Home
Videos uploaded by user “CNCF [Cloud Native Computing Foundation]”
Keynote: Kubernetes Federation - Kelsey Hightower, Google
 
18:51
Keynote: Kubernetes Federation - Kelsey Hightower, Google About Kelsey Hightower Kelsey Hightower has worn every hat possible throughout his career in tech, and enjoys leadership roles focused on making things happen and shipping software. Kelsey is a strong open source advocate focused on building simple tools that make people smile. When he is not slinging Go code, you can catch him giving technical workshops covering everything from programming to system administration. [@kelseyhightower] Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.
Keynote: Kubernetes and the Path to Serverless - Kelsey Hightower, Staff Developer Advocate, Google
 
24:25
Keynote: Kubernetes and the Path to Serverless - Kelsey Hightower, Staff Developer Advocate, Google In this keynote, Kelsey Hightower will demonstrate that the gap between Kubernetes and Serverless is smaller than people think. He'll be porting a Kubernetes Pod to an AWS custom Lambda function live. To learn more: https://sched.co/Gsy5 Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.
Keynote: Anatomy of a Production Kubernetes Outage - Oliver Beattie, Head of Engineering, Monzo Bank
 
17:45
Want to view more sessions and keep the conversations going? Join us for KubeCon + CloudNativeCon North America in Seattle, December 11 - 13, 2018 (http://bit.ly/KCCNCNA18) or in Shanghai, November 14-15 (http://bit.ly/kccncchina18). Keynote: Anatomy of a Production Kubernetes Outage - Oliver Beattie, Head of Engineering, Monzo Bank This talk will dive into a production Kubernetes outage that Monzo experienced a few months ago, its causes and effects, and the architectural and operational lessons learned. About Oliver Oliver Beattie is Head of Engineering at Monzo, leading the development of the distributed systems to power a new kind of bank. He previously worked on Hailo's global micro-services platform. Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.
Introduction to Containerd - Patrick Chanezon, Member of Technical Staff, Docker, Inc.
 
05:36
Introduction to Containerd - Patrick Chanezon, Member of Technical Staff, Docker, Inc. About Patrick Chanezon Member of Technical Staff, Docker, Inc. Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.
Kubernetes Deconstructed: Understanding Kubernetes by Breaking It Down - Carson Anderson, DOMO
 
33:15
Kubernetes Deconstructed: Understanding Kubernetes by Breaking It Down [I] - Carson Anderson, DOMO Understanding Kubernetes as a whole can be daunting. With so many different components working together it can be hard to know how the pieces work together or where new products and features fit in. I will start at the highest level and then peel off the layers one at time to explain how some of the "magic" happens. Over the course of the presentation I will break Kubernetes into the following layers: "Kubernetes for the End User": A quick summary on some of the core components of Kubernetes: Namespaces, Deployments, Pods, Services, and Ingress Rules. At this layer the user just needs to understand the promises made by Kubernetes, not necessarily the way it keeps them. This layer primarily serves to establish a typical cluster workload. The resources defined here will be used when explaining all of the deeper layers. "Kubernetes for the Cluster Admin": This Layer peels away some of the cluster "Magic". I will cover how the service account, default tokens, ReplicaSet and Pods from the previous layer got created by the kube-controller-manager. I will also explain how the kube-scheduler decided which node the workload should run on and how that decision could have been influenced by fields in the pod spec. This section will touch on the core concepts of Ingress controllers, Admission Controllers, scheduling, and core controller loops. "Kubernetes for the Cloud Admin": This layer covers Kubernetes at an infrastructure level. Core concepts covered are: Horizontal Scaling, Load Balancing, high availability for masters and nodes, node management, and fault-tolerance levels. Here is also where I set the stage for the network layer that is covered next. "Kubernetes for the Network Admin": Now we dig deeper into the network infrastructure. Explaining how pods and services work together, how your network traffic figures out where to go, and how it gets there. This section covers the concepts of East-West and North-South load balancing. The goal is to provide an basic understanding of the network promises made by Kubernetes and how you might replace them with other software and services. "Kubernetes for the Linux Admin": A discussion of Kubernetes at the OS layer. This layer digs into the processes and configuration of the base OS. This includes pluggable container engines ex: Docker vs. Rkt, logging, CNI, metric gathering and volume mounting. "Kubernetes for the Power-User": Time permitting, the final section will put all of the previous ones together to show how a next-generation application might be deployed on top of Kubernetes and take advantage of the more advanced features. About Carson Anderson I've been working as a Sys Admin 8 years. I have been focused on Docker, Kubernetes, and container infrastructure at scale for the last 2 years. | | Unabridged version of Kubernetes Deconstructed: https://vimeo.com/245778144/4d1d597c5e Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.
Keynote: Serverless, Not So FaaS - Kelsey Hightower, Kubernetes Community Member, Google
 
15:52
Want to view more sessions and keep the conversations going? Join us for KubeCon + CloudNativeCon North America in Seattle, December 11 - 13, 2018 (http://bit.ly/KCCNCNA18) or in Shanghai, November 14-15 (http://bit.ly/kccncchina18) Keynote: Serverless, Not So FaaS - Kelsey Hightower, Kubernetes Community Member, Google About Kelsey Kelsey Hightower has worn every hat possible throughout his career in tech, and enjoys leadership roles focused on making things happen and shipping software. Kelsey is a strong open source advocate focused on building simple tools that make people smile. When he is not slinging Go code, you can catch him giving technical workshops covering everything from programming to system administration. Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.
Go + Microservices = Go Kit [I] - Peter Bourgon, Go Kit
 
38:49
Go + Microservices = Go Kit [I] - Peter Bourgon, Go Kit Go is emerging as the default programming language for cloud-native tooling and infrastructure. But it's also a perfect language for implementing your business logic—with a little bit of help! This talk introduces and deep-dives into Go kit, an independent open-source toolkit for writing microservices in Go. We first identify the defining characteristics and challenges of working in a cloud-native architecture, and then build a production-grade, highly idiomatic Go kit microservice to address all of the concerns. Special attention is paid to instrumenting with Prometheus, log storage with Fluentd, distributed tracing with OpenTracing, and deploying via Kubernetes — all of which work out-of-the-box. About Peter Bourgon Peter Bourgon is a distributed systems engineer who has seen things. He is the author of Go kit, a toolkit for writing business microservices in Go. Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.
Jenkins X: Easy CI/CD for Kubernetes - James Strachan, CloudBees (Intermediate Skill Level)
 
