Loading…
In-person
1-4 April 2025
Learn More and Register to Attend

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon Europe 2025 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in British Summer Time (BST) (UTC +1). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change and session seating is available on a first-come, first-served basis. 
or to bookmark your favorites and sync them to your phone or calendar.
Company: Beginner clear filter
Wednesday, April 2
 

11:15 BST

Scaling GPU Clusters Without Melting Down! - Alay Patel & Ryan Hallisey, NVIDIA
Wednesday April 2, 2025 11:15 - 11:45 BST
Level 1 | Hall Entrance S10 | Room A
As GPUs become more powerful, their capacity to handle concurrent workloads increases, presenting new scaling challenges for Kubernetes clusters. In this session, we will share insights and strategies from NVIDIA’s experience right-sizing a Kubernetes control plane, while scaling up to meet business demand.

We will demonstrate how we measure the control plane resource consumption and share techniques and configuration parameters used that improved control-plane performance and scalability, such as: changing golang tunables, the goaway-chance parameter in kube-apiserver and some scheduler configurations. We will also share an often overlooked factor - the volume of YAML per API call. Finally, we will share how we use simulation techniques like KWOK (Kubernetes WithOut Kubelet) to measure new Kubernetes features, like DRA (Dynamic Resource Allocation), for control-plane scalability and performance before we roll it out in production.
Speakers
avatar for Ryan Hallisey

Ryan Hallisey

Software Engineer, NVIDIA
Ryan is a software engineer at NVIDIA. He works on building data centers powered by Kubernetes and KubeVirt for NVIDIA products.
avatar for Alay Patel

Alay Patel

Senior Software Engineer, Nvidia
Alay is a Senior Software Engineer at Nvidia where he works on cloud gaming service, managing infrastructure for GPU workloads. He is passionate about open source with a focus on Kubernetes and platform engineering.
Wednesday April 2, 2025 11:15 - 11:45 BST
Level 1 | Hall Entrance S10 | Room A
  AI + ML

11:15 BST

A Comparative Analysis of Kueue, Volcano, and YuniKorn - Wei Huang, Apple & Shiming Zhang, DaoCloud
Wednesday April 2, 2025 11:15 - 11:45 BST
Level 1 | Hall Entrance N10 | Room G
Choosing the best solution for running batch workloads on Kubernetes can be frustrating. Kueue, Volcano, and Apache YuniKorn were designed to address similar challenges but differ in how they tackle them. Deciding which is most suitable for a specific use case is often confusing.

Batch workloads like big data, data engineering, HPC, AI, and machine learning share common requirements, especially around batch-scheduling. Managing resource sharing and isolation between tenants while balancing utilization and meeting SLAs presents a significant challenge on Kubernetes.

This session dives into three community-driven solutions: Kueue, Volcano, and Apache YuniKorn. We’ll explore their features, use-case suitability, and design trade-offs, providing a comprehensive comparison. Attendees will leave with the insights needed to answer a crucial question: which solution best addresses the batch-scheduling needs of my workloads?
Speakers
SZ

Shiming Zhang

Software Engineer, DaoCloud
Shiming Zhang is a contributor to Kubernetes with the main focus on scalability, performance, reliability and testing, he gained experience and contributed to many Kubernetes features and most of its components.
avatar for Wei Huang

Wei Huang

Staff Software Engineer, Apple
Wei Huang is a Software Engineer at Apple, focusing on Kube scheduling and control plane. He has served as a co-chair of Kubernetes SIG-Scheduling for years. He is also the founder of two Kubernetes sub-projects, scheduler-plugins, and kwok.
Wednesday April 2, 2025 11:15 - 11:45 BST
Level 1 | Hall Entrance N10 | Room G
  Cloud Native Experience

11:15 BST

"Izzy Saves the Birthday" - A Story-Driven Live Demo Exploring the Magic of Service Mesh - Lin Sun, solo.io & Faseela Kundattil, Ericsson Software Technology
Wednesday April 2, 2025 11:15 - 11:45 BST
Level 1 | Hall Entrance N10 | Room F
Ahoy, Kubernetes fans! Captain Kube is thrilled to host a grand cruise celebrating Kubernetes’ 10th birthday. But trouble looms on the horizon—three pirates have sneaked into the party, intent on disrupting the celebration and looting the precious birthday gifts.

Can Captain Kube and his friends uncover the pirates’ identities and safely evict them before the festivities are ruined? Join Phippy, Izzy, Owlina, Goldie, Tiago, Hazel, Zee, and the rest of the crew as they work together to protect the party. Will they get to enjoy cocktails and cake, or will the pirates spoil all the fun?

Istio maintainer and authors of the CNCF Phippy book-”Izzy saves the Birthday”, Faseela K and Lin Sun invite you to an engaging first look at their new book. This interactive session will also include live demos showcasing how CNCF projects like Kubernetes, Istio, Prometheus, SPIFFE, Envoy, and more come together to tackle challenges, ensuring a fun, safe, and seamless cruise experience.



Speakers
avatar for Faseela K

Faseela K

Experienced Cloud-native Developer, Ericsson Software Technology
Faseela is a cloud-native developer at Ericsson, and a maintainer and Steering Committee member at Istio. She has given talks and workshops at several conferences evangelizing CNCF projects, including the recent KubeCons. She is a CNCF Ambassador, LFX Mentor, and the winner of the... Read More →
avatar for Lin Sun

Lin Sun

CNCF TOC member and Head of Open-Source, solo.io
Lin is the Head of Open Source at Solo.io, and a CNCF TOC member and ambassador. She has worked on the Istio service mesh since the beginning of the project in 2017 and serves on the Istio Steering Committee and Technical Oversight Committee. Previously, she was a Senior Technical... Read More →
Wednesday April 2, 2025 11:15 - 11:45 BST
Level 1 | Hall Entrance N10 | Room F
  Cloud Native Novice

12:00 BST

Explain How Kubernetes Works With GPU Like I’m 5 - Carlos Santana, AWS
Wednesday April 2, 2025 12:00 - 12:30 BST
Level 1 | Hall Entrance N10 | Room F
Want to understand how Kubernetes handles GPUs? Join us for a beginner-friendly deep dive into GPU integration using a homelab setup with NVIDIA Jetson hardware. Rather than relying solely on operators, we'll break down the entire stack to reveal how Kubernetes orchestrates GPU workloads. This session walks through the complete journey of enabling GPU support in Kubernetes, from bare metal to running GPU-accelerated containers.

Using a practical homelab example with a Jetson NUC, we'll explore how Kubernetes detects and manages GPU hardware, the critical role of drivers and container toolkit, and how kubelet plugins enable GPU support. You'll understand the mechanics of node labeling, GPU resource allocation, and the process of requesting GPU resources in Pod specifications. We'll also demystify CUDA and its essential role in GPU computing. Whether you're new to GPU computing or looking to understand the internals beyond operator abstractions, this talk is for you.
Speakers
avatar for Carlos Santana

Carlos Santana

Sr. Specialist Solutions Architect, AWS
Senior Specialist Solutions Architect at AWS leading Container solutions in the Worldwide Application Modernization (AppMod). He is experienced in distributed cloud application architecture, emerging technologies, open source, serverless, devops. kubernetes, gitops. He is CNCF Ambassador... Read More →
Wednesday April 2, 2025 12:00 - 12:30 BST
Level 1 | Hall Entrance N10 | Room F
  Cloud Native Novice

13:30 BST

🪧 Poster Session: Effortlessly Build High-Performance AI/ML Pipelines With Accelerator Chaining and K8s Native Tech - Kazuki Yamamoto, NTT & Derek Wang, Intuit
Wednesday April 2, 2025 13:30 - 14:30 BST
Level 1 | Hall Entrances S8 - S9, N8 - N9
Join us for an enlightening presentation on effortlessly building advanced, high-performance processing infrastructure for AI/ML workloads with low power consumption.

