Seattle, WA
December 10–13, 2018
Click Here for More Information & Registration
View Venue Map

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Customizing & Extending Kubernetes [clear filter]
Tuesday, December 11


Towards a Vendor Neutral Kubernetes - Andrew Kim, DigitalOcean
With over 50 Kubernetes Certified Platforms and Distributions, building Kubernetes with an open cloud philosophy has never been more important. This comes with a large set of technical and organizational challenges, from supporting the diverse range of features on the cloud (e.g. persistent volumes, load balancers, etc) to sustainably adding new providers into the ecosystem.

In this session, Andrew, co-chair of SIG Cloud Provider, dives deep into what the community has been doing to move towards a vendor-neutral model with sustainability and portability as a top priority. He will discuss the migration of vendor-specific code out of Kubernetes core, architectural considerations of pluggable cloud provider features, the organizational challenges along the way, and the roadmap ahead.

avatar for Andrew Sy Kim

Andrew Sy Kim

Software Engineer, DigitalOcean
Andrew is a Software Engineer at DigitalOcean and an active member of the Kubernetes community. He is one of the co-chairs of SIG Cloud Provider where he is currently working to extend and customize Kubernetes with a focus on multi-cloud portability and vendor neutrality. At DigitalOcean... Read More →

Tuesday December 11, 2018 10:50am - 11:25am
Ballroom 6A


The Future of Your CRDs – Evolving an API - Stefan Schimanski, Red Hat & Mehdy Bohlool, Google
CustomResourceDefinitions (CRDs) are a cornerstone of many extensions built on-top of Kubernetes. They allow to define custom API objects and the API server will handle their life-cycle.

Most APIs start with one version, but sooner or later need to evolve while keeping compatibility with current clients/users. Kubernetes standard types do that through versioning and conversion between versions. This talk covers the corresponding evolution path for CRD based APIs.

The talk will cover:
- Why Kubernetes has multiple versions
- New feature: CRD Versioning with Conversion
- Round-Tripability Concept
- How to update schemaless API objects to schemaful
- Pruning and how to enable it
- Defaulting
- How to plan for Master Rollbacks when writing a CRD
- Storage version and storage migration
- Failure modes
- Monitoring and managing a cluster with multi-versions
- Kube builder support and Demo

avatar for Mehdy Bohlool

Mehdy Bohlool

Software Engineer, Google
Mehdy is a Software Engineer at Google and a member of kubernetes API Machinery team. His earliest contribution is OpenAPI 2.0 support, upgraded from swagger 1.2. He is one of the contributors to CustomResourceDefinition focusing on versioning and conversion of custom resources... Read More →
avatar for Stefan Schimanski

Stefan Schimanski

Senior Software Engineer, Red Hat
Stefan is a Principal Software Developer at Red Hat working on Kubernetes and OpenShift, with a focus on API machinery, extension points and developer tools as part of Sig API Machinery. He is one of the top-3 reviewers in the project (number of reviews). Stefan is a 2nd time GoogleSummer... Read More →

Tuesday December 11, 2018 11:40am - 12:15pm
Ballroom 6A


Using a Managed Kubernetes Service in the Enterprise - Sujit D'Mello & Daniel Selman, Microsoft
All the major cloud providers have managed Kubernetes services such as GKE (Google Cloud Platform), EKS (Amazon Web Services) and AKS (Microsoft Azure). These managed services aim to provide you a Kubernetes environment which is mostly managed by the cloud vendor.

Unfortunately, these services do not give you much access to the underlying Kubernetes cluster resources. You are limited to using the kubectl command. While convenient, Enterprises often have demanding functional and operational requirements to meet compliance or corporate standard needs. Some of these are:

- Custom logging and monitoring
- Anti-malware
- Specific networking and zoning
- Custom CA certificates and cipher suites
- Custom host files
- Externalizing configuration
- Etc.