34:56
Want to view more sessions and keep the conversations going? Join us for KubeCon + CloudNativeCon North America in Seattle, December 11 - 13, 2018 (http://bit.ly/KCCNCNA18) or in Shanghai, November 14-15 (http://bit.ly/kccncchina18). Jenkins X: Easy CI/CD for Kubernetes - James Strachan, CloudBees (Intermediate Skill Level) This talk will introduce you to a new open source project, Jenkins X, which is an open source CI / CD platform for Kubernetes based on Jenkins. After a short introduction James will spent most of the talk demonstrating how to develop applications with CI / CD on Kubernetes with Jenkins X: easily setup your own CI / CD system on your cloud of choice using standard tools: kubernetes, draft, helm, jenkins * quickly create new microservices or import existing projects with automated CI / CD * use Pull Requests to trigger CI, Preview Environments, human approval then a full CD release * use automated provisioning to Preview, Testing, Staging & Production environments via helm charts and GitOps After this talk you should be able to develop cloud native apps at full speed with automated CI / CD in any language on any kubernetes cluster! Lest go faster! About James I work on CI + CD for Kubernetes with Jenkins for CloudBees. I'm the lead architect of Jenkins X. I also created the Groovy programming language, Apache Camel & was a founder of fabric8 & ActiveMQ. I've spoken at many conferences over the years (DevOxx, QCon, JavaOne, JFokus, ...) but never KubeCon! Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.
Building Helm Charts From the Ground Up: An Introduction to Kubernetes [I] - Amy Chen, Heptio
 
33:20
Building Helm Charts From the Ground Up: An Introduction to Kubernetes [I] - Amy Chen, Heptio Learn the basics of Kubernetes from the perspective of creating a Helm Chart from scratch! The Kubernetes cluster will be launched from Rancher, an open source container management software. At the end of this workshop, you will have a functional understanding of pods, services, deployments, Helm, Rancher, and more! Why learn Kubernetes with Helm Charts? Much of today's beginner educational content for Kubernetes uses the Kubernetes CLI tool. This can make it hard to visualize the relationship between each command and debug your cluster. Learning how to incrementally build Helm Charts provides a bigger picture of your cluster and is more reproducible. Why is Rancher cool? Rancher makes it easy to configure, deploy and manage Kubernetes, on any infrastructure! I'm in, what are we doing? - Gain a high level understanding of key Kubernetes concepts accompanied with a lot of diagrams - Gain an understanding of Rancher's open source container management platform - Incrementally build a Nginx Helm Chart - Deploy Nginx from a Kubernetes cluster managed by Rancher About Amy Chen Amy Chen is a systems software engineer at heptio. She is passionate about containers, orchestration tools, Go, and salsa dancing. In her free time, Amy runs a youtube channel called Amy Codes where she talks about technical and non-technical aspects of being a software engineer. (https://www.youtube.com/AmyCodes). She also founded a grassroots Facebook online community now 8.5K large called Ladies Storm Hackathons. The demographic is largely college and new grad aged people of all genders with the common aim of gender equality in the tech industry. She aims to make the container and infrastructure industry more accessible to women by evangelizing with her excitement to women's communities. You can follow her internet shenanigans here: https://www.youtube.com/AmyCodes https://twitter.com/TheAmyCodes https://medium.com/@amy https://github.com/amy https://www.instagram.com/theamycode/ Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.
Helm Chart Patterns [I] - Vic Iglesias, Google
 
28:32
Helm Chart Patterns [I] - Vic Iglesias, Google You will learn about the patterns and best practices we have learned from reviewing and maintaining the charts in the public Helm Charts repo. You will learn how to make your charts reproducible, scalable, flexible, configurable, and composable. About Vic Iglesias Vic Iglesias is a Staff Solutions Architect at Google with years of experience in both on-premise and in-cloud workload deployment, orchestration and management. He is a maintainer of the Kubernetes Charts repo and focuses on helping customers adopt Container Engine reliably, securely, and at scale. Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.
Keynote: OpenTracing and Containers: Depth, Breadth, and the Future of Tracing - Ben Sigelman
 
19:10
Keynote: OpenTracing and Containers: Depth, Breadth, and the Future of Tracing - Ben Sigelman, Co-Founder, LightStep "Those building microservices at scale understand the role and importance of distributed tracing: it’s the most direct way to understand how and why a system is misbehaving. But distributed tracing has long harbored a dirty secret: the source code instrumentation can been complex, fragile, expensive, and difficult to maintain. The OpenTracing project addresses that integration problem through standardization and collaborations with other open-source software systems. In this talk, Ben will begin by describing OpenTracing and explaining why you should care about it. He will then show how OpenTracing will be able to deliver zero-touch, black-box instrumentation of distributed applications via orchestration systems like Kubernetes, and why that could change the way we all reason about distributed computation." About Ben Sigelman Ben is a cofounder at LightStep, a company that makes complex microservice applications more transparent and reliable. Previously, Ben spent nine years at Google where he ate lots of snacks and designed several large (~1M-process) distributed systems. The most significant of these were Dapper, an always-on distributed tracing system; and Monarch, a high-availability timeseries collection, storage, and query system.​ Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.
Keynote: Kubernetes by Kelsey Hightower, Staff Developer Advocate, Google
 
15:08
Keynote: Kubernetes - Kelsey Hightower, Staff Developer Advocate, Google After almost 2 years in production it helps to remind ourselves what Kubernetes is. At it's core Kubernetes is a set of small, well defined, components connected by an unified API. On the surface, Kubernetes is an application management platform, but if you dig a little deeper you'll discover that Kubernetes is a framework for building distributed systems. During this session attendees will go below the surface and gain an understanding of the Kubernetes core and learn how to leverage it to solve common infrastructure challenges in new and innovated ways. Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.
Keynote: Kubeflow ML on Kubernetes - David Aronchick &  Vishnu Kannan
 
