KubeCon + CloudNativeCon Europe 2026#

Tuesday, March 24, 2026

Total Sessions: 179

Badge Pick-Up #

Time: 7:30am CET - 6:15pm CET

Venue: Entrance C, Amsterdam, Netherlands

Type: REGISTRATION

Badge Pick-Up #

Time: 7:30am CET - 6:15pm CET

Venue: Entrance K, Amsterdam, Netherlands

Type: REGISTRATION

Cloakroom #

Time: 7:30am CET - 7:30pm CET

Venue: Entrance C, Amsterdam, Netherlands

Type: REGISTRATION

Cloakroom #

Time: 7:30am CET - 7:30pm CET

Venue: Entrance K, Amsterdam, Netherlands

Type: REGISTRATION

Keynote: Welcome + Opening Remarks - Jonathan Bryce, Executive Director, Cloud and Infrastructure, Linux Foundation & Chris Aniszczyk, CTO, Cloud and Infrastructure, Linux Foundation #

Time: 9:00am CET - 9:35am CET

Speakers: Jonathan Bryce, Executive Director, Cloud and Infrastructure, Linux Foundation & Chris Aniszczyk, CTO, Cloud and Infrastructure, Linux Foundation

Venue: Hall 12, Amsterdam, Netherlands

Type: KEYNOTE SESSIONS

Keynote: Rules of the Road for Shared GPUs: AI Inference Scheduling at Wayve - Mukund Muralikrishnan, Staff Engineer, Wayve #

Time: 9:37am CET - 9:40am CET

Speakers: Mukund Muralikrishnan, Staff Engineer, Wayve

Venue: Hall 12, Amsterdam, Netherlands

Type: KEYNOTE SESSIONS

Description: As AI inference workloads grow in both scale and diversity, predictable access to GPUs becomes as important as raw throughput, especially in large, multi-tenant Kubernetes clusters. At Wayve, Kubernetes underpins a wide range of inference workloads, from latency-sensitive evaluation and validation to large-scale synthetic data generation supporting the development of an end-to-end self-driving system. These workloads run side by side, have very different priorities, and all compete for the same GPU capacity.

In this keynote, we will share how we manage scheduling and resources for multi-tenant AI inference on Kubernetes. We will explain why default Kubernetes scheduling falls short, and how we use Kueue, a Kubernetes-native queueing and admission control solution, to operate shared GPU clusters reliably at scale. This approach gives teams predictable GPU allocations, improves cluster utilisation, and reduces operational noise. We will close by briefly showing how frameworks like Ray fit into this model as Wayve scales its AI Driver platform.

Keynote: The Future of AI is Community-Driven and OPEN - Erin A. Boyd, Senior Director, NVIDIA #

Time: 9:49am CET - 9:54am CET

Speakers: Erin A. Boyd, Senior Director, NVIDIA

Venue: Hall 12, Amsterdam, Netherlands

Type: KEYNOTE SESSIONS

Keynote: From Inference to Agents: Where Open Source AI Is Headed - Jonathan Bryce, CNCF; Brian Stevens, Red Hat; Mark Collier, PyTorch Foundation; Lin Sun, Solo.io #

Time: 9:56am CET - 10:01am CET

Speakers: Jonathan Bryce, CNCF; Brian Stevens, Red Hat; Mark Collier, PyTorch Foundation; Lin Sun, Solo.io

Venue: Hall 12, Amsterdam, Netherlands

Type: KEYNOTE SESSIONS

Description: As AI systems move from training to real-world deployment, two forces are rapidly reshaping the landscape: the explosive growth of AI inference and the emergence of agentic AI. In this fireside chat, we’ll explore how the rapidly expanding inference market is driving new infrastructure needs, why the broader AI ecosystem will likely span multiple open source foundations rather than consolidating in one place, and the rise of agentic systems and what their autonomy, orchestration, and runtime requirements mean for the next generation of open source collaboration.

Keynote: The Future of Cloud Native Is… Agentic - Lin Sun, Head of Open Source, Solo.io #

Time: 10:03am CET - 10:18am CET

Speakers: Lin Sun, Head of Open Source, Solo.io

Venue: Hall 12, Amsterdam, Netherlands

Type: KEYNOTE SESSIONS

Description: Kubernetes and cloud native are powerful, yet often complex. Users spend too much time reading documentation just to deploy, debug, or operate systems, or to configure networking and security. As “vibe coding” reshapes how we write software, the future of cloud native is agentic. By composing AI agents and MCP servers, we can move users from manual configuration to intent-driven, natural-language operations.

Through live demos, from flying a drone to analyzing audience engagement, we’ll explore how AI agents and MCP servers can make cloud native more intuitive, approachable, and human-centered.

Keynote: Orchestrating Document Data Extraction with Dapr Agents - Fabian Steinbach, Software Architect, ZEISS #

Time: 10:20am CET - 10:23am CET

Speakers: Fabian Steinbach, Software Architect, ZEISS

Venue: Hall 12, Amsterdam, Netherlands

Type: KEYNOTE SESSIONS

Description: Extracting structured data from highly variable, multi-lingual documents with different layouts and handwriting is a complex challenge. At ZEISS Vision Care, we needed a reliable way to process these documents without sacrificing performance or accuracy. We solved this by building resilient data extraction processes using Dapr Agents. Adopting a vendor-neutral, cloud-native framework allowed us to build highly deterministic workflows that seamlessly blend specialized OCR, general LLM calls, and standard code. This architecture ensures reliable execution while giving us the flexibility to swap AI providers and go from concept to production in just two months.

Keynote: Riding the Waves: Around the World in an Electric Glider - Powered by Nature, Data, and Open Science - Ricardo Rocha, Lead Platforms Infrastructure, CERN & Klaus Ohlmann, Founder, Mountain-Wave-Project #

Time: 10:32am CET - 10:42am CET

Speakers: Powered by Nature, Data, and Open Science - Ricardo Rocha, Lead Platforms Infrastructure, CERN & Klaus Ohlmann, Founder, Mountain-Wave-Project

Venue: Hall 12, Amsterdam, Netherlands

Type: KEYNOTE SESSIONS

Description: What happens when sustainable aviation meets cloud-native technology? In this session Klaus and Ricardo take you on an extraordinary journey around the world in an electric glider - an aircraft powered by renewable energy and the invisible forces of nature. Riding mountain waves and jet streams across continents, this mission blends human exploration with science, cutting-edge technology and open data.

In partnership with CERN, the glider has been transformed into a flying scientific laboratory - equipped with sensors measuring atmospheric conditions, radiation levels, and even cosmic rays. The data is streamed live through a Kubernetes-based telemetry and visualization pipeline, turning every flight into a real-time experiment at the intersection of physics, climate science, and AI.

Join us to discover how open infrastructure, edge computing, and sustainable energy can enable the next generation of exploration - one that looks to the sky not for fuel, but for inspiration.

Keynote: Closing Remarks #

Time: 10:44am CET - 10:45am CET

Venue: Hall 12, Amsterdam, Netherlands

Type: KEYNOTE SESSIONS

Coffee Break ☕#

Time: 10:45am CET - 11:15am CET

Venue: Hall 1-5 | Solutions Showcase, Amsterdam, Netherlands

Type: BREAKS

Solutions Showcase #

Time: 10:45am CET - 7:00pm CET

Venue: Hall 1-5 | Solutions Showcase, Amsterdam, Netherlands

Type: SOLUTIONS SHOWCASE

Description: In order to facilitate networking and business relationships at the event, you may choose to visit a third party’s booth or access sponsored content. You are never required to visit third party booths or to access sponsored content. When visiting a booth or participating in sponsored activities, the third party will receive some of your registration data. This data includes your first name, last name, title, company, address, email, standard demographics questions (i.e. job function, industry), and details about the sponsored content or resources you interacted with. If you choose to interact with a booth or access sponsored content, you are explicitly consenting to receipt and use of such data by the third-party recipients, which will be subject to their own privacy policies.

Time: 10:50am CET - 11:00am CET

Venue: Hall 1-5 | Solutions Showcase, Amsterdam, Netherlands

Type: SOLUTIONS SHOWCASE

Description: Sponsor: Groundcover Booth Number: 501 Sponsor: Lightrun Booth Number: 240 Sponsor: Minimus Demo: Imagine a CVE-free day: The promise of hardened images Booth Number: 940 Sponsor: Nebius Demo: Soperator Live: Production AI Without the Pain Booth Number: 260 Sponsor: NetBird Booth Number: 951 In order to facilitate networking and business relationships at the event, you may choose to visit a third party’s booth or access sponsored content. You are never required to visit third party booths or to access sponsored content. When visiting a booth or participating in sponsored activities, the third party will receive some of your registration data. This data includes your first name, last name, title, company, address, email, standard demographics questions (i.e. job function, industry), and details about the sponsored content or resources you interacted with. If you choose to interact with a booth or access sponsored content, you are explicitly consenting to receipt and use of such data by the third-party recipients, which will be subject to their own privacy policies.

Project Pavilion Tour wtih Atulpriya Sharma, CNCF Ambassador #

Time: 10:55am CET - 11:15am CET

Venue: Hall 1-5 | Gouda Zone | Project Pavilion, Amsterdam, Netherlands

Type: PROJECT OPPORTUNITIES

Description: Explore the Project Pavilion, a hub of innovation and discovery! Take part in daily tours, interact with project maintainers at their kiosks, gain insights on community engagement and KCD event organization, and learn more about certification opportunities to showcase your expertise.This tour will include an introduction to the Pavilion, making introductions, interacting with maintainers, and ensuring you end up talking to the right projects!

