KubeCon + CloudNativeCon + Open Source Summit + AI

In-person
21-23 August, 2024
Learn More and Register to Attend

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon + Open Source Summit + AI_Dev China 2024 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Hong Kong Standard Time (UTC +8). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change and session seating is available on a first-come, first-served basis.

亲临现场

2024年8月21-23日

了解更多并注册参加

Sched应用程序允许您创建自己的日程安排，但不能替代您的活动注册。您必须注册参加KubeCon + CloudNativeCon + Open Source Summit + AI_Dev China 2024，才能参加会议。如果您尚未注册但希望加入我们，请访问活动注册页面购买注册。

请注意：本日程自动显示为香港标准时间（UTC +8）。要查看您偏好的时区的日程，请从右侧“按日期筛选”上方的下拉菜单中选择。日程可能会有变动，会议席位先到先得。

11:00 HKT

Securing the Supply Chain: A Practical Guide to SLSA Compliance from Build to Runtime | 保障供应链安全：从构建到运行的SLSA合规实用指南 - Enguerrand Allamel, Ledger

Wednesday August 21, 2024 11:00 - 11:35 HKT

Level 1 | Hung Hom Room 1

Navigating the complexities of supply chain security might seem intimidating, especially with evolving frameworks like SLSA (Supply-chain Levels for Software Artifacts). This talk introduces beginners to the foundational practices required to secure software from build to runtime using CNCF tools. We'll explore how GitHub Actions can automate build processes, integrate with Cosign for keyless artifact signing, and use Kyverno for runtime policy enforcement. Additionally, we'll discuss how tools like in-toto and Kubescape help manage and verify artifact integrity, providing a holistic view of SLSA compliance in the Kubernetes ecosystem. To enhance security further, we will also briefly discuss the potential integration of Hardware Security Modules (HSMs) into the supply chain. HSMs can offer an added layer of security for key management operations critical to signing processes, ensuring that cryptographic keys are managed securely and are resilient against attack.

在KubeCon的一个会话描述：供应链安全的复杂性可能看起来令人望而却步，尤其是随着像SLSA（软件构件供应链级别）这样不断发展的框架。本次演讲将向初学者介绍使用CNCF工具来确保软件从构建到运行时的基本实践。我们将探讨GitHub Actions如何自动化构建流程，与Cosign集成进行无密钥构件签名，以及使用Kyverno进行运行时策略执行。此外，我们还将讨论像in-toto和Kubescape这样的工具如何帮助管理和验证构件完整性，为Kubernetes生态系统中的SLSA合规性提供全面视角。为了进一步增强安全性，我们还将简要讨论将硬件安全模块（HSMs）集成到供应链中的潜在可能性。HSMs可以为关键管理操作提供额外的安全层，这对签名过程至关重要，确保加密密钥得到安全管理，并且具有抵御攻击的弹性。

Speakers

Enguerrand Allamel

Senior Cloud Security Engineer, Ledger

Enguerrand is a Senior Cloud Security Engineer with experience in Site Reliability Engineering at Ledger since 2022. His work focuses on the security of scalable and reliable cloud systems, leveraging his knowledge of hybrid computing technologies and container orchestration with... Read More →

Wednesday August 21, 2024 11:00 - 11:35 HKT
Level 1 | Hung Hom Room 1

KubeCon + CloudNativeCon Sessions, Security

Experience Level | 内容经验水平 初级 (Beginner)
Language | 语言 英语 (English)

11:50 HKT

Extend Kubernetes to Edge Using Event-Based Transport | 使用基于事件的传输将Kubernetes扩展到边缘 - Longlong Cao & Meng Yan, Red Hat

Wednesday August 21, 2024 11:50 - 12:25 HKT

Level 1 | Hung Hom Room 1

Struggling with extensive edge cluster management? Kubernetes adoption brings new challenges, especially in sectors like telecom, retail, and manufacturing. The surge in clusters highlights Kubernetes' limitations, worsened by unreliable networks between data centers and edge clusters. Without scalable control, organizations resort to sending engineers to maintain thousands or even millions of edge clusters, slowing progress. But, we have a solution: connecting Kubernetes and edge clusters via event-based transport, utilizing standard open-source protocols like Kafka, MQTT, and NATS. This enhances Kubernetes-style events, making them resilient to network delays or disconnects. With these capabilities, we can effortlessly construct a central control plane scalable to millions of edge clusters. Join us for an intuitive control plane, handling a million edge clusters across regions. Learn an approach that can be adapted to your edge management infrastructure today.

在KubeCon的会议描述中，若您正在为庞大的边缘集群管理而苦恼？Kubernetes的采用带来了新的挑战，尤其是在电信、零售和制造等行业。集群数量的激增凸显了Kubernetes的局限性，加剧了数据中心和边缘集群之间不稳定网络的问题。在缺乏可扩展控制的情况下，组织不得不派遣工程师去维护成千上万甚至数百万个边缘集群，从而拖慢了进展。但是，我们有解决方案：通过基于事件的传输将Kubernetes和边缘集群连接起来，利用标准的开源协议如Kafka、MQTT和NATS。这样可以增强Kubernetes风格的事件，使其能够抵御网络延迟或断开连接。有了这些功能，我们可以轻松构建一个可扩展到数百万个边缘集群的中央控制平台。加入我们，体验一个直观的控制平台，可以跨区域管理数百万个边缘集群。学习一种可以立即应用于您的边缘管理基础设施的方法。

Speakers

Longlong Cao

Senior Software Engineer, Red Hat

Long Long Cao currently works as a cloud engineer at Red Hat, he is also maintainer of the Istio project and member of the Kubernetes SIGs. He is passionate about open source projects and has extensive experience in Docker, Kubernetes and Service Mesh. He writes blogs/articles and... Read More →

Meng Yan

Software Engineer, Red Hat

Meng Yan currently works as a software engineer at Red Hat. What he mainly does is the management of large-scale clusters. Mainly contributed to open source projects are multicluster-global-hub, multicluster-controlplane, etc, also participating in the improvement of Cloudevent.

Wednesday August 21, 2024 11:50 - 12:25 HKT
Level 1 | Hung Hom Room 1

KubeCon + CloudNativeCon Sessions, Connectivity

Experience Level | 内容经验水平 任意程度 (Any)
Language | 语言 中文 (Chinese)

13:50 HKT

⚡ Lightning Talk: Continuously Profile Your Applications in Kubernetes with Pyroscope | ⚡ 闪电演讲: 使用Pyroscope在Kubernetes中持续对应用程序进行性能分析 - Kerrigan Lin, Amazon Web Services

Wednesday August 21, 2024 13:50 - 13:55 HKT

Level 1 | Hung Hom Room 1

Explore performance optimization in Kubernetes using Pyroscope. This Lightning Talk will cover advanced strategies to uncover and resolve performance bottlenecks, enhancing application efficiency and reliability. Tailored for developers and SRE engineers, the session will highlight case studies and demonstrate practical applications of these technologies in real-world scenarios. Attendees will leave with actionable insights for effective performance tuning of containerized applications in Kubernetes.

在KubeCon中探索使用Pyroscope进行Kubernetes性能优化。这场闪电演讲将涵盖发现和解决性能瓶颈的高级策略，提升应用程序的效率和可靠性。针对开发人员和SRE工程师定制，本场演讲将重点介绍案例研究，并演示这些技术在实际场景中的实际应用。与会者将获得有关在Kubernetes中对容器化应用程序进行有效性能调优的可操作见解。

Speakers

Kerrigan Lin

Solutions Architect, Amazon Web Services

Kerrigan Lin brings over 14 years of experience in the information technology industry, with a background in software development and architecture. Currently, he serves as a Solutions Architect at AWS, where he helps clients build cloud-native systems.

Wednesday August 21, 2024 13:50 - 13:55 HKT
Level 1 | Hung Hom Room 1

⚡ Lightning Talks | ⚡ 闪电演讲, Observability

Experience Level | 内容经验水平 任意程度 (Any)
Language | 语言 中文 (Chinese)

13:55 HKT

⚡ Lightning Talk: Discussion on CNAI Widely Used in Education | ⚡ 闪电演讲: 教育中广泛使用的CNAI讨论 - Chen Lin, VMware by Broadcom

Wednesday August 21, 2024 13:55 - 14:00 HKT

Level 1 | Hung Hom Room 1

This lightening talk will discuss Cloud Native Artificial Intelligence (CNAI) used in education from three aspects. Firstly, introduce the current situations on CNAI applied on children education. Secondly, demo a kids-friendly prototype of AI training process on cloud native infrastructure. Thirdly, talk about more possibilities of CNAI used in pre-school and in-school education(children enlightenment, students assignment corrections, AI teaching... ), also brings up the foreseen malicious abuse of CNAI problems.