We will show you how you can meet these Enterprise requirements with creative use of Kubernetes constructs and container initialization!

avatar for Sujit D'Mello

Sujit D'Mello

Principal Consultant, Microsoft
Sujit D'Mello is a Principal Consultant with Microsoft where he helps large Enterprises take advantage of the cloud. With over 25 years of experience, he focusses on Cloud Architecture, application development and security and compliance. He has spoken in many internal conferences... Read More →
avatar for Daniel Selman

Daniel Selman

Kubernetes Consultant, Microsoft
Daniel Selman is a Kubernetes consultant with Microsoft where he helps Enterprises adopt Kubernetes services in the cloud. He focuses on Security and Infrastructure needs and has a passion for developing unique enterprise solutions using native Kubernetes Constructs. Daniel has spoken... Read More →

Tuesday December 11, 2018 1:45pm - 2:20pm
Ballroom 6A


Peloton - A Unified Scheduler for Web-scale Workloads on Mesos & Kubernetes - Min Cai & Nitin Bahadur, Uber
Efficient use of cluster resources is important for web-scale companies like Uber. Those companies require large-scale clusters for stateless, stateful and batch jobs. Today, web-scale companies have built custom schedulers on top of Mesos due to lack of viable open-source solutions. Kubernetes has gained lots of momentum in recent years but lacks the scale and efficiency needed by web-scale companies.

This talk introduces Peloton - A unified scheduler for mixed workloads that is horizontally scalable to 10K+ nodes and millions of containers. It has an extensible architecture and supports both Mesos and Kubernetes. Peloton manages compute resources more efficiently and guarantees hierarchical max-min fairness for different teams. It provides a seamless path for companies on Mesos to adopt Kubernetes. Peloton is also cloud agnostic and can be run on-prem or in any public Cloud.

avatar for Nitin Bahadur

Nitin Bahadur

Head Compute Cluster Infrastructure, Uber
Nitin Bahadur heads the Compute Cluster team at Uber where he is responsible for managing & scaling Uber’s compute infrastructure across various geographies. Uber’s goal is to have all kinds of workloads run on a common high-performing compute platform and Nitin’s team is working... Read More →
avatar for Min Cai

Min Cai

Sr. Staff Engineer, Uber
Min Cai is a Sr. Staff Engineer in Compute Platform team at Uber working on all-active datacenters, cluster management and micro-service deployment systems. He received his Ph.D. degree in Computer Science from Univ. of Southern California. Before joining Uber, he was a Sr. Staff... Read More →

Tuesday December 11, 2018 2:35pm - 3:10pm
Ballroom 6A


Building your own PostgreSQL-as-a-Service on Kubernetes. - Alexander Kukushkin, Zalando SE
How many DBAs does it take to manage 500+ PostgreSQL HA clusters? Very close to zero, if you run them on Kubernetes with the help of postgres-operator.

This talk is a story, how the team of Database Engineers at Zalando developed open-source components like Patroni and postgres-operator to run company-wide PostgreSQL-as-a-Service on Kubernetes. I will share how we automate all routine operations, providing developers with easy-to-use tools to create, manage and monitor their database, avoiding commercial solutions lock-in and saving costs. I will describe the benefits and pitfalls of running production databases on Kubernetes and, finally, show open-source tools we have built for application developers to deploy and manage PostgreSQL clusters by writing short manifests describing a few essential properties of the result.

avatar for Alexander Kukushkin

Alexander Kukushkin

Database Engineer, Zalando SE
His everyday duty at Zalando is creation and maintenance of hundreds PostgreSQL clusters in sizes from several megabytes up to several terabytes of data. Occasionally he is contributing to different open source projects. He is the major contributors to the Patroni project.

Tuesday December 11, 2018 3:40pm - 4:15pm
Ballroom 6A


Using a Kubernetes Operator to Manage Application Tenancy in a B2B SaaS App - Mike Arpaia, Kolide
Companies that create products for other companies or teams often have to reason about how to deal with the application-level tenancy of each team. The two ends of the spectrum are to either deploy one monolithic application that handles multi-tenant data isolation via application logic or to deploy and proxy to many instances of isolated single-tenant applications.

This presentation will discuss how Kolide has approached the problem of application tenancy by building a Kubernetes Operator to manage the complete lifecycle of each tenant as an isolated instance of a single-tenant application. We will analyze strategies for account management, observability, deployments, networking, and security.