21:58
Want to view more sessions and keep the conversations going?  Join us for KubeCon + CloudNativeCon North America in Seattle, December 11 - 13, 2018 (http://bit.ly/KCCNCNA18) or in Shanghai, November 14-15 (http://bit.ly/kccncchina18). Keynote: Kubeflow ML on Kubernetes - David Aronchick, Product Manager, Cloud AI and Co-Founder of Kubeflow, Google & Vishnu Kannan, Sr. Software Engineer, Google About David David Aronchick was the Senior Product Manager for the Google Container Engine and led product management on behalf of Google for Kubernetes. David has been helping to ship software for nearly 20 years, founding and being part of the management team for three different startups, as well as squeezing in time at Microsoft, Amazon, Chef, and now Google. David is co-founder of the Kubeflow project, an effort to help developers and enterprises deploy and use ML cloud-natively everywhere. About Vishnu Vishnu Kannan is a Senior Software Engineer at Google. Vishnu received his Masters in ECE from Georgia Tech. He has been a systems engineer ever since he graduated. He hacked on the Linux Kernel for a couple of years at Cisco. He then worked on Borg at Google. He is currently an active maintainer in the Kubernetes community focussing on managing compute resources at scale." Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.
Securing Cluster Networking with Network Policies - Ahmet Balkan, Google
 
30:55
Securing Cluster Networking with Network Policies - Ahmet Balkan, Google In a secure microservices cluster, you should only have the pods that need to communicate with each other to be able to establish network connections, and block all others. But how? Until recently, Kubernetes users could not enforce policies for container networking. First introduced in Kubernetes 1.3, Network Policies are now a stable feature in Kubernetes 1.7. In this talk, we will discuss use cases for network policies, the Network Policy API, how to configure network policies, and how the configured policies are enforced. We will also present some network policies that address some common use cases and are relevant to securing your Kubernetes clusters. Also, we will discuss the roadmap for Network Policies feature, other methods you can use to secure applications at network and application layers, and how Network Policies relate to service mesh projects such as Istio that offer similar functionality. About Ahmet Alp Balkan Ahmet is a software engineer at Google Kubernetes Engine, working on optimizing the developer experiences. He creates developer tools and tells stories about complicated features. Previously, he has worked on Microsoft Azure on projects like porting Docker to Windows and Azure Container Registry. Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.
Writing a Custom Controller: Extending the Functionality of Your Cluster [I] - Aaron Levy
 
26:00
Writing a Custom Controller: Extending the Functionality of Your Cluster [I] - Aaron Levy, CoreOS Much of the functionality in a Kubernetes cluster is managed by a reconciliation pattern within "controllers". The node, service, or deployment controllers (just to name a few) watch for changes to objects, then act on those changes to drive your cluster to a desired state. This same pattern can be used to implement custom logic, which can be used to extend the functionality of your cluster without ever needing to modify Kubernetes itself. This talk will cover how to implement your own custom controller, from contacting the Kubernetes API to using existing libraries to easily watch, react, and update components in your cluster. By building on existing functionality and following a few best practices, you can quickly and easily implement your own custom controller. About Aaron Levy Aaron Levy is a software engineer at CoreOS, working on all things Kubernetes. He is also the lead maintainer of bootkube, a kubernetes-incubator project that enables launching self-hosted kubernetes clusters. Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.
The Service Mesh: Past, Present, and Future [B] - William Morgan, Buoyant
 
35:56
The Service Mesh: Past, Present, and Future [B] - William Morgan, Buoyant In this talk, we describe the service mesh, a runtime infrastructure layer that’s rapidly rising to prominence with the advent of open source projects like Istio, Envoy, and Linkerd. We trace the evolution of the service mesh model through three-tiered apps and “fat clients” to the modern, sidecar-based implementations, compare and contrast with ESBs and API gateways, and show that, as with most “new” technology, the ideas and principles behind the service mesh have been around for a long time. About William Morgan William is the cofounder and CEO of Buoyant, a startup focused on building service mesh technology. Prior to Buoyant, he was an infrastructure engineer at Twitter, where he helped move Twitter from a failing monolithic Ruby on Rails app to a highly distributed, fault-tolerant microservice architecture. He was a software engineer at Powerset, Microsoft, and Adap.tv, a research scientist at MITRE, and holds an MS in computer science from Stanford University. Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.
Keynote: KubeCon Opening Keynote - Kelsey Hightower, Google
 
23:20
Keynote: KubeCon Opening Keynote - Kelsey Hightower, Staff Developer Advocate, Google About Kelsey Hightower Kelsey Hightower has worn every hat possible throughout his career in tech, and enjoys leadership roles focused on making things happen and shipping software. Kelsey is a strong open source advocate focused on building simple tools that make people smile. When he is not slinging Go code, you can catch him giving technical workshops covering everything from programming to system administration. Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.
Lightning Talk: Flexible Logging Pipelines with Fluentd and Kubernetes - Jakob Karalus, codecentric
 
05:15
Lightning Talk: Flexible Logging Pipelines with Fluentd and Kubernetes - Jakob Karalus, codecentric Log forwarding from containers in kubernetes with fluentd works like a charm. But most applications require more than just forwarding, various applications require different parsing patterns, outputs, formats etc. Managing these in a large multi tenant cluster can be challenging and usually require an additional shared forwarding/parsing infrastructure. Otherwise manual configuration changes by a cluster operator are needed. Both ways can be problematic when many different teams share the same cluster. In this Lighting Talk attendees will learn how to leverage the tools to automatically load specifications/grok patterns from kubernetes at runtime. This leads developers to define those on their own in their pod definition without the existence of a cluster operator or an extra infrastructure. Because of this new possibility the developer gains more flexibility in his application without the necessity to coordinate with cluster operators or other teams. About Jakob Karalus Jakob is a IT-Consultant at codecentric focussing on DevOps. His main interest is to play with exciting and evolving technologies around orchestration and automation. Currently he helps a large Enterprise as a cluster operator at running a multi tenant kubernetes cluster with supporting infrastructure like logging and monitoring. Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.
Keynote: Kubernetes: Finally...A True Cloud Platform by Sam Ghods, Co-founder, Box
 
16:55
Keynote: Kubernetes: Finally...A True Cloud Platform - Sam Ghods, Co-founder, Box "Kubernetes is often perceived as ""just another"" container orchestration framework. But the Kubernetes API has its design rooted in more than 10 years of experience with Borg and was explicitly designed to not be specific to Kubernetes - instead, it's a generic way to describe your entire application infrastructure. This is the first time that we have had a universal interface that we can build real deployment tooling against. We'll talk about what this means for managing applications in the cloud and what opportunities it presents to those who wish to build the future of cloud infrastructure." About Sam Ghods Sam Ghods is a cofounder and Services Architect at Box, where he is responsible for service infrastructure. Prior to his current role, Sam led software architecture at Box for eight years as Vice President of Technology. Previously, he was an engineer and cofounder at two startups. Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.
Hacking and Hardening Kubernetes Clusters by Example [I] - Brad Geesaman, Symantec
 
