The inaugural KubeHuddle conference, hosted in the beautiful Scottish capital, Edinburgh.
KubeHuddle is Scotland’s first Kubernetes conference, hosted and organized by the Scottish community.
You can buy tickets now. We have limited tickets available at each price point:
-
Believer - £100 GBP[SOLD OUT] -
Early Bird - £150 GBP[SOLD OUT] Standard - £200 GBP[SOLD OUT]
If you’re unable to afford a ticket, we may be able to help with our diversity and inclusion tickets, kindly sponsored by members and organizations within our community. ✉️ Speak to us
Programme
This track will feature beginner friendly and intermediate content to cater for a wide variety of experiences, including beginers to Kubernetes.
Track 2 - Advanced PresentationsThis track will feature advanced Kubernetes topics revolving around scale, multi-tenancy, and operations - you know, all that “fun” stuff.
Collaboration Space
There will be tables provided for people that want to sit with their
laptops and collaborate with others, perhaps hacking on a cool new
operator?
A small selection of workshops and tutorials will also be available throughout
the two days, at no extra cost.
There will be a small social on Sunday, October 2nd,
and the main social on Monday October 3rd.
More details coming soon...
Monday, October 3rd
Programme
Lloyds Banking Group Room
-
Coffee
-
Opening
-
eBPF or sidecars?Liz Rice
eBPF allows us to build custom programs that run directly within the kernel. This talk explores how eBPF enables observability, security and connectivity tools that no longer need to rely on the sidecar model, and shows how Cilium now supports both sidecar-based and sidecarless Service Mesh. Along the way this talk will clarify some container and kernel concepts so that attendees can leave with a mental model for the pros and cons of sidecar-based or sidecarless approaches.
-
Applying GitOps To EverythingViktor Farcic
You are likely already using GitOps for your applications, but not for everything else. You are likely not using Argo CD, Flux, Rancher Fleet, or similar tools to manage the state of your infrastructure and services. Why is that? If GitOps is a great solution for apps, isn't it safe to assume that it would be equally beneficial for anything else? What is missing? The problem is that most of the commonly used GitOps tools are managing Kubernetes resources which, traditionally, do not deal with infrastructure and Cloud services. That's what we need to change. We need to expand Kubernetes with custom resources that can manage anything, no matter whether that's AWS, Azure, Google Cloud, GitHub, Elastic, DataDog, or any other Cloud service. If we do that, we might convert Kubernetes API into a universal API. We might convert the Kubernetes control plane into a universal control plane. If we do that, we will get end-to-end GitOps through which everything is always in sync and where all we have to do is push changes to Git repositories. All we need to make that happen is Crossplane (an open-source project donated to CNCF), combined with Argo CD, Flux, or Rancher Fleet. Let's see it in action.
-
Clear Your Own Path to Open Source MaintainerMartin Hickey
How many times have you heard the phrase "chop wood and carry water"? What about "look at the good first issues" or "triage the issues queue"? Or even "go out there and make yourself known to the community"? Open Source project members throw around these phrases as if they are the panacea to becoming a contributor, then a committer, and finally a maintainer. However, it is not that easy. These phrases can only help if you know what they mean! Demystifying this path to leadership in Open Source is imperative to the industry because we can’t grow on a path to continuous learning if we aren’t welcoming the next generation of contributors to our projects with clear and inclusive language. So here are some better questions to ask yourself when approaching a new Open Source project: What can I do if the first issues queue doesn’t contain any issues to work on? How do I introduce myself to the community? What if I can't find anything on the issue queue that makes sense? What contributions are needed most by this community? How do I climb the community role ladder toward leadership? People need guidance and support when climbing the mountain from the valley of becoming a new contributor to the zenith of maintainership. It is not always just as simple as following the community contributor guidelines. In this presentation I cover tips and trick on how to conquer that journey. Through practical examples of how I became a Helm maintainer, I hope that more people will realize it is within their grasp to become maintainers in Open Source projects. And the reality is that these projects NEED you too.
-
Break
-
Integrating Backup Into Your GitOps CI/CD PipelineMichael Cade
The ability to deploy code and version code has been a de facto requirement and a reason we have CI/CD pipelines for our application development, but with Kubernetes in particular we are seeing a closer tie between code and data. In particular, code being deployed can affect and change your data, for that reason, we need to consider protecting that data as part of our Continuous Development pipelines, In this session, we will focus on how we can incorporate backup actions into your pipeline to ensure that any code changes will start by creating a restore point be it a snapshot or an export to another external repository. We will then as part of a demo incorporate a failure scenario into the environment pipeline to simulate how a configmap can manipulate data to cause data loss. Then we need a way to bring the data back!
-
Securing Kubernetes with Open Policy AgentAnton Sankov
Kubernetes RBAC goes as far as whether a user can or cannot create new Kubernetes resources. However, it does not provide any capabilities for having more granular control on what resources can be created and what properties they might have. Validation webhooks fix that problem. They allow the user to define custom logic that looks at the resource being created/edited and, based on their properties, to allow or deny the operation. Gatekeeper is an implementation of a validation webhook that uses Open Policy Agent and allows you to define policies via the Rego language. These policies are applied to the Kube API server and live in Kubernetes as first-class citizens. This presentation will describe what validating webhooks are, how they work and how OPA and Gatekeeper leverage this functionality to protect your Kubernetes cluster. We will also dive into Rego and write our custom OPA policies.
-
Lunch
-
Hacking Kubernetes Like a Beginner with kdiggerMahé Tardy
During this session, Mahé will demonstrate a simple scenario of a multi-tenant attack in a Kubernetes cluster. He will explain the risks, see how to prevent this kind of attack and show how kdigger can speed up the discovery process of the environment. kdigger, short for "Kubernetes digger", is a context discovery and container assessment tool for Kubernetes penetration testing. This tool is a compilation of various plugins to facilitate pentesting Kubernetes from inside a pod. On top of discovering a new tool, this presentation will give you an idea of how pentesters generally try to pivot in typical Kubernetes clusters.
-
Stick a fork in it, it’s done: how to halt your sidecar jobsMatei David
Inspired by some of the research done by the Linkerd team and by suggestions from the Linkerd community, Linkerd maintainer Matei David will present a few ways of ensuring that when deploying jobs, sidecar containers terminate successfully when the main container finishes. Since the early days of Kubernetes, the sidecar container design pattern represents an easy and intuitive way to enhance the main container in a pod. The pattern has seen increased usage and adoption in production environments and serves a variety of platform-agnostic use cases such as collecting metrics and proxying traffic. Sidecar containers work well with most Kubernetes primitives, such as deployments, but they fall short when used in job objects. For service meshes or metric collectors, sidecars need to run continuously, blocking jobs from completing even after the main container has finished its work.
-
Network Engineering Goes DevOoopsieMarino Wijay
I sit here and reflect back to 2008 when my supervisor suggested I look into the CCNA and Network+. My world changed from plugging a cable into a switch to setting up BGP peers, to configuring Load Balancers for High Availability. Network Engineering has evolved and from my eyes, has been entirely reimagined, retaining the foundations of networking. As I've slowly pivoted to the world of Cloud Native technologies and DevOps, a lot of my previous Network Engineering skills have translated to today's approach to microservices architecture. FOLLOW THE PACKETS I SAY! What does Networking mean for consumers of Kubernetes and Containers? What does K8S and containers mean Network Engineers? What does that transformation for a Network Engineer look like? In this restrospective talk, I share my journey of Network Engineering from the late 2000s to one in 2022 surrounded by the world distributed systems, observability, the deeper need for security/identity and what our traffic tells us. My hope is to inspire others to transform their network engineering career.
-
Deploying a simple (Python) app to Kubernetes/OpenShiftJJ Asghar
JJ will walk you through deploying a simple python application to Kubernetes/OpenShift. We’ll start from the ground up, then get a complete automated build. The goal is to enable your developers to focus on code, not the infrastructure! It’s a chance to see the power of OpenShift and why taking the time to learn cloud-native development can get you the velocity you need.
-
Break
-
Secret Management: The Soft WayLian Li
Secrets. Security best-practices mandate that they stay away from the code—or else! And that’s what we did for a long time. But as CI/CD practices evolved, for a myriad of reasons, we now want to ship the code, the environment, and the secrets, all in one lump. So, we can’t hide the secrets anymore… unless? Tools like HashiCorp Vault attempt to address this by managing secrets outside the delivery chain. Great! But you can’t use those inside local dev environments, so… When that’s precisely what you need to do, then what? In this talk, Lian will show the audience how to manage secrets the GitOps way, so you can maintain security best-practices while also being able to use them in your local environment for development. Sound like magic? That’s because it is. After this talk, the audience will be able to understand secret management solutions that work seamlessly in a variety of environments.
-
Kubernetes cost monitoring best practicesKunal Kushwaha
There have been scenarios in which companies struggle to understand where they spend their cloud budget. For example, distinguishing between projects, teams, and applications with infrastructure services utilising them. Starting with why cost monitoring is essential, in this session, we'll learn about some of the best practices for monitoring your Kubernetes costs to maximise efficiency and reduce spending across teams, followed by some of the approaches we have seen organisations follow. Cost allocation can be complex in Kubernetes; hence, we'll also discuss what cost allocation models should be used. Such a set of best practices can reduce cloud spend and increase awareness within one's organisation.