这个闪电演讲将从三个方面讨论在教育领域中使用的云原生人工智能（CNAI）。首先，介绍目前在儿童教育中应用CNAI的现状。其次，演示一个儿童友好的AI培训过程原型在云原生基础设施上的应用。第三，讨论CNAI在学前和学校教育中的更多可能性（儿童启蒙，学生作业批改，AI教学...），同时提出CNAI可能存在的恶意滥用问题。

Speakers

Chen Lin

Software Engineer, VMware by Broadcom

Chen Lin joined VMware in 2019 and has 5 years cloud native experience. Chen worked on PKS, Tanzu and TKGs product targeting at networking and production CI/CD. Chen is also member of Kubernetes community, and the maintainer of cloud-provider-vsphere.

Wednesday August 21, 2024 13:55 - 14:00 HKT
Level 1 | Hung Hom Room 1

⚡ Lightning Talks | ⚡ 闪电演讲, Cloud Native Experience

Experience Level | 内容经验水平 任意程度 (Any)
Language | 语言 中文 (Chinese), 英语 (English)

14:00 HKT

⚡ Lightning Talk: WASM on Embedded Systems (RTOS) | ⚡ 闪电演讲: 嵌入式系统（RTOS）上的WASM - Han Wu, University of Exeter

Wednesday August 21, 2024 14:00 - 14:05 HKT

Level 1 | Hung Hom Room 1

Web Assembly (WASM) has seen significant success in web applications and is now making inroads into other areas like cloud services and even embedded systems that run Real-time Operating Systems (RTOS), such as Zephyr, RT-Thread, Nuttx, and ESP-IDF. This lighting talk will present different approaches to using WASM on embedded systems. - wasmtime (Arm Linux) - wasm-micro-runtime (RTOS) - wasm3 (Baremetal) The above WASM runtimes offer full support for the WASM core specifications. Additionally, their limited support for the WebAssembly System Interface (WASI) enables access to components such as threads, file systems, and network sockets. Although the WASI specifications that provide access to hardware peripherals such as wasi-i2c, wasi-spi, and wasi-digital-io are still in the early stages of development, the potential advantages in portability, security, and deployment simplicity make WASM a promising choice for embedded systems.

Web Assembly（WASM）在Web应用程序中取得了显著的成功，现在正在进入其他领域，如云服务甚至运行实时操作系统（RTOS）的嵌入式系统，例如Zephyr、RT-Thread、Nuttx和ESP-IDF。这个Lightning Talk将介绍在嵌入式系统中使用WASM的不同方法。 - wasmtime（Arm Linux） - wasm-micro-runtime（RTOS） - wasm3（裸机）上述WASM运行时完全支持WASM核心规范。此外，它们对WebAssembly系统接口（WASI）的有限支持使得可以访问诸如线程、文件系统和网络套接字等组件。尽管提供访问硬件外设的WASI规范，如wasi-i2c、wasi-spi和wasi-digital-io仍处于早期开发阶段，但WASM在可移植性、安全性和部署简易性方面的潜在优势使其成为嵌入式系统的一个有前途的选择。

Speakers

Han

Ph.D. Student, University of Exeter

Ph.D. Student at the University of Exeter in the U.K. for Deep Learning Security in Autonomous Systems. Prior research experience at RT-Thread, LAIX, Xilinx.

Wednesday August 21, 2024 14:00 - 14:05 HKT
Level 1 | Hung Hom Room 1

⚡ Lightning Talks | ⚡ 闪电演讲, Cloud Native Novice

Experience Level | 内容经验水平 初级 (Beginner)
Language | 语言 英语 (English)

14:05 HKT

⚡ Lightning Talk: How Prometheus AI Agent Helps Build Interactive Monitoring? | ⚡ 闪电演讲: Prometheus AI代理如何帮助构建交互式监控？ - Zhihao Liu, Quwan

Wednesday August 21, 2024 14:05 - 14:10 HKT

Level 1 | Hung Hom Room 1

In day-to-day work, both SREs and developers often struggle when working with the observability tools like Prometheus, mainly due to the complex PromQL syntax and disorganized metrics. This talk will showcase how to build Agent. It will have the ability to think, act, and analyze like a human, and it will solve user issues through conversation. This talk presents two main standout ideas: 1. Leveraging RAG technology, it performs multi-path retrieval from local metric knowledge, Prometheus API, Request Logs, and public domain knowledge to produce a consolidated answer. 2. Using the ReAct method, it engages in multi-round dialogues to refine and generate the correct PromQL, call api, and render the dashboard return. This talk, we hope the audience will learn: 1. How to integrate LLM effectively within the observability space. 2. The steps to create an easy-to-use and practical Prometheus AI Agent. 3. Gain experience and insights from practical examples of the Prometheus AI Agent.

在日常工作中，SRE和开发人员在使用像Prometheus这样的可观察性工具时经常遇到困难，主要是由于复杂的PromQL语法和混乱的指标。本次演讲将展示如何构建Agent。它将具有像人类一样思考、行动和分析的能力，并通过对话解决用户问题。本次演讲提出了两个主要的突出想法： 1. 利用RAG技术，从本地度量知识、Prometheus API、请求日志和公共领域知识中进行多路径检索，以生成一个整合的答案。 2. 使用ReAct方法，进行多轮对话以完善和生成正确的PromQL，调用api，并呈现仪表板返回。通过本次演讲，我们希望观众能学到： 1. 如何在可观察性领域有效地整合LLM。 2. 创建一个易于使用和实用的Prometheus人工智能Agent的步骤。 3. 从Prometheus人工智能Agent的实际示例中获得经验和见解。

Speakers

Zhihao Liu

Senior Devops Engineer, Quwan

three years of experience in the observability field. I have been involved in the development of the company's observability platform.

Wednesday August 21, 2024 14:05 - 14:10 HKT
Level 1 | Hung Hom Room 1

⚡ Lightning Talks | ⚡ 闪电演讲, Observability

Experience Level | 内容经验水平 中级 (Intermediate)
Language | 语言 中文 (Chinese)

14:10 HKT

⚡ Lightning Talk: K8SUG: Unleashing the Power of Community | ⚡ 闪电演讲: K8SUG：释放社区的力量 - Yongkang He, K8SUG.com

Wednesday August 21, 2024 14:10 - 14:15 HKT

Level 1 | Hung Hom Room 1

Unveiling the Powerhouse of Knowledge: K8SUG - the Most Active Kubernetes User Group! Step into the world of K8SUG, where passion meets innovation, and connections spark like wildfire. As the brainchild of its founder, the K8SUG Singapore meetup blossomed into a global phenomenon, stretching its reach from Australia to Canada and the UK, with the USA next on the horizon. In just 1.5 electrifying years, our community has swelled to over 14,000 members worldwide, all fueled by the dedication of our volunteers. Join us and be part of the dynamic exchange shaping the future of Kubernetes!

揭开知识强大的力量：K8SUG - 最活跃的Kubernetes用户组！走进K8SUG的世界，激情与创新相遇，连接如野火般迸发。作为其创始人的心血结晶，K8SUG新加坡聚会已经发展成为一个全球现象，其影响力从澳大利亚延伸至加拿大和英国，美国也在未来的计划之中。在短短1.5年的时间里，我们的社区已经发展到全球超过14,000名成员，所有这一切都得益于我们志愿者的奉献。加入我们，成为塑造Kubernetes未来的动态交流的一部分！

Speakers

Yongkang He

Founder / Principal Containers Specialist, K8SUG.com

Yongkang He is a {'Kubestronaut', 'CNCF Ambassador', 'AWS Builder', 'Microsoft MVP', 'Google Champion', 'Alibaba MVP'} based in Singapore. He has over 20 years experiences in IT. In recent years, he shifted the focus on Kubernetes, Multi-Cloud. He is 1 of the most certified including... Read More →

Wednesday August 21, 2024 14:10 - 14:15 HKT
Level 1 | Hung Hom Room 1

⚡ Lightning Talks | ⚡ 闪电演讲, Cloud Native Novice

Experience Level | 内容经验水平 任意程度 (Any)
Language | 语言 英语 (English)

14:40 HKT

⚡ Lightning Talk: Kubernetes Raises Questions. Can a PaaS Answer Them? | ⚡ 闪电演讲: Kubernetes引发了问题。 PaaS能解答吗？ - Ram Iyengar, Cloud Foundry Foundation

Wednesday August 21, 2024 14:40 - 14:45 HKT

Level 1 | Hung Hom Room 1

The enormous success of the CNCF Landscape has produced an overwhelming number of options in the space, where organizations struggle to establish their platforms quickly. This talk will help guide the community through the thought process of building these platforms, explore some examples of what a healthy source-driven platform ecosystem looks like, and showcase the power that a good cloud native platform will deliver to an organization. Though there are variations of platforms (i.e data, application, machine learning, etc) many start to have the same problems. These include artifact management, secrets management, TLS certificates, cloud permissions, and the list goes on. Providing turnkey solutions for platforms that can be ready in minutes adds much velocity to engineering teams across organizations that adopt the platform engineering model.

