie Mellon University-Africa (Upanzi Network)

Samuel Eneojo Emmanuel is a Research Engineer at Carnegie Mellon University-Africa (Upanzi Network), focusing on Digital Public Infrastructures (DPIs) and Digital Public Goods (DPGs). He is passionate about cloud-native technologies, AIOps, and their applications in Africa. With a... Read More →

Thursday April 3, 2025 13:15 - 14:15 BST
Level 1 | Hall Entrances S8 - S9, N8 - N9

🪧 Poster Sessions, Emerging + Advanced

Content Experience Level Any

13:15 BST

🪧 Poster Session: Reliable K8s Resource Submission & Bookkeeping - Tiancheng Yin & Yao Lin, Bloomberg

Thursday April 3, 2025 13:15 - 14:15 BST

Level 1 | Hall Entrances S8 - S9, N8 - N9

At Bloomberg, we maintain a cloud-native container orchestration platform for general utility compute. This internal service offering has seen rapid growth, which imposes challenges related to the reliability of resource submission and post-deployment status tracking.

Creating resources in a cluster is easy. Developers could build an API that performs resource creation against the Kubernetes API server. However, it gets complicated if and when the API needs to support large volumes of resource creation requests in multiple clusters.

In this talk, we will explore our current implementation of resource submission and bookkeeping, which utilizes in-cluster pull agents and source-of-truth. We will then compare this to our proposed solution, which involves a highly available PostgreSQL database, a Kubernetes resource watcher, and Apache Kafka. We will conclude our talk with a proposed design that allows for more reliable resource submission and post-deployment status tracking.

Speakers

Yao Lin

Senior Software Engineer, Bloomberg

Yao Lin is a senior software engineer at Bloomberg, where she has worked for six years. She works as a platform engineer on the company's workflow orchestration platform, which is built on Kubernetes and hosts Argo Workflows as its orchestration back-end. This multi-tenant platform... Read More →

Tiancheng Yin

Senior Software Engineer, Bloomberg

Gabriel Yin is a senior software engineer on the Workflow Orchestration Platform engineering team at Bloomberg, which is built on Kubernetes and hosts Argo Workflows as its orchestration back-end. With years of experience in data science, he is now building a general utility compute... Read More →

Thursday April 3, 2025 13:15 - 14:15 BST
Level 1 | Hall Entrances S8 - S9, N8 - N9

🪧 Poster Sessions, Platform Engineering

Content Experience Level Any

14:15 BST

Linkerd Update: Gateway API, Client-Specific Policy, Federated Services, Multicluster, Rust, & More! - Oliver Gould, Buoyant

Thursday April 3, 2025 14:15 - 14:40 BST

Platinum Suite | Level 3 | Room 3-4

The last year has seen a lot of features added to Linkerd, and we’re not slowing down! In this latest project update, you'll learn about the latest developments and upcoming features from Linkerd maintainers and directors. We'll discuss new Gateway API developments, client-specific policy configuration, improvements to federated Services and multicluster UX, and more. Come prepared to learn about the world's fastest, lightest service mesh!

Speakers

Oliver Gould

Linkerd Creator, Buoyant

Oliver is the creator of Linkerd.

Thursday April 3, 2025 14:15 - 14:40 BST
Platinum Suite | Level 3 | Room 3-4

Maintainer Track, Linkerd

14:15 BST

AI Workload Preemption in a Multi-Cluster Scheduling System at Bloomberg - Leon Zhou & Wei-Cheng Lai, Bloomberg

Thursday April 3, 2025 14:15 - 14:45 BST

Level 1 | Hall Entrance S10 | Room B

As Bloomberg’s usage of AI continues to grow rapidly, it is critical to ensure that those workloads with high business impact are prioritized to use the firm’s available GPU resources. As a result, Bloomberg’s Data Science Platform engineering team has implemented Karmada’s Priority and Preemption feature to efficiently manage the sequencing of machine learning (ML) workloads using a multi-cluster scheduling system.

This talk will discuss the challenges of balancing resource allocation between high-priority and lower-priority ML batch jobs, and how Karmada helps ensure that business-critical workloads are not starved of resources during periods of high contention. Attendees will gain practical insights into configuring and managing multi-cluster environments, ensuring timely execution of ML jobs while maintaining cluster efficiency. This session is ideal for Kubernetes' administrators and engineers who are managing large-scale ML workloads.

Speakers

Leon Zhou

Software Engineer, Bloomberg LP.

Leon Zhou is a software engineer on the Data Science Platform engineering team at Bloomberg. With prior NLP experience, he is now building ML platforms to facilitate machine learning development. He is interested in ML infrastructure to enable large-scale training and complex pipelines... Read More →

Wei-Cheng Lai

Software Engineer, Bloomberg

Wei-Cheng Lai is a software engineer on Bloomberg's Data Science Platform engineering team. He is an open source contributor to Karmada and Kubeflow, and focuses on building ML training platforms on Kubernetes to facilitate training processes, enable large-scale training, and provide... Read More →

Thursday April 3, 2025 14:15 - 14:45 BST
Level 1 | Hall Entrance S10 | Room B

AI + ML

Content Experience Level Intermediate

14:15 BST

Cloud Native Communities in Action: How Japan Shaped Its Path To KubeCon - Ota Kohei, Apple; Shu Muto, NEC Solution Innovators, Ltd.; Yuichi Nakamura, Hitachi, Ltd.; Sunyanan Choochotkaew, IBM Research; Noriaki Fukuyasu, The Linux Foundntion

Thursday April 3, 2025 14:15 - 14:45 BST

Level 1 | Hall Entrance N10 | Room H

This session will discuss the importance of local communities in bridging the gap between local developers and the global cloud-native ecosystem.

Since the beginning of KubeCon history back in 2015, adding new regions to the KubeCon calendar is a rare milestone, and we imagine many attendees may wonder what it takes to bring this flagship event to their own regions.

By focusing on the Japanese community’s journey, we will examine the ongoing efforts to build strong networks while facing challenges like language, timezone and regional barriers that continue to hinder international engagement.

This panel will also share the unique challenges faced by Asian communities, such as linguistic and cultural differences, and what lessons attendees can take back to strengthen their own regional ecosystems—and perhaps even host KubeCon in their region one day.

Speakers

Noriaki Fukuyasu

VP of Japan Operations, The Linux Foundation

VP of Japan Operations at Linux Foundation.

Yuichi Nakamura

Head of OSPO, Hitachi,Ltd

Yuichi Nakamura,Ph.D has been engaged with OSS over 20 years, contributed to SELinux, given presentations in many OSS events such as Linux Security Summit, Embedded Linux Conference and KubeCon. He also launched ecosystem of business and OSS contribution model based on Keycloak in... Read More →

Kohei Ota

Senior Field Engineer, Apple

Kohei Ota is a Senior Field Engineer at Apple. He is one of the Japanese localization leads for Kubernetes SIG Docs, and prev KubeCon speaker and co-chair of KubeDay Japan 2024. Beyond his professional roles, Kohei is instrumental in organizing CloudNative Days, the most prominent... Read More →

Shu Muto

Principal Software Engineer, NEC Solution Innovators, Ltd.

Shu Muto is a maintainer for the Kubernetes Dashboard since Autumn 2019 and a chair for SIG UI. Previously, he contributed to the OpenStack Dashboard and its plugins as a core developer from 2015. Shu also develops WebRTC applications. He organizes Kubernetes Upstream Training Japan... Read More →

Sunyanan Choochotkaew

Staff Research Scientist, IBM Research

Sunyanan Choochotkaew is a staff research scientist at IBM Research - Tokyo, specializing in distributed computing and performance acceleration on cloud platforms. She holds the role of maintainer of Kepler project. She has made contributions to Environmental Sustainability TAG, operator... Read More →

Thursday April 3, 2025 14:15 - 14:45 BST
Level 1 | Hall Entrance N10 | Room H

Cloud Native Experience

Content Experience Level Any

14:15 BST

KubeCon FamilyFortune, Episode 2 - Tim Hockin, Google & Lucy Sweet, Uber

Thursday April 3, 2025 14:15 - 14:45 BST

Level 0 | ICC Auditorium

Join us for a rousing game of Family Fortune (Family Feud to our friends across the pond)! We will have silly questions with even sillier answers, as we try to guess what our global community of Kubernauts think.

Speakers

Tim Hockin

Distinguished Software Engineer, Google

Tim has spent most of his career at Google, where he works on Kubernetes and Google Kubernetes Engine (GKE). He is one of the technical leads of the Kubernetes project, and has been part of it since before it was publicly announced. He mostly pays attention to topics like APIs, networking... Read More →

Lucy Sweet

Senior Software Engineer, Uber

Lucy is a Senior Software Engineer at Uber Denmark who works on platform infrastructure

Thursday April 3, 2025 14:15 - 14:45 BST
Level 0 | ICC Auditorium

Cloud Native Experience

Content Experience Level Any

14:15 BST

How We Moved Spotify To a Proxyless gRPC Service Mesh - Erik Lindblad & Erica Manno, Spotify

Thursday April 3, 2025 14:15 - 14:45 BST

Level 1 | Hall Entrance N10 | Room E

This talk tells the story of how Spotify transitioned its service network from a decade old DNS based service discovery to a modern service mesh built on the xDS API’s from the Envoy project. The talk covers the research and design considerations for this new system, and how it draws full advantage of native support in gRPC for both xDS and proxyless load balancing to support Spotify’s scale (2 million kubernetes pods) without the performance impact of traditional service mesh setups. The audience will learn how this setup was used to build three important mesh capabilities at Spotify: dynamic traffic splitting, a service call graph and zone aware routing.

This is a case study, so the talk will also cover operational considerations like safe rollouts using fast fallback mechanisms, and how to use gRPC’s custom load balancer support to do a centrally managed rollout that’s transparent to teams using your platform.

Speakers

Erik Lindblad

Staff Engineer, Spotify

Erik works as a Staff Engineer in Spotify's Infrastructure department since 2018, and at Spotify since 2013. He has led work on several major infrastructure projects, like global load balancing, service mesh and cloud cost performance.

Erica Manno

Senior Software Engineer, Spotify

I am Senior Software Engineer at Spotify based out of Italy, working in Core Infrastructure. I am passionate about distributed systems, reliability at scale and solving infrastructure-related challenges. Prior to Spotify, I worked at Verisign as a tech lead building the registry for... Read More →

Thursday April 3, 2025 14:15 - 14:45 BST
Level 1 | Hall Entrance N10 | Room E

Connectivity

Content Experience Level Intermediate

14:15 BST

eBPF and Wasm: Unifying Userspace Extensions With Bpftime - Yusheng Zheng, eunomia-bpf

Thursday April 3, 2025 14:15 - 14:45 BST

Level 1 | Hall Entrance S10 | Room D

In cloud-native systems, extending and customizing applications is key to improving development, deployment, and observability. eBPF is powerful for kernel-level enhancements, and WebAssembly brings extension to userspace. Yet, both face challenges when userspace extensions need to interact deeply with host applications. eBPF's kernel-focused design struggles in diverse userspace environments, and Wasm’s sandboxing introduces overhead and complexity due to extra checks and data copying. Enter bpftime, a framework that extends eBPF’s capabilities into userspace. Using dynamic binary instrumentation, bytecode verification, and hardware isolation, bpftime allows secure, high-performance extensions without the overhead of Wasm’s sandboxing. This talk explores how bpftime works with the eBPF Interface to simplify userspace extensions, compares the evolution of eBPF and Wasm, and shows how bpftime can power observability, networking, and other cloud-native extensions.

Speakers

Yusheng Zheng

OSS maintainer, eunomia-bpf

Yusheng Zheng is an open-source maintainer and researcher focused on improving complex systems through comprehensive understanding and strategic, small-scale modifications. As the co-founder of the eunomia-bpf open-source community and a PhD student, Yusheng is at the forefront of... Read More →

Thursday April 3, 2025 14:15 - 14:45 BST
Level 1 | Hall Entrance S10 | Room D

Emerging + Advanced

Content Experience Level Advanced

14:15 BST

Multi-cluster Orchestration System: Karmada Updates and Use Cases - Hongcai Ren, Huawei & Joe Nathan Abellard, Bloomberg

Thursday April 3, 2025 14:15 - 14:45 BST

Platinum Suite | Level 3 | Room 1-2

Karmada (Kubernetes Armada) is a Kubernetes management system that enables you to run your cloud-native applications across multiple Kubernetes clusters and clouds.

In this presentation, the maintainer of the Karmada project will share:

- A Brief introduction to Karmada, including what it is and why you need it.

- Key features and real-world use cases

- Overview of the community, including the governance and how it works

- New features over the last year

- Next Plan

- QA

Speakers

Joe Nathan Abellard

Senior Software Engineer, Bloomberg

Joe Nathan Abellard is a Senior Software Engineer working on Bloomberg's Managed Compute engineering team. He enjoys solving technical problems, and is a contributor to the CNCF Karmada project.

Hongcai Ren

Senior Software Engineer, Huawei

Hongcai Ren(@RainbowMango) is the CNCF Ambassador, who has been working on Kubernetes and other CNCF projects since 2019, and is the maintainer of the Kubernetes and Karmada projects.

Thursday April 3, 2025 14:15 - 14:45 BST
Platinum Suite | Level 3 | Room 1-2

Maintainer Track, Karmada

14:15 BST

Redesigning Ingress: Docker’s Transition To the Next-Gen Gateway API - Kateryna Nezdolii & Ryan Hristovski, Docker

Thursday April 3, 2025 14:15 - 14:45 BST

Level 3 | ICC Capital Suite 14-16

This presentation shares Docker's journey in redesigning its ingress system and migrating live traffic from a HAProxy and Nginx-based perimeter to an Envoy Gateway-powered ingress. The talk delves into the critical design decisions behind choosing Envoy Gateway, the challenges encountered, and the solutions that ensured a smooth transition.

Attendees will gain insights into implementing decentralized routing configurations with safe defaults and managing live migrations using techniques like safe canary rollouts with fast rollback mechanisms to ensure zero downtime.

Operational considerations, including latency optimization and improving developer experience, will also be discussed. This session will provide practical, actionable guidance for anyone seeking to build a cloud-native, scalable, and reliable ingress system.

Speakers

Kateryna Nezdolii

Engineer, Docker

Kateryna is an Infrastructure engineer at Docker where she works on Ingress initiative. Throughout her career she has been passionate about open source and cloud native technologies. Prior to joining Docker she has been part of Spotify Traffic Team where her focus was on shaping and... Read More →

Ryan Hristovski

Senior Software Engineer, Infrastructure, Docker, Inc

Ryan is a Senior Software Engineer at Docker specializing in distributed systems and networking. He led Docker’s migration from HAProxy to Envoy Gateway and introduced IPv6 support to the world’s most trafficked image registry, Docker Hub. Additionally, he drove the inception... Read More →

Thursday April 3, 2025 14:15 - 14:45 BST
Level 3 | ICC Capital Suite 14-16

Maintainer Track, Envoy

14:15 BST

Securing the Gateway: A Deep Dive Into Envoy Gateway's Advanced Security Policy - Huabing (Robin) Zhao, Tetrate

Thursday April 3, 2025 14:15 - 14:45 BST

Level 3 | ICC Capital Suite 10-12

Envoy Gateway, a growing project within the Envoy ecosystem, has steadily gained traction since its release, with v1.3 now available and adoption expanding across various production environments. It efficiently manages Envoy-based application gateways, fully complying with the Kubernetes Gateway API while extending its capabilities through custom resource definitions (CRDs) to address areas beyond the Gateway API's current scope. Envoy Gateway's Security Policy simplifies access to Envoy's robust security features, eliminating the need for users to navigate complex Envoy configurations. These features include CORS, JWT authentication, Basic Auth, OpenID Connect (OIDC), External Authentication (Ext Auth), and more. This session includes a demo showcasing OIDC authentication and authorization based on JWT claims, offering practical insights for enhancing application security—whether you're an experienced Envoy user or new to open source.

Speakers

Huabing Zhao

Engineer, tetrate

Huabing Zhao is a software engineer at Tetrate and a CNCF ambassador. He has developed a managed service mesh product on the cloud and assisted a lot of users in deploying Istio service mesh in production. He also founded Aeraki Mesh, a CNCF sandbox project that facilitates non-HTTP... Read More →

Thursday April 3, 2025 14:15 - 14:45 BST
Level 3 | ICC Capital Suite 10-12

Maintainer Track, Envoy

14:15 BST

SIG Network Intro and Updates - Dan Winship & Nadia Pinaeva, Red Hat; Bowei Du, Google; Daman Arora, Broadcom

Thursday April 3, 2025 14:15 - 14:45 BST

Level 3 | ICC Capital Suite 7-9

SIG Network is responsible for networking for Kubernetes clusters, and there's never a shortage of interesting problems to solve in this space. In this session we'll provide some updates about SIG Network as a whole, including:

* status and progress of core networking components
* status and progress of sub-projects
* considerations for the future

If you're interested in hearing about what's going on in the networking space, or maybe even interested in joining the SIG and finding a place to contribute, please join us!

Speakers

Bowei Du

Senior Staff Engineer, Google

Bowei is a lead on Kubernetes Networking at Google. He has worked on various topics in SIG-NETWORK, the most recent being helping shepard the new Gateway APIs (https://gateway-api.sigs.k8s.io/)

Nadia Pinaeva

Senior Software Engineer, Red Hat

Nadia Pinaeva is a Senior Software Engineer at Red Hat working on Openshift Networking. She collaborates with the SIG-network-policy to improve network security for Kubernetes clusters, and works on ovn-kubernetes network plugin.

Daman Arora

Software Engineer, Broadcom

Trying to maintain kube-proxy.

Dan Winship

Colin Griffin is CEO at Krumware, and a Co-Chair of the CNCF Platforms Working Group. Colin Griffin is a software engineer by trade, specializing in cloud-native application and infrastructure development; with an emphasis on developer enablement and platform engineering. He founded... Read More →

Valentina Rodriguez Sosa

Principal Architect, Red Hat

Valentina Rodriguez is a Principal Technical Marketing Manager at Red Hat, focusing on the developer journeys in Kubernetes and emerging technologies. She loves contributing to the community, such as co-organizing KCD NY, and the industry and has spoken at conferences such as O'Reilly... Read More →

Simon Forster

Technical Architect and CNCF Ambassador, Stackegy

Danielle Cook

StackGen, VP

Thursday April 3, 2025 14:15 - 14:45 BST
Level 0 | ICC Capital Hall | Room 1

Platform Engineering

Content Experience Level Any

14:15 BST

Set Your Developers Free: Fleet Management at Spotify - Tim Hansen, Spotify

Thursday April 3, 2025 14:15 - 14:45 BST

Level 0 | ICC Capital Hall | Room 2

Migrations, security patches, and dependency upgrades are a necessary toil, but not one that your developers have to suffer through. Learn about Spotify’s approach to managing its fleet of over 10,000 software components — and how we patched the Log4J vulnerability across most of our software in 6 hours.

Fleet Management has freed our developers to focus on impactful software development — rather than the toil of dependency upgrades and migrations. Through automation, our percentage of software that’s up-to-date jumped from 10% to 80%, and security vulnerabilities were cut in half. Spotify orchestrates hundreds of changes, across thousands of repositories, and releases them to production — all without developer intervention.

Speakers

Tim Hansen

Staff Engineer, Spotify

Tim is a staff engineer at Spotify who works in the Platform organization to decrease infrastructure toil for Spotify developers, focused on the open-source Backstage platform. Prior to this, he worked in FinOps at Spotify, focused on reducing cloud infrastructure costs.

Thursday April 3, 2025 14:15 - 14:45 BST
Level 0 | ICC Capital Hall | Room 2

Platform Engineering

Content Experience Level Any

14:15 BST

Simplify Kubernetes Operator Development With a Modular Design Pattern - Mostafa Hadadian & Alexander Lazovik, University of Groningen

Thursday April 3, 2025 14:15 - 14:45 BST

Level 1 | Hall Entrance N10 | Room F

Kubernetes operators automate complex application management. However, building and maintaining them poses significant challenges. Custom Resource Definitions (CRDs) are painful to evolve once established, and controllers’ logic becomes increasingly complex over time. We learned these lessons the hard way through years, but you don't have to.

We present a design pattern that simplifies Kubernetes operator development by decomposing CRDs into manageable pieces and controllers into more focused microcontrollers. This pattern decouples K8s instructions from controllers' logic by leveraging Helm charts for translating CRD specifications into Kubernetes resources. As a result, our solution reduces code and maintenance complexities, accelerates iteration, and provides an efficient development workflow.

Finally, we share a real-world implementation of our design in the Netherlands' water sector that accelerates AI stream processing application delivery.

Speakers

Mostafa Hadadian

AI/MLOps Innovator| Founder & CEO, University of Groningen | CAIDEL

Alexander Lazovik

Professor in Distributed Systems, University of Groningen

Alexander Lazovik, Professor of Distributed Systems at the University of Groningen since 2009, specializes in AI, optimization in distributed environments, cloud computing, and scalable IT infrastructures. He earned his Ph.D. from the University of Trento in 2006 on the topic of Interaction... Read More →

Thursday April 3, 2025 14:15 - 14:45 BST
Level 1 | Hall Entrance N10 | Room F

Platform Engineering

Content Experience Level Intermediate

14:15 BST

Mind the Gap: Bridging Supply Chain Policy With Git-less GitOps and GUAC - Michael Lieberman, Kusari & Andrew Martin, ControlPlane

Thursday April 3, 2025 14:15 - 14:45 BST

Level 1 | Hall Entrance S10 | Room C

In a live supply chain attack demo, we demonstrate the latest security features of Flux CD and OpenSSF GUAC together in a hardened, wide-scale production scenario. When the next XZ or log4shell vulnerability lands, see how to assess, respond, and prevent proliferation before or after an attacker gets a foothold in your systems.

See how to defend against an assault on your dependency tree, prevent hostile insiders from escalating their privilege, and lock down your production environment to harden it against future threats.

We:
Use OCI-first Flux CD to remove network routes to Git servers from production
GUAC to manage dependency inventory and bring signal to the noise of CVE updates
Timoni to reliably patch, customise, and verify deployments before release
Flux Autopilot to roll out multi-tenancy lockdown, horizontal and vertical scaling, and persistent storage across fleets of clusters

Speakers

Michael Lieberman

CTO, Kusari

Michael Lieberman is co-founder and CTO of Kusari where he helps build transparency and security in the software supply chain. Michael is an active member of the open-source community, co-creating the GUAC and FRSCA projects and co-leading the CNCF’s Secure Software Factory Reference... Read More →

Andrew Martin

CEO, ControlPlane

Andrew has an incisive security engineering ethos gained building and destroying high-traffic web applications. Proficient in systems development, testing, and operations, he is at his happiest profiling and securing every tier of a cloud native system, and has battle-hardened experience... Read More →

Thursday April 3, 2025 14:15 - 14:45 BST
Level 1 | Hall Entrance S10 | Room C

Security

Content Experience Level Intermediate

14:15 BST

Tutorial: Rock, Paper, Scissors! Build an AI-powered Interactive Game With Argo CD and Kubeflow - Natale Vinto, Daniel Oh, Roberto Carratala & Alex Soto Bueno, Red Hat; Hind Azegrouz, Intel

Thursday April 3, 2025 14:15 - 15:30 BST

Level 1 | Hall Entrance N11

Explore the exciting world of modern and AI-powered application development with our hands-on lab. This comprehensive session will guide you through the process of deploying and upgrading models, pipelines, and more for the classic game of Rock Scissors Paper, showcasing the capabilities of Kubeflow and Argo CD.

Throughout the lab/demo, you will:

- Learn how to deploy an AI model for the interactive game using Argo CD & KServe Model Mesh
- Discover how data scientists can efficiently test and experiment with their models
- Visualize model automation based on Kubeflow pipelines
- Utilize Argo CD for streamlined applications deployment and updates
- Implement GitOps methodology for enhanced collaboration and automation in AI application development and deployment

At the end of the sessions attendees will have a better understanding of the CI/CD for AI and Apps and how to combine both with Argo CD and GitOps for a perfect match in Kubernetes!

Speakers

Roberto Carratala

AI Architect, Red Hat

Cloud Services Black Belt specialized in Container Orchestration Platforms (OpenShift & Kubernetes), Cloud Services, DevSecOps and CICD.

Daniel Oh

Senior Principal Developer Advocate, Red Hat

Daniel Oh is a Java Champion and Senior Principal Developer Advocate at Red Hat to evangelize developers for building cloud-native apps and serverless ob Kubernetes ecosystems. He's also contributing to various cloud open-source projects and ecosystems as a CNCF ambassador for accelerating... Read More →

Natale Vinto

Director of Developer Advocacy, Red Hat

Natale Vinto is a Software Engineer with more than 10 years of expertise on IT and ICT technologies, and a consolidated background on Telecommunications, DevOps and Linux operating systems. Today Natale is Director of Developer Advocacy at Red Hat and author of "Modernizing Enterprise... Read More →

Hind Azegrouz

EMEA AI Inference Lead, Intel

Alex Soto Bueno

Developer Advocate, Red Hat

Thursday April 3, 2025 14:15 - 15:30 BST
Level 1 | Hall Entrance N11

Tutorials, Application Development

Content Experience Level Advanced

14:15 BST

🚨 Contribfest: Enhancing Your Developers Experience With Score

Thursday April 3, 2025 14:15 - 15:30 BST

Level 3 | ICC Capital Suite 1

Join us to contribute to Score, a CNCF Sandbox project. Score, as a developer-centric and platform-agnostic workload specification, aims to ensure consistent configuration between local and remote environments.
In this session, we will guide your through how you can contribute to either the docs (in Markdown), the source code of score-go library (in Go) or the two CLIs implementations: score-compose and score-k8s (in Go).
Attendees who would like to fix bugs and implement new features can pair program with maintainers to directly contribute and have impact to the Score project. We will also guide anyone who would like to write their own provisioners to provision external dependencies with OpenTofu, Crossplane, etc.

Speakers

Mathieu Benoit

Cloud Native Ambassador & Customer Success Engineer, Humanitec

Ben Meier

Principal Engineer, Humanitec

I'm a principal engineer at Humanitec working on the backend orchestration services that power the Platform Orchestrator. At the same time, I contribute to the Score CNCF project and its open source implementations and tools that define the standard workload specification.

Chris Stephenson

CTO Humanitec, Score maintainer, Humanitec

Chris has been building platforms to help developers be more effective and less dependant on others for over 10 years. He has experience working in the City of London, Google and also a number of startups. In his current role as CTO at Humanitec he is trying to package what he has... Read More →

Thursday April 3, 2025 14:15 - 15:30 BST
Level 3 | ICC Capital Suite 1

🚨 Contribfest, Score

14:15 BST

🚨 Contribfest: Kubernetes Observability Simplified: Build, Debug & Monitor With Inspektor Gadget

Thursday April 3, 2025 14:15 - 15:30 BST

Level 3 | ICC Capital Suite 17

Join us for an interactive session exploring Kubernetes observability and debugging with Inspektor Gadget! This powerful project combines eBPF tools and a systems inspection framework tailored for Kubernetes, containers, and Linux hosts.

The session kicks off with an introduction to Inspektor Gadget, followed by hands-on guidance to set up your development environment (we’ll do most of the heavy lifting for you ahead of time). Participants will learn about the concept of "gadgets" and create their own simple "Hello World" gadget. From there, you can explore various ways to contribute:

- Develop new gadgets for emerging use cases.
- Enhance existing gadgets with additional capabilities.
- Collaborate on brainstorming innovative features.

Whether you’re looking to use Inspektor Gadget for debugging or dive deeper into creating gadgets, this session has something for everyone.

Speakers

Burak Ok

Software Engineer, Microsoft

Burak has been working in tech for over 10 years in his free time. After he discovered Open Source he joined the Azure Core Linux group at Microsoft, where his focus is on enhancing observability for containers and Kubernetes clusters through Inspektor Gadget. Apart from tech he loves... Read More →

Michael Friese

Senior Software Engineer, Microsoft

Michael is a Senior Software Engineer at Microsoft, specializing in Kubernetes, containers, eBPF, networking, and security. He is currently contributing to Inspektor Gadget, an open-source observability, security and debugging tool under the CNCF.

Qasim Sarfraz

Software Engineer, Microsoft

Software engineer with experience in cloud-native software development and system engineering

Thursday April 3, 2025 14:15 - 15:30 BST
Level 3 | ICC Capital Suite 17

🚨 Contribfest, Inspektor Gadget

15:00 BST

Autonomous AI Agents in Production: Slashing Cloud Cost Root Cause Analysis From Hours To Minutes - Ilya Lyamkin, Spotify

Thursday April 3, 2025 15:00 - 15:30 BST

Level 1 | Hall Entrance S10 | Room B

As cloud infrastructures scale, traditional cost monitoring struggles to identify root causes of spending anomalies. This technical deep-dive shows how autonomous AI agents transformed our cost observability pipeline, reducing root cause analysis time from hours to under 5 minutes. We'll examine the agent architecture including deployment patterns, distributed cost tracing, and automated analysis workflows. Learn how we engineered AI agents to correlate cost signals across cloud services, implemented real-time pattern recognition with ML models, and built resilient feedback loops. Through production examples, we'll share our journey from manual investigation to automated root cause identification, including challenges in scaling agent intelligence. Attendees will gain practical insights into building their own AI-powered cost analysis system that scales with their infrastructure.

Speakers

Ilya Lyamkin

Senior Software Engineer, Spotify

Ilya leads the cost tooling infrastructure team at Spotify, driving cloud optimization initiatives through AI-driven analysis tools. Over the past two years, his team pioneered autonomous cost optimization systems that significantly reduced anomaly detection time. With 8 years of... Read More →

Thursday April 3, 2025 15:00 - 15:30 BST
Level 1 | Hall Entrance S10 | Room B

AI + ML

Content Experience Level Intermediate

15:00 BST

Cloud Native Wheel of Fortune: 5 Spins for 5 Topics! - Steve Wade, Independent & Matteo Bianchi, GitHub

Thursday April 3, 2025 15:00 - 15:30 BST

Level 0 | ICC Auditorium

Reimagine the traditional conference talk in this dynamic, audience-driven session. You'll choose five topics from a curated list of 10 hot cloud-native themes.

Our catalogue includes cloud-native security, eBPF, cloud sustainability, GitOps, Platform Engineering, Networking, Service mesh, and the Kubernetes Release Cycle, but you can also add your proposal. The choice is yours!

Matteo and Steve will guide you through each chosen subject, offering expert insights, real-world applications, and actionable takeaways. This rapid-fire format promises a high-energy, engaging experience tailored to your interests.

This session offers a unique blend of breadth and depth, allowing you to explore multiple facets of the cloud native ecosystem in a compact timeframe. You'll expand your knowledge and hone your ability to quickly grasp and apply diverse cloud-native concepts - an invaluable skill in today's rapidly evolving tech landscape.

Speakers

Steven

Cloud Native Consultant & Trainer, Independent

Steve Wade founded The Cloud Native Club, a global community for cloud-native enthusiasts, and maintains the Flux Terraform Provider. As an experienced conference speaker, independent cloud-native consultant, and trainer, Steve shares his expertise worldwide. He has held platform... Read More →

Matteo Bianchi

Solutions Engineer, GitHub

Matteo is a CNCF Ambassador and Cloud Native aficionado, a former startup CTO, DevRel and current Solution Engineer. Kubernetes open source contributor, part of the release team since v.1.31, Comms Release Lead for v.1.32 and Release Lead Shadow for v.1.33Hacker, builder and problem... Read More →

Thursday April 3, 2025 15:00 - 15:30 BST
Level 0 | ICC Auditorium

Cloud Native Experience

Content Experience Level Any

15:00 BST

Hot Takes: Kubernetes Paintainers Bring the Heat - Ian Coldwater, Docker; Marly Salazar, Integral Ad Science; Taylor Dolezal, Cloud Native Computing Foundation; Kat Cosgrove & Xander Grzywinski, Independent

Thursday April 3, 2025 15:00 - 15:30 BST

Level 1 | Hall Entrance N10 | Room H

Ever wondered what happens behind the scenes of one of the world's largest open source projects? Join us for a spicy twist on the traditional panel format, where Kubernetes SIG leads tackle increasingly challenging questions about project governance, technical architecture decisions, and community building - all while braving progressively hotter…hot sauces!

Modeled after the popular "Hot Ones" interview format, this session features technical leaders from across Kubernetes sharing candid insights about the joys and challenges of OSS maintenance. As the heat builds, they'll reveal the inside story of key technical decisions, discuss strategies for building consensus across competing interests, and share invaluable advice for aspiring contributors.

Whether you're a current maintainer, a new contributor, or just curious about Kubernetes development, watch these brave maintainers bring the heat - literally and figuratively!