Finally, we will consider the efficacy of this strategy in general by analyzing the observed pros and cons after using this approach in production to serve thousands of customer instances.

avatar for Mike Arpaia

Mike Arpaia

Co-Founder & CTO, Kolide
Mike is the CTO and Co-Founder of Kolide, a security-first infrastructure analytics company. Kolide's technology is based on an open-source operating system analytics tool called osquery which Mike created, open-sourced, and widely deployed while working at Facebook. A fan of systems... Read More →

Tuesday December 11, 2018 4:30pm - 5:05pm
Ballroom 6A
Wednesday, December 12


Intro to Agones: Scaling Multiplayer Game Servers with Kubernetes - Mark Mandel, Google
Kubernetes provides an amazing toolset for running processes over potentially thousands of machines. However, Dedicated Game Servers for real time multiplayer games, such as Fortnight, Overwatch, etc, have their own challenges that don’t directly line up with the solutions that Kubernetes natively provide. Game Servers are neither stateless (no Deployments), or ordered stateful (no StatefulSets) - but sit somewhere in between the two. They require direct connections (no load balancers), and can’t be turned off once players are connected to them (no traditional autoscalers).

In this talk we’ll discuss and demo the open source project Agones, developed by Google Cloud Platform in conjunction with Ubisoft. Utilising Kubernetes native extension mechanisms, it attempts to solve this problem by providing a batteries-included solution for running Dedicated Game Servers at scale on Kubernetes.

avatar for Mark Mandel

Mark Mandel

Advocate for Games, Google Cloud Platform
Mark Mandel is a Developer Advocate for Games for Google Cloud Platform, founder of the open source, multiplayer dedicated game server scaling project Agones, and one part of the Google Cloud Platform Podcast. Hailing from Australia, Mark built his career developing backend systems... Read More →

Wednesday December 12, 2018 10:50am - 11:25am
Tahoma 1/2 @ TCC The Conference Center (TCC) - Separate from WSCC building


Custom Controllers to the Rescue: Tailoring API Objects to Your Needs - Stephen Chan & Davi Arnaut, Airbnb
External controllers and admission controllers are a great way to extend Kubernetes and enforce cluster policies that are particular to your needs. In this talk, we’ll showcase how to use controllers backed by real examples used in production at Airbnb. We’ll show how controllers can help the scheduler spread a deployment’s pods across zones more evenly, enforce maximum pod age, and taint nodes based on conditions set by node-problem-detector. We’ll also show how we use admission controllers to enforce naming conventions and security constraints such as container image source on API objects submitted to a cluster.

avatar for Davi Arnaut

Davi Arnaut

Site Reliability Engineer, Airbnb
Davi Arnaut is a member of the SRE team and works on supporting the Kubernetes initiatives at Airbnb.

Stephen Chan

Software Engineer, Airbnb
Stephen has worked on Airbnb during much of its Kubernetes migration, from the first production service to hundreds of services running across many clusters and different environments. He previously spoke about a few custom controllers in use at Airbnb at Kubecon 2018.

Wednesday December 12, 2018 11:40am - 12:15pm
Tahoma 1/2 @ TCC The Conference Center (TCC) - Separate from WSCC building


Defining Mutli-Tenant Access Controls for a Cluster - Anund McKague, Atlassian
What we've learned while building an internal PaaS allowing automated self service access to our multi-tenant clusters. Teams have access to create service based namespaces on demand. Beginning with how users authenicate via our open source cli tool connecting ldap and 2fa, continuing through our use of authentication webhooks, on to our use of authorization webhooks and RBAC, and finishing with how we manage creation of dynamic RBAC based roles.

Talk will touch on authentication webhooks, github.com/atlassian/kubetoken, mutating and validating webhooks, api servers as proxies to internal services, managing rbac roles and dynamic creation of role bindings, along with some of the security implications of cluster roles and cluster role bindings.

avatar for Anund McKague

Anund McKague

Senior Developer, Atlassian
Anund is Senior Developer at Atlassian. He works on migrating an internal bespoke PaaS to one based on Kuberentes. Never afraid to dig in at any level of the stack. Manager for a few open source projects at Atlassian.

