03:30 AM -- 03:50 AM

Opening remarks

03:50 AM -- 04:15 AM

Kubernetes - The Universal Control Plane

Kubernetes is emerging as one of the best control planes in the context of modern applications and infrastructure. The powerful scheduler, which was originally designed to deal with the placement of pods on appropriate nodes, is quite extensible. It can solve many of the problems that exist in traditional distributed systems. This session explores how Kubernetes is transforming into a universal control plane for orchestrating diverse workloads based on containers, virtual machines, the public cloud, and WASM.

Janakiram MSV

Janakiram & Associates

04:15 AM -- 04:35 AM

What is Cloud Native WebAssembly?

Serverless applications are gaining momentum. Developers like the simplicity of writing a serverless function. And with WebAssembly as an underlying technology, it is fast and easy to build WebAssembly serverless apps. In this talk, Rajat and Matt introduce Spin, an open source tool for rapidly building serverless functions in WebAssembly. We’ll start by talking about WebAssembly itself and why a technology that was good for the browser is great for the cloud. Then we will look at how Spin works. To illustrate this, we’ll talk about the `goodfirstissue` bot and demo how with minimal changes, we are able to run this bot as serverless app using Spin

Matt Butcher

CEO

Fermyon

04:35 AM -- 04:55 AM

Tea + networking

04:55 AM -- 05:25 AM

Blockchain goes Kubernetes

This session will provide an overview of what it takes for companies to run public blockchain nodes on Kubernetes. We will begin with an introduction to blockchain nodes (servers), what they are, and a brief description of how they work, including the differences between each blockchain. Once the basics are covered, we will discuss the challenges of running a node blockchain on a server. Next, we will explore how to leverage k8s to solve some of the challenges of hosting nodes. This will include describing how to deploy nodes on k8s using statefulsets, updating blockchains, and accessing blockchain data using k8s services. Finally, we will cover how to monitor nodes using Prometheus.

Darshit Suratwala

Scale3Labs

04:55 AM -- 05:25 AM

How & Why Does The Work of OpenSSF Impact You

Open Source Software is in use by a large number of organizations for whom security and compliance is paramount. Examples of these are governments, banks, financial institutions, etc. These large organizations are raising questions about the integrity of software artifacts and establish provenance at each stage. Recent evidence of which can be found here: [1] https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-161r1.pdf [2] https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/ Many projects are positioned to provide some answers using Software Bill Of Materials (SBOMs) and implementing initiatives such as SLSA.dev, However there is massive inconsistency across the organizations' repositories, working groups (and other administrative entities). Secure Open Source Supply Chains are paramount to those involved in creating and distributing open source software. Those engineers, engineering managers, and program managers who are responsible for delivering software that is or consumes open source software are under increasing scrutiny to establish provenance of their software artifacts. This talk will demonstrate the impact of the work OpenSSF is doing ― especially for open source foundations, by sharing details about how we are embracing best practices prescribed by OpenSSF. The talk will also contain some ideas about how we intend to further securing our open source ecosystem.

Ram Iyengar

Chief Evangelist

Cloud Foundry Foundation

04:55 AM -- 05:25 AM

Istio Service Mesh - Day 0 to Day 2 Operations

Microservices can be complicated and difficult to manage, and a service mesh is a popular solution for many of those complexities. You will be given a quick fly-over of what challenges service mesh solves, service mesh architecture, and various service mesh projects in the ecosystem. This workshop explains how to get started with Istio by incrementally adopting Istio and observing the benefits that Istio service mesh brings to you. We will explore various functions and benefits that Istio provides to your organization. Some of the topics that we will cover in this workshop include: - Install Istio - Secure services with Istio Ingress Gateway - Add services to the mesh - Secure inter-service communication with Istio - Control traffic This workshop also includes a certification option. This credential, offered by Solo.io with Credly, certifies that you possess introductory skills. At the completion of the workshop, you will be able to take an assessment and a score 80% or higher earns the certification