39:31
Hacking and Hardening Kubernetes Clusters by Example [I] - Brad Geesaman, Symantec While Kubernetes offers new and exciting ways to deploy and scale container-based workloads in production, many organizations may not be aware of the security risks inherent in the out-of-the-box state of most Kubernetes installations and the common practices for deploying workloads that could lead to unintentional compromise. Join Brad Geesaman, the Cyber Skills Development team lead at Symantec, on an eye-opening journey examining real compromises and sensitive data leaks that can occur inside a Kubernetes cluster, highlighting the configurations that allowed them to succeed, applying practical applications of the latest built-in security features and policies to prevent those attacks, and providing actionable steps for future detection. The hardening measures taken in response to the attacks demonstrated will include guidelines for improving configurations installed by common deployment tools, securing the sources of containers, implementing firewall and networking plugin policies, isolating workloads with namespaces and labels, controlling container security contexts, better handling of secrets and environment variables, limiting API server access, examining audit logs for malicious attack patterns, and more. About Brad Geesaman Brad was recently the Cyber Skills Development Engineering Lead at Symantec Corporation where he supported the operations and delivery of ethical hacking learning simulations on top of Kubernetes in AWS. Although he spent several years as a penetration-tester, his real passion is educating others on the real-world security risks inherent in complex infrastructure systems through demonstration followed by practical, usable advice on detection and prevention. Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.
The Illustrated Children's Guide to Kubernetes
 
08:51
Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.
Life of a Packet [I] - Michael Rubin, Google
 
34:19
Life of a Packet [I] - Michael Rubin, Google Tracing the path of network traffic in the kubernetes system. Clarifying which API objects map to implementation and how Google deploys this in GKE today. Attendees will learn about topics from how networking packets are processed when the cluster is working as designed and what are common problems when the cluster is being creative and surprising. About Michael Rubin Senior Staff Eningeer & TLM, Google Twenty years in the Systems Software Industry, from developing enterprise file servers and systems. The past ten years he has worked at Google where he founded the Linux Storage group for its data centers and worked on world wide WAN and BGP technologies. Today he is co-leading and managing Kubernetes with a focus on node, networking, storage and federation efforts. Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.
Disaster Recovery for your Kubernetes Clusters [I] - Andy Goldstein & Steve Kriss, Heptio
 
35:01
Disaster Recovery for your Kubernetes Clusters [I] - Andy Goldstein & Steve Kriss, Heptio It’s 3am. Your pager is beeping. Your Kubernetes cluster is down. Don’t panic - we’ve got you covered. In this talk, we’ll describe a variety of disaster scenarios you may encounter. We’ll arm you with the knowledge you need to overcome them. Whether you’re a systems administrator, application developer, or end user, after this talk you’ll walk away with a thorough understanding of Kubernetes disaster recovery, including: A disaster recovery overview - Strategies for Kubernetes - Comparisons to federation and high availability - Which components to back up vs recreating from scratch How to minimize your time to recovery - Automate cluster creation and infrastructure configuration - Back up and quickly restore your cluster applications, workloads, and persistent volumes using tools such as Heptio Ark How to handle specific disaster scenarios - Losing nodes - Recovering from bad configuration updates - Cloud provider outages About Andy Goldstein Andy Goldstein is an engineer at Heptio where he works on tooling to make operating Kubernetes clusters easier, and he also contributes to Kubernetes. Prior to his current role, Andy worked on Kubernetes and OpenShift at Red Hat. Andy lives in Rockville, MD, with his wife, two children, and two noisy cats. About Steve Kriss Steve Kriss is a systems engineer at Heptio working on building tools and products to help Kubernetes users be successful, and has been a contributor to upstream Kubernetes as well as a member of the Kubernetes release team in the past. Steve recently relocated to Seattle from New York and is still trying to find a good bagel. Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.
How Netflix Is Solving Authorization Across Their Cloud [I] - Manish Mehta & Torin Sandall, Netflix
 
36:25
How Netflix Is Solving Authorization Across Their Cloud [I] - Manish Mehta & Torin Sandall, Netflix Since 2008, Netflix has been on the cutting edge of cloud-based microservices deployments. In 2017, Netflix is recognized as one of the industry leaders at building and operating “cloud native” systems at scale. Like many organizations, Netflix has unique security requirements for many of their workloads. This variety requires a holistic approach to authorization to address “who can do what” across a range of resources, enforcement points, and execution environments. In this talk, Manish Mehta (Senior Security Software Engineer at Netflix) and Torin Sandall (Technical Lead of the Open Policy Agent project) will present how Netflix is solving authorization across the stack in cloud native environments. The presentation shows how Netflix enforces authorization decisions at scale across various kinds of resources (e.g., HTTP APIs, gRPC methods, SSH), enforcement points (e.g., microservices, proxies, host-level daemons), and execution environments (e.g., VMs, containers) without introducing unreasonable latency. The presentation includes a deep dive into the architecture of the cloud native authorization system at Netflix as well as how authorization decisions can be offloaded to an open source, general-purpose policy engine (Open Policy Agent). This talk is targeted at engineers building and operating cloud native systems who are interested in security and authorization. The audience can expect to take away fresh ideas about how to enforce fine-grained authorization policies across stackthe cloud environment. About Manish Mehta Manish Mehta is Senior Security Software Engineer at Netflix, Los Gatos, CA. He has designed and developed solutions around secure bootstrapping, authentication (service and user), and authorization for cloud-native infrastructure. His professional interests and expertise are cyber security in general, and specifically in security solutions anchored in cryptography. He holds M.S. and Ph.D. in Computer Science from Univ. of Missouri - Kansas City and has authored several research and conference publications. About Torin Sandall Torin Sandall is the technical lead of the recent open source Open Policy Agent (OPA) project. He has spent 10 years as a software engineer working on large-scale distributed systems projects. Prior to working on the Open Policy Agent project, Torin was a senior software engineer at Cyan Inc. (acquired by Ciena Corp.) where he designed and developed core components of their SDN/NFV platform such as modelling languages as well services for resource orchestration and topology discovery. Torin has recently given talks on policy-related topics in Kubernetes at ContainerDaysPDX and LinuxCon Beijing as well as the Kubernetes Community Meeting and the Kubernetes SF meetup. Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.
What's New in Kubernetes 1.13
 
41:48
This release continues to focus on stability and extensibility of Kubernetes with three major features graduating to general availability this cycle in the areas of Storage and Cluster Lifecycle. Notable features graduating in this release include: simplified cluster management with kubeadm, Container Storage Interface (CSI), and CoreDNS as the default DNS. These stable graduations are an important milestone for users and operators in terms of setting support expectations. In addition, there’s a continual and steady stream of internal improvements and new alpha features that are made available to the community in this release. Join members of the 1.13 release team to discuss the newest features in this release. Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.
Building a Storage Cluster with Kubernetes [I] - Bassam Tabbara, Quantum Corp.
 
