This event has ended. Visit the official site or create your own event on Sched.
Customize your schedule by session topic and skill level:  Session Topic - Refer to the "Type" filter list to the right to find a session based on topic. Talk Difficulty - Sessions are categorized as [B]eginner, [I]ntermediate or [A]dvanced at the end of each talk title.

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

KubeCon Deep Dive [clear filter]
Wednesday, March 29

11:15 CEST

Kubernetes Scheduling Features or How Can I Make the System Do What I Want? [I] - Marek Grabowski & Wojciech Tyczynski, Google
Each user has her own set of requirements and constraints on where their Pods should be placed in a cluster. Some want to increase utilization, thus they want to pack Pods as densely as possible. Other want to maximize reliability, so they spread the Pods as thinly as they can.

Another one may have Pods that interfere with each other, e.g. by writing a lot to a local disk and don't want to put those on a single Node.

During this talk I'll tell what features are present in the default Kubernetes scheduler that can help you to accomplish all those things and more.

avatar for Marek Grabowski

Marek Grabowski

Site Reliability Engineer, Google
Marek is a Software Engineer turned Site Reliability Engineer late 2017. Currently he focuses on reliability of Kubernetes clusters. Since 2013 he has been working on Google’s Technical Infrastructure, where early 2015 he joined Kubernetes engineering team. In Kubernetes his main... Read More →
avatar for Wojciech Tyczyński

Wojciech Tyczyński

Senior Staff Software Engineer, Google
Wojciech is working on Google Technical Infrastructure & Cloud since 2012. Since February 2015 he works on Kubernetes and Google Kubernetes Engine. With the main focus on scalability, performance and reliability, he gained experience and contributed to many Kubernetes features and... Read More →

Wednesday March 29, 2017 11:15 - 11:50 CEST
A 03 Berlin Congress Center, Alexanderstraße 11, 10178 Berlin, Germany

12:00 CEST

The Open Service Broker API and the Kubernetes Service Catalog [B] - Paul Morie, Red Hat & Chip Childers, Cloud Foundry Foundation
The next frontier for Kubernetes is allowing seamless integration with the vast array of service brokers available in the microservice-based software ecosystem via a service catalog. The Open Service Broker API is an industry standard that allows service operators to integrate with multiple platforms using a single API specification.

In this session, you’ll learn exactly what the Open Service Broker API specification is, its history, how the cross-ecosystem collaboration on the API specification is happening and especially how the Kubernetes ecosystem is building integrations with this specification via the service catalog project. We’ll briefly talk about how to get involved in the Kubernetes Special Interest Group (SIG), and if the audience behaves, we’ll even do a demo!

avatar for Chip Childers

Chip Childers

CTO, Cloud Foundry Foundation
A proven DevOps visionary and leader. Before coming to the Foundation, Chip was vice president of Product Strategy at CumuLogic. He spent more than 15 years in engineering leadership positions within the service provider industry including work with SunGard Availability Services and... Read More →
avatar for Paul Morie

Paul Morie

Sr. Principal Software Engineer, Red Hat
Paul is a Principal Engineer at Red Hat and a Kubernetes maintainer. He's been working on Kubernetes since 2014, concentrating at different points on application development primitives, service catalog, container security, and multicluster problems. Before Kubernetes, he worked on... Read More →

Wednesday March 29, 2017 12:00 - 12:35 CEST
A 03 Berlin Congress Center, Alexanderstraße 11, 10178 Berlin, Germany

13:55 CEST

Autoscaling in Kubernetes [I] - Marcin Wielgus, Google
One of the nicest features of Kubernetes is its ability to automatically adjust the cluster size and the number of pod replicas to the current traffic and load. During this talk I will explain what is the current state of pod and node autoscaling in Kubernetes, how it exactly works, what metrics can be used to drive autoscaling, and what are the best practices to apply it in production.

avatar for Marcin Wielgus

Marcin Wielgus

Staff Software Engineer, Google
Marcin Wielgus is a Staff Software Engineer at Google. Marcin joined the internet search giant in 2010 and since then he has been working on various projects, ranging from Android applications to recommendation engines. He started contributing to Kuberentes before the 1.0 release... Read More →

Wednesday March 29, 2017 13:55 - 14:30 CEST
A 03 Berlin Congress Center, Alexanderstraße 11, 10178 Berlin, Germany

14:40 CEST

Dance Madly on the Lip of a Volcano with Security Release Processes [I] - Jess Frazelle, Google & Brandon Philips, CoreOS
This talk will cover how we designed an awesome security release process for Kubernetes and all it’s sub-projects.