Wednesday December 12, 2018 1:45pm - 2:20pm
Tahoma 1/2 @ TCC The Conference Center (TCC) - Separate from WSCC building


Kubernetes Design Principles: Understand the Why - Saad Ali, Google
Kubernetes is quickly becoming indispensable for managing and deploying workloads on distributed systems across both cloud and on-prem environments.
 While most people are now familiar with how to use Kubernetes, few are aware of the “why” behind it? Why does the Kubernetes API look the way it does? Why do Kubernetes components only interact with each other through the Kubernetes API? Why is there a PersistentVolumeClaim object when you could easily reference a volume directly from a pod?
 To answer these questions and help you develop a deeper understanding of Kubernetes, this talk exposes the principles underpinning the design of Kubernetes.

avatar for Saad Ali

Saad Ali

Staff Software Engineer, Google
Saad Ali is a staff software engineer at Google where he works on the open-source Kubernetes project. He joined the project in December 2014, and has led the development of the Kubernetes storage and volume subsystem. He serves as a lead of the Kubernetes Storage SIG, and is co-author... Read More →

Wednesday December 12, 2018 2:35pm - 3:10pm
Tahoma 1/2 @ TCC The Conference Center (TCC) - Separate from WSCC building


Airflow on Kubernetes: Dynamic Workflows Simplified - Daniel Imberman, Bloomberg & Barni Seetharaman, Google
Apache Airflow is an open source workflow orchestration engine that allows users to write Directed Acyclic Graph (DAG)-based workflows using a simple Python library. Airflow offers a wide range of native operators for services ranging from Spark and HBase to Google Cloud Platform (GCP) and Amazon Web Services (AWS). Until recently, the Airflow user experience has been hindered by the need to launch and maintain statically-sized Celery-based Airflow clusters. These clusters were both expensive (over and under-utilization) and complex (multiple points of failure).

To address these issues, we developed and published a native Kubernetes Operator and Kubernetes Executor for Apache Airflow. These products allow one-step Airflow deployments, dynamic allocation of Airflow worker pods, full power over run-time environments, and per-task resource management.

avatar for Daniel Imberman

Daniel Imberman

Senior Software Engineer, Bloomberg
Daniel Imberman is a Senior Software Engineer at Bloomberg, where he specializes in Data Science Infrastructure and Cloud Computing. Daniel received his BS/MS from UC Santa Barbara in 2015 with a concentration in distributed machine learning. Daniel was the lead contributor for both... Read More →

Barni Seetharaman

Senior SWE, Google
Bharanidharan(Barni) Seetharaman is a Software engineer at Google where he works on the open source Kubernetes project. Prior to Google, he worked as Networking, Cloud platform and Distributed Systems engineer at companies including CISCO, Juniper, Alcatel Lucent. He has experience... Read More →

Wednesday December 12, 2018 3:40pm - 4:15pm
Tahoma 1/2 @ TCC The Conference Center (TCC) - Separate from WSCC building


Extending Load Balancer Using CRD in Different Kubernetes Cloud Providers - Wei Huang & Srinivas Brahmaroutu, IBM
Major k8s cloud providers (IBM Cloud, EKS, GKE, AKS) provides in-tree implementation for LoadBalancer which varies in their design, implementation and capabilities they expose. In this session we will firstly share our experiences working with load balancers on different cloud providers. After that, we will demonstrate a common solution based on CRD to enable sharing the same LoadBalancer among different services to reduce cost.
In some L4 service scenarios, there are multiple TCP/UDP services need to be exposed publicly. Here comes a question: is it possible to only use one LoadBalancer to expose those services (on different ports)? Instead of being given multiple LoadBalancers which is neither cost effective nor user friendly. Furthermore, is there a common way to adapt to different cloud providers while maintaining a simple interface? We will explore these details through our demos.

avatar for Srinivas Brahmaroutu

Srinivas Brahmaroutu

Sr Software Engineer, IBM
Srinivas Brahmaroutu works as a Software Engineer at IBM Corp. He has many years of experience around IBM cloud offerings. He has worked on many strategic open source projects including Cloud Foundry, Docker and Mesos. Currently he works on Kubernetes contributing to test-infra and... Read More →
avatar for Wei Huang

Wei Huang

Senior Software Engineer, IBM
Wei Huang is a software engineer from IBM. He is an early adopter on TPR/CRD to tryout Kubernetes' extensibility to build a multi-tenancy platform. Currently, he is a maintainer of sig-scheduling.

