Confidential instance types are the newest addition to public clouds like Microsoft Azure and Google Cloud Platform (GCP) but what does "confidential" really mean? The session will focus on which additional security guarantees are provided and what's required from Linux based operating systems to make use of these guarantees. Using Azure Confidential VMs as an example, I'll focus on boot process, guest image requirements, Unified Kernel Images (UKIs), full disk encryption with vTPMs and PCR measurements. A brief overview of the current state of these technologies in Fedora and RHEL distributions can also be expected.
Building Cloud Native applications using a CI/CD pipeline is now a well established practice. But what if we could build an entire Kubernetes distribution, from the OS up to the K8s cluster operators, for multiple CPU architectures, in a Cloud Native way? That's what we're doing in OKD (https://www.okd.io/): building a feature-packed Kubernetes distribution using Tekton pipelines, in the open.
In this presentation, we’ll look at he build processes of OKD. We’ll show how the OKD community builds container images using Tekton Pipelines, which are runnable both locally and on a cluster, and how we bundle those together with a base Linux operating system to create a fully-featured, multi-arch enabled, distribution of Kubernetes, from the OS up to the Operators, in a Cloud Native way.
I'm an Openshift Senior Software Engineer at RedHat since Sept. 2021. I’m a mom of a 13 year old daughter, so in my free time I’m yelling about screen time and doing history, math… But also trail running, paddle boarding, padel and hiking. I’m a tech enthusiast, and have been... Read More →
Timothée Ravier is a Linux system and security engineer interested in safe programming languages and container focused operating systems. He is currently working at Red Hat as a CoreOS engineer. He maintains Fedora Silverblue and Fedora Kinoite, which are variants of Fedora focused... Read More →
When running VMs (virtual machines), having the ability to dynamically change the configuration at runtime (for example by hotplugging additional devices) is a critical feature which is largely taken for granted.
In the context of KubeVirt [1], however, making it possible for operators to take advantage of this flexibility comes with additional challenges related to the underlying orchestration platform (Kubernetes [2]) and virtualization stack (libvirt/QEMU [3,4]).
In this presentation, we will enumerate these challenges and propose a way to address them in KubeVirt, with the goal of presenting users with a simple, high-level interface to resource allocation. The focus will be mostly on networking devices.
Basic knowledge of KubeVirt and libvirt is recommended but not required.
Andrea Bolognani is a Software Engineer working on virtualization at Red Hat. He's been part of the Free Software community for more than a decade, contributing to Debian and several other projects, all while being an extremely happy user himself.
Edward Haas is a software engineer in the CNV and RHV groups @RedHat, specializing in the network domain. Previously engaged in the development of networking solutions that aimed to accelerate and optimize network traffic, utilizing tools like DPDK. A believer in clean code and an... Read More →
The "Volume Populators" feature, that enables pairing a persistent volume claim with a custom resource as its data source, graduated to beta in Kubernetes 1.24 and is now available in OpenShift. This feature is the backbone of the new features in the upcoming version (2.4) of Forklift / Migration Toolkit for Virtualization (MTV), where it is used for populating virtual disks from foreign virtualization management systems to KubeVirt / OpenShift Virtualization.
In this session, we will walk through the evolution of importing virtual disks from Containerized Data Importer (CDI), the existing mechanism in KubeVirt / OpenShift Virtualization for populating virtual disks, to OpenShift's volume populators. We will see how volume populators were integrated into Forklift / MTV, the changes we did in kubernetes-csi/lib-volume-populator and dive into both success stories (oVirt, Openstack) and a case in which volume populators didn't quite fit (vSphere).
This is a second part of the talk I held in November 2022 in Brno. Once an enterprise moves from on-prem to cloud, they become aware of how difficult it is to plan and control their infrastructure costs. As agility in the cloud breaks on-prem predictability, the organization needs a way to manage the cost. This talk is a continuation of the previous one, and while a previous one was more theoretical, this one offers technical details. It is a use-case, a success story - implementing cloud fitness through observability in a large enterprise that spends millions of dollars on their cloud bill per month. Architecture details of the solution will be discussed during the talk. Implementation details along with the terraform-based infrastructure as code solution will be discussed during the talk.