Rohit Ghumare

Developer Advocate at

solo.io

Vinuja Khatode

Solo Ambassador, DevOps Engineer

Nimblebox

05:25 AM -- 05:55 AM

Getting Hands-On with the New Kubernetes Gateway API

Why do you need another API to handle external traffic when you have the stable Kubernetes Ingress API and dozens of implementations? What problems of the Ingress API does the new Gateway API solve? Does this mean the end of the Ingress API? In this short talk, Navendu will answer these questions by exploring how Gateway APIs evolved and solved the shortcomings of the Ingress API with hands-on examples. Attendees will learn about the new Gateway API and how they can implement feature-rich, extensible, vendor-neutral gateways to their Kubernetes clusters.

Navendu Pottekkat

Developer Advocate

API7.ai

05:25 AM -- 05:55 AM

Platinum Sponsor Session: Top 5 Things to Know Running OpenTelemetry on Kubernetes

OpenTelemetry (OTel) is a vendor-neutral, open-source observability framework and one of the fastest-growing open-source projects in the CNCF space. Adoption for OpenTelemetry is on the rise. In this session, we will cover the rise of OpenTelemetry, its core concepts, and different components such as Instrumentation, Collector, Operator, and more. We will also discuss distributed tracing and deployment options on Kubernetes. The goal is to provide you with the knowledge necessary to understand OpenTelemetry, its prerequisite requirements, and its technological maturity.

Zameer Fouzan

Senior Developer Relations Engineer

New Relic

05:55 AM -- 06:25 AM

Demystifying Gitops with ArgoCD

GitOps is a modern approach to managing application deployments. In this session, the speaker will provide an overview of GitOps and explore how ArgoCD, a popular GitOps tool, fits into the ecosystem. The speaker will also dive into the key features and architecture of ArgoCD, and demonstrate how it can be used to deploy applications to Kubernetes. By the end of the session, attendees will have a solid understanding of GitOps principles and how ArgoCD can be used to manage Kubernetes deployments.

Saloni Narang

Developer

SAP Labs

05:55 AM -- 06:25 AM

Finding Imposter Among Us: Container Edition

Much like the game Among Us, Bad faith actors can sneak into our spaceship aka containerized workloads anytime. It now comes to the crew members to guess and eliminate the threat. Similarly even if we secure our supply chain, there will always be threat actors that can attack at runtime. It is not a matter of if but when. There's a need to enforce security at runtime to contain damages when it happens. Containers are not black boxes, there's a need to understand the entities that run inside them. Just sand-boxing around them isn't enough, we need to profile our entities inside our containers, profile them and enforce zero trust rules. But achieving zero trust is non trivial especially with the highly dynamic nature of modern containerized workloads. This session will be about understanding the entities inside our containers, trying to identify assets that are exposed to entities inside containers, explore our crew members eBPF, Seccomp and LSMs who will help us identify and quarantine breaches at runtime minimizing our attack surface in the process.

Barun Acharya

Accuknox

06:25 AM -- 06:55 AM

Autoscaling Kubernetes Workloads Based On Metrics

Tired of scaling your Kubernetes workloads manually? Tired of overprovisioning resources that lead to unnecessary costs? Tired of underprovisioning resources that lead to degraded application performance? Join Rakshit in his talk in which he will briefly explain how we can use metrics to autoscale our Kubernetes workloads with the help of HorizontalPodAutoscaler. Join him on a ride to learn about the history, the different types of scaling techniques, and finally go through a live demo of scraping metrics from Prometheus using the Keptn Lifecycle Toolkit and scaling the workloads using HorizontalPodAutoscalar. Being an active contributor for Keptn, He will briefly explain how the Keptn Metrics Operator enables us to have a single entry point for the metrics data, regardless of the source of metrics and helps us in autoscaling our workloads. Get to learn about the challenges faced while scaling workloads manually. Get to learn about the benefits of using metrics to autoscale Kubernetes workloads without having to fear unessential costs and poor application performance. Get hands-on experience using the Keptn Lifecycle Toolkit to scrape metrics from any metric provider and then use it to autoscale your Kubernetes workloads.