Wednesday December 12, 2018 4:30pm - 5:05pm
Tahoma 1/2 @ TCC The Conference Center (TCC) - Separate from WSCC building
Thursday, December 13


A Vision For API Machinery: Coming to Terms with the Platform We Built - Daniel Smith, Google
Kubernetes is what it is in large part due to the API Machinery it is constructed from and co-evolved with. At this point in the project’s life, we have a much richer understanding of the users API Machinery serves--and their needs. And so we propose a path forward, describing how API Machinery can better serve these and future users, and how the Kubernetes runtime, libraries, tools, and repositories can be refactored in service of this goal. API Machinery is a force multiplier for Kubernetes, but often disguised as a tax; it’s time to rectify this together.

avatar for Daniel Smith

Daniel Smith

Staff Software Engineer, Google
Daniel has been working on Kubernetes since before it was open sourced, contributing enough in the early days that he’s still one of the top contributors overall. Currently, he is co-Chair and co-TL of the Kubernetes API Machinery SIG, and TL of the corresponding Google team. Before... Read More →

Thursday December 13, 2018 10:50am - 11:25am
Tahoma 3/4 @ TCC The Conference Center (TCC) - Separate from WSCC building


Custom Deployment Strategies for Kubernetes - Nail Islamov, Atlassian
Many tech companies are using continuous deployments (CD) to deliver changes to their users faster and more frequently. One of the challenges with automated deployments is making them safe by detecting and quickly rolling back in the event of a bad release. Standard CD practices include using canary and blue-green deployments; unfortunately, Kubernetes only supports the "rolling update" deployment strategy out of the box, which can only prevent trivial failures. Thanks to extensibility of Kubernetes, it is possible to build custom advanced deployment strategies while reusing Kubernetes core concepts. Nail Islamov will give an overview of how Deployment, ReplicaSet and Pod objects work together along with Service and Ingress, and will provide examples of implementing blue-green and canary deployments reusing these concepts by introducing extra CRD resources.

avatar for Nail Islamov

Nail Islamov

Senior Developer, Atlassian
Nail is a Senior Developer at Atlassian. He is currently working on Atlassian's internal service platform (PaaS) built with Kubernetes and AWS, and a maintainer of Service Catalog (Kubernetes Incubator project), as well as a regular Kubernetes core committer.

Thursday December 13, 2018 11:40am - 12:15pm
Tahoma 3/4 @ TCC The Conference Center (TCC) - Separate from WSCC building


Why Are We Copying and Pasting So Much? - Solly Ross & Philip Wittrock, Google
If you’ve contributed to the one of the Kubernetes controllers or built a custom controller (such as an operator), you’ve probably had to copy a large amount of boilerplate code. Other bits of the controllers may look similar, but have small variations, making it difficult to separate what is bespoke and what is common logic.

The copy/paste approach makes code harder to refactor, understand, and debug. Additionally, neither bug fixes nor improvements to the original are not propagated to the copies.

So what can we about it? Enter controller-runtime, a new foundation library for the next generation of controllers which replaces the boilerplate code with a few function calls. In this session, we’ll look at common controller patterns across both the Kubernetes codebase broader ecosystem, identifying the common elements, simplifying them with the utilities in controller-runtime.

avatar for Solly Ross

Solly Ross

Software Engineer, Google
Solly is one of the leads of the Kubebuilder project, and works on Kubernetes at Google with a focus on custom controller tooling. Solly previously worked on metrics and autoscaling, and has been hacking on various parts of Kubernetes since Kubernetes 1.2. When not writing PRs or... Read More →
avatar for Phillip Wittrock

