9:00 - 10:00 Registration & Coffee
10:00 - 10:15 Welcome and Opening Remarks (Christian Frank)
Kubernetes makes it easy to run cloud native applications in a resilient way. But what if something fails? How to find out what caused a CrashLoopBackOff error? What can be done about a service that is not reachable? How to debug a stateful application? We’ll discuss these questions and many more and along the way cover tooling, ranging from debugging to tracing to chaos engineering.
Michael is a Developer Advocate for Kubernetes and a CNCF ambassador. His background is in large-scale data processing and container orchestration and he's experienced in advocacy and standardization at W3C and IETF. Before Red Hat, Michael worked at Mesosphere, MapR and in two research institutions in Ireland and Austria. He contributes to open source software, speaks at conferences and user groups, and shares good practices around cloud native topics via blog posts and books.
The presentation focuses on the challenges of implementing consistent access policies across multiple Kubernetes clusters in a typical enterprise environment. Starting with an introduction to the basic concepts of Kubernetes RBAC and having highlighted the limitations of file-based policy management at scale, it will present the concept of central authentication and policy management provided by the open source Kubernetes management platform Rancher.
Role-based access control (RBAC) is the central mechanism in Kubernetes that provides administrators with control over the operations each user or group can perform in the cluster based on their role in an organization. Ensuring that RBAC is properly configured is therefore critical to securing Kubernetes clusters in production. While maintaining RBAC policies manually is feasible for a single cluster with just a handful of users it becomes a maintenance nightmare at scale where organizational policies must consistently be applied and updated across multiple clusters and groups of users. As the number of users and clusters grows, manual RBAC management is susceptible to misconfiguration and inconsistency, leaving clusters vulnerable to unauthorized access or privilege escalation.
The presentation starts by walking the audience through the basic concepts of Kubernetes RBAC. Using the example of some common use cases we then discuss the drawbacks of manually managing RBAC (which usually involves trying to keep clusters in sync with YAML definitions maintained under source control). Finally, using the example of Rancher, we will demonstrate how to escape the hell of YAML sprawl by employing a concept of central role management that provides automated, consistent propagation of policies across multiple clusters. We conclude the presentation by showing how to facilitate the on-/offboarding of users in Kubernetes by tieing in RBAC into an external identity provider and relying on externally managed groups to associate users with roles.
Jan Bruder is a DevOps engineer at Rancher Labs Inc. and located in Berlin. Over the past two years he has been assisting SME and large enterprise organisations in the architecture and implementation of scalable, highly available container environments based on Rancher and Kubernetes. Having a developer background he enjoys building tools and infrastructure services in Go and has contributed to several open source projects in the cloud native landscape.
Dieter will explore how container exploits such as crypto mining can be detected and prevented with a Kubernetes security mesh. Security and DevOps teams have to protect application containers and Kubernetes system services from attacks. This session includes the attack surface for container deployments, sample attacks and container exploit prevention.
Docker Captain, Kubernetes Security Expert and Chief Solutions Architect at NeuVector.
Apache Kafka® is used for building real-time data pipelines and streaming apps. It is horizontally scalable, fault-tolerant, and can be used for Stream Processing, as a Storage or Messaging System and more.
Running and operating Stateful apps on Kubernetes is not easy, at least if you’re going to deal with replication and have to take care of syncing and re-balancing your streaming data on different nodes and / or different clusters in different regions.
Kubernetes is about Resiliency and Scale, Kafka too! Kafka is Stateful, Kubernetes' support for Statefulsets has reached a mature state! There are many reasons why one should run Kafka on K8s. But that's not easy!
In this talk we provide a short introduction to Apache Kafka and walk you through the steps to deploy Apache Kafka with Kafka Confluent Platform Helm Charts and Strimzi Kafka Operator on Rancher Kubernetes Engine, Microsoft's AKS and OpenShift and let you decide which option is the right choice for your use case and budget!
Apache Kafka on Kubernetes, a match made in heaven, but it's not easy!
As a Computer Scientist, Anatolys goal is to bring theoretical computer science and practical software engineering together. Standing on the shoulders on giants he combines novel technology with rock-solid and battle-tested approaches to create new and powerful systems. Given his broad Computer Science and development background, Anatoly consults large enterprises and middle-sized businesses how to architecture applications in an always-changing environment.
Arash works on different Kubernetes Upstream, OpenShift and Rancher projects on AWS, Azure and OpenStack in parallel. He is the founder of Clouds Sky and Kubernauts, one of the organizers of KubeCologne Conference. He loves to learn in communities and share the knowledge learned.
