Loading…
May 10-12, 2023
Vancouver, British Columbia, Canada + Virtual
View More Details & Registration
Note: The schedule is subject to change.

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for Open Source Summit North America 2023 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

This schedule is automatically displayed in Pacific Daylight Time (UTC/GMT -8). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date."

IMPORTANT NOTE: Timing of sessions and room locations are subject to change.

Simple
Expanded
Grid
By Venue
ContainerCon [clear filter]
Monday, May 1
 

7:00am PDT

(Virtual) A WASM Runtime for FaaS Protected by TEE - Sara Wang & Yongli He, Intel
Confidential Computation focuses on securing the data in use, a crucial demand in cloud computing cases. Trusted Execution Environment (TEE) is a hardware-isolated processing environment for applications, which is a good choice for cloud-native confidential computing. Inclavare (inclavare-containers.io), a CNCF project, is creating a cloud-native confidential computing container (CoCo), with a container runtime protected by TEE. However, CoCo is not the perfect solution. The cross-platform issue is a big problem. Even on the same X86 architecture, AMD SEV and Intel SGX/TDX, two TEEs are totally different. Other problems have network overhead, slow cold start, coarse workload isolation, etc. We will discuss these in the presentation. So in order to build a safe and flexible container runtime, HeWu proposes WebAssembly (WASM) runtime here. WASM is a universal compilation target for many languages. The bytecode compiled by WASM is very small, cross-platform, and cross-architecture, which fixes the problems above. Furthermore, the presentation will take WasmEdge to demonstrate the power of ‘Wasm+Faas+TEE’.
Speakers
avatar for Yongli He

Yongli He

Cloud Orchestration Software Engineer, Intel
Yongli He is a cloud software engineer at Intel for more than 10 years. He has a broad knowledge of networking, security, and Linux systems. He has been working in OpenStack since 2011 and became a committer of Nova, contributing to the PCI/SRIOV/Accelerator system in OpenStack. He... Read More →
avatar for Sara Wang

Sara Wang

Cloud Orchestration Software Engineer, Intel
Sara, a Cloud Orchestration Software Engineer at Intel, focuses on the performance of language and container runtime in the cloud center. She has made some important performance contributions to the PHP-SRC community.

Monday May 1, 2023 7:00am - 7:40am PDT
Virtual
  ContainerCon, Container Runtimes, Management and Orchestration

7:00am PDT

(Virtual) Don’t Trust Your Neighbors: Securing Pods via Scheduling - Michael Le, IBM & Sascha Grunert, Red Hat
No matter how much effort you put into securing your container, the mere presence of a vulnerable neighboring container may jeopardize your container’s security. That’s because containers share a highly-privileged host kernel and it may harbor vulnerabilities that can be exploited via system calls to escalate privileges and break out of containment (e.g., Dirty COW/Pipe vulnerabilities). So a container's security must also depend on the security of its neighboring containers and their system call usage, which you may not have any control over. This talk will present a way to curtail the impact of having insecure neighbors by using a new security-aware pod scheduling scheme (SySched) for Kubernetes that co-locate pods based on their system call exposure risk. Experimental results will show that even if such kernel attacks were successful, they would impact fewer pods (up to 48% less) and fewer nodes (up to 46% less) than when using the default Kubernetes scheduler. The talk will detail how the scheduling scheme works and how to deploy the scheduler plugin in Kubernetes. In the process, you will also learn how to use the community-developed Security Profile Operator to generate, store, and manage access to a pod’s system call profile which is key to the operation of SySched.
Speakers
avatar for Sascha Grunert

Sascha Grunert

Software Engineer, RedHat
Sascha currently works for RedHat and has wrote numerous technical articles on Kubernetes and is an avid open source contributor. He is one of the maintainers for the Security Profile Operator.
avatar for Michael Le

Michael Le

Research Staff, IBM
Michael is currently a research staff member at the IBM T. J. Watson Research Center. His general research interest is in systems security with a focus on containers, virtualization, operating systems, and confidential computing. He obtained a M.S. and Ph.D. in Computer Science from... Read More →

Monday May 1, 2023 7:00am - 7:40am PDT
Virtual
  ContainerCon, Security/Authentication

