Loading…
In-person
1-4 April 2025
Learn More and Register to Attend

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon Europe 2025 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in British Summer Time (BST) (UTC +1). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change and session seating is available on a first-come, first-served basis. 
or to bookmark your favorites and sync them to your phone or calendar.
Venue: Level 1 | Hall Entrance S10 | Room C clear filter
Wednesday, April 2
 

11:15 BST

Taking Care of Your Control Plane With API Priority and Fairness and Resource Quotas - Matteo Ruina & Ayaz Badouraly, Datadog
Wednesday April 2, 2025 11:15 - 11:45 BST
Level 1 | Hall Entrance S10 | Room C
In a Kubernetes multi-tenant environment, cluster administrators face the challenge of keeping the platform stable amid competing and diverse workloads. A single misbehaving user can overload the Control Plane or use much more than their share of resources.

API Priority and Fairness (APF) and Resource Quotas are the Kubernetes tools for administrators to address these concerns. APF provides a fine-grained classification to throttle API Server requests, while Resource Quotas provides constraints that limit resource consumption per namespace. However, tuning them to be effective and not too restrictive at the same time can be complex.

In this session, we will talk about what we learned implementing both across hundreds of clusters and thousands of workloads. We will cover our setup and configuration, the challenges we faced and our tips to address them, the drawbacks you need to be aware of, and how to reuse what we learned for your own clusters.
Speakers
avatar for Matteo Ruina

Matteo Ruina

Senior Software Engineer, Datadog
Matteo is a Senior Software Engineer at Datadog in the Compute Control Plane team, where he has been managing hundreds of self-hosted Kubernetes control planes since 2022. Prior to Datadog, Matteo worked at Skyscanner on Kubernetes, operators and progressive rollout controllers... Read More →
avatar for Ayaz Badouraly

Ayaz Badouraly

Senior Software Engineer, Datadog
Ayaz Badouraly is a Senior Software Engineer at Datadog in the Compute Control Plane team. With his background on Site Reliability Engineering, his current work focuses on the availability and scalability of Kubernetes control planes. He also enjoys understanding counterintuitive... Read More →
Wednesday April 2, 2025 11:15 - 11:45 BST
Level 1 | Hall Entrance S10 | Room C
  Operations + Performance
  • Content Experience Level Any

12:00 BST

Taming 50 Billion Time Series: Operating Global-Scale Prometheus Deployments on Kubernetes - Orcun Berkem & Alan Protasio, AWS
Wednesday April 2, 2025 12:00 - 12:30 BST
Level 1 | Hall Entrance S10 | Room C
Scaling Prometheus to support 50 billion active time series across 20 regions on Kubernetes is a monumental challenge. This session delves into the architecture, processes, and tools that make it possible. We will explore the design of stateful sets and zone-aware deployments to ensure reliability and scalability, alongside deployment processes tailored for high availability and fault tolerance. Learn how cellular architecture enables granular scaling and fault isolation, and discover our approach to multi-tenancy, including protection mechanisms against noisy neighbors such as shuffle sharding, throttling with token buckets . We’ll also discuss the journey of scaling each cell to 1 billion active time series, highlighting the Kubernetes challenges we faced and solved along the way. Attendees will leave with actionable insights into building resilient, efficient, and scalable systems using Kubernetes in the cloud-native ecosystem.
Speakers
avatar for Alan Protasio

Alan Protasio

Software Developer Enginner, AWS
Alan is a core contributor and maintainer of Cortex and currently serves as a Senior Software Engineer at AWS, where he works on the Amazon Managed Prometheus Service. With over 15 years of experience in the tech industry, Alan has played a pivotal role in shaping several AWS services... Read More →
avatar for Orcun Berkem

Orcun Berkem

Principal Engineer, AWS
Orcun is a seasoned engineer with expertise in building scalable, resilient systems and leading large teams. As a Principal Engineer at AWS Open Source Observability, he focuses on scaling Cortex, along with working on AWS Distribution of OpenTelemetry, Grafana, and OpenSearch, and... Read More →
Wednesday April 2, 2025 12:00 - 12:30 BST
Level 1 | Hall Entrance S10 | Room C
  Operations + Performance

14:30 BST

Superpowers for Humans of Kubernetes: How K8sGPT Is Transforming Enterprise Ops - Alex Jones, AWS & Anais Urlichs, JP Morgan Chase
Wednesday April 2, 2025 14:30 - 15:00 BST
Level 1 | Hall Entrance S10 | Room C
Humans cannot scale like software, and our ability to diagnose and triage is finite. Imagine the burden of operating dozens of tenants across multiple clusters. It’s going to take a team, no lone hero can keep the lights on and the customers happy.