Open source projects strive to be transparent in everything they do, but when it comes to fixing security patches they need to find the right balance of “open” and “responsible.” This means vulnerabilities should be reported in a safe way as well as patches tested and reviewed with a limited audience. The companies that rely on Kubernetes should have time to patch their systems before a public announcement.

Various sets of infrastructure and collaboration are needed to make this a reality. The design we used could also be applied to other projects and even internally in your company.

Join us to learn about the Kubernetes Security Release process and how we went from no infrastructure in 2016 to great infrastructure backed by an awesome team in 2017.

avatar for Jessie Frazelle

Jessie Frazelle

Software Engineer, Mcrosoft
Jess Frazelle works at Microsoft on open source, containers, and Linux. She has been a maintainer of Docker, contributor to RunC, Kubernetes and Golang as well as other projects. She loves all things involving Linux namespaces and cgroups and is probably most well known for running... Read More →
avatar for Brandon Philips

Brandon Philips

CTO, CoreOS, Inc.
Brandon Philips is helping to build modern Linux server infrastructure at CoreOS as CTO. Prior to CoreOS, he worked at Rackspace hacking on cloud monitoring and was a Linux kernel developer at SUSE. As a graduate of Oregon State's Open Source Lab he is passionate about open source... Read More →

Wednesday March 29, 2017 14:40 - 15:15 CEST
A 03 Berlin Congress Center, Alexanderstraße 11, 10178 Berlin, Germany

15:35 CEST

Building a Storage Cluster with Kubernetes [I] - Bassam Tabbara, Quantum Corp.
Modern software storage systems are inherently complex. They are composed of numerous distributed components, require careful balancing of resources, and have stringent performance requirements. If you're running your applications in a public cloud you're typically shielded from this complexity and can utilize managed storage services like EBS, S3 and EFS. If you're running on-premise, however, your choices are quite limited and typically result in using traditional big-iron storage systems.

In this talk we'll walkthrough how we've built a production-ready storage cluster using Kubernetes. Storage nodes run as pods and enumerate the available storage devices within the cluster. We'll explore how to optimize the network through CNI plugins to separate client and storage cluster traffic. We'll show how some of the features of Kubernetes including controllers/operators, third-party resources, resource management, and rolling upgrades can lead to more powerful and resilient storage clusters. We'll also walk through use cases where the storage cluster is dedicated (hyperscaled) or shared with other applications (hyperconverged).

avatar for Bassam Tabbara

Bassam Tabbara

Chief Technical Officer, Quantum Corporation
Bassam Tabbara is the CTO of Quantum Corporation, a world-class leader in storage. He is spearheading several storage projects including Rook (http://rook.io). Prior to Quantum, Bassam was the CTO and co-founder of Symform, a P2P storage startup acquired by Quantum. Prior to that... Read More →

Wednesday March 29, 2017 15:35 - 16:10 CEST
A 03 Berlin Congress Center, Alexanderstraße 11, 10178 Berlin, Germany

16:20 CEST

Audit in Kubernetes Now, and in the Future [B] - Maciej Szulik, Red Hat
Quoting Wikipedia “an audit is a systematic and independent examination of (...)
records”. Now think for a second, how much information is floating through your
Kubernetes cluster. Deployments, Jobs and many other controllers creating and
destroying Pods. Administrators creating Users, granting Roles. Users creating
and modifying ConfigMaps, Secrets and many, many others. You can limit actions
performed by a single User creating Roles, controllers can be assigned ServiceAccounts,
etc, of course. But even with all that in place, are you sure you can easily
trace when a change was introduced, and most importantly who performed it?
This is when auditing comes into play.

During this presentation, I will introduce what auditing is, and what you can
expect from one of the best hidden features of Kubernetes, and why should you
care. I don't like just talking about ideas, so we’ll also walk through a live
demo showcasing the audit feature.
With all the current state laid out, I will discuss the future evolution of this
feature. Most importantly, I will cover the scope of the information that should
be gathered during processing each request. What policies should be implemented
to provide reasonable balance between performance and accountability. Lastly,
I will cover the most sensitive topic, how to store all that information.