-
Closing
Controlplane Room
-
Coffee
-
Opening
-
Hacking Kubernetes: Live Demo MarathonAndrew Martin
In a live evocation of the recent O’Reilly title Hacking Kubernetes (Martin, Hausenblas, 2021), this ultimate guide to threat-driven Kubernetes defence threat models and details how to attack and defend your precious clusters from nefarious adversaries. This broad and detailed appraisal of end-to-end cluster security teaches you how to attack and defend against a range of historical and current CVEs, misconfigurations, and advanced threats: - See the historical relevance of CVEs and demonstrations of attacks against your containers, pods, supply chain, network, storage, policy, and wider organisation - Understand when to use next-generation runtimes like gVisor, firecracker, and Kata Containers - Delve into workload identity and advanced runtime hardening - Consider the trust boundaries in soft- and hard-multitenant systems to appraise and limit the effects of compromise - Learn to navigate the choppy waters of advanced Kubernetes security
-
The Dark Side of GitOps: Unanswered Real-life ChallengesÁdám Szücs-Mátyás
You’ve probably heard all the benefits of GitOps practices, but even most trivial challenges are going unanswered in vendor demos and keynotes. Things like how I promote between environments, how can I handle infrastructure, what if I already got infrastructure that is managed by others like networking… Deploying to Kubernetes with GitOps is quite mature, though you’ll need additional services like databases, clusters. You’ll find that if you’d use Cluster API, Crossplane, AWS Controllers for Kubernetes it might solve your issue until it doesn’t integrate as you’d imagine. During this presentation I’ll go through some of the challenges we faced during rewriting LastPass’ full deployment model, solving end-to-end automation for real-life while writing less YAML files by moving towards Infrastructure as Software.
-
You've been holding it wrongGerhard Lazu
CI/CD is what gets your code from your laptop to your Kubernetes. If that is not the case, this talk is not for you. What if I told you that you've been holding CI/CD wrong all this time? If you can't run it locally, need to wait more than 5 minutes to see if a change works, and get goose bumps when someone on your team mentions migrating CI/CD, you're holding it wrong. After decades thinking about this problem, this is what holding it right means to me. Kubernetes is a small piece of the puzzle, and contrary to what many think, it should not be used to solve all problems. I learned this from someone else, and also... Join me if you are curious to see where this goes.
-
Break
-
Who Can You Really Trust?Ric Featherstone
Intangible “trust” is required to secure our systems: we need it to bootstrap infrastructure, secure the software supply chain, run workloads, and reassure our customers of their privacy. But how do we establish and secure this "trust" in a dynamic cloud-native system? The advent of hardware-based attestation and certificate authentication gives us new hope. But this brave new dawn has been just over the horizon for the last few years, and new technologies have emerged to champion the identification of our workloads. In this talk we: * Demystify the nebulous concept of Workload Identity * Define the importance of autonomous identity generation in a Zero Trust Architecture * Demonstrate practical examples of bootstrapping and using Workload Identity * Introduce existing and emerging technologies that enable you to anchor Workload Identity to a Hardware Root of Trust
-
Step by step Kubernetes observability with eBPFDenis Jannot
In this talk, I'm exploring how someone can use eBPF to get insights about the communications happening in a Kubernetes cluster. I write an eBPF program and then use the BumbleBee (https://github.com/solo-io/bumblebee) open source project to build and deploy it. This program gathers information about all the network communications happening in the cluster and publish the corresponding metrics that I store on Prometheus. I then deploy a service gets the metrics and correlate them with the Pod and Service IP addresses to build a graph displaying all the communications.
-
Lunch
-
Migrating a cluster with 2000+ microservices to managed Kubernetes: lessons and learningsMiles Bryant, Suhail Patel
Monzo has been running a single self-hosted Kubernetes cluster per-environment for years, and we decided to migrate to a managed Kubernetes service. This talk is all about the challenges and perils of doing a high stakes, real world, zero downtime Kubernetes migration at scale 🤓 We’ll talk about the constraints and challenges, including: - the complexity, diversity and quantity of the systems running on the cluster - downtime having real human impact with someone potentially not being able to pay for food or make a rent payment - the sheer number of different services and teams to interact with which meant that we had to adopt an automated process that was fully transparent to other engineers We’ll dive into some of the technical details that allowed us to migrate within these constraints, and our plans for rearchitecting our platform to make future upgrades and migrations easier. Takeaways will include: - How Kubernetes makes infrastructure migrations more manageable - Actionable learnings about doing migrations at scale in general
-
How to protect your Kubernetes cluster using CrowdsecHamza Essahely, Sebastien Blot
The [CrowdSec](https://github.com/crowdsecurity/crowdsec/) project aims at providing a crowdsourced approach to common infrastructure defense problems, by distributing free & open-source software allowing you to protect yourself and share information about malevolent actors. CrowdSec could be perceived as a modern form of Fail2ban, though for Cloud and container-based infrastructure as well and capable of taking way more advanced decisions a lot faster. Mainly, it’s using a decoupled and distributed approach (detect here, remedy there) and an inference engine that leverages leaky buckets, YAML & Grok patterns to identify aggressive behaviors. It acquires signals from various data sources like files, syslogd, journald, AWS Cloudwatch and Kinesis, Docker logs and Windows Event Log, normalizes them, enriches them to apply heuristics and triggers a bouncer to deal with the threat, if need be. Since it’s written in Go, it’s compatible with almost any environment, fast in execution and ressource conservative. The endgame is the Reputation engine though. If you want to partake in the network to benefit from its findings, CrowdSec captures all aggression signals (timestamp, IP, behavior) and sends them for curation. That way, it establishes a reliable IP blacklist that is constantly redistributed to the network members, in order to achieve a form of Digital Herd Immunity. An IP caught aggressing WordPress sites will quickly be banned by all members using CrowdSec that subscribed to the WordPress defense collection. In that way, we share the IPs that are relevant to your technical context. While Crowdsec is in charge of the detection, the reaction is performed by "bouncers" that aim to be deployable at any level of the applicative / infrastructure stack : * via nftables/iptables/pf based on an IP set * via Nginx lua plugin * via Traefik middleware * on Cloudflare via our bouncer that integrates with Cloudflare API * Or GCP/AWS/Azure firewall, slack or scripting, notifications, etc. .. or in many other ways. Over time the possibilities will increase as the application design basically supports anything. This approach, combined with a declarative configuration and a stateless behavior, will make it an ideal candidate to enhance the security of modern stacks (containers, kubernetes, serverless and more generally automatically deployed infrastructures). Furthermore, we intend to create and share the most accurate database of malevolent actors as possible, under the form of a real-time IP reputation system, accessible through API. Whenever an attack is locally blocked/detected by Crowdsec, the "meta" information of the attack is shared amongst participants (source ip, date and triggered scenario) for redistribution to network members. We are committed to building a strong community, with all that it implies : * [a public hub](https://hub.crowdsec.net) to find, share and amend parsers, scenarios and blockers * permissive open-source license to stay business friendly * and overall a strong commitment to transparency and community-first mentality, by tooling and behavior The microservice architecture is the most significant security challenge in a Kubernetes cluster. Every application you deploy opens a new potential entry for attackers, increasing the attack surface. In this talk, we'll present the Crowdsec project and see how we can protect a kubernetes cluster using Crowdsec and the power of the Crowd.
-
Policy + Cloud Controllers = Secure Scalable Dev-Centric Infrastructure.Rowan Baker, Henry Mortimer
In large organizations, securing cloud infrastructure around Kubernetes is hard. Application developers, who’ve already had to learn Kubernetes, shouldn’t need to become IAC SMEs to operate their applications' backend cloud infrastructure. Alternatively, using infrastructure teams to service requests and centralize control doesn’t scale with an increasing number of users and use cases. In this talk, Rowan and Henry will demonstrate how infrastructure teams can use policy engines to secure an emerging model that uses Kubernetes hosted cloud controllers (Crossplane, ACK, config-connector) to provision infrastructure. This model enables application teams to self serve, whilst preventing the launch of insecure infrastructure. To ease adoption of the model, Rowan and Henry will open source policies and templates to enforce controls aligned with the CIS benchmarks and to simplify the developer experience by setting secure defaults and dynamically generating supporting cloud resources.
-
Break
-
The Future of Continuous DeliveryPaul Dragoonis
It’s the year 2022, an exciting time for the tech industry. Globally, software organizations and internet companies are delivering more and more software, at a rate and scale that we’ve never faced before. This unprecedented demand has created new challenges for us all, which have been hurting our organizations when creating continuous delivery solutions. The great thing about these new challenges is that they’ve sparked new and amazing innovations in the CI/CD industry. In this Paul Dragoonis talks about the following: New innovations in the CI/CD, Cloud Native, and open source communities are being developed. Where these innovations are taking the world of continuous delivery. What to expect, from the CD community, later this year, and into the future
-
Building Operators for Legacy Software or: Running Minecraft on KubernetesJames Laverack
I've always loved Minecraft, and I've always loved playing it with my friends. Being the one with a home server, I setup my own Minecraft server. Soon I wanted to manage it with Kubernetes like the rest of my applications, and wanted to automate common tasks like backups and upgrades. So I made an operator. This talk will cover the how of making an operator for a 'legacy' application that is not designed to be cloud-native, and why you might want to do it. The operator is open source at https://github.com/jameslaverack/minecraft-operator. The operator and the talk are not endorsed by Mojang Studios or Microsoft in any way.
-
Closing
Collaboration Space
- - Building event-driven, serverless functions in Kubernetes with Peter Mbanugo
- - Get to know Envoy - the modern proxy for cloud-native infrastructure with Baptiste Collard
- - eBPF workshop with Denis Jannot
Tuesday, October 4th
Programme
Lloyds Banking Group Room
-
Coffee
-
Opening
-
tall oaks from little acorns grow - an Open Source journeyDan Finneran
This session will detail the trials and tribulations of starting with a few lines of code to fix a problem, to ending up with a project that underpins millions of Kubernetes clusters. From angering end users by implementing what seemed at the time "a good idea" to being dragged in-front of a legal team, it isn’t all plain sailing. However through this talk the attendees will hopefully learn the joys of being part of Open Source, the elation of a community that comes to contribute and the realisation that it was worth it in the end!