Cloud Native Theater | Cloud Native University: Cloud Native vs. Platform Native vs. Cloud Agnostic - Ruckus Voxi, Akamai #

Time: 11:00am CET - 11:15am CET

Speakers: Ruckus Voxi, Akamai

Venue: Hall 1-5 | Tram Zone | Cloud Native Theater, Amsterdam, Netherlands

Type: SOLUTIONS SHOWCASE

Description: What do devops, twelve-factor app, containerization, orchestration, and cloud computing all have in common? They make the DNA of what we know today as cloud native! Encapsulated is the democratization of open source tooling and techniques that provide the necessary layers of abstraction. This would suggest that portability and vendor neutrality is inherent, but in practice, it many times is not. Let’s take a moment to dissect some opinionated differences in what abstractions should be prioritized for a truly cloud-native architecture.

Learning Lounge: AI Runs on Open Source and Real Humans: Why You Need Linux and Cloud Native Skills to Power AI at Scale - Christophe Sauthier, CNCF #

Time: 11:00am CET - 11:15am CET

Speakers: Christophe Sauthier, CNCF

Venue: Hall 1-5 | Bridge Zone | Learning Lounge, Amsterdam, Netherlands

Type: SOLUTIONS SHOWCASE

Description: 10-Minute Tip Talk

Merge + Meet: Kickoff Meeting for Underrepresented Groups and Allies #

Time: 11:00am CET - 12:00pm CET

Venue: G104 - 105 | Community Hub, Amsterdam, Netherlands

Type: INCLUSION + ACCESSIBILITY

Description: Don’t wait until the last day to find your people. Join the Merge Forward team—whether you’re in one of our seven community groups (Women in Cloud Native, Neurodiversity, Friends of Dorothy, and more) or an ally. Meet peers , swap contact info, and head to your favorite sessions with your new crew.

In a world that runs remote and distributed, the connections that stick are the ones you make in person. This kickoff is the place to introduce yourself, connect with peers, and build a small circle so your conference experience is stronger, more supportive, and more impactful from day one.

Learn more about Merge Forward at https://community.cncf.io/merge-forward

1000 Services, 1 Year, 0 Downtime: Airbnb’s Zonal Cluster Migration - Sunny Beatteay, Airbnb #

Time: 11:15am CET - 11:45am CET

Speakers: Sunny Beatteay, Airbnb

Venue: Hall 8 | Room D, Amsterdam, Netherlands

Type: OPERATIONS + PERFORMANCE

Description: Infrastructure migrations are an inevitable part of growth but carry tremendous risk if not executed well. These were the challenges Airbnb faced during its 2023–2025 move to zonal clusters.

In 2023, Airbnb’s Cloud Infrastructure team undertook its largest migration to date—moving more than 1,000 production services from regional Kubernetes clusters to zonal clusters in under a year, with zero user-visible downtime.

In this case study, Sunny Beatteay shares how a five-person team operationalized this migration across thousands of workloads and a 3,000-engineer organization. The talk explores the technical and organizational strategies behind the effort, including how rollout automation, capacity planning, and cross-company coordination enabled its success. Attendees will learn practical patterns for de-risking large infrastructure initiatives and orchestrating change across hundreds of service owners without disrupting production.

API-Driven Infrastructure as Code: Kubernetes APIs as the Contract Bridge Between Teams - Florian Hopfensperger, Allianz Technology & Yury Tsarev, Upbound #

Time: 11:15am CET - 11:45am CET

Speakers: Florian Hopfensperger, Allianz Technology & Yury Tsarev, Upbound

Venue: Hall 7 | Room C, Amsterdam, Netherlands

Type: PLATFORM ENGINEERING

Description: Building on our previous KubeCon talk about Allianz Technology's infrastructure-as-code platform powered by 1,000+ Kubernetes control planes, this session explores how development teams effectively consume APIs from infrastructure teams. We'll demonstrate the practical implementation of API contracts that establish clear boundaries and expectations between providers and consumers. The presentation will showcase how infrastructure teams at Allianz expose capabilities through structured interfaces, enabling development teams to build their own services while maintaining autonomy. We'll address real-world challenges we faced with service boundaries, team ownership models, and documentation in our large-scale Kubernetes environment, and how we solved these through well-defined API contracts. Attendees will gain insights into concrete patterns and tools for establishing, testing, and evolving cross-team dependencies in cloud-native environments.

Accelerating Thanos at Scale: Faster and Cheaper Queries With Parquet - Giedrius Statkevičius, Vinted #

Time: 11:15am CET - 11:45am CET

Speakers: Giedrius Statkevičius, Vinted

Venue: E103-105, Amsterdam, Netherlands

Type: MAINTAINER TRACK

Description: Large PromQL queries over months of data can easily take tens of seconds in huge scale Thanos deployments. We’ll see how a Parquet-backed storage path can cut some of these query times by up to 10x while also improving compression. I’ll start with a quick recap of Thanos’ architecture and its existing block storage format, then introduce Parquet as a columnar format and explain why its layout, encodings, and predicate pushdown are a good match for metrics workloads. We’ll walk through how the Thanos project — in collaboration with the Prometheus and Cortex communities — is adding Parquet support, what this looks like operationally, and how to migrate or test it in your own environment. Using real-life data, I’ll compare query latency, CPU, and storage usage. Finally, I’ll outline the roadmap and how you can get involved in shaping the future of Parquet in Thanos. After this session, you’ll understand everything you need to know about Parquet and how to start your own Parquet journey!

From NLB Sprawl To Mesh Efficiency: How Skyscanner Handles 60M Requests Per Minute With Istio - John Clark, Skyscanner & Steven Thwaites, Solo.io #

Time: 11:15am CET - 11:45am CET

Speakers: John Clark, Skyscanner & Steven Thwaites, Solo.io

Venue: Hall 7 | Room B, Amsterdam, Netherlands

Type: CONNECTIVITY

Description: At Skyscanner scale, every architecture choice carries cost and ops impact. Running dozens of Kubernetes clusters and >60M req/min, we were stuck with costly, complex east-west NLBs. This talk shows how we rebuilt our network to save millions on AWS while preserving resilience and compliance, and how we balanced cost, performance, and auditability.
What we changed: removed east-west NLBs in favor of pod-to-pod multicluster for east-west traffic; added gateways for controlled ingress/egress while using Spot instances; deployed Istio Ambient Mesh for zero-trust without sidecars; and built OpenTelemetry-based observability.

You’ll leave with migration patterns, cost-modeling tips, and ops lessons for teams running Kubernetes at scale.

Challenges & risks:
NLB sprawl and the associated
Implementing Istio Multiclsuter
Operational drag
Sidecar overhead
Coordinated rollout across many clusters
Maintaining peak-time performance while shifting traffic

Gateway API: Bridging the Gap from Ingress to the Future - Nick Young & James Strong, Isovalent at Cisco; Katarzyna Łach & Rostislav Bobrovsky, Google; Norwin Schnyder, Airlock #

Time: 11:15am CET - 11:45am CET

Speakers: Nick Young & James Strong, Isovalent at Cisco; Katarzyna Łach & Rostislav Bobrovsky, Google; Norwin Schnyder, Airlock

Venue: Amtrium 1+2, Amsterdam, Netherlands

Type: MAINTAINER TRACK

Description: Gateway API continues to mature into a core part of the toolkit for Cloud Native networking. But, since the last Gateway API update, some big changes have happened. This session goes through some of the recent improvements that have happened in Gateway API in the last six months, along with laying out some of the upcoming features.

In particular, with the archival of ingress-nginx coming up, many more Ingress users have been looking at Gateway API, and the community has been hard at work trying to smooth out friction points for those users, especially with helping with migration (using the ingress2gateway tool), improving integrations with tools like cert-manager and external-dns, and making improvements to TLS handling.

In particular, the new ListenerSet resource moving to Standard is intended to help Ingress users have an experience more like what they are used to, while keeping some of the enhanced security features that Gateway API brings.

Least-Privilege for AI: Authorizing Agents and MCP Tools with Agentgateway and Kyverno - Luc Chmielowski, Nirmata & Nina Polshakova, Solo.io #

Time: 11:15am CET - 11:45am CET

Speakers: Luc Chmielowski, Nirmata & Nina Polshakova, Solo.io

Venue: Hall 8 | Room F, Amsterdam, Netherlands

Type: AI + ML

Description: As AI agents evolve from experiments to autonomous actors in complex systems, they strain traditional authorization models. How can we empower them while enforcing least privilege and governance?

This session introduces agentgateway, a dataplane powered by kgateway that supports the Model Context Protocol (MCP) and integrates with CNCF policy engines like Kyverno. Nina and Luc — maintainers of agentgateway and Kyverno — show how Kyverno policies evaluate MCP traffic to prevent uncontrolled tool access and privilege escalation, ensure namespace and tenant isolation, and tie every Kubernetes action to real user identities. Using Kubernetes, OIDC lookups, RBAC, and business-specific policies, it delivers least-privilege control, auditable access, and compliance visibility.

With agentgateway and Kyverno, Platform and Security teams can prove continuous compliance for AI workloads and securely scale AI agents with Kubernetes-native policies and cloud-native best practices.

No Pain No Drain: Lessons From Node Drains at Scale - Ryan Hallisey & Natalie Bandel, NVIDIA #

Time: 11:15am CET - 11:45am CET

Speakers: Ryan Hallisey & Natalie Bandel, NVIDIA

Venue: Forum, Amsterdam, Netherlands

Type: PLATFORM ENGINEERING

Description: Draining nodes at scale is painful: workloads often can’t tolerate interruption and doing a naive $ kubectl drain can waste compute or cause downtime. In this session, we share lessons from large-scale operations at NVIDIA and our workload-aware approach to automated, safe node drain across Kubernetes clusters. We’ll show how our drain algorithm selects the right nodes based on workload distribution, GPU utilization, and cluster capacity, while coordinating planned and unplanned maintenance to avoid overlap. Attendees will learn how to detect and recover from stuck or incomplete drains, ensuring safety, visibility, and repeatable day-2 operations. Whether you run cloud or on-prem GPU workloads, you’ll leave with practical patterns and tooling insights that reduce risk, maximize utilization, and help Platform engineers manage GPU node maintenance reliably at scale.