CNCF景观的巨大成功在该领域产生了大量的选择，组织往往难以快速建立自己的平台。本次演讲将帮助指导社区通过构建这些平台的思考过程，探讨健康的源驱动平台生态系统的一些示例，并展示一个优秀的云原生平台将为组织带来的力量。尽管平台有各种变化（如数据、应用程序、机器学习等），许多开始出现相同的问题。这些问题包括工件管理、密钥管理、TLS证书、云权限等等。为平台提供即插即用的解决方案，可以在几分钟内准备就绪，为采用平台工程模型的组织的工程团队带来更大的速度。

Speakers

Ram Iyengar

Chief Evangelist, Cloud Foundry Foundation

Ram Iyengar is an engineer by practice and an educator at heart. He was (cf) pushed into technology evangelism along his journey as a developer and hasn’t looked back since! He enjoys helping engineering teams around the world discover new and creative ways to work. He is a proponent... Read More →

Wednesday August 21, 2024 14:40 - 14:45 HKT
Level 1 | Hung Hom Room 1

⚡ Lightning Talks | ⚡ 闪电演讲, Platform Engineering

Experience Level | 内容经验水平 任意程度 (Any), 中级 (Intermediate)
Language | 语言 中文 (Chinese), 英语 (English)

14:45 HKT

⚡ Lightning Talk: Rocket Power Your Kubernetes Career with Kubestronaut Program | ⚡ 闪电演讲: 用Kubestronaut计划提升您的Kubernetes职业生涯火力 - Giorgi Keratishvili, EPAM Systems

Wednesday August 21, 2024 14:45 - 14:50 HKT

Level 1 | Hung Hom Room 1

Are you a person who wants to fly high? Conquer mountains of Kubernetes certifications then this talk is for you, Giorgi will share all details of kubestronaut program, what benefits does it gives to person and his certification journey as he holds all 5 and even more certificates from CNCF also he has been beta tester and exam developer some of them...

您是想要飞得更高的人吗？征服 Kubernetes 认证的高山？那么这个讲座适合您。Giorgi 将分享 kubestronaut 计划的所有细节，以及它对个人和他的认证之旅带来的好处。他拥有 CNCF 颁发的所有 5 个甚至更多证书，并且还曾担任其中一些证书的测试人员和考试开发人员...

Speakers

Giorgi Keratishvili

Lead System Engineer (DevOps), EPAM Systems

Giorgi has been in IT field a decade, during this period he has been exposed to majority fields of Development and Operation starting from bear metal infrastructure to higher level of automatization, beside working hour Giorgi is very actively participating in community He plays role... Read More →

Wednesday August 21, 2024 14:45 - 14:50 HKT
Level 1 | Hung Hom Room 1

⚡ Lightning Talks | ⚡ 闪电演讲, Cloud Native Experience

Experience Level | 内容经验水平 任意程度 (Any)
Language | 语言 中文 (Chinese), 英语 (English)

14:50 HKT

⚡ Lightning Talk: Running Native WebAssembly AI Applications Everywhere | ⚡ 闪电演讲: 在任何地方运行原生WebAssembly人工智能应用程序 - Tiejun Chen, VMware

Wednesday August 21, 2024 14:50 - 14:55 HKT

Level 1 | Hung Hom Room 1

In recent years WASM has been one of the hottest topics in the world of computing due to its portability, small size, fast loading, and compatibility. And given these advantages, WebAssembly is an ideal technology based on sandbox schemes for modern applications including ML/AI. But beyond the browser, currently WebAssembly only can leverage CPU to accelerate ML/AI mostly. Here we offer a flexible way to make running ML/AI on WebAssembly over a variety of AI Accelerators by empowering WASM with a transparent backend interposer. With this, your native ML/AI WebAssembly workloads can seamlessly enjoy the underlying AI accelerators such as CPU, GPU, FPGA and so on, with best performance. During this presentation we also would like to show our latest implementation with demos to help users get direct insight of running ML/AI with WebAssembly on AI accelerators.

近年来，由于其可移植性、体积小、加载速度快和兼容性等优势，WASM已成为计算领域最热门的话题之一。鉴于这些优势，WebAssembly是基于沙箱方案的现代应用程序，包括ML/AI的理想技术。但除了浏览器之外，目前WebAssembly只能利用CPU来加速大部分ML/AI。在这里，我们提供了一种灵活的方式，通过为WASM赋予一个透明的后端插入器，使其能够在各种AI加速器上运行ML/AI。借助这一技术，您的本地ML/AI WebAssembly工作负载可以无缝地享受CPU、GPU、FPGA等底层AI加速器的最佳性能。在本次演示中，我们还将展示我们最新的实现，并通过演示帮助用户直观了解在AI加速器上运行ML/AI的WebAssembly。

Speakers

Tiejun Chen

Sr. Technical Lead, VMware

Tiejun Chen was Sr. technical leader. He ever worked several tech companies such as VMware, Intel, Wind River Systems and so on, involved in - cloud native, edge computing, ML/AI, RISC-V, WebAssembly, etc. He ever made many presentations at AI.Dev NA 2023, kubecon China 2021, Kube... Read More →

Wednesday August 21, 2024 14:50 - 14:55 HKT
Level 1 | Hung Hom Room 1

⚡ Lightning Talks | ⚡ 闪电演讲, AI + ML

Experience Level | 内容经验水平 任意程度 (Any), 中级 (Intermediate)
Language | 语言 中文 (Chinese), 英语 (English)

14:55 HKT

⚡ Lightning Talk: Tips and Tricks to (Right) Size Your Kubernetes Cluster for Efficiency and Cost Saving | ⚡ 闪电演讲: 为了提高效率和节约成本，调整Kubernetes集群大小的技巧和窍门 - Daniele Polencic, Learnk8s

Wednesday August 21, 2024 14:55 - 15:00 HKT

Level 1 | Hung Hom Room 1

In this session, you will learn how Kubernetes allocates resources in worker nodes and how you can obtain the most out of them by choosing the right kind of limits and requests for your workloads. You will cover some practical tips to allocate the right number of nodes and resources to your cluster: - Should you have larger or smaller nodes? - How reservation affects efficiency and cost savings? - How to "defrag" your cluster to optimize allocations And more.

在这场演讲中，您将学习Kubernetes如何在工作节点中分配资源，以及如何通过为工作负载选择正确的限制和请求来充分利用它们。您将学习一些实用的技巧，来为您的集群分配正确数量的节点和资源： - 您应该选择更大还是更小的节点？ - 预留资源如何影响效率和节约成本？ - 如何“整理”您的集群以优化分配等等。

Speakers

Daniele Polencic

Instructor, Learnk8s

Daniele teaches containers and Kubernetes at Learnk8s. Daniele is a certified Kubernetes administrator by the Linux Foundation. In the last decade, Daniele trained developers for companies in the e-commerce, finance and public sector.

Wednesday August 21, 2024 14:55 - 15:00 HKT
Level 1 | Hung Hom Room 1

⚡ Lightning Talks | ⚡ 闪电演讲, Platform Engineering

Experience Level | 内容经验水平 任意程度 (Any), 初级 (Beginner)
Language | 语言 中文 (Chinese), 英语 (English)

15:00 HKT

⚡ Lightning Talk: Use Keycloak to Build an Authentication System for Cloud-Native Application | ⚡ 闪电演讲: 使用Keycloak为云原生应用构建身份验证系统 - Yiting Jiang, DaoCloud

Wednesday August 21, 2024 15:00 - 15:05 HKT

Level 1 | Hung Hom Room 1

The identity authentication mechanism is the most basic function for applications, especially for the enterprise-level management system. They usually need to implement functions such as Identity management, single sign-on, and security policy settings. Keycloak is an open source identity and access management (IAM) solution, it can be easily deployed on Kubernetes, and provide applications with features such as centralized authentication. This speech will explain how our cloud native management system makes full use of the powerful and comprehensive features of Keycloak to implement enterprise-level identity and security access management functions. In order to meet our own requirement, we also created some Keycloak plugins to extend its IDP and Event functions, which can be a good example to learn when customization is needed.