Speakers

Ian Coldwater

Senior Principal Security Architect, Docker

Ian Coldwater is co-chair of Kubernetes SIG Security, a longtime community organizer, and a security researcher specializing in hacking and hardening Kubernetes, containers, and cloud native infrastructure. When they're not busy making good trouble, they like to read all the docs... Read More →

Kat Cosgrove

Open Source Advocate, Independent

Kat is a Developer Advocate focused on the growth and nurturing of open source through authentic contribution. In particular, her specialties are approachable 101-level content and deep dives on the history of technology, with a focus on DevOps and cloud native. She was the Kubernetes... Read More →

Taylor Dolezal

Head of Ecosystem, Cloud Native Computing Foundation

Taylor Dolezal, Head of Ecosystem at CNCF, is an experienced technologist with a passion for cloud native technologies. He has a rich background in software development, infrastructure management, and open source and is deeply committed to community-building and knowledge sharing... Read More →

Xander Grzywinski

Open Source Program Manager, Independent

Xander is an open source program manager with experience at a wide array of companies. Previously he worked in various roles on platform and open source teams at Microsoft, Twitter, Apple, and HashiCorp. When not at a computer, you'd most likely find him at a pottery wheel.

Marly Salazar

Staff Engineer, Integral Ad Science

Thursday April 3, 2025 15:00 - 15:30 BST
Level 1 | Hall Entrance N10 | Room H

Cloud Native Experience

Content Experience Level Any

15:00 BST

Encryption, Identities, and Everything in Between; Building Secure Kubernetes Networks - Lior Lieberman, Google & Igor Velichkovich, Stealth Startup

Thursday April 3, 2025 15:00 - 15:30 BST

Level 1 | Hall Entrance N10 | Room E

As the scale of your clusters grows, so does the complexity of securing your networks. The stakes are high: inadequate encryption or identity management solutions can leave clusters vulnerable to a range of security risks.

In this session, Lior and Igor will explore the landscape of network encryption, AuthN and AuthZ solutions grounded in the principles of defense-in-depth and least privilege. Starting with the current projects in the ecosystem, they’ll highlight the principles and design requirements essential for building resilient, secure networks. The session will then dive into real-world scenarios where you’ll learn security strategies at scale. Finally, they’ll highlight how the community can work together to standardize and simplify encryption and identity management, making security more accessible and robust for all users.

Join us! We’d also love your feedback to help drive the future of Kubernetes network security.

Speakers

Igor Velichkovich

Software Engineering Lead, Stealth Startup

Igor is an engineering lead at a stealth startup focused on accelerated infrastructure and high performance compute. He has worked with sig-api-machinery (CEL) and continues work with various projects of kubernetes-sigs used in accelerated infrastructure environments.

Lior Lieberman

Site Reliability Engineer, Google

Lior is site reliability engineer at Google working on Google Compute Engine and Cloud Service Mesh. He is a leading maintainer of ingress2gateway, and an active contributor to Kubernetes SIG network focused on Gateway API.

Thursday April 3, 2025 15:00 - 15:30 BST
Level 1 | Hall Entrance N10 | Room E

Connectivity

Content Experience Level Intermediate

15:00 BST

Dynamic Multi-Cluster Controllers With Controller-runtime - Marvin Beckers, Kubermatic & Stefan Schimanski, Upbound

Thursday April 3, 2025 15:00 - 15:30 BST

Level 1 | Hall Entrance S10 | Room D

controller-runtime is the most popular SDK to write controllers for individual Kubernetes clusters. But the Kubernetes landscape is changing quickly: multi-cluster is becoming ubiquitous (e.g. through Cluster API), with clusters joining and leaving dynamically. controller-runtime has had no direct support, making writing uniform multi-cluster controllers hard and fracturing the emerging ecosystem.

This talk explores how to build controllers that reconcile resources across a dynamic fleet of Kubernetes clusters. A key change is the ability to plug in a dynamic cluster provider that registers new Kubernetes clusters from a specific source. While implementation internals are briefly discussed, focus is on a hands-on walkthrough for writing your own cluster provider, event handlers and reconciler functions.

We discuss a simplistic cluster provider implementation for “kind” clusters as an example and extrapolate from that how more complex providers could look like (e.g. for CAPI or kcp).

Speakers

Stefan Schimanski

Senior Principal Engineer, Upbound

Marvin Beckers

Team Lead, Kubermatic

Marvin started out as a sysadmin, gradually turned into a software engineer and now works as an Software Engineering Team Lead at Kubermatic. He always had a passion for effective management of large server fleets, which has turned his attention to Kubernetes in 2018. He has been... Read More →

Thursday April 3, 2025 15:00 - 15:30 BST
Level 1 | Hall Entrance S10 | Room D

Emerging + Advanced

Content Experience Level Intermediate

15:00 BST

Emissary-ingress: Version 4 and the Road Ahead - Flynn, Buoyant

Thursday April 3, 2025 15:00 - 15:30 BST

Platinum Suite | Level 3 | Room 3-4

Emissary-ingress 4.0 is underway! This is the first new major version in some years for Emissary, one of the first Kubernetes-native, self-service API gateways and ingress controllers.

In this session, we'll start with a quick overview of the need for ingress controllers in general, the benefits of self-service developer workflows, and how Emissary-ingress can help with these issues. We'll also talk about the state of project, what Emissary 4 brings to the table, and how to get involved as a contributor, how to best offer feedback, and what's in store for the project in the future.

Emissary's maintainer sessions are always great opportunities to talk directly with Emissary-ingress maintainers and make sure your voice is heard when it comes to the project's future -- looking forward to seeing you there!

Speakers

Flynn

Tech Evangelist, Buoyant

Flynn is a technical evangelist at Buoyant, educating developers about Linkerd, Kubernetes, and cloud-native development in general. He has spent 40+ years in software, with a common thread of communications and security throughout, and is a coauthor of Linkerd: Up and Running from... Read More →

Thursday April 3, 2025 15:00 - 15:30 BST
Platinum Suite | Level 3 | Room 3-4

Maintainer Track, Emissary-ingress

15:00 BST

In the Eye of Falco: Transforming Your View of Linux Kernel Security - Luca Guerra, Jason Dellaluce, Aldo Lacuku & Leonardo Grasso, Sysdig; Aurélie Vache, OVHcloud

Thursday April 3, 2025 15:00 - 15:30 BST

Platinum Suite | Level 3 | Room 1-2

The Falco project is constantly evolving to fly over your infrastructure, overseeing every security event in your cloud environment. In this session, maintainers will discuss Falco's latest developments, including supercharged container runtime integration, even more powerful plugins, additional context added to sources, improved Kubernetes configuration experience, higher performance and more accurate detection capabilities. Join us in our excitement about the growth of Falco Talon, our very own response engine that complements Falco’s detection rules with Kubernetes-native actions.

Speakers

Leonardo Grasso

Open Source Tech Lead Manager / Falco Core Maintainer, Sysdig

Leonardo leads a talented group of open source engineers advancing security projects at Sysdig. Based in Italy, Leonardo combines his deep passion for Linux, Kubernetes, Containers, and Security with a strong background in software design and R&D. As a core maintainer of Falco, a... Read More →

Jason Dellaluce

Tech Lead, Manager, Sysdig

Jason Dellaluce is an Senior Engineer and Manager at Sysdig and a core maintainer of Falco, the CNCF tool for Cloud Native Runtime Security. On a daily basis, he contributes to the Falco Community and is exposed to Linux, Kubernetes, Containers, Security, eBPF, and the Open Source... Read More →

Aurélie Vache

Developer Advocate, OVHcloud

Aurélie Vache is a Developer Advocate at OVHcloud. She is Docker Captain, CNCF ambassador, Cloud GDE, WTM Ambassador & GitPod Hero. Developer and Ops for over 19 years. Mentor and promote diversity and accessibility in technology. She created a new visual way for people to learn... Read More →

Luca Guerra

Sr. Open Source Engineer, Sysdig Inc.

Luca is an experienced software engineer, specializing in software design and security research. His professional experience includes designing security solutions, building and breaking secure systems, and vulnerability management. Luca is a core maintainer for the Falco project and... Read More →

Aldo Lacuku

Open Source Engineer at Sysdig, Falco Core Maintainer, Sysdig Inc

Aldo is a software engineer with a deep focus on cloud-native technologies and Kubernetes. Currently contributing to Falco and runtime security.

Thursday April 3, 2025 15:00 - 15:30 BST
Platinum Suite | Level 3 | Room 1-2

Maintainer Track, Falco

15:00 BST

Istio: The Past, Present and Future of the Project and Community - Lin Sun, solo.io

Thursday April 3, 2025 15:00 - 15:30 BST

Level 3 | ICC Capital Suite 14-16

Istio, a CNCF graduated project, is the most popular service mesh, simplifying observability, traffic management, and policy for your services. The project, its roadmap, and the community have gone through several changes over the past few quarters and we’d like to give some updates. We will discuss the project and its health, new features added in recent releases, progress on the new ambient sidecar-less data plane mode, Gateway API support, the project roadmap, and much more. We will also discuss the plans for the future of community-building efforts and how you can help us make Istio the best that it can be.

Speakers

Lin Sun

CNCF TOC member and Head of Open-Source, solo.io

Thursday April 3, 2025 15:00 - 15:30 BST
Level 3 | ICC Capital Suite 14-16

Maintainer Track, Istio

15:00 BST

Kubernetes WG Device Management - GPUs, TPUs, NICs and More With DRA - Kevin Klues, NVIDIA & Patrick Ohly, Intel

Thursday April 3, 2025 15:00 - 15:30 BST

Level 3 | ICC Capital Suite 10-12

WG Device Management is making great progress improving support for GPUs, TPUs, NICs, and other specialized hardware in Kubernetes. In 1.32, we delivered the Dynamic Resource Allocation (DRA) feature to beta. This enables simple and efficient configuration, sharing, and allocation of specialized devices.

For 1.33, we are continuing to evolve DRA, with a focus on the APIs, abstractions, and feature designs needed to configure, target, and share the hardware for both batch and serving (inference) workloads.

Come to this talk to learn what we have delivered in Kubernetes 1.32, what is coming in 1.33 and beyond, and how you can influence the roadmap for Kubernetes support of accelerated workloads.

Speakers

Kevin Klues

Distinguished Engineer, NVIDIA

Kevin Klues is a distinguished engineer on the NVIDIA Cloud Native team. Kevin has been involved in the design and implementation of a number of Kubernetes technologies, including the Topology Manager, the Kubernetes stack for Multi-Instance GPUs, and Dynamic Resource Allocation (DRA... Read More →

Patrick Ohly

Principal Engineer, Intel

Patrick is a Principal Engineer at Intel, member of the Kubernetes Steering Committee, co-chair of K8s WG Device Management, WG Structured Logging, tech lead in SIG Testing, and maintainer of the logging infrastructure in Kubernetes. He is the main architect and developer of Dynamic... Read More →

Thursday April 3, 2025 15:00 - 15:30 BST
Level 3 | ICC Capital Suite 10-12

Maintainer Track, Device Management

15:00 BST

Longhorn: Intro, Deep Dive and Q&A - David Ko, SUSE

Thursday April 3, 2025 15:00 - 15:30 BST

Level 3 | ICC Capital Suite 7-9

Join us for an exploration of Longhorn, the cloud-native storage solution revolutionizing block storage for Kubernetes environments. This session will delve into Longhorn's architecture, showcasing the transition from v1 to v2 data engine, powered by SPDK (Storage Performance Development Kit).

We'll highlight the upcoming release 1.8's groundbreaking features, including enhanced online replica rebuilding with snapshot checksum, volume auto salvage, volume live migration, live upgrade, disaster recovery volume, etc. Discover how these innovations position Longhorn as a performance-driven, versatile storage solution for cloud-native infrastructures.

Speakers

David Ko

Engineering Director, SUSE, SUSE

A hands-on engineering leader and architect with over 15 years of software development experience, specializing in Microservices, distributed system design, CI/CD, automation, DevOps, containers, WASM, container orchestration (Kubernetes, Mesos), cloud computing, cloud-native solutions... Read More →

Thursday April 3, 2025 15:00 - 15:30 BST
Level 3 | ICC Capital Suite 7-9

Maintainer Track, Longhorn

15:00 BST

How To Rename Metrics Without Impacting Somebody’s Observability - Bartłomiej Płotka, Google & Arianna Vespri, Independent

Thursday April 3, 2025 15:00 - 15:30 BST

Level 1 | Hall Entrance N10 | Room G

Metrics are a core aspect of modern cloud-native observability and monitoring. With the Prometheus project, it’s easy to create metrics and adopt existing ones from applications or exporters. It's easy to build layers of tools, alerts, dashboards and integrations that depend on specific metrics. Unnoticed, metric names and labels became an API contract between instrumentation and consumers.

However, second-day operations kick in! New standards, naming opinions and software versions force metrics to be changed, causing major downstream breakages. Projects like Kubernetes or OpenTelemetry started frameworks to raise awareness about this problem. Can we do more?

In this talk, Bartek (Prometheus maintainer) and Arianna (Prometheus client_golang maintainer) will explore renaming strategies for Prometheus and OpenTelemetry end users. Finally, they will discuss existing conventions and frameworks for stable metric versioning that could be adopted by the next generation of instrumentation.

Speakers

Bartłomiej Płotka

Sr Software Engineer, Google

Arianna Vespri

Software Engineer, Self-employed

Thursday April 3, 2025 15:00 - 15:30 BST
Level 1 | Hall Entrance N10 | Room G

Observability

Content Experience Level Intermediate

15:00 BST

A Huge Cluster or Multi-Clusters? Identifying the Bottleneck - Paco Xu, DaoCloud & Saiyam Pathak, Loft Labs

Thursday April 3, 2025 15:00 - 15:30 BST

Level 1 | Hall Entrance S10 | Room A

The increasing complexity of Kubernetes deployments has sparked a debate between scaling single clusters to enormous sizes and managing multiple clusters. At KubeCon NA24, the CNCF Tech Landscape Radar unveiled insights into multicluster application management, while Google showcased a 65000-node cluster powered by Spanner, bypassing etcd's limitations. Similarly, ByteDance has achieved multi-tenancy at scale with Kubebrain.

This talk examines the challenges of large clusters (5,000+ nodes and beyond) and the trade-offs of multicluster solutions. Key topics include API server options, etcd tuning and alternatives (e.g., Kubebrain, kine), and operational concerns such as multi-tenancy models (vCluster, kubezoo, HNC), and operator version control. In parallel, multicluster management solutions like Karmada, Clusternet, and networking challenges with tools like Submariner are explored.

Attendees will gain actionable insights into selecting the most appropriate strategy for their needs.

Speakers

Saiyam Pathak

Principal Developer Advocate, Loft Labs

Saiyam is working as Principal Developer Advocate at Loft Labs. He is the founder of Kubesimplify, focusing on simplifying cloud-native and Kubernetes technologies. Previously at Civo, Walmart Labs, Oracle, and HP, Saiyam has worked on many facets of Kubernetes, including machine... Read More →

Paco Xu

OpenSource Team Leader, DaoCloud

Paco is a member of Kubernetes Steering Committee and the lead of the DaoCloud open-source team. In community, Paco mainly work as a Kubeadm Maintaine and SIG-Node Reviewer. He is co-chair of KubeCon China 2024 and organized Kubernetes Contributor Summit China 2023 and KCD Chengdu 2022, and speaked at KubeCon EU 2023, KubeCon China 2021 & 2023, KCD Shanghai. In 2024, he becomes LFAPAC Evangelist... Read More →

Thursday April 3, 2025 15:00 - 15:30 BST
Level 1 | Hall Entrance S10 | Room A

Operations + Performance

Content Experience Level Beginner

15:00 BST

Breaking Free From the Cloud: Banking on Self-Hosted Kubernetes - Kārlis Akots Gribulis & Per Hedegaard Christiansen, Saxo Bank

Thursday April 3, 2025 15:00 - 15:30 BST

Level 0 | ICC Capital Hall | Room 2

What drives a global investment bank to transition from managed cloud Kubernetes service to self-hosted on-premises solution? While managed Kubernetes in the cloud can simplify deployments they do often come with significant trade-offs. At Saxo Bank, we made the decision to regain control by shifting to a self-hosted, on-premises Kubernetes platform.

This session will unpack our motivations, such as decreasing costs by 80%, reducing cluster creation time fifteenfold, and improving our CIS benchmark standing by 30%. We’ll dive into the architecture we adopted, the lessons learned from overcoming performance and resilience challenges, and how this change has impacted our infrastructure into positioning Kubernetes as Saxo Bank’s cornerstone for the future.

Speakers

Per Hedegaard Christiansen

Head of Container Platform Engineering, Saxo Bank

Passionate about container technology and always eager to explore new tech stacks. With extensive experience in Docker, Kubernetes, and microservices, I design and optimize scalable, secure container environments. Constantly learning and embracing cutting-edge tools, I thrive in agile... Read More →

Kārlis Akots Gribulis

Senior Container Platform Engineer, Saxo Bank

Kārlis Akots Gribulis has hands-on experience working across various companies in the cloud-native space. Throughout his career, he has been deeply involved in deploying, managing, and optimizing Kubernetes clusters, helping organizations harness the full power of cloud-native technologies... Read More →

Thursday April 3, 2025 15:00 - 15:30 BST
Level 0 | ICC Capital Hall | Room 2

Platform Engineering

Content Experience Level Intermediate

15:00 BST

Building a Platform Framework: Lessons Learned From Developing a Multi-Cluster Kubernetes Operator - Cat Morris & Jake Klein, Syntasso

Thursday April 3, 2025 15:00 - 15:30 BST

Level 1 | Hall Entrance N10 | Room F

Running multi-cluster Kubernetes environments introduces significant operational complexities that challenge even skilled engineering teams. In developing Kratix, an open source platform framework to manage these complexities, we encountered technical, organisational, and strategic challenges that reshaped our approach to building reliable, customer-centric software.

As founding engineer and product manager of Kratix, we have found that while technical expertise is crucial, it often falls short in solving complex, cross-cluster issues. We learnt the importance of diverse perspectives, customer involvement, and embracing existing CNCF projects.

By sharing our successes and setbacks, we aim to equip you with a holistic approach to managing multi-cluster Kubernetes environments, fostering resilience and adaptability in an evolving technological landscape.

Speakers

Cat Morris

Staff Product Manager, Syntasso

Cat is the Product Manager at Syntasso delivering Kratix, an open-source cloud-native framework for building internal platforms. She has worked in tech for over 10 years, the last 6 have been in Platform Engineering across all kinds of domains. She specialises in bringing Product... Read More →

Jake Klein

Staff Software Engineer, Syntasso

Jake has over five years of experience working in the Kubernetes and the platform space. He started his career working on CloudFoundry, a popular CNCF Platform as a Service project. He then went on to work at Weaveworks where he worked on the open source project EKSctl, which is a... Read More →

Thursday April 3, 2025 15:00 - 15:30 BST
Level 1 | Hall Entrance N10 | Room F

Platform Engineering

Content Experience Level Any

15:00 BST

🤔🔧 "Can You Maintain 1000 Apps? WasmCloud & K8s: The Ultimate Golden Template - Liam Randall, Cosmonic

Thursday April 3, 2025 15:00 - 15:30 BST

Level 0 | ICC Capital Hall | Room 1

You can deploy 1,000 applications to Kubernetes, but can you maintain them? Kubernetes excels as an infrastructure abstraction, but today's app management demands better abstractions for applications and their capabilities. This talk introduces CNCF wasmCloud (incubating) as the ultimate golden template for platform engineering. With wasmCloud, you can manage common capabilities like blob stores, HTTP, messaging, and secrets centrally, enabling pluggable, reusable components that scale. wasmCloud simplifies migrations and secures operations across diverse computing environments—essential as data locality laws balkanize the world's compute. By shifting to pluggable capability abstractions, platform engineers can update thousands of apps at once while freeing development teams to focus on building their business logic. This demonstration heavy talk is based on real world adoption & deployments across the F100 in financial services, tech, and the startup ecosystem.

Speakers

Liam Randall

Founder, CNCF wasmCloud, Cosmonic

Liam lives at the intersection of open source and enterprise and has contributed to dozens of major open-source platforms and standards. A serial entrepreneur he has built and scaled companies around Bro/Zeek, Kubernetes, OS Query, Cloud Custodian, and today WebAssembly.

Thursday April 3, 2025 15:00 - 15:30 BST
Level 0 | ICC Capital Hall | Room 1

Platform Engineering

Content Experience Level Beginner

15:00 BST

SPIFFE in Practice: Universal Identity for WebAssembly Workloads - Joonas Bergius, Cosmonic & Colin Murphy, Adobe

Thursday April 3, 2025 15:00 - 15:30 BST

Level 1 | Hall Entrance S10 | Room C

Universal Identity (or Workload Identity) is a foundational concept that underpins every secure platform. When implemented well, it provides the platform and security teams the ability to reason about the entities running on their platform and the interactions between them.

SPIFFE has become the industry standard for establishing Identity that can be used to authenticate across all major cloud providers, on various workload platforms and even to an increasing number of third-party services. As SPIFFE adoption across various CNCF projects is growing, WebAssembly workloads present some unique challenges to simply lifting and shifting from what’s been done before.

This talk will cover the journey CNCF wasmCloud underwent in adopting SPIFFE as the foundation for providing Secure Production Identity for the WebAssembly Workloads running on the platform. We will share the lessons we learned from our journey, starting out with a concept to then bringing it all the way to production.

Speakers

Colin Murphy

Sr Software Engineer, Adobe

Colin Murphy is a senior software engineer on the Adobe Content Authenticity Initiative team. Previous roles include frontend engineer for Adobe Express, head of infrastructure of Adobe Document Cloud microservices, including Adobe Sign and Acrobat Web. He has been responsible for... Read More →

Joonas Bergius

Senior Software Engineer, Cosmonic

Joonas Bergius is a veteran of the Cloud Native community, having been part of the Kubernetes ecosystem as a contributor and end-user since the early days (circa 2015) of Kubernetes.

Thursday April 3, 2025 15:00 - 15:30 BST
Level 1 | Hall Entrance S10 | Room C

Security

Content Experience Level Intermediate

15:30 BST

Coffee Break ☕

Thursday April 3, 2025 15:30 - 16:00 BST

Level 1 | Hall Entrances S8 - S9, N8 - N9

Thursday April 3, 2025 15:30 - 16:00 BST
Level 1 | Hall Entrances S8 - S9, N8 - N9

Breaks

16:00 BST

Balancing Cost and Efficiency: Day2 Optimization of Multi-Cluster AI Infrastructure - Kevin Wang, Huawei

Thursday April 3, 2025 16:00 - 16:30 BST

Level 1 | Hall Entrance S10 | Room B

Multi-cluster AI infrastructures have become the norm due to factors such as resource availability, platform scale, high availability, and business resource pool consolidation. However, managing diverse workloads across heterogeneous clusters can be challenging. In this talk, we will share our experiences and lessons learned from deploying Karmada and Volcano in real-world multi-cluster AI environments. We will delve into specific Day2 optimization techniques, including:
1) Configuring scheduling strategies to balance resource utilization and workload priorities.
2) Customizing workload management to accommodate diverse AI workloads with varying requirements.
3) Leveraging topology-aware scheduling to improve the efficiency of AI training and inference tasks.

By sharing concrete examples and results, we will demonstrate how to effectively optimize multi-cluster AI infrastructures to achieve better performance, cost efficiency, and scalability.

Speakers

Kevin Wang

Technical Expert, Lead of CloudNative Open Source, Huawei

Kevin Wang has been an outstanding contributor in the CNCF community since its beginning and is the leader of the cloud native open source team at Huawei. Kevin has contributed critical enhancements to Kubernetes, led the incubation of the KubeEdge, Volcano, Karmada projects in CNCF... Read More →

Thursday April 3, 2025 16:00 - 16:30 BST
Level 1 | Hall Entrance S10 | Room B

AI + ML

Content Experience Level Intermediate

16:00 BST

Navigating the Inevitable: Kubernetes Breaking Changes Behind the Scenes - Marko Mudrinić, Kubermatic GmbH

Thursday April 3, 2025 16:00 - 16:30 BST

Level 1 | Hall Entrance N10 | Room H

You're looking forward to a new feature, waiting for the release day like it’s Christmas morning. Suddenly, the feature is dropped from the release. Even worse, a feature you heavily depend on is unexpectedly deprecated or removed. What now? Negative emotions take over, you feel sad, frustrated, and even angry at the project and its maintainers. Fortunately, this doesn't happen too often. But it does happen.

The Kubernetes maintainers strive to make users satisfied, but they also have to prioritize the health of the project and the well-being of the maintainers. To do that, they sometimes have to make breaking changes, even on short notice, as hard as it might be. In this talk, we'll dive into some of those decisions, see what went on behind the scenes, and talk a bit about Kubernetes policies. Finally, we'll explore _your_ options as an end user, how you can be better informed, how you can provide feedback on proposed changes, and how you can help the project!

Speakers

Marko Mudrinić

Senior Software Engineer, Kubermatic GmbH & University Union

Thursday April 3, 2025 16:00 - 16:30 BST
Level 1 | Hall Entrance N10 | Room H

Cloud Native Experience

Content Experience Level Any

16:00 BST

Get WITty: Evolving Kubernetes Scheduling With the WebAssembly Component Model - Dejan Pejchev & Jonathan Giannuzzi, G-Research

Thursday April 3, 2025 16:00 - 16:30 BST

Level 1 | Hall Entrance S10 | Room D

At KubeCon NA 2024, we introduced WASM + KWOK Wizardry: Writing and Testing Kubernetes Scheduler Plugins at Scale, showcasing how WASM plugins transform Kubernetes scheduling. This session continues the story, highlighting our progress toward a language-agnostic framework using the WebAssembly Component Model.

The current Go-centric WASM plugin SDK restricts innovation to a single language. By adopting the Component Model, we enable developers to write plugins in Rust, Python, JavaScript, and more, unlocking new possibilities. This approach enhances modularity, simplifies integration with standardized interfaces, and strengthens security through improved isolation.

We’ll also showcase how this aligns with the Kubernetes Scheduler Simulator, providing a powerful testing environment for these advanced plugins. Join us to see how the Component Model fosters collaboration, innovation, and extensibility in Kubernetes scheduling. Let’s move beyond wizardry and get truly WITty!

Speakers

Dejan Zele Pejchev

Open Source Software Engineer, G-Research

Dejan is a seasoned Software Engineer with over 8 years of experience building and scaling distributed systems and an advocate of open source & Kubernetes-native solutions. Dejan is also a maintainer of Armada, the Kubernetes multi-cluster batch scheduling tool, Testkube, the Kubernetes-native... Read More →

Jonathan Giannuzzi

Open Source Evangelist, G-Research

Jonathan is an Open Source Evangelist at G-Research, where he applies his nerdy wizardry powers to solve deep problems that can bubble up all the way to the end-user.

Thursday April 3, 2025 16:00 - 16:30 BST
Level 1 | Hall Entrance S10 | Room D

Emerging + Advanced

Content Experience Level Advanced

16:00 BST

Driving Chaos Engineering Forward: What’s New and Next With LitmusChaos - Sarthak Jain & Saranya Jena, Harness

Thursday April 3, 2025 16:00 - 16:30 BST

Level 3 | ICC Capital Suite 7-9

Join the maintainers of LitmusChaos, a CNCF Incubating project, to explore the latest advancements in chaos engineering for cloud-native systems. This session will cover key updates from recent releases, including enhanced resilience testing, observability, and scalability features, while showcasing how they address real-world challenges faced by Developers and SREs.
We’ll also share insights into the project’s growth, governance updates, and contributions from the community that are driving LitmusChaos forward. Get a sneak peek into the roadmap, featuring upcoming initiatives aimed at making chaos engineering more accessible and impactful.

Speakers

Saranya Jena

Senior Software Engineer, Harness

Saranya is a Senior Software Developer at Harness and is a maintainer of LitmusChaos, a Chaos Orchestration framework designed for implementing chaos engineering in cloud-native environments. She likes contributing to the Open Source community, where her primary focus involves architecting... Read More →

Sarthak Jain

Senior Software Engineer, Harness

Meet Sarthak Jain, Senior Software Engineer at Harness! For over three years, he’s been maintaining open source tools like LitmusChaos and LitmusCtl, to make softwares more resilient. Sarthak loves exploring new ideas in tech and making things work better.

Thursday April 3, 2025 16:00 - 16:30 BST
Level 3 | ICC Capital Suite 7-9

Maintainer Track, Litmus

16:00 BST

etcd V3.6.0 and etcd-operator V0.1.0 - Benjamin Wang, VMware by Broadcom; Ivan Valdes Castillo, Independent; Siyuan Zhang, Google; Arka Saha, VMware By Broadcom; Ciprian Hacman, Microsoft

Thursday April 3, 2025 16:00 - 16:30 BST

Level 3 | ICC Capital Suite 10-12

etcd v3.6.0 has been released, almost 4 years after 3.5.0. It’s a big step forward. etcd-operator v0.1.0 is also now available and promises to greatly improve the usability and operability of etcd.

We will dive into all the new exciting features in 3.6, like downgrade support, v2store deprecation and performance improvement. We’ll also provide an upgrade checklist and highlight changes users need to make before upgrading to the 3.6 release. We will also show you how the etcd-operator works, how it can greatly simplify the operation of the etcd cluster. Come join us and raise your etcd questions with the on-site etcd maintainers.

Speakers

Ciprian Hacman

Senior Software Engineer, Microsoft

Ciprian Hacman is a Software Engineer, working with cloud-native technologies. He is also an open source project maintainer for kOps (Kubernetes Operations), etcd-manager, cloud-provider-aws and frequent contributor to other projects in the Kubernetes ecosystem.

Arka Saha

Software Engineer, VMware By Broadcom

Arka Saha, a Broadcom Software Engineer, leads Kubernetes releases & maintenance for Tanzu Extended Support. He manages VMware by Broadcom's Prow infrastructure, ensuring long-term support for k8s, etcd, containers, Golang & related components. Previously he managed Red Hat OpenShift... Read More →

Siyuan Zhang

Software Engineer, Google

I am a software engineer at Google. My past experience include machine learning and cloud infrastructure. I have been an etcd contributor since 2023.

Benjamin Wang

Staff software engineer, VMware by Broadcom

Benjamin Wang is a staff software engineer at VMware (acquired by broadcom). He is passionate about open source. He currently is an etcd maintainer and technical lead of sig-etcd. He loves to play Chinese chess in his spare time.

Ivan Valdes Castillo

Independent, Independent

Ivan is a Site Reliability Engineer specializing in CI/CD pipelines, Infrastructure as Code, and automation. His dedication to spreading and mentoring the DevOps culture is evident in his efforts to foster collaboration and streamline development. In his free time, he is an active... Read More →

Thursday April 3, 2025 16:00 - 16:30 BST
Level 3 | ICC Capital Suite 10-12

Maintainer Track, etcd

16:00 BST

Guiding Kubernetes: The Steering Committee's Role in Project Evolution - Maciej Szulik, Defense Unicorns & Paco Xu, DaoCloud

Thursday April 3, 2025 16:00 - 16:30 BST

Level 3 | ICC Capital Suite 14-16

The Kubernetes Steering Committee plays a crucial role in overseeing the non-technical aspects of the Kubernetes project and making important project-wide decisions. The committee has a wide scope of working and responsibilities. The committee has evolved over the years. In this session, let’s take a look at how the committee came to be created, the bootstrap era, how it works now and what’s in store for the future. We will have excerpts from our emeritus members who served to shape the goals and vision of the steering committee. We will explore how you can leverage our learnings to enhance the governance of your own cloud native projects. If you are eager to gain insights or have queries about the governance journey of the Kubernetes project, we encourage you to drop by and engage in an insightful discussion

Speakers

Maciej Szulik

Staff Platform Engineer, Defense Unicorns

Paco Xu

OpenSource Team Leader, DaoCloud

Thursday April 3, 2025 16:00 - 16:30 BST
Level 3 | ICC Capital Suite 14-16

Maintainer Track, Kubernetes, Steering Committee

16:00 BST

Kubespray: Driving Cost-Efficiency for AI on Kubernetes - Antoine Legrand, Conny GmbH & Mohamed Zaian, New Work SE

Thursday April 3, 2025 16:00 - 16:30 BST

Platinum Suite | Level 3 | Room 1-2

In 2025, cost efficiency is more critical than ever as organizations strive to optimize budgets while scaling AI capabilities. Kubernetes has become the backbone for deploying AI workloads, but organizations face the challenge of balancing performance, scalability, and cost efficiency. This session will address these challenges head-on.

Kubespray, a flexible, production-grade, open-source Kubernetes cluster management tool, has empowered countless users and organizations across cloud and bare-metal environments.

Attendees will learn how to build cost-optimized Kubernetes clusters by leveraging efficient resource utilization, GPU integration, and multi-cloud deployment strategies. The session will cover practical configurations to reduce operational expenses while ensuring high availability and scalability for demanding AI use cases.

Speakers

Antoine Legrand

CTO, Conny GmbH

Antoine Legrand is CTO at LegalTech startup CONNY and co-founder of Kubespray, a key tool in the Kubernetes ecosystem. He works with leading industry players to improve the management of applications and Kubernetes clusters. Passionate about open source, Antoine has spent the past... Read More →

Mohamed Zaian

Senior Systems Engineer, New Work SE

Maintainer of Kubespray, Organization member kubernetes/kubernetes and kubernetes/kubernetes-sigs. I do Linux administration, infrastructure engineering, platform engineering, and Kubernetes as a Senior Systems Engineer at New Work SE in Hamburg, Germany.