SIG Contributor Experience: Guiding Contributors Through the Project - Nabarun Pal, Broadcom; Priyanka Saggu, SUSE; Arpit Agrawal, Kubernetes; Mario Fahlandt, Kubermatic #

Time: 11:15am CET - 11:45am CET

Speakers: Nabarun Pal, Broadcom; Priyanka Saggu, SUSE; Arpit Agrawal, Kubernetes; Mario Fahlandt, Kubermatic

Venue: G102-103, Amsterdam, Netherlands

Type: MAINTAINER TRACK

Description: Kubernetes is supported by a wide contributor community, and the structures that guide the community can be hard to understand at first. SIG Contributor Experience helps connect those pieces through sub-projects focused on communication, workflow, and governance. The panel walks through efforts in automation, mentoring, elections, governance, communications, and events, showing what each area does and how it shapes contributor life. The discussion highlights moments many contributors know: the difference between “I made my first PR!” and “I feel like I belong here.” ContribEx wants to help contributors not just get started but also feel more comfortable participating in the project so they stay engaged over time. The panel shows how sub-projects support contributors at these moments, providing guidance, responding to questions, and addressing challenges, giving a clearer sense of how ContribEx adapts as the project grows and where contributors can participate meaningfully.

Unifying Inner & Outer Loops To Bridge the Gaps Between Devs & Ops With Microcks + Score - Laurent Broudoux, Microcks & Mathieu Benoit, Docker #

Time: 11:15am CET - 11:45am CET

Speakers: Laurent Broudoux, Microcks & Mathieu Benoit, Docker

Venue: Hall 8 | Room E, Amsterdam, Netherlands

Type: APPLICATION DEVELOPMENT

Description: Tired of “it works on my machine” moments? This session shows how to bridge the inner and outer development loops using Microcks and Score. We’ll start locally, where Score generates docker-compose files and Microcks provides realistic mocks for fast, contract-driven dev. Then we’ll scale up, using the same Score specs to create Kubernetes manifests, keeping environments in sync. Need to simulate missing or external 3rd-party services? Microcks handles that too in any environment. See how this setup reduces friction, catches integration issues early, and saves time. Bonus: a live demo with a real-world use case (Finos/TraderX). If you're building cloud native apps, don’t miss this!

Vitess: More Data, No Problems - Matt Lord & Rohit Nayak, PlanetScale #

Time: 11:15am CET - 11:45am CET

Speakers: Matt Lord & Rohit Nayak, PlanetScale

Venue: F002-005, Amsterdam, Netherlands

Type: MAINTAINER TRACK

Description: You may have already bumped up against cases where operating at your current scale prove challenging: schema changes, upgrades, failovers, performance, backups, data migrations, and more.

Vitess has allowed some of the biggest tech companies on the planet to operate massive data storage layers. It provides the automation, the tooling, and the feature set necessary to operate at virtually unlimited scale. And its cloud native, automated, self-healing nature allows you to achieve this with a small team of engineers!

In this talk we will cover some of the key aspects of Vitess that allow you to confidently and successfully meet your current and future database operation needs as your organization grows and your data expands along with it.

We Deleted Our Observability Stack and Rebuilt It With OTEL: 12 Engineers to 4 at 20K+ Clusters - Yash Sharma & Kunju Perath, DigitalOcean #

Time: 11:15am CET - 11:45am CET

Speakers: Yash Sharma & Kunju Perath, DigitalOcean

Venue: Hall 8 | Room G, Amsterdam, Netherlands

Type: OBSERVABILITY

Description: In 2021, DigitalOcean's internal observability hit a breaking point at 5,000 clusters. We were losing critical audit logs. Metrics scraping was failing under sheer volume. Our team faced a choice: stop growing or fundamentally re-architect.

We chose re-architecture. A year later, we're seamlessly managing 20,000+ production clusters, processing 460+TB with zero log loss and complete metrics coverage. How? By rebuilding our observability stack with OTEL standards, building custom lightweight collectors, and leveraging Kubernetes-native patterns that scale automatically.

You’ll learn:

How we leveraged the upstream OTEL Operator to manage OTEL deployments across 20K+ clusters
What we got WRONG: First iteration of OTEL blasted our storage with 250M+ log files (we'll show the mistakes so you don't repeat them)
Operational efficiency: 4 engineers managing 20K+ clusters' observability (previously 12+ engineers struggling at 5K)

What Survived Production: Operating Game Backends at Million-Player Scale - Berkay Uckac, Futureplay Games #

Time: 11:15am CET - 11:45am CET

Speakers: Berkay Uckac, Futureplay Games

Venue: Hall 7 | Room A, Amsterdam, Netherlands

Type: CLOUD NATIVE EXPERIENCE

Description: “Keep it lean, keep it minimal.” That was our motto launching cloud native game servers in 2023. Two years later, three engineers operate a platform serving millions of players. This talk shares what survived production, what failed fast, what stayed simple and what proved essential in keeping a live game online at scale. Join me to explore pragmatic, production tested strategies for running resilient, cost-efficient systems with small teams and designing for simplicity without sacrificing reliability.

When DNS Blinks: Scaling and Hardening CoreDNS in Critical Cloud Infrastructure - Yong Tang, Ivanti & John Belamaric, Google #

Time: 11:15am CET - 11:45am CET

Speakers: Yong Tang, Ivanti & John Belamaric, Google

Venue: E106-108, Amsterdam, Netherlands

Type: MAINTAINER TRACK

Description: Recent DNS disruptions at major cloud providers highlight how sensitive DNS is as a foundational dependency for modern internet and Kubernetes platforms. Even brief degradation can cascade into widespread application failures, reinforcing the need to treat DNS itself as a critical infrastructure. In this session, we’ll examine how CoreDNS is evolving to meet these demands in large-scale, critical cloud environments. We’ll introduce new CoreDNS plugins that improve multi-core scalability and reduce contention under high query load, and share lessons from operating CoreDNS under stress, including tuning practices, deployment patterns, and ways to limit blast radius during failures. We’ll discuss DNS security risks amplified at scale—from spoofing and cache abuse to amplification attacks—review recently fixed CoreDNS vulnerabilities, and highlight hardening strategies. We’ll close with a brief look at recent ecosystem changes and the CoreDNS roadmap.

When an Agent Acts on Your Behalf, Who Holds the Keys? - Mariusz Sabath & Maia Iyer, IBM Research #

Time: 11:15am CET - 11:45am CET

Speakers: Mariusz Sabath & Maia Iyer, IBM Research

Venue: Auditorium, Amsterdam, Netherlands

Type: AI + ML

Description: When you prompt an agent to commit code or trigger a workload, who is truly acting? In enterprise environments, ambiguity creates a critical security vulnerability that makes fine-grained authorization and audit impossible. Traditional static API keys simply can’t capture the full context behind an action. In this session, we will present an architecture that cryptographically binds agent identity with delegated user identity. We will demonstrate how SPIRE’s workload attestation can be extended to create a verifiable agent identity, and how Keycloak, acting as an OAuth 2.0 server, manages delegated user identity while preserving context across long, nested transactions. Finally, we’ll introduce an open-source MCP Gateway that enforces policy and audit controls at a single, trusted point between agents and tools. Attendees will leave with a clear understanding of how to build agentic systems where every action is traceable to both the code that execute it and the user who approved it.

📚 Tutorial: 5 Stages of Kubernetes - Rick Rackow, STACKIT #

Time: 11:15am CET - 12:30pm CET

Speakers: Rick Rackow, STACKIT

Venue: Elicium 1, Amsterdam, Netherlands

Type: 📚 TUTORIALS

Description: Kubernetes by now comes in various shapes and forms but can ultimately be boiled down to 5 different models: * Managed Kubernetes (SKE, GKE, AKS, etc.) * Self Installed Single Cluster * Multi-Cluster * Federated Kubernetes (Karmada) * Kubernetes as Resource (Hosted Controlplanes) Each of those models come with distinct advantages and disadvantages, as well as differences in the operational model and use case. This talk deep dives into each mode, explains advantages and disadvantages in general and showcases one example for each mode with a demo. Additionally, since this is a tutorial style talk, specific spotlight will be put on the so called “day 2 operations” like * Observability *Metrics *Logs *Traces * Upgrades * Disaster Recovery * Scaling

🚨 Contribfest: Get Started Contributing To bootc - Joseph Marrero Corchado, Laura Santamaria, Preethi Thomas, Alice Frosi & Colin Walters, Red Hat #

Time: 11:15am CET - 12:30pm CET

Speakers: Joseph Marrero Corchado, Laura Santamaria, Preethi Thomas, Alice Frosi & Colin Walters, Red Hat

Venue: G107, Amsterdam, Netherlands

Type: 🚨 CONTRIBFEST

Description: Want to explore how bootable containers work? Come contribute to bootc, a CNCF Sandbox project! Join us for a hands-on workshop to start contributing to tooling that powers image-based Linux systems across cloud, desktops, edge, and automotive. Along with exploring the architecture, we’ll help you set up a full development environment on your workstation, including the bootc virtualization toolkit. You’ll build bootc from source, run tests, validate changes in a VM, and debug common issues. We will also help folks learn Rust and container technologies! In the end, you’ll submit your first pull requests for either a feature or bug that interests you or good first issues for new contributors. This workshop is designed to help new developers gain confidence with the project. No prior experience with bootc is required. Bring your Linux laptop (or dev environment) and get ready to build, run, and contribute to bootc for the first time!