身份认证机制是应用程序最基本的功能，尤其对于企业级管理系统而言。它们通常需要实现身份管理、单点登录和安全策略设置等功能。Keycloak 是一个开源的身份和访问管理（IAM）解决方案，可以轻松部署在 Kubernetes 上，为应用程序提供集中认证等功能。本次演讲将解释我们的云原生管理系统如何充分利用 Keycloak 强大而全面的功能来实现企业级身份和安全访问管理功能。为了满足我们的需求，我们还创建了一些 Keycloak 插件来扩展其身份提供者（IDP）和事件功能，当需要定制化时，这些插件是很好的学习例子。

Speakers

Yiting Jiang

Dev Manager, DaoCloud

Graduated at Tong ji University with Master degree, majored in Computer Software and Theory. Worked in EMC, VMWare and DellEMC Companies before.

Wednesday August 21, 2024 15:00 - 15:05 HKT
Level 1 | Hung Hom Room 1

⚡ Lightning Talks | ⚡ 闪电演讲, Security

Experience Level | 内容经验水平 任意程度 (Any)
Language | 语言 中文 (Chinese)

15:35 HKT

Implementing Seamless Connectivity and Service Governance in Multi Kubernetes Cluster with ZTM | 在多个Kubernetes集群中使用ZTM实现无缝连接和服务治理 - Xiaohui Zhang, Flomesh

Wednesday August 21, 2024 15:35 - 16:10 HKT

Level 1 | Hung Hom Room 1

In the evolving cloud-native ecosystem, Kubernetes is vital for microservices. As enterprises adopt multi-cluster Kubernetes setups, securely managing cross-cluster communications becomes challenging due to the limitations of traditional gateways and Ingress solutions. This session explores how ZTM (Zero Trusted Mesh) acts as a bridge across K8s clusters, bypassing traditional gateways and network constraints, thus ensuring zero exposure and boosting security. ZTM uses an HTTP/2-based tunneling mechanism with end-to-end encryption, minimizing public exposure and securing data during transmission. Its design enables quick deployment of cross-cluster communications without altering existing networks or applications, easing management. Furthermore, ZTM integrates with service mesh technologies to provide a secure framework for microservices, supporting service discovery, load balancing, and advanced routing policies, allowing flexible and secure cross-cluster service management.

在不断发展的云原生生态系统中，Kubernetes 对于微服务至关重要。随着企业采用多集群 Kubernetes 设置，由于传统网关和入口解决方案的限制，安全地管理跨集群通信变得具有挑战性。本场演讲探讨了 ZTM（Zero Trusted Mesh）如何作为跨 K8s 集群的桥梁，绕过传统网关和网络限制，从而确保零暴露并提升安全性。 ZTM 使用基于 HTTP/2 的隧道机制进行端到端加密，最大程度减少公开暴露并在传输过程中保护数据安全。其设计能够快速部署跨集群通信，而无需改变现有网络或应用程序，简化管理。此外，ZTM 还与服务网格技术集成，为微服务提供安全框架，支持服务发现、负载均衡和高级路由策略，实现灵活且安全的跨集群服务管理。

Speakers

AddoZhang

Cloud Native Architect, Flomesh

Senior programmer, LFAPAC open source evangelist, CNCF Ambassador, Microsoft MVP, author of the WeChat public account "云原生指北". Years of practical experience in microservices and cloud-native, the main work involves microservices, containers, Kubernetes, DevOps, etc.

Wednesday August 21, 2024 15:35 - 16:10 HKT
Level 1 | Hung Hom Room 1

KubeCon + CloudNativeCon Sessions, Connectivity

Experience Level | 内容经验水平 初级 (Beginner)
Language | 语言 中文 (Chinese)

16:25 HKT

Istio and Modern API Gateways: Navigating the Future of Service Meshes | Istio和现代API网关：引领服务网格的未来 - Jimmy Song & Jianpeng He, Tetrate; Jiaqi Zhang, Alibaba Cloud; Jintao Zhang, Kong Inc.; Xunzhuo Liu, Tencent

Wednesday August 21, 2024 16:25 - 17:00 HKT

Level 1 | Hung Hom Room 1

Join our esteemed panel of experts as they delve into the latest advancements and integrations in the world of Istio and API gateways. This discussion, led by Jimmy Song from Tetrate and founder of the China Cloud Native Community, will feature insights from core contributors and thought leaders including Jianpeng He (Tetrate), Jintao Zhang (Kong), Xunzhuo Liu (Tencent) and Zhang Jiaqi (Alibaba Cloud). The panel will explore Istio's recent developments such as Ambient Mesh, sidecar-less architectures, and the application of eBPF, along with the evolving role of Envoy Gateway. Participants will gain an in-depth understanding of how API gateways are blending with service meshes to create more dynamic, efficient, and secure cloud-native environments.

加入我们尊贵的专家小组，他们将深入探讨 Istio 和 API 网关领域的最新进展和集成。这次讨论由 Tetrate 的 Jimmy Song 主持，他是中国云原生社区的创始人，将邀请核心贡献者和思想领袖，包括 Jianpeng He（Tetrate）、Jintao Zhang（Kong）、Xunzhuo Liu（腾讯）和张佳琦（阿里云）分享见解。小组将探讨 Istio 的最新发展，如环境网格、无边车架构以及 eBPF 的应用，以及 Envoy 网关的不断演变角色。参与者将深入了解 API 网关如何与服务网格融合，创造更具动态、高效和安全的云原生环境。

Speakers

Jintao Zhang

Sr. SE, Kong

Jintao Zhang is a Microsoft MVP, CNCF Ambassador, Apache PMC, and Kubernetes Ingress-NGINX maintainer, he is good at cloud-native technology and Azure technology stack. He worked for Kong Inc.

Jimmy Song

Developer Advocate, Tetrate

Jimmy Song is a developer advocate at Tetrate, CNCF Ambassador, Cloud Native Community founder. He is an outstanding translator, author, and producer of PHEI. Early adopters and evangelists of Kubernetes and Istio. Previously, he worked at iFlytek, TalkingData, and Ant Group.

Xunzhuo

Software Engineer, Tencent

Xunzhuo Liu, Software Engineer working at Tencent Kubernetes Engine Team. He is an Open Source Enthusiast, focusing on API Gateway, Service Mesh, and Kubernetes Networking. He is the steering committee member, core maintainer of Envoy Gateway, also maintaining a couple of CNCF projects... Read More →

Jianpeng He

Software Engineer, Tetrate

Jianpeng is a core maintainer of istio, co-leader of Extensions and Telemetry wroking group, has been working on Istio for almost 3 years, he is the maintainer of Envoy Gateway.

Jiaqi Zhang

software engineer, Alibaba Cloud

Zhang Jiaqi, working on Alibaba Cloud Service Mesh as software engineer, , focusing on traffic management and telemetry related fields, after graduated from the School of Computer Science, Peking University. Participated in several software computer academic conferences, and keen... Read More →

Wednesday August 21, 2024 16:25 - 17:00 HKT
Level 1 | Hung Hom Room 1

KubeCon + CloudNativeCon Sessions, Connectivity

Experience Level | 内容经验水平 中级 (Intermediate)
Language | 语言 中文 (Chinese)

17:15 HKT

Multi-Cluster Networking and Service Discovery Leveraging NRI | 利用NRI的多集群网络和服务发现 - LingMing Xia, Purple Mountain Laboratories & Di Xu, Xiaohongshu

Wednesday August 21, 2024 17:15 - 17:50 HKT

Level 1 | Hung Hom Room 1

Connection and service discovery are usually key challenges for multi-cluster management, existing solutions such as Submariner introduce pre-conditions for public IP and specific CNI. This is problematic for projects like the "East-to-West Computing Resource Transfer Project" where clusters lack public IPs and have diverse CNIs due to different ownership. This session introduces a solution to establish an independent and unified parallel network for east-west traffic cross clusters based on Node Resource Interface (NRI) to avoid intrusive modifications for clusters and limitations on CNI. A hybrid approach is provided for inter-cluster traffic: clusters can communicate through a hub cluster with public IP or connect directly if public IP is equipped. Moreover, cross-cluster service discovery follows the MCS standard to ensure seamless service access. All functionalities remain agnostic to Kubernetes and applications. A live demo will be shown in this session.

连接和服务发现通常是多集群管理的关键挑战，现有解决方案如Submariner引入了公共IP和特定CNI的先决条件。这对于像“东西计算资源转移项目”这样的项目是有问题的，因为集群缺乏公共IP并且由于不同所有权而具有不同的CNI。本场演讲介绍了一种解决方案，基于节点资源接口（NRI）建立一个独立和统一的跨集群东西流量网络，以避免对集群进行侵入性修改和对CNI的限制。提供了一种混合方法用于集群间流量：集群可以通过具有公共IP的中心集群进行通信，或者如果具有公共IP则可以直接连接。此外，跨集群服务发现遵循MCS标准，以确保无缝的服务访问。所有功能都与Kubernetes和应用程序无关。本场演讲将展示现场演示。

Speakers

Di Xu

Principle Software Engineer, Xiaohongshu

Currently, he serves as a Tech Lead at Xiaohongshu, where he leads a team focused on building a highly reliable and scalable container platform. He is the founder of CNCF Sandbox Project Clusternet. Also, he is a top 50 code contributor in Kubernetes community. He had spoken many... Read More →

Lingming

Researcher in Purple Mountain Laboratories, Purple Mountain Laboratories

Focusing on subjects such as cloud-native and distributed clouds. I am currently working as a researcher in the New Computing Architecture Research group of Purple Mountain Laboratories.