Thursday April 3, 2025 16:00 - 16:30 BST
Platinum Suite | Level 3 | Room 1-2

Maintainer Track, Kubernetes, kubespray

16:00 BST

Unlocking the Future of Kubernetes Policy as Code With Kyverno - Vishal Choudhary & Frank Jogeleit, Nirmata

Thursday April 3, 2025 16:00 - 16:30 BST

Platinum Suite | Level 3 | Room 3-4

Kyverno has emerged as a go-to tool for enforcing security, compliance, and operational best practices in Kubernetes. But it's not just about the past; it's about the future! Join Kyverno maintainers, Vishal and Frank, as they unveil the latest innovations in Kyverno and show how Kyverno's new policy formats align perfectly with the rapidly evolving Kubernetes APIs, including enhanced support for Kubernetes Validating Admission Policies (VAP) and Mutating Admission Policies (MAP). You will learn how Kyverno's adoption of Common Expression Language (CEL) empowers you to create, test, and manage sophisticated, dynamic, and expressive policies for all your policy use cases. Whether you're a policy newbie or a seasoned pro, this session will provide actionable insights and tips to elevate your Kubernetes policy-based security, automation, and governance.

Speakers

Frank Jogeleit

Senior Software Engineer, Nirmata

Vishal Choudhary

Software Engineer, Nirmata

Vishal is a student and a software engineer, working on cloud-native projects focusing on governance and securing software supply chains for everyone! He is a maintainer of Kyverno and an active contributor at several other projects in the space. He is always looking to discuss tools... Read More →

Thursday April 3, 2025 16:00 - 16:30 BST
Platinum Suite | Level 3 | Room 3-4

Maintainer Track, Kyverno

16:00 BST

Limitless Possibilities, Consistent Design: Crafting Dashboards With Perses DAC - Nicolas Takashi, Coralogix & Antoine Thébaud, Amadeus

Thursday April 3, 2025 16:00 - 16:30 BST

Level 1 | Hall Entrance N10 | Room G

Managing dashboards can be overwhelming, especially for diverse teams with specific goals. This talk explores how Perses and Dashboard-as-Code (DAC) streamline large-scale dashboard management. DAC boosts efficiency, reduces costs, and enables consistent, customizable dashboards—even in complex setups.

We’ll dive into DAC fundamentals and the Go and Cue SDKs that power it. Discover percli, a new CLI tool for seamless Perses interactions. Learn how community-driven mixins, shared dashboards, panels, and PromQL integration make Perses adaptable to any observability stack.

A live demo will showcase how Perses DAC fosters collaboration and simplifies dashboard management at any scale. Whether you oversee dozens or thousands, this session offers tools and insights to transform your approach. Join us to see Perses DAC in action!

Speakers

Nicolas Takashi

Observability Tech Lead, Coralogix

Nicolas is a Software Engineer with a Platform Engineer role at Coralogix. He's mostly interested in topics related to the observability ecosystem, as well as Kubernetes and distributed systems. He is also an open-source contributor to projects such as Prometheus Operator, Perses... Read More →

Antoine Thébaud

Senior Software Engineer, Amadeus

Antoine Thébaud is an experienced developer specializing in observability, with a strong focus on monitoring. At Amadeus, he contributes significantly to the development and optimization of a cloud-ready monitoring platform relying on Prometheus, Grafana, and Thanos. Antoine is... Read More →

Thursday April 3, 2025 16:00 - 16:30 BST
Level 1 | Hall Entrance N10 | Room G

Observability

Content Experience Level Any

16:00 BST

Defusing the Kubernetes API Performance Minefield - Madhav Jivrajani, UIUC & Marek Siarkowicz, Google

Thursday April 3, 2025 16:00 - 16:30 BST

Level 1 | Hall Entrance S10 | Room A

Kubernetes enables a wide landscape of CNCF projects and organisations to build upon its foundation and extend its functionality through custom controllers. But anyone who has deployed an operator at scale, quickly discovers that the Kubernetes API is a performance minefield. Forget to set resourceVersion when listing pods? Your control plane explodes! This talk delves into recent enhancements in Kubernetes designed to defuse this performance minefield. We'll explore the improved storage layer that allows caching more types of requests, effectively halving request latency and reducing the load on etcd. Don't let your cluster fall victim to faulty controllers – join us to learn how these changes mitigate risks, boost performance, and contribute to a more stable and reliable Kubernetes experience. We'll explore how the storage layer improves API responsiveness and predictability, and you'll understand the impact of these changes on scalability, reliability, and overall user experience.

Speakers

Madhav Jivrajani

Kubernetes Maintainer, UIUC

Madhav is currently working at VMware on upstream Kubernetes. He has been a part of the Kubernetes community for about a year and mainly helps out with SIG-{Contribex, Node, Architecture, API-Machinery}. He was also involved with the structured logging efforts in the Kubernetes project... Read More →

Marek Siarkowicz

Senior Software Engineer, Google

Marek is a Software Engineer working at Google in Etcd team. He began his career in local startups where he loved open source and extreme programming. Currently he is a etcd maintainer and active member of SIG-instrumentation leading structured logging effort in Kubernetes. In his... Read More →

Thursday April 3, 2025 16:00 - 16:30 BST
Level 1 | Hall Entrance S10 | Room A

Operations + Performance

Content Experience Level Intermediate

16:00 BST

A Day in the Life of a Kubernetes Engineer - Rajas Kakodkar & Nikhita Raghunath, Broadcom; Amine Hilaly, AWS; Shane Lawrence, Shopify; Kasper Borg Nissen, Dash0

Thursday April 3, 2025 16:00 - 16:30 BST

Level 0 | ICC Capital Hall | Room 1

In the cloud native universe, Kubernetes engineers are the unsung heroes--who wrangle YAML, tame logs and brave production crises. While AI steals the spotlight, challenges of managing Kubernetes remain in the shadows. Platform engineers, often grappling with relentless war room calls rarely get the stage they deserve.
For the first time, we’ll dive into the untold stories of platform engineers: triumphs and the grit it takes to navigate the complexities of Kubernetes. This is a celebration of the human side of cloud native, told through anecdotes, technical insights and lessons learned from the trenches.

Join industry experts as they explore:
- Critical skills for resolving production issues
- Successes & failures that define their journeys
- Balancing ecosystem health
- Secure practices for AI workloads
- Reducing Kubernetes complexity

Join us for unfiltered insights, empowering stories and actionable takeaways to inspire your Kubernetes journey—you, too, deserve to be heard.

Speakers

Kasper Borg Nissen

Developer Relations Engineer, Dash0

Shane Lawrence

Sr Staff Engineer, Shopify

Shane is a Senior Staff Infrastructure Security Engineer at Shopify, where he's working on a multi-tenant platform that allows developers to securely build scalable apps and services for crafters, entrepreneurs, and businesses of all sizes.

Nikhita Raghunath

Principal Engineer, Broadcom

Nikhita is a Principal Engineer at Broadcom, past co-chair of KubeCon and a maintainer of the Kubernetes project. She is the vice chair of the CNCF Technical Oversight Committee and has won the CNCF Top Committer Award in 2021 for her technical contributions. She was also a member... Read More →

Amine Hilaly

Software Engineer, AWS

Amine is a Software Development Engineer at Amazon Web Services working on the Kubernetes and Open source related projects for about three years. Amine is a Go, open-source, and Kubernetes fanatic.

Rajas Kakodkar

Senior Member of Technical Staff | Tech Lead TAG Runtime CNCF, Broadcom

Rajas is a senior member of technical staff at Broadcom and a tech lead of the CNCF Technical Advisory Group, Runtime. He is actively involved in the AI working group in the CNCF. He is a Kubernetes contributor and has been a maintainer of the Kube Proxy Next Gen Project. He has also... Read More →

Thursday April 3, 2025 16:00 - 16:30 BST
Level 0 | ICC Capital Hall | Room 1

Platform Engineering

Content Experience Level Any

16:00 BST

How We Progressively Deliver Changes To Kubernetes Using Canary Deployments and Feature Flags - Bob Walker, Octopus Deploy

Thursday April 3, 2025 16:00 - 16:30 BST

Level 0 | ICC Capital Hall | Room 2

This is the case study of how we changed how we ship software.

With thousands of customers, each in their own Kubernetes container, deploying updates was tough. Off-hours schedules meant it took over 24 hours to push a new version. If something broke, we had to scramble. Canary deployments let us update small groups of customers at a time. We built a tool to stop rollouts fast when issues appeared, limiting the damage.

In the past, new features went to everyone at once. Rolling back wasn't an option. If something failed it'd leave customers stuck in the mess. Now, using OpenFeature, we hide new functionality behind feature flags. We release features to small groups, gather feedback, and test internally for weeks. If things go wrong, we flip the flag off and move on.

This two-pronged approach lets us avoid risky big-bang releases. We went from deploying every 10 days to every 4, with fewer than 1% high-severity defects. Most of these are resolved before customers notice them.

Speakers

Bob Walker

Field CTO, Octopus Deploy

Bob Walker is a Field CTO Octopus Deploy. Bob started as a developer in the early days of .NET when web forms were the hottest new thing, and manual deployments were the norm. After one too many five-hour 2 AM Saturday deployments, he searched for any automation to stop that pain... Read More →

Thursday April 3, 2025 16:00 - 16:30 BST
Level 0 | ICC Capital Hall | Room 2

Platform Engineering

Content Experience Level Intermediate

16:00 BST

Practical Zombie Hunting for Kubernetes Users - Holly Cummins, Red Hat

Thursday April 3, 2025 16:00 - 16:30 BST

Level 1 | Hall Entrance N10 | Room F

Zombies? Yup, zombies. Zombies are servers which aren’t doing useful work. They’re everywhere, costing money, eating electricity, and belching carbon. And they’re useless! Sadly, the cloud has *not* helped our zombie problem, and even Kubernetes hasn't helped.

One of the reasons zombies don’t get switched off is that no one knows they’re there. So how do we get rid of our pesky zombies? In this talk, Holly will explain the underlying technical and organisational factors that lead to zombies, and introduce a range of real-world zombie-hunting strategies. These include getting to grips with elasticity and utilisation, LightSwitchOps, FinOps, and the eco-monkey (it’s like the chaos monkey, but greener). Technologies covered include absurdly simple scripts, DailyClean, Kruize Autotune, and Backstage.

Speakers

Holly Cummins

Senior Principal Software Engineer, Red Hat

Holly Cummins is a Senior Principal Software Engineer on the Red Hat Quarkus team. Before joining Red Hat, Holly was a long time IBMer, in a range of roles from cloud consultant, full-stack javascript developer, WebSphere Liberty devops architect, JVM performance engineer, to innovation... Read More →

Thursday April 3, 2025 16:00 - 16:30 BST
Level 1 | Hall Entrance N10 | Room F

Platform Engineering

Content Experience Level Intermediate

16:00 BST

Open Source Malware or a Vulnerability? The Philosophical Debate and How To Mitigate - Brian Fox, Sonatype; Madelein van der Hout, Forrester Research Inc.; Santiago Torres-Arias, Purdue University

Thursday April 3, 2025 16:00 - 16:30 BST

Level 1 | Hall Entrance S10 | Room C

As open source software is increasingly important in modern software development, the security challenges continue to evolve. Vulnerabilities are largely understood, but open source malware poses a uniquely hidden threat. But when does a planted vulnerability transform a package into malware? This talk will discuss and debate the nuances between open source vulnerabilities and malware, as well as discuss the before diving into what’s most important: how to stay secure with open source.

Traditional SCA and endpoint security tools do not detect open source malware, which increases the challenge. In this panel, key experts — from software engineering acad to influential analysts and open source security veterans — will dive into the different types of open source malware and why it’s so pervasive, outline practical strategies for mitigating threats and discuss the responsibility of enterprises and developers in safeguarding the software supply chain.

Speakers

Brian Fox

Co-founder and CTO, Sonatype

Co-founder and CTO, Brian Fox is a Governing Board member for the Opensource Security Foundation, a member of the Apache Software Foundation and former Chair of the Apache Maven project. As a direct contributor to the Maven ecosystem, including the maven-dependency-plugin and maven-enforcer-plugin... Read More →

Madelein van der Hout

Senior Analyst Cybersecurity & Risk, Forrester Research Inc.

Madelein is a senior analyst on the security and risk (S&R) team, focusing on European security consulting firms, European CISO strategy work, and security operating model and organizational research. She supports security executives and professionals in building and maturing their... Read More →

Santiago Torres-Arias

Assistant Professor of Electrical and Computer Engineering, Purdue University

Santiago Torres-Arias is an assistant professor at Purdue’s ECE department, where researches Secure Systems, Applied Cryptography and Software Supply Chain security. Santiago is the team lead of in-toto, a framework to secure the SDLC, as well as PolyPasswordHasher, a password storage... Read More →

Thursday April 3, 2025 16:00 - 16:30 BST
Level 1 | Hall Entrance S10 | Room C

Security

Content Experience Level Any

16:00 BST

Tutorial: Unlock the Future of Kubernetes and Accelerators (and all Specialized Hardware) with DRA - Rey Lejano, Red Hat

Thursday April 3, 2025 16:00 - 17:15 BST

Level 1 | Hall Entrance N11

At the heart of the AI revolution are GPUs and the platform that provides access to them is Kubernetes. Workloads historically access GPUs and other devices with the device plugin API but features are lacking. The new Dynamic Resource Allocation (DRA) feature helps maximize GPU utilization across workloads with additional features like the ability to control device sharing across Pods, use multiple GPU models per node, handle dynamic allocation of multi-instance GPU (MIG) and more. DRA is not limited to GPUs but any specialized hardware that a Pod may use including network attached resources such as edge devices like IP cameras.
DRA is a new way to request for resources like GPUs and gives the ability to precisely control how resources are shared between Pods.
This tutorial introduces DRA, reviews the “behind-the-scenes” of DRA in the Kubernetes cluster and walks through multiple ways to use DRA to request for GPU and a network attached resource.

Speakers

Rey Lejano

Solutions Architect, CNCF Ambassador, K8s SIG Docs co-chair, Red Hat

Rey Lejano is a Solutions Architect at Red Hat and is the co-chair of Kubernetes SIG Docs. He contributes to Kubernetes SIG Security, Release, & Contributor Experience. He is a member of seven Kubernetes Release Teams including serving as the 1.23 Release Lead and 1.25 Emeritus Adviser... Read More →

Thursday April 3, 2025 16:00 - 17:15 BST
Level 1 | Hall Entrance N11

Tutorials, AI + ML

Content Experience Level Intermediate

16:00 BST

🚨 Contribfest: KubeStellar Contribfest

Thursday April 3, 2025 16:00 - 17:15 BST

Level 3 | ICC Capital Suite 1

Join the KubeStellar maintainers to make the project better for everyone. You can choose between several opportunities to contribute, and you can count on maintainers from different project areas to help you on your first steps: Our first User Interface, documentation, website, GO lang, and more.

Speakers

Andy Anderson

Software Architect, IBM

Andy is an experienced software architect with a strong track record of leading research and engineering teams on hybrid cloud and Kubernetes-based platform development. He has a wealth of experience in software development, cloud computing, and data analysis. Andy is particularly... Read More →

Paolo Dettori

Sr. Technical Staff Member, IBM

Paolo Dettori is a Sr. Technical Staff Member at IBM Research in NY. His research interests are in distributed systems, cloud and open-source technologies. Paolo authored and coauthored several journal and conference papers, and he holds several patents issued in the United States... Read More →

Franco Stellari

Dr, IBM Research

Franco Stellari is with IBM T.J. Watson Research Center in Yorktown Heights, NY. He has more than 100 international publications and more than 45 granted patents. Some of his work in the field of advanced detectors was recognized with the Paul F. Forman Team Engineering Excellence... Read More →

Thursday April 3, 2025 16:00 - 17:15 BST
Level 3 | ICC Capital Suite 1

🚨 Contribfest, KubeStellar

16:00 BST

🚨 Contribfest: Making SlimToolkit Extensible: Introducing WASM-based Plugins for XRAY Container Image Scanning

Thursday April 3, 2025 16:00 - 17:15 BST

Level 3 | ICC Capital Suite 17

The ability to contribute to the project has been limited by the need to understand the project code base. Introducing plugins in the project will make it possible for new contributors to extend the project without understanding the entire project.

The XRAY command in the project is used to scan container images to extract useful container insights. It's a great place to introduce plugins because there's always more to analyze. It will also make it easier to integrate with other CNCF projects to provide additional analysis capabilities and to provide valuable data for those projects.

There are different plugin designs with each own set of pros and cons. A WASM-based plugin system will make it possible to create plugins in different languages contributors are more familiar with and it won't be limited to people who know Go.

No low level SlimToolkit, container tech or WASM expertise is required. You only need basic Go and interest in learning WASM libraries (e.g, Wazero, Extism, waPC)

Speakers

Kyle Quest

Founder, AutonomousLayer

Kyle created DockerSlim (aka SlimToolkit), a popular tool to inspect, minify and debug containers. He's the founder/CEO of AutonomousLayer & he's also the founder/CTO of Slim.AI. He's building an AI agent to maintain application dependencies and automatically fix vulnerabilities... Read More →

Thursday April 3, 2025 16:00 - 17:15 BST
Level 3 | ICC Capital Suite 17

🚨 Contribfest, SlimTookit

16:45 BST

⚡Lightning Talk: High Availability With '503: Unavailable' - Robert-Jan Huijsman, Reboot

Thursday April 3, 2025 16:45 - 16:50 BST

Level 0 | ICC Auditorium

Traditionally, we think "high availability" ("HA") means "very rarely responds '503: Unavailable'". Our applications and platforms have a lot of code to support that. For example, Knative contains a "Queue-Proxy" that holds requests while an application is scaling up - so that it doesn't have to respond "503: Unavailable" while the application is unavailable!

However, users don’t care about HTTP return codes - they care when their request is answered. Can we deliver a great user experience without the complexity of buffering in-flight requests?

We recently took a different approach to HA: an application (built using Envoy, Istio, and gRPC) that doesn't hesitate to return "503: Unavailable" and expects clients to retry. We found this approach reduces complexity drastically, while maintaining all the metrics our users care about. In this talk we'll discuss which applications might see benefits from this approach, the pitfalls we had to avoid, and whether we're still "Highly Available".

Speakers

Robert-Jan Huijsman

Founding Engineer, Reboot

My passion is building systems - especially computer systems and the human systems (organizations) that build them. I studied computer science in Amsterdam, worked at Google (Spanner, Firebase) in Silicon Valley, ran my own intercontinental startup (Tracis), and am now the entire... Read More →

Thursday April 3, 2025 16:45 - 16:50 BST
Level 0 | ICC Auditorium

⚡ Lightning Talks, Application Development

Content Experience Level Any

16:45 BST

Building & Operating a Large-scale HPC AI Cluster on Kubernetes - Kalyan Saladi & Chandan Avdhut, Meta Platforms Inc.

Thursday April 3, 2025 16:45 - 17:15 BST

Level 1 | Hall Entrance S10 | Room B

We explore the challenges of building and running a large-scale AI/ML cluster in cloud that can handle high-performance ML training jobs. We will cover the benefits of using a container orchestration platform like Kubernetes for managing AI/ML workloads and how Slurm can be used to schedule and manage jobs on a cluster. We will also dive into cluster health management and meeting performance expectations.

Share lessons from building a 12K GPU state-of-the-art HPC cluster, with high performance storage systems, and Infiniband network fabric, playing host to workloads ranging from 10s to thousands of GPUs lasting days to weeks.

We highlight the importance of health-checks and telemetry in understanding and reacting to various failure modes experienced in HPC clusters and how to mitigate impact on AI training jobs.

Finally, we share insights from operating the cluster for over a period of more than 6 months, and share pitfalls and best practices.

Speakers

Kalyan Saladi

Software Engineer, Meta Platforms Inc.

Kalyan is a software engineering lead at Meta Platforms in the research org(FAIR). He has built and operated multiple large AI clusters, both bare-metal as well as on the cloud. He supported several leading large model training efforts in FAIR over the years, including LLAMA-2. Kalyan... Read More →

Chandan Avdhut

Production Engineer, Meta Platforms Inc.

As a seasoned Production Engineer with a strong background in Kubernetes, public cloud infrastructure, and large-scale AI/ML clusters, I bring a unique blend of technical expertise and real-world experience to the table. With a proven track record of designing and operating complex... Read More →

Thursday April 3, 2025 16:45 - 17:15 BST
Level 1 | Hall Entrance S10 | Room B

AI + ML

Content Experience Level Advanced

16:45 BST

OTel Me How To Get My Open Source Community Taken Seriously: Lessons Learned as an OTel Maintainer - Reese Lee, New Relic & Adriana Villela, Dynatrace

Thursday April 3, 2025 16:45 - 17:15 BST

Level 1 | Hall Entrance N10 | Room H

One of the core parts of any open source project is community – after all, you need people to write the code, and people to use the code. However, you also need people to: raise awareness about the project, drive the adoption and implementation of the project, and to connect these intersecting groups.

There are, of course, many ways to do this and build a thriving project community. In this session, Reese Lee and Adriana Vilella will share how they support and help build the OpenTelemetry (OTel) community through their work as a Maintainer of the End User SIG, including:
* Improving the project via collaborations with other OTel SIGs
* Driving contributions to the project
* Demonstrating business value to end users
* Driving adoption through connecting end users and contributors

Reese and Adriana will also share some of the misadventures that happened along the way, and make sure attendees leave equipped with strategies they can implement today to build and grow their open source communities.

Speakers

Adriana Villela

Principal Developer Advocate, Dynatrace

Reese Lee

Senior Developer Relations Engineer, New Relic

Reese Lee is a Senior Developer Relations Engineer at New Relic, where she is focused on enabling customers and colleagues on OSS via workshops, blog posts, and documentation. She enjoys figuring out solutions to technical problems, learning about interesting user stories and use... Read More →

Thursday April 3, 2025 16:45 - 17:15 BST
Level 1 | Hall Entrance N10 | Room H

Cloud Native Experience

Content Experience Level Any

16:45 BST

GPU Sharing at CERN: Cutting the Cake Without Losing a Slice! - Diana Gaponcic, CERN

Thursday April 3, 2025 16:45 - 17:15 BST

Level 1 | Hall Entrance S10 | Room D

GPUs and accelerators are changing traditional High Energy Physics (HEP) deployments while also being the key to enabling efficient machine learning. However, their high cost and increasing demand oblige service managers to look into ways to maximize the HW utilization through sharing. While the existing methods are flexible and easy to use, complex use cases still require building custom components on top of the existing device plugin API.

This talk explores the new, exciting way of allocating and sharing GPUs - using Dynamic Resource Allocation (DRA). We go over the multiple options for GPU scheduling: time sharing, MPS, and MIG. We cover the features and limitations of each option and present extensive benchmark results that helped us assign each of our ML and scientific workloads to the most appropriate layout. Finally, we describe how managing GPUs in a centralized way improves resource utilization across interactive and batch workloads while optimizing costs in the long run.

Speakers

Diana Gaponcic

Computing Engineer, CERN

Diana is a Computing Engineer in the CERN IT department. After an internship at CERN focusing on containerization of ETL applications she later joined the Kubernetes team, working on the GitOps and monitoring infrastructure. Her current focus is on optimizing the usage of GPUs and... Read More →

Thursday April 3, 2025 16:45 - 17:15 BST
Level 1 | Hall Entrance S10 | Room D

Emerging + Advanced

Content Experience Level Intermediate

16:45 BST

Kubernetes SIG Storage: Intro & Deep Dive - Xing Yang, VMware by Broadcom & Jan Šafránek, Red Hat

Thursday April 3, 2025 16:45 - 17:15 BST

Level 3 | ICC Capital Suite 7-9

Kubernetes SIG Storage is responsible for ensuring that different types of file and block storage are available wherever a container is scheduled, storage capacity management (container ephemeral storage usage, volume resizing, etc.), influencing scheduling of containers based on storage (data gravity, availability, etc.), and generic operations on storage (snapshotting, etc.). SIG Storage also has a project that provides APIs for object storage support in Kubernetes. In this session, we will deep dive into some projects that SIG Storage is currently working on, provide an update on the current status, and discuss what might be coming in the future.

Speakers

Jan

Software Engineer, Red Hat

Jan is a Senior Principal Software Engineer at Red Hat working on storage aspects of Kubernetes. He started developing Kubernetes more than 8 years ago, and is one of the founding members of SIG-Storage. He’s the author of PersistentVolume controller, dynamic provisioning and StorageClass... Read More →

Xing Yang

Tech Lead, VMware by Broadcom

Thursday April 3, 2025 16:45 - 17:15 BST
Level 3 | ICC Capital Suite 7-9

Maintainer Track, Storage

16:45 BST

SIG Docs and You: Modernizing API Reference Generation - Kat Cosgrove & Xander Grzywinski, Independent

Thursday April 3, 2025 16:45 - 17:15 BST

Platinum Suite | Level 3 | Room 3-4

The Kubernetes project has some of the best documentation in the industry, and it’s part of the reason for the project’s success. Writing and maintaining that documentation requires the help of a small army of contributors, but there’s an often unseen aspect to the documentation that still needs work: the API reference docs generator. SIG Docs is beginning work to overhaul this process, and we need you! Learn more about how the reference docs are currently generated, the technical problems we face with that process, our plans for the future, and how you can get involved in ensuring the Kubernetes documentation continues to be the best it can be.

Speakers

Kat Cosgrove

Open Source Advocate, Independent

Xander Grzywinski

Open Source Program Manager, Independent

Thursday April 3, 2025 16:45 - 17:15 BST
Platinum Suite | Level 3 | Room 3-4

Maintainer Track, Kubernetes

16:45 BST

SIG-Multicluster Intro and Deep Dive - Jeremy Olmsted-Thompson & Laura Lorenz, Google; Stephen Kitt, Red Hat; Ryan Zhang, Microsoft

Thursday April 3, 2025 16:45 - 17:15 BST

Level 3 | ICC Capital Suite 14-16

SIG-Multicluster is focused on solving common challenges related to the management of many Kubernetes clusters, and applications deployed across many clusters, or even across cloud providers. In this session, we'll give attendees an overview of the current status of the multi-cluster problem space in Kubernetes and of the SIG. We’ll discuss current thinking around best practices for multi-cluster deployments and what it means to be part of a ClusterSet. Then we’ll highlight current SIG projects, focused use cases, and ideas for what’s next. Most importantly, we’ll provide information on how you can get involved either as a contributor or as a user who wants to provide feedback about the SIG's current efforts and future direction. Bring your questions, problems, and ideas - help us expand the multi-cluster Kubernetes landscape!

Speakers

Stephen Kitt

Senior Principal Software Engineer, Red Hat

Stephen is one of the maintainers of the Submariner project, providing connectivity and service discovery across multiple Kubernetes clusters. He is a long-time open source contributor, and has been at Red Hat since 2015, working on OpenDaylight and Submariner.

Jeremy Olmsted-Thompson

Principal Engineer, Google

Jeremy is a software engineer who works on Google Kubernetes Engine. His main focus is on simplifying the Kubernetes experience, and making it as easy as possible to deploy applications both within a cluster with things like GKE Autopilot, and across clusters with multi-cluster solutions... Read More →

Laura Lorenz

Software Engineer, Google

Laura Lorenz is a software engineer at Google. She is an active member of Kubernetes’ upstream focused on SIG-Multicluster, SIG-Node, and releases.

Ryan Zhang

Principal Software Engineering Manager, Microsoft

Thursday April 3, 2025 16:45 - 17:15 BST
Level 3 | ICC Capital Suite 14-16

Maintainer Track, Multicluster

16:45 BST

Vitess: Schema Changes at Scale - Deepthi Sigireddi & Shlomi Noach, PlanetScale

Thursday April 3, 2025 16:45 - 17:15 BST

Platinum Suite | Level 3 | Room 1-2

Welcome to the Vitess maintainer track session! Today, we discuss how Vitess enables smooth, controllable, and coordinated non-blocking schema changes at scale. We begin with a high level architecture of Vitess and the feature set it offers. We then deep dive into the operational complexity of making schema changes on high-traffic workloads and across multiple shards. We will show how Vitess simplifies the schema change process, making it near-seamless to the user across a large fleet of database servers. We’ll conclude with a preview of planned features.

Speakers

Shlomi Noach

Engineer, PlanetScale

Engineer and database geek, works at PlanetScale as a maintainer for open source Vitess. Previously at GitHub. Interested in database infrastructure solutions such as high availability, reliability, enablement, automation and testing. Shlomi is an active MySQL community member, authors... Read More →

Deepthi Sigireddi

Engineering Lead, PlanetScale

Deepthi is the Technical lead for Vitess, a CNCF graduated open source project. She also leads the Vitess engineering team at PlanetScale which offers a database service built on Vitess. She brings over 20 years of experience building scalable systems to this role. She enjoys speaking... Read More →

Thursday April 3, 2025 16:45 - 17:15 BST
Platinum Suite | Level 3 | Room 1-2

Maintainer Track, Vitess

16:45 BST

Observability Pipeline Query Languages: Present and the Future - Jacek Migdal, Quesma

Thursday April 3, 2025 16:45 - 17:15 BST

Level 1 | Hall Entrance N10 | Room G

Many observability products have created their query languages, starting with Splunk and followed by a parade of incompatible options (Sumo Logic, Coralogix Dataprime, Grafana LogQL, Elastic ES/QL, OpenSearch PPL, to name a few). I’ll admit I’m one of the culprits who contributed to this fragmented landscape. Even PromQL, a well-known open-source option for time-series data, hasn’t reached the universal adoption levels of good old SQL.

Is there a way to untangle this mess and march toward some standardization? In this piece, I’ll dive into a few proposals, including concepts like “pipe SQL” and ideas floating around in CNCF forums, to see if there’s a glimmer of hope for alignment.

Speakers

Jacek Migdal

CEO & Co-founder, Quesma

Jacek started a career as an engineering intern at NVIDIA CUDA and Facebook. He joined pre-revenue startup Sumo Logic as ~20 Sumo Logic in the San Francisco Bay Area. He moved back to Poland and opened an office with 80+ full-time engineers. We optimized gross margins on AWS and... Read More →

Thursday April 3, 2025 16:45 - 17:15 BST
Level 1 | Hall Entrance N10 | Room G

Observability

Content Experience Level Intermediate

16:45 BST

Live Migrating Stateful Batch Containers To Decrease Cluster Cost - Chris Battarbee & Ece Kayan, Metoro

Thursday April 3, 2025 16:45 - 17:15 BST

Level 1 | Hall Entrance S10 | Room A

Stateless workloads have long been able to take advantage of cluster compaction and the cost savings of spot instances, but stateful workloads present unique challenges. Unlike stateless applications, stateful workloads can’t easily restart on a new node without losing their critical state, making dynamic optimization much more difficult.

This talk explores how container snapshotting using the Kubelet Checkpoint API enables live migration of stateful workloads. By capturing and restoring the state of running containers, we can now compact stateful workloads to fewer nodes and even run them on spot instances cutting costs significantly.

We’ll cover the technical details of analyzing your cluster for consolidation opportunities, snapshotting containers, and migrating them seamlessly using open source tooling.

Speakers

Chris Battarbee

Software Engineer, Metoro

Chris Battarbee is the founder of Metoro and a former engineer at Palantir, where he wrote software to manage Spark workloads on Kubernetes focussing on efficiency and cost savings.

Ece Kayan

Software Engineer, Metoro

Ece Kayan, co-founder of Metoro, is a former Amazon engineer who focused on improving the resiliency and reliability of Prime Video services.

Thursday April 3, 2025 16:45 - 17:15 BST
Level 1 | Hall Entrance S10 | Room A

Operations + Performance

Content Experience Level Intermediate

16:45 BST

A Journey To Modernizing a Regulated Cloud Control Plane - Pranita Praveen, Macquarie Group Pty Ltd & Steven Borrelli, Upbound

Thursday April 3, 2025 16:45 - 17:15 BST

Level 0 | ICC Capital Hall | Room 1

At Macquarie, we have embarked on a transformative journey to modernize our cloud control plane. Initially designed for a single-cloud environment (AWS) to facilitate our move away from data centers, we are now evolving towards a multi-cloud solution underpinned by GitOps principles and foundational tooling made possible through the CNCF ecosystem. Our focus is on Kubernetes, Crossplane, OPA, Argo, among others, which have been instrumental in our progress.

We aim to share our successes and the lessons learned throughout this journey, built for engineers in a globally regulated environment comprising four distinct lines of business. Our experience underscores the vital role of the CNCF in our modernization efforts, and we are eager to give back to the community that has provided us with indispensable resources and support.

Speakers

Steven Borrelli

Principal Solutions Architect, Upbound

Steven is a Principal Solutions Architect for Upbound, where he helps customers adopt Crossplane.