7:00am PDT

(Virtual) Spreading Apps, Controlling Traffic & Managing Costs in Kubernetes - Lukonde Mwila, AWS
Nobody likes the idea of unscheduled downtime, downgraded performance, or high costs due to unforeseen traffic demands. However, the solutions to these challenges aren’t always straightforward. Typically, the first response would be to spread your application for high availability (HA). However, you have to consider how traffic will be balanced in such topologies. How will you manage cross-zone or cross-regional traffic costs? Furthermore, some zones or regions may experience higher levels of traffic in comparison to others. How can you optimize your load-balancing strategy to match this? If that’s not enough, you also have to think about the underlying computing resources. Are you able to automatically scale your cluster to match the changing needs of your workloads with scheduling constraints like anti-affinity? Lastly, how will you manage costs and prevent compute overhead when scaling your cluster in different zones or regions? In this talk, Lukonde Mwila will walk through these challenges and share how teams can overcome them. He’ll also demonstrate how to use pod anti-affinity, Istio’s locality-aware load balancing, and Karpenter’s workload consolidation to address these issues.
Speakers
avatar for Lukonde Mwila

Lukonde Mwila

Senior Developer Advocate, AWS
Lukonde is a Senior Developer Advocate at AWS and a CNCF Ambassador. He has years of experience in application development, solution architecture, cloud engineering, and DevOps workflows. He is a life-long learner and is passionate about sharing knowledge through various mediums... Read More →

Spreading Apps, Controlling Traffic & Optimising Costs in Kubernetes pdf
Monday May 1, 2023 7:00am - 7:40am PDT
Virtual
  ContainerCon, Observability
 
Wednesday, May 10
 

11:10am PDT

Exotic Runtime Targets: Ruby and Wasm on Kubernetes and GitOps Delivery Pipelines - Kingdon Barrett, Weaveworks
In the delivery ecosystem, devs have a great many choices to make regarding environment. In the past, the top-bar choices were limited to mainly two or three axes: language runtime, operating system, architecture. Now we can further consider these other new operational overheads: Kubernetes, Sandboxing, Browser targets! For a long time choosing a browser as a runtime target meant that choice for language would be severely limited; one could only choose from among the languages or runtimes that browsers could accept (the list kept getting shorter until it was practically only JavaScript! Flash? Java? Forget it, all gone). Wasm is the new binary instruction format for a stack-based VM, and portable compilation target, to save us all from writing only JavaScript forever. Wasm binaries are sandboxed code modules that can interchangeably target either browsers or servers at runtime, and we can use our familiar languages that a growing number are trending towards adding support for Wasm in the language core, including Ruby and Python. But does this mean we can just bring our Ruby to the browser and forget about Kubernetes forever, or is there more to consider before we start the party?
Speakers
avatar for Kingdon Barrett

Kingdon Barrett

Open Source Support Engineer, Weaveworks
Kingdon Barrett is a Flux maintainer and an Open Source Support Engineer on the Developer Experience team at Weaveworks. He is a long-time Helm enthusiast and Ruby/Go developer who also works on the legendary cloud-native PaaS for Kubernetes, Hephy Workflow, in his fun time.

containerCon2023 pdf
Wednesday May 10, 2023 11:10am - 11:50am PDT
118 (Level 1)
  ContainerCon, Container Runtimes, Management and Orchestration

12:05pm PDT

A Guide to Dapr: Open Source APIs & SDKs for Developers - Alice Gibbons & Samantha Coyle, Diagrid
Simplify writing complex distributed apps - seems impossible, right? Devs today face immense pressure to write secure, scalable, resilient, portable & fault-tolerant apps making this a big ask. Distributed Application Runtime (Dapr) alleviates the challenges of building cloud-native, containerized apps by providing APIs & SDKs (.Net, Java, JS, Go, …) that abstract away the complexities of microservice development. Dapr sidecars take care of many challenges devs would otherwise have to write in their app code such as service discovery & invocation, observability, and resiliency, all while allowing developers to write in the language that makes the most sense for their use case. As the 10th largest CNCF project, Dapr is a trusted OSS technology focused on empowering application developers backed by a vibrant developer community. Dapr is run in smaller containerized systems and at scale in Kubernetes and is trusted in production by companies like IBM, Alibaba Cloud, & Microsoft. This presentation will cover the goals of the Dapr OSS project, how its APIs enable developers to focus on their business logic and demo a few of the capabilities it has for building scalable, containerized applications.
Speakers
avatar for Samantha Coyle