Wednesday August 21, 2024 17:15 - 17:50 HKT
Level 1 | Hung Hom Room 1

KubeCon + CloudNativeCon Sessions, Connectivity

Experience Level | 内容经验水平 中级 (Intermediate)
Language | 语言 中文 (Chinese)

11:00 HKT

OpenYurt & Dragonfly: Enhancing Efficient Distribution of LLMs in Cloud-Edge Collaborative Scenarios | OpenYurt和Dragonfly：增强云边协作场景中LLM的高效分发 - Linbo He, alibaba cloud & Jim Ma, Ant Group

Thursday August 22, 2024 11:00 - 11:35 HKT

Level 1 | Hung Hom Room 1

As LLMs continue to grow in size, their deployment and delivery in cloud-edge environments are faced with substantial challenges, especially within edge computing settings that encompass multiple sites with thousands of edge nodes. In this presentation, we will explore how to efficiently distribute LLM applications across dispersed edge nodes using OpenYurt. We will also delve into how Dragonfly’s P2P image distribution technology can address the issue of public network bandwidth consumption encountered during cross-site transmission, reducing public network traffic consumption by up to 90% compared to conventional LLM distribution, and achieving rapid and efficient sharing of LLMs in physically isolated environments. During this presentation, container service experts from Alibaba Cloud and Ant Group will share this solution and introduce the practical application of combining OpenYurt with Dragonfly in edge computing scenarios for LLMs.

随着LLM的规模不断增长，它们在云边缘环境中的部署和交付面临着重大挑战，特别是在涵盖数千个边缘节点的边缘计算环境中。在本次演讲中，我们将探讨如何使用OpenYurt在分散的边缘节点上高效分发LLM应用程序。我们还将深入探讨Dragonfly的P2P图像分发技术如何解决跨站点传输中遇到的公共网络带宽消耗问题，与传统的LLM分发相比，将公共网络流量消耗降低高达90％，实现在物理隔离环境中LLM的快速高效共享。在本次演示中，来自阿里巴巴云和蚂蚁集团的容器服务专家将分享这一解决方案，并介绍在LLM的边缘计算场景中将OpenYurt与Dragonfly结合应用的实际应用。

Speakers

Jim Ma

Senior Engineer, Ant Group

Kubernetes enthusiast at Ant Group, diving deep into Kubernetes CSI storage, OCI image distribution and maintaining CNCF Dragonfly.

Linbo He

senior software engineer, alibaba cloud

I am a member of the Alibaba Cloud Container Service team and one of the founding contributors to the OpenYurt project. Since 2015, I have been actively engaged in the design, development, and open-source initiatives related to Kubernetes. I have taken on responsibilities in a variety... Read More →

Thursday August 22, 2024 11:00 - 11:35 HKT
Level 1 | Hung Hom Room 1

KubeCon + CloudNativeCon Sessions, Connectivity

Experience Level | 内容经验水平 中级 (Intermediate)
Language | 语言 中文 (Chinese)

11:50 HKT

Redefining Service Mesh: Leveraging EBPF to Optimize Istio Ambient Architecture and Performance | 重新定义服务网格：利用eBPF优化Istio环境架构和性能 - Yuxing Zeng, Alibaba Cloud

Thursday August 22, 2024 11:50 - 12:25 HKT

Level 1 | Hung Hom Room 1

Istio Ambient separates the L4/L7 functions found in the traditional sidecar model and introduces the ztunnel component, which implement the L4 network load balancing and secure zero-trust. However, as ztunnel is deployed at the node level with DaemonSet, any malfunction or anomaly in ztunnel may impact the traffic of all mesh-related pods under that node. Furthermore, performance tests of Ambient Mesh have not delivered the anticipated outcomes; ztunnel often becomes a performance bottleneck. These factors make it challenging to apply Ambient Mesh in production environments. it appears that we require a more optimized and practical implementation solution. This session will share: 1. An introduction to the architecture of Istio Ambient Mesh, along with current known issues with the existing implement. 2. using eBPF to implement zero-trust and L4 network traffic capabilities, enhancing the stability of the Mesh network, and significantly improving overall performance.

Istio Ambient将传统的边车模型中发现的L4/L7功能分离，并引入了ztunnel组件，实现了L4网络负载均衡和安全的零信任。然而，由于ztunnel部署在节点级别的DaemonSet上，ztunnel中的任何故障或异常可能会影响该节点下所有与网格相关的Pod的流量。此外，Ambient Mesh的性能测试并未达到预期的结果；ztunnel经常成为性能瓶颈。这些因素使得在生产环境中应用Ambient Mesh变得具有挑战性。看起来我们需要一个更优化和实用的实现解决方案。本次会话将分享： 1. Istio Ambient Mesh架构的介绍，以及现有实现中已知的问题。 2. 使用eBPF实现零信任和L4网络流量功能，增强Mesh网络的稳定性，并显著提高整体性能。

Speakers

Jesse Zeng

Technical Expert, Alibaba Cloud

Yuxing Zeng is a technical expert in the Container Service Team at Alibaba Cloud. He is also a Istio Member、Envoy Contributor. He has rich experience in cloud native fields such as Kubernetes、Istio、 Envoy, etc.

Thursday August 22, 2024 11:50 - 12:25 HKT
Level 1 | Hung Hom Room 1

KubeCon + CloudNativeCon Sessions, Connectivity

Experience Level | 内容经验水平 初级 (Beginner)
Language | 语言 英语 (English)

13:50 HKT

Unified Management, Continuity, Compliance in Multi-Clouds with Service Mesh | 在多云环境中通过服务网格实现统一管理、连续性和合规性 - Kebe Liu, DaoCloud

Thursday August 22, 2024 13:50 - 14:25 HKT

Level 1 | Hung Hom Room 1

In multi-cloud and hybrid cloud architectures, enterprises face challenges like inter-cloud communication, traffic management, application orchestration, data security, and compliance. Service mesh technology offers a unified approach for managing service interactions, enhancing security, and ensuring data compliance. Istio, a leading service mesh project, is particularly effective in multi-cloud and hybrid cloud environments. It provides seamless network connectivity across various architectures, ensuring reliable and secure communication. Additionally, integrating Istio with Karmada enables efficient application scheduling across these complex environments. Karmada allows for smooth orchestration of workloads across different cloud platforms, enhancing the flexibility and scalability of cloud-native applications. I aim to share practical insights and experiences, especially from China, to inspire and provide strategic perspectives in navigating these technological landscapes.

在多云和混合云架构中，企业面临诸如云间通信、流量管理、应用编排、数据安全和合规性等挑战。服务网格技术提供了统一的管理服务交互方式，增强安全性，并确保数据合规性。作为领先的服务网格项目，Istio在多云和混合云环境中特别有效。它提供了跨不同架构的无缝网络连接，确保可靠和安全的通信。此外，将Istio与Karmada集成，可以实现在这些复杂环境中高效的应用调度。Karmada允许在不同云平台上平稳地编排工作负载，增强云原生应用的灵活性和可扩展性。我旨在分享实用的见解和经验，特别是来自中国，以激发并提供在这些技术领域中导航的战略视角。

Speakers

Kebe Liu

Senior software engineer, DaoCloud

Member of Istio Steering Committee, focused on cloud-native and Istio, eBPF and other areas in recent years. Founder of Merbridge project.

Thursday August 22, 2024 13:50 - 14:25 HKT
Level 1 | Hung Hom Room 1

KubeCon + CloudNativeCon Sessions, Connectivity

Experience Level | 内容经验水平 初级 (Beginner)
Language | 语言 中文 (Chinese)

14:40 HKT

Panel: Fragmentation of the Scheduling in Kubernetes and Challenges for AI/ML Workloads | 圆桌：Kubernetes调度社区碎片化现状及如何应对AI/ML工作负载带来的挑战 - Kante Yin, DaoCloud; Li Tao, Independent; William Wang, Huawei Cloud Technologies Co., LTD; 秋萍戴, daocloud; Yuquan Ren, B

Thursday August 22, 2024 14:40 - 15:15 HKT

Level 1 | Hung Hom Room 1

Scheduler is one of the most frequently customized components in Kubernetes, owing to its expandability. However, too many schedulers lead to decision paralysis among users, which has been discussed extensively in the past KubeCons. To help mitigate the confusion of users, four maintainers from various community (Godel-Scheduler, Koordinator, Kubernetes SIG-Scheduling and Volcano) are invited to profile the background and usecases behind these projects. Also the panel will discuss the gap between upstream Kubernetes and downstream projects and try to abstract the common patterns or functionalities which can be pushed to the upstream to avoid reimplementing the wheel, and what should still be defined loosely to preserve the expandability. Moreover, with the rise of AI, scheduling AI workloads in Kubernetes poses a significant challenge, the panel will discuss where we're right now and where we're head for, as well as the opportunities of cooperations.

