Seattle, WA
December 10–13, 2018
Click Here for More Information & Registration
View Venue Map

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Networking [clear filter]
Wednesday, December 12


Connecting Kubernetes Clusters Across Cloud Providers - Thomas Graf, Covalent
It is well understood how to run individual Kubernetes clusters in all major clouds, managed and self-managed, but how do we connect individual clusters together? This talk will guide you how to interconnect multiple Kubernetes clusters running in different cloud providers. We will discuss how to establish basic pod to pod connectivity across clusters, add load balancing using standard Kubernetes services and finally add label based network policy to secure the communication both inside the cluster and across clusters. As a bonus, we will add Istio on top to establish mutual TLS across clusters for added security.

avatar for Thomas Graf

Thomas Graf

Co-Founder & CTO, Isovalent
Thomas Graf is Co-Founder & CTO at Isovalent and creator of the Cilium project. Before this, Thomas has been a Linux kernel developer at Red Hat for many years.

Wednesday December 12, 2018 10:50am - 11:25am
Ballroom 6C


Understanding CoreDNS in Kubernetes - John Belamaric, Google; Cricket Liu & Francois Tur, Infoblox
In Kubernetes 1.11, CoreDNS is Generally Available (GA) as a DNS-based service discover option. In this presentation, we will go over the default CoreDNS configuration - "Corefile" - used when deploying CoreDNS via kubeadm. This will include a line-by-line discussion of the Corefile and what each option means, and how you can modify or customize the configuration using other features of CoreDNS. You will learn about some of the unique, Kubernetes-specific features in CoreDNS, as well as broader DNS-related features, and how to utilize those in your clusters.

avatar for John Belamaric

John Belamaric

Senior Staff Software Engineer, Google
John Belamaric is an experienced software engineer and architect with over 20 years of software design and development experience. He works on the Google Cloud team, focused on Kubernetes and GKE. He is a co-chair of SIG Architecture and an active participant in SIG Network.He is... Read More →
avatar for Cricket Liu

Cricket Liu

Chief DNS Architect, Infoblox
Cricket Liu is an authority on the Domain Name System and the co-author of all of O'Reilly Media’s books on DNS, including the classic DNS and BIND. As Infoblox’s Chief DNS Architect, Cricket guides the development of Infoblox’s product and business strategy, and serves as a... Read More →
avatar for Francois Tur

Francois Tur

Engineering Manager, Infoblox
Francois Tur is a Software Engineer who has worked for Infoblox since 2011. He has spent 15 years developing network management software, dealing with SEM, SIEM, NCCM, and DNS/DHCP protocols. Tur was one of the Infoblox’s team leaders who enhanced the NIOS Infoblox product from... Read More →

Wednesday December 12, 2018 11:40am - 12:15pm
Ballroom 6C


Implementing Least Privilege Security and Networking with BPF on Kubernetes - Arvind Soni, Covalent
BPF is becoming the fastest growing technology in the Linux kernel and is revolutionizing networking, security, and tracing. At the same time, the rise of Kubernetes is creating demand for routing, load-balancing & security infrastructure that is highly scalable, application-aware, and resilient.
 Microservices architectures divvy up application functionality into services and expose them via APIs using protocols such as HTTP/REST, gRPC, or Kafka. This creates new challenges. What was previously traditional Layer 3-4 networking security (limited to the IP and port level) now exposes either the entire API surface or none of it. This is insufficient to implement least privilege security for microservices.
This talk introduces the open source project Cilium - built on BPF to provide Linux native networking and least privilege security for microservices while integrating with Kubernetes.

avatar for Arvind Soni

Arvind Soni

Product Lead, Isovalent Inc.
Arvind works with the Product team at Isovalent Inc, the founding company behind open source Cilium project. Prior to joining Isovalent team, Arvind worked at VMware focused on Openstack and Cloud-Native technologies.