🚨 Contribfest: Improving Submariner in Support of Privacy-preserving Federated Statistics Research on Kubernetes - Stephen Kitt, Red Hat & Julien D., Lausanne University Hospital #

Time: 11:15am CET - 12:30pm CET

Speakers: Stephen Kitt, Red Hat & Julien D., Lausanne University Hospital

Venue: G106, Amsterdam, Netherlands

Type: 🚨 CONTRIBFEST

Description: We’ll explore the Submariner project, its use by the Medical Informatics Platform at Lausanne University Hospital (Switzerland) and ATHENA (Greece), and ideas for improvements resulting from this experience. MIP uses Submariner, deployed using GitOps through ArgoCD, to connect a federated infrastructure involving isolated, remote hospital VMs. We’ll explain this choice, the challenges in the implementation, current limitations, and future improvements to be worked on, with three main ideas: * integration of the current Helm chart with Argo, * adapting Submariner’s broker/peer cluster model to a setup with remote single-node mini-clusters that aren’t peers, * coping with Submariner’s reliance on nftables/iptables in a Cilium environment. In the final part, we will conclude and explain how to contribute to Submariner by presenting the different projects within it. And perhaps... a contribution demo with the testing stack! The MIP is an EBRAINS-supported open source research project.

Cloud Native Theater | Cloud Native University: Kubernetes and the Answer is… 42! - Jan Stomphorst, ACC ICT #

Time: 11:18am CET - 11:42am CET

Speakers: Jan Stomphorst, ACC ICT

Venue: Hall 1-5 | Tram Zone | Cloud Native Theater, Amsterdam, Netherlands

Type: SOLUTIONS SHOWCASE

Description: The ultimate checklist for deploying your app without regrets.

You built the app. You wrote the Dockerfile. You pushed to your CI/CD pipeline.

But... is it really ready for Kubernetes?

This talk hands you the one thing every team needs but rarely has:
a no-fluff, field-tested, brutally honest checklist of 42 points to verify before you deploy. This is an interactive session from beginner to expert.

You’ll learn:

How to avoid the most common mistakes in Kubernetes deployments
What actually matters in production — and what doesn’t
How to think like a platform engineer, even if you're a developer
Why checklists save you from 3 AM incidents
Interactive, opinionated, and painfully relatable.
This is not another Kubernetes 101 — this is the list you wish you had a year ago.

Don’t panic. Just check it.

🚩 An Introduction to Capture The Flag - Fabian Kammel & John Kjell, ControlPlane #

Time: 11:30am CET - 1:30pm CET

Speakers: Fabian Kammel & John Kjell, ControlPlane

Venue: Hall 1-5 | Gouda Zone | Project Pavilion, Amsterdam, Netherlands

Type: PROJECT OPPORTUNITIES

Description: An Introduction to Capture The Flag

The Cloud Native Capture The Flag (CTF) is available to all KubeCon + CloudNativeCon attendees. In preparation for playing the game, you are invited to attend an introductory session.This session introduces CTF competitions for newcomers: any experience level is welcome. We will share tips and tricks for completing these challenges and work through a practice scenario together. You can play solo or with a friend!
Learn more about how to participate in Capture The Flag here.

Cloud Native Theater | Cloud Native University: Kubernetes: The API of Everything - Tibo Beijen, DPG Media Nederland #

Time: 11:45am CET - 11:50am CET

Speakers: Tibo Beijen, DPG Media Nederland

Venue: Hall 1-5 | Tram Zone | Cloud Native Theater, Amsterdam, Netherlands

Type: SOLUTIONS SHOWCASE

Description: The CNCF Landscape looks complex, but much of that complexity follows a surprisingly consistent pattern.

In this lightning talk, we zoom in on the one concept that quietly ties many CNCF projects together: the API. Seeing the ecosystem through this lens helps explain how components integrate, how behavior is extended, and how automation becomes possible.

The goal is to leave you with a simpler, more coherent way to reason about the moving parts of the cloud native world.

Cloud Native Theater | Cloud Native University: A Simple and Practical Guide to Observability in Kubernetes - Diana Todea, VictoriaMetrics #

Time: 11:53am CET - 12:08pm CET

Speakers: Diana Todea, VictoriaMetrics

Venue: Hall 1-5 | Tram Zone | Cloud Native Theater, Amsterdam, Netherlands

Type: SOLUTIONS SHOWCASE

Description: Kubernetes is the standard platform for running containerized applications, but understanding what is happening inside a cluster can be difficult for newcomers. Metrics and logs are essential for answering basic operational questions such as whether an application is healthy, why it is slow, or what caused a failure, yet Kubernetes observability often feels complex and inconsistent due to the variety of tools and data formats involved.
This session introduces the fundamentals of observability in Kubernetes with a focus on metrics and logs. It explains where these signals come from, how they are typically collected, and the common challenges beginners face, such as inconsistent labels, duplicated data, and difficulty building useful dashboards and alerts. The talk presents the idea of a simple and practical observability baseline for Kubernetes, emphasizing a minimal set of meaningful metrics, consistent labeling and a clear data flow to storage and visualization systems.

5000 Kubernetes Clusters, 5 Minutes: Walmart’s Secret to Rapid Edge Deployments with Argo - Yug Gupta, Walmart Global Tech #

Time: 12:00pm CET - 12:30pm CET

Speakers: Yug Gupta, Walmart Global Tech

Venue: Hall 8 | Room G, Amsterdam, Netherlands

Type: OPERATIONS + PERFORMANCE

Description: Imagine deploying applications across 5,000+ Kubernetes edge clusters in under 5 minutes, despite severe internet bandwidth constraints. In this case study, we unveil how we turned this challenge into an opportunity by harnessing the power of Argo Workflows. Our edge clusters, located in retail stores across the U.S., required a deployment strategy that could overcome slow internet speeds and avoid business disruptions during operational hours.

We’ll show how we cut fleet-wide deploys to ~5 minutes P95 by pre-seeding OCI images to local caches, time-windowing Helm releases, and enforcing digest-pinned, policy-gated rollouts with an intelligent pull+push mechanism. The result was a highly efficient, batch-based deployment across a massive fleet of edge clusters, completed in record time.

You’ll leave with YAMLs and a runbook you can try in staging, plus the pitfalls we hit first (cold caches, egress bottlenecks, etc) and the pragmatic fixes that made it fast and predictable.

API is the New SSH: Forging a Zero-Trust VM Platform on Kubernetes - Evangelista Tragni, Devoteam #

Time: 12:00pm CET - 12:30pm CET

Speakers: Evangelista Tragni, Devoteam

Venue: Hall 7 | Room C, Amsterdam, Netherlands

Type: PLATFORM ENGINEERING

Description: Many organizations want to embrace cloud-native principles, but they can't abandon virtual machines just yet. How can we bridge these two worlds without sacrificing security and automation? In this session, we will guide you through our journey of building a multi-tenant virtualization platform entirely on Kubernetes, designed from the ground up to be secure, immutable, and declaratively managed.

You will discover KubeVirt as a main pillar to orchestrate VMs natively on kubernetes, but all this built on a Modern and secure OS and next to it you will discover a lot of project that are expanding different capabilities and features for our VM PLATFORM.

Join this session to get a concrete roadmap for building a modern, resilient, and truly cloud-native VM platform.

Breaking the Monolith: Decomposing and Governing Giant LLM Jobs Across Clusters - Kevin Wang, Huawei #

Time: 12:00pm CET - 12:30pm CET

Speakers: Kevin Wang, Huawei

Venue: Elicium 2, Amsterdam, Netherlands

Type: AI + ML

Description: Multi-cluster architecture is now a common choice for enterprise AI infrastructure, enabling unified resource management, flexible integration of multi-cloud and data center GPUs, and abstraction of hardware differences for simplified scheduling.

Traditionally, AI jobs were scheduled as a whole to a member cluster to ensure performance consistency, but this limited flexibility and resource utilization. In practice, splitting jobs across clusters becomes necessary for large-scale LLM training exceeding single-cluster capacity or aggregating idle resources from multiple clusters.

This session introduces how Volcano Global and Karmada enable adaptive cross-cluster scheduling for LLM jobs:

a universal global scheduling control plane
a higher-level job abstraction for intelligent decomposition of large AI jobs across clusters
a centralized global queue and priority mechanism to ensure fair and orderly resource allocation, preventing large tasks from overwhelming the shared pool

Cloud Native Non-Functional Requirements: Building Scalable, Resilient and Secure Applications - Jakub Krzywda, Elastisys #

Time: 12:00pm CET - 12:30pm CET

Speakers: Jakub Krzywda, Elastisys

Venue: Hall 7 | Room A, Amsterdam, Netherlands

Type: CLOUD NATIVE NOVICE

Description: In software development, we often focus on functional requirements – what the application does. But let’s be real: it’s the non-functional requirements (NFRs) that make or break an application’s success in the long run. For cloud-native applications, things like scalability, resilience, observability, and security aren’t just “nice-to-haves” – they’re the foundation of performance, maintainability, and availability.

That’s why we’re hosting an in-depth session to dive into the NFRs every cloud-native developer needs to master. We’ll cover:
• Microservice architecture for scalability and fault tolerance
• Build and deployment automation to keep releases smooth and stress-free
• State and configuration management to ensure resilience and uptime across environments
• Observability and high availability for reliability and rapid troubleshooting

This session will provide developers with practical insights on how to build applications, which are not only functional – but built to last.

