June 20 - 22 - Tokyo, Japan
Click for Open Source Summit Japan & Automotive Linux Summit Information & Registration

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Cloud Native & Serverless & Microservices [clear filter]
Wednesday, June 20


Microservice 4.0 Journey - From Spring NetFlix OSS to Istio Service Mesh and Serverless - Daniel Oh, Red Hat
Development of Spring Boot applications for Cloud Platform has been greatly simplified by adopting NetFlixOSS and frameworks such as Ribbon, Zuul, Eureka.

While embedding features—such as circuit breaker, resilience, load balancing, service discovery, and tracing at the client side—offers many advantages, it also complicates the project to be designed. It can require more competences from developers who should be mainly focused on implementing business logic.

In this session, we'll demystify how the Istio site mesh platform delegates such responsibilities to a "sidecar" running next to the application. We'll demonstrate the benefits of this architecture with demos and use cases (e.g., circuit breaker, A/B canary, load balancing) to show how you could easily migrate an existing Spring Boot NetFlix OSS application on Istio.

avatar for Daniel Oh

Daniel Oh

Principal Technical Marketing Manager / CNCF Ambassador, Red Hat
Daniel Oh is principal technical product marketing manager at Red Hat and works CNCF ambassador as well. He's well recognized in cloud-native app dev, senior DevOps practices in many open source projects and international conferences.

Wednesday June 20, 2018 13:30 - 14:10


Building Data Pipelines with Open Source Cloud Services - Heikki Nousiainen, Aiven
Following the first wave of cloud adoption, moving from private data centers and on-premises hosting to cloud infrastructure platforms such as AWS and GCP, we're now seeing a second wave of adoption where self-managed and operated database and messaging services are being replaced by managed cloud database services like RDS.

Many of the most popular and longstanding Open Source database systems such as PostgreSQL and MySQL are available in these Database-as-a-Service platforms. However, newer technologies used for building scalable data pipelines are commonly proprietary, locking you into a single vendor and out of the vast Open Source innovation ecosystem.

We'll look into available Open Source cloud alternatives, many of which provide superior performance without vendor lock-in, and how they can be used to build data pipelines.

avatar for Heikki Nousiainen

Heikki Nousiainen

CTO, Aiven
I'm the CTO and one of the founders of Aiven, a managed cloud services company offering the best Open Source database and messaging services to businesses around the world.

Wednesday June 20, 2018 14:20 - 15:00


Protect Your Kubernetes Data, Friends Don’t Let Friends Leave their Kubernetes Data Unprotected - Rita Zhang, Microsoft
In recent headlines, there are increasing news about cloud resources getting hacked caused by attacks on Kubernetes clusters with unsecured etcd servers ending in massive amounts of password and keys stolen. Failing to properly secure your Kubernetes data can result in cloud resources getting hacked and your application secrets getting stolen. The etcd database contains information that may grant an attacker significant visibility into the state of your cluster.

This presentation focuses on how to use the encryption at rest feature to encrypt secret resources in etcd, preventing parties from gaining access to view the content in etcd and etcd backups. Starting from Kubernetes v1.10, we have added --experimental-encryption-provider-config that controls how API data is encrypted in etcd by KMS providers.

avatar for Rita Zhang

Rita Zhang

Principal Software Engineer, Microsoft
Rita Zhang is a software engineer at Microsoft, based in San Francisco. She is on the Azure Cloud Native Compute team building features for Kubernetes upstream and for Azure Kubernetes Service. Rita is passionate about open source and running distributed workloads at scale.

Wednesday June 20, 2018 15:10 - 15:50


Advanced Security on Kubernetes with Istio - Shunsuke Miyoshi, Fujitsu
Conventional network is designed with a policy "everything on the inside an organization’s network can be trusted".

Thus, a system security is based on Firewall in order to control access between outside and inside.
However, recent attacks are becoming more sophisticated, and we must respond not only to the external threat but also to the threat within Firewall.

As dealing with these threats, Zero Trust Network is proposed.

Zero Trust Network is a security model which rooted in the principle of "never trust, always verify".
Everything(communication path, destination service, ...) are verified in this model, thus, it makes a system more secure.