Wednesday December 12, 2018 1:45pm - 2:20pm
Ballroom 6C


Using gRPC for Long-lived and Streaming RPCs - Eric Anderson, Google
Support for long-lived RPCs and streaming RPCs is a core benefit of using gRPC. While such RPCs have fundamental advantages, they also have inherent complications versus "normal" single-request, single-response RPCs. Learn when it is advantageous to use these more advanced features, potential gotchas, and ways to address them.

avatar for Eric Anderson

Eric Anderson

Staff Software Engineer, Google
Eric Anderson is the tech lead of gRPC Java as a Staff Software Engineer at Google. He contributed to the gRPC wire protocol and is experienced with HTTP/2. Previously, he developed the Connectors v4 framework for the Google Search Appliance. Prior to Google, Eric maintained data-driven... Read More →

Wednesday December 12, 2018 2:35pm - 3:10pm
Ballroom 6C


Troubleshooting On-Premise Kubernetes Network: Underlay, Overlay and Pod - Tomofumi Hayashi, Red Hat
Networking is hard. Kubernetes networking can be even harder, especially in on-premise envirnment.
Once you install Kubernetes on-premise, you need to manage both network: underlay and overlay.
So in case of network issue, operator needs to identify where the error comes from.
In addition to container developer, they want to tapping certain pod traffic to somewhere to check the
network, too.

Based on the last KubeCon presentation by Minhan and Rohit, this talk will presents more practical approach
to solve network troubleshooting for on-premise Kubernetes environment, including how to check overlay and
underlay network information and how to tapping pod network traffic independent overlay network.

avatar for Tomofumi Hayashi

Tomofumi Hayashi

Principal Software Engineer, Red Hat
Tomofumi Hayashi is a Senior Software Engineer at Red Hat. He works on SDN/NFV development with NFV partners and with open source communities. He focusing on NFVI fault management in OPNFV/Barometer and advanced container networking in Kubernetes networking plumbing working group... Read More →

Wednesday December 12, 2018 3:40pm - 4:15pm
Ballroom 6C


Switching the Engine (DNS) in Kubernetes: Benchmarks and Possibilities - Michael Grosser, Okkur Labs & Jake Sanders, Google
DNS is one of the core components making Kubernetes run. It’s essential for most services and service discovery. It’s critical, underappreciated and overlooked at the same time. With the recent switch from Kube-DNS to CoreDNS as the main engine for DNS we wanted to take a retrospective look at the improvements and a future look at new possibilities.

In this talk we’ll discuss common DNS issues such as UDP packet loss and resulting tail latency issues, compare the performance and reliability of Kube-DNS and CoreDNS, plus spec out and test possible iterative setups with advanced CoreDNS features such as local Daemonset caching, TCP support, prefetching, DNS over GRPC and GRPC based watches.

avatar for Michael Grosser

Michael Grosser

Founder, Okkur Labs
Michael Grosser has contributed to Kubernetes and CoreDNS for some time. As a Google Developer Expert for Kubernetes and GCP he is excited about technology and reading DNS RFCs. He is the founder of Okkur Labs and Rekkur Solutions. Okkur Labs is an open source lab researching, contributing... Read More →
avatar for Jake Sanders

Jake Sanders

SWE for GKE Security, Google
Jake Sanders has worked in the cloud container ecosystem since 2015. Starting his involvement with Kubernetes as part of the team behind GCR at Google. He is now a SWE for GKE Security at Google.

Wednesday December 12, 2018 4:30pm - 5:05pm
Ballroom 6C
Thursday, December 13


Multi-Cloud Ingress LB: Gimbal Use Case in Actapio and Yahoo Japan - Hirotaka Ichikawa, Actapio, Inc. & Ryutaro Inoue, Yahoo Japan
Gimbal is a open source multi-cloud/cluster ingress load balancer built on Envoy and Kubernetes. This project is developed by Heptio in collaboration with Actapio and Yahoo Japan. It provides multi-team, scalable and cross-cloud traffic management capability working with Kubernetes and OpenStack service discovery.

In this session, we'll talk about detailed Gimbal use case in our environment.
We'll cover:

- load balancing across Kubernetes and OpenStack backend services
- service obserbability
- multi-team operation
- backend service discovery
- performance evaluation


Hirotaka Ichikawa

Engineer, Actapio, Inc.
Hirotaka Ichikawa leads engineering at Actapio's (Yahoo Japan) multi-tenant Cloud & Data Infrastructure with a passion for innovation.. He and his team have been driving next generatioon microservice computing platform based on K8S at scale for last 2 years. Prior to that, he had... Read More →
avatar for Ryutaro Inoue

Ryutaro Inoue

Senior Manager, Yahoo Japan
Ryutaro Inoue is a senior manager of infrastructure department at Yahoo JAPAN.He has more than 8 years of experience in network, security and software development.And also has 2 years of experience in kubernetes and openstack.Currently, He lead "Gimbal" project in Yahoo JAPAN.