Benchmarking Ceph has always been a complex task - there are lots of tools but many have drawbacks and are written for more general-purpose use. For Ceph we need to benchmark Librados, RBD, CephFS, and RGW and each of these protocols has unique challenges and typical deployment scenarios. Not only that, Ceph works better at scale and so we need to ensure that we can build a benchmarking system that will also scale and be able to generate an adequate load at large scale.
Danny runs product engineering at SoftIron, working to turn raw and untamed free software projects into commercially supported, turn-key infrastructure products. Most of his time these days is spent taming Ceph and SONiC, and supporting customers in new and interesting environments... Read More →
Friday June 16, 2023 3:00pm - 3:35pm CEST
D105 | Talks
Did you know that CNI itself isn’t Kubernetes specific? Container Network Interface (CNI) is an API providing a networking solution for containers on Linux and it’s Kubernetes agnostic. Those who deploy network-centric workloads want richer interactions between their workloads and the networking that underpins them. These people are Kubernetes people, and they’re looking for K8s-native ways to interact with CNI. Developers want to perform monitoring, have up-to-date metadata, and interact with CNI configurations. If we don’t have a lingua franca between CNI and K8s we take away commonality between networking implementations and endanger customers with vendor lock-in, and add confusion for admins who have to unravel science experiments. Today CNI sits at a crossroads. There’s SIG-Network’s initiative for k8s multi-networking, Multus CNI’s ability to speak both K8s & CNI, and CNI on the precipice of defining 2.0. Help us save CNI and explore the possibilities for its future.
Daniel is a Principal Software Engineer at the Red Hat’s Office of the CTO. He’s been involved in several networking projects, such as Kuryr-Kubernetes (a CNI plugin which enables native Neutron-based networking in Kubernetes), MetalLB and recently he’s been tackling Edge and... Read More →
30 something year old developer from Portugal, based in Madrid, Spain. Main interests are SDN / NFV, functional programming, containers, and virtualization.
Friday June 16, 2023 3:45pm - 4:20pm CEST
D105 | Talks
Kubernetes is an open-source system for automating deployment, scaling, and management of containerized applications. However, some users want to manage the whole cluster - not only the workloads. Furthermore, cluster admins fluent in Kubernetes want to manage clusters in a declarative manner.
To address those gaps, the Kubernetes SIG Cluster lifecycle has started a project - Cluster API - to provide declarative APIs and tooling to manage the lifecycle of multiple Kubernetes clusters. These nested clusters must be isolated from one another, resilient to network disruptions, and safely exposed to the outside world.
This talk will propose a design - and reference implementation - for a CNI plugin that fulfills the requirements and goals for a KubeVirt provider of Cluster API, using OVN as the base SDN solution.
30 something year old developer from Portugal, based in Madrid, Spain. Main interests are SDN / NFV, functional programming, containers, and virtualization.
Do you feel that container networking can be overwhelming? You are not alone. Understanding Kubernetes networking may feel like a superpower and OpenShift on Bare Metal may sound like dark magic, but don’t get scared easily.
The need for an easy yet powerful network orchestration on K8s clusters is what drives the OpenShift Networking project. We work to give you a simple way to deploy your workload in the most complex network topologies you can imagine. Whatever your cloud provider forbids you from doing, you are more than welcome to try it with us.
In this session we will explain everything you need to understand how on-prem networking for OpenShift works. Loadbalancers, DNS servers, Network Manager, Node IP, single- and dual-stack – those are only some buzzwords to convince you to join this talk.
To make it more entertaining, we will be showing you where the boundaries between a cloud and an on-prem deployment dissolve, putting a question mark on some fundamental definitions.
Principal Software Engineer at Red Hat, where he is currently working at the OpenShift Bare Metal Networking team. He is creating solutions that enable distributed computing in environments where cloud providers are not enough, demands are tough and direct access to the hardware is... Read More →
This talk aims at covering the essentials of Open Virtual Network Kubernetes (OVN-K8s) plugin and how it is used in OpenShift. OVN-K8s is an open-source project that provides a robust networking solution for Kubernetes clusters with OVN and Open vSwitch at its core. The highlights of this talk will include: - The architecture and key concepts of OVN-K8s plugin - How Kubernetes resources map into OVN - Differences between OVN-K8 and its predecessor - New features supported by OVNK8s - Demo showing how all these components work under the hood
As OVN-K8s became the default certified Container Network Interface (CNI) solution for Openshift in release 4.12+, it is important to understand why this networking technology was chosen. Learning more about this can be of great value to an engineer, developer, operator or user in the OpenShift ecosystem. After attending this session, you will walk away with a good understanding of OVN-K8s, as well as how to troubleshoot issues related to this CNI.