37:10
Building a Storage Cluster with Kubernetes [I] - Bassam Tabbara, Quantum Corp. Modern software storage systems are inherently complex. They are composed of numerous distributed components, require careful balancing of resources, and have stringent performance requirements. If you're running your applications in a public cloud you're typically shielded from this complexity and can utilize managed storage services like EBS, S3 and EFS. If you're running on-premise, however, your choices are quite limited and typically result in using traditional big-iron storage systems. In this talk we'll walkthrough how we've built a production-ready storage cluster using Kubernetes. Storage nodes run as pods and enumerate the available storage devices within the cluster. We'll explore how to optimize the network through CNI plugins to separate client and storage cluster traffic. We'll show how some of the features of Kubernetes including controllers/operators, third-party resources, resource management, and rolling upgrades can lead to more powerful and resilient storage clusters. We'll also walk through use cases where the storage cluster is dedicated (hyperscaled) or shared with other applications (hyperconverged). About Bassam Tabbara Bassam Tabbara is the CTO of Quantum Corporation, a world-class leader in storage. He is spearheading several storage projects including Rook (http://rook.io). Prior to Quantum, Bassam was the CTO and co-founder of Symform, a P2P storage startup acquired by Quantum. Prior to that he was at Microsoft where he lead a number of key initiatives as part of Microsoft Research, Azure, Windows Server, and Visual Studio. Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.
Keynote: High Reliability Infrastructure Migrations - Julia Evans, Software Engineer, Stripe
 
19:05
Keynote: High Reliability Infrastructure Migrations - Julia Evans, Software Engineer, Stripe For companies with high availability requirements (99.99% uptime or higher), running new software in production comes with a lot of risks. But it's possible to make significant infrastructure changes while maintaining the availability your customers expect!I'll give you a toolbox for derisking migrations and making infrastructure changes with confidence, with examples from our Kubernetes & Envoy experience at Stripe. To Learn More: https://sched.co/GsxA Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.
Kubernetes Storage Lingo 101 - Saad Ali, Google (Beginner Skill Level)
 
34:36
Kubernetes Storage Lingo 101 - Saad Ali, Google (Beginner Skill Level) If you’ve wanted to understand what the Kubernetes volume subsystem offers, you will quickly be inundated with buzzwords like Flex Volumes, CSI, in-tree, out-of-tree, Persistent Volumes, Local Volumes, Storage Classes, drivers, plugins, volumes, dynamic provisioning, and more. It’s difficult to wrap your head around unless you’ve been emerged in the lingo. In this talk I will unravel the state of the Kubernetes Storage landscape in 2018, and, in the process, explain what all of this means and how how it fits together. "About Saad Saad Ali is a senior software engineer at Google where he works on the open-source Kubernetes project. He joined the project in December 2014, and has led the development of the Kubernetes storage and volume subsystem. He serves as a lead of the Kubernetes Storage SIG, and is co-author and maintainer of the Container Storage Interface initiative. Prior to Google, he worked at Microsoft where he led the development of the IMAP protocol for Outlook.com." Want to view more sessions and keep the conversations going?  Join us for KubeCon + CloudNativeCon North America in Seattle, December 11 - 13, 2018 (http://bit.ly/KCCNCNA18) or in Shanghai, November 14-15 (http://bit.ly/kccncchina18). Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.
Intro: Envoy - Matt Klein & Constance Caramanolis, Lyft
 
30:21
Intro: Envoy - Matt Klein & Constance Caramanolis, Lyft In this intro to Envoy, Constance will conduct a live demo in which she: - Builds a simple Envoy configuration and explains what each component does. - Runs the configuration using the Envoy docker container. - Sends traffic through Envoy. - Provides an overview of Envoy's observability and administration output. - Covers additional resources for further learning. To Learn More: https://sched.co/GrcN Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.
Building a Bank with Kubernetes by Oliver Beattie, Monzo
 
35:20
Building a Bank with Kubernetes - Oliver Beattie, Monzo "In this talk Oliver Beattie, Head of Engineering at European startup bank Monzo, explores how they are building a micro-services core banking platform, and how Kubernetes enables it all. It's a new kind of bank – unshackled from beastly, complex legacy systems – one that belongs in the 21st century, and one with the best technology in the world. Topics covered include: * Architecting applications with extreme performance and consistency requirements * RPC at scale between thousands of services in a container environment (discovery, load balancing, fault-tolerance, and observability) * Managing resources across physical data centres and multiple cloud providers * How Kubernetes is particularly well-suited to building very secure applications" About Oliver Beattie Oliver Beattie is Head of Engineering at Monzo, leading the development of the distributed systems to power a new kind of bank. He previously worked on Hailo's global micro-services platform. Find his first-person musings on Twitter @obeattie. Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.
Vault and Secret Management in Kubernetes [I] - Armon Dadgar, HashiCorp
 
30:44
Vault and Secret Management in Kubernetes [I] - Armon Dadgar, HashiCorp Secret data is everywhere, from database credentials, TLS certificates, API tokens, to encryption keys. Manageing secrets is a difficult challenge, but HashiCorp Vault provides an answer. In this talk, we discuss the challenges in secret management, provide an overview of Vault, and discuss how Vault and Kubernetes can be integrated. Integrating Vault solves the basic secret management challenge of securely distributing credentials, but also gives applications running Kubernetes access to features like dynamic secrets which are generated on demand and cryptographic offload to securely manage data in transit and at rest. About Armon Dadgar Twitter Tweet LinkedIn Connect Websitehttps://hashicorp.com Armon (@armon) has a passion for distributed systems and their application to real-world problems. He is a founder and CTO of HashiCorp, where he brings distributed systems into the world of DevOps tooling. He has worked on Nomad, Vault, Terraform, Consul, and Serf at HashiCorp, and maintains the Statsite and Bloomd OSS projects as well. Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.
101 Ways to Crash Your Cluster [I] - Marius Grigoriu & Emmanuel Gomez, Nordstrom
 