-
Fireside Chat: Open Source and the Global Security ResponseAmanda Brock, Andrew Martin, Liz Rice, Thomas Meadows
Host: Amanda Brock, CEO, OpenUK Andrew Martin, Control Plane Founder and CEO and OpenUK CISO Liz Rice, Chief Open Source Officer, Isovalent and OpenUK Director Thomas Meadows, Solutions Engineer, Jetstack
-
ClickOps over GitOpsLaszlo Fogas
The delta between Kubernetes and a developer friendly PaaS is where the next layer of value is being created today. Many products are racing to fill the void that is called Kubernetes developer experience. This is also the place where things get opinionated, a requirement for reliable end to end workflows. In this talk you will learn about Gimlet.io's approach on how Kubernetes UIs can be quick to use, and safe at the same time. In this talk you will see how you can create a developer platform - with the usual components Cert-Manager, Nginx Ingress etc - and deploy on it with only clicking on a dashboard. You will also see that behind the curtains, all Gimlet does is writing yamls into a git repository. ClickOps.. over GitOps.
-
K8s & meat: How we got Kubernetes into the Kaufland meat processing factoriesEngin Diri
Kubernetes, Kubernetes everywhere. Without any doubt, the adoption and usage of Kubernetes skyrocketed through the entire IT world. From tech-savvy startups, working on their next unicorn product, to conservative insurance companies increasing productivity and reducing time to market. It's hard to not see all the benefits Kubernetes creates to IT organization. So it was a matter of time, that our very own business gave us the task: Bring Kubernetes to our production facilities, and start with the Kaufland meat processing factories. In this talk, I want to share our one-year-long journey to accomplish this mission. Sharing all the mistakes and the successes we made during this huge project. From learnings about all the security and compliance requirements when working in the industrial area to enabling the platform and application teams. Of course, we will talk about all the technics we used like GitOps, Infrastructure as Code, Policy as Code and so on. In short: k8s & meat, it's not always as tender as we thought it would.
-
Lunch
-
Introduction to OpenFeatureAlex Jones
OpenFeature is an open standard for feature flag management, created to support a robust feature flag ecosystem using cloud native technologies. OpenFeature provides a unified API and SDK, and a developer-first, cloud-native implementation, with extensibility for open source and commercial offerings.
-
Crowdsourcing a Kubernetes distribution: What we learnt with MicroK8sAlex Jones
MicroK8s went from a part-time project to an Open-source success story available on every Ubuntu server in the world. However, behind its meteoric rise in usage, we struggled to balance the needs of end-users, the challenges of competition and In this talk we’ll talk about how it took us time to realise the power of community, to build a way to enable them to help guide our roadmap and to truly recognise the power of crowdsourcing engineering through open source.
-
How to automate troubleshooting a k8s cluster environmentAlexander Trelore
This session will introduce troubleshoot.sh, an open source project that helps diagnose common issues that could impact the successful deployment and operation of a Kubernetes cluster. We'll talk about how to use out-of-the-box tools, plus show you how to write your own custom collectors and analysers. Together these components should help identify issues before you install and once you are up and running.
-
GitOps for the peopleLian Li
MoneyBank Inc. is a fintech enterprise that recently made the jump to K8s and GitOps to cope with the shift of demands from cranking out features towards stability and scalability. Yet, even with a fully automated CICD and shiny new microservices, features still take weeks to be released. As teams keep waiting on each other, frustrations, resentment, and mistrust grow. MoneyBank’s situation is typical for organizations with enterprise processes and startup mindsets. When faced with problems, the urge is often to move fast and automate them away. However, the cultural and regulatory structures to support these changes are not in the scope of said automation. One more piece is missing to address the needs of non-technical stakeholders within the ever-changing CICD landscape. In this talk, we will attempt to automate the non-automatable with ReleaseOps: GitOps for the people.
-
Break
-
What DragonBall can teach us about being engineersMarcus Noble
The world of DragonBall has many teachings that we can apply to our life as developers, SREs and DevOps engineers. In this fun and fast-paced talk we'll learn how the Z Warriors were ahead of their time and how they fully embrace the engineer mindset.
-
Scaling Communities to be more InclusiveKunal Kushwaha
Being an open-source enthusiast, Kunal believes that diversity in the workplace and participation from people hailing from different cultures is necessary as well as instrumental for the growth of the IT sector. It exposes one to the multitude of values and principles that people from varying ethnicities hold. Meeting people from around the world teaches people to respect opposing perspectives and opinions, and ingrains in them respect for their peers. He finds passion in teaching and has taught thousands of students both online and in-person. He is the founder of Community Classroom, an organisation focussed on providing training & mentorship, free of cost. He also started the Official Cloud Native Student Community group joined by thousands of students, focussed on getting more young people involved in the Cloud Native world. These platforms are utilised by conducting hands-on workshops, events, podcasts, and sharing about opportunities in the field. The talk is going to be focussed around what defines a community, and figuring out what are the community's shared struggles. It’s also important to know what is the mission of your community and what members look to get out of it. Communication is key and we’ll also talk about how to future proof your community. Regarding diversity and inclusion, it’s important to know who might be excluded from accessing your community activities in their current form. We’ll also discuss about what are some of the negative scenarios which might happen while running activities for your community which will make them less inclusive to marginalised groups. Following up with designing for your community's needs, and last but not least, having a Code of Conduct. Attendees will learn about: How to start a new community and make it inclusive from the beginning. How to scale communities to under-representative groups How to deal with conflicts and take care of your audience’s needs.
-
State of Open - what is open source and why it matters in Scotland todayAmanda Brock
A strategic scene setting of open source and how it got to its premier status in the software market today, an update from OpenUK's State of Open : The UK in 2022 report, and a strategic view on curation, stewardship and the future of open source in the enterprise and public sector as it becomes our critical national infrastructure.
-
Closing
Controlplane Room
-
Coffee
-
Opening
-
EBPF and Kubernetes - Next level observabilityOwen Bowers Adams
A deep dive into how EBPF pairs with kubernetes to provide real time, low overhead tracing. This will focus on what ebpf is, how it fits into the kubernetes ecosystem and how tools like pixie can take tie it all together
-
BumbleBee: Or How I Learned To Stop Worrying And Love eBPFKrisztian Fekete
eBPF is hard. There are more and more docs and blogs, but the learning curve seems to be really steep. Where could you possibly start to play around with this new technology? In this talk, I will briefly introduce the (e)BPF landscape, then show you one of the easiest way to get started with eBPF. We will explore existing tools, and see what it takes to drop them into a Kubernetes cluster, and learn how can you expose their output as Prometheus metrics with only a few keystrokes.
-
Why We Chose To Ditch Helm To Gain Open Source SanitySimon Emms
Helm is a truly excellent ecosystem and is rightly valued by the world over for giving full customisation of deployments. For open-source projects with a finite number of support engineers, full customisation is not always something that is desirable. Sometimes, you need to provide opinionated guide rails for people in order to provide effective support for your product. This session will focus on the reasons why Gitpod has deprecated its Helm charts and switched to a custom-built Installer. Simon will explore some of the benefits and pitfalls experienced and how the community reacted to such a seismic change. He will also answer the question - "would he do it again?"
-
Lunch
-
The Wonders and Woes of WebhooksMarcus Noble
Since introduced in Kubernetes v1.9, webhooks have been a key feature, making up one of the cornerstones of Kubernetes extensibility. When used right, they can allow operators to have much more control over their clusters and with tooling like Kyverno and Gatekeeper it’s easier than ever to leverage their full power. But, when misused, things can get very, very messy. So how do we ensure our webhooks are full of wonders and not woes? By taking a look at the history of webhooks in Kubernetes, the driving force behind their adoption and through several horror stories of webhooks gone wrong, we can develop a set of best practices and guidelines to follow to ensure our webhooks stay full of wonder without the woes.
-
Using Kubernetes and A Service Mesh to Build a Resilient PlatformGuy Templeton, Alex Williams
This session will discuss how Skyscanner's Production Platform tribe designed a new, resilient architecture to allow Skyscanner's engineers to deliver new features to travelers on a reliable multi-tenant platform. We'll discuss what inspired the design choices, where trade-offs had to be made, the challenges faced, and the successes along the way. This will include how this architecture enabled Skyscanner to perform multiple cluster upgrades and migrations without service owners even noticing, as well as more day-to-day cluster tasks like component upgrades in a safe and scalable manner.
-
Gateway APIs and API Gateways - modern ingress demystifiedMatt Turner
Up until now, Ingress routes into K8s clusters have been defined by the Ingress kind, or by vendor-specific CRDs. Neither of these were satisfactory, so a new set of built-in k8s APIs was developed - the Gateway API. In this talk, Matt will cover the motivation for a new API, its design, and show some examples of its use. He'll then also cover implimentations of it today and in the future, and talk about the exciting merging of several of the existing ingress controllers into one new de facto standard - Envoy Gateway.
-
Break
-
Closing
Collaboration Space
- - Capture the Flag - Kubernetes Edition with Andrew Martin
Speakers
Our call for papers is now closed. We will announce our speakers shortly.
Speaker Bio
Adam is leading to currently leading cloud transformation and redesigned Kubernetes deployment across the organisation. Security is crucial in what we deliver to our customers, therefore everything we do has to meet the highest standards. He has 5 years experience with Kubernetes and over 2 years with GitOps, and use this knowledge to deliver impactful changes across engineering and how they work and deliver software.