Surya is an Open Source advocate and contributor, active in the Kubernetes SIG-Network working group. She is working as a Senior Software Engineer at Red Hat in the OpenShift Networking team. Her areas of interest include Cloud Infrastructure and Networked Services and Systems. She... Read More →
KubeVirt is a virtual machine management add-on for Kubernetes that allows you to run and manage VMs alongside container workloads.
KubeVirt VMs are Kubernetes objects defined by a declarative API, providing the vast set of capabilities of both QEMU and libvirt. This can easily overwhelm users - especially those intending to create VMs in the simplest possible way.
This talk will give insight into the latest development advances aiming to streamline the VM creation process. By introducing instance types and preferences, KubeVirt gains abstractions for resource sizing, performance and OS support, which allow users to focus on parameters relevant to their applications. To make them approachable, the command line tools of KubeVirt were extended to enable a user experience on a par with all major hyperscalers.
Attendees of this talk will learn about KubeVirt's new instance types and preferences, how they considerably improve the user experience and how they reduce maintenance effort.
Software Engineer in the OpenShift Virtualization team. Working on the kubevirt Tekton tasks, ssp-operator, VM templates, instancetypes, virtctl and containerdisks.
Red Hat's Continuous Kernel Integration (CKI) project provides CI-as-a-service for all internal kernel development. AWS spot instances are used to provide the computing power behind it.
Towards the end of 2022, the CKI project faced increasing issues with unstable infrastructure because of its use of spot instances. Requested spot instance types were either not available at all, or instances got terminated forcefully shortly after launch. This prompted an investigation into the underlying issues and ways to fix them.
This talk is going to tell the story of that investigation.
We will also discuss - the limits of the Elastic Cloud of a Hyperscaler - the various API calls to launch AWS spot instances - the best way to do it, and things to be aware of
Attending this talk will leave you with deeper understanding of spot instances. It should also convince you that reworking your code to use the newer API calls is totally worth the effort.
In the Kubernetes resource allocation model, abstract concepts like resource request and limits, container QoS, etc are used. These concepts are being converted under the hood to cgroup configs, which have their own resource management model and concepts like CPU shares, CFS quotas, etc.
In the context of Kubevirt, an add-on to Kubernetes to allow running cloud-native VMs, this information is crucial. One especially interesting challenge was to support a true CPU Pinning for VMs running on top of Kubernetes.
This talk will take you through a journey to support true dedicated CPUs for VMs. I hope that the audience will better understand Kubernetes and Cgroup resource allocation models and how they can be further utilized. In addition, I wish that the info presented here will improve the collaboration between different technologies in the ecosystem like Cgroups, KVM, libvirt, Kubevirt and k8s by raising awareness to how they interact together in different and interesting use-cases.
My name is Itamar Holder, born and raised in Haifa, Israel. I've studied CS at Technion, worked in Intel for 5 years, and now working for Red Hat for about 2 years. Passionate about software development that is practically valuable, software design and tools, and connecting the community... Read More →
The OpenShift Test Platform Team has underscored the importance of cost optimization for the multiple OpenShift clusters under their management in the year 2022. The purpose of this presentation is to outline strategies that can be utilized to reduce public cloud spending and improve monitoring. Additionally, the presentation will highlight forthcoming improvements, including the evaluation of the effects of multi-architecture enablement via heterogeneous clusters and Hypershift, as a means to further optimize costs. The insights presented in this talk may prove useful to teams and organizations seeking to optimize their OpenShift cluster deployments and enhance overall efficiency by reducing costs.
I am is a software engineer with 10 years of experience. I currently lead the Test Platform team in the OpenShift organization. We develop, maintain and operate CI/CD and development process automation tools and services for OpenShift.