Samantha Coyle

Software Engineer, Diagrid
Samantha Coyle is a Software Engineer at Diagrid where she develops Go microservices and enables developers to run high scale, modern applications using open-source technology. She has a history of developing computer vision based containerized applications and Go microservices for... Read More →
avatar for Alice Gibbons

Alice Gibbons

Customer Success Engineer, Diagrid
As a Customer Success Engineer at Diagrid, Alice helps customers with app modernization scenarios through architecture design sessions, demos and discussions, and by getting hands-on with proof of concepts. As a self-proclaimed people-person, Alice loves nothing more than working... Read More →

AGuideToDapr noNotes pptx
Wednesday May 10, 2023 12:05pm - 12:45pm PDT
118 (Level 1)
  ContainerCon, APIs, SDKs, Frameworks and Libraries

2:05pm PDT

Container Registries, No Longer Just for Containers! - Vincent Batts, Azure
As pervasive as containers are now, is also the notion of moving these images around. Container registries facilitate much of the cloud-native world as we know it. There is plenty to improve, and ways to misuse, a registry. One thing is for certain, registry infrastructure and security model are already tightly woven into your story. As these standards work toward improving and eliminating the need for misuse, let's talk about the benefits of extending the use of registries. In this talk Vincent cover updates in the Open Container Initiative distribution spec, and what you can expect as a tool writer or user in a cloud native environment.
Speakers
avatar for Vincent Batts

Vincent Batts

Engineer, Azure
Vincent Batts is pushing forward open source cloud native infrastructure at Microsoft Azure (via Kinvolk acquisition). He has spent most of his life in Linux and open source communities. Works with emerging technology, largely related to Linux and software containers. An Open Containers... Read More →

OSS NA ContainerCon 2023 Container Registries for non containers pdf
Wednesday May 10, 2023 2:05pm - 2:45pm PDT
118 (Level 1)
  ContainerCon, Container Images and Registries

3:00pm PDT

Build and Manage Wasm Applications using Container Tools - Michael Yuan, WasmEdge
Wasm has emerged as a secure, portable, lightweight, and high-performance runtime sandbox for cloud-native workloads such as microservices and serverless functions. We will show how familiar container tools can be used to develop and share Wasm applications.

Today, there is a large ecosystem of battle-tested tools to create, manage, and deploy Linux container apps in both dev and prod environments. Developers want to use the same tools to manage their Wasm applications to reduce the learning curve and operational risks. More importantly, using the same tools would allow Wasm containers to run side by side with Linux containers. That enables the architectural flexibility to run some workloads (eg lightweight, stateless, transactional, scalable) in Wasm containers, and other workloads (eg long-running, heavyweight) in Linux containers.

In this talk, Michael will cover how to create, publish, share, and deploy real-world Wasm applications using Docker Desktop, Podman, containerd, and various flavors of Kubernetes. I will demo a complete microservice consisting of multiple containers of different types to showcase how Wasm containers work side by side with existing Linux container apps.
Speakers
avatar for Michael Yuan

Michael Yuan

Maintainer, CNCF WasmEdge and CEO, Second State
Dr. Michael Yuan is a maintainer of WasmEdge Runtime (a project under CNCF) and a co-founder of Second State. He is the author of 5 books on software engineering published by Addison-Wesley, Prentice-Hall, and O'Reilly. Michael is a long-time open-source developer and contributor... Read More →

Wednesday May 10, 2023 3:00pm - 3:40pm PDT
118 (Level 1)
  ContainerCon, Container Runtimes
  • Audience Level Any

4:00pm PDT

Building Apps in Kubernetes: The Unforgiving Sea of Containerization and the Lifesaver Tools - Nicolas Vermande & Tyler Gillson, Spectro Cloud
This talk is designed for developers of all levels who are new to the Kubernetes ecosystem, or who want to better understand how to solve various security concerns when developing applications in Kubernetes. It covers the key security issues they may face and provides practical tips and best practices for addressing these challenges using open-source tools. Nic will take a real-life example of an application developed for Kubernetes and take you through missteps made along the way and how they can be easily solved. In particular, he will cover the areas of application configuration and deployment, sensitive information management, access control, policy-as-code, SBOM and more. It can be difficult to navigate the rich Kubernetes ecosystem as a developer. Hopefully, by the end of this talk, you'll have a practical example to remember and a good overview of the ecosystem.
Speakers
avatar for Tyler Gillson