After this session you will understand how auditing in Kubernetes works, and how
to leverage it to stay informed about what goes on in your cluster. Furthermore,
I am hoping this presentation will foster a discussion about advanced audit feature
and its shape in Kubernetes.

avatar for Maciej Szulik

Maciej Szulik

Principal Software Engineer, Red Hat
Maciej is a passionate developer with over 10 years of experience in many languages. Currently he's working on OpenShift and Kubernetes for Red Hat. Whereas at night he is hacking on side projects with python.

Wednesday March 29, 2017 16:20 - 16:55 CEST
A 03 Berlin Congress Center, Alexanderstraße 11, 10178 Berlin, Germany
Thursday, March 30

11:30 CEST

Programming Kubernetes with the Go SDK [I] - Aaron Schlesinger, Deis
Most people talk to their Kubernetes clusters using the kubectl tool, but we’re seeing more and more cases where engineers are writing their own software to talk to the Kubernetes API itself. The use cases for doing so are many: writing ingress controllers, managing pods and watching logs to name a few.

At Deis, we’re using the Kubernetes Go SDK for quite a few different purposes. We first started by vendoring in the Kubernetes mono-repo to watch pod events. We pushed our code to production and quickly learned all about Kubernetes event stream internals and the server-side event cache. When we got something working reliably, we expanded our usage of this client code to a few other domains. We later migrated to the the client-go package when it was released and now use it in almost all of our projects and infrastructure.

In this talk, we’ll share our use cases and detail what we’ve learned using client-go in production. We’ll also share some best practices and show a demo to illustrate how you can get started with the client yourself.

avatar for Aaron Schlesinger

Aaron Schlesinger

Cloud Developer Advocate, Microsoft
Aaron is a developer advocate at Microsoft Azure and a core maintainer of the Athens Project. He is an emeritus core maintainer and chair of the Kubernetes SIG-Service-Catalog and a contributor to various other projects in the Kubernetes community. He enjoys distilling his wide ranging... Read More →

Thursday March 30, 2017 11:30 - 12:05 CEST
C 01 Berlin Congress Center, Alexanderstraße 11, 10178 Berlin, Germany

12:15 CEST

Life of a Packet [I] - Michael Rubin, Google
Tracing the path of network traffic in the kubernetes system. Clarifying which API objects map to implementation and how Google deploys this in GKE today. Attendees will learn about topics from how networking packets are processed when the cluster is working as designed and what are common problems when the cluster is being creative and surprising.

avatar for Michael Rubin

Michael Rubin

Senior Staff Eningeer & TLM, Google
Twenty years in the Systems Software Industry, from developing enterprise file servers and systems. The past ten years he has worked at Google where he founded the Linux Storage group for its data centers and worked on world wide WAN and BGP technologies. Today he is co-leading and... Read More →

Thursday March 30, 2017 12:15 - 12:50 CEST
C 01 Berlin Congress Center, Alexanderstraße 11, 10178 Berlin, Germany

14:00 CEST

Autoscaling a Multi-Platform Kubernetes Cluster Built with kubeadm [I] - Lucas Käldström, Upper Secondary School Student - Individual Maintainer
Does Kubernetes run on any architecture other than Intel/AMD64? Yes it does, since v1.3.0.
Lucas Käldström (@luxas), a general upper secondary school student, added support for ARM and ARM 64-bit to the core codebase earlier this year. Kubernetes is all about letting you choose the container runtime, the operating system, the environment (cloud vs bare metal) etc., so why wouldn’t you like to choose CPU architecture as well?