Until now.

The CNCF project, K8sGPT has unlocked a fast track for managing clusters, triaging issues and identifying a problem before they impact users. Using AI to simplify complex errors, we demonstrate how this project is elevating humans to scale at a rate never seen before, and able to do more with less.

Never before has there been a crisper example of getting AI to focus on the toil so humans can do the things we’re good at - problem solving.

Our Enterprise adopters share of how they’ve used K8sGPT to lower the bar to entry, uplifting the skills of their teams.
We chart a course together, presenter and audience, as we reset the expectation of what great looks for operating Kubernetes at planet scale.
Speakers
avatar for Alex Jones

Alex Jones

Principal Engineer, AWS
Alex works at AWS. When he's not obsessing over customers via the delivery of high quality products and tools, he's working passionately on open-source. Alex lives in the UK and has two kids.
avatar for Anais Urlichs

Anais Urlichs

Platform Engineer, JP Morgan Chase
Anaïs is a Platform Engineer at JPM Chase, where she contributes to the company’s cloud implementation. Before working as Platform Engineer, Anais worked for 7 years as Developer Advocate. Most recently, as part of the open source team at Aqua Security, her work was focused on... Read More →
Wednesday April 2, 2025 14:30 - 15:00 BST
Level 1 | Hall Entrance S10 | Room C
  Operations + Performance
  • Content Experience Level Any

15:15 BST

The Life (or Death) of a Kubernetes API Request, 2025 Edition - Abu Kashem, Red Hat Inc. & Stefan Schimanski, Upbound
Wednesday April 2, 2025 15:15 - 15:45 BST
Level 1 | Hall Entrance S10 | Room C
This presentation takes an in-depth look at the path of an API request (e.g. a user sends a request to create a Pod through kubectl create). We take a deep dive into the phases a request passes through, in a chronological order, starting with its arrival at the k8s API Server, and ending in its departure carrying a response to the caller.

This talk will not dive into any code snippets, but rather will use easy to understand diagrams that dig deep into k8s architecture, and side by side, it will show the related observability artifacts (log, audit, metrics snapshot, and error messages) and clarify their implications. To our knowledge, no kubecon talk has covered this topic from an operator's perspective.

After attending this talk, the audience, whether they are an admin, an SRE, or a DevOps professional, will walk away with a much clearer understanding of "how things work in Kubernetes"; the new insights will make them more effective at finding root causes for complex cluster issues.
Speakers
avatar for Stefan Schimanski

Stefan Schimanski

Senior Principal Engineer, Upbound
Stefan is a Senior Principal Engineer at Upbound working on control planes, Kubernetes, kcp, and as a tech-lead in Sig API Machinery. He contributed a major part of the CRD feature set. Stefan is a 2nd time GoogleSummer of Code mentor with CNCF, loves to teach and help people to learn... Read More →
avatar for Abu Kashem

Abu Kashem

Software Engineer, Red Hat Inc.
Abu is a Software Engineer at Red Hat, Inc., working on Kubernetes Control Plane technology, he is a maintainer of sig-api-machinery, he is also an active contributor to the API Priority and Fairness feature of the k8s APIServer
Wednesday April 2, 2025 15:15 - 15:45 BST
Level 1 | Hall Entrance S10 | Room C
  Operations + Performance
  • Content Experience Level Any

16:15 BST

Where’s All My Memory Gone? Mapping K8s Memory Metrics To Physical Resources - Mahé Tardy, Isovalent at Cisco
Wednesday April 2, 2025 16:15 - 16:45 BST
Level 1 | Hall Entrance S10 | Room C
Understanding memory statistics in Kubernetes is critical for reducing an application’s memory impact or avoiding the Out-Of-Memory (OOM) killer. In this talk, we’ll decode the complexities behind Kubernetes memory metrics (did you say container_memory_working_set_bytes?), tracing them from the kubelet binary to the host’s memory control groups.