36:20
101 Ways to Crash Your Cluster [I] - Marius Grigoriu & Emmanuel Gomez, Nordstrom Running a kubernetes cluster requires operating many components. One must be good at running and scaling etcd, multiple control plane components, a monitoring system, a logging pipeline, Docker, rkt, and Linux itself. And this list isn't even close to being complete. With such a long list of technologies comes the potential to make a mistake that brings the whole cluster down. Come hear war stories from the Nordstrom's Kubernetes cluster admins. Each is a true story of how the cluster melted down, how they recovered, and what they did to prevent it from happening again. Don't let any of these happen to you... About Emmanuel Gomez Emmanuel initiated and served as tech lead on the Kubernetes platform efforts at Nordstrom for the last three years. He was working with and advocating for containers before the Kubernetes 1.0 release and has continuously (and tirelessly) developed, operated, educated, and led containerization efforts there. This work has forced him to grapple with many of the challenges that come along with the opportunities of containers and container scheduling. Challenges both technical (ex: complex distributed systems, microservices observability), and organizational (ex: inertia, fragmentation, training). Despite these experiences, he wouldn't trade the new problems back for the old. About Marius Grigoriu Marius Grigoriu leads the teams responsible for all of the major tools along the software delivery pipeline: issue tracking, version control, continuous integration and deployment, and production through the use of Kubernetes. His focus is to help teams ship high quality systems on time, on budget, and with a smile. Off the job, Marius can still be found at the keyboard, whether writing Golang or playing classical piano. Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.
Intro: Rook - Jared Watts, Upbound
 
32:37
Intro: Rook - Jared Watts, Upbound In this talk, we will be introducing the Rook project to attendees of all levels and experience. Rook is an open source cloud-native storage orchestrator for Kubernetes, providing the platform, framework, and support for a diverse set of storage solutions to natively integrate with cloud-native environments. Rook turns storage software into self-managing, self-scaling, and self-healing storage services. It does this by automating deployment, bootstrapping, configuration, provisioning, scaling, upgrading, migration, disaster recovery, monitoring, and resource management. We will explore the benefits and use cases of Rook, and we will also walk through the architecture that the project is built on. Rook was accepted as the first storage project hosted by the Cloud Native Computing Foundation (CNCF) in January 2018. To Learn More: https://sched.co/GrbY Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.
YAML is for Computers. ksonnet is for Humans - Bryan Liles, Heptio (Any Skill Level)
 
36:03
Want to view more sessions and keep the conversations going? Join us for KubeCon + CloudNativeCon North America in Seattle, December 11 - 13, 2018 (http://bit.ly/KCCNCNA18) or in Shanghai, November 14-15 (http://bit.ly/kccncchina18). YAML is for Computers. ksonnet is for Humans - Bryan Liles, Heptio (Any Skill Level) YAML as a configuration language for Kubernetes means the configuration is accessible to the API service and mostly accessible to humans. The open source project, ksonnet, provides an intuitive way to create and edit Kubernetes configuration files in a declarative fashion. It also allows configuration of applications across multiple environments. In this session, the audience will be introduced to the world of easier Kubernetes configurations. They will learn how to simplify their deployments, take advantage of reusable components, and integrate with other tools. They will be able to do this while reducing complexity by separating parameters from resources. Finally, we will review why GitOps is an important technique for ensuring your organization always knows what is in production. At the conclusion the audience will be able to immediately start integrating ksonnet into their stacks. About Bryan Bryan Liles is developer with Heptio. He currently works on the ksonnet project looking for ways to make configuring Kubernetes easier for users. Previously, Bryan was an early engineer at DigitalOcean, worked on disease discovery models, and has spent 20 years in the greater open source community. Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.
Keynote: Running with Scissors - Liz Rice, Technology Evangelist, Aqua Security
 
18:01
Keynote: Running with Scissors - Liz Rice, Technology Evangelist, Aqua Security Liz explores some common risks that many users are - often unknowingly - taking with their cloud native deployment, by running workloads with more privileges than they need.  "About Liz Liz Rice is the Technology Evangelist with container security specialists Aqua Security, and also works on container-related open source projects including manifesto and kube-bench. She has a wealth of software development, team, and product management experience from working on network protocols and distributed systems, and in digital technology sectors such as VOD, music, and VoIP. When not writing code, or talking about it, Liz loves riding bikes in places with better weather than her native London." Want to view more sessions and keep the conversations going?  Join us for KubeCon + CloudNativeCon North America in Seattle, December 11 - 13, 2018 (http://bit.ly/KCCNCNA18) or in Shanghai, November 14-15 (http://bit.ly/kccncchina18). Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.
Keynote: Prometheus 2.0 – The Next Scale of Cloud Native Monitoring - Fabian Reinartz
 
15:54
Want to view more sessions and keep the conversations going? Join us for KubeCon + CloudNativeCon North America in Seattle, December 11 - 13, 2018 (http://bit.ly/KCCNCNA18) or in Shanghai, November 14-15 (http://bit.ly/kccncchina18) Keynote: Prometheus 2.0 – The Next Scale of Cloud Native Monitoring - Fabian Reinartz, Staff Software Engineer, CoreOS In November 2017 Prometheus 2.0 was released. Along with several semantical improvements it got fitted with a new storage engine that addresses the new relatives of highly dynamic Cloud Native infrastructures. This talk will walk through the latest and greatest changes of the Prometheus's second big iteration. We explore the challenges of scaling a monitoring systems to dozens of millions of time series and how Prometheus 2.0 achieves performance improvements of up to two orders of magnitude. About Fabian Fabian Reinartz is a software engineer at CoreOS and one of the core developers of Prometheus, a monitoring system and time series database. Previously, he was a production engineer at SoundCloud and worked on information retrieval during his time at Saarland University. Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.
Serverless on Kubernetes with Kubeless [A] - Sebastien Goasguen, Bitnami & Nguyen Anh-Tu, Skippbox
 