In streaming processing, accelerators are assigned only for specific tasks in the workload. By assigning each task to the appropriate accelerator and "chaining" them, we obtain high-performance infrastructure with low power consumption at the service level.

Native Kubernetes is a popular choice for deploying AI/ML workloads. However, more is needed to create a new processing form, described above, "Accelerator Chaining Pipelines."

This presentation will demonstrate how we leverage Numaflow and "Dynamic Resource Allocation"(DRA) to overcome challenges, and effortlessly build an "Accelerator Chaining Pipeline" in NTT. You will see a glimpse of future innovations, including direct data transfer and CNI extensions for high-speed communication between accelerators.
Speakers
avatar for Derek Wang

Derek Wang

Principal Software Engineer, Intuit
Derek Wang is a Principal Software Engineer working for Intuit, his main focus is on the architecture of event-driven systems, as well as streaming data processing platforms. He is the project lead of a couple of open source projects: CNCF graduated project Argo Events, and Numaflow... Read More →
avatar for Kazuki Yamamoto

Kazuki Yamamoto

Software Research Engineer, NIPPON TELEGRAPH AND TELEPHONE CORPORATION(NTT)
Yamamoto Kazuki is a research engineer at NTT Software Innovation Center, engaging in distributed systems and virtualization. He has researched computing technology, optimizing compiler, and worked on CI/CD tasks. Currently, he focuses on disaggregated computing Infrastructure and... Read More →
Wednesday April 2, 2025 13:30 - 14:30 BST
Level 1 | Hall Entrances S8 - S9, N8 - N9
  🪧 Poster Sessions, AI + ML

14:30 BST

Building WebAssembly Like It's 2011 - David Justice, Microsoft
Wednesday April 2, 2025 14:30 - 15:00 BST
Level 1 | Hall Entrance N10 | Room H
Building WebAssembly (Wasm) components is a complex process which causes folks a lot of pain getting started with Wasm. In this talk we are going to take it back to 2011 when Buildpacks were introduced, discuss how Buildpacks smoothed over difficulties building software, and how we can apply Buildpacks to solve the same developer experience problems we were solving back then. The old is new again, and by the end, you too will be building your Wasm components across languages with ease using Buildpacks.
Speakers
avatar for David Justice

David Justice

Principal Engineer Lead, Microsoft
David Justice is a Principal Software Engineer Lead in Microsoft's Azure Container Upstream team. He leads teams focused on high performance Kubernetes cloud infrastructure, micro-virtual machines, and server-side WebAssembly. David is also a co-chair of the TAG-Runtime Wasm working... Read More →
Wednesday April 2, 2025 14:30 - 15:00 BST
Level 1 | Hall Entrance N10 | Room H
  Application Development

15:15 BST

gRPC: 5 Years Later, Is It Still Worth It? - Konstantin Ostrovsky, Torq.io
Wednesday April 2, 2025 15:15 - 15:45 BST
Level 1 | Hall Entrance N10 | Room H
Ever found yourself at a crossroads, deciding on a communication protocol for your backend applications? It's a pivotal choice that can shape your project's future. Five years ago, I took the plunge and went all-in on gRPC, embracing it for both backend-to-backend and frontend-to-backend communication.

Join me as I unravel the twists and turns of my gRPC adventure. I'll shine a light on the hurdles we faced and the victories we celebrated. But more importantly, I'll reveal why, looking back, I'm convinced we made the right call.

Whether you're a gRPC veteran or just protocol-curious, this talk will equip you with insights to make informed decisions for your own projects. Let's decode the gRPC experience together!
Speakers
avatar for Konstantin Ostrovsky

Konstantin Ostrovsky

Software Architect, Torq.io
I'm a long time software engineer. Currently work at Torq.io as Chief Architect. I started my journey as a Windows Internals engineer (C,C++) in the field of cyber security. For the past 10 years I've been working at multiple early stage SaaS startup companies in different roles... Read More →
Wednesday April 2, 2025 15:15 - 15:45 BST
Level 1 | Hall Entrance N10 | Room H
  Application Development

15:15 BST

Yes You Can Run LLMs on Kubernetes - Abdel Sghiouar & Mofi Rahman, Google Cloud
Wednesday April 2, 2025 15:15 - 15:45 BST
Level 1 | Hall Entrance N10 | Room F
As LLMs become increasingly powerful and ubiquitous, the need to deploy and scale these models in production environments grows. However, the complexity of LLMs can make them challenging to run reliably and efficiently. In this talk, we'll explore how Kubernetes can be leveraged to run LLMs at scale.

We'll cover the key considerations and best practices for packaging LLM inference services as containerized applications using popular OSS inference servers like TGI, vLLM and Ollama, and deploying them on Kubernetes. This includes managing model weights, handling dynamic batching and scaling, implementing advanced traffic routing, and ensuring high availability and fault tolerance.

Additionally, we'll discuss accelerators management and serving models on multiple hosts. By the end of this talk, attendees will have a comprehensive understanding of how to successfully run their LLMs on Kubernetes, unlocking the benefits of scalability, resilience, and DevOps-friendly deployments.
Speakers
avatar for Abdel Sghiouar

Abdel Sghiouar

Cloud Developer Advocate, Google Cloud
Abdel Sghiouar is a senior Cloud Developer Advocate @Google Cloud. A co-host of the Kubernetes Podcast by Google and a CNCF Ambassador. His focused areas are GKE/Kubernetes, Service Mesh and Serverless.
avatar for Mofi Rahman

Mofi Rahman

Developer Relations Engineer, Google Cloud
Mofi Rahman (@moficodes) is a Developer Advocate at Google. His favorite programming language these days is Go. He is a strong believer of the power of open source and importance of giving back to the community. He is a self proclaimed sticker collecting addict and has collected several... Read More →
Wednesday April 2, 2025 15:15 - 15:45 BST
Level 1 | Hall Entrance N10 | Room F
  Cloud Native Novice

16:15 BST

K8s in Wonderland: Why Many of Unknown Code in My Workload? - Hoon Jo, Megazone
Wednesday April 2, 2025 16:15 - 16:45 BST
Level 1 | Hall Entrance N10 | Room F
When you look at the YAML after you've deployed in kubernetes, surprisingly (from a novice perspective), there's a bunch of unknown code in addition.
In fact, it is essential to work properly, and moreover, it almost matches in best practice way to work for highly compatible purpose.
For example, the service has a key value called "sessionAffinity". This value is set to "None" by default.
We could replace it with a value called "ClientIP" instead of None, but this needs to be carefully considered to avoid side effects.
So in this session it is important to understand the implications of having such a default value in there, and being able to do so will help us when we study each of these objects in more detail in the future.
I'm sure you'll find it useful and thought provoking! :)
Speakers
avatar for Hoon Jo