Thursday December 13, 2018 10:50am - 11:25am
Ballroom 6C


Everyone Gets a Data Plane! Multi-Networking Kubernetes with the NPWG Spec - Dan Williams & Doug Smith, Red Hat
When one pod network isn't enough, the Network Plumbing Working Group's Multi-Network specification comes to the rescue. In this talk we'll present a detailed overview of the specification and how it helps enable Kubernetes applications in the multi-tenant, media-streaming, NFV, and performance-sensitive application areas. We'll dive into existing implementations like Multus CNI and demonstrate how it makes multi-networking a Kubernetes cluster simple for the app developer and cluster administrator. In addition, we'll cover the future direction of the specification and the Working Group, including what's on the table for Version 2 and the path to natively enhancing Kubernetes' networking capabilities.

avatar for Doug Smith

Doug Smith

Principal Software Engineer, Red Hat, Inc.
Doug Smith is a Principal Software Engineer with Red Hat's Office of the CTO. Focusing on Network Function Virtualization and container technologies, Doug integrates new networking technologies with container systems like Kubernetes and OpenShift. He is a member of the Network Plumbing... Read More →
avatar for Dan Williams

Dan Williams

Principal Software Engineer, Red Hat
Daniel C. B. Williams is a Principal Software Engineer at Red Hat, with a focus on container networking and orchestration, specifically with OpenShift, Kubernetes, CNI, and related projects. As co-lead of the Kubernetes SIG Network group, lead of the Network Plumbing Working Group... Read More →

Thursday December 13, 2018 11:40am - 12:15pm
Ballroom 6C


Container Networking From Scratch - Kristen Jacobs, Oracle
Learn how to construct an overlay network across multiple hosts in just a few lines of bash!

Containers in a system such as Kubernetes need to be able to communicate, and a common networking solution is to use an overlay network, for example, Flannel. In this talk we aim to 'demystify' container networking, and it's constituent elements such as Linux bridges, veth pairs, routing routes and TUN/TAP devices.

Starting with defining a simple network namespace, we will work through networking between containers on the same machine (using the default docker model), up toward a full overlay network spanning multiple machines (as in Kubernetes). We will explain both how this works and why/when it is required, providing the necessary background for understanding and evaluating common
existing Kubernetes networking solutions such as Flannel and Calico.

avatar for Kristen Jacobs

Kristen Jacobs

Principal Software Engineer, Oracle
Kristen Jacobs is a principal software engineer in Oracle’s cloud infrastructure group. He spent the first 15 years of his career working in microprocessor development, but for the past 3 (ish) years has switched from the very small to the very large and is now working on CI/CD... Read More →

slides pdf

Thursday December 13, 2018 1:45pm - 2:20pm
Ballroom 6C


The Telco Networking Journey to Cloud Native: The Good, Bad, and Ugly - Heather Kirksey, The Linux Foundation
As telecom SPs re-imagine their large-scale communications networks, they look to embrace cloud native architecture & technologies. The journey from proprietary hardware to agile, scalable, & OSS for implementing internet, edge & mobile services (LTE and 5G), known as NFV, began several years ago using the first wave of virtualization technologies. As organizations like AT&T, China Mobile, & Orange look ahead to next-gen services, they're increasingly looking to implement fully realized cloud native network services, i.e., Cloud-native Network Functions (CNFs) running on cloud native infrastructure such as Kk8s & network service mesh using CI/CD & automated testing. Citing examples from open source communities and organizations migrating network functions to the cloud, this session will review lessons learned challenges faced by telcos today as well as what’s in store for tomorrow.

avatar for Heather Kirksey

Heather Kirksey

VP, Community and Ecosystem Development, Linux Foundation
Heather Kirksey works with the community to advance the adoption and implementation of open source NFV platforms.Before joining The Linux Foundation, she led strategic technology alliances for MongoDB. Earlier in her career she held various leadership positions in the telecom industry... Read More →

Thursday December 13, 2018 2:35pm - 3:10pm
Ballroom 6C