Talks
You’ve probably heard all the benefits of GitOps practices, but even most trivial challenges are going unanswered in vendor demos and keynotes. Things like how I promote between environments, how can I handle infrastructure, what if I already got infrastructure that is managed by others like networking… Deploying to Kubernetes with GitOps is quite mature, though you’ll need additional services like databases, clusters. You’ll find that if you’d use Cluster API, Crossplane, AWS Controllers for Kubernetes it might solve your issue until it doesn’t integrate as you’d imagine. During this presentation I’ll go through some of the challenges we faced during rewriting LastPass’ full deployment model, solving end-to-end automation for real-life while writing less YAML files by moving towards Infrastructure as Software.
Speaker Bio
Alex works as both a contributor and end-user of cloud-native technology. He spends his work-time translating tooling, practices and behaviours into generators of strategic value and positive cultural change. His passion is to create positive engineering cultures that enable inclusivity and diversity as a core attribute rather than a vague goal. Enabling engineers to build more reliable services through shared accountability, observability and automation of toil. He has worked at companies such as JPMorgan, American Express, Microsoft, British Sky Broadcasting.
Talks
OpenFeature is an open standard for feature flag management, created to support a robust feature flag ecosystem using cloud native technologies. OpenFeature provides a unified API and SDK, and a developer-first, cloud-native implementation, with extensibility for open source and commercial offerings.
Crowdsourcing a Kubernetes distribution: What we learnt with MicroK8s
MicroK8s went from a part-time project to an Open-source success story available on every Ubuntu server in the world. However, behind its meteoric rise in usage, we struggled to balance the needs of end-users, the challenges of competition and In this talk we’ll talk about how it took us time to realise the power of community, to build a way to enable them to help guide our roadmap and to truly recognise the power of crowdsourcing engineering through open source.
Speaker Bio
.
Talks
This session will discuss how Skyscanner's Production Platform tribe designed a new, resilient architecture to allow Skyscanner's engineers to deliver new features to travelers on a reliable multi-tenant platform. We'll discuss what inspired the design choices, where trade-offs had to be made, the challenges faced, and the successes along the way. This will include how this architecture enabled Skyscanner to perform multiple cluster upgrades and migrations without service owners even noticing, as well as more day-to-day cluster tasks like component upgrades in a safe and scalable manner.
Speaker Bio
Alexander is a senior software engineer at Replicated, where he is responsible for a collection of backend Go micro-services. In his spare time he streams various software projects on twitch, ranging from making video games, to toying with CNCF projects.
Talks
This session will introduce troubleshoot.sh, an open source project that helps diagnose common issues that could impact the successful deployment and operation of a Kubernetes cluster. We'll talk about how to use out-of-the-box tools, plus show you how to write your own custom collectors and analysers. Together these components should help identify issues before you install and once you are up and running.
Speaker Bio
Amanda Brock is CEO of OpenUK, the UK organisation for the business of Open Technology in the UK – being open source software, open hardware and open data -with a purpose of UK Leadership and International Collaboration in Open Technology. She is a Board Member of the Open Source Initiative; UK Cabinet Office Open Standards Board Member; British Computer Society Inaugural Influence Board Member; Advisory Board Member: KDE, Planet Crust, and Mimoto; Charity Trustee, Creative Crieff and GeekZone; and European Representative of the Open Invention Network. A lawyer of 25 years’ experience, she previously chaired the Open Source and IP Advisory Group of the United Nations Technology Innovation Labs, sat on the OASIS Open Projects and UK Government Energy Sector Digitalisation Task Force. Advisory Boards. She was General Counsel of Canonical for 5 years and set up their legal function. Amanda was awarded the 2022 UK Lifetime Achievement Award in the Women, Influence & Power Awards, and included in Computer Weekly’s Most influential Women in Tech Long list in 2021 and in their UK Tech50 longlist for 2022. She is the editor of Open Source, Law, Policy and Practise, second edition being published by Oxford University Press in September 2022 and with open access thanks to the Vietsch Foundation. linkedin.com/in/amandabrocktech/ @openuk_uk @amandabrockUK
Talks
Host: Amanda Brock, CEO, OpenUK Andrew Martin, Control Plane Founder and CEO and OpenUK CISO Liz Rice, Chief Open Source Officer, Isovalent and OpenUK Director Thomas Meadows, Solutions Engineer, Jetstack
State of Open - what is open source and why it matters in Scotland today
A strategic scene setting of open source and how it got to its premier status in the software market today, an update from OpenUK's State of Open : The UK in 2022 report, and a strategic view on curation, stewardship and the future of open source in the enterprise and public sector as it becomes our critical national infrastructure.
Speaker Bio
Andrew has an incisive security engineering ethos gained building and destroying high-traffic web applications. Proficient in systems development, testing, and operations, he is at his happiest profiling and securing every tier of a cloud native system, and has battle-hardened experience delivering containerised solutions to enterprise and government. He is CEO at https://control-plane.io
Talks
In a live evocation of the recent O’Reilly title Hacking Kubernetes (Martin, Hausenblas, 2021), this ultimate guide to threat-driven Kubernetes defence threat models and details how to attack and defend your precious clusters from nefarious adversaries. This broad and detailed appraisal of end-to-end cluster security teaches you how to attack and defend against a range of historical and current CVEs, misconfigurations, and advanced threats: - See the historical relevance of CVEs and demonstrations of attacks against your containers, pods, supply chain, network, storage, policy, and wider organisation - Understand when to use next-generation runtimes like gVisor, firecracker, and Kata Containers - Delve into workload identity and advanced runtime hardening - Consider the trust boundaries in soft- and hard-multitenant systems to appraise and limit the effects of compromise - Learn to navigate the choppy waters of advanced Kubernetes security
Capture the Flag - Kubernetes Edition
Delve deeper into the dark and mysterious world of Kubernetes security! Exploit a supply chain attack and start your journey deep inside the target infrastructure, exploit your position to hunt and collect the flags, and hopefully learn something new and wryly amusing along the way! Attendees can play six increasingly beguiling and demanding scenarios to bushwhack their way through the dense jungle of Kubernetes security. Everybody is welcome, from beginner to hardened veteran, as we venture amongst the low-hanging fruits of insecure configuration and scale the lofty peaks of cluster compromise! To attend this workshop, you will need a laptop (or tablet if so inclined) as well as a basic understanding of how to interact with Linux from a terminal (e.g. ls, cd, cat, grep). You will be given access to a cluster and it's up to you if you'd like to run this alone or as part of a team.
Fireside Chat: Open Source and the Global Security Response
Host: Amanda Brock, CEO, OpenUK Andrew Martin, Control Plane Founder and CEO and OpenUK CISO Liz Rice, Chief Open Source Officer, Isovalent and OpenUK Director Thomas Meadows, Solutions Engineer, Jetstack
Speaker Bio
Anton is a software engineer at VMware Carbon Black. He has a strong engineering background, having previously worked at market leaders in multiple industries - from payments, to cloud and infrastructure provisioning. At VMware, he is helping define the future of container and cloud security. The Kubernetes ecosystem is interesting to him because of its elegant solutions to real-world problems and constant drive for innovation.
Talks
Kubernetes RBAC goes as far as whether a user can or cannot create new Kubernetes resources. However, it does not provide any capabilities for having more granular control on what resources can be created and what properties they might have. Validation webhooks fix that problem. They allow the user to define custom logic that looks at the resource being created/edited and, based on their properties, to allow or deny the operation. Gatekeeper is an implementation of a validation webhook that uses Open Policy Agent and allows you to define policies via the Rego language. These policies are applied to the Kube API server and live in Kubernetes as first-class citizens. This presentation will describe what validating webhooks are, how they work and how OPA and Gatekeeper leverage this functionality to protect your Kubernetes cluster. We will also dive into Rego and write our custom OPA policies.
Speaker Bio
Baptiste Collard is a Field Engineer at Solo.io. Baptiste worked as a middleware expert and also as an IT Architect over the last decade. He likes plumbing pieces of software together and even more when it's running on Kubernetes!
Talks
Envoy Proxy is a foundational layer for many of the innovations propelling the Kubernetes community, including service meshes and cloud-native API gateways. But many engineers understand it only as a black box, hidden by simplifying levels of abstraction. The purpose of this workshop is to provide a hands-on workshop that will bridge those gaps in Envoy's understanding. Participants will explore first principles regarding Envoy architecture, filter chains, and a day-in-the-life of a request.
Speaker Bio
Dan Finneran is the VP of Marketing for Loft Labs Inc. His journey to today has included bare-metal, jails, zones, vms and containers where he is currently enjoying the fast paced ride in the cloud native space. He also created & maintains a popular Open-Source load-balancer for Kubernetes and contributes to upstream Kubernetes. He’s also been fortunate to present at events ranging from the British computing society, HPE Technical solutions summit to DockerCon and KubeCon amongst others.
Talks
This session will detail the trials and tribulations of starting with a few lines of code to fix a problem, to ending up with a project that underpins millions of Kubernetes clusters. From angering end users by implementing what seemed at the time "a good idea" to being dragged in-front of a legal team, it isn’t all plain sailing. However through this talk the attendees will hopefully learn the joys of being part of Open Source, the elation of a community that comes to contribute and the realisation that it was worth it in the end!
Speaker Bio
Denis is the Director of Field Engineering at Solo.io, a company building application networking solutions for the edge and service mesh. Denis is a passionate engineer who has spent his career in technical roles working directly with customers and users in architecting and adopting technologies like Object Storage, Big Data, Containerization, Service Mesh into their infrastructure. He enjoys sharing what he learns with the community and can be found creating demos, writing blogs, and speaking at events.