The memory metrics we observe, whether through kubectl top or Prometheus, are the result of a complex journey, from memory control group statistics, through calculations by libraries like opencontainers/libcontainer, to cAdvisor or the container runtime, and finally, to the kubelet. We’ll deep dive into the role of cAdvisor and the container runtime in memory tracking, the interaction with the OOM killer, and the impact of control groups (cgroups) versions on metric calculations. By the end of this session, you’ll be able to better interpret memory statistics and troubleshoot memory-related issues in your clusters.
Speakers
avatar for Mahé Tardy

Mahé Tardy

Software Engineer, Isovalent at Cisco
Mahé is a security engineer at Isovalent and an active contributor to Kubernetes SIG Security. He was previously working as a security researcher and loves working with Linux, security, and Kubernetes!
Wednesday April 2, 2025 16:15 - 16:45 BST
Level 1 | Hall Entrance S10 | Room C
  Operations + Performance

17:00 BST

The Next Generation of DaemonSet Autoscaling - Adam Bernot, Google Cloud & Bryan Boreham, Grafana Labs
Wednesday April 2, 2025 17:00 - 17:30 BST
Level 1 | Hall Entrance S10 | Room C
Imagine you have small 4-core nodes and larger 64-core nodes in the same cluster, and a DaemonSet that does much more work on the larger nodes. How do you set resource requests and limits appropriately?

Managing resources for workloads deployed as a DaemonSet in Kubernetes can be challenging when load is not evenly distributed across nodes. Static allocation can cause over/under-utilization and scheduling issues. VPA helps, but currently assumes uniform load across all pods, which is a bad assumption for certain types of workloads.

We will discuss our case studies, why this feature will be useful, how our prototype implements per-pod VPA for DaemonSets to improve resource efficiency, stability, and eliminate the need for manual tuning. This is your chance to learn about this upcoming feature and connect with the people who are implementing it!
Speakers
avatar for Bryan Boreham

Bryan Boreham

Distinguished Engineer, Grafana Labs
Bryan Boreham is a Distinguished Engineer at Grafana Labs, working on highly scalable storage for metrics, logs and traces. Bryan's career has ranged from charting pie sales at a bakery to real-time pricing of billion-dollar bond trades. A contributor to many Open Source projects... Read More →
avatar for Adam Bernot

Adam Bernot

Software Engineer, Google Cloud
Adam Bernot is a software engineer and Kubernetes enthusiast who works on scaling the Google Cloud Managed Service for Prometheus.
Wednesday April 2, 2025 17:00 - 17:30 BST
Level 1 | Hall Entrance S10 | Room C
  Operations + Performance

17:45 BST

Scaling Shopify's Search: Enhancing Elasticsearch Resilience With Kubernetes and KEDA - Leila Vayghan, Shopify
Wednesday April 2, 2025 17:45 - 18:15 BST
Level 1 | Hall Entrance S10 | Room C
Millions of merchants across the globe use Shopify to sell their products. The cornerstone of this commerce platform is the search infrastructure, which hosts more than two petabytes of data, providing search for millions of users.
This session explains how Shopify improved their search infrastructure resiliency while increasing write performance for Elasticsearch clusters. This was done by isolating production writes from bursts of maintenance writes that degraded search availability for all users. This approach leverages Kubernetes native mechanisms to host production workloads on isolated Google Cloud nodepools protecting them from the heavy writes that are sent to autoscalable nodepools that are dedicated for maintenance tasks. Using Kubernetes based Event Driven Autoscaling (KEDA), an autoscaler that responds to events such as bursts of writes, allowed maintenance nodepools to scale only when needed. Using KEDA saved 40% in costs and improved production write performance by 65%.
Speakers
avatar for Leila Vayghan

Leila Vayghan

Senior Site Reliability Engineer, Shopify
Leila is a site reliability engineer at Shopify, where she supports millions of merchants to grow by designing and building a reliable infrastructure. Leila has completed her master’s degree on the availability of stateful applications running on Kubernetes and has presented her... Read More →
Wednesday April 2, 2025 17:45 - 18:15 BST
Level 1 | Hall Entrance S10 | Room C
  Operations + Performance
  • Content Experience Level Any
 
Thursday, April 3
 

11:00 BST

Identity-based Trust - Till Death Do We Part? - John Kjell, TestifySec & Kairo De Araujo, Independent
Thursday April 3, 2025 11:00 - 11:30 BST
Level 1 | Hall Entrance S10 | Room C
With the rise in adoption of identity-based trust, it is increasingly important to understand the threats to such systems. PyPI, NPM, RubyGems, and Homebrew have all established models for “trusted publishing” attestation, based on OIDC. Many of these implementations rely on Project Sigstore’s projects Fulcio and Rekor.