The talk demonstrates Kubernetes’ multi-architecture features in a very practical manner: by having a 10-node cluster of credit-card-sized devices with three architectures (amd64, arm and arm64) in front of the audience. The cluster is deployed with kubeadm. For the demo, a cross-platform nginx workload will be created from the dashboard, deployed to all nodes regardless of architecture, monitored via an auto-updating grafana dashboard and autoscaled by a Horizontal Pod Autoscaler while traffic is generated against the cluster’s Ingress controller. And just to make things more exciting, a node’s power cable may be unplugged by a volunteer from the audience, at any time during the heavy traffic to demonstrate Kubernetes’ auto-healing functions.

avatar for Lucas Käldström

Lucas Käldström

Student, Contracting
Lucas is a cloud native enthusiast that just graduated from High School. Lucas is serving the Kubernetes community in various lead positions, e.g. as a co-lead for SIG Cluster Lifecycle shepherding kubeadm from inception to GA, porting Kubernetes to multiple platforms and by being... Read More →

Thursday March 30, 2017 14:00 - 14:35 CEST
C 01 Berlin Congress Center, Alexanderstraße 11, 10178 Berlin, Germany

14:45 CEST

Kubernetes Cluster Federation: How to Write a Federated Controller? [A] - Madhu C.S. & Nikhil Jindal, Google
Extensibility is one of the major selling points of Kubernetes. Cluster Federation is built on the same spirit, but the tooling provided in the form of libraries and framework to build federated controllers is quite different than the tooling provided to build Kubernetes controllers. In this talk, we will show you the tools and techniques provided by Cluster Federation to write your own federated controllers. We will also show you the steps involved in building a federated controller by building one during the talk.

avatar for Madhu C.S.

Madhu C.S.

Software Engineer, Google
Madhu C.S. (madhusudancs@{github, slack, twitter}) is a Software Engineer on the Kubernetes team at Google where he works on Cluster Federation. Before Kubernetes, he worked on a number of different projects within Google Cloud. He also has a strong background in compilers and has... Read More →
avatar for Nikhil Jindal

Nikhil Jindal

Software Engineer, Google
Nikhil Jindal (nikhiljindal@github) is a Software Engineer on the kubernetes team at Google. He had started on kubernetes by working on API machinery and is now focussed on multi cluster problems. Before getting the kubernetes bug, he was enjoying working on Google Maps.

Thursday March 30, 2017 14:45 - 15:20 CEST
C 01 Berlin Congress Center, Alexanderstraße 11, 10178 Berlin, Germany

15:40 CEST

Writing a Custom Controller: Extending the Functionality of Your Cluster [I] - Aaron Levy, CoreOS
Much of the functionality in a Kubernetes cluster is managed by a reconciliation pattern within "controllers". The node, service, or deployment controllers (just to name a few) watch for changes to objects, then act on those changes to drive your cluster to a desired state. This same pattern can be used to implement custom logic, which can be used to extend the functionality of your cluster without ever needing to modify Kubernetes itself.

This talk will cover how to implement your own custom controller, from contacting the Kubernetes API to using existing libraries to easily watch, react, and update components in your cluster. By building on existing functionality and following a few best practices, you can quickly and easily implement your own custom controller.


Aaron Levy

Head of Kubernetes Cluster Lifecycle, CoreOS
Aaron Levy is a software engineer at CoreOS, working on all things Kubernetes. He is also the lead maintainer of bootkube, a kubernetes-incubator project that enables launching self-hosted kubernetes clusters.

Thursday March 30, 2017 15:40 - 16:15 CEST
C 01 Berlin Congress Center, Alexanderstraße 11, 10178 Berlin, Germany

16:25 CEST

Scale Kubernetes to Support 50,000 Services [I] - Haibin Xie & Quinton Hoole, Huawei Technologies
Kubernetes currently has two load balancing modes: userspace and IPTables. They both have limitation on scalability and performance. We introduced IPVS as third kube-proxy mode which scales kubernetes load balancer to support 50,000 services. Beyond that, control plane needs to be optimized in order to deploy 50,000 services. We will introduce alternative solutions and our prototypes with detailed performance data.

avatar for Quinton Hoole

Quinton Hoole

Technical Vice President, Futurewei
https://www.linkedin.com/in/quintonhoole/YouTube me for previous presentations.CNCF TOC Member
avatar for Haibin Michael Xie

Haibin Michael Xie

Principal Architect, Huawei Technologies
Michael Xie is Principal Architect at Huawei PaaS team, working on container networking, container orchestration framework, PaaS platform and middleware services. Prior to joining Huawei he was a pricipal software engineer at AOL ads and senior software engineer at Microsoft working... Read More →

Thursday March 30, 2017 16:25 - 17:00 CEST
C 01 Berlin Congress Center, Alexanderstraße 11, 10178 Berlin, Germany