I am a Senior Software Engineer at Redhat, currently contributing to the Test Platform Productivity Openshift team. In my role, I focus on developing and optimizing software systems to improve testing efficiency and effectiveness. Beyond my professional endeavors, I am also a musician... Read More →
Saturday June 17, 2023 12:30pm - 1:05pm CEST
D105 | Talks
Observability and automation are big topics for any service or app provider. To be able to deliver quality service, avoid disruption or even downtimes everyone is looking at mechanisms on how to proactively solve potential problems. Pro-active recommendations have become a popular tool to increase customer satisfaction, deflect some work from ever-busy support and SRE teams or perhaps make a sales pitch at the right time.
Not all products are born equal in their ability to make proactive recommendations. A public cloud provider’s job is in many respects easier than doing the same for, say, Red Hat OpenShift with its many deployment options, including many on-prem ones. In this session, we will peek under the hood of Red Hat Insights for OpenShift and discuss some of the technical challenges that we are facing when building a knowledge base of proactive recommendations.
Jan is a software engineer at Red Hat where he develops Insights Advisor recommendations for OpenShift Container Platform 4. Jan is passionate about delivering valuable recommendations to customers and making recommendation developers' life easier.
Saturday June 17, 2023 1:15pm - 1:50pm CEST
D105 | Talks
Performance and latency are always a central issue on cluster preparation, prior to starting deploying workloads. Telco operators need to manage many thousands of Radio Units (RU) that are connected to Distributed Units, which are connected to a number of compact or full clusters where Centralized Units (CUs) are running. These are connected with back haul to a typically large cluster where Core processing is running. Each of these clusters need to be managed and optimized. In this session, we will show the main points to consider when tuning performance on a Kubernetes cluster for the latency-sensitive 5G containerized workloads, and how we use and customize different Red Hat products to automatically deploy that tuning on a large scale, distributed fleet of clusters. - Deploying clusters on Edge and Far Edge using Red Hat ACM together with ZTP (Zero Touch Provisioning) - Single Node Openshift and the vDU profile - Special Telco Operators - PTP and SRIOV configuration
Computer Engineer from the Universidad Rey Juan Carlos. Currently working as Software Engineer at Red Hat, helping different clients in the process of certifying CNF with Red Hat Openshift. Previously, working as Researcher with more than 14 years of experience participating in... Read More →
Saturday June 17, 2023 2:00pm - 2:35pm CEST
D105 | Talks
Clusters and workloads life-cycle management, in the telco space, poses a new level of challenges. Telcos expect deploying large number of baremetal clusters with strict time requirements, as well as in an automated way.
Gitops Zero Touch Provisioning provides all these functionalities. We will show how we apply different tools and technologies: Red Hat Advanced Cluster Management, or Open Cluster Management, Baremetal/Ironic Operator, Assisted Installer and ArgoCD. We use these tools and methodologies in our partner’s real production environment, to manage their cloud and edge infrastructures.
Computer Engineer from the Universidad Rey Juan Carlos. Currently working as Software Engineer at Red Hat, helping different clients in the process of certifying CNF with Red Hat Openshift. Previously, working as Researcher with more than 14 years of experience participating in... Read More →
Are you tired of manually provisioning, configuring, and handling the lifecycle of your databases deployed in or off the Kubernetes cluster? What does it take to make a database operatable by Kubernetes?
This session illustrates how to use a Kubernetes Operator to automate the management of databases and how to use DevOps CI/CD pipelines to support automation. Making your database observable by Kubernetes is also a critical DevOps requirement concerning 21st-century architectures.
A Database Operator for Kubernetes helps developers, DBAs, DevOps, and GitOps teams reduce the time and complexity of deploying and managing Databases.
It allows you to manage database lifecycles and dynamically perform database operations such as provisioning, cloning, and more through Kubernetes, freeing users to focus more on their applications and less on the infrastructure. It also eliminates the human operator or administrator's dependency on such operations.
This talk will cover how OpenShift 4 does operating system updates and config management since the start, and a fundamental change we made in 4.12 to re-center things around directly bootable container images!
We’ll cover some of the early iterations of this idea, what worked and what didn’t. We’ll do a demo of a hotfix to the kernel and iptables packages. Then a lot of discussion about the future! There’s a lot of incoming work to better handle 3rd party content, we’re also looking at how Ansible can be used as part of container builds for example.