Phillip Wittrock

Software Engineer, Google
Phillip Wittrock is Staff Software Engineer at Google, a member of the Kubernetes Steering Committee, and a Kubernetes SIG CLI Technical Lead. Phillip’s hobbies include debating how kubectl is pronounced and talking about Kubernetes at social events. Positions Held: Kubernetes... Read More →

Thursday December 13, 2018 1:45pm - 2:20pm
Tahoma 3/4 @ TCC The Conference Center (TCC) - Separate from WSCC building


Extending Kubernetes or: How I Learned to Stop Worrying and Trust the Spec - David Zhu, Google
Kubernetes Storage is moving to a new model for volume plugin development with the new Container Storage Interface (CSI) specification, and engineers from multiple companies are now implementing CSI drivers. However, switching to this new paradigm is not without its fair share of challenges.

This talk explores some of the important lessons learned from writing a production-grade CSI driver and discusses some of the challenges that come with conforming to an actively evolving spec.

Attendees will learn about dealing with concurrent development across multiple projects, working with different interpretations of the same specification, and getting user traction on a new project when the current alternative “just works.” These issues become more relevant as Kubernetes moves towards an increasingly decoupled architecture.

avatar for David Zhu

David Zhu

Software Engineer, Google
David is a Software Engineer for Google Cloud. He has been working on the Kubernetes project for over a year. He is the owner and main contributor of the GCP Compute Persistent Disk CSI Driver, as well as an active contributor to the CSI Spec, Kubernetes CSI external components, and... Read More →

Thursday December 13, 2018 2:35pm - 3:10pm
Tahoma 3/4 @ TCC The Conference Center (TCC) - Separate from WSCC building


!go, Interacting with and Extending Kubernetes in a Polyglot World - Brendan Burns, Microsoft
Kubernetes is implemented in golang and most of the tools around extending it or automation using it (such as kubebuilder) are written in golang. Accessing APIs in another language and writing controller loops or automation tools using non-go languages helps expand the community and tooling around the project and give more options to users.

Kubernetes-client is a project started a year ago around the idea of accessing kubernetes in as many programming languages as useful. It based on OpenAPI spec generated from main kubernetes repository and standard client generators such as swagger-codegen.
 This talk will cover these topics:
 OpenAPI for standard types
 Structure of kubernetes generated clients
 Example: Python client
 Pros/Cons of generated clients
 Builder pattern (e.g. Java client)
 ProtocolBuffer Generation (and challenges)
 Client generation for CRDs
 Demo: A controller loop in python

avatar for Brendan Burns

Brendan Burns

Distinguished Engineer, Microsoft
Brendan Burns is a co-founder of the Kubernetes open source project and a Distinguished Engineer at Microsoft Azure where he focuses on containers, Kubernetes and DevOps. He has a PhD in Computer Science from the University of Massachusetts and a BA in Computer Science and Studio... Read More →

Thursday December 13, 2018 3:40pm - 4:15pm
Tahoma 3/4 @ TCC The Conference Center (TCC) - Separate from WSCC building


The Life of a Kubernetes Watch Event - Wenjia Zhang & Haowei Cai, Google
The watch event is essential to the kubernetes architecture. It’s the key to maintaining high availability in the kubernetes control plane. Have you ever wondered how a watch event is propagated? In this presentation, we will cover how kubernetes delivers a watch event through control plane storage, API server, and finally to clients, and what happened to a watch event across server replicas. Attendees will leave with a full understanding of the life of a kubernetes watch event, which could help you make better decisions to implement your controllers in a much more scalable and performant way.

avatar for Haowei Cai

Haowei Cai

Software Engineer, Google
Haowei Cai is a Software Engineer for Google Cloud. He is one of the owners of Kubernetes Python client library and an active Kubernetes SIG API Machinery contributor. He has been contributing to Kubernetes Extensibility (Admission Webhooks and CRD) to GA working group in the past... Read More →
avatar for Wenjia Zhang

Wenjia Zhang

Software Engineer, Google
Wenjia Zhang is a Software Engineer on GKE team at Google. She is an active contributor for both Kubernetes and etcd open source projects.

Thursday December 13, 2018 4:30pm - 5:05pm
Tahoma 3/4 @ TCC The Conference Center (TCC) - Separate from WSCC building