Rakshit Gondwal

Punjab Engineering College

06:25 AM -- 06:55 AM

Sponsored session: A tale of two distributed systems through the lens of a developer

Developers continue to be one of the most valuable resources of a company. The tools they use need to align with modern cloud native development practices while helping them be as productive and efficient as possible. In this session, we’ll go over a practical demonstration of building a scalable cloud-native stack with Kubernetes and YugabyteDB (a distributed SQL) and talk about how these two distributed systems can assist you in creating distributed apps quickly from scratch using a scaffolding accelerator.

Srinivasa Vasu

Field Solution Engineer

Yugabyte

07:00 AM -- 08:00 AM

Lunch

08:00 AM -- 09:30 AM

Platinum Sponsor Workshop: Getting Started with Kubernetes Observability

In this workshop, we will use a sample Kubernetes template to create multiple microservices comprising an e-commerce shopfront where shoppers can buy unique socks. We will explore various aspects, such as metrics, events, logs, and traces. This will give you better insights into Kubernetes and important Observability concepts.

Zameer Fouzan

Senior Developer Relations Engineer

New Relic

08:00 AM -- 08:15 AM

Sponsored Lightning Talk: Monitor Kubernetes cluster with Elastic

Bring logs, metrics, and traces from your Kubernetes cluster and the workloads running on it into a single, unified solution. Elastic observability gives better visibility on your kubernetes ecosystem where you can monitor your pods, services, workload etc. Use a centrally managed Elastic Agent to gain visibility into your Kubernetes deployments on EKS, AKS, GKE or self-managed clusters.

Ashish Tiwari

Sr. Developer Advocate

Elastic

08:00 AM -- 08:30 AM

TBA

08:15 AM -- 08:30 AM

Securing Kubernetes with m9sweeper

In this talk, we will be discussing the importance of securing your Kubernetes cluster and how you can do it using the powerful tool, "m9sweeper." As the adoption of Kubernetes continues to grow, it has become more critical to prioritize the security of your cluster. "M9sweeper" is an open-source security tool that is designed to detect and identify vulnerabilities and misconfigurations in your Kubernetes deployment. It offers a comprehensive set of checks that cover a broad range of security aspects, including network policies, access control, encryption, and pod security. We will also highlight some of the key benefits of using this tool, including the ability to automate security checks, improve compliance, and increase the overall resilience of your cluster.

Koteswara Rao Vellanki

UST

08:30 AM -- 08:45 AM

Open Policy Agent: Evaluating Policy at Client side using WASM

In modern distributed systems, security and policy enforcement are critical components that ensure the system operates securely and as intended. Kubernetes has built-in policy enforcement capabilities using Kubernetes Network Policies and Kubernetes Admission Controllers, but these are limited to server-side enforcement. What about client-side policy enforcement? Open Policy Agent (OPA), an open-source project that allows to evaluate policies at client-side using WebAssembly (WASM). With OPA and WASM, we can define, test, and enforce policies at the client-side, ensuring that all requests to a Kubernetes cluster are evaluated against policies before being sent to the server-side. In this talk, I'll cover: - An overview of Open Policy Agent (OPA) and how it works. - How to use OPA to define policies using the Rego policy language. - How to use WASM to evaluate policies at client-side. - Real-world use cases of client-side policy enforcement with OPA and WASM in Kubernetes. - Best practices and considerations for using OPA and WASM for client-side policy enforcement. - Demo with some interesting use cases of OPA client side policy evaluation in Kubernetes.

Pulak Kanti Bhowmick

Senior Software Engineer

Optimizely

08:30 AM -- 08:45 AM

Supply chain security for dummies

As per the reports of many security research and analysis firms, the number of supply chain security attacks is on the rise and is expected to increase even further in the near future. Supply chain security is even more critical when it comes to a Kubernetes & cloud-native landscape where a large number of tools, and applications from different vendors and community comes together which significantly increases the sources of potential supply chain attacks. In this session, I will provide a quick introduction to supply chain security, what risks we face at various stages (code, build, deploy etc) of the supply chain, what kinds of supply chain attacks we have seen in the recent past and what common step an organization can take to ensure its supply chain is robust and less prone to attacks. I will also discuss the cultural changes an organization should make to ensure effective collaboration between owners of different supply chain stages of a product and will also touch upon the Supply Chain Levels for Software Artifacts (SLSA).