Pranita Praveen

Head of Enterprise Multi-Cloud, Macquarie Group Pty Ltd

I am a cloud platform engineer and passionate about creating robust, simple and easy to operate solutions.

Thursday April 3, 2025 16:45 - 17:15 BST
Level 0 | ICC Capital Hall | Room 1

Platform Engineering

Content Experience Level Intermediate

16:45 BST

From Hours To Minutes: The Evolution of Platform Engineering at Decathlon - Adrien Gillard & Christophe Furmaniak, Decathlon

Thursday April 3, 2025 16:45 - 17:15 BST

Level 1 | Hall Entrance N10 | Room F

The platform engineering mindset is spreading like wildfire. As a way to accelerate business and empower developers, it is quickly becoming a “must-have”.

However there are still few real world feedbacks of the process. That’s why we offer attendees a look at Decathlon’s journey into platform engineering.
From its inception (when we did not call it platform engineering yet), to its current state where users are able to deploy infrastructure (including workloads, databases, service exposure) to host their applications, in full autonomy, while keeping strong standardization.

We will share how we can now provide our internal users with their environments in 20 minutes, and discuss the challenges we faced and the choices we had to make. We will also look into the next steps and improvements we intend for the future.

Speakers

Adrien Gillard

Senior Ops Engineer, Decathlon

After a dozen years in the IT industry and nearly half working with containers and Kubernetes, for IT hosters and service providers, Adrien acquired experience on a spectrum from on-premises datacenters to serverless functions in public clouds. He currently works at Decathlon, the... Read More →

Christophe Furmaniak

Staff Engineer, Decathlon

Christophe started as a passionate and responsible developer and this led him to pay close attention to all aspects of the project lifecycle, from the developer's workstation right through to deployment on production environments. His current main areas of interest are related to... Read More →

Thursday April 3, 2025 16:45 - 17:15 BST
Level 1 | Hall Entrance N10 | Room F

Platform Engineering

Content Experience Level Any

16:45 BST

How Do You Measure Developer Productivity? - Jennifer Riggins, The New Stack; Cat Morris, Syntasso; Akshaya Aradhya, Oscilar; Laura Tacho, DX; Helen Greul, Multiverse.io

Thursday April 3, 2025 16:45 - 17:15 BST

Level 0 | ICC Capital Hall | Room 2

Engineering is a science, so we know we can't improve what we don't measure. But many ways of measuring developer productivity focus too much on output, and aren’t trusted by developers.
So how should we measure developer productivity, and quantify the impact of processes, tools, Gen AI and culture on the developer experience (DevEx)?
Then, how do you take this data and turn it into something that's actionable and effective? Should we collect quantitative vs qualitative measurements? What about business impact? Cognitive load? Is there a way to measure the maturity of your platform strategy?
Join this panel to learn how from those who have been working with a Platform-as-a-Product mindset for years now. Join Multiverse's (ex-Backstage) Helen Greul, Oscilar’s (ex-GitHub, Netflix) Akshaya Aradhya, DX's Laura Tacho and Syntasso's Cat Morris in this epic panel hosted by The New Stack's Jennifer Riggins.

Speakers

Jennifer Riggins

Technology Journalist, The New Stack

Jennifer Riggins is a tech storyteller, journalist, writer, and event and podcast host, helping to share the stories where culture and technology collide and to translate the impact of the tech we are building. She has been a working writer since 2003, and is currently based in L... Read More →

Cat Morris

Staff Product Manager, Syntasso

Helen Greul

VP Engineering at Multiverse, Multiverse.io

Helen is an engineering leader, speaker and a strong advocate for creating developer ecosystems that empower teams to thrive. Her journey has taken her from hands-on coding to steering engineering and platform teams, providing her with a holistic perspective on the challenges and... Read More →

Akshaya Aradhya

VP of Engineering, Oscilar

Akshaya is a seasoned engineering executive with deep, technical knowledge about data, cloud, platform, machine learning, AI and infrastructure. Prior to joining Oscilar, she had worked at companies like GitHub, Netflix, LiveRamp and Intuit.She is passionate about building high performing... Read More →

Laura Tacho

CTO, DX

Laura Tacho is CTO at DX, a developer intelligence platform. She previously led teams at companies like CloudBees, Aula Education, and Nova Credit, and is a Docker Captain alumni.

Thursday April 3, 2025 16:45 - 17:15 BST
Level 0 | ICC Capital Hall | Room 2

Platform Engineering

Content Experience Level Any

16:45 BST

Redefining Access Control: Scaling Policy as Code for Humans and AI Agents - Raz Cohen, Permit.io

Thursday April 3, 2025 16:45 - 17:15 BST

Level 1 | Hall Entrance S10 | Room C

As enterprises embrace AI, managing access for both human users and AI agents has become essential. Traditional access control methods can no longer meet the demands of AI-driven identities such as chatbots, AI agents, decision engines, and autonomous tools.

This talk explores how Policy as Code redefines fine-grained access control, enabling scalability for both humans and AI. Learn how to design flexible, auditable policies that support real-time decision-making and address AI-specific challenges. Tools like Open Policy Agent (OPA) and OpenFGA will be featured, along with strategies for integrating AI-driven access models into zero-trust environments.

Through real-world case studies, discover how enterprises secure billions of interactions while fostering seamless collaboration between humans and machines.

Join me to gain practical insights into implementing scalable access control for today’s AI-powered ecosystems !

Speakers

Raz Cohen

Head of Platform, Permit.io

I'm Raz Cohen, Head of Platform at Permit.io. With over eight years in Kubernetes, cloud-native solutions, open-source projects & Platform engineering, starting at IDF's 8200 unit, Logz.io and Doubleverify, I've become a specialist in Developer Tools. I've spoken at events like KubeCon... Read More →

Thursday April 3, 2025 16:45 - 17:15 BST
Level 1 | Hall Entrance S10 | Room C

Security

Content Experience Level Intermediate

16:50 BST

⚡Lightning Talk: Kueue: Save Some QPS for the Rest of Us! How To Manage 100k Updates Per Second - Patryk Bundyra, Google

Thursday April 3, 2025 16:50 - 16:55 BST

Level 0 | ICC Auditorium

What if you had to update 100,000 objects every second? How do we avoid choking up the API server with such a load? Is directly modifying etcd objects even a viable option? In Kueue, we asked those questions a lot, and honestly, using standard CustomResourceDefinitions alone couldn’t keep up with the demands of this scale. In this session we will showcase how we combined the best of both worlds: CRDs and the good old K8s API Aggregation Layer to handle the dynamic positioning of up to 100,000 jobs in the queue.

Attendees will also gain valuable insights into system design decisions when dealing with such a scale and practical lessons for addressing similar challenges. We will delve into the pros and cons of both CRDs and the Aggregation Layer, providing clear guidance on when and why to use each. Finally, attendees will see how the K8s API Aggregation Layer extension works in practice and receive hands-on knowledge on choosing the right tool for the job.

Speakers

Patryk Bundyra

Software Engineer, Google

Patryk is a Software Engineer at Google working on Kueue, an open-source SIG project. Member of the Kubernetes Batch Working Group, always willing to collaborate and share his knowledge.

Thursday April 3, 2025 16:50 - 16:55 BST
Level 0 | ICC Auditorium

⚡ Lightning Talks, Platform Engineering

Content Experience Level Any

16:55 BST

⚡Lightning Talk: Observability Diet: Your 5-Step Plan To Trim the Data Fat - Pranay Prateek, SigNoz

Thursday April 3, 2025 16:55 - 17:00 BST

Level 0 | ICC Auditorium

Many organizations drown in terabytes of telemetry data but often use only 20% of it.

In this lightning talk, we'll sprint through battle-tested strategies in OpenTelemetry to trim your observability costs without compromising visibility. From intelligent sampling to SDK optimization, learn how to implement a lean observability practice that focuses on signal over noise.

Key Takeaways:
- Sampling : Tail based sampling, head based sampling for traces, probabilistic sampler processor for logs
- Using processors in the Otel collector with granular filtering/dropping of irrelevant attributes - to control volume going out of collector
- Reduce the volumes at the SDKs by controlling what attributes are sent - e.g.control what http.headers are sent
- Visibility on cardinality in time series (and suggestions on what attributes to drop)
- Use `Views` in SDKs to customise aggregation or which attributed are reported in metrics
- Using granular retention settings to reduce observability costs

Speakers

Pranay Prateek

Maintainer, SigNoz

Pranay is one of the maintainers at SigNoz, an open source APM. He loves working on open source and observability, and has deep interest in philosophy esp. around Existentialism He is one of the organisers of OpenTelemetry APAC discussion group meetings & has been speaker in events... Read More →

Thursday April 3, 2025 16:55 - 17:00 BST
Level 0 | ICC Auditorium

⚡ Lightning Talks, Application Development

Content Experience Level Beginner

17:00 BST

⚡Lightning Talk: Resource Roulette: Winning the Kubernetes Allocation Game - Daniele Polencic, Learnk8s

Thursday April 3, 2025 17:00 - 17:05 BST

Level 0 | ICC Auditorium

In this lightning talk, we'll challenge the conventional wisdom of setting static requests and limits for Kubernetes workloads. As applications evolve and usage patterns fluctuate, predefined resource allocations become obsolete, leading to either resource waste or performance bottlenecks.

In just 5 minutes, you'll learn:

- Quick techniques to identify resource misconfigurations
- Simple tricks for implementing adaptive resource management
- Easy-to-apply strategies for balancing cost and performance

Speakers

Daniele Polencic

Instructor, Learnk8s

Daniele teaches containers and Kubernetes at Learnk8s. Daniele is a certified Kubernetes administrator by the Linux Foundation. In the last decade, Daniele trained developers for companies in the e-commerce, finance and public sector.

Thursday April 3, 2025 17:00 - 17:05 BST
Level 0 | ICC Auditorium

⚡ Lightning Talks, Application Development

Content Experience Level Any

17:05 BST

⚡Lightning Talk: Rust Here, Rust There, Rust Everywhere! How a Crab Conquers the Cloud Native Landscape. - Sascha Grunert, Red Hat

Thursday April 3, 2025 17:05 - 17:10 BST

Level 0 | ICC Auditorium

The Rust ecosystem is growing slow and steady into the cloud native landscape. While some projects like youki completely set on the memory safe programming language, do others like CRI-O try to integrate it only partially into their projects. The overall goal of using Rust over anything else is to achieve a more performant, efficient and reliable software.

In this lightning talk, Sascha will outline the benefits and drawbacks of using Rust over the more commonly used Go language in the cloud native space. It will provide funky examples of how to switch between those languages, what are good and bad practices and how to deliver a Rust application to end users. The talk will provide an overview about which parts of the cloud native landscape are already Rusty and what we can expect in the upcoming years.

Join this lightning talk for a quick and compact cloud native comparison between Rust’s Ferris the crab and Go’s Gopher!

Speakers

Sascha Grunert

Principal Software Engineer, Red Hat

Sascha is a Principle Software Engineer at Red Hat, where he works on many different container related open-source projects like Kubernetes. He joined the open-source community in November 2018. Sascha's passions include contributing to open source, as well as giving talks and evangelizing... Read More →

Thursday April 3, 2025 17:05 - 17:10 BST
Level 0 | ICC Auditorium

⚡ Lightning Talks, Cloud Native Experience

Content Experience Level Beginner

17:10 BST

⚡Lightning Talk: Scaling To the Stars: Simulating Massive Clusters With KWOK - Soumya Balakrishnan, NVIDIA

Thursday April 3, 2025 17:10 - 17:15 BST

Level 0 | ICC Auditorium

At NVIDIA, we operate a large fleet of GPU Clusters that run Gaming and AI/ML workloads. As we expand, ensuring that we scale safely and efficiently becomes a critical challenge. Enter KWOK(Kubernetes Without Kubelet), our secret weapon for stress-testing new features before they hit production.
This talk will dive into how we integrate KWOK into our development pipeline, showcasing how it's helped us maintain stability while rapidly innovating.
1. Identifying resource utilization boundaries: Demonstrate how KWOK has helped us evaluate the resource limits that need to be set on service pods so they can operate within safe boundaries.
2. Code optimization insights: Share examples of how KWOK has helped optimize our automation tools, significantly reducing their memory footprint.
3. Performance testing at scale: Illustrate how KWOK enables us to simulate large-scale environments, allowing us to identify potential bottlenecks and optimize system performance before production deployment.

Speakers

Soumya Balakrishnan

Senior Software Engineer, NVIDIA

Soumya is a Senior DevOps Engineer at NVIDIA, specializing in cloud infrastructure and Kubernetes technologies.

Thursday April 3, 2025 17:10 - 17:15 BST
Level 0 | ICC Auditorium

⚡ Lightning Talks, Platform Engineering

Content Experience Level Intermediate

17:15 BST

⚡Lightning Talk: Scheduling Success: Precision Updates for Continuous Manufacturing Operations - Raul - Mihail Galescu, Bosch Connected Industry

Thursday April 3, 2025 17:15 - 17:20 BST

Level 0 | ICC Auditorium

Cloud-native technologies are gaining traction in manufacturing, as the industry strives for zero-downtime deployments in production systems. However, many plants rely on legacy software that doesn’t integrate smoothly with cloud-native environments. Even when containerized, these components often fail to support seamless request redirection between replicas, causing disruptions during cluster or node updates. These disruptions require precise scheduling around plant shift plans. This lightning talk will explain why maintenance windows can still be effective and how Bosch Connected Industry addresses the limitations of public cloud providers' update controls. You’ll learn a simple yet effective approach to managing cluster updates and node image promotions in production-critical environments.

Speakers

Raul Galescu

Junior DevOps Engineer, Bosch Connected Industry

Raul is a Junior DevOps Engineer at Bosch Connected Industry, specializing in optimizing cloud-native solutions. Prior to this role, he worked as a Junior System Administrator at the West University of Timisoara and provided IT solutions to public institutions at a local company in... Read More →

Thursday April 3, 2025 17:15 - 17:20 BST
Level 0 | ICC Auditorium

⚡ Lightning Talks, Platform Engineering

Content Experience Level Intermediate

17:20 BST

⚡Lightning Talk: Solving Real-World Edge Challenges With K0s, NATS, and Raspberry Pi Clusters - Prashant Ramhit, Mirantis, Inc.

Thursday April 3, 2025 17:20 - 17:25 BST

Level 0 | ICC Auditorium

Monitoring sea algae proliferation and coral growth in real time may seem daunting, but with the right tools, it becomes an exciting edge computing project. Using k0s, the lightweight CNCF-certified Kubernetes distribution, and NATS, the connective technology for edge computing, this project solved the challenges of data collection and processing in a distributed Raspberry Pi cluster.

Leveraging k0s’s minimal resource footprint and automated scaling, paired with NATS’s efficient messaging capabilities, the project enabled real-time sensor data collection and transmission under resource-constrained conditions. Dynamically bootstrapped Raspberry Pi clusters processed data locally while integrating with a central control plane.

Learn about dynamically bootstrapping Raspberry Pi clusters with k0s, managing distributed edge clusters, deploying NATS for scalable messaging, and scaling workloads based on environmental changes. See how k0s and NATS efficiently tackle real-world challenges.

Speakers

Prashant Ramhit

Snr. DevOps & QA, Mirantis, Inc.

Prashant is a skilled technologist with over two decades of experience, starting as a Linux System Administrator in the late 1990s. Progressing into SRE, DevOps, and Platform Engineering, he developed expertise in cloud-native systems and Golang development. Having worked at the BBC... Read More →

Thursday April 3, 2025 17:20 - 17:25 BST
Level 0 | ICC Auditorium

⚡ Lightning Talks, Operations + Performance

Content Experience Level Beginner

17:25 BST

⚡Lightning Talk: There Is a New Volume Type in Town! - Mario Loriedo, Red Hat

Thursday April 3, 2025 17:25 - 17:30 BST

Level 0 | ICC Auditorium

Volumes of type “image” open new scenarios and ways to use containers. The primary use case is AI workloads, the main drive for KEP-4639, which introduced them. However, these new volumes can have a broader impact. They allow the composition of different OCI images to augment a workload’s capabilities. Think of it as a container sidecar, but without the container’s isolation and with volumes composability.

This lightning talk discusses the volumes of type “image” and their different use cases, from AI to workload troubleshooting.

Speakers

Mario Loriedo

Senior Principal Software Engineer, Red Hat

Mario is a Senior Principal Software Engineer at Red Hat. He works on Podman and on container-based developer tools. He has been a CNCF Ambassador and the tech lead of the Eclipse Che project. He has co-created the Devfile (a CNCF Sandbox Project). He has been a speaker at conferences... Read More →

Thursday April 3, 2025 17:25 - 17:30 BST
Level 0 | ICC Auditorium

⚡ Lightning Talks, Cloud Native Experience

Content Experience Level Beginner

17:30 BST

⚡Lightning Talk: Extending Envoy With WebAssembly - Yuki Ito, newmo, Inc.

Thursday April 3, 2025 17:30 - 17:35 BST

Level 0 | ICC Auditorium

As a Cloud Native network proxy, Envoy has been widely used as a sidecar for Service Mesh, API Gateway, and many other cases. To deal with many custom requirements, Envoy has some extension points, one of which is the WebAssembly plugin feature.
In this Lightning Talk, the speaker, who is writing some WebAssembly plugins for Envoy and using them in a production environment, introduces the basics of the WebAssembly plugin for Envoy and explains how to write it using SDK by sharing some real-world examples.

Speakers

Yuki Ito

Software Architect, newmo, Inc.

Yuki is a software architect who promotes Platform Engineering, including API Platform, Cloud Infrastructure, CI/CD, and so on, for newmo, Inc. He also acts as a Google Cloud Champion Innovator in the fields of Serverless App Development and Modern Architecture.

Thursday April 3, 2025 17:30 - 17:35 BST
Level 0 | ICC Auditorium

⚡ Lightning Talks, Application Development

Content Experience Level Any

17:30 BST

Efficient Transparent Checkpointing of AI/ML Workloads in Kubernetes - Radostin Stoyanov, University of Oxford & Adrian Reber, Red Hat

Thursday April 3, 2025 17:30 - 18:00 BST

Level 1 | Hall Entrance S10 | Room B

As long-running AI/ML workloads become more common in cloud-native environments, the need for efficient checkpointing mechanisms to provide fault tolerance becomes increasingly important. However, current state-of-the-art techniques for transparent GPU checkpointing rely on intercepting and logging device API calls (e.g., CUDA runtime) as well as capturing input data and object handles (e.g., events, streams). This approach inevitably introduces steady-state overhead and requires replaying the entire recorded execution, potentially with nondeterministic operations, to recover from failures.

This talk will cover how the Kubernetes container checkpointing functionality has been extended with recently introduced CRIU plugins to enable transparent checkpoint/restore of GPU computations without the overhead of API interception, logging, or re-execution. This talk will also discuss how these mechanisms can be utilized to improve resource utilization in large-scale GPU clusters.

Speakers

Adrian Reber

Senior Principal Software Engineer, Red Hat

Adrian is a Senior Principal Software Engineer at Red Hat and is migrating processes at least since 2010. He started to migrate processes in a high performance computing environment and at some point he migrated so many processes that he got a PhD for that. Most of the time he is... Read More →

Radostin Stoyanov

PhD Student, University of Oxford

Radostin Stoyanov is a PhD student at the Scientific Computing research group at the University of Oxford, and a Software Engineer at the Core Kernel Team at Red Hat. His research focuses on improving the resilience and performance of HPC and cloud computing systems.

Thursday April 3, 2025 17:30 - 18:00 BST
Level 1 | Hall Entrance S10 | Room B

AI + ML

Content Experience Level Intermediate

17:30 BST

Generative AI Model Data Pre-Training on Kubernetes: A Use Case Study - Alexey Roytman, IBM & Anish Asthana, Red Hat

Thursday April 3, 2025 17:30 - 18:00 BST

Level 1 | Hall Entrance N11

Large Language Models (LLM) require preprocessing vast amounts of data, a process that can span days due to its complexity and scale, often involving PetaBytes of data. This talk demonstrates how Kubeflow Pipelines (KFP) simplify LLM data processing with flexibility, repeatability, and scalability. These pipelines are being used daily at IBM Research to build indemnified LLMs tailored for enterprise applications.
Different data preparation toolkits are built on Kubernetes, Rust, Slurm, or Spark. How would you choose one for your own LLM experiments or enterprise use cases and why should you consider Kubernetes and KFP?
This talk describes how open source Data Prep Toolkit leverages KFP and KubeRay for scalable pipeline orchestration, e.g. deduplication, content classification, and tokenization.
We share challenges, lessons, and insights from our experience with KFP, highlighting its applicability for diverse LLM tasks, such as data preprocessing, RAG retrieval, and model fine-tuning.

Speakers

Alexey Roytman

Software Architect, IBM

I am a Software Architect at IBM Research. I take pleasure in tackling technical challenges and discovering/ implementing innovative solutions. With over 20 years in my career, I have amassed experience in developing various middleware and cloud components. I have a keen interest... Read More →

Anish Asthana

Associate Manager, Engineering, Red Hat

Anish is an engineering manager at Red Hat in the OpenShift AI organization. He is working on making machine learning easier for the wider community by building a platform out with cloud capabilities at the core. Most recently, his interests have been focused on the Distributed Workloads... Read More →

Thursday April 3, 2025 17:30 - 18:00 BST
Level 1 | Hall Entrance N11

AI + ML

Content Experience Level Any

17:30 BST

Workload Identity for Humans: A Twelve-Factor Approach - Vish Abrams, Heroku

Thursday April 3, 2025 17:30 - 18:00 BST

Level 1 | Hall Entrance N10 | Room E

Workload identity in cloud-native systems has largely focused on platform tools. Kubernetes Service Accounts and SPIFFE/SPIRE provide powerful identity primitives, but their flexibility results in bespoke implementations of workload identity from the perspective of the application. This forces application developers to implement custom identity mechanisms for each platform. This talk introduces a more developer-friendly approach. We layer an application-focused workload identity on top of existing CNCF solutions, focusing on simplicity and usability. Drawing on the principles of Twelve-Factor Applications, we will explore how to integrate workload identity into cloud-native applications in a way that feels natural and productive for developers. Attendees will learn practical patterns for incorporating workload identity, gain a clearer understanding of workload identity concepts, and leave with actionable strategies to improve security without sacrificing developer experience.

Speakers

Vish Abrams

Chief Architect, Heroku

Vish Abrams is Chief Architect at Heroku, a subsidiary of Salesforce. Formerly he helped Oracle create their cloud, where he focused on virtualization, containerization, and machine learning. He was also NASA Nebula Technical Lead during the creation of Nova, one of the founding OpenStack... Read More →

Thursday April 3, 2025 17:30 - 18:00 BST
Level 1 | Hall Entrance N10 | Room E

Application Development

Content Experience Level Beginner

17:30 BST

Challenges of and Solutions for Migrating Spark From Legacy Hadoop Clusters To Kubernetes - Peter Christensen & Neha Singla, Apple

Thursday April 3, 2025 17:30 - 18:00 BST

Level 1 | Hall Entrance N10 | Room H

While there are performance and security reasons for operating Spark from bare metal Apache Hadoop clusters, cloud-based installations using Kubernetes as the cluster manager are becoming more and more mainstream due to superior scalability, flexibility, and cost-effectiveness for variable workloads. However, the migration of Spark from bare metal clusters to a cloud-based cluster environment poses a number of non-trivial challenges from a technical as well as from a human/organizational perspective. Specifically, these challenges include but are not limited to dealing with difficulties in achieving query performance parity, differences in scheduling and resource management, security in a multi-tenancy context, and the provisioning of sufficient introspection for aiding diagnostics and configuration adjustments. This case study recounts challenges encountered and solutions implemented while migrating Spark from bare metal to Kubernetes managed cloud in a large corporate environment.

Speakers

Peter Christensen

Software Engineer, Apple

Senior software engineer with multi-disciplinary background in various fields such as electronic design automation, materials science, and large-scale distributed processing and cloud computing

Neha Singla

Senior Software Engineer, Apple

Neha Singla is a software engineer with Data platform team in Apple who provides Jupyter notebooks solutions at scale to help data scientists/data engineers at Apple build great data products. She is working with Apple for 2+ years and have experience building platforms at scale with... Read More →

Thursday April 3, 2025 17:30 - 18:00 BST
Level 1 | Hall Entrance N10 | Room H

Data Processing + Storage

Content Experience Level Intermediate

17:30 BST

Image Snapshotters for Efficient Container Execution in Particle Physics - Clemens Lange, Paul Scherrer Institute & Valentin Volkl, CERN

Thursday April 3, 2025 17:30 - 18:00 BST

Level 1 | Hall Entrance S10 | Room D

In particle physics, compute-intensive workloads often involve thousands of "embarrassingly parallel" jobs relying on multi-gigabyte container images. A large fraction of these workloads is executed using software containers. Efficient execution across large-scale computing environments demands advanced caching and image loading techniques to prevent network saturation and reduce startup times. Leveraging the industry-standard containerd runtime, we evaluate snapshotter plugins such as CVMFS (a CERN-developed distributed file system for large-scale software distribution), SOCI, and Stargz, which use "lazy" image loading to optimise performance. This talk includes an analysis of metrics such as container startup time and image data downloaded, alongside usability evaluations in a research environment. We demonstrate how these tools enhance the reusability and reproducibility of physics analyses---insights relevant to broader high-performance computing scenarios.

Speakers

Clemens Lange

Research Physicist, Paul Scherrer Institute

Clemens is a particle physicist at Switzerland’s Paul Scherrer Institute, where he contributes to the CMS experiment at CERN’s Large Hadron Collider. He focusses on Higgs boson analysis, the development of new particle detectors, and is passionate about computing and open science... Read More →

Valentin Volkl

Systems Software Engineer, CERN

Valentin is a physicist and staff software engineer at CERN. In the past he has worked on software and simulations for the next generation of particle colliders. Since 2023 he is lead developer for the CernVM-FileSystem (CVMFS) that is used to distribute software for users in science... Read More →

Thursday April 3, 2025 17:30 - 18:00 BST
Level 1 | Hall Entrance S10 | Room D

Emerging + Advanced

Content Experience Level Intermediate

17:30 BST

Containerd: Project Update and Deep Dive - Maksym Pavlenko, NVIDIA; Akihiro Suda, NTT; Laura Brehm, Docker; Samuel Karp, Google; Jiaxiao Zhou, Microsoft

Thursday April 3, 2025 17:30 - 18:00 BST

Platinum Suite | Level 3 | Room 3-4

Join containerd maintainers for an update and deep dive into the latest developments in containerd. This panel will feature discussion of the launch and adoption of containerd 2.0, what’s next in 2.1, 1.7’s transition into Extended support, and how LTS is going with 1.6. Topics will also include how the containerd project is involved with the KEP process and highlight how the broader cloud native ecosystem is enhanced through extension points in containerd and subprojects like runwasi.

Speakers

Akihiro Suda

Software Engineer, NTT

Akihiro Suda is a software engineer at NTT Corporation. He has been a maintainer of Moby (dockerd), BuildKit, containerd, runc, etc. He is also a founder of nerdctl and Lima (CNCF project).

Maksym Pavlenko

Principal Engineer, NVIDIA

Maksym is a Principal Engineer at NVIDIA focused on container and microVM technologies, containerd and custom runtimes. He's been a containerd maintainer since 2019 focusing on snapshotters, new sandbox API, CRI, and overall architecture.

Jiaxiao Zhou

Software Engineer, Microsoft

Jiaxiao (Joe) Zhou is a Software Engineer at Microsoft. He is on the Azure Container Upstream team and works on bringing WebAssembly to the cloud through projects like "runwasi", "SpiderLightning", and "containerd-wasm-shims". He is also a champion of several WASI proposals including... Read More →

Samuel Karp

Staff Software Engineer, Google

Samuel Karp is a containerd maintainer and a Staff Software Engineer at Google, focused on nodes and the container runtime in Google Kubernetes Engine. Sam has been involved in the container ecosystem since 2014 and serves as the Chair of the Open Container Initiative's Technical... Read More →

Laura Brehm

Software Engineer, Docker

Software Engineer at Docker, focused on the Docker Engine, CLI, and Containerd. Maintainer @moby @containerd @compose-spec.

Thursday April 3, 2025 17:30 - 18:00 BST
Platinum Suite | Level 3 | Room 3-4

Maintainer Track, Containerd

17:30 BST

Harbor Project - The Maintainers Session - Orlin Vasilev, SUSE & Vadim Bauer, 8gears Container Registry

Thursday April 3, 2025 17:30 - 18:00 BST

Level 3 | ICC Capital Suite 7-9

In Harbor v2.12.0, we've introduced significant enhancements and new features to elevate performance, security, and usability for developers and DevOps professionals. Key updates include the integration of SBOM (Software Bill of Materials) to improve compliance and security, alongside a revamped robot account functionality that strengthens CI/CD automation with advanced access controls and configuration options.

A notable addition is the ability to configure speed limits for proxy cache projects, enabling precise control over network bandwidth during artifact pulls.
Other improvements include exporting Harbor statistics as Prometheus metrics and UI updates for better usability. With support for Prometheus metrics and enhanced SBOM management, including TLS support and fixes, this release prioritizes security, automation, and operational efficiency.

Join our maintainers to dive deeper into these updates and explore exciting community-driven projects that complement Harbor’s evolution.

Speakers

Vadim Bauer

Harbor Maintainer, 8gears Container Registry

Vadim Bauer is a Container Silverback with over a decade of experience in running containers in production. As a maintainer of the CNCF project Harbor, he focuses on extending the boundaries of OCI artifact management, adoption, and developer experience. At 8gears, Vadim helps cloud... Read More →

Orlin Vasilev

Principle Open Source Technology Advocate, SUSE

Orlin Vasilev is Principal Open Source Technology Advocate and Community Manager for Project Harbor as part of the Cloud Native team at SUSE. Second term CNCF Ambassador and driving the biggest Meetup Group in Bulgaria. KubeCon CfP review board member and co-chair for Track 101 and... Read More →

Thursday April 3, 2025 17:30 - 18:00 BST
Level 3 | ICC Capital Suite 7-9

Maintainer Track, Harbor

17:30 BST

Helm 4 You - Matt Farina, SUSE & Andrew Block, Red Hat

Thursday April 3, 2025 17:30 - 18:00 BST

Level 3 | ICC Capital Suite 10-12

Have you heard? A new version of Helm, the Kubernetes package manager, is on the way and there has never been a better time to get excited about the project!

Whether you are a longtime user of Helm or are just getting started, Helm 4 represents not only a major development milestone, but acts as a catalyst for reinvigorating the Helm community. Helm 4 is being built by the community for the community. Features, capabilities, and project direction are all under consideration and it's not too late to get involved and have your voice be heard.

Join Helm maintainers as they provide an update on the next major version of Helm, the timelines, and the features being evaluated. They will also share how the community has been inspirational in helping make Helm 4 a reality. Since Helm continues to be a crucial component in the workflows of users and enterprises worldwide, a new version of Helm is only possible thanks to the continued collaboration from the Cloud Native community.

Speakers

Andrew Block

Distinguished Architect, Red Hat

Andrew Block is a Distinguished Architect at Red Hat that works with organizations to design and implement solutions leveraging cloud native technologies. He specializes in Continuous Integration and Continuous Delivery methodologies with a focus on security to reducing the overall... Read More →

Matt Farina

Distinguished Engineer, SUSE

Thursday April 3, 2025 17:30 - 18:00 BST
Level 3 | ICC Capital Suite 10-12

Maintainer Track, Helm

17:30 BST

How We Solved TLS at Scale: Self-Service, Multi-Tenant Cert-manager - Erik Godding Boye, Zenior & Tim Ramlot, Venafi, a CyberArk Company

Thursday April 3, 2025 17:30 - 18:00 BST

Level 3 | ICC Capital Suite 14-16

cert-manager is an open-source X.509 certificate controller for Kubernetes, designed to automate certificate management. In this session, we’ll explore how to configure cert-manager and its subprojects for large-scale certificate management.

At the scale of our production setup, managing and requesting certificates cannot be centralized and self-service is required. A self-service multi-tenant setup requires isolation between tenants, must support tenant-specific trust, and must be able to enforce security policies at scale.

We'll make use of key cert-manager subprojects including trust-manager, approver-policy, and csi-driver to simplify these challenges. You’ll walk away knowing how to use cert-manager in multi-tenant setups, leaving you free to focus on your all-important business logic!

Speakers

Erik Godding Boye

Platform Engineer, Zenior

Tim Ramlot

cert-manager maintainer, Venafi, a CyberArk Company

Tim started working at Venafi as a software engineer after his graduation as computer science engineer at Ghent University. He learned about cert-manager and Venafi through a Google Summer of Code internship. His mission at Venafi is to advance his problem solving skills, whilst contributing... Read More →

Thursday April 3, 2025 17:30 - 18:00 BST
Level 3 | ICC Capital Suite 14-16

Maintainer Track, cert-manager

17:30 BST

Open Policy Agent (OPA) Intro & Deep Dive - Charlie Egan, Styra

Thursday April 3, 2025 17:30 - 18:00 BST

Platinum Suite | Level 3 | Room 1-2

Come to this session to learn about the Open Policy Agent (OPA) project. OPA is a general-purpose policy engine that solves a number of policy-related use cases for Kubernetes, service mesh, CI/CD, infrastructure permissions, and more.