Dapr in the AI Era: Orchestrating Complex Multi-agent Workflows With Automatic Recovery - Yaron Schneider, Diagrid #

Time: 12:00pm CET - 12:30pm CET

Speakers: Yaron Schneider, Diagrid

Venue: E103-105, Amsterdam, Netherlands

Type: MAINTAINER TRACK

Description: In this session we'll learn how Dapr enables agent frameworks like OpenAI agents, AWS Strands, CrewAI and LangGraph to run reliably in the face of network errors, full cluster shutdowns and even complete cloud outages. Dapr's workflow, pub/sub and state APIs can be integrated as first-class primitives into the agent runtime of your choice, enabling Ops teams to make their AI systems ready for production and multi-cloud architectures.

Flipping the Curve: A Platform Engineer's Guide to Unlocking the Silent 80% - Michael Reichenbach, 1KOMMA5°#

Time: 12:00pm CET - 12:30pm CET

Speakers: Michael Reichenbach, 1KOMMA5°

Venue: F002-005, Amsterdam, Netherlands

Type: PLATFORM ENGINEERING

Description: Many platform engineering teams unknowingly create an "inverse productivity curve": their platforms are highly effective for a small group of experts but leave the vast majority of their developers behind. This happens because platform engineers intuitively build for their peers, the most vocal 20% of users who prefer high-end but often highly complex solutions, instead of for the silent 80% majority who need simple, straightforward solutions.

This session provides a practical guide and case studies to break this cycle using "guerrilla product thinking." Attendees will learn practical, low-effort tactics to shift their focus, such as visualizing their user base to identify the true majority and conducting targeted interviews with silent developers to uncover the most impactful problems. The talk will equip every platform engineer with the mindset and tools needed to flip the productivity curve, eliminate expert bottlenecks, and build platforms that accelerate the entire organization.

Helm 4 Is Here. So, Now What? - Andrew Block, Red Hat; Scott Rigby, Replicated; Robert Sirchia, SUSE #

Time: 12:00pm CET - 12:30pm CET

Speakers: Andrew Block, Red Hat; Scott Rigby, Replicated; Robert Sirchia, SUSE

Venue: Amtrium 1+2, Amsterdam, Netherlands

Type: MAINTAINER TRACK

Description: After five years, Helm 4 was released last November at KubeCon North America 2025. While there was a large amount of fanfare coinciding with the release, many now wonder: “what does the future have in store for the Helm project?”

In this session, join Helm project maintainers as they look not on the past, but towards the future. They will share the list of features that were both planned for and/or delivered with the release of Helm 4. These capabilities have helped lay the foundation for what is available today within Helm 4 and where further advancement can be made. They will also share where the project is headed strategically and all of the different contribution opportunities available for the community.

In Falco's Nest: The Evolution of Cloud Native Runtime Security - Iacopo Rozzo, Sysdig; Aldo Lacuku, Kong Inc.#

Time: 12:00pm CET - 12:30pm CET

Speakers: Iacopo Rozzo, Sysdig; Aldo Lacuku, Kong Inc.

Venue: G102-103, Amsterdam, Netherlands

Type: MAINTAINER TRACK

Description: Falco, the Cloud Native Runtime Security project, is constantly evolving to meet the demands of modern cloud environments. This maintainer track session, led by the Falco maintainers, will dive deep into the latest advancements and the strategic direction of the project. We will focus on two major areas of growth: the introduction of the new Falco Operator and the new features that enhance Falco's performance and reliability. The new Falco Operator simplifies the deployment, configuration, and management of Falco across Kubernetes clusters, making it easier than ever for users to secure their runtime environments at scale. Furthermore, we will explore the most significant new features integrated into Falco. This includes performance optimizations for high-throughput environments. The session will also touch upon community contributions, ecosystem integrations, and the roadmap for the upcoming release.

Intelligent Routing for Optimized Inference - Antonio Berben, Solo.io & Felipe Vicens, Telefonica #

Time: 12:00pm CET - 12:30pm CET

Speakers: Antonio Berben, Solo.io & Felipe Vicens, Telefonica

Venue: Hall 7 | Room B, Amsterdam, Netherlands

Type: CONNECTIVITY

Description: Industry analysis reveals that expensive GPU cards are often utilized for processing simple queries that could efficiently be handled by CPUs, such as batch processing, non-real-time requests, or small context queries. The presentation will showcase an intelligent routing mechanism built on a three-layer architecture composed of CNCF projects: Istio and AgentGateway as the secure communication layer, LLM-D as the inference framework, and kagent as the agent orchestrator. This enables real-time analysis of request complexity. Simple queries are routed to Small Language Models (SLMs) with fewer than 8 billion parameters (

Locking Down Ray Serve: How to Secure Ur ML Models? - Kateryna Hrytsaienko, Valtech #

Time: 12:00pm CET - 12:30pm CET

Speakers: Kateryna Hrytsaienko, Valtech

Venue: Hall 8 | Room F, Amsterdam, Netherlands

Type: AI + ML

Description: Ray Serve makes scaling ML models feel easy — until you realize you’ve got data flying across clusters and no clue who’s talking to whom. This talk breaks down what it really takes to secure Ray Serve in Kubernetes: from in-cluster access controls to multi-cluster communication and secret management that won’t wake you up at 3 a.m. We’ll go through a real case study showing what worked, what failed spectacularly, and what we’d do differently next time. Expect some honest war stories, practical configs, and a few “don’t ever do this” moments

No Shame, Just Pain: How We Migrated Away From Kubernetes 1.16 in 2025 - Jannis Relakis & Michael Seiwald-McCarty, Celonis #

Time: 12:00pm CET - 12:30pm CET

Speakers: Jannis Relakis & Michael Seiwald-McCarty, Celonis

Venue: Forum, Amsterdam, Netherlands

Type: PLATFORM ENGINEERING

Description: Until recently, while the world was talking WASM and AI-driven ops, we were still running Kubernetes 1.16; on over fifty clusters, across six flavors, and three cloud providers.

This talk is the story of how we dug ourselves out of that hole: a multi-year, zero-downtime migration that forced us to face years of technical debt, align dozens of teams, and rethink how we manage clusters at scale.

I’ll share how we launched a zero-downtime migration for hundreds of workloads, untangled messy dependencies, built “the wormhole” (our Envoy-based cross-cluster bridge), and designed a new fleet architecture across EKS, AKS, and GKE. Along the way we met deprecated APIs, abandoned components, and a few stubborn Frankenstein clusters.

This is not a “look how shiny our platform is” story. It’s a confession from someone who sat through KubeCon talks for years drooling over features we couldn’t use. There’s no shame. Just lessons, empathy, and a lot of pain turned into progress.

Virtual Power Plants (VPP): How They Work and What They Are - LeRenzo Malcom & Mario Flores, Enpal #

Time: 12:00pm CET - 12:30pm CET

Speakers: LeRenzo Malcom & Mario Flores, Enpal

Venue: Hall 8 | Room E, Amsterdam, Netherlands

Type: APPLICATION DEVELOPMENT

Description: Virtual Power Plants (VPPs) are reshaping the energy grid by turning thousands of distributed IoT devices—solar systems, batteries, EV chargers—into one coordinated, cloud-native asset. At Enpal, we operate one of Europe’s largest residential solar fleets and are building a next-generation VPP platform to orchestrate it.

This talk explores what it really means to build a power plant in software—and why developing for IoT looks nothing like typical cloud app development.

You’ll learn:

How a Virtual Power Plant works—from household solar to market bidding
Why IoT development differs from regular cloud systems (latency, autonomy, bandwidth, lifecycle control)
How Enpal’s IoT and cloud systems coordinate to optimize energy use and revenue in real time
What design patterns (Kubernetes, KubeEdge, Dapr, event streaming) make it possible to treat 100,000+ homes like a distributed cluster
How VPPs make money—through flexibility markets, load shifting, and price arbitrage

WIT Happens: Exploring the Latest Evolution of the SPIFFE and WIMSE Workload Identity Standards. - Noah Stride, Teleport & Arndt Schwenkschuster, Defakto Security #

Time: 12:00pm CET - 12:30pm CET

Speakers: Noah Stride, Teleport & Arndt Schwenkschuster, Defakto Security

Venue: E106-108, Amsterdam, Netherlands

Type: MAINTAINER TRACK

Description: Workload identity is evolving. The IETF WIMSE Working Group has been standardizing the Workload Identity Token (WIT): a new credential format designed to address gaps in current workload-to-workload authentication. In 2026, SPIFFE and SPIRE will adopt WIT as a native credential type alongside existing JWT and X.509 options. But, what exactly makes WIT different? In this talk, we’ll give a brief overview of SPIFFE and WIMSE, and explore how they fit together. We’ll recap the existing JWT and X509 credential types and dive into the WIT, exploring its structure, security properties and presentation methods, and compare this against X509 and JWT. And, with any luck, we’ll demo how the WIT can be used for workload to workload authentication. Whether you’re already using SPIFFE, or, are interested in the workload identity space, this session is for you!

When OTTL Goes Off the Rails: Debugging Transformations with Confidence - Edmo Vamerlatti Costa, Elastic & Tyler Helmuth, Honeycomb #

Time: 12:00pm CET - 12:30pm CET

Speakers: Edmo Vamerlatti Costa, Elastic & Tyler Helmuth, Honeycomb

Venue: Hall 8 | Room D, Amsterdam, Netherlands

Type: OBSERVABILITY

Description: Ever written an OpenTelemetry Transformation Language (OTTL) statement that looked right but went completely off the rails when you ran it? You’re not alone. Testing and troubleshooting OTTL can be tricky, especially when it’s unclear how your telemetry data is being interpreted and transformed under the hood.

In this session, we’ll demonstrate how to keep your transformations running smoothly. Using the OpenTelemetry Collector’s built-in tools and the OTTL Playground (https://ottl.run), we’ll validate, debug, and fine-tune statements using real-world examples. Along the way, we’ll uncover hidden issues, explain unexpected behavior, and explore strategies to guide your transformations back on track.