Talks
In this talk, I'm exploring how someone can use eBPF to get insights about the communications happening in a Kubernetes cluster. I write an eBPF program and then use the BumbleBee (https://github.com/solo-io/bumblebee) open source project to build and deploy it. This program gathers information about all the network communications happening in the cluster and publish the corresponding metrics that I store on Prometheus. I then deploy a service gets the metrics and correlate them with the Pod and Service IP addresses to build a graph displaying all the communications.
eBPF workshop
eBPF is a revolutionary technology with origins in the Linux kernel that can run sandboxed programs in an operating system kernel. It is used to safely and efficiently extend the capabilities of the kernel without requiring to change kernel source code or load kernel modules. BumbleBee (https://github.com/solo-io/bumblebee) is a new Open Source project which helps to build, run and distribute eBPF programs using OCI images. It allows you to focus on writing eBPF code, while taking care of the user space components - automatically exposing your data as metrics or logs. In this workshop, we're introducing eBPF and the different ways to create eBPF programs. Then, attendees are creating their first eBPF program using BCC and libbpf to have a better understanding of the main concepts. Finally, they are going through several labs to build and deploy an eBPF program with BumbleBee. They also deploy Prometheus and a web application on Kubernetes to display all the communications happening in the Kubernetes cluster.
Speaker Bio
My name is Engin Diri and I work for more than 15 years in the IT industry. Started as a Java developer and went there from fronted to backend development until I found my sweet spot in all things related to CI/CD and cloud topics. Currently, I am working in the Schwarz Group, the people behind the big retail brands Lidl and Kaufland. Here I help different projects and teams on their journey to the cloud. I love everything about Cloud, Cloud Transformation and Enablement. I am a multi-cloud person with a strong passion for Kubernetes. Furthermore, I am very curious and love to try out new technologies.
Talks
Kubernetes, Kubernetes everywhere. Without any doubt, the adoption and usage of Kubernetes skyrocketed through the entire IT world. From tech-savvy startups, working on their next unicorn product, to conservative insurance companies increasing productivity and reducing time to market. It's hard to not see all the benefits Kubernetes creates to IT organization. So it was a matter of time, that our very own business gave us the task: Bring Kubernetes to our production facilities, and start with the Kaufland meat processing factories. In this talk, I want to share our one-year-long journey to accomplish this mission. Sharing all the mistakes and the successes we made during this huge project. From learnings about all the security and compliance requirements when working in the industrial area to enabling the platform and application teams. Of course, we will talk about all the technics we used like GitOps, Infrastructure as Code, Policy as Code and so on. In short: k8s & meat, it's not always as tender as we thought it would.
Speaker Bio
Gerhard enjoys infrastructure, good conversations and improving. He is improving CI/CD through his role at Dagger.io, runs changelog.com infra for the fun of it and helps others level up via changelog.com/shipit
Talks
CI/CD is what gets your code from your laptop to your Kubernetes. If that is not the case, this talk is not for you. What if I told you that you've been holding CI/CD wrong all this time? If you can't run it locally, need to wait more than 5 minutes to see if a change works, and get goose bumps when someone on your team mentions migrating CI/CD, you're holding it wrong. After decades thinking about this problem, this is what holding it right means to me. Kubernetes is a small piece of the puzzle, and contrary to what many think, it should not be used to solve all problems. I learned this from someone else, and also... Join me if you are curious to see where this goes.
Speaker Bio
Guy is a principal software engineer at Skyscanner, working in the Production Platform tribe where he’s focused on providing the best possible platform for Skyscanner’s travelers and engineers. Within Skyscanner, he’s the SME on scaling Kubernetes and containerised workloads. He’s also a co-chair of Kubernetes’ SIG Autoscaling. When he's not knees-deep in YAML he can usually be found having type 2 fun on a bike.
Talks
This session will discuss how Skyscanner's Production Platform tribe designed a new, resilient architecture to allow Skyscanner's engineers to deliver new features to travelers on a reliable multi-tenant platform. We'll discuss what inspired the design choices, where trade-offs had to be made, the challenges faced, and the successes along the way. This will include how this architecture enabled Skyscanner to perform multiple cluster upgrades and migrations without service owners even noticing, as well as more day-to-day cluster tasks like component upgrades in a safe and scalable manner.
Speaker Bio
Coming from a sys admin then pentester/secops background, I'm now core developer at Crowdsec.
Talks
The [CrowdSec](https://github.com/crowdsecurity/crowdsec/) project aims at providing a crowdsourced approach to common infrastructure defense problems, by distributing free & open-source software allowing you to protect yourself and share information about malevolent actors. CrowdSec could be perceived as a modern form of Fail2ban, though for Cloud and container-based infrastructure as well and capable of taking way more advanced decisions a lot faster. Mainly, it’s using a decoupled and distributed approach (detect here, remedy there) and an inference engine that leverages leaky buckets, YAML & Grok patterns to identify aggressive behaviors. It acquires signals from various data sources like files, syslogd, journald, AWS Cloudwatch and Kinesis, Docker logs and Windows Event Log, normalizes them, enriches them to apply heuristics and triggers a bouncer to deal with the threat, if need be. Since it’s written in Go, it’s compatible with almost any environment, fast in execution and ressource conservative. The endgame is the Reputation engine though. If you want to partake in the network to benefit from its findings, CrowdSec captures all aggression signals (timestamp, IP, behavior) and sends them for curation. That way, it establishes a reliable IP blacklist that is constantly redistributed to the network members, in order to achieve a form of Digital Herd Immunity. An IP caught aggressing WordPress sites will quickly be banned by all members using CrowdSec that subscribed to the WordPress defense collection. In that way, we share the IPs that are relevant to your technical context. While Crowdsec is in charge of the detection, the reaction is performed by "bouncers" that aim to be deployable at any level of the applicative / infrastructure stack : * via nftables/iptables/pf based on an IP set * via Nginx lua plugin * via Traefik middleware * on Cloudflare via our bouncer that integrates with Cloudflare API * Or GCP/AWS/Azure firewall, slack or scripting, notifications, etc. .. or in many other ways. Over time the possibilities will increase as the application design basically supports anything. This approach, combined with a declarative configuration and a stateless behavior, will make it an ideal candidate to enhance the security of modern stacks (containers, kubernetes, serverless and more generally automatically deployed infrastructures). Furthermore, we intend to create and share the most accurate database of malevolent actors as possible, under the form of a real-time IP reputation system, accessible through API. Whenever an attack is locally blocked/detected by Crowdsec, the "meta" information of the attack is shared amongst participants (source ip, date and triggered scenario) for redistribution to network members. We are committed to building a strong community, with all that it implies : * [a public hub](https://hub.crowdsec.net) to find, share and amend parsers, scenarios and blockers * permissive open-source license to stay business friendly * and overall a strong commitment to transparency and community-first mentality, by tooling and behavior The microservice architecture is the most significant security challenge in a Kubernetes cluster. Every application you deploy opens a new potential entry for attackers, increasing the attack surface. In this talk, we'll present the Crowdsec project and see how we can protect a kubernetes cluster using Crowdsec and the power of the Crowd.
Speaker Bio
Henry is a security engineer at ControlPlane. He has subject matter expertise in using custom policy agents to automate plicy enforcment within k8s and combines experience across engineering and security to improve the security landscape through better tooling, automation and documentation.
Talks
In large organizations, securing cloud infrastructure around Kubernetes is hard. Application developers, who’ve already had to learn Kubernetes, shouldn’t need to become IAC SMEs to operate their applications' backend cloud infrastructure. Alternatively, using infrastructure teams to service requests and centralize control doesn’t scale with an increasing number of users and use cases. In this talk, Rowan and Henry will demonstrate how infrastructure teams can use policy engines to secure an emerging model that uses Kubernetes hosted cloud controllers (Crossplane, ACK, config-connector) to provision infrastructure. This model enables application teams to self serve, whilst preventing the launch of insecure infrastructure. To ease adoption of the model, Rowan and Henry will open source policies and templates to enforce controls aligned with the CIS benchmarks and to simplify the developer experience by setting secure defaults and dynamically generating supporting cloud resources.
Speaker Bio
James is a engineer specialising in cloud native software and distributed systems. He’s an active contributor to the Kubernetes project and has been on the release team for Kubernetes v1.18 through v1.24, culminating in being the Release Team Lead for Kubernetes 1.24 Stargazer. ✨ Before Jetstack, James worked as an application developer in fintech.
Talks
I've always loved Minecraft, and I've always loved playing it with my friends. Being the one with a home server, I setup my own Minecraft server. Soon I wanted to manage it with Kubernetes like the rest of my applications, and wanted to automate common tasks like backups and upgrades. So I made an operator. This talk will cover the how of making an operator for a 'legacy' application that is not designed to be cloud-native, and why you might want to do it. The operator is open source at https://github.com/jameslaverack/minecraft-operator. The operator and the talk are not endorsed by Mojang Studios or Microsoft in any way.
Speaker Bio
JJ works as a Developer Advocate representing the IBM Cloud all over the world. He mainly focuses on the IBM Kubernetes Service and OpenShift trying to make companies and users have a successful onboarding to the Cloud Native ecosystem. He’s also been known in the DevOps tooling ecosystem and generalized Linux communities. If he isn’t building automation to make his work streamlined he’s building the groundwork to do just that. He lives and grew up in Austin, Texas. A father and husband, trying to learn to balance his natural nerdiness with family life. He enjoys a good strong dark ale, hoppy IPA, some team building Artemis, and epic Gloomhaven campaigning. He has recently dove headfirst into Fedora since IBM buying Redhat, but still secretly wants FreeBSD everywhere. He’s always trying to become a better web technology developer, though normally just uses bash to get the job done.