Akash Gautam

Consultant

Kubermatic

08:45 AM -- 09:15 AM

Application-aware backups of Kubernetes applications

Cloud-native applications comprise various components including data services, storage systems, and related Kubernetes objects. Each component requires its own data protection tools, strategy, and domain expertise. A robust solution aligned with business requirements often involves complex workflows. What if there was a way to coordinate the implementation of these workflows while optimizing how backups are moved into storage? During this talk, Amruta will demonstrate how two open-source tools, Kanister and Kopia, work together to optimize backup and recovery for Kubernetes applications. 2. Benefits to the Ecosystem Robust and scalable backup and recovery workflows are among the key operational concerns that teams need to address. But their complexity inhibits developers from running databases in Kubernetes, despite the rising support for stateful applications in the environment. Kanister not only enables backup and restore of databases in Kubernetes, it allows developers and operators to perform application-specific data management tasks by defining a set of Kubernetes custom resources. Using Kanister and Kopia together, developers can create encrypted, compressed and deduplicated point-in-time snapshots from the streamed database backup and upload them to the cloud object store.

Amruta Kale

Kasten By Veeam

08:45 AM -- 09:15 AM

Kubernetes for Machine Learning: Managing and Scaling AI Workloads

Kubernetes and Machine Learning is an intersection that enables creating applications harnessing the power of Data. This talk I will explore the intersection of Kubernetes and machine learning and discuss best practices for managing and scaling AI workloads. Along with diving into End to end ML lifecycle using Kubeflow, dive into specific use cases for Kubernetes in machine learning, highlight challenges and solutions, and explore advanced features such as horizontal and vertical scaling, pod affinity and anti-affinity, and specialized resource types like GPUs and TPUs.

Drishti Jain

09:15 AM -- 09:30 AM

First Principles of Observability Systems

As Kubernetes and microservice adoption has gone mainstream, a slew of observability solutions have been born, and picking an observability system is hard. A couple of questions you might find yourself asking are: - “Is the ingestion rate fast enough?” - “How long can the system retain data?” - “Are the query speeds good enough?” - “How easy is it to scale horizontally?” Benchmarking systems may or may not always give you the right answer for a variety of reasons- it’s easier to take a decision based on understanding the first principles. All of the observability pillars(metrics, logs, traces, profiling) share a common set of problems, we’ll look at how various open-source projects have tackled those problems and evaluate their solutions. Hopefully, by end of the talk, it can help you make a decision on an observability system or maybe inspire you to build your own.

Harsh Thakur

09:15 AM -- 09:30 AM

Sponsored Lightning Talk

09:30 AM -- 11:00 AM

Introduction to WebAssembly

Join us for an immersive workshop on Cloud Native WebAssembly and discover the future of application development! In today's rapidly evolving digital landscape, agility, scalability, and portability are crucial for building modern applications. Cloud Native WebAssembly (Wasm) has emerged as a game-changing technology that combines the benefits of containerization, microservices, and the lightweight, high-performance nature of WebAssembly. During this hands-on workshop, our expert instructors will guide you through the fundamental concepts of Cloud Native WebAssembly and demonstrate how it revolutionizes the way we develop, deploy, and manage applications in the cloud. Whether you're a developer, architect, or DevOps professional, this workshop offers valuable insights and practical knowledge to enhance your skill set.