In Kubernetes, we can build a Zero Trust Network model by combining NetworkPolicy(one of Kubernetes function) and Istio.

This presentation shows an overview of Zero Trust Network model, and how to create the model in kubernetes with Istio.


Shunsuke Miyoshi

Software Engineer, Fujitsu
I have been participated in the development and building of infrastructure systems with Kubernetes, docker for one year. Now, I contribute to Kubernetes community as engineer. I also trying to security evaluation of microservices system by kubernetes and istio.

Wednesday June 20, 2018 16:20 - 17:00
Private Dining
  • Experience Level Any


Comparing Next-Generation Container Image Building Tools - Akihiro Suda, NTT
Until recently, running `docker build` against Dockerfile had been the only way to build container images.

However, lots of opensource software are being proposed as successors/alternatives to `docker build`:
- BuildKit (Moby Project / Docker)
- img (Jessica Frazelle / Microsoft)
- Buildah (Project Atomic / Red Hat)
- umoci & Orca (SUSE)
- Bazel (Google)
- OpenShift S2I (Red Hat)

Akihiro Suda compares these new tools' advantages and disadvantages.
His evaluation basis would include but not be limited to:
- Performance (Cache efficiency, Concurrency, Distributed Execution)
- Secret management, e.g. SSH and AWS keys
- Support for non-Dockerfile
- Non-root execution
- UI & UX
- Governance of the community

He also proposes a unified interface for using these tools with Kubernetes in a vendor-neutral way.

avatar for Akihiro Suda

Akihiro Suda

Software Engineer, NTT
Akihiro Suda is a software engineer at NTT Corporation, a Japan-based telecommunication company. He has been a core maintainer of Moby (former Docker Engine) since November 2016. He has been also a maintainer of several opensource container software such as CNCF containerd and Moby... Read More →

Wednesday June 20, 2018 17:10 - 17:50


BoF: Traefik reverse-proxy/load-balancer -Emile Vauge, Containous
Traefik is an open source reverse-proxy/load-balancer usable as an Ingress controller.

This session will gather together users and developers of the platform to discuss user needs, project direction and optionally demonstrate use of Traefik as a Kubernetes Ingress Controller.

avatar for Emile Vauge

Emile Vauge

CEO, Containous
Creator of traefik.io, founder of containo.us

Wednesday June 20, 2018 18:00 - 19:00
Room 2
  • Experience Level Any
Thursday, June 21


Build Machine Learning Stack on Kubernetes using Kubeflow - Nilesh Patel, IBM (Watson and Cloud Platform)
Kubernetes has quickly become the hybrid solution for deploying complicated workloads anywhere. While it started with just stateless services, customers have begun to move complex workloads to the platform. One of the fastest growing use cases is to use Kubernetes as a platform to run machine learnings apps.

Building any production-ready machine learning system involves mixing vendors and hand-rolled solutions. Connecting and managing these services for even moderately sophisticated setups introduces huge barriers of complexity in adopting machine learning. Infrastructure engineers will often spend a significant amount of time manually tweaking deployments.

To address these concerns, Google recently launched Kubeflow, a new open source project to make using ML stacks on Kubernetes easy, fast and extensible. Learn in this sessions, how to build ML stake on Kubernetes using Kubeflow.

avatar for Nilesh Patel

Nilesh Patel

Principal Product Manager, WalmartLabs
Nilesh Patel is an Offering Manager working on the IBM Cloud Container Service and ISTIO. Since joining IBM, he has managed several devOps products in the area of deployment and releases automation. Most recently, Nilesh is helping to drive Istio and Kubernetes adoption by working... Read More →

Thursday June 21, 2018 11:10 - 11:50


Building Bridges: How Open Source Cloud Technologies Are Fostering Interoperability and Building A Massive Ecosystem - Chip Childers, Cloud Foundry Foundation
Cloud Foundry is an integral part of the movement creating interoperability among the open source, cloud-native ecosystem. Complementary, interlocking open source technologies like Cloud Foundry, Kubernetes and the Open Service Broker API are shifting the way industries function. These technologies weave together flexibility and application development for virtually any type of business.