Hoon Jo

Cloud Solutions Architect | Cloud Native Engineer, Megazone
Hoon Jo is Cloud Solutions Architect as well as Cloud Native engineer at Megazone. He has many times of speaker experience for cloud native technologies. And spread out Cloud Native Ubiquitous in the world. He has written several books and latest books is 『CONTAINER INFRASTRUCTURE... Read More →
Wednesday April 2, 2025 16:15 - 16:45 BST
Level 1 | Hall Entrance N10 | Room F
  Cloud Native Novice

16:15 BST

Taming the Traffic: Selecting the Perfect Gateway Implementation for You - Spencer Hance, Google; Arko Dasgupta, Tetrate; Christine Kim, Isovalent at Cisco; Kate Osborn, NGINX/F5; Mike Morris, Microsoft
Wednesday April 2, 2025 16:15 - 16:45 BST
Level 0 | ICC Capital Hall | Room 1
The Kubernetes Gateway API has emerged as the next-generation standard for managing ingress traffic, promising greater flexibility and expressiveness than traditional Ingress resources. But with a growing ecosystem of almost 30 implementations, choosing the right one for your specific needs can feel overwhelming. This panel discussion brings together 5 experts at the forefront of Gateway API development to help you navigate this evolving landscape. Each panelist is actively involved in implementing the Gateway API and contributing to the OSS project itself. Together, the panelists represent all the different categories of implementations you might be considering - including service mesh.

This session will provide a comprehensive overview of the key considerations when selecting a Gateway API implementation. We will discuss things like API conformance, scalability, performance, integrations, installation, management, and much more!
Speakers
avatar for Kate Osborn

Kate Osborn

Senior Software Engineer, NGINX/F5
Maintainer of NGINX Gateway Fabric. Kubernetes fanatic since 2018.
avatar for Spencer Hance

Spencer Hance

Software Engineer, Google
Spencer Hance is a Software Engineer focused on Kubernetes Networking at Google. He is currently a tech lead for Gateway API on GKE (Google Kubernetes Engine) and was previously a tech lead for Ingress API on GKE. Spencer has been at Google since 2019 and is based in San Francisc... Read More →
avatar for Arko Dasgupta

Arko Dasgupta

Software Engineer, Tetrate
Software Engineer at Tetrate spending most of his time building & debugging networking features with Envoy Gateway, Envoy Proxy and Gateway API.
avatar for Mike Morris

Mike Morris

Senior Product Manager, Microsoft
Mike is a product manager at Microsoft working on upstream open source projects with a focus on Istio service mesh, and a Gateway API for service mesh co-lead. He is interested in building healthy, sustainable communities and scalable distributed systems, and working collaboratively... Read More →
avatar for Christine Kim

Christine Kim

OSS Dev Experience, Isovalent at Cisco
Christine Kim focuses on developer experience at Isovalent, where she dabbles in the world of Kubernetes and Service Meshes.
Wednesday April 2, 2025 16:15 - 16:45 BST
Level 0 | ICC Capital Hall | Room 1
  Connectivity

16:15 BST

The GPUs on the Bus Go ‘Round and ‘Round - Natalie Bandel & Ryan Hallisey, NVIDIA
Wednesday April 2, 2025 16:15 - 16:45 BST
Level 1 | Hall Entrance S10 | Room B
Come take a behind-the-scenes look at NVIDIA’s large-scale GPU deployment. NVIDIA’s GPU Cloud has taken on the challenges of day-2 maintenance for 60,000+ GPUs in production, uncovering hard truths and surprising revelations along the way. From problems we didn’t even know existed, to pushing the limits of device uptime. We’ve spent years experimenting, fine-tuning, and learning what works—and what doesn’t.

As Kubernetes is increasing support for allocating accelerators with DRA, day-2 device management is becoming more important. We’ll speak about:
- Techniques we use to uncover device failures
- How we keep devices healthy
- How we remediate failures with operational transparency and without impacting running workloads.
Speakers
avatar for Ryan Hallisey

Ryan Hallisey

Software Engineer, NVIDIA
Ryan is a software engineer at NVIDIA. He works on building data centers powered by Kubernetes and KubeVirt for NVIDIA products.
avatar for Natalie Bandel

Natalie Bandel

Senior Software Engineer, Cloud Computing, NVIDIA
Natalie is a Senior Software Engineer at NVIDIA. She works on building software for cloud infrastructure powered by Kubernetes, KubeVirt and strong coffee.
Wednesday April 2, 2025 16:15 - 16:45 BST
Level 1 | Hall Entrance S10 | Room B
  Platform Engineering

17:00 BST

The Explorer's Guide To Cloud Native GenAI Platform Engineering - Max Körbächer, Liquid Reply & Alexa Griffith, Bloomberg
Wednesday April 2, 2025 17:00 - 17:30 BST
Level 1 | Hall Entrance S10 | Room B
The rapid evolution of generative AI has introduced a complex ecosystem of tools, but many conversations focus narrowly on isolated features and solutions. This can leave engineers wondering: What does a complete, functional GenAI platform actually look like?

This talk provides a practical roadmap for building generative AI infrastructure from the ground up. We’ll guide you through three key phases starting with a Thinnest Viable Platform (TVP), demonstrating the minimal setup needed for LLM inference on Kubernetes. Moving to MVP, we'll explore essential platform components: LLM gateways, vector databases, and KServe deployments. Finally, we'll dive into advanced platform features: intelligent load balancing for LLMs, observability patterns, and performance optimization techniques.

This session is more than a showcase of tools — it’s a roadmap for navigating the AI platform landscape. Join us for practical insights and lessons learned from real-world GenAI platform engineering.
Speakers
avatar for Alexa Nicole Griffith

Alexa Nicole Griffith

Senior Software Engineer, Bloomberg LP
Alexa Griffith is a Senior Software Engineer on Bloomberg’s Cloud Native Compute Services organization. She works on building an inference platform for ML workflows and the open source project KServe. She enjoys solving engineering challenges at scale and writing code in Go. She... Read More →
avatar for Max Körbächer

Max Körbächer

Technology Advisor & Managing Director, Liquid Reply
Max is Founder and Cloud Native Advisor at Liquid Reply based in Munich. His focus is on building cloud-native solutions on/with Kubernetes and platform engineering to simplify the current challenges of complex target environments. He is Co-Chair of the CNCF Environmental Sustainability... Read More →
Wednesday April 2, 2025 17:00 - 17:30 BST
Level 1 | Hall Entrance S10 | Room B
  Platform Engineering

17:45 BST

Logs, Metrics, Traces and Mayhem: An Interactive Observability Adventure Game - Jay Clifford & Tom Glenn, Grafana Labs
Wednesday April 2, 2025 17:45 - 18:15 BST
Level 1 | Hall Entrance N10 | Room F
Have you ever wanted to play an actual game on your observability stack? Well, you can. Not only does Doom run on Grafana, we also built an actual text-based adventure game.

Join us to play a real text-based Observability adventure game! Armed with the tools of the trade—metrics, logs, and traces—you’ll learn to navigate the labyrinth of debugging and optimization, rescuing your application from the clutches of the dark wizard!