Sigstore’s Rekor is an append only log. There’s no way to remove entries, even if they’re illegitimate. In the case of an identity compromise, most individuals would prefer to avoid a divorce from their identity, allowing for recovery and the establishment in future trust of their name.

In this session, we’ll examine a threat model and mechanisms for compromise in a Sigstore-based identity signing system. Once established, we’ll describe ways to mitigate and resolve the threats, leveraging the CNCF projects in-toto and The Update Framework (TUF). Beyond theoretical designs, we’ll look at how this system has been implemented in in-toto’s sub-project Archivista.
Speakers
avatar for John Kjell

John Kjell

Director of Open Source, TestifySec
John is responsible for open source at TestifySec, a software supply chain security startup. He is a maintainer for the Witness and Archivista sub-projects under in-toto. Additionally, John is an active contributor to CNCF's TAG Security and multiple projects within the OpenSSF. Before... Read More →
avatar for Kairo De Araujo

Kairo De Araujo

Open Source Engineer, Independent
Kairo is a Senior Open Source Engineer. Kairo maintains python-tuf and is the author of Repository Service for TUF (RSTUF). His past roles include Senior Open Source Software Engineer at TestifySec, VMware, Senior Software Engineer at IBM, ING, Forescout, and a former System Engineer... Read More →
Thursday April 3, 2025 11:00 - 11:30 BST
Level 1 | Hall Entrance S10 | Room C
  Security

11:45 BST

IAM, Agent: Identity for Autonomous AI - Matthew Bates, Cofide
Thursday April 3, 2025 11:45 - 12:15 BST
Level 1 | Hall Entrance S10 | Room C
First there were chatbots, then LLMs and now we're beginning to hear everyone talk about "agents", where multiple AI agents collaborate and execute tasks autonomously. As AI systems evolve toward multi-agent architectures, robust identity and access management (IAM) becomes critical for security. While these share similarities with microservices, AI agents introduce unique challenges around dynamic capabilities, trust and the interplay between human and agent identities.

This talk explores applying zero trust principles to AI agent workloads using CNCF projects like SPIFFE/SPIRE and emerging IETF standards (WIMSE). We'll explore dynamic identity provisioning, agent-to-agent authentication, and cryptographic attestation. Through hands-on demonstrations, you'll learn how to implement secure, standards-compliant identity management in your multi-agent AI systems, addressing both familiar distributed systems challenges and novel security considerations.
Speakers
avatar for Matthew Bates

Matthew Bates

Founder, Cofide
Matt is the founder of Cofide, a startup focused on workload identity and access management. He was previously co-founder and CTO of Jetstack, the company behind cert-manager. Since the launch, he has contributed widely to the Kubernetes project, both to the technology and to the... Read More →
Thursday April 3, 2025 11:45 - 12:15 BST
Level 1 | Hall Entrance S10 | Room C
  Security

14:15 BST

Mind the Gap: Bridging Supply Chain Policy With Git-less GitOps and GUAC - Michael Lieberman, Kusari & Andrew Martin, ControlPlane
Thursday April 3, 2025 14:15 - 14:45 BST
Level 1 | Hall Entrance S10 | Room C
In a live supply chain attack demo, we demonstrate the latest security features of Flux CD and OpenSSF GUAC together in a hardened, wide-scale production scenario. When the next XZ or log4shell vulnerability lands, see how to assess, respond, and prevent proliferation before or after an attacker gets a foothold in your systems.

See how to defend against an assault on your dependency tree, prevent hostile insiders from escalating their privilege, and lock down your production environment to harden it against future threats.

We:
Use OCI-first Flux CD to remove network routes to Git servers from production
GUAC to manage dependency inventory and bring signal to the noise of CVE updates
Timoni to reliably patch, customise, and verify deployments before release
Flux Autopilot to roll out multi-tenancy lockdown, horizontal and vertical scaling, and persistent storage across fleets of clusters
Speakers
avatar for Michael Lieberman

Michael Lieberman

CTO, Kusari
Michael Lieberman is co-founder and CTO of Kusari where he helps build transparency and security in the software supply chain. Michael is an active member of the open-source community, co-creating the GUAC and FRSCA projects and co-leading the CNCF’s Secure Software Factory Reference... Read More →
avatar for Andrew Martin

Andrew Martin

CEO, ControlPlane
Andrew has an incisive security engineering ethos gained building and destroying high-traffic web applications. Proficient in systems development, testing, and operations, he is at his happiest profiling and securing every tier of a cloud native system, and has battle-hardened experience... Read More →
Thursday April 3, 2025 14:15 - 14:45 BST
Level 1 | Hall Entrance S10 | Room C
  Security

15:00 BST

​​SPIFFE in Practice: Universal Identity for WebAssembly Workloads - Joonas Bergius, Cosmonic & Colin Murphy, Adobe
Thursday April 3, 2025 15:00 - 15:30 BST
Level 1 | Hall Entrance S10 | Room C
Universal Identity (or Workload Identity) is a foundational concept that underpins every secure platform. When implemented well, it provides the platform and security teams the ability to reason about the entities running on their platform and the interactions between them.