Talks
JJ will walk you through deploying a simple python application to Kubernetes/OpenShift. We’ll start from the ground up, then get a complete automated build. The goal is to enable your developers to focus on code, not the infrastructure! It’s a chance to see the power of OpenShift and why taking the time to learn cloud-native development can get you the velocity you need.
Speaker Bio
Krisztian is enthusiastic about observability and cloud infrastructures. He's now working at Solo.io as a Field engineer. Previously, he was working at LastPass as senior DevOps/SRE engineer. Krisztian is building a self hosted blog on top of Istio in his spare time. The main topics of the blog are aligned with his interests while he is also using the platform to share operational anecdotes on running one of the most "over-engineered" blog out there.
Talks
eBPF is hard. There are more and more docs and blogs, but the learning curve seems to be really steep. Where could you possibly start to play around with this new technology? In this talk, I will briefly introduce the (e)BPF landscape, then show you one of the easiest way to get started with eBPF. We will explore existing tools, and see what it takes to drop them into a Kubernetes cluster, and learn how can you expose their output as Prometheus metrics with only a few keystrokes.
Speaker Bio
Kunal is working towards empowering communities via Open Source and Education. He finds passion in teaching and has taught thousands of folks online and in person. He is currently a Developer Advocate at Civo, CNCF Ambassador, track chair of the KubeCon + CloudNativeCon student track, Major League Hacking Coach. In the past, he has been a Google Summer of Code Mentor at Red Hat Middleware, Student Program Manager at Data on Kubernetes Community, part of the Kubernetes release team, and a TEDx speaker. He is the founder of Kubeworld, Community Classroom, and also started the official Cloud Native Student Community group joined by thousands of students, focussed on getting more young people involved in the ecosystem.
Talks
There have been scenarios in which companies struggle to understand where they spend their cloud budget. For example, distinguishing between projects, teams, and applications with infrastructure services utilising them. Starting with why cost monitoring is essential, in this session, we'll learn about some of the best practices for monitoring your Kubernetes costs to maximise efficiency and reduce spending across teams, followed by some of the approaches we have seen organisations follow. Cost allocation can be complex in Kubernetes; hence, we'll also discuss what cost allocation models should be used. Such a set of best practices can reduce cloud spend and increase awareness within one's organisation.
Scaling Communities to be more Inclusive
Being an open-source enthusiast, Kunal believes that diversity in the workplace and participation from people hailing from different cultures is necessary as well as instrumental for the growth of the IT sector. It exposes one to the multitude of values and principles that people from varying ethnicities hold. Meeting people from around the world teaches people to respect opposing perspectives and opinions, and ingrains in them respect for their peers. He finds passion in teaching and has taught thousands of students both online and in-person. He is the founder of Community Classroom, an organisation focussed on providing training & mentorship, free of cost. He also started the Official Cloud Native Student Community group joined by thousands of students, focussed on getting more young people involved in the Cloud Native world. These platforms are utilised by conducting hands-on workshops, events, podcasts, and sharing about opportunities in the field. The talk is going to be focussed around what defines a community, and figuring out what are the community's shared struggles. It’s also important to know what is the mission of your community and what members look to get out of it. Communication is key and we’ll also talk about how to future proof your community. Regarding diversity and inclusion, it’s important to know who might be excluded from accessing your community activities in their current form. We’ll also discuss about what are some of the negative scenarios which might happen while running activities for your community which will make them less inclusive to marginalised groups. Following up with designing for your community's needs, and last but not least, having a Code of Conduct. Attendees will learn about: How to start a new community and make it inclusive from the beginning. How to scale communities to under-representative groups How to deal with conflicts and take care of your audience’s needs.
Speaker Bio
Laszlo is the founder of https://gimlet.io, a 100% open-source gitops based developer platform. Prior to that, Laszlo spent 5 years consulting, and building dev platforms on Kubernetes for mid-sized SaaS businesses of the Nordics region.
Talks
The delta between Kubernetes and a developer friendly PaaS is where the next layer of value is being created today. Many products are racing to fill the void that is called Kubernetes developer experience. This is also the place where things get opinionated, a requirement for reliable end to end workflows. In this talk you will learn about Gimlet.io's approach on how Kubernetes UIs can be quick to use, and safe at the same time. In this talk you will see how you can create a developer platform - with the usual components Cert-Manager, Nginx Ingress etc - and deploy on it with only clicking on a dashboard. You will also see that behind the curtains, all Gimlet does is writing yamls into a git repository. ClickOps.. over GitOps.
Speaker Bio
Lian always wanted to save the world After a failed attempt at becoming a lawyer, she decided to do something with computers instead. Working as a Fullstack Software Engineer, she got into attending tech events and giving talks on Machine Learning. During this time, she fell in love with the tech community and discovered her passion for building community and providing a safe and productive environment for all, which led to her co-organising the community conference ServerlessDays Amsterdam. Currently, Lian lives in Amsterdam and works as Developer Advocate at Loft Labs, trying to make developing on Kubernetes easy and fun.
Talks
Secrets. Security best-practices mandate that they stay away from the code—or else! And that’s what we did for a long time. But as CI/CD practices evolved, for a myriad of reasons, we now want to ship the code, the environment, and the secrets, all in one lump. So, we can’t hide the secrets anymore… unless? Tools like HashiCorp Vault attempt to address this by managing secrets outside the delivery chain. Great! But you can’t use those inside local dev environments, so… When that’s precisely what you need to do, then what? In this talk, Lian will show the audience how to manage secrets the GitOps way, so you can maintain security best-practices while also being able to use them in your local environment for development. Sound like magic? That’s because it is. After this talk, the audience will be able to understand secret management solutions that work seamlessly in a variety of environments.
GitOps for the people
MoneyBank Inc. is a fintech enterprise that recently made the jump to K8s and GitOps to cope with the shift of demands from cranking out features towards stability and scalability. Yet, even with a fully automated CICD and shiny new microservices, features still take weeks to be released. As teams keep waiting on each other, frustrations, resentment, and mistrust grow. MoneyBank’s situation is typical for organizations with enterprise processes and startup mindsets. When faced with problems, the urge is often to move fast and automate them away. However, the cultural and regulatory structures to support these changes are not in the scope of said automation. One more piece is missing to address the needs of non-technical stakeholders within the ever-changing CICD landscape. In this talk, we will attempt to automate the non-automatable with ReleaseOps: GitOps for the people.
Speaker Bio
Liz Rice is Chief Open Source Officer with eBPF specialists Isovalent, creators of the Cilium project. She was chair of the CNCF's Technical Oversight Committee 2019-2022, and Co-Chair of KubeCon + CloudNativeCon in 2018. She is also the author of Container Security, published by O'Reilly. She has a wealth of software development, team, and product management experience from working on network protocols and distributed systems, and in digital technology sectors such as VOD, music, and VoIP. When not writing code, or talking about it, Liz loves riding bikes in places with better weather than her native London, competing in virtual races on Zwift, and making music under the pseudonym Insider Nine.
Talks
eBPF allows us to build custom programs that run directly within the kernel. This talk explores how eBPF enables observability, security and connectivity tools that no longer need to rely on the sidecar model, and shows how Cilium now supports both sidecar-based and sidecarless Service Mesh. Along the way this talk will clarify some container and kernel concepts so that attendees can leave with a mental model for the pros and cons of sidecar-based or sidecarless approaches.
Fireside Chat: Open Source and the Global Security Response
Host: Amanda Brock, CEO, OpenUK Andrew Martin, Control Plane Founder and CEO and OpenUK CISO Liz Rice, Chief Open Source Officer, Isovalent and OpenUK Director Thomas Meadows, Solutions Engineer, Jetstack
Speaker Bio
Mahé Tardy is a Security R&D Engineer at Quarkslab specializing in Kubernetes and container security. More generally he’s enjoying Linux, programming languages, security and might be a beer geek. He’s contributing to Kubernetes, especially in the security sub-group.
Talks
During this session, Mahé will demonstrate a simple scenario of a multi-tenant attack in a Kubernetes cluster. He will explain the risks, see how to prevent this kind of attack and show how kdigger can speed up the discovery process of the environment. kdigger, short for "Kubernetes digger", is a context discovery and container assessment tool for Kubernetes penetration testing. This tool is a compilation of various plugins to facilitate pentesting Kubernetes from inside a pod. On top of discovering a new tool, this presentation will give you an idea of how pentesters generally try to pivot in typical Kubernetes clusters.
Speaker Bio
Marcus is a platform engineer at Giant Swarm, a company dedicated to offering managed Kubernetes solutions. His main area of focus in recent years has been around Go, Kubernetes, containers and DevOps but originally started out as a web developer and JavaScript enthusiast. A self-described “tinkerer”, when not building Kubernetes solutions, Marcus likes to dabble with 3D printing and experimenting with smart home tech.
Talks
Since introduced in Kubernetes v1.9, webhooks have been a key feature, making up one of the cornerstones of Kubernetes extensibility. When used right, they can allow operators to have much more control over their clusters and with tooling like Kyverno and Gatekeeper it’s easier than ever to leverage their full power. But, when misused, things can get very, very messy. So how do we ensure our webhooks are full of wonders and not woes? By taking a look at the history of webhooks in Kubernetes, the driving force behind their adoption and through several horror stories of webhooks gone wrong, we can develop a set of best practices and guidelines to follow to ensure our webhooks stay full of wonder without the woes.
What DragonBall can teach us about being engineers
The world of DragonBall has many teachings that we can apply to our life as developers, SREs and DevOps engineers. In this fun and fast-paced talk we'll learn how the Z Warriors were ahead of their time and how they fully embrace the engineer mindset.
Speaker Bio
Marino leads the Developer Relations and Advocacy team at Solo.io. He is passionate about technology and modern distributed systems. He will always fall back to the patterns of Networking and the ways of the OSI. Community building is his driving force; A modern Jedi Academy.