调度器是Kubernetes中最经常定制的组件之一，这归功于其可扩展性。然而，过多的调度器会导致用户决策瘫痪，这在过去的KubeCon中已经被广泛讨论过。为了帮助减轻用户的困惑，我们邀请了来自各个社区（Godel-Scheduler、Koordinator、Kubernetes SIG-Scheduling和Volcano）的四位维护者来介绍这些项目背后的背景和用例。此外，本小组讨论将探讨上游Kubernetes和下游项目之间的差距，并尝试提炼出可以推送到上游的常见模式或功能，以避免重新实现轮子，以及什么应该保持松散定义以保留可扩展性。此外，随着人工智能的兴起，在Kubernetes中调度AI工作负载面临着重大挑战，本小组讨论将探讨我们目前的状况以及我们未来的发展方向，以及合作的机会。

Speakers

Yuquan Ren

Cloud Native Architect, ByteDance

Yuquan Ren has 10+ years of working experience in the cloud-native field, contributing extensively to open-source projects such as Kubernetes. Currently, he is a tech leader at ByteDance, primarily focusing on the field of orchestration and scheduling.

Kante Yin

Senior Software Engineer, DaoCloud

Kante is a senior software engineer and an open source enthusiast. He's currently working at the Kubernetes platform team at DaoCloud based in Shanghai, mostly around scheduling, resource management and inference. He also works on upstream Kubernetes as SIG-Scheduling Maintainer and... Read More →

Tao Li

Koordinator Co-founder&Maintainer, N/A

Tao Li is a seasoned Senior Software Engineer with a specialization in K8s scheduling. With extensive practical experience in large-scale K8s cluster scheduling technology, Tao has been deeply participated in the research and development of K8s scheduling systems both within Alibaba... Read More →

秋萍戴

product mananger, daocloud

QiuPing Dai is a senior Technology Product Manager at DaoCloud for 5 years and involved in Cloud Computing ( including Kubernetes Computing, Storage, Network) development work. Before that, Qiuping worked at IBM for Cloud Computing. QiuPing is interested in Storage, Network , Scheduling... Read More →

Thursday August 22, 2024 14:40 - 15:15 HKT
Level 1 | Hung Hom Room 1

KubeCon + CloudNativeCon Sessions, Emerging + Advanced

Experience Level | 内容经验水平 任意程度 (Any)
Language | 语言 中文 (Chinese)

15:35 HKT

Revolutionizing Scientific Simulations with Argo Workflows | 用Argo工作流彻底改变科学模拟 - ShaungKun Tian, Alibaba Cloud & 建翔孙, 北京深势科技有限公司

Thursday August 22, 2024 15:35 - 16:10 HKT

Level 1 | Hung Hom Room 1

DP Technology provides scientific simulation platforms for research in biomedicine, energy, materials and other industries. Science simulation workflows are inherently complex and resource-intensive, and manual deployment is often prone to errors. After adopting Argo workflows to orchestrate science simulation, we get productivity 100% improvement. In this talk, we will introduce why chose Argo Workflow, how to orchestrate large-scale tasks of science simulation, how to make whole system scalability and reliability. Specially, we will share best practice about how manage super large workflow (thousands of tasks), how to do reasonable workflow retry, how to use memorization to reduce runtime and compute cost, how to interact with HPC systems. We also made contributions to Argo community to enhance functionalities and improve reliability. Additionally, we'll introduce DFlow, our open-source Python SDK designed for the seamless orchestration of scientific simulations with Argo Workflows.

DP Technology为生物医药、能源、材料等行业的研究提供科学模拟平台。科学模拟工作流程本质上复杂且资源密集，手动部署往往容易出错。采用Argo工作流程来编排科学模拟后，我们的生产力提高了100%。在本次演讲中，我们将介绍为什么选择Argo工作流程，如何编排大规模科学模拟任务，如何实现整个系统的可扩展性和可靠性。特别是，我们将分享如何管理超大型工作流程（数千个任务），如何合理重试工作流程，如何使用记忆化来减少运行时间和计算成本，如何与HPC系统交互。我们还为Argo社区做出了贡献，以增强功能性和提高可靠性。此外，我们还将介绍DFlow，我们的开源Python SDK，旨在与Argo工作流程无缝协同编排科学模拟。

Speakers

建翔孙

软件工程师, 北京深势科技有限公司

I once built a machine learning platform at Kuaishou, and currently, I am involved in scheduling scientific computing tasks at DP Technology, as well as constructing workflow platforms. I specialize in the field of cloud-native development.

Thursday August 22, 2024 15:35 - 16:10 HKT
Level 1 | Hung Hom Room 1

KubeCon + CloudNativeCon Sessions, Platform Engineering

Experience Level | 内容经验水平 初级 (Beginner)
Language | 语言 英语 (English)

16:25 HKT

Uniting Sustainability and Edge Computing: Kepler & Open Horizon on RISC-V and Heterogeneous System | 团结可持续性和边缘计算：Kepler和Open Horizon在RISC-V和异构系统上 - Peng Hui Jiang & David Yao, IBM

Thursday August 22, 2024 16:25 - 17:00 HKT

Level 1 | Hung Hom Room 1

The dynamic landscape of cloud-edge computing demands solutions to mitigate energy consumption and promote sustainability. Our proposal advocates for the integration of Kepler and Open Horizon with CNCF and LF Edge ecosystem to address diverse hardware requirements in Cloud and Edge deployments, including x86, arm, s390, and the emerging RISC-V architectures. Notably, the Chinese market, characterized by edge devices in manufacturing, retail and surveillance domains, stands to benefit significantly from this initiative. By using Kepler’s sophisticated energy estimation capabilities and Open Horizon’s autonomous workload management features, this proposal endeavors to optimize energy efficiency across heterogeneous edge environments. In the session, we will demonstrate one use case to build and integrate Kepler and Open Horizon to work on RISC-V platform, and monitor and optimize distributed and heterogeneous system to build a greener and more resilient cloud-edge computing paradigm.

云边计算的动态景观需要解决能源消耗问题并促进可持续发展。我们的提案主张将Kepler和Open Horizon与CNCF和LF Edge生态系统整合，以解决云和边缘部署中多样化的硬件需求，包括x86、arm、s390和新兴的RISC-V架构。值得注意的是，中国市场以制造、零售和监控领域的边缘设备为特征，这一举措将使其受益匪浅。通过利用Kepler的先进能源估算能力和Open Horizon的自主工作负载管理功能，本提案旨在优化异构边缘环境的能源效率。在本场演讲中，我们将演示一个使用案例，展示如何构建和整合Kepler和Open Horizon在RISC-V平台上运行，并监控和优化分布式和异构系统，以构建更环保、更具弹性的云边计算范式。

Speakers

Peng Hui Jiang

Architect, IBM

Peng Hui Jiang is working for IBM as Senior Software Engineer to build and operate Public Cloud services. He has rich experience in Cloud, Database, and Security. He is CNCF Kepler Maintainer and Apache CouchDB committer and Master Inventor in IBM holding more than 200 patents or... Read More →

勇姚

Program Director, IBM Cloud Platform, IBM

David Yao is the Program Director of IBM Cloud Platform in IBM China Development Lab, developing and managing the entire product development lifecycle and team for the dynamic cloud and edge environment. Passionate on learning open technology, building and transforming an open and... Read More →

Thursday August 22, 2024 16:25 - 17:00 HKT
Level 1 | Hung Hom Room 1

KubeCon + CloudNativeCon Sessions, Observability

Experience Level | 内容经验水平 中级 (Intermediate)
Language | 语言 中文 (Chinese)

17:15 HKT

OpenTelemetry Amplified: Full Observability with EBPF-Enabled Distributed Tracing | OpenTelemetry放大：使用eBPF启用的分布式跟踪实现全面的可观测性 - Kai Liu, Alibaba Cloud & Wanqi Yang, Sun Yat

Thursday August 22, 2024 17:15 - 17:50 HKT

Level 1 | Hung Hom Room 1

Within the cloud-native ecosystem, OpenTelemetry (otel) has established itself as the de facto standard for cross-language and cross-platform observability. By providing comprehensive tracing, metrics, and logging solutions for various programming languages, otel has empowered developers and operators with deep insights into complex systems. In recent years, otel has further expanded its observability frontiers by introducing innovative capabilities in the Linux kernel space using eBPF. However, this innovative journey has encountered new challenges, particularly in reducing the invasiveness in certain programming languages and correlating observability data between kernel and user spaces. This session chronicles Alibaba Cloud’s journey through these challenges. By leveraging eBPF technology, we've pioneered innovative solutions that redefine the landscape of system observability, presenting an integrated, less invasive approach for real-time insights into distributed systems.