In this interactive session, we will dive into a game played live to showcase how each telemetry type is used to solve real-world Observability challenges. As players encounter obstacles, they’ll wield the power of OpenTelemetry to gather critical data and use OSS tools like Grafana, Loki, Tempo, and Prometheus to make informed decisions.

Whether you’re an observability novice or a seasoned engineer, this talk will level up your debugging skills and showcase how to gamify observability training for your team. So, gear up, adventurer—your quest awaits!

Speakers
avatar for Jay Clifford

Jay Clifford

Senior Developer Advocate, Grafana Labs
Jay Clifford is a Developer Advocate at Grafana Labs, specializing in Loki. Jay leads the Interactive Sandbox Initiative, designed to enhance Grafana's documentation and provide hands-on learning experiences within the observability space. Previously, Jay worked as a Developer Advocate... Read More →
avatar for Tom Glenn

Tom Glenn

Senior Developer Advocate, Grafana Labs
Tom is a software engineer, developer advocate, and game developer with 17 years of experience. He specializes in full-stack software development, backend game systems, and game development in Unity, Unreal Engine, and Godot. At Grafana Labs, Tom improves the developer experience... Read More →
Wednesday April 2, 2025 17:45 - 18:15 BST
Level 1 | Hall Entrance N10 | Room F
  Cloud Native Novice
 
Thursday, April 3
 

11:00 BST

A Practical Guide To Benchmarking AI and GPU Workloads in Kubernetes - Yuan Chen, NVIDIA & Chen Wang, IBM Research
Thursday April 3, 2025 11:00 - 11:30 BST
Level 1 | Hall Entrance S10 | Room B
Effective benchmarking is required to optimize GPU resource efficiency and enhance performance for AI workloads. This talk provides a practical guide on setting up, configuring, and running various GPU and AI workload benchmarks in Kubernetes.

The talk covers benchmarks for a range of use cases, including model serving, model training and GPU stress testing, using tools like NVIDIA Triton Inference Server, fmperf: an open-source tool for benchmarking LLM serving performance, MLPerf: an open benchmark suite to compare the performance of machine learning systems, GPUStressTest, gpu-burn, and cuda benchmark. The talk will also introduce GPU monitoring and load generation tools.

Through step-by-step demonstrations, attendees will gain practical experience using benchmark tools. They will learn how to effectively run benchmarks on GPUs in Kubernetes and leverage existing tools to fine-tune and optimize GPU resource and workload management for improved performance and resource efficiency.
Speakers
avatar for Chen Wang

Chen Wang

Senior Research Scientist, IBM Research
Chen Wang is a Senior Research Scientist at the IBM T.J. Watson Research Center. Her interests lie in Kubernetes, Container Cloud Resource Management, Cloud Native AI & LLM systems, and applying AI in Cloud system management. She is an open-source advocate, a Kubernetes & CNCF contributor... Read More →
avatar for Yuan Chen

Yuan Chen

Principal Software Enginner, NVIDIA
Yuan Chen is a Principal Software Engineer at Nvidia. Before joining Nvidia, Yuan served as a Staff Software engineer at Apple, where he contributed to the development of Apple's Kubernetes infrastructure beginning in 2019. Yuan has actively contributed to the Kubernetes projects... Read More →
Thursday April 3, 2025 11:00 - 11:30 BST
Level 1 | Hall Entrance S10 | Room B
  AI + ML

11:00 BST

Tutorial: Mind Your Pod's Business: Network Isolation Workshop - Surya Seetharaman & Miguel Duarte Barroso, Red Hat; Keith Burdis, Goldman Sachs
Thursday April 3, 2025 11:00 - 12:15 BST
Level 1 | Hall Entrance N11
Your cluster's network may be secure enough for your boss, but is it secure enough for the EU? Learn how you can use network segmentation to meet regulatory requirements.

By default, Kubernetes allows unrestricted communication between all pods in a cluster, which does not meet the security standards required by the European Union’s NIS2 Directive. NetworkPolicies can restrict traffic, but they are complex and leave gaps for Layer 2 (eg. Ethernet) use cases, such as virtualization networking and telecom services on Kubernetes.

In this interactive tutorial you will gain hands-on experience on how to achieve native isolation for your workloads (pods and VMs) in Kubernetes using CNCF projects CNI, KubeVirt, and OVN-Kubernetes - no prior experience needed! Through step-by-step guidance, you will learn to configure these plugins on your KIND clusters, create isolated networks and attach workloads to these different networks that meet high security standards.
Speakers
avatar for Miguel Duarte Barroso

Miguel Duarte Barroso

Principal Software Engineer, Red Hat
Miguel is a Principal Software Engineer for Openshift Virtualization at Red Hat.His main interests are SDN / NFV, functional programming, containers, and virtualization.Miguel is a member of the Network Plumbing Working Group, a maintainer of several CNI plugins (whereabouts, macvtap... Read More →
avatar for Keith Burdis

Keith Burdis

Kubernetes Engineer, Goldman Sachs
Tech lead for Kubernetes engineering running large multi-tenant clusters and virtual machines.
avatar for Surya Seetharaman

Surya Seetharaman

Principal Software Engineer, Red Hat, Inc
Surya is an Open Source advocate and contributor, active in the Kubernetes SIG-Network working group. She is working as a Principal Software Engineer at Red Hat in the OpenShift Networking team. Her areas of interest include Cloud Infrastructure and Networked Services and Systems... Read More →
Thursday April 3, 2025 11:00 - 12:15 BST
Level 1 | Hall Entrance N11
  Tutorials, Connectivity

11:45 BST

Platform Engineering Loves Security: Shift Down To Your Platform, Not Left To Your Developers! - Maxime Coquerel, Royal Bank of Canada - RBC & Mathieu Benoit, Humanitec
Thursday April 3, 2025 11:45 - 12:15 BST
Level 1 | Hall Entrance N10 | Room F
In the evolving cloud native landscape of software development, the paradigm of "shifting left" has championed embedding security, and its complexity into the development lifecycle (SDLC). A well-designed platform security threat model underpins this strategy. By mapping out potential attack surfaces such as API vulnerabilities, misconfigured RBAC, unscanned container images, and lack of runtime anomaly detection.
Platform Engineering promotes a "shift down" approach, embedding a robust security posture directly into the platform. By integrating governance and scalable security controls into the infrastructure, platform teams enable developers to focus on delivering code and business value without being burdened by security complexities or productivity blockers.
With this talk, attendees will walk away with real life examples based on successful implementations for regulated entities like financial companies, including actionable best practices for security controls and threat models.
Speakers
avatar for Mathieu Benoit

Mathieu Benoit

Cloud Native Ambassador & Customer Success Engineer, Humanitec
I’m passionate about Cloud Native Computing technologies driven by Open Source, Cloud, Security, SRE, Containers, DevOps, Platform Engineering and Kubernetes. Based on my past experiences as software engineer, IT consultant, solution architect and customer success engineer, I now... Read More →
avatar for Maxime Coquerel

Maxime Coquerel

Principal Cloud Security Architect, Royal Bank of Canada - RBC
In my current role at RBC - Royal Bank of Canada, I lead the Kubernetes Security program, overseeing security architecture, cloud threat research, threat modeling, and risk assessment of cloud designs and patterns. Additionally, I collaborate closely with our strategic partners, cultivating... Read More →
Thursday April 3, 2025 11:45 - 12:15 BST
Level 1 | Hall Entrance N10 | Room F
  Platform Engineering

15:00 BST

A Huge Cluster or Multi-Clusters? Identifying the Bottleneck - Paco Xu, DaoCloud & Saiyam Pathak, Loft Labs
Thursday April 3, 2025 15:00 - 15:30 BST
Level 1 | Hall Entrance S10 | Room A
The increasing complexity of Kubernetes deployments has sparked a debate between scaling single clusters to enormous sizes and managing multiple clusters. At KubeCon NA24, the CNCF Tech Landscape Radar unveiled insights into multicluster application management, while Google showcased a 65000-node cluster powered by Spanner, bypassing etcd's limitations. Similarly, ByteDance has achieved multi-tenancy at scale with Kubebrain.