Expect live demos, debug logs, a few intentional derailments, and practical tips to make your next troubleshooting session smoother, and maybe even a little https://ottl.fun.

Your Models Are Vulnerable: How KitOps Turns KServe Into a Zero-Trust Inference Platform - Brad Micklea, Jozu & Gavrish Prabhu, Nutanix #

Time: 12:00pm CET - 12:30pm CET

Speakers: Brad Micklea, Jozu & Gavrish Prabhu, Nutanix

Venue: Auditorium, Amsterdam, Netherlands

Type: AI + ML

Description: Model serving on KServe is easy. Proving your model hasn't been poisoned, tampered with, or swapped? That's where things fall apart. This talk reveals how KitOps transforms KServe into a zero-trust inference platform using ModelKits: OCI-native bundles that package models, datasets, code, and configs with cryptographic signatures - stored in the registry you already run. No new infrastructure, no vendor lock-in. We'll expose real ML-pipeline attack vectors and demonstrate production patterns that shut them down: init containers that verify model signatures, OPA policies blocking unattested models, and GitOps with a cryptographic chain‑of‑custody from training to production. You'll leave with battle-tested manifests, demos, and a deployment checklist that DSV (160K employees) and federal labs already use. Whether you're facing auditors tomorrow or just want to sleep better knowing your AI hasn't been compromised, you'll learn how to harden KServe today using tools you already have.

Cloud Native Theater | Cloud Native University: Introduction to GitOps - Chris Plank, NatWest #

Time: 12:11pm CET - 12:16pm CET

Speakers: Chris Plank, NatWest

Venue: Hall 1-5 | Tram Zone | Cloud Native Theater, Amsterdam, Netherlands

Type: SOLUTIONS SHOWCASE

Description: This is an introduction level lightening talk explaining the concepts of Devops and Gitops, the differences between the two, the most popular products we see used in the community and how people use them to deploy and maintain applications to kubernetes clusters with pointers to previous (fuller) presentations for further information.

Cloud Native Theater | Cloud Native University: Platform Engineering - About Tools, Techniques, People and Culture - Max Körbächer, Liquid Reply #

Time: 12:19pm CET - 12:34pm CET

Speakers: About Tools, Techniques, People and Culture - Max Körbächer, Liquid Reply

Venue: Hall 1-5 | Tram Zone | Cloud Native Theater, Amsterdam, Netherlands

Type: SOLUTIONS SHOWCASE

Description: Platform Engineering is all over the place, at the same time many people approaches us saying they have heard it at KubeCon the first time. So, let us explore how platforms aren't just infrastructure. They're products that combine tools, automation, and self-service capabilities to make developers' and other personas lives easier.
I'll demystify core concepts: what platforms actually do, why they matter in cloud-native environments, and how they reduce complexity rather than add another layer.
But great platforms aren't built on technology alone. We'll explore the often-overlooked human side: understanding user needs, fostering collaboration, and cultivating a platform-centric culture through training, community building, and advocacy.
You'll learn why platforms succeed or fail based on how well they respect the socio-technical system, where technology meets people, workflows, and organizational culture.

Deep Roots: Black, Indigenous, and People of Color Community Gathering #

Time: 12:30pm CET - 1:30pm CET

Venue: G104 - 105 | Community Hub, Amsterdam, Netherlands

Type: INCLUSION + ACCESSIBILITY

Description: This session brings Deep Roots community members and allies together through rotating small-group discussions and collaborative mapping of shared interests - creating meaningful connections while surfacing what support structures (like peer learning, speaker series, or skill-building initiatives) would make the community most valuable for members navigating cloud native careers as (Black, Indigenous, People of Color) professionals.

Time: 12:30pm CET - 1:00pm CET

Venue: Hall 1-5 | Solutions Showcase, Amsterdam, Netherlands

Type: SOLUTIONS SHOWCASE

Description: Sponsor: Chronosphere, a Palo Alto Networks Company Booth Number: 331 Sponsor: Octopus Deploy Demo: Get your signed book 'Argo CD the right way' Booth Number 670 In order to facilitate networking and business relationships at the event, you may choose to visit a third party’s booth or access sponsored content. You are never required to visit third party booths or to access sponsored content. When visiting a booth or participating in sponsored activities, the third party will receive some of your registration data. This data includes your first name, last name, title, company, address, email, standard demographics questions (i.e. job function, industry), and details about the sponsored content or resources you interacted with. If you choose to interact with a booth or access sponsored content, you are explicitly consenting to receipt and use of such data by the third-party recipients, which will be subject to their own privacy policies.

Lunch 🍲#

Time: 12:30pm CET - 2:30pm CET

Venue: Hall 1-5 | Solutions Showcase, Amsterdam, Netherlands

Type: BREAKS

Cloud Native Theater | Cloud Native University: How Kubernetes Actually Ships: An Educator's Guide to Core Releases, SIGs, and Staying Current - Michael Forrester and Mumshad Mannambeth, KodeKloud #

Time: 12:37pm CET - 12:57pm CET

Speakers: Michael Forrester and Mumshad Mannambeth, KodeKloud

Venue: Hall 1-5 | Tram Zone | Cloud Native Theater, Amsterdam, Netherlands

Type: SOLUTIONS SHOWCASE

Description: We're not maintainers. We're not vendors. We're educators who've trained over a million students for CKA, CKAD, and CKS—and watched them hit the same wall after passing: "Nobody taught me how to keep up with Kubernetes."
In this session, we'll cover:

How Kubernetes core releases work—the 3x/year cadence, KEPs, and where the real changelog lives.
How SIG projects like Gateway API release independently, and how to track them.
How to navigate GA, beta, and alpha—what each stage means and when to care.
How to prioritize for your role—operators, developers, and architects need different things.
Which external sources help and which have an agenda—community resources vs. vendor hype.

We've helped more people pass Kubernetes certifications than almost anyone. Now we'll teach you what happens after the exam.

Cloud Native Theater | Cloud Native University: The AI-Hiker’s Guide to Cloud Native AI - Cansu Kavili Örnek and Anneli Sara Banderby, RedHat #

Time: 1:00pm CET - 1:15pm CET

Speakers: Cansu Kavili Örnek and Anneli Sara Banderby, RedHat

Venue: Hall 1-5 | Tram Zone | Cloud Native Theater, Amsterdam, Netherlands

Type: SOLUTIONS SHOWCASE

Description: The Cloud Native landscape is vast, and adding Generative AI can make it feel overwhelming for a newcomer. Where do you even start?

This lightning talk gives first-timers a simple, practical decision map for the KubeCon week ahead. We will present how AI workloads actually fit into a Kubernetes world, introducing containers, how to think about “models as services,” and what changes when GPUs and latency enter the picture.

We’ll focus on a simple mental roadmap, so you can navigate KubeCon sessions with confidence. Start here to get inspiration and learn from people who have tried, and failed and then succeeded.

Time: 1:00pm CET - 1:30pm CET

Venue: Hall 1-5 | Solutions Showcase, Amsterdam, Netherlands

Type: SOLUTIONS SHOWCASE

Description: Sponsor: Spectro Cloud Demo: One Platform. Any Infrastructure. Every Cluster. Booth Number: 420 Sponsor: Uber Booth Number: 221 In order to facilitate networking and business relationships at the event, you may choose to visit a third party’s booth or access sponsored content. You are never required to visit third party booths or to access sponsored content. When visiting a booth or participating in sponsored activities, the third party will receive some of your registration data. This data includes your first name, last name, title, company, address, email, standard demographics questions (i.e. job function, industry), and details about the sponsored content or resources you interacted with. If you choose to interact with a booth or access sponsored content, you are explicitly consenting to receipt and use of such data by the third-party recipients, which will be subject to their own privacy policies.

Network Nook Meetup: 1st Time Attendees #

Time: 1:00pm CET - 2:00pm CET

Venue: Hall 1-5 | Tram Zone | Network Nook, Amsterdam, Netherlands

Type: EXPERIENCES

Description: Join us for casual and engaging meetups at the Network Nook during lunch breaks! These informal gatherings are open to all, whether you're a first-time attendee, a solo traveler, or simply looking to chat about shared interests. This is a great way to connect with others.

Today's topic: 1st Time Attendees
New to KubeCon + CloudNativeCon? Connect with fellow first-time attendees, share tips, and get insights from CNCF ambassadors on how to make the most of your conference experience!

Learning Lounge: Starting Your Kubestronaut Journey with the KCNA, CKA and CKAD - James Spurin, DiveInto #

Time: 1:15pm CET - 1:30pm CET

Speakers: James Spurin, DiveInto

Venue: Hall 1-5 | Bridge Zone | Learning Lounge, Amsterdam, Netherlands

Type: SOLUTIONS SHOWCASE

Description: 10-Minute Tip Talk

Cloud Native Theater | Cloud Native University: AI + Kubernetes: What Beginners Need to Know in 2026 - Michael Forrester, KodeKloud #

Time: 1:18pm CET - 1:34pm CET

Speakers: Michael Forrester, KodeKloud

Venue: Hall 1-5 | Tram Zone | Cloud Native Theater, Amsterdam, Netherlands

Type: SOLUTIONS SHOWCASE

Laughter Workshop #

Time: 1:45pm CET - 2:30pm CET

Venue: Europe Foyer, Amsterdam, Netherlands

Type: EXPERIENCES

Description: Looking for a unique way to reset? Join us for a session dedicated to the power of the human laugh. Through a series of lighthearted exercises and guided breathing, we’ll explore how intentional laughter transforms into genuine joy. It’s fun, educational, and deeply relaxing—the perfect "brain break" to leave you feeling more energetic and connected to those around you.