SPIFFE has become the industry standard for establishing Identity that can be used to authenticate across all major cloud providers, on various workload platforms and even to an increasing number of third-party services. As SPIFFE adoption across various CNCF projects is growing, WebAssembly workloads present some unique challenges to simply lifting and shifting from what’s been done before.

This talk will cover the journey CNCF wasmCloud underwent in adopting SPIFFE as the foundation for providing Secure Production Identity for the WebAssembly Workloads running on the platform. We will share the lessons we learned from our journey, starting out with a concept to then bringing it all the way to production.
Speakers
avatar for Colin Murphy

Colin Murphy

Sr Software Engineer, Adobe
Colin Murphy is a senior software engineer on the Adobe Content Authenticity Initiative team. Previous roles include frontend engineer for Adobe Express, head of infrastructure of Adobe Document Cloud microservices, including Adobe Sign and Acrobat Web. He has been responsible for... Read More →
avatar for Joonas Bergius

Joonas Bergius

Senior Software Engineer, Cosmonic
Joonas Bergius is a veteran of the Cloud Native community, having been part of the Kubernetes ecosystem as a contributor and end-user since the early days (circa 2015) of Kubernetes.
Thursday April 3, 2025 15:00 - 15:30 BST
Level 1 | Hall Entrance S10 | Room C
  Security

16:00 BST

Open Source Malware or a Vulnerability? The Philosophical Debate and How To Mitigate - Brian Fox, Sonatype; Madelein van der Hout, Forrester Research Inc.; Santiago Torres-Arias, Purdue University
Thursday April 3, 2025 16:00 - 16:30 BST
Level 1 | Hall Entrance S10 | Room C
As open source software is increasingly important in modern software development, the security challenges continue to evolve. Vulnerabilities are largely understood, but open source malware poses a uniquely hidden threat. But when does a planted vulnerability transform a package into malware? This talk will discuss and debate the nuances between open source vulnerabilities and malware, as well as discuss the before diving into what’s most important: how to stay secure with open source.

Traditional SCA and endpoint security tools do not detect open source malware, which increases the challenge. In this panel, key experts — from software engineering acad to influential analysts and open source security veterans — will dive into the different types of open source malware and why it’s so pervasive, outline practical strategies for mitigating threats and discuss the responsibility of enterprises and developers in safeguarding the software supply chain.
Speakers
avatar for Brian Fox

Brian Fox

Co-founder and CTO, Sonatype
Co-founder and CTO, Brian Fox is a Governing Board member for the Opensource Security Foundation, a member of the Apache Software Foundation and former Chair of the Apache Maven project. As a direct contributor to the Maven ecosystem, including the maven-dependency-plugin and maven-enforcer-plugin... Read More →
avatar for Madelein van der Hout

Madelein van der Hout

Senior Analyst Cybersecurity & Risk, Forrester Research Inc.
Madelein is a senior analyst on the security and risk (S&R) team, focusing on European security consulting firms, European CISO strategy work, and security operating model and organizational research. She supports security executives and professionals in building and maturing their... Read More →
avatar for Santiago Torres-Arias

Santiago Torres-Arias

Assistant Professor of Electrical and Computer Engineering, Purdue University
Santiago Torres-Arias is an assistant professor at Purdue’s ECE department, where researches Secure Systems, Applied Cryptography and Software Supply Chain security. Santiago is the team lead of in-toto, a framework to secure the SDLC, as well as PolyPasswordHasher, a password storage... Read More →
Thursday April 3, 2025 16:00 - 16:30 BST
Level 1 | Hall Entrance S10 | Room C
  Security
  • Content Experience Level Any

16:45 BST

Redefining Access Control: Scaling Policy as Code for Humans and AI Agents - Raz Cohen, Permit.io
Thursday April 3, 2025 16:45 - 17:15 BST
Level 1 | Hall Entrance S10 | Room C
As enterprises embrace AI, managing access for both human users and AI agents has become essential. Traditional access control methods can no longer meet the demands of AI-driven identities such as chatbots, AI agents, decision engines, and autonomous tools.