This talk examines the challenges of large clusters (5,000+ nodes and beyond) and the trade-offs of multicluster solutions. Key topics include API server options, etcd tuning and alternatives (e.g., Kubebrain, kine), and operational concerns such as multi-tenancy models (vCluster, kubezoo, HNC), and operator version control. In parallel, multicluster management solutions like Karmada, Clusternet, and networking challenges with tools like Submariner are explored.

Attendees will gain actionable insights into selecting the most appropriate strategy for their needs.
Speakers
avatar for Saiyam Pathak

Saiyam Pathak

Principal Developer Advocate, Loft Labs
Saiyam is working as Principal Developer Advocate at Loft Labs. He is the founder of Kubesimplify, focusing on simplifying cloud-native and Kubernetes technologies. Previously at Civo, Walmart Labs, Oracle, and HP, Saiyam has worked on many facets of Kubernetes, including machine... Read More →
avatar for Paco Xu

Paco Xu

OpenSource Team Leader, DaoCloud
Paco is a member of Kubernetes Steering Committee and the lead of the DaoCloud open-source team. In community, Paco mainly work as a Kubeadm Maintaine and SIG-Node Reviewer. He is co-chair of KubeCon China 2024 and organized Kubernetes Contributor Summit China 2023 and KCD Chengdu 2022, and speaked at KubeCon EU 2023, KubeCon China 2021 & 2023, KCD Shanghai. In 2024, he becomes LFAPAC Evangelist... Read More →
Thursday April 3, 2025 15:00 - 15:30 BST
Level 1 | Hall Entrance S10 | Room A
  Operations + Performance

15:00 BST

🤔🔧 "Can You Maintain 1000 Apps? WasmCloud & K8s: The Ultimate Golden Template - Liam Randall, Cosmonic
Thursday April 3, 2025 15:00 - 15:30 BST
Level 0 | ICC Capital Hall | Room 1
You can deploy 1,000 applications to Kubernetes, but can you maintain them? Kubernetes excels as an infrastructure abstraction, but today's app management demands better abstractions for applications and their capabilities. This talk introduces CNCF wasmCloud (incubating) as the ultimate golden template for platform engineering. With wasmCloud, you can manage common capabilities like blob stores, HTTP, messaging, and secrets centrally, enabling pluggable, reusable components that scale. wasmCloud simplifies migrations and secures operations across diverse computing environments—essential as data locality laws balkanize the world's compute. By shifting to pluggable capability abstractions, platform engineers can update thousands of apps at once while freeing development teams to focus on building their business logic. This demonstration heavy talk is based on real world adoption & deployments across the F100 in financial services, tech, and the startup ecosystem.
Speakers
avatar for Liam Randall

Liam Randall

Founder, CNCF wasmCloud, Cosmonic
Liam lives at the intersection of open source and enterprise and has contributed to dozens of major open-source platforms and standards. A serial entrepreneur he has built and scaled companies around Bro/Zeek, Kubernetes, OS Query, Cloud Custodian, and today WebAssembly.
Thursday April 3, 2025 15:00 - 15:30 BST
Level 0 | ICC Capital Hall | Room 1
  Platform Engineering

16:55 BST

⚡Lightning Talk: Observability Diet: Your 5-Step Plan To Trim the Data Fat - Pranay Prateek, SigNoz
Thursday April 3, 2025 16:55 - 17:00 BST
Level 0 | ICC Auditorium
Many organizations drown in terabytes of telemetry data but often use only 20% of it.

In this lightning talk, we'll sprint through battle-tested strategies in OpenTelemetry to trim your observability costs without compromising visibility. From intelligent sampling to SDK optimization, learn how to implement a lean observability practice that focuses on signal over noise.

Key Takeaways:
- Sampling : Tail based sampling, head based sampling for traces, probabilistic sampler processor for logs
- Using processors in the Otel collector with granular filtering/dropping of irrelevant attributes - to control volume going out of collector
- Reduce the volumes at the SDKs by controlling what attributes are sent - e.g.control what http.headers are sent
- Visibility on cardinality in time series (and suggestions on what attributes to drop)
- Use `Views` in SDKs to customise aggregation or which attributed are reported in metrics
- Using granular retention settings to reduce observability costs

Speakers
avatar for Pranay Prateek

Pranay Prateek

Maintainer, SigNoz
Pranay is one of the maintainers at SigNoz, an open source APM. He loves working on open source and observability, and has deep interest in philosophy esp. around Existentialism He is one of the organisers of OpenTelemetry APAC discussion group meetings & has been speaker in events... Read More →
Thursday April 3, 2025 16:55 - 17:00 BST
Level 0 | ICC Auditorium
  ⚡ Lightning Talks, Application Development

17:05 BST

⚡Lightning Talk: Rust Here, Rust There, Rust Everywhere! How a Crab Conquers the Cloud Native Landscape. - Sascha Grunert, Red Hat
Thursday April 3, 2025 17:05 - 17:10 BST
Level 0 | ICC Auditorium
The Rust ecosystem is growing slow and steady into the cloud native landscape. While some projects like youki completely set on the memory safe programming language, do others like CRI-O try to integrate it only partially into their projects. The overall goal of using Rust over anything else is to achieve a more performant, efficient and reliable software.

In this lightning talk, Sascha will outline the benefits and drawbacks of using Rust over the more commonly used Go language in the cloud native space. It will provide funky examples of how to switch between those languages, what are good and bad practices and how to deliver a Rust application to end users. The talk will provide an overview about which parts of the cloud native landscape are already Rusty and what we can expect in the upcoming years.

Join this lightning talk for a quick and compact cloud native comparison between Rust’s Ferris the crab and Go’s Gopher!
Speakers
avatar for Sascha Grunert

Sascha Grunert

Principal Software Engineer, Red Hat
Sascha is a Principle Software Engineer at Red Hat, where he works on many different container related open-source projects like Kubernetes. He joined the open-source community in November 2018. Sascha's passions include contributing to open source, as well as giving talks and evangelizing... Read More →
Thursday April 3, 2025 17:05 - 17:10 BST
Level 0 | ICC Auditorium
  ⚡ Lightning Talks, Cloud Native Experience

17:20 BST

⚡Lightning Talk: Solving Real-World Edge Challenges With K0s, NATS, and Raspberry Pi Clusters - Prashant Ramhit, Mirantis, Inc.
Thursday April 3, 2025 17:20 - 17:25 BST
Level 0 | ICC Auditorium
Monitoring sea algae proliferation and coral growth in real time may seem daunting, but with the right tools, it becomes an exciting edge computing project. Using k0s, the lightweight CNCF-certified Kubernetes distribution, and NATS, the connective technology for edge computing, this project solved the challenges of data collection and processing in a distributed Raspberry Pi cluster.