Project Demo #

Time: 1:45pm CET - 2:10pm CET

Venue: Hall 1-5 | Gouda Zone | Project Pavilion, Amsterdam, Netherlands

Type: PROJECT OPPORTUNITIES

Time: 2:00pm CET - 2:30pm CET

Venue: Hall 1-5 | Solutions Showcase, Amsterdam, Netherlands

Type: SOLUTIONS SHOWCASE

Description: Sponsor: Harness
Demo: ArgoCD in Production: Scaling GitOps Without Compromise
Booth Number: 421

Sponsor: Infisical
Demo: Open source secrets, certificates, and privileged access
Booth Number: 431

Sponsor: Nscale
Demo: One Stack to Rule Them All: Ground to Cloud AI infrastructure
Booth Number: 231

Sponsor: PerfectScale by DoiT
Demo: The Perfect Cluster A Kubernetes Optimization Framework with PerfectScale by DoiT - Anton Weiss, PerfectScale by DoiT
Booth Number: 251

Sponsor: Tigera
Demo: The AI Assistant Troubleshoots Network Issues and Identifies Policy Gaps
Booth Number: 400

Kubernetes Contribution 101 #

Time: 2:00pm CET - 3:30pm CET

Venue: G104 - 105 | Community Hub, Amsterdam, Netherlands

Type: INCLUSION + ACCESSIBILITY

Description: Want to start contributing to Open Source but have no idea where to begin? It’s common to feel overwhelmed by the scale of these projects or unsure of how to take that first step. Whether you're looking to build your skills, give back to the community, or just see how things work behind the scenes, finding your footing is the hardest part.

In this session, we’ll use Kubernetes as our roadmap to show you how a massive project actually functions. We’ll break down how the Kubernetes community is structured, how the people within it communicate, and—most importantly—how you can fit in. You’ll learn how to avoid common pitfalls like the 'good first issue' trap and get direct guidance from active contributors on where the best opportunities are hiding. Leave with a clear plan for your first move in the Kubernetes ecosystem.

Learning Lounge: What Platform Engineers Need to Know About Developer Experience - Max Körbächer, Liquid Reply #

Time: 2:00pm CET - 2:15pm CET

Speakers: Max Körbächer, Liquid Reply

Venue: Hall 1-5 | Bridge Zone | Learning Lounge, Amsterdam, Netherlands

Type: SOLUTIONS SHOWCASE

Description: 10-Minute Tip Talk

Project Demo #

Time: 2:25pm CET - 2:50pm CET

Venue: Hall 1-5 | Gouda Zone | Project Pavilion, Amsterdam, Netherlands

Type: PROJECT OPPORTUNITIES

"Will it Kubernetes?" A Tinkerer’s Journey From Curiosity To Career - Niklas Frick, The Platform Engineering Company #

Time: 2:30pm CET - 3:00pm CET

Speakers: Niklas Frick, The Platform Engineering Company

Venue: Hall 7 | Room A, Amsterdam, Netherlands

Type: CLOUD NATIVE NOVICE

Description: When I first heard about containers and Kubernetes, I had a background in infrastructure but hadn’t worked in the field for several years—yet my inner tech enthusiast was reignited. So I decided to see if an old pile of hardware I had would still work and "would do Kubernetes". With support from friends and family (a.k.a "the hardware donors"), that curiosity-driven weekend project quickly turned into a hands-on crash course in Cloud Native concepts, troubleshooting, and automation. This journey refreshed my skills and helped me land my first Platform Engineering job. In this talk, I’ll share how I went from zero experience to running a fully functional homelab cluster, the unexpected lessons I learned along the way, and how this journey built the foundation for working in production-grade Kubernetes environments. If you’ve ever wondered how to start learning Kubernetes from scratch or turn curiosity into career growth, this session is for you.

10 Years of Cilium: Connecting, Securing, and Simplifying the Cloud Native Stack - Bill Mulligan & Paul Arah, Isovalent at Cisco; Marcelo Mello, Celonis; Neha Aggarwal, Microsoft #

Time: 2:30pm CET - 3:00pm CET

Speakers: Bill Mulligan & Paul Arah, Isovalent at Cisco; Marcelo Mello, Celonis; Neha Aggarwal, Microsoft

Venue: Amtrium 1+2, Amsterdam, Netherlands

Type: MAINTAINER TRACK

Description: Join us as we celebrate a decade of Cilium, now the de-facto standard CNI for Kubernetes and a cornerstone of cloud native networking and security. This session provides updates on the latest Cilium release and showcases how its unified eBPF-powered stack is transforming Kubernetes environments and beyond by replacing fragmented toolchains with seamless, secure, scalable, and simplified solutions.

We’ll showcase how open source has driven evolution in the service mesh ecosystem and how sub-project Tetragon is making security observable.

Contributors and end users will share how they’re using Cilium to streamline operations and reshape the cloud native stack cementing Cilium’s role as the networking and security data plane for modern infrastructure for the next decade to come.

A Tale of Two KEPs: How the Community is Taming Kubernetes' CrashLoopBackoff - Yang Li, Google #

Time: 2:30pm CET - 3:00pm CET

Speakers: Yang Li, Google

Venue: Hall 8 | Room D, Amsterdam, Netherlands

Type: OPERATIONS + PERFORMANCE

Description: For over seven years, Kubernetes' rigid 5-minute CrashLoopBackoff has been a top community pain point (issue #57291). This session tells the "Tale of Two KEPs"—a real-world story of how this challenge was finally addressed through pragmatic open-source decision-making.

The presentation first explores the strategic engineering trade-offs behind splitting the original, ambitious KEP-4603. It will dissect why the community chose to prioritize a configurable 'knob' (KEP-5593, which graduated to Beta in v1.35) for immediate relief, while the quest to change the global default (the revised KEP-4603) remains a complex, ongoing discussion.

Balancing this governance story, the talk delivers a technical deep-dive into the new Kubelet Configuration. Attendees will get a practical guide complete with YAML examples and hard-won lessons on performance and stability, drawn from first-hand experience applying this feature in its alpha stage.

Ask the Experts: Behind the Electric Glider - Open Science, Edge Computing, and Real-Time Data in Flight - Ricardo Rocha, CERN & Klaus Ohlmann, Mountain-Wave-Project #

Time: 2:30pm CET - 3:00pm CET

Speakers: Open Science, Edge Computing, and Real-Time Data in Flight - Ricardo Rocha, CERN & Klaus Ohlmann, Mountain-Wave-Project

Venue: Hall 11, Amsterdam, Netherlands

Type: EMERGING + ADVANCED

Description: Following the keynote Riding the Waves: Around the World in an Electric Glider – Powered by Nature, Data, and Open Science, join Ricardo Rocha and Klaus Ohlmann for an interactive Ask the Experts session. This is an opportunity to dive deeper into the technology and ideas behind the mission, from Kubernetes-powered telemetry pipelines and real-time data visualization to the challenges of collecting scientific data from a renewable-energy aircraft.

Bring your questions about edge computing in extreme environments, open scientific infrastructure, sustainable aviation, and how cloud native technologies are enabling new forms of exploration and discovery. Whether you're curious about the engineering behind the platform or the science being unlocked by the project, this session offers a chance to continue the conversation and explore the intersection of cloud native, climate science, and human exploration.

Bringing Cloud Native PaaS To Space: Onboard Edge Computing for Satellites - Adele Karam Hankache, Thales Alenia Space & Sergiu Weisz, POLITEHNICA Bucharest #

Time: 2:30pm CET - 3:00pm CET

Speakers: Adele Karam Hankache, Thales Alenia Space & Sergiu Weisz, POLITEHNICA Bucharest

Venue: Hall 7 | Room C, Amsterdam, Netherlands

Type: PLATFORM ENGINEERING

Description: Earth Observation missions generate massive data volumes from complex multi-instrument payloads, creating downlink bottlenecks since not all data can be transmitted. Traditional space software is reliable but hardware-dependent and inflexible. Cloud-native technologies such as containerization, workflow automation, and infrastructure-as-code provide modularity and portability but are not designed for space’s constraints, including limited power, processing capacity.

In this session, we present how we adapted cloud solutions for space by building a lightweight cloud-native PaaS onboard satellites. It orchestrates diverse workloads, including AI, on heterogeneous clusters (CPUs, GPUs, and FPGAs). A key differentiator is the use of unikernels (MirageOS and Unikraft), integrated with K3s, Argo, and urunc to reduce memory footprint, energy consumption, and security risks. We detail the architecture, software/hardware choices, and design trade-offs from the European ORCHIDE project.

Cloud Native Theater | Istio Day: Running State of the Art Inference with Istio and LLM-D - Jackie Maertens, Microsoft and Nili Guy, IBM #

Time: 2:30pm CET - 3:00pm CET

Speakers: Jackie Maertens, Microsoft and Nili Guy, IBM

Venue: Hall 1-5 | Tram Zone | Cloud Native Theater, Amsterdam, Netherlands

Type: SOLUTIONS SHOWCASE

Description: Large language model workloads are hard to run efficiently: GPU memory is limited, traffic patterns shift quickly, and benefit from stateful routing. LLM‑D is a distributed inference system built to solve these problems with the help of the Gateway API Inference Extension. It introduces several techniques—cache‑aware request routing, prefill/decode split execution, locality‑aware scheduling, and dynamic worker scoring—that improve throughput and reduce latency for real‑world inference traffic.

In this session we'll explain at a high level why these techniques makes sense in the first place and how you can take advantage of these benefits with your existing Istio installation. Istio can be your gateway (controller) to efficient inference serving with llm-d.