What began as a grassroots movement among developers has mushroomed into a massive collaborative community. Linux laid the groundwork in 1991, and the Linux Foundation continues to host the world’s leading open source projects. Today, projects like Cloud Foundry and Cloud Native Computing Foundation, as well as standards like the Open Container Initiative, effectively serve as the voice of the people. The developers creating these projects are defining the next generation of technology infrastructure.

In this talk, Chip Childers will discuss the importance of interoperability, and how it is critical to the future success of technologies. Abby will also discuss the role that open source plays in cloud technologies -- delivering a flexible, scalable strategy to drive the future of business.

avatar for Chip Childers

Chip Childers

CTO, Cloud Foundry Foundation
Chip has spent more than 18 years in large-scale computing and open source software. In 2015, he became the co-founder of the Cloud Foundry Foundation as Technology Chief of Staff. He was the first VP of Apache Cloudstack, a platform he helped drive while leading Enterprise Cloud... Read More →

Thursday June 21, 2018 12:00 - 12:40


Silence of the Lambdas: Terrible Ideas in Serverless - Corey Quinn, Last Week in AWS
AWS Lambda ushers in a new way of thinking about solving technical problems. Unfortunately, when the only tool you have is a hammer everything starts to look like your thumb. In this talk, come explore the design patterns that work well with Lambda, through a discussion of what failure looks like.

This talk starts off with a quick introduction to what AWS Lambda is and where it came from. From there, we transition into demonstrating the absolutely worst possible ways in which to use it– along with what make these simple mistakes terrible ideas at scale. You will laugh, you will cry, you will immediately begin migrating your code away from anywhere the speaker might conceivably have access to it.

avatar for Corey Quinn

Corey Quinn

Editor, Last Week in AWS
Corey is a Cloud Economist at the Quinn Advisory Group and an advisor to ReactiveOps. He has a history as an engineering director, public speaker, and cloud architect. Corey specializes in helping companies address horrifying AWS bills, hosts the "Screaming in the Cloud" podcast... Read More →

Thursday June 21, 2018 14:00 - 14:40
  • Experience Level Any


Consuming Cloud Services with the Kubernetes Service Catalog - Neil Peterson, Microsoft
In a cloud native world, managed services such as database, storage, and event processing systems can be utilized without the overhead of total service ownership. Kubernetes provides an extension mechanism for dynamically requesting and consuming managed services through the Kubernetes Service Catalog API. Using the service catalog, you can deploy applications into your Kubernetes cluster that are configured to dynamically requests and connect to managed services.

In this talk, I will discuss in detail the different components of the Kubernetes service catalog. I'll will demonstrate integrating the service catalog with different cloud providers, and utilizing the provider services in you Kubernetes deployments. By the end of the talk, we will have configured the service catalog and deployed an application into our cluster that dynamically requests and uses a managed cloud service.

avatar for Neil Peterson

Neil Peterson

Speaker, Techorama
Neil Peterson is a datacenter and cloud enthusiast. With 15 years' experience in large datacenter deployment, management and maintenance operations, Neil now works as a Senior content engineer delivering technical documentation and samples with focus on Azure and Containers.

Thursday June 21, 2018 14:50 - 15:30


Application Monitoring and Tracing in Kubernetes: Avoiding Microservice Hell! - David vonThenen, VMware
Creating and deploying microservices is easy. The real problem is how to manage and support these services out in the wild and in production. What happens when these services stop working or worse yet when they are running but running slowly? Which service instance is the culprit? This session talks about how you can leverage metrics and tracing tools in order to give better visibility into the distributed nature of a microservice architecture in a Kubernetes environment.

This presentation will discuss key concepts of metrics and tracing and highlight Open Source Projects available that address: 1) the value of instrumentation and how Prometheus can be used to monitor and measure a Kubernetes cluster, and 2) how Jaeger can provide visibility into your applications and microservices.