During this session OPA maintainers will introduce the project for newcomers and then provide updates on recent features and improvements in OPA.

If you are interested in policy as code and security as it relates to cloud native technology, this session is for you. OPA maintainers will also be available for questions after the session.

Speakers

Charlie Egan

Senior Developer Advocate, Styra

Charlie has been working with in the Cloud Native space since 2018. He currently works as a Developer Advocate at Styra and on the OPA project. Charlie is interested in authentication and authorization across the stack. You can find him in the OPA Community Slack.

Thursday April 3, 2025 17:30 - 18:00 BST
Platinum Suite | Level 3 | Room 1-2

Maintainer Track, Open Policy Agent (OPA)

17:30 BST

Optimizing Metrics Collection & Serving When Autoscaling LLM Workloads - Vincent Hou, Bloomberg & Jiří Kremser, kedify.io

Thursday April 3, 2025 17:30 - 18:00 BST

Level 1 | Hall Entrance N10 | Room G

Balancing resource provision for LLM workloads is critical for maintaining both cost efficiency and service quality. Kubernetes’s Horizontal Autoscaling offers a cloud-native capability to address these challenges, relying on the metrics to make the autoscaling decisions. However, the efficiency of metrics collection impacts how quickly and accurately Autoscaler responds to the LLM workload demands. This session explores strategies to enhance metrics collection for autoscaling LLM workloads with:
1. The fundamentals of how horizontal autoscaling works in Kubernetes
2. The unique challenges of autoscaling LLM workloads
3. A comparison of existing Kubernetes autoscaling solution for custom metrics with their pros and cons
4. How optimizing metrics collection through push-based approaches can improve scaling responsiveness.
It will demonstrate an integrated solution using KServe, OpenTelemetry collector and KEDA to showcase how they can be leveraged to optimize LLM workload autoscaling.

Speakers

Vincent Hou

Senior Software Engineer, Bloomberg

Vincent Hou is a senior software engineer on Bloomberg’s Cloud Native Compute Services AI Inference engineering team, which he joined in 2023 after working for IBM for 13-years. He has been an active open source contributor since 2010. He previously was an active contributor to... Read More →

Jiří Kremser

YAML Engineer, kedify.io

whois jkremser? Software engineer and open-source enthusiast currently working on kedify.io. Previously GiantSwarm.io, ABSA, Red Hat, etc. He likes road trips, 3d print and he is also a proud contributor to CNCF sandbox project called k8gb.io

Thursday April 3, 2025 17:30 - 18:00 BST
Level 1 | Hall Entrance N10 | Room G

Observability

Content Experience Level Intermediate

17:30 BST

Chaos Engineering Practice Under Ultra-large-scale Cloud Native Edge Computing - Yue Bao, Huawei & yue li, DaoCloud

Thursday April 3, 2025 17:30 - 18:00 BST

Level 1 | Hall Entrance S10 | Room A

Fast growing technologies, such as 5G networks, industrial Internet, and AI, are giving edge computing an important role in driving digital transformation. As each new technology brings benefits, it brings challenges. First, there are massive heterogeneous edge devices and it encompass a broad range of device types. Second, Edge devices are often located in unstable and complex physical and network environments, such as limited bandwidth, high latency, etc. How to overcome these challenges and build a stable, large-scale edge computing platform needs to be resolved.
KubeEdge is an open source edge computing framework that extends the power of kubernetes from central cloud to edge. Now, Kubernetes clusters powered by KubeEdge, can stably support 100,000 edge nodes and manage more than one million pods.
In this session, we will share the Key challenges of manage massive heterogeneous edge nodes and tell how using ChaosMesh to makes KubeEdge more Reliable in large-scale edge nodes.

Speakers

Yue Bao

Senior Software Engineer, Huawei

yue li

Software Quality Engineer, DaoCloud

work at DaoCloud as Quality Director, more than 20 years IT industry experience, China Mobile, Siemens, HP, EMC, and startup company. Newcomer in Cloud Native and open source fans. Would like to adopt open source projects to improve enterprise software quality with fast release.

Thursday April 3, 2025 17:30 - 18:00 BST
Level 1 | Hall Entrance S10 | Room A

Operations + Performance

Content Experience Level Any

17:30 BST

Automating Kubernetes Cluster Updates: Achieving Zero Downtime Effortlessly - Haitao Zhang, CloudPilot AI; Baofa Fan, DaoCloud; Ling Ling, Independent; Wei Jiang, Huawei

Thursday April 3, 2025 17:30 - 18:00 BST

Level 0 | ICC Capital Hall | Room 1

Upgrading a Kubernetes cluster is an ongoing task. The biggest challenge for teams maintaining Kubernetes clusters is how to avoid service disruptions or system crashes during the upgrade process. With Karpenter's disruption mechanism, we can now automate Kubernetes cluster upgrades on major cloud platforms such as AWS, Azure, and AlibabaCloud with controlled, zero downtime. To date, Karpenter supports these cloud vendors and will expand to more platforms in the future. This mechanism makes Kubernetes cluster upgrades safe, controllable, easy and efficient, and significantly reduces the operation and maintenance pressure of DevOps teams. In this session, we will discuss how Karpenter's disruption works, show examples of its practice on major cloud platforms, and help you master how to achieve smooth upgrades and ensure the continuous and stable operation of services.

Speakers

Wei Jiang

Tech Leader, CloudPilot AI

Wei Jiang serves as a Tech Leader at CloudPilot AI. He primarily works on open-source projects, focusing on node scaling with Karpenter and other technologies that achieve high utilization and cost-effectiveness.

Xinxia Ling

Open Source & AI Enthusiast, CloudPilot AI Inc.

With experience in promoting cloud-native solutions like Karpenter and Rancher, Ling offers valuable insights on how developers can cut cloud costs while scaling their infrastructure efficiently.

Fan Baofa

Software Engineer, DaoCloud

Baofa Fan (GitHub @carlory) is an active reviewer of the Kubernetes, Kubernetes-sigs and Kubernetes-csi organization, currently mainly on sig-storage. And He is also a reviewer of the Karmada project which focus on the multi-cluster area.

Haitao Zhang

Software Engineer, CloudPilot AI

Haitao Zhang (GitHub@helen-frank) is a major contributor and reviewer of karpenter-provider-alibabacloud, and a member of kubernetes-sigs and karmada.

Thursday April 3, 2025 17:30 - 18:00 BST
Level 0 | ICC Capital Hall | Room 1

Platform Engineering

Content Experience Level Intermediate

17:30 BST

Cloudy With a Chance of Kubernetes: Going From One To Three Cloud Providers - Laurent Bernaille & Maxime Visonneau, Datadog

Thursday April 3, 2025 17:30 - 18:00 BST

Level 0 | ICC Capital Hall | Room 2

Over the past five years, Datadog expanded from operating in a single region to six regions across three cloud providers. Kubernetes facilitated this expansion by abstracting the differences between cloud environments. However, we encountered several interesting challenges as some implementation details leaked through the abstraction.

This talk will begin with our rationale for adopting a multi-cloud strategy and the constraints it introduced. We will then share our insights on leveraging Kubernetes, the disparities among cloud provider implementations, and how these inconsistencies sometimes breached the Kubernetes abstraction. Finally, we will discuss how our platform teams created additional abstractions hiding most of these differences and the few remaining details that we have to expose to teams deploying on our platform.

Speakers

Maxime Visonneau

Engineering Manager, Datadog

Maxime is an experienced systems and software engineer known for his passion in building robust infrastructures for small to large businesses. Having successfully led his startup to acquisition by Twitter in 2021. He is currently leading teams in charge of the Kubernetes platform... Read More →

Laurent Bernaille

Principal Engineer, Datadog

Laurent Bernaille worked several years as a consultant specializing in cloud, containers, and automation and helped organizations migrate to the public cloud and adopt containers. He is now Principal Engineer at Datadog and works closely with infrastructure teams, which are responsible... Read More →

Thursday April 3, 2025 17:30 - 18:00 BST
Level 0 | ICC Capital Hall | Room 2

Platform Engineering

Content Experience Level Any

17:30 BST

From Metal To Apps: LinkedIn’s Kubernetes-based Compute Platform - Ahmet Alp Balkan & Ronak Nathani, LinkedIn

Thursday April 3, 2025 17:30 - 18:00 BST

Level 1 | Hall Entrance N10 | Room F

What does it take to design a Kubernetes-based fleet management stack that bridges the gap between bare-metal servers in data centers and a platform capable of hosting thousands of microservices, large-scale stateful applications, and a GPU fleet running AI workloads?

At LinkedIn, we use Kubernetes as a foundational primitive in our compute platform. We run thousands of microservices, manage large stateful applications with our custom scheduler, manage a large fleet of GPUs –all while performing regular maintenance on the bare metal hosts with no downtime or manual intervention.

In this talk, we’ll talk about how we architected and built an API-driven, Kubernetes-based compute stack with a large-scale microservices platform, a workload-agnostic stateful scheduler, and a multi-tenant ML/batch jobs platform. We’ll share insights on scaling Kubernetes for diverse workloads while maintaining tenant isolation, resilience, flexibility, and ease of use for developers.

Speakers

Ahmet Alp Balkan

Sr.Staff Software Engineer, LinkedIn

Ahmet is working on building LinkedIn's next generation compute cluster management stack using Kubernetes. In the open source he maintains projects like Krew (kubectl plugin manager), and kubectx.

Ronak Nathani

Sr. Staff Software Engineer, LinkedIn

Ronak leads the Kubernetes team at LinkedIn, spearheading the company's transition to Kubernetes over the past few years. Prior to this role, he contributed to the development and management of LinkedIn's home-grown scheduler and internal private cloud. In addition to his day job... Read More →

Thursday April 3, 2025 17:30 - 18:00 BST
Level 1 | Hall Entrance N10 | Room F

Platform Engineering

Content Experience Level Intermediate

17:30 BST

Weaving a VEX Feed Through the Kubernetes Project - Adolfo García Veytia, Stacklok

Thursday April 3, 2025 17:30 - 18:00 BST

Level 1 | Hall Entrance S10 | Room C

Vulnerability triaging is an expensive process, often plagued with false positives that cause organizations to waste thousands of dollars in engineering time handling and suppressing them to conform with compliance frameworks.

Here to the rescue comes VEX - the Vulnerability Exploitability eXchange - a new metadata format, designed as a companion to SBOMs that communicates the impact of a vulnerability on a piece of software.

False positives come in many forms: From vulnerabilities found in other platforms, non-exploitable code paths, to simple mitigations pre applied to artifacts. Using VEX, software authors can communicate downstream that software is safe to use despite security scanners going brrrr..

In this talk, we dive into VEX, explore the new Kubernetes VEX feed instrumented through collaboration from SIG Release, the Security Response Committee and SIG Security to understand the source of the data, how to use it and do some cool demos with real vulnerability scanners!

Speakers

Adolfo García Veytia

Staff Software Engineer, Stacklok

Adolfo García Veytia (@puerco) is a software engineer with Stacklok. He is one of the Kubernetes SIG Release Technical Leads, actively working on the Release Engineering team to improve the software that drives Kubernetes release process. He is also the creator of the OpenVEX and... Read More →

Thursday April 3, 2025 17:30 - 18:00 BST
Level 1 | Hall Entrance S10 | Room C

Security

Content Experience Level Beginner

08:00 BST

Badge Pick-Up

Friday April 4, 2025 08:00 - 16:00 BST

Level 1 | Hall Entrance S5

Friday April 4, 2025 08:00 - 16:00 BST
Level 1 | Hall Entrance S5

Registration

09:00 BST

Keynote: Welcome Back + Opening Remarks

Friday April 4, 2025 09:00 - 09:05 BST

Level 0 | ICC Auditorium

Friday April 4, 2025 09:00 - 09:05 BST
Level 0 | ICC Auditorium

Keynote Sessions

09:06 BST

Keynote: LLM-Aware Load Balancing in Kubernetes: A New Era of Efficiency - Clayton Coleman, Distinguished Engineer, Google & Jiaxin Shan, Software Engineer, Bytedance

Friday April 4, 2025 09:06 - 09:21 BST

Level 0 | ICC Auditorium

Traditional load balancing approaches, including round robin or those relying on metrics like QPS are often ineffective when applied to LLM serving. LLM requests vary significantly in computational demands due to prompt length, the model differences and their autoregressive nature, leading to unpredictable request running times. Moreover, the emergence of model multiplexing techniques (e.g., LoRA) introduces new complexities that necessitate LLM-aware load balancing strategies.
In this talk, we introduce a new set of Kubernetes APIs for routing to LLM workloads that allow configuration of serving objectives and priorities for each use case. These APIs integrate seamlessly with Gateway API, and an included extension means that support for these APIs can easily be plugged into many Gateway API implementations to enable turnkey LLM routing support.
This talk will show this project in action, demonstrating the significant improvements it can enable across a variety of real world examples.

Speakers

Jiaxin

Software Engineer, Bytedance

Jiaxin works at ByteDance Infrastructure Lab, focusing on serverless and AI infrastructure. He is also a co-chair of Kubernetes WG-Serving, Jiaxin drives innovations and contributes to the future of scalable AI systems.

Clayton Coleman

Distinguished Engineer, Google

Architect, engineer, and strategic visionary for application platforms in the cloud. Core contributor to Kubernetes and OpenShift, the open source platform as a service and the containerized cluster manager. I helped launch the shift to cloud native applications and the platforms... Read More →

Friday April 4, 2025 09:06 - 09:21 BST
Level 0 | ICC Auditorium

Keynote Sessions, AI + ML

Content Experience Level Intermediate

09:22 BST

Keynotes To Be Announced

Friday April 4, 2025 09:22 - 09:42 BST

Level 0 | ICC Auditorium

Friday April 4, 2025 09:22 - 09:42 BST
Level 0 | ICC Auditorium

Keynote Sessions

09:43 BST

Keynote: Cutting Through the Fog: Clarifying CRA Compliance in Cloud Native - Eddie Knight, OSPO Lead, Sonatype & Michael Lieberman, CTO, Kusari

Friday April 4, 2025 09:43 - 09:58 BST

Level 0 | ICC Auditorium

With the final release of the European Union’s Cyber Resilience Act, it would be fair to have concern about its implications to both the software you create and the resources you depend on. Much like London’s notorious fog, the hype and fear around the CRA have obscured the path our community is on.

In their role as leaders of CNCF’s Technical Advisory Group for Security and as maintainers of the OpenSSF Security Baseline, speakers Eddie Knight and Michael Lieberman are uniquely equipped to shed light on both the benefits and complexities of CRA.

This talk will be a light-hearted exploration of how cloud technology, open source projects, and end users can all benefit from the CRA— and how software creators can avoid falling on the wrong side of the law.

Speakers

Michael Lieberman

CTO, Kusari

Eddie Knight

OSPO Lead, Sonatype

Friday April 4, 2025 09:43 - 09:58 BST
Level 0 | ICC Auditorium

Keynote Sessions, Security

Content Experience Level Any

09:59 BST

Keynotes To Be Announced

Friday April 4, 2025 09:59 - 10:10 BST

Level 0 | ICC Auditorium

Friday April 4, 2025 09:59 - 10:10 BST
Level 0 | ICC Auditorium

Keynote Sessions

10:10 BST

Keynote: Science at Light Speed: Cloud Native Infrastructure for Astronomy Workloads - Carolina Lindqvist, System Specialist, EPFL

Friday April 4, 2025 10:10 - 10:25 BST

Level 0 | ICC Auditorium

The Square Kilometre Array (SKA) project is a global collaboration for constructing the world’s largest radio telescope. This presentation shows how the Swiss SKA Regional Center (CHSRC) unit within the global SKA Regional Center Network (SRCNet) collaboration uses Kubernetes as a service management plane and leverages its ecosystem to build a novel infrastructure to support data- and compute-intensive astronomy use cases. The main focus is on an example setup of a Kubernetes cluster, showing how cloud-native tools are leveraged to interact with external storage and compute services, and demonstrating how to build infrastructure suitable for multiple sites. It is applicable both for beginners who seek guidance for where to start their cloud-native journey as well as intermediate Kubernetes users who wish to see examples of cloud-native use cases from within a scientific organisation.

Speakers

Carolina Lindqvist

System Specialist, EPFL

Carolina Lindqvist is a System Specialist at the EPFL SCITAS department for Scientific Computing and High Performance Computing (HPC). She works with Kubernetes infrastructure for scientific use cases. Before joining SCITAS, Carolina worked at the Blue Brain Project, startups and... Read More →

Friday April 4, 2025 10:10 - 10:25 BST
Level 0 | ICC Auditorium

Keynote Sessions, Emerging + Advanced

Content Experience Level Intermediate

10:25 BST

Keynote: Closing Remarks

Friday April 4, 2025 10:25 - 10:30 BST

Level 0 | ICC Auditorium

Friday April 4, 2025 10:25 - 10:30 BST
Level 0 | ICC Auditorium

Keynote Sessions

10:30 BST

Coffee Break ☕

Friday April 4, 2025 10:30 - 11:00 BST

Level 1 | Hall Entrances S8 - S9, N8 - N9

Friday April 4, 2025 10:30 - 11:00 BST
Level 1 | Hall Entrances S8 - S9, N8 - N9

Breaks

10:30 BST

Solutions Showcase

Friday April 4, 2025 10:30 - 14:00 BST

Level 1 | Hall Entrances S8 - S9, N8 - N9

Friday April 4, 2025 10:30 - 14:00 BST
Level 1 | Hall Entrances S8 - S9, N8 - N9

Solutions Showcase

11:00 BST

Empowering AI-Driven Drug Discovery: Overcoming Challenges in Building a ML Platform on Kubernetes - Marius Tanawa Tsamo & Gustav Rasmussen, Novo Nordisk

Friday April 4, 2025 11:00 - 11:30 BST

Level 1 | Hall Entrance S10 | Room A

In the era of AI-driven innovation, Kubernetes is fundamental for enabling medical scientists to execute machine learning tasks within a containerized environment. However, building a scalable ML platform on Kubernetes presents challenges, especially with advanced on-premise GPU-accelerated hardware optimized for large language model (LLM) training and inference.

This session will explore the obstacles faced by ML engineers and data scientists at Novo Nordisk in creating a robust platform for AI-driven drug discovery. The presentation will discuss enabling access to GPU resources at scale, orchestrating extensive data planes, efficiently running high-performance computing (HPC) jobs, and using GPU sharing strategies and different batch scheduling job software.

Insight about experiences with GPU sharing strategies, batch scheduling job software, overcoming operational challenges, and empowering ML engineers in accelerating drug discovery will be shared.

Speakers

Gustav Rasmussen

Tech Lead, Novo Nordisk A/S

Gustav is Tech Lead in R&ED (Research & Early Development) at Novo Nordisk in Denmark, holds a MSc in Physics and really likes Cloud and Platform Engineering

Marius Tanawa Tsamo

Senior Platform Engineer, Novo Nordisk

I have a Master's degree in Systems Network and Security and seven years of IT experience. Although I'm very passionate about container environments, I'm even more passionate about meaningful contributions. I'm French, but even if I'm fairly new to Denmark, I have been moving from... Read More →

Friday April 4, 2025 11:00 - 11:30 BST
Level 1 | Hall Entrance S10 | Room A

AI + ML

Content Experience Level Beginner

11:00 BST

Kubernetes and AI To Protect Our Forests: A Cloud Native Infrastructure for Wildfire Prevention - Andrea Giardini, Crossover Engineering BV

Friday April 4, 2025 11:00 - 11:30 BST

Level 0 | ICC Capital Hall | Room 2

As wildfires become increasingly devastating due to climate change, leveraging technology for environmental protection is crucial. This talk focuses on the infrastructure needed to support AI-driven wildfire prevention systems using Kubernetes and cloud-native technologies. We will discuss the challenges of managing robust data pipelines for processing satellite imagery and environmental data, emphasizing the importance of GPU acceleration for AI. Additionally, we will explore strategies for efficient storage solutions to handle large datasets, ensuring scalability and performance. Attendees will gain insights into the architectural considerations and operational challenges of deploying an effective, resilient wildfire monitoring and prevention infrastructure. Join us in understanding how we can harness the power of technology to protect our forests and mitigate the impact of wildfires on our environment.

Speakers

Andrea Giardini

Cloud Native Consultant / Trainer, Crossover Engineering

Andrea is a technical consultant passionate about infrastructure, cloud, and automation. Throughout his career, he has worked in different roles, from an individual contributor building infrastructure as code to an engineering manager growing a team from the ground up. He likes... Read More →

Friday April 4, 2025 11:00 - 11:30 BST
Level 0 | ICC Capital Hall | Room 2

AI + ML

Content Experience Level Intermediate

11:00 BST

Beyond Kubernetes: Adapting To Specialized Application Workloads - Rags Srinivas, Independent; Dawn Chen, Google; Sachi Desai, Microsoft; Vara Bonthu, AWS; Erin Boyd, Nvidia

Friday April 4, 2025 11:00 - 11:30 BST

Level 1 | Hall Entrance N10 | Room E

AI workloads have taken the Kubernetes world by a storm, but that is only the tip of the iceberg as even more specialized workloads in the realm of high performance compute, for example, need to be optimized and simplified on Kubernetes.

Attend this panel to learn from Kubernetes and cloud experts well versed in different infrastructure and containerized workloads about the existing challenges around Kubernetes today, and strategies for building out the platform to bootstrap these specialized workloads.

Attendees will be able to walk away with an understanding of how the Kubernetes ecosystem continues to evolve, and open-source tools like KAITO and Kueue that enable this growth and automate many of the processes involved. Attendees will also learn from these experts about compute optimizations, scheduling mechanisms, and workload performance enhancements that drastically reduce their time-to-value on Kubernetes.

Speakers

Rags Srinivas

Multi-Cloud Architect, Independent

Raghavan "Rags" Srinivas (@ragss) is an Architect enabling developers to build scalable and available systems. With a background in app development and infrastructure, he has gravitated towards distributed systems. He specializes in Cloud Computing, specifically multi-cloud. Rags... Read More →

Erin Allen Boyd

Distinguished Cloud Architect, Nvidia

Erin is currently a Distinguished Cloud Architect at Nvidia. Prior to this role she was the Director of Emerging Technologies and Distinguished Engineer at Red Hat in the Office of the CTO. Erin was previously an Apple Cloud Services Engineer at Apple. Erin is a Kubernetes contributor... Read More →

Dawn Chen

Principal Software Engineer, Google

Dawn Chen is a principal software engineer at Google. Dawn has worked on Kubernetes and Google Container Engine (GKE) before the project was founded. She has been one of tech leads in both Kubernetes and GKE. Prior to Kubernetes, she was the one of the tech leads for Google internal... Read More →

Vara

Principal OSS Specialist SA, AWS

Vara Bonthu is a dedicated technology professional and Worldwide Tech Leader for Data on EKS, specializing in assisting AWS customers ranging from strategic accounts to diverse organizations. He is passionate about open-source technologies, Data Analytics, AI/ML, and Kubernetes, and... Read More →

Sachi Desai

Product Manager, Microsoft

Sachi Desai is product manager in the Azure Kubernetes Service (AKS) team at Microsoft. She works with a range of AI users and enthusiasts in building the KAITO CNCF Sandbox project and is interested in different GPU workloads on Kubernetes.

Friday April 4, 2025 11:00 - 11:30 BST
Level 1 | Hall Entrance N10 | Room E

Application Development

Content Experience Level Beginner

11:00 BST

"Surviving Day2 : Picking the Right Tool To Secure Your Kubernetes Habitat" - Bruno Gabriel da Silva, Sysdig & Henrique Santana, AWS

Friday April 4, 2025 11:00 - 11:30 BST

Level 1 | Hall Entrance N10 | Room F

The CNCF landscape is so big that it can feel impossible to comprehend.

A jungle of tools with unique roles and capabilities, divided into several categories.

In nature, every species has its strengths. A falco(n), for instance, serves as a vigilant runtime protector, while the racoon (Trivy) hunts for vulnerabilities. Some animals are hunters, each using a unique set of skills and techniques to survive.

In this session, you'll be exposed to different fauna, like Falco, Trivy, Kyverno and others, with a fun and biological approach.

After this presentation, you’ll have the confidence to decide the correct predator, or a non-poisonous fruit, ensuring your Kubernetes habitat stays secure and thriving.

Speakers

Henrique Santana

Sr. Cloud Support Engineer, AWS

I'm Containers Specialist with over 15 years of experience in infrastructure operations. Skilled at automating workflows and solving problems through user-centered design and emerging technologies. Currently focusing on containers and container orchestration. Adept at optimizing... Read More →

Bruno Gabriel da Silva

Sr Solutions Engineer, Sysdig

I have been working as a Solutions Engineer for several years, with my passion for cloud-native technologies igniting around 2018. That year, I transitioned from a traditional IT Windows Sysadmin role to fully embracing DevOps, focusing entirely on Open Source and Cloud. My first... Read More →

Friday April 4, 2025 11:00 - 11:30 BST
Level 1 | Hall Entrance N10 | Room F

Cloud Native Novice

Content Experience Level Intermediate

11:00 BST

Consistent Volume Group Snapshots, Unraveling the Magic - Leonardo Cecchi, EDB & Xing Yang, VMware by Broadcom

Friday April 4, 2025 11:00 - 11:30 BST

Level 1 | Hall Entrance S10 | Room C

Snapshotting databases running on multiple volumes is not easy because of inconsistencies due to snapshots being taken at different times.

VolumeGroupSnapshots, introduced as an alpha feature in Kubernetes 1.27 and now in the process of being promoted to beta, provides a solution by enabling write-order consistent snapshots for multiple volumes.

In this session, explore the inner workings of VolumeGroupSnapshots by discovering the key implementation components and their cooperative efforts in achieving consistent group snapshots.

Gain valuable insights to ensure proper usage of this feature and become adept at troubleshooting and debugging potential issues.

Speakers

Xing Yang

Tech Lead, VMware by Broadcom

Leonardo Cecchi

Software Development Principal, EDB

Leonardo Cecchi, a principal in software development at EDB, plays a pivotal role as a maintainer in the CloudNativePG project and Biganimal, EDB's DBaaS offering. With a longstanding preference for PostgreSQL dating back to 1998, his expertise in this DBMS is extensive. Before EDB... Read More →

Friday April 4, 2025 11:00 - 11:30 BST
Level 1 | Hall Entrance S10 | Room C

Data Processing + Storage

Content Experience Level Intermediate

11:00 BST

Quantum-Ready Kubernetes: How Do We Get There? - Nikhita Raghunath & Natalie Fisher, Broadcom; Paul Schweigert, IBM; Ricardo Rocha, CERN ; Tomas Gustavsson, Keyfactor

Friday April 4, 2025 11:00 - 11:30 BST

Level 1 | Hall Entrance S10 | Room B

As AI continues to evolve, quantum computing is poised to disrupt Kubernetes in ways we can’t ignore. By 2035, the US government will only procure quantum-safe solutions, and if our infrastructure isn’t ready soon we’ll be scrambling to catch up.

This panel brings together experts to explore:
- What quantum computing is & why it’s a game changer
- How to orchestrate quantum workloads on Kubernetes
- Middleware needed to bridge classical and quantum resources
- Redesigning infrastructure to meet NIST’s quantum-safe standards with an agile long-term strategy
- Building infrastructure for real-world use cases like scientific simulations
- How quantum machine learning can help run AI workloads

You don’t need to be a quantum expert to join! You’ll walk away with actionable insights on architectural trade-offs for running quantum workloads and learn how to implement quantum-safe security. This is your chance to spark fresh ideas & take the lead in shaping the next decade of technology!

Speakers

Ricardo Rocha

Computing Engineer, CERN

Ricardo leads the Platform Infrastructure team at CERN with a strong focus on cloud native deployments and machine learning. He has led for several years the internal effort to transition services and workloads to use cloud native technologies, as well as dissemination and training... Read More →

Nikhita Raghunath

Principal Engineer, Broadcom

Paul Schweigert

Senior Software Engineer, IBM

Paul Schweigert works on quantum and AI technologies at IBM. He has extensive experience in open source (Knative and Kubernetes in particular) and has spoken at numerous conferences. He has also led various platform engineering and data science teams. In a previous life, he studied... Read More →

Tomas Gustavsson

Chief PKI Officer, Keyfactor

Tomas Gustavsson is the chief public key infrastructure (PKI) officer at Keyfactor.. He pioneered open source public key infrastructure with EJBCA, now embraced by over 3,000 downloads per month. With a background in computer science, Tomas established EJBCA to fortify trusted digital... Read More →

Natalie Fisher

Technology Product Manager, Broadcom

Natalie is a Technology Product Manager at VCF. A lifelong learner, she’s always been fascinated with emerging technology and the endless possibilities and solutions one could dream up. Having spent many years in product and working in companies ranging from e-Commerce, Data Analytics... Read More →

Friday April 4, 2025 11:00 - 11:30 BST
Level 1 | Hall Entrance S10 | Room B

Emerging + Advanced

Content Experience Level Intermediate

11:00 BST

CNCF TAG Network and Cloud Native Network Landscape - Zhonghu Xu, Huawei

Friday April 4, 2025 11:00 - 11:30 BST

Level 3 | ICC Capital Suite 7-9

In this talk, we will introduce the CNCFNetwork TAG, discuss how we work with TOC and CNCF Network projects, and highlight the work we have done to better serve cloudnative ecosystem. Join us to find out how to contribute and participate in the CNCF network community.

Speakers

Zhonghu Xu

Principal Engineer, Huawei

Zhonghu currently serves as Istio Steering Committee and core maintainer and also istio TOP 3 contributors. He is also the CNCF TAG-Network Tech Lead, which helps networking project evolve healthily. He is also the maintainer of many CNCF projects, kmesh and volcano, etc. Zhonghu... Read More →

Friday April 4, 2025 11:00 - 11:30 BST
Level 3 | ICC Capital Suite 7-9

Maintainer Track, Network

11:00 BST

Cortex: Insights, Updates and Roadmap - Friedrich Gonzalez & Daniel Sabsay, Adobe; Charlie Le & Alolita Sharma, Apple; Daniel Blando, AWS

Friday April 4, 2025 11:00 - 11:30 BST

Level 3 | ICC Capital Suite 10-12

Join us for an in-depth session on Cortex, where we’ll guide you through a hands-on walkthrough for getting started with this powerful open-source metrics system. We'll share real-world challenges we've encountered within the Cortex community and how collaboration led to innovative solutions.

This session will also cover significant updates, including key enhancements in the upcoming Cortex 1.19 release. Whether you’re a new adopter or a seasoned contributor, this talk will provide valuable insights into the future of Cortex. We’ll conclude with a live Q&A, offering you a chance to engage directly with the maintainers.

Bring your questions, your feedback, and your enthusiasm as we explore what’s next for Cortex!

Speakers

Friedrich Gonzalez

Software Engineer, Adobe

Friedrich is a software engineer with 20 years of experience, currently working at Adobe. He is also a an OSS maintainer for Cortex. On his free time, Friedrich likes to play with the cutest doberman puppy there is.

Alolita Sharma

OpenTelemetry Governance Committee Member, Observability Engineering at Apple, Apple

Charlie Le

Software Engineer, Apple

Daniel Blando

Software Engineer, AWS

Daniel Blando is a software engineer working at AWS, where he is part of the Amazon Managed Prometheus (AMP) team. He has a passion for distributed systems, where he contributes to enhancing scalability and high availability. Daniel is an active contributor to the Cortex open-source... Read More →

Daniel Sabsay

Software Engineer, Adobe

Daniel Sabsay is a software engineer with experience writing frontend browser applications, DSL translators, backend web services, and running highly available distributed systems. When not building software, he is playing and writing music, running, and riding bikes in the Santa... Read More →

Friday April 4, 2025 11:00 - 11:30 BST
Level 3 | ICC Capital Suite 10-12

Maintainer Track, Cortex

11:00 BST

Crossplane Intro and Deep Dive - The Cloud Native Control Plane Framework - Jared Watts & Nic Cope, Upbound

Friday April 4, 2025 11:00 - 11:30 BST

Platinum Suite | Level 3 | Room 3-4

The maintainers of the CNCF Crossplane project (https://www.crossplane.io/) will lead this session that will not only introduce the project to new attendees, but also dive deep into the details of Crossplane’s latest features, releases, and future direction. There is always something new to show off at Kubecon!

We will start with the basics on how Crossplane enables you to compose cloud infrastructure and services into custom platform APIs, and accelerate the journey of folks new to Crossplane to build a control plane of their own.

Then we will take a detailed tour through the key maturity investments we’ve been making and how to adopt them into your production ready platforms. Finally, as the project is now more than 5 years old, we will focus on the future direction of Crossplane and how we think we can take the project to the next level for the next 5 years. You won’t want to miss this chance to influence the future of Crossplane!