This talk explores how Policy as Code redefines fine-grained access control, enabling scalability for both humans and AI. Learn how to design flexible, auditable policies that support real-time decision-making and address AI-specific challenges. Tools like Open Policy Agent (OPA) and OpenFGA will be featured, along with strategies for integrating AI-driven access models into zero-trust environments.

Through real-world case studies, discover how enterprises secure billions of interactions while fostering seamless collaboration between humans and machines.

Join me to gain practical insights into implementing scalable access control for today’s AI-powered ecosystems !
Speakers
avatar for Raz Cohen

Raz Cohen

Head of Platform, Permit.io
I'm Raz Cohen, Head of Platform at Permit.io. With over eight years in Kubernetes, cloud-native solutions, open-source projects & Platform engineering, starting at IDF's 8200 unit, Logz.io and Doubleverify, I've become a specialist in Developer Tools. I've spoken at events like KubeCon... Read More →
Thursday April 3, 2025 16:45 - 17:15 BST
Level 1 | Hall Entrance S10 | Room C
  Security

17:30 BST

Weaving a VEX Feed Through the Kubernetes Project - Adolfo García Veytia, Stacklok
Thursday April 3, 2025 17:30 - 18:00 BST
Level 1 | Hall Entrance S10 | Room C
Vulnerability triaging is an expensive process, often plagued with false positives that cause organizations to waste thousands of dollars in engineering time handling and suppressing them to conform with compliance frameworks.

Here to the rescue comes VEX - the Vulnerability Exploitability eXchange - a new metadata format, designed as a companion to SBOMs that communicates the impact of a vulnerability on a piece of software.

False positives come in many forms: From vulnerabilities found in other platforms, non-exploitable code paths, to simple mitigations pre applied to artifacts. Using VEX, software authors can communicate downstream that software is safe to use despite security scanners going brrrr..

In this talk, we dive into VEX, explore the new Kubernetes VEX feed instrumented through collaboration from SIG Release, the Security Response Committee and SIG Security to understand the source of the data, how to use it and do some cool demos with real vulnerability scanners!
Speakers
avatar for Adolfo García Veytia

Adolfo García Veytia

Staff Software Engineer, Stacklok
Adolfo García Veytia (@puerco) is a software engineer with Stacklok. He is one of the Kubernetes SIG Release Technical Leads, actively working on the Release Engineering team to improve the software that drives Kubernetes release process. He is also the creator of the OpenVEX and... Read More →
Thursday April 3, 2025 17:30 - 18:00 BST
Level 1 | Hall Entrance S10 | Room C
  Security
 
Friday, April 4
 

11:00 BST

Consistent Volume Group Snapshots, Unraveling the Magic - Leonardo Cecchi, EDB & Xing Yang, VMware by Broadcom
Friday April 4, 2025 11:00 - 11:30 BST
Level 1 | Hall Entrance S10 | Room C
Snapshotting databases running on multiple volumes is not easy because of inconsistencies due to snapshots being taken at different times.

VolumeGroupSnapshots, introduced as an alpha feature in Kubernetes 1.27 and now in the process of being promoted to beta, provides a solution by enabling write-order consistent snapshots for multiple volumes.

In this session, explore the inner workings of VolumeGroupSnapshots by discovering the key implementation components and their cooperative efforts in achieving consistent group snapshots.

Gain valuable insights to ensure proper usage of this feature and become adept at troubleshooting and debugging potential issues.
Speakers
avatar for Xing Yang

Xing Yang

Tech Lead, VMware by Broadcom
Xing Yang is a Tech Lead in the Cloud Native Storage team at VMware by Broadcom. She is a co-chair of CNCF Storage TAG, a co-chair of the Kubernetes Storage SIG, a co-chair of the Data Protection WG, and a maintainer in Kubernetes CSI. Before joining VMware, Xing was the Lead Architect... Read More →
avatar for Leonardo Cecchi

Leonardo Cecchi

Software Development Principal, EDB
Leonardo Cecchi, a principal in software development at EDB, plays a pivotal role as a maintainer in the CloudNativePG project and Biganimal, EDB's DBaaS offering. With a longstanding preference for PostgreSQL dating back to 1998, his expertise in this DBMS is extensive. Before EDB... Read More →
Friday April 4, 2025 11:00 - 11:30 BST
Level 1 | Hall Entrance S10 | Room C
  Data Processing + Storage