Will provide a demo of Microservices leveraging Prometheus and Jaeger deployed to Kubernetes cluster.

avatar for David vonThenen

David vonThenen

Cloud Native Engineer, VMware
David vonThenen is a Developer Advocate at VMware working in the container orchestrator space specifically around the Kubernetes ecosystem. A significant amount of my contributions have been in revolving around projects in the Cloud Native Compute Foundation. Prior to joining VMware... Read More →

Thursday June 21, 2018 16:00 - 16:40


Migration of an Enterprise UI Microservice System from Cloud Foundry to Kubernetes - Tony Erwin & Jonathan Schweikhart, IBM
The 40 Node.js microservices making up the IBM Cloud UI historically have been deployed as apps on Cloud Foundry (CF), an open source PaaS. But, recently, this enterprise microservice system has been migrated to run on Kubernetes to take advantage of improved orchestration, higher availability, and better performance. Tony Erwin will discuss his team's journey and provide you with insights into the advantages of Kube over CF. Even more importantly, Tony will describe approaches to solving new problems that took the place of old ones, such as: 1) adapting PaaS apps to run as containers on Kube, 2) enabling geo load balancing between the different runtimes (to vette Kube before completely turning off CF), 3) integrating tools like Prometheus into existing monitoring systems, and more! His team's first-hand experiences will help you avoid pitfalls as you prepare your own migrations to Kube!

avatar for Tony Erwin

Tony Erwin

Senior Technical Staff Member 高级技术员, IBM
Tony Erwin is a Senior Technical Staff Member at IBM and the Lead Architect for the IBM Cloud UI. He has extensive full-stack experience developing UIs with a wide variety of client and server technologies. Current interests include cloud, Node.js/JavaScript, microservices, reliability... Read More →

Jonathan Schweikhart

Advisory Software Engineer 咨询软件工程师, IBM
Jonathan Schweikhart is an Advisory Software Engineer at IBM and the DevOps lead for IBM Cloud UI. He has extensive experience with development practices, continuous delivery, automation, metrics, and monitoring. Current interests include Node.js/JavaScript, Kubernetes, and Prometheus.Jonathan... Read More →

Thursday June 21, 2018 16:50 - 17:30
Friday, June 22


How Container Runtime Matters in Kubernetes? - Kunal Kushwaha, NTT Labs
Container Orchestrator Kubernetes utilizes Container Runtime to provide low-level pod/container management and operations at the node level. The capabilities & performance of these Container runtimes affects the overall system and thus affect workload running in a cluster. Kunal will present evaluation and comparative study of major Container Runtime options (cri-containerd, cri-o, frakti) available for K8s and how each one behaves in terms of various types of workloads along with features/capabilities that compliment them. This shall be helpful while designing/building Kubernetes Stack for your workloads. Few of workload patterns shall be covered as

-Serverless framework
-Peak hours demand for services (quick scale-up)
-Mean Time To Recovery (MTTR) (DevOps)
-Long Running containers (databases/monolithic/legacy apps)
-Application with high security (Meeting approved security standards)

avatar for Kunal Kushwaha

Kunal Kushwaha

Senior Engineer, NTT OSSC
Kunal Kushwaha works with NTT Open Source Software Center and is an active contributor to Container projects like podman, containerd & past speaker of OSSummit, Japan. Recently he has been working on migration of legacy application to Kubernetes and evaluating KubeVirt for migration... Read More →

Friday June 22, 2018 11:20 - 12:00
  • Experience Level Any


Kubernetes Security Best Practices - Ian Lewis, Google
Containers give developers the ability to isolate applications from one another, but that’s not enough. Resource isolation is much different than security isolation. How do we make applications deployed in containers more secure? How do we apply existing tools like SELinux and AppArmor, and seccomp to our containers running in Kubernetes? How can we apply a policy to our network and services to make sure applications only have access to what they need and nothing more?

In this talk, attendees will learn about the risks and attack surfaces and see tools like PodSecurityPolicy, SELinux, AppArmor, and seccomp in action to improve the security of containers deployed in Kubernetes. We’ll then go up the stack and learn how to apply network policy to containers to further improve security.

avatar for Ian Lewis

Ian Lewis

Developer Advocate, Google
Ian is a software engineer at Google and contributor to the gVisor project. Ian has had various developer and operations roles throughout his career and enjoys working in environments with diverse ways of thinking. Ian has been living in Tokyo since 2006 and is active in the open-source... Read More →

Friday June 22, 2018 15:15 - 15:55