39:09
Serverless on Kubernetes with Kubeless [A] - Sebastien Goasguen, Bitnami & Nguyen Anh-Tu, Skippbox Serverless is getting lots of attention lately. It is positioned as the next evolution for building distributed applications, going beyond container based systems and letting developers build applications workflows based on triggers and events. The three main public clouds (GCP, Azure and AWS) all have serverless offerings. In this talk we will introduce kubeless, a serverless framework built on top of Kubernetes. It allows Kubernetes users to define functions that are dynamically injected in container runtimes and exposed via HTTP or event triggers. Events are managed by Apache Kafka while HTTP triggers are exposed with Kubernetes services. It is an open source clone of Google cloud functions, and provide similar capabilities than AWS lambda. We will explain kubeless architecture, show how we leverage ThirdPartyResources and an in-cluster controller. Above the interest of serverless, this architecture shows the power of Kubernetes and how it can be used as a platform to build new systems quickly. About Sebastien Goasguen Sebastien Goasguen is a twenty year open source veteran. A member of the Apache SoftwareFoundation, he worked on Apache CloudStack and Libcloud for several years before diving into the container world. He was the founder of Skippbox, a Kubernetes startup that develops open source tools for Kubernetes users and is now the Senior Director of Cloud Technologies at Bitnami. An avid blogger he enjoys spreading the word about new cutting edge technologies and also trains developers and sysadmins on all things Docker and Kubernetes. Sebastien is the author of the O’Reilly Docker Cookbook and 60 Recipes for Apache CloudStack. About Nguyen Anh Tu Nguyen Anh Tu (Tuna) - Software engineer @ Bitnami. A Distributed System enthusiast. Current interests include containerization, microservices, PaaS, serverless. Favorite programming language: Go. Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.
Introduction to rkt - Brandon Philips, CTO, CoreOS
 
05:10
Introduction to rkt - Brandon Philips, CTO, CoreOS About Brandon Philips Brandon Philips is helping to build modern Linux server infrastructure at CoreOS as CTO. Prior to CoreOS, he worked at Rackspace hacking on cloud monitoring and was a Linux kernel developer at SUSE. As a graduate of Oregon State's Open Source Lab he is passionate about open source technologies. Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.
Keynote: 5 Years of etcd: Past, Present, and Future - Brandon Philips & Xiang Li
 
10:28
Keynote: 5 Years of etcd: Past, Present, and Future - Brandon Philips, CTO CoreOS, Red Hat & Xiang Li, Senior Staff Software Engineer, Alibaba In July 2013 the etcd project was announced to solve a critical problem for CoreOS: how to safely coordinate unattended automatic software updates across a cluster of Linux nodes. Today hundreds of companies use etcd as part of their production systems to hold critical data for their Kubernetes clusters, network systems, monitoring systems, and much more. But, how did etcd evolve into a critical system in the Cloud Native ecosystem? This talk will cover the 5-year history of etcd from the stumbles, use cases, and technical evolution. We will also dive into the trade-offs that were made as the system went from theoretical prototype to a production ready workhorse. And touch on where the project is going as it moves into the CNCF. There is no expectation of prior knowledge of etcd or how it works. The ideal audience member has a love for distributed systems, and operations. To Learn More: https://sched.co/Gsvf Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.
Keynote: Monitoring Kubernetes Clusters with Prometheus by Fabian Reinartz, CoreOS
 
19:13
Keynote: Monitoring Kubernetes Clusters with Prometheus - Fabian Reinartz, Software Engineer, CoreOS "Kubernetes is a powerful system to build, operate, and grow a Cloud Native architecture. But how can we stay on top of what’s happening across thousands of pods that are dynamically scheduled across hundreds of nodes? It needs a system capable of monitoring all individual units across the entire stack while enabling users to drill down from a global view to individual instances. Prometheus is an open source monitoring system designed with exactly this goal in mind. As it turned out, Kubernetes and Prometheus is a match made in open source heaven. Fabian will explain common challenges when monitoring large scale infrastructure and how Prometheus provides high-level observability without giving up low-level insight." About Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.
Microservices, Service Mesh, and CI/CD Pipelines: Making It All Work Together [I] - Brian Redmond
 
35:01
Microservices, Service Mesh, and CI/CD Pipelines: Making It All Work Together [I] - Brian Redmond, Microsoft Microservices come with many advantages for massively scaling applications. With that comes many challenges around service communication and application updates. It is pretty simple to do blue/green deployment and canary releases with a basic web site. But what about thousands of microservices? How can we have blue/green deployments at the service level while still allowing for efficient communication? This is one of the areas where service mesh technology is a huge benefit in Kubernetes. In this session, I will show how to use common CI/CD tooling such as Spinnaker or Jenkins to drive microservices deployments with Kubernetes. I will show how service mesh technologies such as istio and linkerd ease the ability to efficiently deliver and test microservices in Kubernetes. All without substantial changes for the microservice developer. Additionally, I will provide comparisons of the wide variety of tools available in this area. The overall goal of this demo heavy session is to show the value of these technologies working together to ease the delivery of cloud native applications. About Brian Redmond Brian Redmond is an Azure Architect on the Global Black Belt team. Brian focuses on containers, microservices, DevOps, and cloud native applications in the Azure cloud platform. Brian has been working in technology for over 20 years and has a mixed background across application development to infrastructure. Brian is based in Pittsburgh, PA and enjoys running, biking, and tinkering with new technology. Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.
Effective RBAC - Jordan Liggitt, Red Hat
 
39:38
Effective RBAC - Jordan Liggitt, Red Hat The v1 release of role-based access control (RBAC) in Kubernetes 1.8 provides a flexible way to ensure users and applications have proper access to the Kubernetes API. This talk is for administrators who want to secure their clusters, and for anyone who wants their applications to integrate easily in RBAC-enabled environments. This talk will give an overview of the RBAC design and API, explain how to set up an RBAC-enabled cluster, demonstrate applying policies to existing applications, show how to create custom roles to distribute with applications, and answer the question "Can Bob educate dolphins?" About Jordan Liggitt Jordan Liggitt is a principal software engineer at Red Hat, and helps lead Kubernetes authentication and authorization efforts. Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.
Keynote: What is Kubernetes? - Brian Grant, Principal Engineer, Google
 
17:49
Keynote: What is Kubernetes? - Brian Grant, Principal Engineer, Google Kubernetes has been described many different ways. How should one think about the platform? It partly depends on the problems you are trying to solve with it. I will discuss 10 ways to view Kubernetes based on use cases, how those uses relate to its features and architecture, how Kubernetes supports the features, and how the architecture is evolving to support them better. Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.
Kustomize: Deploy Your App with Template Free YAML - Ryan Cox, Lyft
 
35:50
Kustomize: Deploy Your App with Template Free YAML - Ryan Cox, Lyft This talk will introduce Kustomize, a declarative application management system, that allows deployments to be described as template free YAML. It's approach will be contrasted with DSLs and template based schemes. Examples will be explored modeling sophisticated deployment scenarios for a variety of application types. It will end with a deep dive into continuous development workflows that leverage the integration between Kustomize and Skaffold. To Learn More: https://sched.co/GrSn Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.
Kubernetes Auth and Access Control by Eric Chiang, CoreOS
 