11:45 BST

Data Gravity and Kubernetes: Managing Large-Scale Data Ingest With Minimal Latency - Abhishek Bhattacharjee, Quasitech Innovations Private Limited & Arya Soni, Zupee
Friday April 4, 2025 11:45 - 12:15 BST
Level 1 | Hall Entrance S10 | Room C
Kubernetes environments, particularly in the context of large-scale data ingest across APIs, suffer from unique challenges posed by data gravity. This presentation aims to explore the newer avenues to overcome these challenges such as local storage layer optimizations, integration of edge computing, and/or network efficiencies that can help reduce latency. Participants will be exposed to ways of reducing data transfer costs, increasing data transfer rates and improving data storage characteristics without loss of scalability of the system. Many of the provided examples will relate to the real situations which will help the audience to use those techniques effectively in the real-life complex Kubernetes environments.
Speakers
avatar for Abhishek Bhattacharjee

Abhishek Bhattacharjee

CEO at Wooak, Quasitech Innovations Private Limited
I am Abhishek Bhattacharjee, Co-Founder & CEO of Wooak, an AI-driven HRMS platform redefining workforce management. With a strong background in tech and leadership, I specialize in building scalable, user-focused solutions. Passionate about innovation, I aim to empower businesses... Read More →
avatar for Arya Soni

Arya Soni

DevOps Engineer, Zupee
I’m a DevOps Engineer with over two years of experience in cloud-native technologies, automation, and infrastructure optimization. As a co-organizer of the CNCG Bihar Chapter, I’ve led initiatives promoting open-source contributions and community growth. I’ve contributed to... Read More →
Friday April 4, 2025 11:45 - 12:15 BST
Level 1 | Hall Entrance S10 | Room C
  Data Processing + Storage

13:45 BST

Don't Let Your Kubernetes Cluster Go Wild: Ensuring Etcd Reliability - Arka Saha, VMware by Broadcom & Chun-Hung (Henry) Tseng, Google
Friday April 4, 2025 13:45 - 14:15 BST
Level 1 | Hall Entrance S10 | Room C
Have you ever encountered a perplexing Kubernetes issue that left you no choice but to recreate your cluster?As the backbone of Kubernetes, etcd stores the state and configuration at any given moment.Since any changes to this critical component can introduce instability, how can we continuously ensure that new features, improvements, or bug fixes don’t introduce data inconsistency and regression?
Join us for a deep dive into the etcd test framework and discover how we safeguard your Kubernetes clusters from catastrophic bugs. We will share the rigorous processes to guarantee correctness, consistency, and reliability with every code change for the etcd v3.6 release.
We'll share the challenges in our journey of developing, leveraging, and debugging issues caught by the robustness test framework. Whether you’re building Kubernetes or complex distributed systems, this session will equip you with invaluable knowledge and practical tools to create a more reliable and resilient infrastructure
Speakers
avatar for Arka Saha

Arka Saha

Software Engineer, VMware By Broadcom
Arka Saha, a Broadcom Software Engineer, leads Kubernetes releases & maintenance for Tanzu Extended Support. He manages VMware by Broadcom's Prow infrastructure, ensuring long-term support for k8s, etcd, containers, Golang & related components. Previously he managed Red Hat OpenShift... Read More →
avatar for Chun-Hung (Henry) Tseng

Chun-Hung (Henry) Tseng

Software Engineer, Google
Henry is a CK* certified Software Engineer who currently works at Google as a software engineer. He has been an etcd contributor since 2024.
Friday April 4, 2025 13:45 - 14:15 BST
Level 1 | Hall Entrance S10 | Room C
  Data Processing + Storage

14:30 BST

Data Processing Efficiency: Optimizing Batch Workloads on Kubernetes With Custom Schedulers - Sigmar Stefánsson, NetApp & Hichem Kenniche, NetApp Instaclustr
Friday April 4, 2025 14:30 - 15:00 BST
Level 1 | Hall Entrance S10 | Room C
Kubernetes is the leading platform for deploying major data processing frameworks like Apache Spark. However, its default scheduler falls short in meeting some of the advanced and specific requirements of batch workloads.