Speakers

Jared Watts

Founding Engineer, Upbound

Jared Watts is a Founding Engineer at Upbound, where he is working on advancing cloud-native computing by enabling anyone to build their own cloud platform. He is also a co-creator of the open source Crossplane (https://crossplane.io) and Rook (https://rook.io) projects. Prior to... Read More →

Nic Cope

Senior Principal Engineer, Upbound

Nic Cope is a senior principal engineer at Upbound, founders of the Rook and Crossplane CNCF projects. Before joining Upbound to help build Crossplane, Nic spent a decade in SRE and platform engineering teams at companies large and small, including Google, Spotify, and Planet Labs... Read More →

Friday April 4, 2025 11:00 - 11:30 BST
Platinum Suite | Level 3 | Room 3-4

Maintainer Track, Crossplane

11:00 BST

CubeFS in Action: Empowering Users Through Case Studies - Leon Chang, OPPO

Friday April 4, 2025 11:00 - 11:30 BST

Level 3 | ICC Capital Suite 14-16

In this presentation, we will explore real-world applications of CubeFS through detailed end user case studies. CubeFS is a cloud-native distributed file system designed to meet the demands of modern data workloads. We will showcase how various organizations have successfully implemented CubeFS to address their unique challenges, including media processing, big data analytics, and machine learning.

Participants will learn about specific use cases, the challenges these organizations faced, the solutions they implemented using CubeFS, and the measurable results achieved. Additionally, user testimonials will provide insights into the transformative impact of CubeFS on their operations.

This session aims to highlight the versatility and efficiency of CubeFS, encouraging attendees to consider its application in their own projects. Join us for an engaging discussion on how CubeFS can enhance data management and drive innovation in your organization.

Speakers

Leon Chang

Distributed Storage Expert, OPPO

Currently working for oppo, has worked for Huawei, Tencent and other companies, has been engaged in storage research and development for more than 10 years, and is currently mainly engaged in the research and development of the open source project distributed file system cubefs

Friday April 4, 2025 11:00 - 11:30 BST
Level 3 | ICC Capital Suite 14-16

Maintainer Track, CubeFS

11:00 BST

Ensuring Quality in Kubernetes: The Graduation Process From Alpha To GA - Antonio Ojea & Benjamin Elder, Google

Friday April 4, 2025 11:00 - 11:30 BST

Platinum Suite | Level 3 | Room 1-2

Kubernetes is constantly evolving, with new features graduating from alpha to beta and finally to general availability (GA). But how do we ensure these features are truly production-ready? This talk dives into the challenges of testing Kubernetes features as they mature, exploring how to tackle issues like API changes, backward compatibility, and unpredictable user behavior. We'll uncover effective strategies for "skew testing" across different Kubernetes versions and share practical tips for building a robust testing pipeline.

Speakers

Benjamin Elder

Senior Software Engineer, Google

Benjamin Elder is a Senior Software Engineer at Google working on Kubernetes. Ben is a long time contributor to the project since writing kube-proxy's iptables mode for GSoC 2015 and is an elected member of the Kubernetes Steering Committee.

Antonio Ojea

Antonio Ojea, Google

Antonio Ojea is a Software Engineer at Google, where he works on Kubernetes. He is one of the top contributors of the Kubernetes project, Tech Lead in Kubernetes SIG Network & Testing with a proven track record in leading technical initiatives to enhance Kubernetes networking stability... Read More →

Friday April 4, 2025 11:00 - 11:30 BST
Platinum Suite | Level 3 | Room 1-2

Maintainer Track, Testing

11:00 BST

The Missing Metrics: Measuring Memory Interference in Cloud Native Systems - Jonathan Perry, PerfPod

Friday April 4, 2025 11:00 - 11:30 BST

Level 1 | Hall Entrance N10 | Room G

Your applications may be suffering from severe performance degradation without you knowing it. Memory bandwidth contention and cache interference between containers can increase tail latency by 4-13x and reduce compute efficiency by 25%, even with CPU and memory limits in place. This effect is particularly insidious as it manifests as high CPU utilization, leading operators to misdiagnose the root cause.

This session presents the latest research on detecting memory interference, including findings from Google, Alibaba, and Meta's production environments. We'll explore how modern CPU performance counters can identify noisy neighbors, examine real-world patterns that trigger interference (like garbage collection and container image decompression), and demonstrate practical approaches to measure these effects in Kubernetes environments.

Speakers

Jonathan Perry

Founder & CEO, PerfPod

Jonathan Perry is a maintainer of the OpenTelemetry eBPF network collector. His PhD research at MIT CSAIL focused on performance isolation in datacenter and cloud networks, aiming to enhance network efficiency and reduce latency. Jonathan founded Flowmill, where he developed eBPF-based... Read More →

Friday April 4, 2025 11:00 - 11:30 BST
Level 1 | Hall Entrance N10 | Room G

Observability

Content Experience Level Intermediate

11:00 BST

Container Runtimes... on Lockdown: The Hidden Costs of Multi-tenant Workloads - Lewis Denham-Parry, Edera & Caleb Woodbine, ii.nz

Friday April 4, 2025 11:00 - 11:30 BST

Level 1 | Hall Entrance S10 | Room D

Container runtimes form the bedrock of Kubernetes, but running diverse workloads side-by-side introduces complex security challenges that many teams overlook. This talk peels back the layers of container isolation, starting with the fundamentals of how containers operate as Linux processes and evolving through today's runtime landscape.

We'll dive deep into the hidden costs and security implications of different container runtime choices in multi-tenant environments. Through real-world examples and performance benchmarks, we'll explore the delicate balance between isolation and efficiency. You'll learn about emerging solutions in the container runtime space and practical approaches to securing workloads without sacrificing performance.

Attendees will leave with critical security considerations for choosing container runtimes, strategies for workload isolation, and tools to evaluate isolation versus performance tradeoffs.

Speakers

Caleb

Software Engineer, calebwoodbine.nz

Open Source, software, cloud native community and distributed cloud enthusiast.

Lewis Denham-Parry

Staff Solutions Engineer, Edera

Lewis Denham-Parry orchestrates containers by day and puts them through rigorous security testing by night. As Staff Solutions Engineer at Edera, he leverages his diverse background to deliver the robust security and isolation that modern systems demand.A dynamic speaker at KubeCon... Read More →

Friday April 4, 2025 11:00 - 11:30 BST
Level 1 | Hall Entrance S10 | Room D

Security

Content Experience Level Intermediate

11:00 BST

Zero Trust at Shopify Scale: Automating MTLS Across Thousands of Services - Dani Santos & Michelle Mali, Shopify

Friday April 4, 2025 11:00 - 11:30 BST

Level 1 | Hall Entrance N10 | Room H

Certificate management at scale presents critical challenges for securing service-to-service communication in zero trust architectures. We will demonstrate how Shopify automates mTLS across thousands of services, addressing certificate rotation without interruption, renewal failures, and cross-cluster distribution. Drawing from production experience, we'll explore our evolution from custom admission controllers to versatile patterns working across Kubernetes and non-Kubernetes environments, including mounting CA certificates at container startup with periodic Cronjob renewals. We'll share code examples for resilient rotation mechanisms, graceful certificate rollover, and RBAC. Attendees will learn practical patterns for scaling mTLS, with examples of monitoring certificate lifecycles and troubleshooting common failure modes.

Speakers

Michelle Mali

Infrastructure Security Engineer, Shopify

Michelle Mali is an Infrastructure Security Engineer at Shopify, specializing in securing cloud-native environments. With experience in Kubernetes and container security, they hold the Certified Kubernetes Application Developer (CKAD) and Certified Kubernetes Administrator (CKA) certifications... Read More →

Dani Santos

Senior Infrastructure Security Engineer, Shopify

Dani Santos is a Senior InfraSec Engineer at Shopify, focusing on service identity and PKI infrastructure at scale in cloud-native environments. She's involved in certificate management initiatives across Shopify's internal services, developing solutions for automated mTLS flows... Read More →

Friday April 4, 2025 11:00 - 11:30 BST
Level 1 | Hall Entrance N10 | Room H

Security

Content Experience Level Intermediate

11:00 BST

Tutorial: Workshop: Developing as a Team for Kubernetes With Nix and Flox - Leigh Capili & Tanja Ulianova, Flox

Friday April 4, 2025 11:00 - 12:15 BST

Level 1 | Hall Entrance N11

In this workshop, Leigh, Tanja, and Nick will show a Nix GitOps workflow for both your team's laptops and Kubernetes clusters.

The dev workflows made possible by Nix and the ops workflows pioneered by both Nix and GitOps on K8s extend the story of repeatability further left than before.

Attendees will work hands-on to:

- use JS, Go, & Postgres

- declare cross-platform dependencies for build and dev

- containerize their app with Nix

- use GitOps to deploy their code to Kubernetes with zero-downtime

Making packaging collaborative and cross-platform opens up new maintenance possibilities.

We'll close with:

- Continuous Builds

- Patching

- Reproducibility and Caching

Teams can save hours of debugging by declaring their local dependencies with Nix alongside their code.
This has a notable symmetry to the benefits of GitOps in cloud-native operations.

Expect to leave this workshop with the confidence to harmonize Nix with Kubernetes and change the way you (and your teams) work.

Speakers

Leigh Capili

Senior DevRel Engineer, Flox

Leigh is an empathetic speaker and developer with niches in cloud-native systems and security. He has a background in building software to manage infrastructure. Leigh authored kubeadm’s etcd mTLS implementation and Flux 2’s multi-tenant security model. Leigh works with the... Read More →

Tanja Ulianova

Software Engineer, Flox

Tanja is a Software Engineer with a passion for robust software and smooth UX. She loves learning and sharing her knowledge. Currently, Tanja is working on Nix-based developer tooling at Flox, where she’s developing FloxHub — a platform for sharing reproducible dev environments... Read More →

Friday April 4, 2025 11:00 - 12:15 BST
Level 1 | Hall Entrance N11

Tutorials, Application Development

Content Experience Level Beginner

11:00 BST

🚨 Contribfest: Make Your Own UI for Kubernetes With Headlamp

Friday April 4, 2025 11:00 - 12:15 BST

Level 3 | ICC Capital Suite 1

Wanna help make CNCF tools simpler to use by everyone? Do you have your own Kubernetes tool and would like to quickly set up a GUI for it? Or maybe you want to contribute to an open source, CNCF Sandbox project, aimed at making Kubernetes easier to tame for everyone? Well, hope aboard and join the Headlamp Contribfest!
Headlamp is an open source, CNCF Sandbox, Kubernetes UI that offers a great UX for managing Kubernetes, and is extensible via plugins.
This session offers several opportunities to contribute to Headlamp, or to leverage it for your own project.
As Headlamp's maintainers, we will be giving a quick workshop on how to create your own plugin and explain how to also start contributing upstream to the Headlamp core project. We are also happy to brainstorm ideas around how to improve the project or the overall Kubernetes UX.
Looking forward to meeting you!

Speakers

Joaquim Rocha

Principal Software Engineering Manager, Microsoft

Joaquim has been involved in a number of Free and Open Source Software projects for the past 15 years, from the Linux desktop and phones to the cloud. He is an Emeritus Member of the GNOME Foundation and has been a speaker in events such as KubeCon, GUADEC, and FOSDEM. Joaquim currently... Read More →

Friday April 4, 2025 11:00 - 12:15 BST
Level 3 | ICC Capital Suite 1

🚨 Contribfest, Headlamp

11:00 BST

🚨 Contribfest: PipeCD Contribfest

Friday April 4, 2025 11:00 - 12:15 BST

Level 3 | ICC Capital Suite 17

PipeCD is fast approaching the v1 milestone with significant performance improvements and support for unlimited platform deployment with the pluggable architecture in Piped. Users now have the flexibility to develop stages and plugins for application types specific to the platforms they are utilizing.

During this session, we will focus on reviewing the interface of Piped for the pluggable architecture and demonstrate how to create a simple plugin. Attendees can build a simple plugin that only includes the QuickSync stage for their application's platform use.

In addition, we have prepared many good-first-issues so that participants can get acquainted with the PipeCD project and understand how PipeCD is used to achieve progressive delivery quickly and effectively.

Speakers

Khanh Tran

Software Engineer, CyberAgent, Inc.

Khanh is a CNCF ambassador and a maintainer of the PipeCD project. He is currently employed at CyberAgent Inc, and responsible for the CI/CD system across the organization. As a member of the developer productivity team, his primary focus is on automation and anything that enhances... Read More →

Friday April 4, 2025 11:00 - 12:15 BST
Level 3 | ICC Capital Suite 17

🚨 Contribfest, PipeCD

11:45 BST

Extending Kubernetes for AI | Lessons Learned From Platform Engineering - Susan Wu, Google & Lucy Sweet, Uber

Friday April 4, 2025 11:45 - 12:15 BST

Level 1 | Hall Entrance S10 | Room A

Kubernetes and the open-source ecosystem are becoming the universal control plane not only for conventional app orchestration but also for building AI applications. Yet, developers and cluster operators struggle with cost optimization for the specialized compute and customizing Kubernetes.

In this session, hear from the platform engineers for Morgan Stanley, Uber, Trivago and learn how they designed shared platforms with infrastructure across cloud providers to support both business-critical apps and accelerated workloads.

You can expect to come away with guidance, hear of pitfalls to watch out for and learn how they extended Kubernetes with custom controls and other cloud native projects and built efficient, self-service interfaces to enable developer velocity and researcher experimentation.

Panelists:

Lucy Sweet, Senior Software Engineer Uber
Susan Wu, PM Google

Speakers

Lucy Sweet

Senior Software Engineer, Uber

Lucy is a Senior Software Engineer at Uber Denmark who works on platform infrastructure

Susan Wu

Outbound Product Manager, Google

Susan is an Outbound Product Manager for Google Cloud, focusing on GKE Networking and Network Security. She previously led product and technical marketing roles at VMware, Sun/Oracle, Canonical, Docker, Citrix and Midokura (part of Sony Group). She is a frequent speaker at conferences... Read More →

Friday April 4, 2025 11:45 - 12:15 BST
Level 1 | Hall Entrance S10 | Room A

AI + ML

Content Experience Level Intermediate

11:45 BST

Kubernetes Meets Climate Science: Building Large-scale Feature Detection From Climate Data Records - Armagan Karatosun & Roope Tervo, European Organisation for the Exploitation of Meteorological Satellites

Friday April 4, 2025 11:45 - 12:15 BST

Level 0 | ICC Capital Hall | Room 2

The Exponential growth of Earth Observation (EO) data volumes in the past decade has made downloading and processing EO data locally impractical. In response, the European public space sector launched initiatives to provide private cloud infrastructure, like the European Weather Cloud (EWC), allowing users to provision computing resources close to the data.

Leveraging these new possibilities introduced by cloud services and machine learning, the hydro-meteorological community has initiated projects to identify features from remote sensing data, including satellite imagery, to enhance early weather warnings and climate science. EUMETSAT and its Member States are now developing a collaborative environment within EWC for manual annotation, model development, and analyses to provide reliable feature identification from EO data.

Join us in our session to learn more about our solution, involving an environment for data preparation, community annotation tools, and a features database.

Speakers

Roope Tervo

European Weather Cloud service coordinator, EUMETSAT

Software professional with special interests are in Clouds, AI, ML, Open Data, APIs, team management, architecture and spatial services.

Armagan Karatosun

Cloud Data Services Expert, EUMETSAT (European Organisation for the Exploitation of Meteorological Satellites)

Armagan Karatosun (He/him), holds an MSc in High-Performance Computing from Istanbul Technical University with 6+ years of industry experience. As a Cloud Data Services Expert at EUMETSAT, he specializes in crafting cloud-based solutions. His focus is on creating resilient and event-driven... Read More →

Friday April 4, 2025 11:45 - 12:15 BST
Level 0 | ICC Capital Hall | Room 2

AI + ML

Content Experience Level Intermediate

11:45 BST

Into the Shopfloor: Moving Manufacturing Execution Systems To Kubernetes - Manuel Peuster & Andrei Traian Cucuruzac, Bosch Connected Industry

Friday April 4, 2025 11:45 - 12:15 BST

Level 1 | Hall Entrance N10 | Room E

Kubernetes is breaking boundaries, entering the manufacturing sector and powering mission-critical systems on production floors. This case study explores Bosch Connected Industry’s journey to modernize a manufacturing execution system (MES) into a cloud-native ecosystem. From containerization to evolving from Docker-Compose and Ansible-driven Kubernetes manifests to a a streamlined Helm-based setup, we’ll share how we overcame challenges step by step.

The operator pattern became our secret weapon, automating workflows and enabling scalability. However, no two plants are identical, making versatile parameterization crucial. Manufacturing setups demand support for diverse environments, from public cloud to air-gapped, on-premise edge clusters, often managed by engineers with limited DevOps expertise.

This session is for DevOps engineers, architects, and tech enthusiasts eager to tackle the real-world challenges of bringing Kubernetes into diverse and demanding operational contexts.

Speakers

Andrei

Junior DevOps Engineer, Bosch Connected Industry

Andrei Cucuruzac, a Junior DevOps Engineer at Bosch and graduate of the Polytechnic University of Bucharest in Industrial Engineering, focuses on Kubernetes for container orchestration. He explores advanced features like dynamic scaling, workload automation, and multi-cluster management... Read More →

Manuel Peuster

Senior DevOps Engineer, Bosch Connected Indurstry

Manuel Peuster holds a PhD in computer science and his research interests include network softwarization, industrial IoT, as well as benchmarking of distributed systems. He was an active contributor to OpenSource MANO and founded several open-source projects, such as Containernet... Read More →

Friday April 4, 2025 11:45 - 12:15 BST
Level 1 | Hall Entrance N10 | Room E

Application Development

Content Experience Level Intermediate

11:45 BST

Type-safe Feature Flagging in OpenFeature: Lessons Learned From Using Feature Flags at Google - Michael Beemer, Dynatrace & Florin-Mihai Anghel, Google

Friday April 4, 2025 11:45 - 12:15 BST

Level 1 | Hall Entrance N10 | Room H

Feature flags are a great way to release software faster while minimizing deployment risks. They allow for controlled releases of new or complex features. However, a common issue with most feature flag SDKs in use today is that they rely on hardcoded strings to identify feature flags, leaving code vulnerable to typos or references to stale flags. This can lead to a mismatch between flags used in code and flags configured in your flag management system, resulting in unexpected application behavior.

In this talk, we will discuss a solution to this challenge using OpenFeature, a vendor-agnostic, community-driven API for feature flagging. Inspired by lessons learned at Google, we've designed the OpenFeature CLI to seamlessly integrate into your development workflow. We'll demonstrate how strongly typed feature flag accessors, created with the CLI, can be used to overcome these issues while also significantly improving the developer experience.

Speakers

Michael Beemer

Senior Product Manager, Dynatrace

Michael co-founded the OpenFeature project, helping to bring standardization to the feature flagging community. He is a Senior Product Manager at Dynatrace with years of experience in the observability space working as a Consultant, DevOps Engineer, Software Developer, and Product... Read More →

Florin-Mihai Anghel

Software Engineer, Google

Software Engineer with a passion for everything that connects people and can improve the world.

Friday April 4, 2025 11:45 - 12:15 BST
Level 1 | Hall Entrance N10 | Room H

Application Development

Content Experience Level Any

11:45 BST

Demystifying Why the World Is Built on Kubernetes: Learning To Leverage Bespoke CRDs and Controllers - Abby Bangser, Syntasso & Sebastien Blanc, Port

Friday April 4, 2025 11:45 - 12:15 BST

Level 1 | Hall Entrance N10 | Room F

When product teams build software, they think about user personas, and Kubernetes is no different. There are three key user personas for Kubernetes: the one who runs containers (developers), the one who manages the cluster (operators) and the one who creates bespoke tooling (platform engineers). While the first two personas have a lot of resources and support, the third often appears to be a dark art that is only possible by the most courageous and advanced Kubernetes users.

What if we were to tell you the only secret to unleash this power is a single schema and a single function? Yes, even the power of graduated CNCF projects such as ArgoCD and CertManager can boil down that simple description. This talk will take a magnifying glass to how Kubernetes CRDs and controllers work so that you can build confidence in both using, and hopefully building, custom services on top of Kubernetes.

Speakers

Sebastien Blanc

Developer Relations Engineer, Port

Sébastien Blanc, Staff Developer Advocate at Aiven, is a Passion-Driven-Developer with one primary goal : share his passion by giving talks that are pragmatic, fun and focused on live coding.

Abby Bangser

Principal Engineer, Syntasso

Friday April 4, 2025 11:45 - 12:15 BST
Level 1 | Hall Entrance N10 | Room F

Cloud Native Novice

Content Experience Level Beginner

11:45 BST

Data Gravity and Kubernetes: Managing Large-Scale Data Ingest With Minimal Latency - Abhishek Bhattacharjee, Quasitech Innovations Private Limited & Arya Soni, Zupee

Friday April 4, 2025 11:45 - 12:15 BST

Level 1 | Hall Entrance S10 | Room C

Kubernetes environments, particularly in the context of large-scale data ingest across APIs, suffer from unique challenges posed by data gravity. This presentation aims to explore the newer avenues to overcome these challenges such as local storage layer optimizations, integration of edge computing, and/or network efficiencies that can help reduce latency. Participants will be exposed to ways of reducing data transfer costs, increasing data transfer rates and improving data storage characteristics without loss of scalability of the system. Many of the provided examples will relate to the real situations which will help the audience to use those techniques effectively in the real-life complex Kubernetes environments.

Speakers

Abhishek Bhattacharjee

CEO at Wooak, Quasitech Innovations Private Limited

I am Abhishek Bhattacharjee, Co-Founder & CEO of Wooak, an AI-driven HRMS platform redefining workforce management. With a strong background in tech and leadership, I specialize in building scalable, user-focused solutions. Passionate about innovation, I aim to empower businesses... Read More →

Arya Soni

DevOps Engineer, Zupee

I’m a DevOps Engineer with over two years of experience in cloud-native technologies, automation, and infrastructure optimization. As a co-organizer of the CNCG Bihar Chapter, I’ve led initiatives promoting open-source contributions and community growth. I’ve contributed to... Read More →

Friday April 4, 2025 11:45 - 12:15 BST
Level 1 | Hall Entrance S10 | Room C

Data Processing + Storage

Content Experience Level Advanced

11:45 BST

Testing AI Containers for Digital Twins in Science: A Cloud-HPC Workflow - Matteo Bunino, CERN & Diego Ciangottini, INFN

Friday April 4, 2025 11:45 - 12:15 BST

Level 1 | Hall Entrance S10 | Room B

CERN is advancing the development of AI-based digital twins in science through projects like interTwin, an EC-funded project to develop a digital twin engine for science. These digital twins rely on HPC resources for training multi-node, multi-GPU models using containerized workflows.
Developing such containers for HPC systems presents unique challenges, including accessing restricted HPC resources and integrating with HPC software stacks, while ensuring the interoperability between different container runtimes.
We introduce a CI/CD workflow that bridges cloud and HPC and enables automated testing of AI/ML containers on the same SLURM-managed clusters where they will be deployed. By integrating Dagger’s reproducible CI runtime with HPC offloading, this approach validates both the software in the containers and their compatibility with HPC environments. This ensures the seamless deployment of AI-based digital twins, addressing the critical need for robust testing in hybrid environments.

Speakers

Diego Ciangottini

Technologist, INFN

Diego Ciangottini is a physicist and received his PhD from the University of Perugia, Italy in 2012. Now he's working as technologist at INFN (Italian National Institute for Nuclear Physics) researching cloud-native solutions for the scientific use cases of the institute. In that... Read More →

Matteo Bunino

Computing Engineer, CERN

Matteo holds a double Master’s degree in Computer Engineering from PoliTO and EURECOM. At CERN, he focuses on AI-based digital twins in science, integrating AI, HPC, and real-time data processing. As part of CERN openlab, he collaborates with industry and academia on R&D projects... Read More →

Friday April 4, 2025 11:45 - 12:15 BST
Level 1 | Hall Entrance S10 | Room B

Emerging + Advanced

Content Experience Level Advanced

11:45 BST

Beyond Classical Cryptography: Building Quantum-Resistant Cloud Native Infrastructure With SPIFFE - Andrés Vega, M42 & Hugo Landau, Messier42

Friday April 4, 2025 11:45 - 12:15 BST

Platinum Suite | Level 3 | Room 1-2

As quantum computing advances, traditional cryptographic systems face unprecedented vulnerabilities. We demonstrate integrating post-quantum cryptography (PQC) into cloud native infrastructure through SPIFFE identities, focusing on networking and security. We'll examine NIST's 2024 PQC standards and their key advantage: improved implementation error resistance.

Our live demonstration showcases end-to-end PQC in Kubernetes using SPIFFE/SPIRE, with L7 filtering, mutual authentication, and quantum-resistant cross-cluster communication. We cover:

* Deployment of PQC-enabled SPIRE, Cilium, and Envoy with Kyber KEM and Dilithium3 X.509 certificates
* Implementation of quantum-resistant (m)TLS
* Cilium network policies for L7 filtering with PQC
* Inter-node traffic security using Envoy mTLS with PQ algorithms

Attendees will gain practical insights and strategies for transitioning their infrastructure to quantum-resistant security in cloud native environments.

Speakers

Andrés Vega

Founder and CEO, M42

Maintainer, contributor, and author.

Hugo Landau

Chief Engineer, Messier42

An experienced software engineer with a background in internet security and cryptography technologies, Hugo has developed assorted cryptography, PKI and security infrastructure. He is also an OpenSSL committer, a Namecoin developer, has contributed to the ACME standards process and... Read More →

Friday April 4, 2025 11:45 - 12:15 BST
Platinum Suite | Level 3 | Room 1-2

Maintainer Track, SPIFFE

11:45 BST

Cloud Native AI: Harness the Power of Advanced Scheduling for High-Performance AI/ML Training - William Wang & Xuzheng Chang, Huawei

Friday April 4, 2025 11:45 - 12:15 BST

Level 3 | ICC Capital Suite 14-16

In the era of large models, as models and data are becoming increasingly larger, LLM workloads have extremely high requirements for network throughput and latency.

However, Kubernetes has no awareness of either the parallel models of LLM workloads or the underlying high-speed network communication topology, which leads to a loss in training performance. Meanwhile, many expensive high-performance underlying resources are not utilized more efficiently.

As one of the important projects for Cloud-native AI, Volcano has conducted in-depth research over the past year. It has remodeled the workloads in large model training and inference scenarios as well as the new network topologies, and designed and implemented high-performance scheduling features.

This talk will cover：
1. The complexities related to intelligent scheduling, improving performance and cost-effective
2. Methodology to reconsider the resource model and LLM workload
3. Enhancement to Volcano to optimize training for AI/ML

Speakers

William Wang (Leibo Wang)

Senior software engineer, Nvidia

Xuzheng Chang

Senior engineer, Huawei Cloud

XuzhengChang is a maintainer of the Volcano community, with in-depth research and practical experience in the fields of batch computing and cloud-native AI scheduling. Xuzheng has spearheaded several significant features within the Volcano community, including network topology-aware... Read More →

Friday April 4, 2025 11:45 - 12:15 BST
Level 3 | ICC Capital Suite 14-16

Maintainer Track, Volcano

11:45 BST

Contributing To Kubernetes in Its Second Decade - How ContribEx Enhances the Journey! - Nabarun Pal, Broadcom; Mario Fahlandt, Kubermatic; Madhav Jivrajani, UIUC; Priyanka Saggu, SUSE

Friday April 4, 2025 11:45 - 12:15 BST

Platinum Suite | Level 3 | Room 3-4

SIG Contributor Experience has been wildly successful in helping grow the contributor base of Kubernetes in the first ten years of the project via New Contributor Workshops. We stressed on the importance of growing existing contributors in our last maintainer track session. However, the other side of the sustainability coin is ensuring that contributors who get started with contributing to Kubernetes, actually stick around. A lot has changed in the last decade, and we also need to change how we teach folks to contribute and interact with the community. Join us as we give a comprehensive overview of the Kubernetes governance and community structure, where you can seek help and what some pitfalls are that you will unexpectedly but inadvertently face in your contributor journey. We will highlight areas that are suited for folks from all backgrounds: marketing, content creation, event planning, community elections, automation and so much more!

Speakers

Nabarun Pal

Principal Software Engineer, Broadcom

Priyanka Saggu

Kubernetes GitHub Admin, SIG Contribex Technical Lead, 1.31 Emeritus Advisor, 1.29 Release Lead, SUSE

Madhav Jivrajani

Kubernetes Maintainer, UIUC

Mario Fahlandt

Customer Delivery Architect, Kubermatic

Mario is from a small village in Germany and working for Kubermatic. He studied creative media at an English university and moved his field of knowledge to Cloud Native Infrastructure. He is working as a Customer Delivery Architect with the focus on planning and building concepts... Read More →

Friday April 4, 2025 11:45 - 12:15 BST
Platinum Suite | Level 3 | Room 3-4

Maintainer Track, Kubernetes, Special Interest Group (SIG) Contributor Experience

11:45 BST

How We Tackle KubeVirt’s Growth and Scalability - Ľuboslav Pivarč, Red Hat & Alay Patel, NVIDIA

Friday April 4, 2025 11:45 - 12:15 BST

Level 3 | ICC Capital Suite 7-9

KubeVirt continues to grow at a considerable pace, and combined with our focus on Graduation, KubeVirt has had to evolve our processes and community structure to scale with the project size and community needs.
How we can test VMs at scale is part of this: minimising infrastructure requirements while maximising the limits that we can test and measure. After all, with great growth comes greater infrastructure responsibility.

In this talk we will follow up on the vision we shared in 2022, and how we have now enhanced our CI testing with Kwok, which allows us to create cluster simulations of 1000 nodes in seconds, without adding to our infra cost.
You can expect a comparison of our current approach of testing scalability with Kwok, challenges we had to overcome, and the advantages gained.

But life isn’t just testing and benchmarks. We will also cover our recent community structure changes, recent achievements, features, and engagements in the wider ecosystem.

Speakers

Ľuboslav Pivarč

Software Engineer, Red Hat

Ľuboslav Pivarč, Seminar Tutor & Software engineer at Red Hat. I have been working on Kubevirt for almost 3 years. I have been working with containers and Kubernetes since 2018. Within my free time, I worked as a seminar tutor (on and off) at the Faculty of Informatics, Masaryk... Read More →

Alay Patel

Senior Software Engineer, Nvidia

Friday April 4, 2025 11:45 - 12:15 BST
Level 3 | ICC Capital Suite 7-9

Maintainer Track, KubeVirt

11:45 BST

Kubernetes SIG Architecture Intro and Updates - John Belamaric, Google & Davanum Srinivas, AWS

Friday April 4, 2025 11:45 - 12:15 BST

Level 3 | ICC Capital Suite 10-12

SIG Architecture maintains and evolves the design principles of Kubernetes, and provides a consistent body of expertise necessary to ensure architectural consistency over time. The SIG takes care of evolution of conformance definitions, API definitions/conventions, deprecation policy, design principles, and other cross-cutting concerns. In this talk, we will provide an introduction to SIG architecture, including its role and the various subprojects that support its activities. Additionally, we will provide a community update on the status of those efforts.

Speakers

Davanum Srinivas (Dims)

Principal Engineer, AWS

Davanum Srinivas (a.k.a Dims) is a Principal Engineer with AWS working full time on Kubernetes and related projects at CNCF. At CNCF, Dims is a member of the Technical Oversight Committee and as the current chair, represents the TOC on the CNCF Governing Board. In Kubernetes project... Read More →

John Belamaric

Senior Staff Software Engineer, Google

Friday April 4, 2025 11:45 - 12:15 BST
Level 3 | ICC Capital Suite 10-12

Maintainer Track, Architecture

11:45 BST

The State of Prometheus and OpenTelemetry Interoperability - Arthur Sens, Grafana & Juraj Michálek, Swiss RE

Friday April 4, 2025 11:45 - 12:15 BST

Level 1 | Hall Entrance N10 | Room G

Prometheus and OpenTelemetry are two CNCF projects focusing on observability and truly excelling at their main purposes. However, they take slightly different approaches, and making both projects work well together has been challenging.

In this talk, Arthur and Juraj, both active contributors to Prometheus and OpenTelemetry communities, will present all the usual frustrations that a user would face when integrating Prometheus and OTel, and all the work done by the OpenTelemetry-Prometheus SIG (Special Interest Group) in the past year to transform Prometheus+OTel into a love story.

You'll leave this session understanding the core philosophical differences between the two projects that make interoperability so difficult, the progress made to improve the situation, and what to expect in the near future.

Speakers

Arthur Silva Sens

Software engineer, Grafana

Juraj Michálek

Senior Logging & Monitoring engineer, Swiss RE

I’ve been working as an SRE for the past few years. Currently I am a member of Logging & Monitoring team at Swiss RE where I focus on our Observability stack.