Tyler Gillson

Principal Software Engineer, Spectro Cloud
Tyler is a programmer and a problem solver, with 6 years of experience designing, discussing, and building complex systems in a multitude of languages. His technical interests lie in cloud computing, automation, declarative infrastructure and application configuration, and machine... Read More →
NV

Nicolas Vermande

Head of DevRel, Spectro Cloud
Nicolas is an experienced hands-on technologist, evangelist and product owner who has been working in the fields of Cloud-Native technologies, Open Source Software, Virtualization and Datacenter networking for the past 18 years. Passionate about enabling users and building cool tech... Read More →

OSS NA 23 building apps in k8s pdf
Wednesday May 10, 2023 4:00pm - 4:40pm PDT
118 (Level 1)
  ContainerCon, CI/CD, Configuration Management, Automation, GitOps
  • Audience Level Any
  • Session Slides Attached Yes

4:55pm PDT

The Next Frontier in Open Source Java Compilers: Just-in-Time Compilation as a Service - Rich Hagarty, IBM
For Java developers, the Just-In-Time (JIT) compiler is key to improved performance. However, in a container world, the performance gains are often negated due to CPU and memory consumption constraints. To help solve this issue, the Eclipse OpenJ9 JVM provides JITServer technology, which separates the JIT compiler from the application. JITServer allows the user to employ much smaller containers enabling a higher density of applications, resulting in cost savings for end-users and/or cloud providers. Because the CPU and memory surges due to JIT compilation are eliminated, the user has a much easier task of provisioning resources for his/her application. Additional advantages include: faster ramp-up time, better control over resources devoted to compilation, increased reliability (JIT compiler bugs no longer crash the application) and amortization of compilation costs across many application instances. Rich and Harry will dig into JITServer technology showing implementation details, how it can be deployed in containers, demonstrate its advantages compared to a traditional JIT compilation technique and offer practical recommendations about when to use this technology.
Speakers
avatar for Rich Hagarty

Rich Hagarty

Software Developer/Developer Advocate, IBM
Rich Hagarty is a software developer and Developer Advocate at IBM, currently focusing on Java and Open Source related technologies. Based in Austin, TX, Rich has been active in the developer community for the past 6 years, working on cloud computing and AI technologies. He has created... Read More →

JITServerTalk OSS NA 2023 pdf
Wednesday May 10, 2023 4:55pm - 5:35pm PDT
118 (Level 1)
  ContainerCon, Cloud native Java application deployment
 
Thursday, May 11
 

11:00am PDT

Improving Containers Isolation in Kubernetes - Cosmin Cojocar, Adobe
Kubernetes Security Profiles Operator(https://github.com/kubernetes-sigs/security-profiles-operator) is a project which aims to make it easier to use security profiles such as SELinux, seccomp and AppArmor in Kubernetes to enhance containers security. Tailoring and deploying dedicated security profiles is a prerequisite for any Kubernetes workload which requires increased container isolation. This is especially important in a multi-tenant cluster executing containers owned by the users. In this talk, we will provide an introduction to security profiles operator project, including several examples. Also we will explain how it leverages eBPF to make creation of custom security profiles easy. Finally, we will conclude with some lessons learned at Adobe from using security profiles operator for containers isolation.
Speakers
CC

Cosmin Cojocar

Senior Computer Scientist, Adobe
Cosmin is a Senior Computer Scientist at Adobe working on cloud security. He is involved in Open Source for more than 10 years, as contributor and maintainer of several projects, such as: gosec, security profiles operator, Jenkins X and Kubernetes among others.

improving containers isolation kubernetes pdf
Thursday May 11, 2023 11:00am - 11:40am PDT
118 (Level 1)
  ContainerCon, Security/Authentication