Leveraging k0s’s minimal resource footprint and automated scaling, paired with NATS’s efficient messaging capabilities, the project enabled real-time sensor data collection and transmission under resource-constrained conditions. Dynamically bootstrapped Raspberry Pi clusters processed data locally while integrating with a central control plane.

Learn about dynamically bootstrapping Raspberry Pi clusters with k0s, managing distributed edge clusters, deploying NATS for scalable messaging, and scaling workloads based on environmental changes. See how k0s and NATS efficiently tackle real-world challenges.
Speakers
avatar for Prashant Ramhit

Prashant Ramhit

Snr. DevOps & QA, Mirantis, Inc.
Prashant is a skilled technologist with over two decades of experience, starting as a Linux System Administrator in the late 1990s. Progressing into SRE, DevOps, and Platform Engineering, he developed expertise in cloud-native systems and Golang development. Having worked at the BBC... Read More →
Thursday April 3, 2025 17:20 - 17:25 BST
Level 0 | ICC Auditorium
  ⚡ Lightning Talks, Operations + Performance

17:25 BST

⚡Lightning Talk: There Is a New Volume Type in Town! - Mario Loriedo, Red Hat
Thursday April 3, 2025 17:25 - 17:30 BST
Level 0 | ICC Auditorium
Volumes of type “image” open new scenarios and ways to use containers. The primary use case is AI workloads, the main drive for KEP-4639, which introduced them. However, these new volumes can have a broader impact. They allow the composition of different OCI images to augment a workload’s capabilities. Think of it as a container sidecar, but without the container’s isolation and with volumes composability.

This lightning talk discusses the volumes of type “image” and their different use cases, from AI to workload troubleshooting.
Speakers
avatar for Mario Loriedo

Mario Loriedo

Senior Principal Software Engineer, Red Hat
Mario is a Senior Principal Software Engineer at Red Hat. He works on Podman and on container-based developer tools. He has been a CNCF Ambassador and the tech lead of the Eclipse Che project. He has co-created the Devfile (a CNCF Sandbox Project). He has been a speaker at conferences... Read More →
Thursday April 3, 2025 17:25 - 17:30 BST
Level 0 | ICC Auditorium
  ⚡ Lightning Talks, Cloud Native Experience

17:30 BST

Workload Identity for Humans: A Twelve-Factor Approach - Vish Abrams, Heroku
Thursday April 3, 2025 17:30 - 18:00 BST
Level 1 | Hall Entrance N10 | Room E
Workload identity in cloud-native systems has largely focused on platform tools. Kubernetes Service Accounts and SPIFFE/SPIRE provide powerful identity primitives, but their flexibility results in bespoke implementations of workload identity from the perspective of the application. This forces application developers to implement custom identity mechanisms for each platform. This talk introduces a more developer-friendly approach. We layer an application-focused workload identity on top of existing CNCF solutions, focusing on simplicity and usability. Drawing on the principles of Twelve-Factor Applications, we will explore how to integrate workload identity into cloud-native applications in a way that feels natural and productive for developers. Attendees will learn practical patterns for incorporating workload identity, gain a clearer understanding of workload identity concepts, and leave with actionable strategies to improve security without sacrificing developer experience.
Speakers
avatar for Vish Abrams

Vish Abrams

Chief Architect, Heroku
Vish Abrams is Chief Architect at Heroku, a subsidiary of Salesforce. Formerly he helped Oracle create their cloud, where he focused on virtualization, containerization, and machine learning. He was also NASA Nebula Technical Lead during the creation of Nova, one of the founding OpenStack... Read More →
Thursday April 3, 2025 17:30 - 18:00 BST
Level 1 | Hall Entrance N10 | Room E
  Application Development

17:30 BST

Weaving a VEX Feed Through the Kubernetes Project - Adolfo García Veytia, Stacklok
Thursday April 3, 2025 17:30 - 18:00 BST
Level 1 | Hall Entrance S10 | Room C
Vulnerability triaging is an expensive process, often plagued with false positives that cause organizations to waste thousands of dollars in engineering time handling and suppressing them to conform with compliance frameworks.

Here to the rescue comes VEX - the Vulnerability Exploitability eXchange - a new metadata format, designed as a companion to SBOMs that communicates the impact of a vulnerability on a piece of software.

False positives come in many forms: From vulnerabilities found in other platforms, non-exploitable code paths, to simple mitigations pre applied to artifacts. Using VEX, software authors can communicate downstream that software is safe to use despite security scanners going brrrr..

In this talk, we dive into VEX, explore the new Kubernetes VEX feed instrumented through collaboration from SIG Release, the Security Response Committee and SIG Security to understand the source of the data, how to use it and do some cool demos with real vulnerability scanners!
Speakers
avatar for Adolfo García Veytia

Adolfo García Veytia

Staff Software Engineer, Stacklok
Adolfo García Veytia (@puerco) is a software engineer with Stacklok. He is one of the Kubernetes SIG Release Technical Leads, actively working on the Release Engineering team to improve the software that drives Kubernetes release process. He is also the creator of the OpenVEX and... Read More →
Thursday April 3, 2025 17:30 - 18:00 BST
Level 1 | Hall Entrance S10 | Room C
  Security
 
Friday, April 4
 

11:00 BST

Empowering AI-Driven Drug Discovery: Overcoming Challenges in Building a ML Platform on Kubernetes - Marius Tanawa Tsamo & Gustav Rasmussen, Novo Nordisk
Friday April 4, 2025 11:00 - 11:30 BST
Level 1 | Hall Entrance S10 | Room A
In the era of AI-driven innovation, Kubernetes is fundamental for enabling medical scientists to execute machine learning tasks within a containerized environment. However, building a scalable ML platform on Kubernetes presents challenges, especially with advanced on-premise GPU-accelerated hardware optimized for large language model (LLM) training and inference.

This session will explore the obstacles faced by ML engineers and data scientists at Novo Nordisk in creating a robust platform for AI-driven drug discovery. The presentation will discuss enabling access to GPU resources at scale, orchestrating extensive data planes, efficiently running high-performance computing (HPC) jobs, and using GPU sharing strategies and different batch scheduling job software.