There are many great Kubernetes distributions and installers, some of them are enterprise grade like Kops, OpenShift (OCP, OCE or OKD), Rancher RKE or fully managed like AKS, EKS, GKE, etc., others are more for fun and rapid deployment for on-prem or public cloud environments. But what if you want to build your own installer and create your own "tailored" distro? With the rise of Kubeadm and Kubespray, many distros and installers have been developed in the wild to use them to build custom installers, one of them is TK8.
In this session the main developers of TK8 provide a deep look behind the scenes of TK8 and TK8 Web and how you can build your own installer with a clean REST Interface and use it in your organization to provide KaaS and build your own Service Catalog and add-ons.
Christopher works as a SRE Engineer and Kubernetes Administrator on large Scale Cloud-Native projects. He is a Certified Kubernetes Administrator and Application Developer and started to build TK8 in early 2018 as a side project by Clouds Sky. Christopher is an Open Source Advocate and Golang lover.
Manuel works as a developer advocate and AWS Engineer on large scale Kubernetes projects. He is the CTO of Kubernauts and is the main developer of TK8 Web in his spare time. Prior joining Kubernauts he worked as a Java Enterprise developer for more than 10 years.
We use Prometheus as a perfect time-series data tool. For the IOT domain wind farm we need more infrastructure around the metric components. The IOT data stream requires an MQTT message broker to asynchronously aggregate the real-time data. To enable multi-tenancy, we chose Open ID Connect for authentication. This led us to a complex microservice application design to consume the data. To manage all these components flexibly and scalably, we orchestrate the containers with Kubernetes.
To enable edge processing, we use Docker CE on distributed industrial ARM servers in wind turbines. Together with our customers, we have developed helpful real-time dashboards with Grafana. In this talk I will discuss the adventure of this IOT use case and how we implemented it.
Burkhard Noltensmeier (avowed since 1993 Linux Evangelist) founded after studying computer science at the University of Hagen 1994 teuto.net Network Services GmbH in Bielefeld. Since early 2013, he and his team are involved in the development of OpenStack and official corporate sponsor of the OpenStack Foundation. Since 2014 he operates under the name teutoStack successful one of the first German public cloud solutions. As part of growing customer demands he has worked since mid-2015 with his team at the integration of a Kubernetes cluster, which runs on the teutoStack platform.
Application Optimization on Kubernetes on the example of a Spring Boot Microservice Deploying Microservices on Kubernetes is not as easy as 1-2-3. Many of them suffer from frequent OutOfMemory kills and long startup times. In particular, Java applications with their resource-hungry JVM need special attention. In this session we'll analyse the CPU and memory resource consumption of a Spring Boot microservice during startup and runtime. Then we'll show how to tweak resource requests and limits to tune startup and prevent OOM kills. We'll also take a look at the details of readiness and liveness probes and how they belong together. And last but not least the curious among you will get an explanation of the misterious 137 exit code ;)
Stephan is a Software Architect and Java Enterprise Developer working on large scale Kubernetes projects as a Site Reliability Engineer and CEO at Clouds Sky GmbH. He is currently responsible for migrating stateful monoliths to the new world of micorservices on large scale Kubernetes implementations on AWS.
Knative is a developer friendly project build on top of kubernetes and istio that allows developers to deploy code directly to the cluster and run it even with zero replicas scaling on demand. This presentation will discuss and demonstrate the features of Knative.
Randy is a Google Developer Expert for Cloud and also Organizer of the GDG Düsseldorf. With a professional experience of more 20 years in software development he is focused today on building microservices applications on top of kubernetes.
Discover how can you get instantaneous visibility in your microservices, tame the complexity of modern sprawling cloud-native applications and show your peers that you know the latest and coolest kid on the block: service meshes. We will deploy a service mesh in a cloud cluster and start using it right away with impressive tricks like circuit breakers, traffic shaping, A/B and canary testing; all with breathtaking dashboarding showing live traffic in and out of your cluster.
Alessandro has been around Open Source for as long as he can remember, and he started cultivating the DevOps community in Amsterdam when it was not an hype. After many transitions, he now settled as Technical Evangelist for Microsoft, pushing for adoption of state of the art DevOps practises and culture across different industries and communities.
Deploying Kubernetes is easy. It's 2019 and we have plenty of options to get clusters up and running. If Kubernetes as a Service is not an option, tools like kops promise fully automatic, high available deployments.
More often than not the hardest part of operating clusters are the environments and the context they live in. This talk will cover the special requirements of the chinese AWS region and the challenges we had to face in day-to-day business.
Timo likes to keep his head in the clouds while working with technologies like Kubernetes, Docker and AWS. To keep his feet on the ground he joined a bunch of great colleagues at inovex in 2017. Together with other cloud platform engineers we're working on exciting projects and enabling big enterprises to be agile and understand some crucial DevOps ideas.