11:55am PDT

Otel Collector: The Swiss Army Knife of Observability - Chris Featherstone & Shubhanshu Surana, Adobe
OpenTelemetry Collector has solved a fundamental problem which many engineering organizations have been struggling with for past many years.  Adobe like many other companies struggled with a complex observability architecture. We being users of multiple different observability tools had to maintain separate apps to capture metrics, logs and trace data.  How did we solve it:  We would like to share our journey of adopting the Otel Collector within Adobe. We will talk about the different exporters and processors we are using for sending the data to different backends. We will describe how easy it was to build an authentication extension for otel collector for authentication of metrics & trace data. Finally, we will discuss our future plans with the Otel Collector and how we see it benefiting us in the long run.  Benefits to Attendees:  As more software development teams adopt OpenTelemetry and implement all the different observability signals in their systems, it is always helpful to know how the Otel collector can help them in this journey. With this talk we would like to share how OpenTelemetry simplified our complex environment, and help other teams do the same.
Speakers
avatar for Chris Featherstone

Chris Featherstone

Senior Manager, Software Development, Adobe
Chris is a Senior Manager over Observability at Adobe. His focus areas are metrics, tracing, and pushing OpenTelemetry at scale. Prior to management, he worked as an SRE for over a decade, trying to raise the observability bar across the industry. Outside of work, you will likely... Read More →
avatar for Shubhanshu Surana

Shubhanshu Surana

Software Engineer, Adobe
Shubhanshu Surana joined Adobe in 2019 and have been working in the observability space since then. Currently, he is focused on Tracing adoption at Adobe and working with teams on their OpenTelemetry journey.

OSS NA v1 pdf
Thursday May 11, 2023 11:55am - 12:35pm PDT
118 (Level 1)
  ContainerCon

2:00pm PDT

Level Up Your Deployments: Automate with Terraform + Flux - Priyanka "Pinky" Ravi, Weaveworks
GitOps might sound like a self-explanatory term, but it is not as easy as it sounds. Many think this just means to store your Infrastructure-as-Code in Git, then have a pipeline run the code, but it is actually much more complicated than that. True GitOps takes the deployment out of CI/CD, and the most popular solutions are using Kubernetes controllers to do all the heavy lifting. Ensure what you’ve defined in Terraform is what’s always running and available. Flux continuously looks for changes and reconciles with the desired state. Take advantage of all the benefits of GitOps: streamlined and secure deployments, quicker time to market, and more time to concentrate on app development! Pinky will provide an in-depth look at the free and open source Flux Terraform Controller, which enables Terraform deployments to be done the GitOps Way. She will end with a demo that stands up an EKS cluster and configures it. This demo will use Terraform Cloud as the backend, demonstrating the flexibility of the Terraform Controller.
Speakers
avatar for Priyanka Ravi

Priyanka Ravi

Developer Experience Engineer, Weaveworks
Priyanka “Pinky” Ravi is a Developer Experience Engineer at Weaveworks. She has worked on a multitude of topics including front end development, UI automation for testing and API development. Previously she was a software developer at a large insurance company where she was on... Read More →

Thursday May 11, 2023 2:00pm - 2:40pm PDT
118 (Level 1)
  ContainerCon, CI/CD + Configuration Management + Automation + GitOps

2:55pm PDT

Cluster Golden Signals to Avoid Alert Fatigue at Scale - Anusha Ragunathan & Sahil Badla, Intuit Inc
As platform engineers & SREs, we rely on metrics from Kubernetes clusters to understand platform health. For a Kubernetes platform running hundreds of clusters, there is often a sea of alerts arising from these clusters and on-call engineers need to tend to all of them, which can lead to alert fatigue. The alerts cannot be ignored due to the potential of an outage or incident resulting from them. How do we devise an observability system for Kubernetes Clusters that filters the signal from noise? Fortunately, we can use the industry standard “Golden Signals” (error rate, latency, traffic and resource saturation) defined for applications and services, towards Kubernetes Clusters as well. In this talk, we will take a deep dive into how we have defined “Cluster Golden Signals”, how they work, and go over the architecture and components of a successful metrics pipeline that derives baseline behaviors and detects anomalies. With a demo of a simulated incident, Anusha and Sahil will explain how cluster golden signals are invaluable in distinguishing a service issue from a platform issue and how to isolate and remediate a platform incident efficiently and quickly. You will learn the best practices from us, having built and operated this system in production at a large scale.
Speakers
SB