Talks
I sit here and reflect back to 2008 when my supervisor suggested I look into the CCNA and Network+. My world changed from plugging a cable into a switch to setting up BGP peers, to configuring Load Balancers for High Availability. Network Engineering has evolved and from my eyes, has been entirely reimagined, retaining the foundations of networking. As I've slowly pivoted to the world of Cloud Native technologies and DevOps, a lot of my previous Network Engineering skills have translated to today's approach to microservices architecture. FOLLOW THE PACKETS I SAY! What does Networking mean for consumers of Kubernetes and Containers? What does K8S and containers mean Network Engineers? What does that transformation for a Network Engineer look like? In this restrospective talk, I share my journey of Network Engineering from the late 2000s to one in 2022 surrounded by the world distributed systems, observability, the deeper need for security/identity and what our traffic tells us. My hope is to inspire others to transform their network engineering career.
Speaker Bio
Martin works on the Open Technology team at IBM focusing on open source software. He is a regular contributor to open source and a core maintainer for Helm. He has also contributed previously to the OpenStack and Elastic communities. Martin enjoys speaking at conferences and meet-ups. He has many years’ experience in the creation of enterprise software for different industries, from Telcos to Cloud.
Talks
How many times have you heard the phrase "chop wood and carry water"? What about "look at the good first issues" or "triage the issues queue"? Or even "go out there and make yourself known to the community"? Open Source project members throw around these phrases as if they are the panacea to becoming a contributor, then a committer, and finally a maintainer. However, it is not that easy. These phrases can only help if you know what they mean! Demystifying this path to leadership in Open Source is imperative to the industry because we can’t grow on a path to continuous learning if we aren’t welcoming the next generation of contributors to our projects with clear and inclusive language. So here are some better questions to ask yourself when approaching a new Open Source project: What can I do if the first issues queue doesn’t contain any issues to work on? How do I introduce myself to the community? What if I can't find anything on the issue queue that makes sense? What contributions are needed most by this community? How do I climb the community role ladder toward leadership? People need guidance and support when climbing the mountain from the valley of becoming a new contributor to the zenith of maintainership. It is not always just as simple as following the community contributor guidelines. In this presentation I cover tips and trick on how to conquer that journey. Through practical examples of how I became a Helm maintainer, I hope that more people will realize it is within their grasp to become maintainers in Open Source projects. And the reality is that these projects NEED you too.
Speaker Bio
Matei is a London based software engineer at Buoyant and an avid open source contributor. One of the maintainers of the Linkerd project, CNCF's graduated service mesh, Matei is passionate about networking (not just the social type!) and systems engineering. He got involved in the cloud native space early on in his career through CNCF's Community Bridge program by contributing topology-aware service routing for Linkerd. Since then, Matei joined the Buoyant team permanently and now works on all things service mesh related. Outside of work, Matei likes to unwind with a good book, a board game session or an evening stroll on his longboard. You can often find him helping out community members on the Linkerd Slack.
Talks
Inspired by some of the research done by the Linkerd team and by suggestions from the Linkerd community, Linkerd maintainer Matei David will present a few ways of ensuring that when deploying jobs, sidecar containers terminate successfully when the main container finishes. Since the early days of Kubernetes, the sidecar container design pattern represents an easy and intuitive way to enhance the main container in a pod. The pattern has seen increased usage and adoption in production environments and serves a variety of platform-agnostic use cases such as collecting metrics and proxying traffic. Sidecar containers work well with most Kubernetes primitives, such as deployments, but they fall short when used in job objects. For service meshes or metric collectors, sidecars need to run continuously, blocking jobs from completing even after the main container has finished its work.
Speaker Bio
Matt is a software engineer at Tetrate, where he loves sharing what he's learning with the whole community. He helps people understand Istio, Envoy, and other open source projects, as well as Tetrate's solutions for enterprise service mesh management. He's been doing Dev, sometimes with added Ops, for nearly two decades; his idea of "full-stack" is Linux, Kubernetes, and now Istio too. He likes Rust, hot dogs, and terraforming unexpected things. He tweets @mt165 and blogs at https://mt165.co.uk
Talks
Up until now, Ingress routes into K8s clusters have been defined by the Ingress kind, or by vendor-specific CRDs. Neither of these were satisfactory, so a new set of built-in k8s APIs was developed - the Gateway API. In this talk, Matt will cover the motivation for a new API, its design, and show some examples of its use. He'll then also cover implimentations of it today and in the future, and talk about the exciting merging of several of the existing ingress controllers into one new de facto standard - Envoy Gateway.
Speaker Bio
A community first technologist for Kasten by Veeam Software. Based in the UK with over 16 years of industry experience with a key focus on technologies such as cloud-native, automation & data management. His role at Kasten is to act as a technical thought leader, community champion and project owner to engage with the community to enable influencers and customers to overcome the challenges of Cloud-Native Data Management and be successful, speaking at events sharing the technical vision and corporate strategy whilst providing ongoing feedback from the field into product management to shape the future success.
Talks
The ability to deploy code and version code has been a de facto requirement and a reason we have CI/CD pipelines for our application development, but with Kubernetes in particular we are seeing a closer tie between code and data. In particular, code being deployed can affect and change your data, for that reason, we need to consider protecting that data as part of our Continuous Development pipelines, In this session, we will focus on how we can incorporate backup actions into your pipeline to ensure that any code changes will start by creating a restore point be it a snapshot or an export to another external repository. We will then as part of a demo incorporate a failure scenario into the environment pipeline to simulate how a configmap can manipulate data to cause data loss. Then we need a way to bring the data back!
Speaker Bio
Miles is an engineer at Monzo, where he has spent the last four years working on a super-powered Kubernetes-based internal developer platform that allows engineers to deploy over 100 times a day without worrying about where their code runs or how it communicates. He's keen to chat about Kubernetes, Envoy or Prometheus, and to see photos of your dog.
Talks
Monzo has been running a single self-hosted Kubernetes cluster per-environment for years, and we decided to migrate to a managed Kubernetes service. This talk is all about the challenges and perils of doing a high stakes, real world, zero downtime Kubernetes migration at scale 🤓 We’ll talk about the constraints and challenges, including: - the complexity, diversity and quantity of the systems running on the cluster - downtime having real human impact with someone potentially not being able to pay for food or make a rent payment - the sheer number of different services and teams to interact with which meant that we had to adopt an automated process that was fully transparent to other engineers We’ll dive into some of the technical details that allowed us to migrate within these constraints, and our plans for rearchitecting our platform to make future upgrades and migrations easier. Takeaways will include: - How Kubernetes makes infrastructure migrations more manageable - Actionable learnings about doing migrations at scale in general
Speaker Bio
Reformed systems engineer, former ambassador for the CDF and currently head of platform engineering for Intelligent Growth Solutions. Powered by OpenSource
Talks
A deep dive into how EBPF pairs with kubernetes to provide real time, low overhead tracing. This will focus on what ebpf is, how it fits into the kubernetes ecosystem and how tools like pixie can take tie it all together
Speaker Bio
My name is Paul, and I'm from Glasgow, Scotland. I'm an open source contributor, public speaker, trainer, and consultant by trade. I'm a member of the CD Foundation, PHP, PHP-FIG, and Jenkins projects/teams. In my career, I've held positions such as Director of Engineering, CTO, Principal Engineer/Architect, and so on. I've spent many years modernizing CI/CD pipelines and embedding continuous delivery processes and solutions into businesses. I enjoy sharing my experience in the space with the wider community by way of private training or conference speaking.
Talks
It’s the year 2022, an exciting time for the tech industry. Globally, software organizations and internet companies are delivering more and more software, at a rate and scale that we’ve never faced before. This unprecedented demand has created new challenges for us all, which have been hurting our organizations when creating continuous delivery solutions. The great thing about these new challenges is that they’ve sparked new and amazing innovations in the CI/CD industry. In this Paul Dragoonis talks about the following: New innovations in the CI/CD, Cloud Native, and open source communities are being developed. Where these innovations are taking the world of continuous delivery. What to expect, from the CD community, later this year, and into the future
Speaker Bio
I'm a software developer interested in building quality and maintainable software solutions. My interest areas are around Software Architecture and Offline First applications.
Talks
In modern organizations, event-driven architecture combined with FaaS has become more popular because they address some of the challenges of building distributed systems. As these organisations grow, they switch to Kubernetes to scale and manage more services. With the switch to Kubernetes, you want to provide a seamless experience for building and deploying services on Kubernetes. That begs the question, how do I build event-driven serverless applications in Kubernetes? This workshop will teach you how to build such applications with Kubernetes. You're going to develop an e-commerce serverless API. By the end of this course, you will have learned how to work with Knative and Cloud Events, manage the functions using a monorepo, and implement a continuous deployment pipeline.
Speaker Bio
From Engineer to Architect and back, Ric’s greying hair comes from his years of hard-won experience consulting in the Financial Services and Media sectors. Happy treading the conveyor belt of Cloud-Native technologies, trying to keep up and sharing his thoughts along the way. He is Head of Engineering at https://control-plane.io
Talks
Intangible “trust” is required to secure our systems: we need it to bootstrap infrastructure, secure the software supply chain, run workloads, and reassure our customers of their privacy. But how do we establish and secure this "trust" in a dynamic cloud-native system? The advent of hardware-based attestation and certificate authentication gives us new hope. But this brave new dawn has been just over the horizon for the last few years, and new technologies have emerged to champion the identification of our workloads. In this talk we: * Demystify the nebulous concept of Workload Identity * Define the importance of autonomous identity generation in a Zero Trust Architecture * Demonstrate practical examples of bootstrapping and using Workload Identity * Introduce existing and emerging technologies that enable you to anchor Workload Identity to a Hardware Root of Trust
Speaker Bio
Rowan has extensive experience auditing, accrediting, and developing Kubernetes and containerised systems for high compliance commercial and public sector organisations. He is an author of the GKE CIS Benchmark, contributor to the CNCF Financial Services User Group Kubernetes Threat Models, and is Head of Security at ControlPlane.