Insight about experiences with GPU sharing strategies, batch scheduling job software, overcoming operational challenges, and empowering ML engineers in accelerating drug discovery will be shared.
Speakers
avatar for Gustav Rasmussen

Gustav Rasmussen

Tech Lead, Novo Nordisk A/S
Gustav is Tech Lead in R&ED (Research & Early Development) at Novo Nordisk in Denmark, holds a MSc in Physics and really likes Cloud and Platform Engineering
avatar for Marius Tanawa Tsamo

Marius Tanawa Tsamo

Senior Platform Engineer, Novo Nordisk
I have a Master's degree in Systems Network and Security and seven years of IT experience. Although I'm very passionate about container environments, I'm even more passionate about meaningful contributions. I'm French, but even if I'm fairly new to Denmark, I have been moving from... Read More →
Friday April 4, 2025 11:00 - 11:30 BST
Level 1 | Hall Entrance S10 | Room A
  AI + ML

11:00 BST

Beyond Kubernetes: Adapting To Specialized Application Workloads - Rags Srinivas, Independent; Dawn Chen, Google; Sachi Desai, Microsoft; Vara Bonthu, AWS; Erin Boyd, Nvidia
Friday April 4, 2025 11:00 - 11:30 BST
Level 1 | Hall Entrance N10 | Room E
AI workloads have taken the Kubernetes world by a storm, but that is only the tip of the iceberg as even more specialized workloads in the realm of high performance compute, for example, need to be optimized and simplified on Kubernetes.

Attend this panel to learn from Kubernetes and cloud experts well versed in different infrastructure and containerized workloads about the existing challenges around Kubernetes today, and strategies for building out the platform to bootstrap these specialized workloads.

Attendees will be able to walk away with an understanding of how the Kubernetes ecosystem continues to evolve, and open-source tools like KAITO and Kueue that enable this growth and automate many of the processes involved. Attendees will also learn from these experts about compute optimizations, scheduling mechanisms, and workload performance enhancements that drastically reduce their time-to-value on Kubernetes.
Speakers
avatar for Rags Srinivas

Rags Srinivas

Multi-Cloud Architect, Independent
Raghavan "Rags" Srinivas (@ragss) is an Architect enabling developers to build scalable and available systems. With a background in app development and infrastructure, he has gravitated towards distributed systems. He specializes in Cloud Computing, specifically multi-cloud. Rags... Read More →
avatar for Erin Allen Boyd

Erin Allen Boyd

Distinguished Cloud Architect, Nvidia
Erin is currently a Distinguished Cloud Architect at Nvidia. Prior to this role she was the Director of Emerging Technologies and Distinguished Engineer at Red Hat in the Office of the CTO. Erin was previously an Apple Cloud Services Engineer at Apple. Erin is a Kubernetes contributor... Read More →
avatar for Dawn Chen

Dawn Chen

Principal Software Engineer, Google
Dawn Chen is a principal software engineer at Google. Dawn has worked on Kubernetes and Google Container Engine (GKE) before the project was founded. She has been one of tech leads in both Kubernetes and GKE. Prior to Kubernetes, she was the one of the tech leads for Google internal... Read More →
avatar for Vara

Vara

Principal OSS Specialist SA, AWS
Vara Bonthu is a dedicated technology professional and Worldwide Tech Leader for Data on EKS, specializing in assisting AWS customers ranging from strategic accounts to diverse organizations. He is passionate about open-source technologies, Data Analytics, AI/ML, and Kubernetes, and... Read More →
avatar for Sachi Desai

Sachi Desai

Product Manager, Microsoft
Sachi Desai is product manager in the Azure Kubernetes Service (AKS) team at Microsoft. She works with a range of AI users and enthusiasts in building the KAITO CNCF Sandbox project and is interested in different GPU workloads on Kubernetes.
Friday April 4, 2025 11:00 - 11:30 BST
Level 1 | Hall Entrance N10 | Room E
  Application Development

11:00 BST

Tutorial: Workshop: Developing as a Team for Kubernetes With Nix and Flox - Leigh Capili & Tanja Ulianova, Flox
Friday April 4, 2025 11:00 - 12:15 BST
Level 1 | Hall Entrance N11
In this workshop, Leigh, Tanja, and Nick will show a Nix GitOps workflow for both your team's laptops and Kubernetes clusters.

The dev workflows made possible by Nix and the ops workflows pioneered by both Nix and GitOps on K8s extend the story of repeatability further left than before.

Attendees will work hands-on to:

- use JS, Go, & Postgres

- declare cross-platform dependencies for build and dev

- containerize their app with Nix

- use GitOps to deploy their code to Kubernetes with zero-downtime

Making packaging collaborative and cross-platform opens up new maintenance possibilities.

We'll close with:

- Continuous Builds

- Patching

- Reproducibility and Caching

Teams can save hours of debugging by declaring their local dependencies with Nix alongside their code.
This has a notable symmetry to the benefits of GitOps in cloud-native operations.

Expect to leave this workshop with the confidence to harmonize Nix with Kubernetes and change the way you (and your teams) work.
Speakers
avatar for Leigh Capili

Leigh Capili

Senior DevRel Engineer, Flox
Leigh is an empathetic speaker and developer with niches in cloud-native systems and security. He has a background in building software to manage infrastructure. Leigh authored kubeadm’s etcd mTLS implementation and Flux 2’s multi-tenant security model. Leigh works with the... Read More →
avatar for Tanja Ulianova

Tanja Ulianova

Software Engineer, Flox
Tanja is a Software Engineer with a passion for robust software and smooth UX. She loves learning and sharing her knowledge. Currently, Tanja is working on Nix-based developer tooling at Flox, where she’s developing FloxHub — a platform for sharing reproducible dev environments... Read More →
Friday April 4, 2025 11:00 - 12:15 BST
Level 1 | Hall Entrance N11
  Tutorials, Application Development

11:45 BST

Demystifying Why the World Is Built on Kubernetes: Learning To Leverage Bespoke CRDs and Controllers - Abby Bangser, Syntasso & Sebastien Blanc, Port
Friday April 4, 2025 11:45 - 12:15 BST
Level 1 | Hall Entrance N10 | Room F
When product teams build software, they think about user personas, and Kubernetes is no different. There are three key user personas for Kubernetes: the one who runs containers (developers), the one who manages the cluster (operators) and the one who creates bespoke tooling (platform engineers). While the first two personas have a lot of resources and support, the third often appears to be a dark art that is only possible by the most courageous and advanced Kubernetes users.

What if we were to tell you the only secret to unleash this power is a single schema and a single function? Yes, even the power of graduated CNCF projects such as ArgoCD and CertManager can boil down that simple description. This talk will take a magnifying glass to how Kubernetes CRDs and controllers work so that you can build confidence in both using, and hopefully building, custom services on top of Kubernetes.
Speakers
avatar for Sebastien Blanc

Sebastien Blanc

Developer Relations Engineer, Port
Sébastien Blanc, Staff Developer Advocate at Aiven, is a Passion-Driven-Developer with one primary goal : share his passion by giving talks that are pragmatic, fun and focused on live coding.
avatar for Abby Bangser

Abby Bangser

Principal Engineer, Syntasso
Abby is a Principal Engineer at Syntasso delivering Kratix, an open-source cloud-native framework for building internal platforms on Kubernetes. Her keen interest in supporting internal development comes from over a decade of experience in consulting and product delivery roles across... Read More →
Friday April 4, 2025 11:45 - 12:15 BST
Level 1 | Hall Entrance N10 | Room F
  Cloud Native Novice

11:45 BST

The State of Prometheus and OpenTelemetry Interoperability - Arthur Sens, Grafana & Juraj Michálek, Swiss RE
Friday April 4, 2025 11:45 - 12:15 BST
Level 1 | Hall Entrance N10 | Room G
Prometheus and OpenTelemetry are two CNCF projects focusing on observability and truly excelling at their main purposes. However, they take slightly different approaches, and making both projects work well together has been challenging.