Friday April 4, 2025 11:45 - 12:15 BST
Level 1 | Hall Entrance N10 | Room G

Observability

Content Experience Level Beginner

11:45 BST

Enhancing Software Composition Analysis Resilience Against Container Image Obfuscation - Agathe Blaise, Thales & Jacopo Bufalino, CNAM

Friday April 4, 2025 11:45 - 12:15 BST

Level 1 | Hall Entrance S10 | Room D

Malicious compliance has been highlighted in previous KubeCon talks as a challenge for software composition analysis, as it conceals OS and package information in container images and hides vulnerabilities. In this talk, we analyze how the landscape evolved over the past two years and propose improvements for SBOM generation. We found that open-source and cloud providers' tools remain vulnerable, which is even more visible in compressed images from public container registries. We uncover another form of malicious compliance with no standardization of package identifier format, resulting in inconsistencies in detected vulnerabilities between SBOM tools. To address this, we introduce an open-source methodology for layer-by-layer container image analysis, reconstructing complete history of file modifications and retrieving package metadata and package-related content, improving file coverage and SBOM accuracy. We finally outline concrete steps for advancing SBOM resilience and accuracy.

Speakers

Agathe Blaise

Research Engineer, Thales

Agathe Blaise is currently a research engineer at Thales (Gennevilliers, France). She received the Ph.D. degree in Computer Science from LIP6, Sorbonne University (Paris, France) in 2020. Her research interests focus on cloud computing security, studying various aspects (container... Read More →

Jacopo Bufalino

Security Researcher, CNAM

I've always enjoyed breaking things, that's why I work in security. After some years in industry working as DevOps, I moved to academia, focusing on cloud network security.

Friday April 4, 2025 11:45 - 12:15 BST
Level 1 | Hall Entrance S10 | Room D

Security

Content Experience Level Intermediate

12:15 BST

Lunch 🍲

Friday April 4, 2025 12:15 - 13:45 BST

Level 1 | Hall Entrances S8 - S9, N8 - N9

Friday April 4, 2025 12:15 - 13:45 BST
Level 1 | Hall Entrances S8 - S9, N8 - N9

Breaks

13:45 BST

How Millennium Bcp Leverages Radius To Empower Developer + Operator Collaboration - Nuno Guedes, Millennium bcp & Jonathan Smith, Microsoft

Friday April 4, 2025 13:45 - 14:10 BST

Level 1 | Hall Entrance N10 | Room H

Collaboration between developers and operators is essential to building scalable, resilient application platforms, but achieving this alignment is often easier said than done. In this session, learn how Millennium bcp, Portugal’s largest privately-owned bank, has successfully bridged this gap using Radius, a CNCF sandbox project. By adopting Radius as a universal language for their application platform, Millennium bcp has streamlined the application lifecycle and enhanced team collaboration.

We’ll explore how Radius helps decouple applications from infrastructure to foster operational flexibility and how GitOps tools like Flux complement Radius to enable declarative management of resources, ensuring consistency and reliability across environments.

Whether you’re a developer, operator, or platform engineer, this session will provide practical strategies, actionable insights, and inspiration for building cohesive, future-ready application platforms.

Speakers

Nuno Guedes

Cloud Compute Lead, Millennium bcp

I am the Cloud Compute Lead at Millennium bcp, Portugal's largest privately-owned bank, with several years of experience in designing and leading the implementation of cloud-based solutions prioritizing containers. In addition to the Cloud Compute team, I am responsible for the Infrastructure... Read More →

Jonathan Smith

Product Manager, Azure Open Source Incubations, Microsoft

Jonathan Smith is a veteran product leader at Microsoft focused most recently on early incubations including: the Parallel Computing Platform, Cloud Engineering Systems, IoT, and cloud-based production of film and television content. Jonathan currently leads product management for... Read More →

Friday April 4, 2025 13:45 - 14:10 BST
Level 1 | Hall Entrance N10 | Room H

Platform Engineering

Content Experience Level Any

13:45 BST

From Chaos To Control: Building ML Platform - George Markhulia & Steve Larkin, Volvo Cars

Friday April 4, 2025 13:45 - 14:15 BST

Level 1 | Hall Entrance S10 | Room A

One of the most significant challenges facing the ML community in large organizations is the fragmentation of the data ecosystem, compounded by organizational silos and an inconsistent technology landscape. Tackling these barriers is critical to enabling efficient, scalable, and impactful machine learning solutions. At Volvo Cars, George and Steve are deeply committed to breaking silos, empowering users and enabling collaboration via the MLOps.

In this session, they will share their experience of designing and implementing ML platform on Kubernetes that bridges these gaps. The talk will cover architectural choices, key lessons learned, and best practices to address data accessibility, streamline workflows, and ensure seamless integration across diverse teams. Attendees will also gain insights into how this cloud-native platform enables faster experimentation, greater reproducibility, knowledge sharing and scalable deployment of ML models across the organization.

Speakers

Steve Larkin

ML Platform Engineer, Volvo Cars

With over 20 years in the software industry Steve has worked with a diverse set of technologies from creating some of the first smartphones to building data and machine learning platforms for enterprises. Originally from the UK he now lives in Malmö, Sweden with his family.

George Markhulia

Engineering Manager, Volvo Cars

With extensive experience in technical problem-solving, software engineering, and data streaming, George is a tech lead with a robust background in technology and operational excellence. His career journey includes MLOps, Android Automotive infotainment, backend systems, and analytical... Read More →

Friday April 4, 2025 13:45 - 14:15 BST
Level 1 | Hall Entrance S10 | Room A

AI + ML

Content Experience Level Any

13:45 BST

Optimizing Model Serving on Kubernetes With Model Streaming - Ekin Karabulut & Ronen Dar, Run:ai

Friday April 4, 2025 13:45 - 14:15 BST

Level 0 | ICC Capital Hall | Room 2

Deploying large language models in Kubernetes environments faces a critical challenge: the cold start problem.When auto-scaling workloads with tools like Knative, the latency from loading large model weights into GPU memory slows response times, degrades performance, and increases costs.Traditional methods rely on loading weights sequentially into CPU memory then to the GPU,which is slow and inefficient.This talk introduces Run:ai Model Streamer, an open-source tool that mitigates cold starts by streaming model weights to GPU memory while reading them from storage in parallel.It integrates seamlessly into inference engine containers and Kubernetes workflows, enabling parallelized weight streaming without modifying weight formats, making it an easy-to-adopt solution for Kubernetes-based AI deployments.We’ll share benchmarking results comparing storage backends like GP3 SSDs, IO2 SSDs, and S3, highlighting performance improvements, cost savings, and best practices from these experiments.

Speakers

Ekin Karabulut

Data Scientist & Developer Advocate, Run:ai

Ekin is a data scientist at Run:ai. She specialized in the privacy implications of federated learning with DNNs. Through her journey, she focused on distributed training techniques and observed inefficiencies in GPU usage both in research and industry settings. She thus established... Read More →

Ronen Dar

CTO and Co-Founder, Run:ai

Ronen Dar, PhD, is the co-founder and CTO of Run:ai. Ronen has been responsible for building the Run:ai Atlas platform and the technology that powers the platform, from GPU API-level virtualization to advanced K8s-based scheduling capabilities.

Friday April 4, 2025 13:45 - 14:15 BST
Level 0 | ICC Capital Hall | Room 2

AI + ML

Content Experience Level Any

13:45 BST

Failure Is Not an Option: Durable Execution + Dapr = 🚀 - Marc Duiker, Diagrid

Friday April 4, 2025 13:45 - 14:15 BST

Level 0 | ICC Capital Hall | Room 1

Applications break all the time, there could be a network issue, a cloud provider outage, or just a glitch in the matrix. But as a developer, you really need your applications to be resilient without the need to recover databases and restart services manually.

In this session, I'll demonstrate how Dapr Workflow provides durable execution, which enables you to write reliable workflows as code. In addition, I'll show how resiliency policies in Dapr improve reliable communication across services and resources when developing distributed applications.

I'll go into specific workflow features, such as scheduling, sequential and parallel execution, and waiting for external events. I'll show many code samples (in C#) for each of these features and will run the applications using the Dapr CLI to demonstrate their resiliency.

By the end of the session, you will have a good grasp of how durable execution with Dapr workflow and resiliency policies can help you build resilient applications.

Speakers

Marc Duiker

Developer Advocate, Diagrid

Marc is a Sr Developer Advocate at Diagrid with a strong focus on event-driven architectures. He loves helping developers to achieve more every day. You might have seen Marc at a developer meetup or conference, since he's a regular speaker and event-organizer in the area of Dapr... Read More →

Friday April 4, 2025 13:45 - 14:15 BST
Level 0 | ICC Capital Hall | Room 1

Application Development

Content Experience Level Advanced

13:45 BST

Public Technical Oversight Committee (TOC) Meeting - Moderated by Chris Aniszczyk, CTO, The Linux Foundation

Friday April 4, 2025 13:45 - 14:15 BST

Level 1 | Hall Entrance N10 | Room E

This session is a panel discussion moderated by Chris Aniszczyk with members of the Technical Oversight Committee. Feel free to come with questions, but we'll be doing an overview of the Technical Oversight Committee's governance structure, scope, mission and processes.

To learn more about the TOC, visit https://github.com/cncf/toc

Speakers

Chris Aniszczyk

CTO, Linux Foundation (CNCF)

Friday April 4, 2025 13:45 - 14:15 BST
Level 1 | Hall Entrance N10 | Room E

Cloud Native Experience

13:45 BST

No Code Needed: From Emojis To Glory on the Contribution Ladder - Nancy Chauhan, Student & Carol Valencia, Elastic

Friday April 4, 2025 13:45 - 14:15 BST

Level 1 | Hall Entrance N10 | Room F

Non-code contributions are essential for the success and sustainability of open-source projects. They promote broader inclusion and accessibility, strengthen project governance, incorporate diverse perspectives to enhance usability and communication and facilitate collaboration across the ecosystem.

The abundance of materials and websites can feel overwhelming when you’re new to the CNCF ecosystem. We will explore the steps to help newcomers create their first PR, guiding them through contributions to projects such as documentation, whitepapers, release projects, governance, and leadership. This includes localization, which allows diverse cultures and language communities to engage with and benefit from the project.

This talk will provide attendees a clear roadmap for non-code contributions, making the journey more visible and accessible, while enabling the next generation of leaders to emerge and thrive in non-code roles.

Speakers

Carolina Valencia

Customer Architect, Elastic

Nancy Chauhan

Student, Cornell University

Friday April 4, 2025 13:45 - 14:15 BST
Level 1 | Hall Entrance N10 | Room F

Cloud Native Novice

Content Experience Level Any

13:45 BST

Don't Let Your Kubernetes Cluster Go Wild: Ensuring Etcd Reliability - Arka Saha, VMware by Broadcom & Chun-Hung (Henry) Tseng, Google

Friday April 4, 2025 13:45 - 14:15 BST

Level 1 | Hall Entrance S10 | Room C

Have you ever encountered a perplexing Kubernetes issue that left you no choice but to recreate your cluster?As the backbone of Kubernetes, etcd stores the state and configuration at any given moment.Since any changes to this critical component can introduce instability, how can we continuously ensure that new features, improvements, or bug fixes don’t introduce data inconsistency and regression?
Join us for a deep dive into the etcd test framework and discover how we safeguard your Kubernetes clusters from catastrophic bugs. We will share the rigorous processes to guarantee correctness, consistency, and reliability with every code change for the etcd v3.6 release.
We'll share the challenges in our journey of developing, leveraging, and debugging issues caught by the robustness test framework. Whether you’re building Kubernetes or complex distributed systems, this session will equip you with invaluable knowledge and practical tools to create a more reliable and resilient infrastructure

Speakers

Arka Saha

Software Engineer, VMware By Broadcom

Chun-Hung (Henry) Tseng

Software Engineer, Google

Henry is a CK* certified Software Engineer who currently works at Google as a software engineer. He has been an etcd contributor since 2024.

Friday April 4, 2025 13:45 - 14:15 BST
Level 1 | Hall Entrance S10 | Room C

Data Processing + Storage

Content Experience Level Intermediate

13:45 BST

Thousands of Virtual Kubelets: 1-to-1 Mapping a Supercomputer To Kubernetes With Supernetes - Dennis Marttinen, Aalto University

Friday April 4, 2025 13:45 - 14:15 BST

Level 1 | Hall Entrance S10 | Room B

Bridging the gap between High-Performance Computing (HPC) and the cloud is an ongoing challenge in the cloud-native ecosystem. Most projects migrate some parts of the batch job scheduling from Slurm to Kubernetes. However, with many HPC systems rigidly tied to Slurm and its features, where is the integration limit?

Introducing Supernetes: an open source HPC-to-cloud bridge that bidirectionally reconciles all Slurm tasks to v1/Pods, and all Slurm nodes to v1/Nodes, 1-to-1. Supernetes tolerates the strictest HPC limitations: tight firewalls, no root, no fakeroot, no namespaces, no slurmrestd API. If you can run sbatch and scontrol, you can run Supernetes.

In this session, Dennis presents his quest to integrate LUMI, a global top-10 supercomputer, with Kubernetes. Starting from HPC-to-cloud bridge basics, the talk evolves into running thousands of virtual kubelet instances and hacking FluxCD to reconcile from a gRPC tunnel. The session concludes with a live demo of Supernetes on LUMI.

Speakers

Dennis Marttinen

Security and Cloud Computing (SECCLO) Master Student, Aalto University

Dennis is a Security and Cloud Computing (SECCLO) double-degree master student with a broad background in Kubernetes, supercomputing/HPC, networking and cloud security. He is the co-author of Weave Ignite, a container-to-microVM solution, and Racklet, a scale model rack project presented... Read More →

Friday April 4, 2025 13:45 - 14:15 BST
Level 1 | Hall Entrance S10 | Room B

Emerging + Advanced

Content Experience Level Intermediate

13:45 BST

Bridge the Gap To OSS Adoption With Documentation: A Kubernetes Story - Rey Lejano, Red Hat; Natali Vlatko, Cisco; Divya Mohan, SUSE

Friday April 4, 2025 13:45 - 14:15 BST

Platinum Suite | Level 3 | Room 1-2

Accessible, comprehensive, and easy-to-read documentation aids open source project adoption.
New users of an open source project often follow the documentation to deploy the project.
Good documentation leads users to successfully deploy the project -- potentially leading to adoption.

This session highlights key strategies, factors, and attributes that aided the success of the Kubernetes documentation. Some of these include the importance of writing from a second-person perspective and accepting PRs that are "good enough" and not perfect, which creates a lower barrier to entry for new contributors to improve the docs. This talk will review many more strategies, factors, and attributes of the Kubernetes documentation that can be adopted by other projects and are helpful for future Kubernetes documentation contributors.

Speakers

Divya Mohan

Principal Technology Advocate, SUSE

Divya is a Senior Technical Evangelist at SUSE, where she contributes to Rancher’s cloud native open source projects. She co-chairs the documentation for the Kubernetes & LitmusChaos projects & has previously worked extensively in the systems engineering space during her tenure... Read More →

Natali Vlatko

Open Source Lead Architect, Cisco

Natali Vlatko (she/her) is an Open Source Architect at Cisco, specializing in open software, policy, and governance, and is a SIG Docs Co-Chair for Kubernetes. She plays on the fun computer in her spare time. Her academic background is in Egyptology and Archaeology; specifically... Read More →

Rey Lejano

Solutions Architect, CNCF Ambassador, K8s SIG Docs co-chair, Red Hat

Friday April 4, 2025 13:45 - 14:15 BST
Platinum Suite | Level 3 | Room 1-2

Maintainer Track, Kubernetes

13:45 BST

Fluent Bit v4: A Decade of Innovation and What’s Next - Eduardo Silva, Chronosphere

Friday April 4, 2025 13:45 - 14:15 BST

Platinum Suite | Level 3 | Room 3-4

Fluent Bit has become the de facto standard for log processing in Kubernetes, powering observability pipelines across countless deployments. As we celebrate 10 years of Fluent Bit, we are excited to introduce Fluent Bit v4: a major milestone that pushes the boundaries of performance, efficiency, and interoperability.

This release brings extended and faster processing capabilities, deeper OpenTelemetry signals integration, expanded Prometheus support, and performance optimizations that further enhance Fluent Bit’s lightweight and high-performance design. In this session, we’ll explore what’s new in Fluent Bit v4, discuss real-world use cases, and showcase the next evolution of observability pipelines.

Whether you’re a long time user or new to Fluent Bit, this talk will provide valuable insights into the latest advancements and how they can elevate your observability stack.Fluent Bit has become the de facto standard for log processing in Kubernetes, powering observability pipelines across countless deployments. As we celebrate 10 years of Fluent Bit, we are excited to introduce Fluent Bit v4: a major milestone that pushes the boundaries of performance, efficiency, and interoperability.

Speakers

Eduardo Silva

Guillaume Gill

Lead Platform Engineer, OrangeLogic

Guillaume comes from software development on the web, for high traffic ecommerces and ERP, Then he migrated to the pure sysadmin side after 8 years, to start learning new skills. He finally came DevOps immediately by helping both teams working more efficiently and automate the processes.He's... Read More →

Friday April 4, 2025 13:45 - 14:15 BST
Level 3 | ICC Capital Suite 14-16

Maintainer Track, Notary

13:45 BST

Smooth Scaling With the OpAMP Supervisor: Managing Thousands of OpenTelemetry Collectors - Evan Bradley, Dynatrace & Andy Keller, observIQ

Friday April 4, 2025 13:45 - 14:15 BST

Level 1 | Hall Entrance N10 | Room G

The OpAMP protocol has become a powerful solution for managing OpenTelemetry Collectors, offering seamless remote configuration and control. Until recently, only a limited number of Collector distributions supported OpAMP. However, with the introduction of the OpAMP Extension and Supervisor, it is now easy to include OpAMP support in any Collector distribution.

This session will explore how to utilize OpAMP in upstream Collector distributions and outline the simple steps to make your own distribution OpAMP-compatible. Attendees will gain insights into the architecture and features of the OpAMP Supervisor and its role in enhancing Collector management. The talk will also include a demonstration of how the OpAMP Supervisor enables centralized remote configuration, monitoring, and updates for your Collectors.

Speakers

Andy Keller

Principal Engineer, observIQ

Andy is a Principal Engineer at observIQ where he is responsible for the architecture and implementation of the BindPlane OP, an observability agent management and configuration platform. Andy has worked in the observability space for over 8 years and is a maintainer of the OpAMP... Read More →

Evan Bradley

Senior Software Engineer, Dynatrace

Evan helps maintain the OpenTelemetry Collector, where he is a primary contributor to the OpenTelemetry Transformation Language (OTTL), and helps drive adoption of the OpenTelemetry Agent Management Protocol (OpAMP) to enable users to manage fleets of Collectors. Evan has a background... Read More →

Friday April 4, 2025 13:45 - 14:15 BST
Level 1 | Hall Entrance N10 | Room G

Observability

Content Experience Level Intermediate

13:45 BST

Resilient Multi-Cloud Strategies: Harnessing Kubernetes, Cluster API, and Cell-Based Architecture - Tasdik Rahman & Javi Mosquera, New Relic

Friday April 4, 2025 13:45 - 14:15 BST

Level 0 | ICC Auditorium

In today's multi-cloud world, resilience and high availability at scale are crucial. This session will cover how we utilized Kubernetes with Cluster API and other cloud native components, to deploy a cell-based architecture across multiple cloud providers, scaling to 270+ clusters and 18,000+ nodes, creating independent, isolated cells that limit failures and improve uptime, thus simplifying compliance, cost management, and disaster recovery planning.

We'll explore how Cluster API facilitates seamless automation of cluster creation and management across our multi-cloud setup, upgrades, enhancing autonomy and resilience. Moreover, we'll highlight real-world use cases sharing our learnings from automation built for efficient management of k8s clusters while limiting operational overhead.

End users will learn from this talk on how they can use ClusterAPI, to automate their multi cloud cluster lifecycle management and leverage cellular architecture to build a highly available setup.

Speakers

Javier Mosquera Sanchez

Principal Software Engineer, New Relic

I am a Principal Software Engineer at New Relic, where I work as the multicloud architect for the initiative to integrate our offering into the main three cloud service providers (AWS, Azure, and GCP). I also serve as the Kubernetes architect for our Container Fabric team, which is... Read More →

Tasdik Rahman

Senior Software Engineer, New Relic

A generalist developer, with a focus on the infrastructure side of things. Past ClusterAPI release 1.9 team member, Past Contributor to oVirt.

Friday April 4, 2025 13:45 - 14:15 BST
Level 0 | ICC Auditorium

Operations + Performance

Content Experience Level Intermediate

13:45 BST

Do Your Containers Even Lift – A Hardening Guide for K8s Containers - Cailyn Edwards & Daniel Murphy, Okta

Friday April 4, 2025 13:45 - 14:15 BST

Level 1 | Hall Entrance S10 | Room D

In a world where containers are centre stage it's important that they look and feel their best. In this talk we will go over the Kubernetes security checklist - identifying quick fixes that will yield huge gains. Together Cailyn and the audience will take a container from flimsy and squishy to rock solid in a Rocky worthy montage of a demo. Become the trainer your containers need, and ensure that your security routines are sustainable and maintainable! From slim images, to access control we will cover techniques and tools that will make your security dreams a reality. Attendees will leave this talk with a list of Cloud Native tools that will take their container security to the next level and help their containers get a PB on their next CIS BENCHmark!

Speakers

Daniel Murphy

Senior Security Engineer, Okta

Daniel Murphy (they/them/he/him) is a Senior Security Engineer at Okta, where their main focus is making managing vulnerabilities less tedious. Prior to joining Okta, Daniel also spent time in Quality and Software Engineering, and Application Security. Outside of work Daniel enjoys... Read More →

Cailyn Edwards

Senior Security Engineer, Okta

Friday April 4, 2025 13:45 - 14:15 BST
Level 1 | Hall Entrance S10 | Room D

Security

Content Experience Level Beginner

13:45 BST

Tutorial: Hacking up a Storm With Kubernetes - Rory McCune, Datadog; Marion McCune, ScotSTS; Iain Smart, AmberWolf

Friday April 4, 2025 13:45 - 15:00 BST

Level 1 | Hall Entrance N11

We'll provide a kind (https://kind.sigs.k8s.io/) cluster configuration and all of the required manifests to deploy our interactive environment on your own machines. Please bring a laptop capable of running a kind cluster and have kind installed before we start.

If you'd like to get hands-on hacking Kubernetes cluster, this is the tutorial for you! Join us as we walk through hands-on examples of how attackers can try and compromise Kubernetes clusters and what you can do to make sure it doesn't happen to you.

We'll be exploring some of the in-depth parts of cluster architecture that you may not get to look at every day with hands-on exercises that you can try out during the tutorial or takeaway and work on later.

So if you've ever wondered what the Kubelet API is, how Kubernetes does authentication or authorization or how someone could use "the most pointless Kubernetes pod ever" to get root access to your cluster nodes, then join us and find out!

Speakers

Iain Smart

Principal Consultant, AmberWolf

Marion Mccune

Security Tester, ScotSTS

App Sec pentester with an interest in the security side of containerization. Live in the Highlands of Scotland with my husband and three cats. Interests are the outdoors, history, cookery and drawing.

Rory McCune

Senior Security Researcher and Advocate, Datadog

Friday April 4, 2025 13:45 - 15:00 BST
Level 1 | Hall Entrance N11

Tutorials, Security

Content Experience Level Beginner

13:45 BST

🚨 Contribfest: Securing the Kubernetes Host by Finding Kernel Vulnerabilities

Friday April 4, 2025 13:45 - 15:00 BST

Level 3 | ICC Capital Suite 1

Join the session on how Kubescape will add functionality that enhances Kubernetes security by implementing vulnerability scanning of the Kubernetes host.
We'll talk about what it takes to identify and address critical kernel vulnerabilities that can significantly impact cluster security.
Don't miss this opportunity to contribute to the security of the cloud-native ecosystem!

Speakers

Ben Hirschberg

Co-founder and CTO, ARMO

Oshrat Nir

Developer Advocate, ARMO

Oshrat Nir is the Developer Advocate at ARMO, where she helps customers adopt Kubernetes security. She has over 20 years of IT experience, including roles at Amdocs and Giant Swarm. She is a big believer in transparency and community, and she loves telling stories. She excels at... Read More →

Matthias Bertschy

Senior Kubernetes Developer, ARMO

Matthias is a Senior Kubernetes Developer at ARMO working on Kubescape. In 2011 he joined a leading security solution provider in Switzerland to become a Security System Engineer. Certified as an Ethical Hacker in 2012 (GPEN certification) and a CISSP in 2015.He has become a regular... Read More →

Friday April 4, 2025 13:45 - 15:00 BST
Level 3 | ICC Capital Suite 1

🚨 Contribfest, Kubescape

14:30 BST

From High Performance Computing To AI Workloads on Kubernetes: MPI Runtime in Kubeflow TrainJob - Andrey Velichkevich, Apple & Yuki Iwai, CyberAgent, inc

Friday April 4, 2025 14:30 - 15:00 BST

Level 1 | Hall Entrance S10 | Room A

Message Passing Interface (MPI) is a foundational technology in distributed computing essential for ML frameworks like MLX, DeepSpeed, and NVIDIA NeMo. It powers efficient communication for large-scale AI workloads using high-speed interconnects via InfiniBand. However, running MPI on Kubernetes presents challenges, such as ensuring high-throughput pod-to-pod communication, managing MPI Job initialization in containerized environments, and supporting diverse MPI implementations, including OpenMPI, IntelMPI, and MPICH.

This talk will introduce the Kubeflow MPI Runtime integrated with Kubeflow TrainJob, featuring distributed training with MLX and LLMs fine-tuning with DeepSpeed on Kubernetes. Speakers will highlight SSH-based optimization to boost MPI performance. Attendees will discover how this solution simplifies, scales, and optimizes AI workloads while addressing key challenges and combining MPI's efficiency with Kubernetes' orchestration power.

Speakers

Andrey Velichkevich

Senior Software Engineer, Apple

Yuki Iwai

Software Engineer, CyberAgent, inc

Friday April 4, 2025 14:30 - 15:00 BST
Level 1 | Hall Entrance S10 | Room A

AI + ML

Content Experience Level Intermediate

14:30 BST

Unlocking How To Efficiently, Flexibly, Manage and Schedule Seven AI Chips in Kubernetes - Xiao Zhang, DaoCloud & Mengxuan Li, The 4th paradigm, Ltd

Friday April 4, 2025 14:30 - 15:00 BST

Level 0 | ICC Capital Hall | Room 2

There are more and more AI accelerator manufacturers emerged in recent years. Data centers often face scenarios where multiple AI accelerators from different vendors exist at the same time, such as Nvidia and AMD, Intel, etc..
Therefore, managing these heterogeneous devices face bigger challenges. The CNCF sandbox project HAMi (Heterogeneous AI Computing Virtualization Middleware) was officially born for this purpose.
This session will focus on efficiently managing heterogeneous AI chips through HAMi in Kubernetes clusters
* A unified scheduler which capable of topology-aware, numa-aware, supports binpack and spread schedule policy on 7 AI accelerators.
* Virtualization on 6 AI accelerators
* Task priority
* Memory oversubscription on k8s GPU tasks
* Observability in two dimensions: allocated resources and real usage
* HAMi+Volcano/Koordinator for collaborative orchestration and scheduling capabilities on AI batch tasks
* HAMi+Kueue for practice in training and inference scenarios

Speakers

xiaozhang

Senior Software Engineer, DaoCloud

Xiao Zhang is the leader of the Container team (focus on infra, AI, Multi-Cluster, Cluster - LCM, OCI). He is also an active community contributor and cloud native enthusiast. He is currently a member of Kubernetes / Kubernetes-sigs, maintainer of Karmada, kubean, HAMi, and cloudtty... Read More →

Mengxuan Li

System Architect, The 4th paradigm, Ltd

Member of volcano community Founder and maintainer of CNCF sandbox project HAMi Responsible for the development of gpu virtualization mechanism on volcano. It have been merged in the master branch of volcano, and will be released in v1.8.

Friday April 4, 2025 14:30 - 15:00 BST
Level 0 | ICC Capital Hall | Room 2

AI + ML

Content Experience Level Any

14:30 BST

Are You Covered? Falling in Love With E2E Testing - Scott McAllister, ngrok

Friday April 4, 2025 14:30 - 15:00 BST

Level 0 | ICC Capital Hall | Room 1

Automated testing aims to give us confidence that our code will run as expected in every situation–especially when we push changes. Good tests will increase your team's velocity of developing new features and reduce the headache of bugs and outages.

As more applications shift to containerized environments, testing them becomes more complex. Not only does the application code need to be tested, but so does the Kubernetes manifests. This session will clarify setting up and running automated tests in these environments. We'll discuss organizing tests in containers, handling dependencies, and maintaining consistent testing throughout the deployment process.

The session will cover setting up containers for replicable test environments, Argo CD for GitOps automation, and utilizing k3s to manage complex, interdependent test workflows, ensuring consistent, reliable end-to-end testing.

Speakers

Scott McAllister

Principal Developer Advocate, ngrok

Scott McAllister is a Developer Advocate at ngrok. He has been building web applications in several industries for over a decade. Now he's helping others learn about a wide range of web and infrastructure technologies. When he's not coding, writing or speaking he enjoys long walks... Read More →

Friday April 4, 2025 14:30 - 15:00 BST
Level 0 | ICC Capital Hall | Room 1

Application Development

Content Experience Level Intermediate

14:30 BST

Breaking Barriers: Bringing Application Developers Closer To the CNCF - Thomas Vitale, Systematic & Mauricio "Salaboy" Salatino, Diagrid

Friday April 4, 2025 14:30 - 15:00 BST

Level 1 | Hall Entrance N10 | Room E

Being an application developer in the cloud native age is challenging. Developers new to cloud native who land on the CNCF Landscape feel overwhelmed. When using a platform that doesn’t consider the developer experience, things can get even worse. But it doesn’t have to be that way. The solution lies in the cloud native ecosystem itself.

This session covers 5 friction points that developers face and presents solutions with cloud native tools.

- Unreproducible Dev Environment. Do you need a cloud environment? Or can you run everything locally?
- Inefficient Project Onboarding and Collaboration. How do teams share configurations, tools, and common practices?
- Cumbersome Inner Dev Loop. How do you achieve efficient development workflows?
- Complex Service Integrations. How can you integrate external services without worrying about infrastructure concerns?
- Kubernetes Steep Learning Curve. Do you need Kubernetes in your local environment? How can you build production-ready containers?

Speakers

Mauricio Salatino

Ecosystem Engineer, Diagrid

Mauricio works as an Open Source Software Engineer at @Diagrid, contributing to and driving initiatives for the Dapr OSS project. Mauricio also serves as a Steering Committee member for the Knative Project and Co-Leading the Knative Functions initiative. He published a book titled... Read More →

Thomas Vitale

Software Architect, Systematic

Friday April 4, 2025 14:30 - 15:00 BST
Level 1 | Hall Entrance N10 | Room E

Application Development

Content Experience Level Any

14:30 BST

The Ultimate Container Challenge: An Interactive Trivia Game on OCI, Podman, Docker... - Aurélie Vache, OVHcloud & Sherine Khoury, Red Hat

Friday April 4, 2025 14:30 - 15:00 BST

Level 1 | Hall Entrance N10 | Room F

Containers are now part of our daily lives as Devs and Ops for more than 10 years now. And yet, do we know them as well as we think we do?

With a mix of quiz and live demos, come learn and/or improve your knowledge, about the various existing formats of containers, best practices to secure them, store them, use them on various platforms and... put them on diet!

In this fun and dynamic talk, come compete throughout the quiz and explore the wonderful world of containers.

You will discover or dig into several CNCF and open source projects like Harbor, Skopeo, Oras, Podman, Docker and many more!

Icing on the cake: the first will win some swags.

Speakers

Aurélie Vache

Developer Advocate, OVHcloud

Sherine Khoury

Senior Software Engineer, Red Hat

I've been in the world of tech for nearly 20 years now... Gosh that sounds old! From Dev (Go, Java), to QE, OPS, Infra and SRE, my diverse experiences reflect my passion for learning and exploration. At my day job at Red Hat, I contribute to the OpenShift Kubernetes distribution... Read More →

Friday April 4, 2025 14:30 - 15:00 BST
Level 1 | Hall Entrance N10 | Room F

Cloud Native Novice

Content Experience Level Any

14:30 BST

Data Processing Efficiency: Optimizing Batch Workloads on Kubernetes With Custom Schedulers - Sigmar Stefánsson, NetApp & Hichem Kenniche, NetApp Instaclustr

Friday April 4, 2025 14:30 - 15:00 BST

Level 1 | Hall Entrance S10 | Room C

Kubernetes is the leading platform for deploying major data processing frameworks like Apache Spark. However, its default scheduler falls short in meeting some of the advanced and specific requirements of batch workloads.

This presentation explores the necessity and benefits of custom schedulers, with a deep dive on the implementation of Volcano and Apache YuniKorn in multi-cloud Kubernetes environments running large and complex Apache Spark applications. Discover how these tools can optimize cluster management for batch and ML workloads.