在云原生生态系统中，OpenTelemetry（otel）已经成为跨语言和跨平台可观测性的事实标准。通过为各种编程语言提供全面的跟踪、度量和日志解决方案，otel为开发人员和运维人员提供了对复杂系统的深入洞察。近年来，otel通过在Linux内核空间引入eBPF的创新能力，进一步拓展了其可观测性边界。然而，这种创新之旅遇到了新的挑战，特别是在减少某些编程语言中的侵入性和在内核和用户空间之间相关联可观测性数据方面。本场演讲将记录阿里云在这些挑战中的旅程。通过利用eBPF技术，我们开创了重新定义系统可观测性景观的创新解决方案，提供了一种集成的、不那么侵入性的方法，实时洞察分布式系统。

Speakers

Kai Liu

Senior Software Developer, Alibaba Cloud

Liu Kai, a senior software development engineer in the Cloud Native Observability team of Alibaba Cloud. With years of practical experience and insights in the field of monitoring and observability, Liu Kai continuously delves into the realm of observability solutions, including architectural... Read More →

Wanqi Yang

Student, Sun Yat-sen University

Wanqi Yang received the B.S. degree in Computer Science and Technology from Sun Yat-Sen University, Guangzhou, China. She is currently working toward the PhD degree in Computer Science and Technology at School of Computer Science and Engineering, Sun Yat-Sen University. Her research... Read More →

Thursday August 22, 2024 17:15 - 17:50 HKT
Level 1 | Hung Hom Room 1

KubeCon + CloudNativeCon Sessions, Observability

Experience Level | 内容经验水平 任意程度 (Any)
Language | 语言 英语 (English)

10:35 HKT

A Year in the Life of a Developer in the Era of Developer Portals: Navigating Backstage | 开发者在开发者门户时代的一年生活：导航Backstage - Helen Greul, Spotify

Friday August 23, 2024 10:35 - 11:10 HKT

Level 1 | Hung Hom Room 1

In today's rapidly evolving landscape of software development, the role of developer portals has become indispensable. This presentation delves into the experiences of developers over the course of a year, exploring the transformative impact of Backstage developer portal on their workflows, collaboration, and overall productivity based on case studies from existing adopters of Backstage. Through a comprehensive exploration of real-world scenarios, this talk offers insights into the daily challenges faced by developers and how Backstage empowers them to overcome these hurdles. From streamlined onboarding processes to simplified access to internal services and documentation, attendees will gain a deeper understanding of the multifaceted benefits that Backstage brings to developer teams. Moreover, we'll discuss best practices for leveraging Backstage to foster a culture of innovation, collaboration, and continuous improvement.

在当今快速发展的软件开发领域，开发者门户的作用变得不可或缺。本次演讲将深入探讨开发者在一年时间内的经验，通过现有Backstage采用者的案例研究，探讨Backstage开发者门户对他们的工作流程、协作和整体生产力的转变影响。通过对现实场景的全面探讨，本次演讲将为参与者提供洞察开发者面临的日常挑战，以及Backstage如何赋予他们克服这些障碍的能力。从简化入职流程到简化访问内部服务和文档，参与者将更深入地了解Backstage为开发团队带来的多方面好处。此外，我们还将讨论利用Backstage促进创新、协作和持续改进文化的最佳实践。

Speakers

Helen Greul

Head of Engineering for Backstage, Spotify

Helen is an engineering leader, speaker and a strong advocate for creating developer ecosystems that empower teams to thrive. Her journey has taken her from hands-on coding to steering engineering and platform teams, providing her with a holistic perspective on the challenges and... Read More →

Friday August 23, 2024 10:35 - 11:10 HKT
Level 1 | Hung Hom Room 1

KubeCon + CloudNativeCon Sessions, Platform Engineering

Experience Level | 内容经验水平 初级 (Beginner)
Language | 语言 英语 (English)

11:25 HKT

Beyond Statefulset: Containerize Your Enterprise Stateful Applications in Practice | 超越StatefulSet：实践中将企业有状态应用容器化 - Mingshan Zhao, Alibaba Cloud & Vec Sun, xiaohongshu

Friday August 23, 2024 11:25 - 12:00 HKT

Level 1 | Hung Hom Room 1

Kubernetes provides StatefulSet to manage stateful services, but it is far from enough to run enterprise stateful applications in practice. For example: how does Zookeeper accomplish leader election, and how does MQ implement configuration hot loading? How to do daily operation and maintenance of the database? Many practitioners resort to operators that manages pod directly e.g. KubeBlocks, for specific applications e.g. database, yet they are not general enough for other stateful applications. OpenKruise provides several stateful features that are missing in native StatefulSet, such as in-place resource and volume resizing, progressive Configmap & Secret hot update and container operation channel. Teams from Alibaba and Xiaohongshu will share their lessons to build operators and platforms for general stateful apps and containerize database and middleware with a scale of hundreds of thousands of pods.

Kubernetes提供了StatefulSet来管理有状态服务，但实际上要运行企业级有状态应用还远远不够。例如：Zookeeper如何完成领导者选举，MQ如何实现配置热加载？如何进行数据库的日常运维？许多从业者借助直接管理pod的运营商，例如KubeBlocks，针对特定应用程序，例如数据库，但它们并不足够通用以适用于其他有状态应用程序。 OpenKruise提供了一些在原生StatefulSet中缺失的有状态功能，例如原地资源和卷大小调整，渐进式Configmap和Secret热更新以及容器操作通道。来自阿里巴巴和小红书的团队将分享他们构建运营商和平台以适用于通用有状态应用程序，并将数据库和中间件容器化的经验，规模达数十万个pod。

Speakers

Mingshan Zhao

Senior R&D Engineer, Alibaba Cloud

Senior R&D Engineer of AliCloud, Maintainer of OpenKruise community, has long been engaged in the research and development of cloud native, containers, scheduling and other fields; core R&D member of Alibaba's one million container scheduling system, and many years of experience in... Read More →

Vec Sun

software engineer, xiaohongshu

Sunweixiang has previously worked in the Alibaba Cloud container team as software engineer and is a contributor to the OpenKruise community's main, Karmada, and other communities. He is deeply involved in container application orchestration, multi-cluster.

Friday August 23, 2024 11:25 - 12:00 HKT
Level 1 | Hung Hom Room 1

KubeCon + CloudNativeCon Sessions, Platform Engineering

Experience Level | 内容经验水平 初级 (Beginner)
Language | 语言 中文 (Chinese)

13:20 HKT

Build Container Runtime Based on Sandbox API of Containerd | 基于Containerd的Sandbox API构建容器运行时 - Shaobao Feng, Huawei Cloud & Cai Wei, DaoCloud

Friday August 23, 2024 13:20 - 13:55 HKT

Level 1 | Hung Hom Room 1

Sandbox API is released in containerd 1.7 and will be stable in containerd 2.0. It provides a clean way to implement a sandbox oriented container runtime. Container is more a set of API specifications than a single technology now, with the introduction of different kinds of isolation techiques as sandboxes, We need a clear and abstract definition of Sandbox API, to make it easy to integrate different kinds of sandboxing techiniques to become a container runtime. In this sharing, We will: 1. Make an introduction of Sandbox API of containerd, and why we need it. 2. Show how we build our container runtimes based on the Sandobx API and the benefits comes with it. 3. We will show the demostration of different kinds of sandboxed containers created by Kuasar, a container runtime framework based on the new Sandbox API, currently supports sandboxes of VMM, UserMode Kernel, WebAssembly and Runc.