This presentation explores the necessity and benefits of custom schedulers, with a deep dive on the implementation of Volcano and Apache YuniKorn in multi-cloud Kubernetes environments running large and complex Apache Spark applications. Discover how these tools can optimize cluster management for batch and ML workloads.
Speakers
avatar for Hichem Kenniche

Hichem Kenniche

Principal OSS Product Architect, NetApp Instaclustr
Hichem is passionate about open-source technologies such as Kubernetes and its ecosystem, Apache Spark, Kafka, Airflow, and many others. With over 10 years of experience in Data Analytics and AI/ML, he is currently an OSS Product Architect at NetApp Instaclustr. In this role, he collaborates... Read More →
avatar for Sigmar Stefánsson

Sigmar Stefánsson

Software Engineer, NetApp
Sigmar is a Software Engineer at NetApp, where he has been instrumental in advancing the integration of Apache Spark within Kubernetes environments. With a robust background in software development and a keen focus on big data technologies, Sigmar has dedicated years to optimizing... Read More →
Friday April 4, 2025 14:30 - 15:00 BST
Level 1 | Hall Entrance S10 | Room C
  Data Processing + Storage

15:15 BST

Authz as a Dev Workflow: Architecting Better Cloud Native Apps - Dan "phrawzty" Maher, Cerbos
Friday April 4, 2025 15:15 - 15:45 BST
Level 1 | Hall Entrance S10 | Room C
Every request in a cloud-native application needs authorization, but let's be honest: most developers see it as a pain-point rather than an advantage. This talk explores why authorization belongs in your application's critical path, and how making it a core part of the development process improves developer experience.
We'll look at how CNCF authorization projects and open standards from the OpenID Foundation are rethinking authorization from the ground up. Through real-world examples, we'll show how modern authorization patterns fit into existing workflows, help catch access control bugs early, and make developers' lives easier.
Attendees will leave with practical patterns for building maintainable access control logic, strategies for testing authorization rules effectively, and proven approaches for embedding security into your development workflow from the start. Whether you're building new systems or improving existing ones, you'll learn how to make authorization work for you.
Speakers
avatar for Dan Maher

Dan Maher

Open Source Engineer, Cerbos
Dan has worked in a variety of environments from start-ups to global corporations, including stints as a founder, university lecturer, and a day labourer. Today, Dan is a global core member of the DevOpsDays conference series, Senior DevRel Manager at Cerbos, and full time open source... Read More →
Friday April 4, 2025 15:15 - 15:45 BST
Level 1 | Hall Entrance S10 | Room C
  Application Development
  • Content Experience Level Any
 
Share Modal

Share this link via

Or copy link

Filter sessions
Apply filters to sessions.
Monday, March 31
Tuesday, April 1
Wednesday, April 2
Thursday, April 3
Friday, April 4
Bafta | Ray Dolby Room
Civo Tech Junction
Crowne Plaza London Docklands
Level 0 | ICC Auditorium
Level 0 | ICC Capital Hall | Room 1
Level 0 | ICC Capital Hall | Room 2
Level 1 | Hall Entrance N10 | Room E
Level 1 | Hall Entrance N10 | Room F
Level 1 | Hall Entrance N10 | Room G
Level 1 | Hall Entrance N10 | Room H
Level 1 | Hall Entrance N11
Level 1 | Hall Entrance S10 | Room A
Level 1 | Hall Entrance S10 | Room B
Level 1 | Hall Entrance S10 | Room C
Level 1 | Hall Entrance S10 | Room D
Level 1 | Hall Entrance S5
Level 1 | Hall Entrances S8 - S9, N8 - N9
Level 2 | South Gallery | Room 11 - 12
Level 3 | ICC Capital Suite 1
Level 3 | ICC Capital Suite 10-12
Level 3 | ICC Capital Suite 14-16
Level 3 | ICC Capital Suite 17
Level 3 | ICC Capital Suite 7-9
Platinum Suite | Level 3
Platinum Suite | Level 3 | Room 1-2
Platinum Suite | Level 3 | Room 3-4
The Steel Yard
  • 🚨 Contribfest
  • 🪧 Poster Sessions
  • AI + ML
  • Application Development
  • Breaks
  • ⚡ Lightning Talks
  • Cloud Native Experience
  • Cloud Native Novice
  • CNCF-hosted Co-located Events
  • Connectivity
  • Data Processing + Storage
  • Emerging + Advanced
  • Experiences
  • Keynote Sessions
  • Maintainer Track
  • Observability
  • Operations + Performance
  • Platform Engineering
  • Project Opportunities
  • Registration
  • Security
  • Solutions Showcase
  • Sponsor-hosted Co-located Event
  • Tutorials
  • Content Experience Level
  • Advanced
  • Any
  • Beginner
  • Intermediate