In this talk, Arthur and Juraj, both active contributors to Prometheus and OpenTelemetry communities, will present all the usual frustrations that a user would face when integrating Prometheus and OTel, and all the work done by the OpenTelemetry-Prometheus SIG (Special Interest Group) in the past year to transform Prometheus+OTel into a love story.

You'll leave this session understanding the core philosophical differences between the two projects that make interoperability so difficult, the progress made to improve the situation, and what to expect in the near future.
Speakers
avatar for Arthur Silva Sens

Arthur Silva Sens

Software engineer, Grafana
Arthur Sens is a Software Engineer at Grafana, focusing on Prometheus and OpenTelemetry interoperability. He is also an active member and maintainer for both communities. The only things that can take Arthur away from the computer are his passion for lifting unnecessarily heavy weights... Read More →
avatar for Juraj Michálek

Juraj Michálek

Senior Logging & Monitoring engineer, Swiss RE
I’ve been working as an SRE for the past few years. Currently I am a member of Logging & Monitoring team at Swiss RE where I focus on our Observability stack.
Friday April 4, 2025 11:45 - 12:15 BST
Level 1 | Hall Entrance N10 | Room G
  Observability

13:45 BST

Do Your Containers Even Lift – A Hardening Guide for K8s Containers - Cailyn Edwards & Daniel Murphy, Okta
Friday April 4, 2025 13:45 - 14:15 BST
Level 1 | Hall Entrance S10 | Room D
In a world where containers are centre stage it's important that they look and feel their best. In this talk we will go over the Kubernetes security checklist - identifying quick fixes that will yield huge gains. Together Cailyn and the audience will take a container from flimsy and squishy to rock solid in a Rocky worthy montage of a demo. Become the trainer your containers need, and ensure that your security routines are sustainable and maintainable! From slim images, to access control we will cover techniques and tools that will make your security dreams a reality. Attendees will leave this talk with a list of Cloud Native tools that will take their container security to the next level and help their containers get a PB on their next CIS BENCHmark!
Speakers
avatar for Daniel Murphy

Daniel Murphy

Senior Security Engineer, Okta
Daniel Murphy (they/them/he/him) is a Senior Security Engineer at Okta, where their main focus is making managing vulnerabilities less tedious. Prior to joining Okta, Daniel also spent time in Quality and Software Engineering, and Application Security. Outside of work Daniel enjoys... Read More →
avatar for Cailyn Edwards

Cailyn Edwards

Senior Security Engineer, Okta
Cailyn Edwards (she/her) is a CNCF Ambassador and a Senior Security Engineer at Okta, where she spends her time paving roads, putting up guard rails and generally helping to secure the cloud. She is also an active contributor to SIG-Security and 2022 Contributor Award recipient. Her... Read More →
Friday April 4, 2025 13:45 - 14:15 BST
Level 1 | Hall Entrance S10 | Room D
  Security

13:45 BST

Tutorial: Hacking up a Storm With Kubernetes - Rory McCune, Datadog; Marion McCune, ScotSTS; Iain Smart, AmberWolf
Friday April 4, 2025 13:45 - 15:00 BST
Level 1 | Hall Entrance N11
We'll provide a kind (https://kind.sigs.k8s.io/) cluster configuration and all of the required manifests to deploy our interactive environment on your own machines. Please bring a laptop capable of running a kind cluster and have kind installed before we start.

If you'd like to get hands-on hacking Kubernetes cluster, this is the tutorial for you! Join us as we walk through hands-on examples of how attackers can try and compromise Kubernetes clusters and what you can do to make sure it doesn't happen to you.

We'll be exploring some of the in-depth parts of cluster architecture that you may not get to look at every day with hands-on exercises that you can try out during the tutorial or takeaway and work on later.

So if you've ever wondered what the Kubelet API is, how Kubernetes does authentication or authorization or how someone could use "the most pointless Kubernetes pod ever" to get root access to your cluster nodes, then join us and find out!
Speakers
avatar for Iain Smart

Iain Smart

Principal Consultant, AmberWolf
Iain is a Principal Security Consultant at AmberWolf, where he attacks and reviews cloud-native environments. Since discovering that public speaking really isn’t that scary, he has presented at various conferences including KubeCon EU and BlackHat. He enjoys playing with new technologies... Read More →
avatar for Marion Mccune

Marion Mccune

Security Tester, ScotSTS
App Sec pentester with an interest in the security side of containerization. Live in the Highlands of Scotland with my husband and three cats. Interests are the outdoors, history, cookery and drawing.
avatar for Rory McCune

Rory McCune

Senior Security Researcher and Advocate, Datadog
Rory is a senior security researcher & advocate for Datadog who has extensive experience with Cyber security and Cloud native computing. In addition to his work as a security reviewer and architect on containerization technologies like Kubernetes and Docker he has presented at Kubecon... Read More →
Friday April 4, 2025 13:45 - 15:00 BST
Level 1 | Hall Entrance N11
  Tutorials, Security
 
Share Modal

Share this link via

Or copy link

Filter sessions
Apply filters to sessions.
Monday, March 31
Tuesday, April 1
Wednesday, April 2
Thursday, April 3
Friday, April 4
Bafta | Ray Dolby Room
Civo Tech Junction
Crowne Plaza London Docklands
Level 0 | ICC Auditorium
Level 0 | ICC Capital Hall | Room 1
Level 0 | ICC Capital Hall | Room 2
Level 1 | Hall Entrance N10 | Room E
Level 1 | Hall Entrance N10 | Room F
Level 1 | Hall Entrance N10 | Room G
Level 1 | Hall Entrance N10 | Room H
Level 1 | Hall Entrance N11
Level 1 | Hall Entrance S10 | Room A
Level 1 | Hall Entrance S10 | Room B
Level 1 | Hall Entrance S10 | Room C
Level 1 | Hall Entrance S10 | Room D
Level 1 | Hall Entrance S5
Level 1 | Hall Entrances S8 - S9, N8 - N9
Level 2 | South Gallery | Room 11 - 12
Level 3 | ICC Capital Suite 1
Level 3 | ICC Capital Suite 10-12
Level 3 | ICC Capital Suite 14-16
Level 3 | ICC Capital Suite 17
Level 3 | ICC Capital Suite 7-9
Platinum Suite | Level 3
Platinum Suite | Level 3 | Room 1-2
Platinum Suite | Level 3 | Room 3-4
The Steel Yard
  • 🚨 Contribfest
  • 🪧 Poster Sessions
  • AI + ML
  • Application Development
  • Breaks
  • ⚡ Lightning Talks
  • Cloud Native Experience
  • Cloud Native Novice
  • CNCF-hosted Co-located Events
  • Connectivity
  • Data Processing + Storage
  • Emerging + Advanced
  • Experiences
  • Keynote Sessions
  • Maintainer Track
  • Observability
  • Operations + Performance
  • Platform Engineering
  • Project Opportunities
  • Registration
  • Security
  • Solutions Showcase
  • Sponsor-hosted Co-located Event
  • Tutorials
  • Content Experience Level
  • Advanced
  • Any
  • Beginner
  • Intermediate