Sahil Badla

Staff Software Engineer, Intuit Inc
Sahil Badla is a technologist with decade of experience as a backend engineer. He started his career as a Software Engineer and has spent most part of his experience specializing in services and Infrastructure. He has lead many teams to adopt and migrate to microservices. He is currently... Read More →
avatar for Anusha Ragunathan

Anusha Ragunathan

Principal Software Engineer, Intuit Inc
Anusha Ragunathan is a software engineer at Intuit, where she works on building and maintaining the company’s Kubernetes based Compute Infrastructure. Anusha is passionate about solving complex problems in systems and infrastructure engineering. Prior to Intuit, she worked on building... Read More →

OSS NA ContainerCon ClusterGoldensSignals PPT.pptx pdf
Thursday May 11, 2023 2:55pm - 3:35pm PDT
118 (Level 1)
  ContainerCon, Observability

4:05pm PDT

Modifying the Immutable: Attaching Artifacts to OCI Images - Brandon Mitchell, BoxBoat, an IBM Company
Images are now being pushed to OCI registries with more and more metadata, including attestations, signatures, and SBOMs. What is involved with adding your own artifacts? This talk walks through how OCI recently standardized the process, and describes how additional data can be added to an image with an immutable digest. You'll learn how tooling can ship SBOMs along side images, both for the vendor generating the SBOM and the user searching for it. And this talk will cover many of the gotchas you may encounter when implementing this yourself.
Speakers
avatar for Brandon Mitchell

Brandon Mitchell

Solutions Architect, IBM
Brandon Mitchell is a Senior Solutions Architect for BoxBoat an IBM company, Docker Captain, OCI Maintainer, and maintainer of various OSS projects. He focuses on defining specs in OCI, improving software supply chain security, and implementing reproducible builds for container images... Read More →

presentation pdf
Thursday May 11, 2023 4:05pm - 4:45pm PDT
118 (Level 1)
  ContainerCon, Container Images and Registries

5:00pm PDT

Designing & Securing Multi-Tenant Runtime Environment at the New York Times - Ahmed Bebars, The New York Times
Managing & securing a single Kubernetes cluster is a challenging task. Imagine that you need to do that at scale for multiple teams with different needs. At the New York Times, we're betting on Kubernetes as the core of our internal Platform as a Service. The New York Times designed a secure and isolated environment for our engineering service teams on top of our centralized Kubernetes clusters leveraging multiple technologies like OPA Gatekeeper and Cilium. The Shared Kubernetes clusters are a critical component of the Platform that solved our multi-tenancy requirements and ensured security across the organization. Join Ahmed Bebars from the New York Times to hear more about the architectural challenges and key takeaways.
Speakers
avatar for Ahmed Bebars

Ahmed Bebars

Staff Software Engineer, The New York Times
Ahmed Bebars is a staff software engineer on the Delivery Engineering Cloud Runtime team at The New York Times. He focuses on building a secure, scalable, and extensible Kubernetes runtime. The platform enables service teams to build and deploy their applications rapidly while his... Read More →

OpenSummit NA 2023 Designing and Securing a Multi Tenant Runtime Environment pdf
Thursday May 11, 2023 5:00pm - 5:40pm PDT
118 (Level 1)
  ContainerCon, Container Runtimes + Management and Orchestration

6:00pm PDT

All Your Queues Are Belong to Us: The Hunt for a Network Bug in the Kernel - Laurent Bernaille & Eric Mountain, Datadog
A few months back, we discovered some applications had lower performance on a few Kubernetes clusters on a specific provider. After some investigation, we discovered network throughput was lower than expected because we were using a single transmit queue on the external interface of the instance. Probably just a configuration issue, either at the Operating System level or in our CNI plugin, right? This is when things started to get really interesting: we could not find any significant differences between the clusters that were affected and those that were not. At that point, we had no other choice than to dive deeper, trace packet paths within Linux itself and read kernel code. In this talk, we will focus on one of the most complex network performance issues we have faced in our Kubernetes environment. We will go through the debugging steps in detail and explain how we tracked the issue using bpftrace and ultimately uncovered a small kernel bug. Finally, we will discuss the upstream kernel fix and the ebpf-based mitigation we were able to deploy quickly with the help of the Cilium team.
Speakers
avatar for Laurent Bernaille