Talks
In large organizations, securing cloud infrastructure around Kubernetes is hard. Application developers, who’ve already had to learn Kubernetes, shouldn’t need to become IAC SMEs to operate their applications' backend cloud infrastructure. Alternatively, using infrastructure teams to service requests and centralize control doesn’t scale with an increasing number of users and use cases. In this talk, Rowan and Henry will demonstrate how infrastructure teams can use policy engines to secure an emerging model that uses Kubernetes hosted cloud controllers (Crossplane, ACK, config-connector) to provision infrastructure. This model enables application teams to self serve, whilst preventing the launch of insecure infrastructure. To ease adoption of the model, Rowan and Henry will open source policies and templates to enforce controls aligned with the CIS benchmarks and to simplify the developer experience by setting secure defaults and dynamically generating supporting cloud resources.
Speaker Bio
After working in penetration testing, high-security hosting, and satellite imagery for the past 10 years, Sebastien Blot joined CrowdSec as a Core Developer to focus on developing their open-source IPS. The tool is leveraging both IP behavior & reputation to build a community-fueled CTI accessible to all to tackle the global hacking issue
Talks
The [CrowdSec](https://github.com/crowdsecurity/crowdsec/) project aims at providing a crowdsourced approach to common infrastructure defense problems, by distributing free & open-source software allowing you to protect yourself and share information about malevolent actors. CrowdSec could be perceived as a modern form of Fail2ban, though for Cloud and container-based infrastructure as well and capable of taking way more advanced decisions a lot faster. Mainly, it’s using a decoupled and distributed approach (detect here, remedy there) and an inference engine that leverages leaky buckets, YAML & Grok patterns to identify aggressive behaviors. It acquires signals from various data sources like files, syslogd, journald, AWS Cloudwatch and Kinesis, Docker logs and Windows Event Log, normalizes them, enriches them to apply heuristics and triggers a bouncer to deal with the threat, if need be. Since it’s written in Go, it’s compatible with almost any environment, fast in execution and ressource conservative. The endgame is the Reputation engine though. If you want to partake in the network to benefit from its findings, CrowdSec captures all aggression signals (timestamp, IP, behavior) and sends them for curation. That way, it establishes a reliable IP blacklist that is constantly redistributed to the network members, in order to achieve a form of Digital Herd Immunity. An IP caught aggressing WordPress sites will quickly be banned by all members using CrowdSec that subscribed to the WordPress defense collection. In that way, we share the IPs that are relevant to your technical context. While Crowdsec is in charge of the detection, the reaction is performed by "bouncers" that aim to be deployable at any level of the applicative / infrastructure stack : * via nftables/iptables/pf based on an IP set * via Nginx lua plugin * via Traefik middleware * on Cloudflare via our bouncer that integrates with Cloudflare API * Or GCP/AWS/Azure firewall, slack or scripting, notifications, etc. .. or in many other ways. Over time the possibilities will increase as the application design basically supports anything. This approach, combined with a declarative configuration and a stateless behavior, will make it an ideal candidate to enhance the security of modern stacks (containers, kubernetes, serverless and more generally automatically deployed infrastructures). Furthermore, we intend to create and share the most accurate database of malevolent actors as possible, under the form of a real-time IP reputation system, accessible through API. Whenever an attack is locally blocked/detected by Crowdsec, the "meta" information of the attack is shared amongst participants (source ip, date and triggered scenario) for redistribution to network members. We are committed to building a strong community, with all that it implies : * [a public hub](https://hub.crowdsec.net) to find, share and amend parsers, scenarios and blockers * permissive open-source license to stay business friendly * and overall a strong commitment to transparency and community-first mentality, by tooling and behavior The microservice architecture is the most significant security challenge in a Kubernetes cluster. Every application you deploy opens a new potential entry for attackers, increasing the attack surface. In this talk, we'll present the Crowdsec project and see how we can protect a kubernetes cluster using Crowdsec and the power of the Crowd.
Speaker Bio
Simon has been working as a software engineer since 2006, in which time he's done work for the likes of Gitpod, DPD, Specsavers, British Pathé, the NHS, the Red Cross and others. He's used pretty much all of the major languages over the years and since 2017 has been focused on building DevOps solutions and Cloud-native applications that help engineers to work faster and more productively. Since 2021, he has been working with Gitpod to improve the self-hosted experience, which is relied upon by companies with specific security and compliance requirements. When not behind a computer he's a keen gardener, beekeeper and makes his own sausages.
Talks
Helm is a truly excellent ecosystem and is rightly valued by the world over for giving full customisation of deployments. For open-source projects with a finite number of support engineers, full customisation is not always something that is desirable. Sometimes, you need to provide opinionated guide rails for people in order to provide effective support for your product. This session will focus on the reasons why Gitpod has deprecated its Helm charts and switched to a custom-built Installer. Simon will explore some of the benefits and pitfalls experienced and how the community reacted to such a seismic change. He will also answer the question - "would he do it again?"
Speaker Bio
Suhail is a Staff Engineer at Monzo focused on building the Core Platform. His role involves building and maintaining Monzo's infrastructure which spans over two thousand microservices and leverages key infrastructure components like Kubernetes, Cassandra, Etcd and more. He focuses specifically in investigating deviant behaviour and ensuring services continue to work reliably in the face of a constantly shifting environment in the cloud.
Talks
Monzo has been running a single self-hosted Kubernetes cluster per-environment for years, and we decided to migrate to a managed Kubernetes service. This talk is all about the challenges and perils of doing a high stakes, real world, zero downtime Kubernetes migration at scale 🤓 We’ll talk about the constraints and challenges, including: - the complexity, diversity and quantity of the systems running on the cluster - downtime having real human impact with someone potentially not being able to pay for food or make a rent payment - the sheer number of different services and teams to interact with which meant that we had to adopt an automated process that was fully transparent to other engineers We’ll dive into some of the technical details that allowed us to migrate within these constraints, and our plans for rearchitecting our platform to make future upgrades and migrations easier. Takeaways will include: - How Kubernetes makes infrastructure migrations more manageable - Actionable learnings about doing migrations at scale in general
Speaker Bio
Talks
Host: Amanda Brock, CEO, OpenUK Andrew Martin, Control Plane Founder and CEO and OpenUK CISO Liz Rice, Chief Open Source Officer, Isovalent and OpenUK Director Thomas Meadows, Solutions Engineer, Jetstack
Speaker Bio
Viktor Farcic is a Developer Advocate at Upbound, a member of the Google Developer Experts and Docker Captains groups, and a published author. His big passions are DevOps, Containers, Kubernetes, Microservices, Continuous Integration, Delivery and Deployment (CI/CD) and Test-Driven Development (TDD). He often speaks at community gatherings and conferences. He published The DevOps Toolkit Series (https://www.devopstoolkitseries.com/), DevOps Paradox (https://amzn.to/2myrYYA) and Test-Driven Java Development (http://www.amazon.com/Test-Driven-Java-Development-Viktor-Farcic-ebook/dp/B00YSIM3SC), as well as courses in Udemy (https://www.udemy.com/user/viktor-farcic/). His random thoughts and tutorials can be found in his blog TechnologyConversations.com. He is the host of the DevOps Toolkit (https://youtube.com/c/devopstoolkit) YouTube channel and a co-host of DevOps Paradox (https://www.devopsparadox.com/) podcast.
Talks
You are likely already using GitOps for your applications, but not for everything else. You are likely not using Argo CD, Flux, Rancher Fleet, or similar tools to manage the state of your infrastructure and services. Why is that? If GitOps is a great solution for apps, isn't it safe to assume that it would be equally beneficial for anything else? What is missing? The problem is that most of the commonly used GitOps tools are managing Kubernetes resources which, traditionally, do not deal with infrastructure and Cloud services. That's what we need to change. We need to expand Kubernetes with custom resources that can manage anything, no matter whether that's AWS, Azure, Google Cloud, GitHub, Elastic, DataDog, or any other Cloud service. If we do that, we might convert Kubernetes API into a universal API. We might convert the Kubernetes control plane into a universal control plane. If we do that, we will get end-to-end GitOps through which everything is always in sync and where all we have to do is push changes to Git repositories. All we need to make that happen is Crossplane (an open-source project donated to CNCF), combined with Argo CD, Flux, or Rancher Fleet. Let's see it in action.
Sponsors
If you’d like to support this conference, you can find details on our sponsorship opportunities page.
Location
Conference Venue
Edinburgh International Conference Centre,
The Exchange,
150 Morrison St,
Edinburgh,
EH3 8EE,
Scotland
Hotel
We have secured some reduced rate at the Hampton by Hilton for KubeHuddle attendees.
When selecting your room, use the group code: CHHGKH.
Hampton by Hilton Edinburgh West End
166 Fountainbridge,
Edinburgh,
EH3 9RX
Scotland
About
Our Values
KubeHuddle is a community run conference and we want to ensure that everything we do and say is transparent and made publicly available.
- Our task list and what we’re planning is all public on GitHub
- Our sponsorship details are all public
- All titles submitted as potential sessions at KubeHuddle are public on Sessionize
- This website is open source
- Currently KubeHuddle is being run through my (@rawkode) company, but after the first event we’ll migrate this to a non-profit. All financial transactions for KubeHuddle will be made public as soon as I find a nice way to handle that.