See https://docs.openshift.com/container-platform/4.12/post_installation_configuration/coreos-layering.html#coreos-layering for more!
Sinny loves working on Open Source projects and being involved with the community. At present she works on Machine Config Operator which does OS management on OpenShift 4. In the past, she has been also involved in various Open Source projects like Fedora CoreOS, Fedora, Fedora Atomic... Read More →
Saturday June 17, 2023 4:15pm - 4:50pm CEST
D105 | Talks
Serverless has been gaining popularity as a new way to program and deploy applications on clouds. Function as a service (FaaS) is an approach encompassed by serverless, extending the FaaS concept by avoiding server infrastructure management. In this context, functions rely on containers, and deploying new containers can cause several overheads to the platforms and the function's execution (cold start delays). Kubernetes-based platforms are used for serverless proposes, and K8S provides an ImageLocality mechanism to address it, but it relies on entire warm containers and not on layers. Therefore, we propose and implement on K8S two new scheduling policies.The first is a ContainerLayer-Aware policy that optimizes function’s placements by selecting machines with the biggest rate of container layers that can be shared. The second is a Multi-Objective policy for heterogeneous platforms that reduces at the same time the makespan and the data transferred by functions I/O and container layers.
PhD Candidate and Software Engineer, University Grenoble Alpes, Ryax Technologies
I'm a PhD Candidate and Software Engineer at Ryax Technologies. My PhD thesis is done in collaboration with LIG and University of Grenoble-Alpes. The subject of my thesis is upon serverless runtime for hybrid edge-cloud infrastructures. I'm a MSc in Informatics from University of... Read More →
Saturday June 17, 2023 5:00pm - 5:35pm CEST
D105 | Talks
Ansible Automation Platform 2.3 has the capability to function as a service on an OpenShift-based Platform as a Service (PaaS). This service can effortlessly adapt to zero-trust and disconnected environments and can be made available to various teams and departments within an organisation in under 10 minutes.
During this session, a Principal Consultant from Red Hat will guide the audience through the product architecture and explore the Kubernetes operator used in the product. Additionally, the speaker will explain Day 1 and Day 2 operations, including the automation of configuration processes such as LDAP, time zone, and external logging, as well as backup and upgrade protocols. The consultant will also share his insights and experiences working with Ansible Execution Environments, utilizing both Ansible-builder and the Private Automation Hub.
Sylvain Chen has deep expertise in OpenShift, Ansible, DevOps, and software development. Currently, he mostly consults in Switzerland. He has spoken at Red Hat Summits, Ansible Fest, and other technical conferences.
At SIX, the financial backbone of Switzerland, Philipp is driving automation to the next level in provisioning and managing global container infrastructures. He has a demonstrated history of working in the financial services industry and has in-depth knowledge of Red Hat OpenShift... Read More →
As a sysadmin/dev we may find ourselves many times as a detective looking for clues in how to resolve an issue. What are the best practices when troubleshooting an issue? What do I need to plan ahead before deploying an application? What kind of information is relevant in k8s cluster? In this talk, I mean to share all the do's and don't that I've learned during my 6 years of supporting customers using OpenShift, either being application issues or cluster issues.
Working almost 6 years as Support Engineers, it gets day by day more clear of the common patterns when customers are having issues in their clusters, and how they report these issues to us.
In this talk, Marcel and Roberto take a closer look at the open-source components used in managed cloud services, particularly those offered by Red Hat. Despite being based on open source, the plumbing and operational environment of cloud services are only sometimes transparent. Both act as moles within the company and reverse engineer the setup, using only publicly available information to uncover the processes and tooling used to manage a large fleet of OpenShift clusters. We will start with high-level architectural overviews and then delve into the depths of cloud-native tooling. Join this session to learn more about open source in managed services and how much it enables reuse and contribution.
Marcel Hild has 25+ years of experience in open source business and development. He co-founded a Linux consulting company, worked as a freelance developer, a Solution Architect for Red Hat, and core Developer for Cloudforms, a Hybrid Cloud Management tool. Now he researches the topic... Read More →
So you’re looking to run your Open Source Database on Kubernetes. What best practices should you follow and what pitfalls should you avoid ? In this presentation we will look at how to run stateful applications on Kubernetes overall as well as what is particularly important for databases - we will cover high availability, security, backups and disaster recovery. Finally we will show how these practices can be implemented with Percona Operators for MySQL, MongoDB, PostgreSQL - one of the leading solutions to run Open Source Databases on Kubernetes.