Matt Butcher

CEO

Fermyon

Saiyam Pathak

Director of Technical Evangelism

Civo

Divya Mohan

SUSE

Senior Technical Evangelist

Shivay Lamba

WASMEdge Ambassador

09:30 AM -- 10:00 AM

Run PostgreSQL:The Kubernetes way

CloudNativePG is an open source operator designed to manage PostgreSQL workloads on any supported Kubernetes cluster running in private, public, hybrid, or multi-cloud environments. CloudNativePG adheres to DevOps principles and concepts such as declarative configuration and immutable infrastructure. It defines a new Kubernetes resource called Cluster representing a PostgreSQL cluster made up of a single primary and an optional number of replicas that co-exist in a chosen Kubernetes namespace for High Availability and offloading of read-only queries. Applications that reside in the same Kubernetes cluster can access the PostgreSQL database using a service which is solely managed by the operator, without having to worry about changes of the primary role following a failover or a switchover. Applications that reside outside the Kubernetes cluster, need to configure a Service or Ingress object to expose the Postgres via TCP. Web applications can take advantage of the native connection pooler based on PgBouncer. We will cover Day 0 to Day 2 Operations and How data on Kubernetes is more important these days. Talk will cover about Day 0: Planning Day 1: Setup and validate. Day2 : Day2 operations Like Restore and Scaling.

Danish Khan

EDB

09:30 AM -- 10:00 AM

Incremental Backups in Kubernetes: Where We Stand and What is Missing

As Kubernetes adoption matures, a recent CNCF.io study showed that stateful workloads have grown to over 40% of deployments. Operating persistence and storage on a cluster for the stateful applications in Kubernetes has always been challenging, especially when it comes to backup and disaster recovery. The traditional backup strategies are not sufficient considering the dynamic nature of containers and distributed architecture. In this talk, Prasad will talk about different strategies used to protect Kubernetes stateful application data and compare their pros and cons. We will also throw light on the missing piece in Kubernetes architecture to perform incremental backups i.e. changed block tracking. And ongoing efforts by Data Protection Working Group to add the changed block tracking capability to Kubernetes with KEP-3314 to make the backups more efficient and quicker.

Prasad Ghangal

Kasten by Veeam

10:00 AM -- 10:15 AM

How to Not-Mess-Up Production

Deploying applications from localhost to production can be a daunting task. There are a million ways to break it and give the on-call team a new topic for the engineering blog. Seemingly small things (chmod) can cause big impacts (crash the server beyond recovery). In this talk, Wilfred shares his experiences of production mess-ups Here’s what Wilfred has in store for you: Discover how running "chmod root" during a business meeting led to a server crash beyond recovery and an awkward conversation with the boss. Learn why you should never ever run "select *", unless you have all day to wait for the results to come in. Find out what happens when you accidentally make your secrets public, and how to avoid doing so in the future. Explore the joys of "chmod /usr" and the broken sudo nightmares that follow. Get practical tips on how to avoid production mistakes, and how to handle them when they happen. This talk will take into consideration a practical deployment scenario of deploying a backend system on a VM with a database(crash this and data gone) and walk you over what you want to do, what you'll do, what problems you'll face, and how it can mess up production. You'll learn why production is stringent the way it is and the importance of mechanisms like IAM, RBAC, ABAC, MFA. The final take will be on what to do when you or someone along you messes up something in production. Join in to learn from Wilfred’s experiences of making on localhost and breaking on production.

Wilfred Almeida

LFX'23 @ CNCF - Harbor

CNCF

10:00 AM -- 10:15 AM

Sponsored Lightning talk

10:15 AM -- 11:00 AM

Booth crawl

11:00 AM -- 11:20 AM

Tea + networking

11:20 AM -- 11:35 AM

Sponsored keynote: Can AI handle the complexity of Kubernetes and cloud-native environments?

Steve Ng

Head of Developer Relations APJ at New Relic - Advocacy | Platform | Ecosystem

New Relic

11:35 AM -- 12:05 PM

No YAML!

Did you know that you can write Kubernetes deployments without using any YAML? No way, you say? After all, we were taught that YAML is the only way to write Kubernetes manifests. Well, my friend, what if I tell you that there are alternatives? What if I tell you, that you can write your Kubernetes manifests in a programming language you're already familiar with? In this talk, I will demonstrate several alternatives to YAML for writing your Kubernetes deployments

Engin Diri

Customer Experience Architect

Pulumi

12:05 PM -- 12:30 PM

Closing remarks