Kubernetes is the defacto standard for container solutions, firms like VMWare1 or IBM2 are currently acquiring companies or startups that are trying to develop their business around Kubernetes.
But Kubernetes is not only modern and cool, it is also a component, that must be secured to prevent attacks and unauthorized access. Companies like Tesla learned on a hard way, that sometimes this will fail.3
More security does not mean to make Kubernetes completely secure, therefore I think many time must be spend in the Security. But tools like HashiCorp Vault can help here to secure some parts of Kubernetes.
With few steps for example you are able to secure your Kubernetes access with Vaults PKI mountpoint. Then you generate short living certificates to access your cluster, in case of an attack on your computer the user gets only a certificate that has expired and gives him no more access to Kubernetes.
Another feature is to secure the generation of certificates for the nodes by HashiCorp Vault. Therefore, HashiCorp Vault brings a secure authentication endpoint for the main Cloud Providers like AWS, Azure etc. Now new starting instances can generate their own certificates and in case on an attack to a node the certificates can be revoked.
But also, if you have secrets that should be accessible by applications running as containers in a Kubernetes cluster you maybe want to have a secure way to store and access them. HashiCorp Vault here can also help with secure ServiceAccount-based authentication and custom opensource tools like Vault-CRD.4
Björn is part of a DevOps team at Schenker AG and responsible for the development and maintenance of some Kubernetes clusters. Since 2 years we are migrating applications from some of our own datacenters into the AWS cloud. And 90% of them are migrated also to Kubernetes.
Björn is writing a small blog5 about his experience with Kubernetes and DevOps.
SUSE Cloud Application Platform (CAP) provides developers with a rapid application deployment workflow by bringing the Cloud Foundry developer experience to Kubernetes. This talk gives an overview of how SUSE has created a Kubernetes-native Cloud Foundry distribution for increased developer productivity and will provide a demonstration of CAP running on AWS. The talk concludes with a glimpse at the work we are doing in the CF Containerization and Eirini upstream projects for CAP 2.0.
Mario works as software specialist in the cloud and systems management department at SUSE Linux. After visiting the Pivotal
Dojo he first joined the European BOSH team and is now working in the Cloudfoundry containerization team to create a Kubernetes controller for managing Cloudfoundry.
In his free time Mario contributes to open source projects, like the conference management software frab and the video portal voctoweb.
With the release of AWS Lambda in 2014, serverless gain more and more popularity in the last five years. Many services, tools and frameworks were developed during this time. In this session we will take a look to three different approaches, how we can achieve a serverless experience in our kubernetes cluster. For the different approaches we will use Kubeless, Knative and Virtual Kubelet.
Kubeless is a FaaS Framework built for Kubernetes with large support for different languages.
Knative is a container-based serverless platform, which has become extremely popular within a very short time.
Virtual Kubelet is a Kubernetes kubelet implementation, which can extend your cluster with serverless container platforms resources like ACI or Fargate.
Theo Pack is cloud architect and software engineer. He is interested in cloud technologies, serverless solutions, distributed systems and building robust systems. He has been working for Cologne Intelligence for almost ten years now.
UxxU K8s Studio is a new IDE for Kubernetes. It provides a complete workspace with a rich tool set to administrate Kubernetes clusters. We use the power of data visualisation to give the user a 360 degrees view of the system and an interactive workbench to easily create and manage deployments.
Guillermo Quiros founded UxxU.io in November 2018. He is a Software engineer, a solution architect, an expert in data visualisation and a DevOps wannabe! He created Kubernetes Studio after his experience and frustrations implementing Kubernetes the hard way on his bare metal setup. Guillermo loves creating, inventing, pushing the limits of technology, collaborating with like minded people to achieve epic goals and overall having fun doing all this!
A lot of developers deploy their apps on a Kubernetes Cluster that is „managed by someone else“™ like Google, Amazon, Microsoft or the ops department. This also means someone else is responsible for securing the cluster, right? Wrong! Well, at least that‘s not the whole truth. There are plenty of security options available when using K8s: RBAC, securityContexts, Network Policies, PodSecurityPolicies, Kernel Security Modules, Services Meshes, etc.
But which ones are relevant for developers? And which are the most important ones?
In this talk, I will describe my personal K8s security best practice established throughout the last years while developing applications on Kubernetes clusters. It contains security options that can be applied with reasonable effort in our everyday lives as software developers and shows the effects of these options on our application’s security.
Johannes is passionate about continuous delivery, open source & software quality. He is thrilled by everything cloud-native and its vibrant community. He works as software developer and trainer for Cloudogu where he is part of the DevOps team that maintains the Cloudogu EcoSystem.
17:00 – 17:45 Panel discussion: "The road ahead"
17:45 - 18:00 Closing Remarks, Christian Frank