Laurent Bernaille

Principal Engineer, Datadog
Laurent Bernaille worked several years as a consultant specializing in cloud, containers, and automation and helped organizations migrate to the public cloud and adopt containers. He is now Principal Engineer at Datadog and works closely with infrastructure teams, which are responsible... Read More →
avatar for Eric Mountain

Eric Mountain

Senior Software Development Engineer, Datadog
Eric Mountain began working with Kubernetes in 2014 migrating applications built in a custom middleware ecosystem to container and cloud technology. Eric is now a Senior Engineer in Datadog’s Compute team providing large scale Kubernetes to our internal users. Eric enjoys debugging... Read More →

2023 05 11 All Your Queues Are Belong to Us final pdf
Thursday May 11, 2023 6:00pm - 6:45pm PDT
118 (Level 1)
  ContainerCon, Container Runtimes + Management and Orchestration
 
Friday, May 12
 

11:00am PDT

Automate Secret Rotation in Kubernetes, Then Get Out of the Way! - Márk Sági-Kazár, Cisco
Industry best practices say that we should rotate secrets frequently to ensure our systems and data stay safe, but doing that in an operationally safe way is often a challenge. Not only that, but due to the vast number of regulations and compliance requirements, different secret management solutions, even figuring out where to start can be hard. In his presentation, Mark will provide guidance to understand the landscape of secret management and rotation solutions in Kubernetes and will show you how to set up and operate them in a safe and reliable, but more importantly, automated way. You might have seen Mark's presentation about the same subject at FOSDEM '23. Due to time constraints that was a brief, introductory talk. This time, Mark will go into details about monitoring your secret management infrastructure, so you can be sure your secrets are rotated. He will also offer alternative solutions to Kubernetes secrets if you are in no position to trust your provider.
Speakers
avatar for Márk Sági-Kazár

Márk Sági-Kazár

Open Source Tech Lead, Cisco
Mark is a dedicated technical leader and software engineer who specializes in building Cloud Native and Open Source software. His passion for Open Source has led him to make substantial contributions to a various projects.A key focus for Mark is to streamline the contribution process... Read More →

2023 05 12 automate secret rotation in kubernetes pdf
Friday May 12, 2023 11:00am - 11:40am PDT
118 (Level 1)
  ContainerCon, CI/CD + Configuration Management + Automation + GitOps

11:55am PDT

Delivering Secure & Compliant Software Components with the Open Component Model & GitOps - Dan Small, SAP SE
DevOps teams today are tasked with the full scope of the delivery of complex software products. In this talk, we take the delivery of software one step further, by introducing the Open Component Model (OCM), which is an open standard with an open-source toolkit to describe software components in a technology-agnostic and machine-readable format that can also automate the continuous deployment via GitOps. OCM, as opposed to SBoM, represents a Software Bill of Delivery (SBoD) for tracking all artifacts of a complex product. It is the single source of truth for required operations. The OCM based solution started at SAP for the consistent delivery of cloud native apps together with heritage products. With the help of Weaveworks, OCM is integrated with CNCF open source Flux to automate the deployment using GitOps Localization. This talk presents the security and compliance benefits of OCM and GitOps Localization: air-gapped environments and offline CI/CD; end-to-end supply chain shielding; lift and shift applications to the cloud. We will show you how to deploy signed, attestable, and verifiable artifacts in environments with limited or no connectivity, especially for high-security and regulated clouds.
Speakers
avatar for Dan Small

Dan Small

Expert Software Engineer, SAP
Dan Small is an expert developer at SAP, the world's leading enterprise resource planning (ERP) software vendor.   He has helped development teams deliver complex software projects in the developer tools and GRC space.  He has helped devops teams significantly reduce operational... Read More →

Friday May 12, 2023 11:55am - 12:35pm PDT
118 (Level 1)
  ContainerCon, CI/CD + Configuration Management + Automation + GitOps

2:00pm PDT

Are Containers Ready for Production Databases? - Joe Brockmeier, Percona
The database community is notoriously skeptical and slow to adopt new technologies, and with good reason. Your app can go down, but you can’t lose or corrupt your customers’ data — that is a potential company-killing event. This session will explore a variety of paths for running stateful database workloads on containers, specifically focusing on fully open-source approaches rather than proprietary software. We’ll explain and show your options spanning from Docker and Podman volumes to Kubernetes operators and beyond. If you’re curious about whether containers are mature enough to run production databases, this session is for you.
Speakers
avatar for Joe Brockmeier