41:12
Kubernetes Auth and Access Control - Eric Chiang, CoreOS Learn how to limit access to Kubernetes, lock down components, integrate with identity providers, and use the newly added RBAC types for fine grained administration of clusters. We'll explore Kubernetes auth from 10,000 feet, all the way down to tricks and quirks of individual admission plugins. About Eric Chiang Eric is an engineer at CoreOS where he works on integrating user auth technologies with Kubernetes. Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.
Everything You Ever Wanted to Know About Resource Scheduling, But Were Afraid to Ask by Tim Hockin
 
43:10
Everything You Ever Wanted to Know About Resource Scheduling, But Were Afraid to Ask - Tim Hockin, Google "Effective management of shared resources (CPU, memory, etc) is critical to achieving higher utilization and stronger isolation in shared-machine systems like Kubernetes. As the industry evolves from single-purpose machines toward shared machines running containers, we must begin to internalize and embrace the ideas of resource-based scheduling. There are several facets of resource management to consider, but it's clear that many people are still asking the wrong questions. The truth is that managing resources is HARD. This talk will try to demystify some of the thinking around this topic, share some techniques for better cluster management, and present some ideas for making Kubernetes an overall more robust system." About Tim Hockin Tim was one of the founding members of the Kubernetes project, and has overseen large parts of the system, including storage and networking. Before Kubernetes, he worked on Google's Borg and Omega systems, and was responsible for most of the node-side functionality. Before that he fiddled with the BIOS, OS, and other low-level software. Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.
Multi-Tenancy in Kubernetes: Best Practices Today, and Future Directions - David Oppenheimer
 
36:56
Want to view more sessions and keep the conversations going?  Join us for KubeCon + CloudNativeCon North America in Seattle, December 11 - 13, 2018 (http://bit.ly/KCCNCNA18) or in Shanghai, November 14-15 (http://bit.ly/kccncchina18). Multi-Tenancy in Kubernetes: Best Practices Today, and Future Directions - David Oppenheimer, Google (Intermediate Skill Level) Kubernetes offers a set of features which, when used in the right combination and configured properly, enable secure multi-tenant clusters. But it’s not always obvious how to map particular multi-tenancy requirements to those features and configurations. As a result, people often resort to spinning up one cluster per user and/or workload, thereby foregoing the utilization and management benefits they could achieve by using a single shared cluster. This talk will describe a taxonomy of various multi-tenancy models that are possible on Kubenetes today, and how to configure the existing security/multi-tenancy features to satisfy each of those use cases. We will then describe some features that are on the horizon to provide even stronger, easier-to-use multi-tenancy in Kubernetes. About David David Oppenheimer is a software engineer working on Kubernetes and GKE at Google. He is co-lead of the newly-formed Kubernetes multi-tenancy working group, and was previously co-lead of the Kubernetes scheduling SIG. He has been working on Kubernetes since 2014, and prior to that worked on Google’s Borg and Omega cluster management systems. Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.
Extending Kubernetes 101 [A] - Travis Nielsen, Quantum Corp
 
33:41
Extending Kubernetes 101 [A] - Travis Nielsen, Quantum Corp Kubernetes provides the ability to extend the platform with your own custom types and controllers. We will walk through a tutorial to write a custom controller, also known as an operator. Patterns will be reviewed that will make your application a natural extension of the platform through CRDs and desired state management, all with the same security, lifecycle management, and API surface that native Kubernetes applications expect. About Travis Nielsen Travis Nielsen is a Principal Software Engineer for Quantum Corporation where he works on Rook – a software defined storage initiative based in Seattle. Prior to Quantum, Travis was the storage platform tech lead at Symform, a P2P storage startup acquired by Quantum. Before joining the startup world, he was an engineering lead for the Windows Server group at Microsoft. Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.
Certifik8s: All You Need to Know About Certificates in Kubernetes [I] - Alexander Brand, Apprenda
 
35:57
Certifik8s: All You Need to Know About Certificates in Kubernetes [I] - Alexander Brand, Apprenda Certificates are an integral part of a secure Kubernetes cluster deployment. They are mainly used to secure the Kubernetes API server using TLS, but certificates (and keys) are also used for other cluster functions such as client authentication, encryption of secrets, TLS bootstrapping, and the generation of service account tokens. Certificates pose interesting challenges to cluster operators. What does the certificate setup look like in an ideal scenario? How long should certificates be valid for? When nearing expiration dates, how can certificates be rotated to ensure the cluster remains operational? These challenges must be understood when it comes to deploying and operating a Kubernetes cluster. After this talk, you should have a better understanding of: - How each cluster component uses certificates for secure communications - How certificates can be used for authentication, including service account tokens - How the Kubelet TLS bootstrapping process works - How to plan, generate and deploy the certificates required for a secure cluster - How to rotate certificates that are nearing their expiration date About Alexander Brand Alex works on the Kismatic Enterprise Toolkit at Apprenda, making the deployment of production Kubernetes clusters easier. He has been involved with Kubernetes and related projects since early 2016. Before Apprenda, Alex attended Queen's University in Canada, where he majored in Biomedical Computing. Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.
Would You Like Some Tracing With Your Monitoring? - Yuri Shkuro, Uber Technologies
 
33:58
Would You Like Some Tracing With Your Monitoring? - Yuri Shkuro, Uber Technologies Understanding how your microservices based application is executing in a highly distributed and elastic cloud environment can be complicated. Distributed tracing has emerged as an invaluable technique that succeeds where traditional monitoring tools falter. Yet deploying it can be quite challenging, especially in the large scale, polyglot environments of modern companies that mix together many different technologies. In this talk we share what we have learned while building and rolling out Jaeger, our open source, OpenTracing-native distributed tracing system, to hundreds of microservices at Uber. We showcase new and exciting features that make it even more valuable to engineers. About Yuri Shkuro Yuri is a Staff engineer at Uber Technologies, working on distributed tracing, reliability, monitoring, and performance. He is a member of the CNCF OpenTracing Specification Council, and the founder of Jaeger, Uber's open source distributed tracing system. Join us for KubeCon + CloudNativeCon in Barcelona May 20 - 23, Shanghai June 24 - 26, and San Diego November 18 - 21! Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.