Tracking a request’s flow across different components in distributed systems is essential. With the rise of microservices, their importance has risen to critical levels. Some proprietary tools for tracking have been used already: Jaeger and Zipkin naturally come to mind.
Observability is built on three pillars: logging, metrics, and tracing. OpenTelemetry is a joint effort to bring an open standard to them. Jaeger and Zipkin joined the effort so that they are now OpenTelemetry compatible.
In this talk, I’ll describe the above in more detail and showcase a (simple) use case to demo how you could benefit from OpenTelemetry in your distributed architecture.
Developer Advocate with 15+ years experience consulting for many different customers, in a wide range of contexts (such as telecoms, banking, insurances, large retail and public sector). Usually working on Java/Java EE and Spring technologies, but with focused interests like Rich... Read More →
Sunday June 18, 2023 11:00am - 11:35am CEST
D105 | Talks
What is the point of a solid update procedure in OpenShift when it takes you to a buggy version? We want to protect your clusters, and we are getting better at that. The latest iteration of the protection is called Conditional Updates. We provide enough data to evaluate whether the cluster is affected by issues discovered in released versions of OpenShift. If it is, it will warn its administrator and provide more information about the exposure and the risk. The administrator can decide whether they care or want to wait for a version where the problem is fixed. This is an improvement from the previous state, where we would block everyone until the fix is available, including clusters that would be safe. In this talk, I will describe the inner workings of the OpenShift update and how the update recommendation data that drive OpenShift updates are curated, delivered, and evaluated.
As a member of the OpenShift Over-the-Air (OTA) Upgrades team, I am working on the OpenShift components related to upgrades - Cluster Version Operator, Cincinnati and related software.
Virtual data path acceleration (vDPA) is an approach to standardize the SR-IOV data plane using the virtio ring layout and decoupling the workloads from any vendor-specific NIC driver. This approach simplifying the certification of CNF/VNF workloads, addresses emerging hyperscale use cases involving offloading networking/storage to smartNICs and hardens the security compared to SRIOV for use cases such as confidential computing. In this talk, I'll give an overview of the vDPA integration work in Kubernetes/Openshift. In particular, I'll provide a view on the end-to-end solution, showing how the different components (kubernetes, Multus, OVN-k8s, SR-IOV network-operator and OVS/NIC with HW offload enabled) work together to provision a virtio/vDPA device on the pod primary interface. This is the first step and future work will include vDPA on secondary interfaces for kubevirt/kata containers applications, vDPA in user space (VDUSE) and SubFunction management to achieve full scalability.
MAC duplication in a LAN is an ancient problem which engineers struggled to solve ever since the uprise of the star network topology. In the traditional virtualization domain, the classic solution is to use a MAC pool and assure the assignment of unique MACs per each vNIC.
However, when we delve into Kubernetes [1] and the cloud domain, this classic approach encounters challenges which complicate and degrade regular workloads.
This session will study kubemacpool [2], a traditional MAC pool manager used for KubeVirt [3]. Afterwards we will compare it with a new reactive approach in which we do not try to avoid collisions, but to react when they are discovered. Attendees will get to know the existing solution cons and possible solutions.
Edward Haas is a software engineer in the CNV and RHV groups @RedHat, specializing in the network domain. Previously engaged in the development of networking solutions that aimed to accelerate and optimize network traffic, utilizing tools like DPDK. A believer in clean code and an... Read More →
Have you ever tried to create a cluster using Openshift's Multicluster engine? It can be a good experience, if you have administrator permissions. But what about developers with limited permissions? So far, there hasn’t been a good solution. In this session, we will introduce the new Cluster as a Service operator, which is designed to address this problem. Powered by ArgoCD, Cluster as a Service enables administrators to define cluster templates, and developers with limited permissions to easily create clusters from these templates. The templates are very flexible, providing developers with a complete environment that includes everything they need, from IDPs and databases to web servers or networking setup. This allows developers to focus solely on their code, without worrying about configuring and setting up the necessary infrastructure. Demo included!