Joe Brockmeier

Head of Community, Percona
Joe Brockmeier is Head of Community at Percona. Brockmeier has been involved in open source for more than 20 years, is a member of the Apache Software Foundation, and has previously worked at Red Hat, Citrix, and SUSE.  He also has an long history in the tech press and publishing... Read More →

Friday May 12, 2023 2:00pm - 2:40pm PDT
118 (Level 1)
  ContainerCon, Storage & Databases

4:05pm PDT

Ephemeral Clusters as a Service with ClusterAPI and GitOps - Joaquin Rodriguez, Microsoft
GitOps has seen widespread adoption in the last few years due to the clear advantages over traditional CI/CD tools. However, with adoption comes the growing pains of scale: running and managing multiple clusters across different cloud providers represents a major hurdle for organizations wanting to adopt Kubernetes as a standard deployment platform. In particular, observability and security at scale are two thorny aspects that need to be addressed; we will demonstrate how it’s possible to tame the complexity of such scaled infrastructure via open-source tools, such as ClusterAPI, ArgoCD and Prometheus+Thanos to provide control and visibility over an arbitrary number of clusters. We will show a sample, created after our collective experience at large scale customers, which can automate the deployment of hundreds of clusters and applications automatically and securely, and collect metrics from all the ephemeral clusters along the way.
Speakers
avatar for Joaquin Rodriguez

Joaquin Rodriguez

Senior Software Engineer, Microsoft
Joaquin Rodriguez, a Senior Software Engineer in the Commercial Software Engineering organization at Microsoft, helps customers tackle their toughest technical problems, on the cloud and at the edge. With over ten years of experience, Joaquin is passionate about open-source technologies... Read More →

Ephemeral Clusters as a Service pdf
Friday May 12, 2023 4:05pm - 4:45pm PDT
118 (Level 1)
  ContainerCon, CI/CD + Configuration Management + Automation + GitOps
 
Filter sessions
Apply filters to sessions.
Monday, May 1
Sunday, May 7
Monday, May 8
Tuesday, May 9
Wednesday, May 10
Thursday, May 11
Friday, May 12
109 & 110 (Level 1)
109 (Level 1)
110 (Level 1)
113 (Level 1)
116-117 (Level 1)
118 (Level 1)
119 (Level 1)
120 (Level 1)
121 (Level 1)
122 (Level 1)
204 (Level 2)
205 (Level 2)
206 (Level 2)
207 (Level 2)
208-209 (Level 2)
210 (Level 2)
211 (Level 2)
212-214 (Level 2)
215-216 (Level 2)
217-219 (Level 2)
220 (Level 2)
220-222 (Level 2)
306 (Level 3)
Level 2 City Foyer
Lunch Maps Available at the Registration Counter
Mahony's Tavern
Sponsor Showcase - West Ballroom B-D (Level 1)
Stanley Park Pavilion
Vancouver Aquarium
Vancouver Convention Centre
Vancouver Convention Centre | Level 2 Ocean Terrace and Foyer
Vancouver Convention Centre: Thurlow Street Entrance
Virtual
West Ballroom A (Level 1)
West Level 1 - Across Room 108
West Level 1 - City Foyer
West Level 1 - Ocean Foyer
West Level 1, Ballroom Foyer
  • Ask the Experts
  • CloudOpen
  • Co-Located Events
  • ContainerCon
  • Critical Software Summit
  • Diversity Empowerment Summit
  • Emerging OS Forum
  • Keynote Sessions
  • Lightning Talks & Treats
  • LinuxCon
  • Open AI & Data Forum
  • Open Metaverse Summit
  • Open Source Leadership Summit
  • Open Source On-Ramp
  • OpenGovCon
  • OpenJS World
  • OSPOCon
  • Project Mini Summits
  • Special Events / Exhibits / Breaks
  • SupplyChainSecurityCon
  • SustainabilityCon
  • Audience Level
  • Advanced
  • Any
  • Beginner
  • Intermediate
  • Virtual
  • Yes
  • Session Slides Attached
  • Yes