Speakers

Hichem Kenniche

Principal OSS Product Architect, NetApp Instaclustr

Hichem is passionate about open-source technologies such as Kubernetes and its ecosystem, Apache Spark, Kafka, Airflow, and many others. With over 10 years of experience in Data Analytics and AI/ML, he is currently an OSS Product Architect at NetApp Instaclustr. In this role, he collaborates... Read More →

Sigmar Stefánsson

Software Engineer, NetApp

Sigmar is a Software Engineer at NetApp, where he has been instrumental in advancing the integration of Apache Spark within Kubernetes environments. With a robust background in software development and a keen focus on big data technologies, Sigmar has dedicated years to optimizing... Read More →

Friday April 4, 2025 14:30 - 15:00 BST
Level 1 | Hall Entrance S10 | Room C

Data Processing + Storage

Content Experience Level Advanced

14:30 BST

Transparent, Infra-Level Checkpoint and Restore for Resilient AI/ML Workloads at Scale - Ganeshkumar Ashokavardhanan, Microsoft & Bernie Wu, MemVerge

Friday April 4, 2025 14:30 - 15:00 BST

Level 1 | Hall Entrance S10 | Room B

While model checkpointing at the application framework level provides basic failure recovery for AI/ML training, it burdens developers with complex config requirements. As the scale of production workload increases, infra-level checkpointing using Checkpoint/Restore in Userspace (CRIU) can provide fault-tolerance and live migration transparently to the end user. We will demonstrate with a k8s operator how to checkpoint and restore distributed ML workloads, showcasing novel extensions across CRIU, CRI-O, and cuda-checkpoint.

Our talk focuses on implementing synchronization mechanisms for JobSets running stateful workloads to be checkpointed in unison, while minimizing interruption overhead. The presentation explores how this infra-level approach accelerates recovery times, and workload reprioritization. Key topics include network state handling in distributed training and GPU memory checkpoint management, highlighting benefits for stateful applications requiring higher resiliency.

Speakers

Bernie Wu

VP Technology Partnerships, MemVerge

Bernie is VP of Technology Partnerships and leads the Kubernetes, AI/ML, and CXL Memory initiatives for MemVerge. He has 25+ years of experience as a senior executive for data center hardware and software infrastructure companies, including Conner/Seagate, Cheyenne Software, Trend... Read More →

Ganeshkumar Ashokavardhanan

Software Engineer, Microsoft

Ganesh is a Software Engineer on the Azure Kubernetes Service team at Microsoft, and is the lead for the GPU workload experience and error handling on this kubernetes platform. He collaborates with partners in the ecosystem to support operator models for machine learning workloads... Read More →

Friday April 4, 2025 14:30 - 15:00 BST
Level 1 | Hall Entrance S10 | Room B

Emerging + Advanced

Content Experience Level Intermediate

14:30 BST

Discover CNCF TAG Runtime: Advancing Cloud-Native Innovation from AI to Edge - Ricardo Aravena, Snowflake; Stephen Rust, Akamai; Rajas Kokodkar, Broadcom; Alexander Kanevskiy, Intel; Danielle Tal, Microsoft

Friday April 4, 2025 14:30 - 15:00 BST

Platinum Suite | Level 3 | Room 1-2

Join us at KubeCon + CloudNativeCon Europe 2025 in London to explore the evolving CNCF TAG Runtime ecosystem. This session dives into:

- CNCF Projects: An overview of key open-source projects driving cloud-native workloads.

- Working Group Updates:
- Cloud Native AI: How AI and cloud-native tech empower each other.
- WASM, Edge, and Batch: Innovations in WebAssembly, edge computing, and batch processing.
- Special-Purpose OS and CDI: Advances in lightweight OS and Container Device Interface.

- Emerging Trends: Insights into the future of cloud-native runtime technologies.

- Community Involvement: Learn how to contribute, grow as a contributor, and influence runtime projects in the CNCF landscape.

Discover the latest developments, connect with dynamic communities, and shape the future of open-source cloud-native runtime technologies. Join us to master the CNCF runtime ecosystem!

Speakers

Danielle Tal

PM, Microsoft

Danielle Tal is a Program Manager at Microsoft and an integral part of the team responsible for maintaining Flatcar Container Linux. The team is contributes to Linux OS distributions and Linux Security within Azure and other upstream projects. With a background in supporting diverse... Read More →

Alexander Kanevskiy

Principal Engineer, Cloud Orchestration Software, Intel Finland

Alexander is currently employed by Intel as Principal Engineer, Cloud Software, focusing on various aspects in Kubernetes: Resource Management, Device plugins for hardware accelerators, Cluster Lifecycle and Cluster APIs. Alexander has over 25+ years of experience in areas of Linux... Read More →

Ricardo Aravena

Cloud Native Lead, Snowflake

Ricardo currently works at TruEra as a Cloud Infrastructure Lead helping automate everything with cloud native technologies. He's an open source enthusiast and co-chair of the CNCF TAG-Runtime. He has been working in tech for more than 20 years and comes from a diverse professional... Read More →

Rajas Kakodkar

Senior Member of Technical Staff | Tech Lead TAG Runtime CNCF, Broadcom

Stephen Rust

Principal Architect, Akamai

Stephen Rust is a Principal Architect at Akamai, where he leads Cloud Native architecture within the Akamai Linode Cloud. Stephen has over 20 years of experience in operating systems, storage, and working in open source with containers, Kubernetes, and Cloud Native systems. At Akamai... Read More →

Friday April 4, 2025 14:30 - 15:00 BST
Platinum Suite | Level 3 | Room 1-2

Maintainer Track, Runtime

14:30 BST

Evolving OpenID Connect and Observability in Keycloak - Ryan Emerson, Red Hat & Takashi Norimatsu, Hitachi

Friday April 4, 2025 14:30 - 15:00 BST

Level 3 | ICC Capital Suite 7-9

OpenID Connect and observability have evolved a lot over the past year in the Keycloak project.

Keycloak's OAuth Special Interest Group has contributed security features related to OAuth 2.0 and OpenID Connect. We will demonstrate OAuth 2.0 Demonstrating Proof of Possession to make single page applications and native applications more secure, and OpenID Federation 1.0 support for building trust relationships between OpenID Providers and Relying Parties.

For better observability Keycloak now provides a full guide on how to use metrics for Service Level Indicators (SLI), Service Level Objectives (SLO), troubleshooting and sizing, together with example Grafana dashboards. Users will learn how they can utilise the Keycloak metrics and Grafana dashboards to identify excess request latencies that breach their SLO, we will then demonstrate how OpenTelemetry tracing can help debug the root cause of such breaches.

Speakers

Takashi Norimatsu

Senior OSS Specialist, Hitachi, Ltd.

Takashi Norimatsu, Senior OSS Specialist, Hitachi, Ltd. is a maintainer of Keycloak. He has been implemented and contributed security features like Financial-grade API (FAPI) security profiles, W3C Web Authentication (WebAuthn) API support. He leads Keycloak's community "OAuth SIG... Read More →

Ryan Emerson

Principal Software Engineer, Red Hat

Ryan Emerson is a Principal Software Engineer at Red Hat and a member of the Infinispan and Keycloak open-source product teams. He works on evolving Keycloak's HA architectures and improving day 2 operational capabilities, in addition to leading the development of the Infinispan Kubernetes... Read More →

Friday April 4, 2025 14:30 - 15:00 BST
Level 3 | ICC Capital Suite 7-9

Maintainer Track, Keycloak

14:30 BST

SIG Scheduling Intro & Updates - Maciej Skoczeń, Google; Kensei Nakada, Tetrate.io

Friday April 4, 2025 14:30 - 15:00 BST

Level 3 | ICC Capital Suite 14-16

SIG Scheduling is responsible for the components that make Pod scheduling decisions in a Kubernetes cluster, such as kube-scheduler for pod to node assignment, kueue for job queueing, Kwok for scheduling load testing, among other projects. In this session, you will learn the basics of these projects and how they can be extended. You will also learn about our recent advancements and ongoing work, such as higher scheduling throughput in kube-scheduler, fair sharing and hierarchical cohorts in Kueue and evaluating clusters’ performance and scalability efficiently using Kwok.

Speakers

Kensei Nakada

Software Engineer, Tetrate.io

Kensei Nakada is a platform engineer at Tetrate. In the community, he is a sig-scheduling approver, and a core maintainer of the project kube-scheduler-simulator and kube-scheduler-wasm-extension.

Maciej Skoczeń

Software Engineer, Google

Software Engineer at Google and SIG-Scheduling Reviewer. As a contributor, focusing mainly on measuring and improving performance of kube-scheduler.

Friday April 4, 2025 14:30 - 15:00 BST
Level 3 | ICC Capital Suite 14-16

Maintainer Track, Scheduling

14:30 BST

The NATS Stack - Libraries Extensions and the Execution Engine - Tomasz Pietrek & Jordan Rash, Synadia

Friday April 4, 2025 14:30 - 15:00 BST

Level 3 | ICC Capital Suite 10-12

NATS has grown far beyond its roots as a messaging system, and today it's evolving into a complete platform for building distributed applications.
In this session, we'll take a closer look at the latest additions to the NATS ecosystem, focusing on how they simplify solving real-world problems.

We'll explore new library extensions and their practical applications,
dive into how Leafnodes are unlocking powerful edge capabilities for modern, geographically distributed systems,
and walk you through a live demo where with power of NATS Execution Engine it all comes together.

Whether you're a seasoned developer or new to NATS, this talk will inspire you to rethink what's possible with a messaging system that goes beyond messaging.
Join us to discover how the NATS Stack can help you build scalable, reliable, and efficient applications with ease.

Speakers

Tomasz Pietrek

OSS Engineering Manager, Synadia

Tomasz is OSS Engineering Manager at Synadia, spearheading thr OSS team while actively contributing to key NATS projects, including NATS Server, Rust client and others. Before that he held Principal Architect, Tech Lead and Solution Architect roles in companies spanning Fintech, Industry... Read More →

Jordan Rash

Software Engineer, Synadia

Jordan is a US Navy veteran and software developer based in Denver, CO, with a career deeply rooted in open-source software and cybersecurity. Currently, he is part of the team at Synadia developing the NATS Execution Engine, bringing cutting-edge solutions to distributed systems... Read More →

Friday April 4, 2025 14:30 - 15:00 BST
Level 3 | ICC Capital Suite 10-12

Maintainer Track, NATS

14:30 BST

C.A.L.L.I.N.G. Now I'm Calling You, Calling You Now - Mario Macías & Terra Tauri, Grafana Labs

Friday April 4, 2025 14:30 - 15:00 BST

Level 0 | ICC Auditorium

The Kubernetes API is awesome and so tempting to use, especially when building Observability Solutions. Nobody wants to just get raw IP addresses and ports in their network or request telemetry, it’s much better to see your pod and service metadata. But what’s even better is that getting information about all the nodes in your cluster can help you produce amazing service graphs.

This talk is a story of how we took down the Kubernetes API in our biggest production cluster at Grafana, by deploying observability tools which make heavy use of the Kubernetes API. We’ll show you the techniques we used to avoid repeating our mistakes, by applying configuration changes and building services which helped us shield the Kubernetes API from the information thirsty observability tools, while keeping the functionality intact.

Speakers

Mario Macías

Staff Software Engineer, Grafana

I love programming since I was 12 years old. I’m a software engineer with 20 years of experience. During that time, I’ve been a scientific researcher, Ph.D student, university teacher, backend developer, and book writer. During the last 7 years I've focused on monitoring and observability... Read More →

Terra Tauri

Staff Software Engineer, Grafana Labs

terra is a Platform Network Engineer at Grafana Labs measuring beeps and boops for software that measures beeps and boops. Grafana ingests petabytes of data every single day and the Platform Networking squad is responsible for ensuring every one of those o11y packets makes it into... Read More →

Friday April 4, 2025 14:30 - 15:00 BST
Level 0 | ICC Auditorium

Operations + Performance

Content Experience Level Intermediate

14:30 BST

Compliance at the Speed of Innovation: Leveraging AI-Driven Automation for Real-Time Regulatory Read - Larry Carvalho, RobustCloud LLC; Simon Metson, EnterpriseDB; Robert Ficcaglia, Sunstone Secure, LLC; Anca Sailer, Red Hat / IBM; Yuji Watanabe, IBM Japa

Friday April 4, 2025 14:30 - 15:00 BST

Level 1 | Hall Entrance N10 | Room G

Due to upcoming regulations, the increased time organizations need to meet compliance requirements is slowing down their ability to innovate rapidly. Businesses are transitioning from periodic compliance assessments to continuous compliance monitoring, which offers constant, real-time visibility into an enterprise's ability to meet regulatory guidelines. With the rapid evolution of regulatory requirements and the surge in recent data breaches, it is evident that customers need a continuously updated and comprehensive understanding of their compliance status and risk exposure. In this session, attendees will learn how adopting a code-based approach to compliance—powered by agentic AI—can accelerate their go-to-market strategy by automating the creation of compliance artifacts. Catalog, controls, and automatic assessments will be discussed. As a use case, the new DORA regulations will be discussed along with the workflow this technology can enable to help organizations adhere to DORA.

Speakers

Larry Carvalho

Principal Consultant, RobustCloud LLC

Larry Carvalho of RobustCloud LLC provides strategy and insight into the adaption of Edge and Cloud Computing technologies. He provides advisory services and works closely with customers and vendors to help all parts of the ecosystem understand cloud computing, map business goals... Read More →

Anca Sailer

Distinguished Engineer, Red Hat / IBM

Dr. Anca Sailer is an IBM Distinguished Engineer at the T. J. Watson Research Center where she transforms the clients compliance processes into an engineering practice. Dr. Sailer received her Ph.D. in CS from Sorbonne Universités, France and applied her Ph.D. work to Bell Labs before... Read More →

Robert Ficcaglia

CTO and CISO, Sunstone Secure, LLC

Robert is leading the CNCF Compliance WG, helps Kubernetes Audit in SIG-Security, and is the emeritus chair of wg-policy and an active lead in the project assessments for CNCF Security TAG. He also participates in LF efforts related to AI security and safety. As CTO for SunStone... Read More →

Yuji Watanabe

Senior Technical Staff Member, IBM

Yuji Watanabe is a Senior Technical Staff member at IBM Research that lives in Tokyo, Japan. He leads a research team on cloud native security and has been delivering new integrity monitoring and enforcement technology to the open-source community and products. His current focus is... Read More →

Simon Metson

SVP Engineering, EnterpriseDB

Simon Metson is SVP for EDB’s Hybrid Cloud products. Throughout his career he’s worked on data problems on distributed systems; whether 100's of 1000+ node batch farms for physics experiments processing petabytes of data, first generation Cloud DBaaS products or bringing automation... Read More →

Friday April 4, 2025 14:30 - 15:00 BST
Level 1 | Hall Entrance N10 | Room G

Security

Content Experience Level Intermediate

14:30 BST

Fresh Secrets From the Docks: Lessons Learnt From Analyzing 180,000 Public DockerHub Images - Guillaume Valadon, GitGuardian

Friday April 4, 2025 14:30 - 15:00 BST

Level 1 | Hall Entrance S10 | Room D

Hardcoded secrets remain a common practice in containerized environments, often used for convenience during testing or deployment, despite their significant, well-known security risks.

Docker images are not immune and can inadvertently leak secrets through Dockerfiles, configuration files, or image layers. Once pushed to registries such as DockerHub, these secrets become discoverable to attackers, putting environments at risk.

In this session, we will share insights from an extensive analysis of 180,000 public Docker images retrieved from DockerHub, uncovering a staggering number of 35,000 secrets from 18,000 images. More than 6,000 of these secrets were valid when the study was conducted in late 2024, including AWS keys, GCP keys, OpenAI tokens, and GitHub tokens belonging to Fortune 500 companies.

Finally, we will discuss common misuses and pitfalls in Dockerfile files that lead to secrets being leaked, and describe best practices for handling secrets in Docker images.

Speakers

Guillaume Valadon

Staff CyberSecurity Researcher, GitGuardian

Guillaume is a Cybersecurity Researcher at GitGuardian. He holds a PhD in networking. He likes looking at data and crafting packets. He co-maintains Scapy. And he still remembers what AT+MS=V34 means!

Friday April 4, 2025 14:30 - 15:00 BST
Level 1 | Hall Entrance S10 | Room D

Security

Content Experience Level Intermediate

15:15 BST

Green AI in Cloud Native Ecosystems: Strategies for Sustainability and Efficiency - Vincent Caldeira, Red Hat & Tamar Eilam, IBM Research

Friday April 4, 2025 15:15 - 15:45 BST

Level 1 | Hall Entrance S10 | Room A

The rapid proliferation of AI is increasing focus on the environmental costs associated with large-scale model training and deployment. As cloud-native technologies form the backbone of modern AI systems, the Cloud Native Computing Foundation (CNCF) is spearheading efforts to balance AI innovation with sustainability. This session will provide an overview of the CNCF effort to identify key areas, techniques, and best practices for energy-efficient AI in cloud-native environments. Attendees will gain insights into a newly developed taxonomy that categorises remediation patterns and sustainable practices across AI lifecycle phases, deployment environments, and personas.

We will also explore real-world applications and discuss reference architectures that provide means to optimise resource use, such as GPU slicing for inference efficiency, power capping during training, and carbon-aware scheduling, while maintaining performance and scalability.

Speakers

Tamar Eilam

IBM Fellow, Chief Scientist Sustainable Computing, IBM Research

Dr. Tamar Eilam is an IBM Fellow and Chief Scientist for Sustainable Computing in the IBM T. J. Watson Research Center, New York. Tamar complete a Ph.D. degree in Computer Science in the Technion, Israel, in 2000. She joined the IBM T.J. Watson Research Center in New York as a Research... Read More →

Vincent Caldeira

CTO APAC, Red Hat

Vincent Caldeira, CTO of Red Hat in APAC, is responsible for strategic partnerships and technology strategy. Named a top CTO in APAC in 2023, he has 20+ years in IT, excelling in technology transformation in finance. An authority in open source, cloud computing, and digital transformation... Read More →

Friday April 4, 2025 15:15 - 15:45 BST
Level 1 | Hall Entrance S10 | Room A

AI + ML

Content Experience Level Intermediate

15:15 BST

How To Supercharge AI/ML Observability With OpenTelemetry and Fluent Bit - Celalettin Calis, Chronosphere

Friday April 4, 2025 15:15 - 15:45 BST

Level 0 | ICC Capital Hall | Room 2

Keeping AI/ML models performant and reliable in production is no small task—especially when running on Kubernetes. Effective monitoring and observability are key to ensuring these systems deliver results at scale.

This session explores how to build an advanced open source observability stack tailored for AI/ML workloads using Fluent Bit and OpenTelemetry. We’ll cover:

- Logging and debugging popular models like GPT, BERT, and custom LLMs.
- Tracking prompts and their results to gain actionable insights.
- Monitoring agent performance in production environments.

Complementing OpenTelemetry’s robust tracing and error stack trace capabilities with Fluent Bit’s resource-efficient log processing, live tail, and metrics scraping creates a comprehensive observability solution tailored for AI/ML workloads. If you’re an AI/ML practitioner working with Kubernetes, this talk will equip you with the strategies and tools you need to enhance your system’s reliability and performance.

Speakers

Celalettin Calis

Member of Technical Staff, Chronosphere

Celalettin Calis is a Member of Technical Staff at Chronosphere. His career includes significant roles at Calyptia and SAP, where he focused on Kubernetes platform engineering, developing CI/CD pipelines, and managing containerized environments. As a cloud-native expert, he has extensive... Read More →

Friday April 4, 2025 15:15 - 15:45 BST
Level 0 | ICC Capital Hall | Room 2

AI + ML

Content Experience Level Intermediate

15:15 BST

AI Beyond Autocomplete: Using LLMs To Create 1000 Kubernetes Controllers - Justin Santa Barbara & Walter Fender, Google

Friday April 4, 2025 15:15 - 15:45 BST

Level 0 | ICC Capital Hall | Room 1

LLMs can generate React apps, poems, and even music. But can they rise to the ultimate challenge: writing reliable Kubernetes controllers? The Config Connector team say "yes!" We are successfully using AI to write production controllers for a thousand google cloud resources.

Our path was to first break the problem into LLM-friendly steps (such as generating KRM types, the mocks and the reconciler). For each step, we invoke custom fine-tuned LLMs in a novel way with custom “jigs”. We add testing to create an “interlock” that mitigates hallucinations.

This journey changed our whole codebase philosophy: from optimizing for lines of code, we now prioritize the ability to safely and easily author and merge focused changes (at the expense of having lots of code). Although AI motivated this trade-off, it also aids development as OSS.

We believe our approach is generally applicable; join us to learn lessons that will apply as your project embraces the AI-assisted future.

Speakers

Justin Santa Barbara

Software Engineer, Google

Justin has been contributing to kubernetes since 2014, initially as the primary maintainer of the kubernetes AWS support, he also started the kOps project. He loves helping users adopt and grow their use of kubernetes, and believes that we have only scratched the surface of the kubernetes... Read More →

Walter Fender

Staff Engineer, Google

Graduated from U.C. Berkeley. Working at Google and on Kubernetes API Machinery and Cloud Provider for eight years. Maintainer for the APIServer Network Proxy and Config Connector projects.

Friday April 4, 2025 15:15 - 15:45 BST
Level 0 | ICC Capital Hall | Room 1

Application Development

Content Experience Level Advanced

15:15 BST

Authz as a Dev Workflow: Architecting Better Cloud Native Apps - Dan "phrawzty" Maher, Cerbos

Friday April 4, 2025 15:15 - 15:45 BST

Level 1 | Hall Entrance S10 | Room C

Every request in a cloud-native application needs authorization, but let's be honest: most developers see it as a pain-point rather than an advantage. This talk explores why authorization belongs in your application's critical path, and how making it a core part of the development process improves developer experience.
We'll look at how CNCF authorization projects and open standards from the OpenID Foundation are rethinking authorization from the ground up. Through real-world examples, we'll show how modern authorization patterns fit into existing workflows, help catch access control bugs early, and make developers' lives easier.
Attendees will leave with practical patterns for building maintainable access control logic, strategies for testing authorization rules effectively, and proven approaches for embedding security into your development workflow from the start. Whether you're building new systems or improving existing ones, you'll learn how to make authorization work for you.

Speakers

Dan Maher

Open Source Engineer, Cerbos

Dan has worked in a variety of environments from start-ups to global corporations, including stints as a founder, university lecturer, and a day labourer. Today, Dan is a global core member of the DevOpsDays conference series, Senior DevRel Manager at Cerbos, and full time open source... Read More →

Friday April 4, 2025 15:15 - 15:45 BST
Level 1 | Hall Entrance S10 | Room C

Application Development

Content Experience Level Any

15:15 BST

Wait! Can Your Pod Survive a Restart? - Aya Ozawa, CloudNatix Inc.

Friday April 4, 2025 15:15 - 15:45 BST

Level 1 | Hall Entrance N10 | Room E

Restartability is key for cloud-native applications to leverage Kubernetes' core capabilities, including self-healing, automated rollouts, autoscaling, and maintenance eviction. However, achieving robust restartability requires careful application design and precise Kubernetes manifest configurations.

In this session, we will dive into Pod restartability with two practical demonstrations: "HTTP Server" and "Operator with Leader Election". Key topics include:
- The Pod lifecycle focuses on request handling during startup and termination.
- How health probes (readiness, liveness, and startup) change Pod behavior.
- Signal handling and a graceful shutdown implementation.
- Best practices for Pod Disruption Budgets (PDBs) and their common pitfalls

By the end, you’ll gain actionable insights to make your cloud-native applications more resilient, fully aligned with Kubernetes’ self-healing capabilities, and ready for seamless restarts with minimal downtime.

Speakers

Aya Ozawa

Member of Technical Staff, CloudNatix Inc.

Aya Ozawa is a member of technical staff at CloudNatix. She has been working on platform development based on Kubernetes since 2016. Aya is passionate about open-source technologies, focusing on cloud-native projects. She is also a co-organizer of the Kubernetes Meetup Tokyo, which... Read More →

Friday April 4, 2025 15:15 - 15:45 BST
Level 1 | Hall Entrance N10 | Room E

Application Development

Content Experience Level Any

15:15 BST

Using eBPF for Non-invasive, Performant, Instant Network Monitoring - Mario Macías & Marc Tudurí, Grafana

Friday April 4, 2025 15:15 - 15:45 BST

Level 0 | ICC Auditorium

Traditionally, monitoring your network connections required from devices being able to export the flows data. With the rise of software-defined networks, the responsibility of providing observability capabilities relied on the SDN providers or on software-based packet analyzers that often have a noticeable impact on the cluster’s performance.

eBPF is presented as an efficient, non-invasive mechanism to observe different layers of clusters’ network, from L3 to L7, and automatically extract relevant information without having to redeploy neither the network infrastructure nor applications.

Our talk explains the Grafana journey to provide plug and play network and services observability: how we connect to different layers of your services infrastructure to provide from how network packets flow through your system to the details of the L7 service/client requests and responses, and how the low-level network information is matched with Kubernetes metadata for improved user data navigation.

Speakers

Mario Macías

Staff Software Engineer, Grafana

Marc Tudurí

Senior Software Engineer, Grafana

Marc Tuduri is Prometheus contributor, OpenTelemetry member and Software Engineer at Grafana.

Friday April 4, 2025 15:15 - 15:45 BST
Level 0 | ICC Auditorium

Connectivity

Content Experience Level Any

15:15 BST

Stateful Connections in Kubernetes: The Scaling Secrets Nobody Talks About - André Mocke & Rodrigo Fior Kuntzer, Miro

Friday April 4, 2025 15:15 - 15:45 BST

Level 1 | Hall Entrance N10 | Room H

Dive into how Miro scales real-time collaboration with long-living TCP connections at its core. Learn how we built and deployed a custom a WebSocket manager in Kubernetes, leveraging connection rebalancing, draining, and graceful shutdown techniques, while maintaining enterprise level compliance. Discover the k8s operators that made it possible, the design decisions we nailed (and the ones we regretted), and how we tackled unforeseen challenges. This is your backstage pass to engineering the intelligent canvas!

Speakers

Rodrigo Fior Kuntzer

Staff Site Reliability Engineer, Miro

A Software Engineer and Cloud Native Specialist with 20 years of experience, currently serving as Staff Site Reliability Engineer at Miro. Specializing in building high-performance platforms and ensuring system reliability, I leverage extensive experience with Docker, Kubernetes... Read More →

André Mocke

Software Engineer, Miro

I'm a Full-stack engineer with north of a decade of experience in a variety of industries, from agriculture to finance, now, multiplayer online games where we get sued if we lose data (Miro). More recently I've taken the opportunity to dive deeper into developing platforms for Infrastructure... Read More →

Friday April 4, 2025 15:15 - 15:45 BST
Level 1 | Hall Entrance N10 | Room H

Platform Engineering

Content Experience Level Intermediate

15:15 BST

Taming the Beast: Advanced Resource Management With Kubernetes - Lucy Sweet, Uber & Dawn Chen, Google

Friday April 4, 2025 15:15 - 15:45 BST

Level 1 | Hall Entrance N10 | Room F

Are you struggling to optimize resource utilization for demanding workloads like databases?

Kubernetes 1.30 to 1.32 introduced a list of powerful new features to help you tame resource-hungry applications and achieve peak cluster efficiency. In this session, Dawn Chen (Software Engineer at Google & Tech Lead SIG Node) and Lucy Sweet (Software Engineer at Uber) will guide you through the latest advancements in pod resource management, including in-place pod resizing, pod-level resource limits, and node swap memory.

Learn how to leverage these features to reduce infrastructure costs, improve application performance, and prevent resource contention in your clusters. Discover best practices for resource allocation, QoS configuration, and troubleshooting, and get a glimpse into the future of pod resource management in Kubernetes.

Speakers

Dawn Chen

Principal Software Engineer, Google

Lucy Sweet

Senior Software Engineer, Uber

Lucy is a Senior Software Engineer at Uber Denmark who works on platform infrastructure

Friday April 4, 2025 15:15 - 15:45 BST
Level 1 | Hall Entrance N10 | Room F

Platform Engineering

Content Experience Level Intermediate

15:15 BST

EVAPorating Kubernetes Security Risk: Adopting Validating Admission Policy at Scale - Kaitlyn Lee & Jordan Conard, Datadog

Friday April 4, 2025 15:15 - 15:45 BST

Level 1 | Hall Entrance S10 | Room D

Is the cost and operational toil of security policy enforcement raining on your parade? Learn how Datadog is simplifying its internal security policies across its dozens of clusters using Validating Admission Policy. We’ll cover our motivations for adopting VAP, detailing its features and contrasts with webhook-based admission controllers, like OPA Gatekeeper.

We will dive into the design of our policy that restricts the use of additional capabilities on containers, sharing tips on Common Expression Language, the use of multiple types of VAP parameters, and how we provide helpful validation error messages to our engineers. Lastly, we will outline our migration from OPA and how we ensure the health and reliability of our API servers by monitoring metrics and validation cost budgets.

Discover VAP’s features, scalable policy design, and our migration insights to help enhance your security posture, streamline policy enforcement, and safeguard your environments against abuse and bypass.

Speakers

Kaitlyn Lee

Software Engineer, Datadog

Kaitlyn Lee is a software engineer at Datadog. She works in the Compute team which is responsible for running the company’s Kubernetes platform. She focuses on workload autoscaling and node lifecycle automation.

Jordan Conard

Security Engineer, Datadog

Jordan joined DataDog in 2022 as a Security Engineer and is currently focused on securing its Kubernetes infrastructure through admission policies and secure-by-default initiatives. Jordan’s decade of industry experience runs the gamut from managing hybrid cloud environments to... Read More →

Friday April 4, 2025 15:15 - 15:45 BST
Level 1 | Hall Entrance S10 | Room D

Security

Content Experience Level Intermediate

15:15 BST

From Chaos To Control: Migrating Access Control To OpenFGA in a Multi-Tenant World - Jo Guerreiro, Grafana Labs & Poovamraj Thanganadar Thiagarajan, Okta

Friday April 4, 2025 15:15 - 15:45 BST

Level 1 | Hall Entrance N10 | Room G

Designing access control that works seamlessly for individuals and scales to millions of resources is a complex challenge.
From lackluster search performance to feature inconsistency and multi-tenant schema discrepancies, there’s no shortage of issues to face.
Join the Grafana Access squad’s journey through the ups and downs of how we’re tackling these issues using OpenFGA, a CNCF sandbox project, by porting our existing access control schema and rethinking our resource search strategy.
If you’ve ever wondered what it takes as a platform engineer to support access control on a multi-tenant system with millions of resources, this is your opportunity to learn how to orchestrate a migration from your current access control system and hear about the peculiar challenges of developing security critical systems.

Speakers

Jo Guerreiro

Engineering Manager, Grafana Labs

Jo Guerreiro is a Staff Engineer turned Engineering Manager at Grafana Labs. As part of the Identity and Access team at Grafana, Jo’s focus has been on developing Grafana’s access control system and making it accessible to both users wanting to configure their access rules and... Read More →

Poovamraj Thanganadar Thiagarajan

Senior Software Engineer, Okta

Poovamraj Thanganadar Thiagarajan is a Senior Software Engineer at Okta. As part of the FGA team, he focuses on developing resilient infrastructure for FGA projects, including setting up and scaling systems for high-traffic environments. Poovamraj also plays a key role in data-driven... Read More →

Friday April 4, 2025 15:15 - 15:45 BST
Level 1 | Hall Entrance N10 | Room G

Security

Content Experience Level Intermediate

15:15 BST

Why Don’t We Have Both? Track Build- and Run-time Information for Security With Kubescape and GUAC - Jeff Mendoza, Kusari & Ben Hirschberg, ARMO

Friday April 4, 2025 15:15 - 15:45 BST

Level 1 | Hall Entrance S10 | Room B

The best way to secure your software is to know what’s in it. But do you use software bills of materials (SBOMs) at build time or do you scan what’s actually running? Build-time analysis lets you know what’s in your application before you deploy it. Run-time analysis tells you what’s actually in use right now. With GUAC’s Kubescape integration, you can have both.

GUAC, an OpenSSF incubating project, creates a graph database of your supply chain information from many sources and supports querying to derive insights. It now supports collecting cluster scan data from Kubescape, a CNCF sandbox project that provides comprehensive security coverage. Used together, they provide a powerful tool for consuming, storing, managing, and analyzing software supply chain information that reflects what software is used, not just what is compiled into the environment.

Speakers

Ben Hirschberg

Co-founder and CTO, ARMO

Jeff Mendoza

Software Engineer, Kusari

Jeff is a maintainer of GUAC, an OpenSSF incubating project. Also in the OpenSSF: Jeff is a maintainer of Allstar, on the Scorecard steering committee, and a Co-Chair of the Securing Critical Projects WG. As a software engineer at Kusari, he is focused on Open Source, Cloud Native... Read More →

Friday April 4, 2025 15:15 - 15:45 BST
Level 1 | Hall Entrance S10 | Room B

Security

Content Experience Level Intermediate