在KubeCon的会议描述中，我们将介绍Sandbox API在containerd 1.7中发布，并将在containerd 2.0中稳定。它提供了一种清晰的方式来实现面向沙箱的容器运行时。随着不同类型的隔离技术（如沙箱）的引入，容器现在更多地是一组API规范，而不是单一技术。我们需要对Sandbox API进行清晰和抽象的定义，以便轻松集成不同类型的沙箱技术，使其成为容器运行时。在这次分享中，我们将： 1. 介绍containerd的Sandbox API，以及为什么我们需要它。 2. 展示我们如何基于Sandbox API构建我们的容器运行时以及带来的好处。 3. 我们将展示由基于新Sandbox API的容器运行时框架Kuasar创建的不同类型的沙箱容器的演示，目前支持VMM、UserMode Kernel、WebAssembly和Runc的沙箱。

Speakers

Wei Cai(Iceber Gu)

Software Engineer, DaoCloud

Senior open source enthusiast, focused on cloud runtime, multi-cloud and WASM. I am a CNCF Ambassador and founded Clusterpedia and promoted it as a CNCF Sandbox project. I also created KasmCloud to promote the integration of WASM with Kubernetes and contribute it to the WasmCloud... Read More →

Shaobao Feng

Principal Engineer, Huawei Cloud

Shaobao is Principal Engineer working on Huawei Cloud, with his work focusing on the Serverless Platforms. He has been a leader in building secure container runtime of the first Serverless Kubernetes on public cloud. He is the main code contributor and maintainer of the open source... Read More →

Friday August 23, 2024 13:20 - 13:55 HKT
Level 1 | Hung Hom Room 1

KubeCon + CloudNativeCon Sessions, Platform Engineering

Experience Level | 内容经验水平 中级 (Intermediate)
Language | 语言 中文 (Chinese)

14:10 HKT

Developing a Standard Multi-Cluster Inventory API | 开发标准的多集群Inventory API - Zhiying Lin & Chen Yu, Microsoft; Hongcai Ren, Huawei; Di Xu, Xiaohongshu; Jian Qiu, Redhat

Friday August 23, 2024 14:10 - 14:45 HKT

Level 1 | Hung Hom Room 1

With one year's effort, the kubernetes community has made great progress on final approval of the cluster inventory API project. The project has gained a lot of attention and interest from different companies and open source projects, with many new use cases being explored. This panel discussion brings together maintainers from different multicluster management projects who bootstraps this project. We will share what is cluster inventory API, and how we get there. We will also introduce the ongoing work and emerging use cases on this project, and our vision for the future plan. During the panel discussion, attendees will gain a comprehensive understanding of the use cases, eg, how to support multi-cluster AI workload scheduling using inventory API, and challenges, eg how to migrate a cluster manager tool to another seamlessly. We will shed light on the collaborative efforts to standardize cluster inventory APIs and how it evolves from a small group discussion to the community effort.

经过一年的努力，Kubernetes社区在最终批准集群清单API项目方面取得了巨大进展。该项目受到了不同公司和开源项目的关注和兴趣，许多新的用例正在被探索。本次小组讨论将汇集来自不同多集群管理项目的维护者，他们启动了这个项目。我们将分享什么是集群清单API，以及我们是如何实现的。我们还将介绍该项目的正在进行的工作和新兴用例，以及我们对未来计划的愿景。在小组讨论期间，与会者将全面了解用例，例如如何使用清单API支持多集群AI工作负载调度，以及挑战，例如如何无缝迁移集群管理工具。我们将阐明协作努力以标准化集群清单API，并介绍它是如何从一个小组讨论演变为社区努力的。

Speakers

Di Xu

Principle Software Engineer, Xiaohongshu

Chen Yu

Senior Software Engineer, Microsoft

Chen Yu is a senior software engineer at Microsoft with a keen interest in cloud-native computing. He is currently working on Multi-Cluster Kubernetes and contributing to the Fleet project open-sourced by Azure Kubernetes Service.

Zhiying Lin

PRINCIPAL SOFTWARE ENGINEER, Microsoft

I'm a PRINCIPLE SOFTWARE ENGINEER at micosoft and my main contribution is the Azure Kubernetes Fleet Manager product. I'm one of the main maintainers of open source project Azure/fleet & Azure/fleet-networking.

Friday August 23, 2024 14:10 - 14:45 HKT
Level 1 | Hung Hom Room 1

KubeCon + CloudNativeCon Sessions, Platform Engineering

Experience Level | 内容经验水平 任意程度 (Any)
Language | 语言 英语 (English)

15:15 HKT

Expanding Cloud Native Capabilities with WASM: A Case Study of Harbor and WASM Integration | 通过WASM扩展云原生能力：Harbor和WASM集成案例研究 - Chenyu Zhang, AntGroup & Yan Wang, Broadcom

Friday August 23, 2024 15:15 - 15:50 HKT

Level 1 | Hung Hom Room 1

In the cloud-native realm, eBPF's versatility has led to scalable solutions in observability and security by attaching to system event checkpoints without kernel code modification. This concept has paved the way for extending business applications non-invasively and flexibly without altering the original code. In this session, we'll use Harbor, the cloud-native artifact registry, to showcase how WASM (WebAssembly) extends Harbor's functionalities without code modification. Here, Harbor is analogous to the Linux kernel, and WASM to user-provided eBPF programs. Harbor provides mounting points for various events, such as pre-pull requests, enabling users to filter requests with custom WASM programs. This facilitates fine-grained permission control and artifact security auditing before a user pulls the artifacts, with more features to discover.

在云原生领域，eBPF 的多功能性使得它能够通过附加到系统事件检查点而无需修改内核代码，从而实现可扩展的可观测性和安全性解决方案。这一概念为在不改变原始代码的情况下非侵入性和灵活地扩展业务应用程序铺平了道路。在本场演讲中，我们将使用 Harbor，云原生制品注册表，展示如何使用 WASM（WebAssembly）在不修改代码的情况下扩展 Harbor 的功能。在这里，Harbor 类似于 Linux 内核，而 WASM 则类似于用户提供的 eBPF 程序。Harbor 提供了各种事件的挂载点，例如预拉取请求，使用户能够使用自定义的 WASM 程序过滤请求。这有助于在用户拉取制品之前进行细粒度的权限控制和制品安全审计，还有更多功能等待您去发现。

Speakers

Yan Wang

Staff engineer, Broadcom

Yan Wang is a Staff engineer working on VMWare. As one of the core maintainer of CNCF project Harbor and the maintainer of CNCF project distribution, his main work focuses on technology research and innovation in the cloud native field.

Chenyu Zhang

Software Engineer, AntGroup

Chenyu Zhang is a software engineer, currently mainly responsible for the development and maintenance of project harbor, and also has some experience in devops and cloud native related technology stacks.

Friday August 23, 2024 15:15 - 15:50 HKT
Level 1 | Hung Hom Room 1

KubeCon + CloudNativeCon Sessions, Platform Engineering

Experience Level | 内容经验水平 中级 (Intermediate)
Language | 语言 中文 (Chinese)

16:05 HKT

JD Cloud's Large-Scale Serverless Practice : APP Management and Elastic Scaling on Karmada | 京东云的大规模无服务器实践：在Karmada上的应用管理和弹性扩展 - XiaoFei Wang & Chen Yanying, JDCloud

Friday August 23, 2024 16:05 - 16:40 HKT

Level 1 | Hung Hom Room 1

In JDCloud, the federated Serverless service is based on the federated management model and Serverless application model, providing JDOS application container control services for federated application container deployment, elastic scaling, and fault migration capabilities. It manages multiple clusters with over 10,000 nodes. Unify management of multiple sub-clusters to improve overall resource utilization. Reduce the complexity of multi-cluster management, scheduling, and distribution on the platform. End users can use our platform just like the native Kubernetes API. Throughout the process, we will address numerous technical challenges, including: 1. Multi-cluster management and distribution practice 2. Efficient cross-cluster elastic scaling solution 3. Problems encountered in production and sharing

在京东云中，联邦Serverless服务基于联邦管理模型和Serverless应用模型，为联邦应用容器部署、弹性扩展和故障迁移提供JDOS应用容器控制服务。它管理超过10,000个节点的多个集群。统一管理多个子集群，提高整体资源利用率。减少平台上多集群管理、调度和分发的复杂性。最终用户可以像使用本机Kubernetes API一样使用我们的平台。在整个过程中，我们将解决许多技术挑战，包括： 1. 多集群管理和分发实践 2. 高效的跨集群弹性扩展解决方案 3. 在生产和分享中遇到的问题

Speakers

Chen Yanying

Cloud Native Engineer, JDCloud

Engaged in the construction and internal promotion of basic platforms such as Federated Clusters, Serverless, Service Mesh and some middleware, based on JD's large-scale Kubernetes clusters

XiaoFei Wang

CloudNativeEngineer, JDCloud

As a software engineer, he is responsible for cluster deployment, multi-cluster management, and federated clusters. Participate in JD.com’s 618 and 11.11. Have rich practical experience in cloud native.

Friday August 23, 2024 16:05 - 16:40 HKT
Level 1 | Hung Hom Room 1

KubeCon + CloudNativeCon Sessions, Platform Engineering

Experience Level | 内容经验水平 任意程度 (Any)
Language | 语言 中文 (Chinese)