Continuous AI Conformance: The kOps Approach - Arnaud Meukam, Indpendent; Janet Kuo & Justin Santa Barbara, Google; Ciprian Hacman, Microsoft #

Time: 2:30pm CET - 3:00pm CET

Speakers: Arnaud Meukam, Indpendent; Janet Kuo & Justin Santa Barbara, Google; Ciprian Hacman, Microsoft

Venue: F002-005, Amsterdam, Netherlands

Type: MAINTAINER TRACK

Description: At KubeCon NA 2025, the AI Conformance profile was announced with an initial cohort of AI-conformant Kubernetes distributions, but they were all commercial offerings. Since then, kOps has achieved AI Conformance as a fully open source, community-driven Kubernetes distribution. In this talk, we’ll share how we got there and, more importantly, how we’re staying there.

We’ll walk through how we translated the AI Conformance specification into concrete, automated tests that run continuously in CI, instead of relying on one-off, manual certification efforts.
We’ll also highlight some of the changes this effort drove inside kOps itself, from safer defaults and opinionated profiles for AI workloads, to clearer documentation and validation. Finally, we’ll outline how these patterns can be reused by other Kubernetes distributions, including internal “private” platforms, so that AI Conformance can become an ongoing property of your system rather than a once-per-release scramble.

Do You Trust Your PodDisruptionBudgets? You Shouldn’t! - Kārlis Akots Gribulis, Saxo Bank #

Time: 2:30pm CET - 3:00pm CET

Speakers: Kārlis Akots Gribulis, Saxo Bank

Venue: Elicium 2, Amsterdam, Netherlands

Type: CLOUD NATIVE NOVICE

Description: Have you ever trusted your PodDisruptionBudget, only to watch Kubernetes evict your pods anyway? PodDisruptionBudgets feel like a safety net, but in reality, they’re not the silver bullet many expect. Under the hood, priority classes, Quality of Service classes, and resource pressure can silently bypass your budgets: leaving critical workloads exposed during upgrades, reschedules, or node failures. In this session, we’ll walk through real-world failure scenarios, how it impacted our platform, show how to reproduce them, and share practical strategies to test and harden your disruption policies so your workloads truly stay protected.

Driving Adoption and Automation With MCP in Production at Liftoff - Tommy Nguyen, Liftoff Mobile #

Time: 2:30pm CET - 3:00pm CET

Speakers: Tommy Nguyen, Liftoff Mobile

Venue: Auditorium, Amsterdam, Netherlands

Type: AI + ML

Description: Liftoff uses Model Context Protocol (MCP) to automate critical workflows across several systems. This talk covers three production projects: Janus, Graip, and Ersa that faced real technical challenges with OAuth security, multi-service orchestration, and adoption hurdles. Janus converts requirements documents into JIRA tickets, reducing manual work while dealing with OAuth token complexities. Graip automates Grafana dashboard reporting, balancing automation with managing eventual consistency issues. Ersa monitors endpoint changes across multiple clouds, tackling noisy data and timely alerting. We share how we overcame OAuth token renewal, rate limits, and friction caused by complex local setups, boosting MCP usage from 0% to over 30%. Attendees will gain practical guidance on securing and orchestrating MCP in a complex environment, with lessons from production failures and successes.

Enterprise-Scale Migrations Using Agentic Workflows with Human-in-the-loop - Alvaro Saurin & Jose M Navarro, Adobe #

Time: 2:30pm CET - 3:00pm CET

Speakers: Alvaro Saurin & Jose M Navarro, Adobe

Venue: Forum, Amsterdam, Netherlands

Type: PLATFORM ENGINEERING

Description: This presentation dives into the challenges of migrating enterprise Gateway configurations from NGINX to Envoy in an environment with tens of thousands of services across hundreds of clusters and regions. Migrating configurations is often seen as a simple translation task, but real-world scenarios reveal vastly different data models, incomplete or inconsistent information, and the need for common-sense interpretation. We introduce an agentic approach powered by Large Language Models (LLMs) to drive and refine migration tools iteratively, but supervised by a human-in-the-loop. The method leverages LLMs not just to transform configurations but to also fix and improve the migration tools through a structured inner loop (coding) and outer loop (migration execution) architecture. Attendees will learn how this innovative approach enables scalable, predictable, and efficient migrations with iterative human evaluation and agentic workflows.

From Open Source To Enterprise Scale and Back: A Journey With Road-Runner - Michael Kuhnt, Mercedes-Benz Tech Innovation & Gabriel Adrian Samfira, Cloudbase Solutions #

Time: 2:30pm CET - 3:00pm CET

Speakers: Michael Kuhnt, Mercedes-Benz Tech Innovation & Gabriel Adrian Samfira, Cloudbase Solutions

Venue: Hall 8 | Room E, Amsterdam, Netherlands

Type: APPLICATION DEVELOPMENT

Description: What does it take to transform a small open-source project into an enterprise-grade platform serving thousands of users daily? At Mercedes-Benz, we discovered that the secret isn't just technical scaling: it's building systems that make your users genuinely happy while achieving close to zero operational overhead. This talk shares our journey building Road-Runner, our internal self-hosted, ephemeral GitHub Actions runner platform, from modest open-source foundations to a self-healing system that developers love. We'll explore how we evolved beyond the original project's limitations through cloud-native patterns, custom Kubernetes operators, and tight user feedback loops. You don't need to reinvent the wheel to build something remarkable. Starting with proven open-source solutions and applying fundamental scaling principles, any team can create robust, maintainable systems. We'll share real challenges we faced and how we solved them through automation and focus on user experience.

Make GenAI Production-Ready With Kubernetes Patterns - Roland Huss, Red Hat & Bilgin Ibryam, Diagrid #

Time: 2:30pm CET - 3:00pm CET

Speakers: Roland Huss, Red Hat & Bilgin Ibryam, Diagrid

Venue: Hall 8 | Room F, Amsterdam, Netherlands

Type: AI + ML

Description: Running LLMs and AI-driven workloads on Kubernetes shouldn’t feel like a leap into the unknown. This session uses familiar Kubernetes Patterns as a compass for the GenAI journey, showing how controllers and custom resources shape stable model endpoints, how sound startup hygiene turns heavy models into predictable rollouts, and how GPU-aware placement avoids noisy neighbors without wasting capacity. It explores why token-based traffic signals beat round-robin and how policy at the gateway keeps latency in check. The story closes by stitching a minimal retrieval augmented generation (RAG) path with stateless orchestration, stateful vectors, and background ingestion into a clean, portable design.

Aimed at practitioners, the session extends well-known Kubernetes patterns into the emerging AI domain. Attendees will leave with a shared vocabulary and pragmatic defaults they can apply the next day - no GenAI experience required.

Multi-cluster Orchestration System: Karmada Updates and Use Cases - Hongcai Ren, Huawei; Tessa Pham, Michas Szacillo & Wei-Cheng Lai, Bloomberg; Zongqing Li, Trip.com #

Time: 2:30pm CET - 3:00pm CET

Speakers: Hongcai Ren, Huawei; Tessa Pham, Michas Szacillo & Wei-Cheng Lai, Bloomberg; Zongqing Li, Trip.com

Venue: G102-103, Amsterdam, Netherlands

Type: MAINTAINER TRACK

Description: Karmada (Kubernetes Armada) is a Kubernetes management system that enables you to run your cloud-native applications across multiple Kubernetes clusters and clouds.

In this presentation, the maintainer of the Karmada project will share:

A Brief introduction to Karmada.
New features over the last year
Application Priority Scheduling
Federated ResourceQuota Enforcement
Stateful Application Cluster Failover
AI Jobs Scheduling Enhancements
Remarkable Performance Optimization
Karmada Dashboard Release
Karmada Operator Enhancement
Real-world case studies
Overview of the community
Roadmap
QA

Not Yet Another Envoy Implementation - Exploring Kgateway To Write Your Own GatewayAPI Backend - Ricardo Katz, Red Hat #

Time: 2:30pm CET - 3:00pm CET

Speakers: Exploring Kgateway To Write Your Own GatewayAPI Backend - Ricardo Katz, Red Hat

Venue: Hall 7 | Room B, Amsterdam, Netherlands

Type: CONNECTIVITY

Description: Gateway API adoption in the Kubernetes ecosystem is accelerating, with more implementations and features arriving every release. Yet, most controllers share one common dependency: Envoy as a backend. Envoy is great and we all love it, but what about if you want to use something else? Building your own Gateway API implementation, though, isn’t simple: the spec is huge, full of conditions to satisfy before you can even start doing something interesting. That’s where kgateway, a CNCF project, comes in. While it's original goal is to be a full Gateway API controller, it provides a pluggable control plane that handles much of the heavy lifting, letting you focus on what really matters: programming your backend using a familiar data model. In this talk, we’ll explore kgateway’s architecture, show how to integrate it into your own Gateway API implementation, and demonstrate live a non-Envoy implementation without reinventing the wheel, so you can create your own implementation!

The Hills Are Alive with the Sound of Kubernetes - Stevie Caldwell, Fairwinds #

Time: 2:30pm CET - 3:00pm CET

Speakers: Stevie Caldwell, Fairwinds

Venue: Hall 12, Amsterdam, Netherlands

Type: OBSERVABILITY

Description: Have you ever noticed a sudden change in sound? Maybe you're sitting in your living room and the ever-present hum of your refrigerator stops. Rooms away that change is a signal that something is different, potentially wrong, through ambient sound that you weren't even consciously hearing. What if you could "hear" the changes to your Kubernetes cluster in the same way?

Sonification "is the use of non-speech audio to convey information or perceptualize data". I explore sonification within the context of engineering that traditionally relies on visual cues. Cluster events are mapped to audio using a custom operator and open source synthesis tools. Through live chaos experiments we'll see various failure modes, demonstrating how each one can produce distinct audio signatures that make infrastructure problems immediately recognizable.

Using music, I will help attendees approach observability with a fresh perspective and a new mental model for understanding distributed system behavior.

What LLMs Do, and Don't, Know About Securing Kubernetes - Rory McCune, Datadog #

Time: 2:30pm CET - 3:00pm CET

Speakers: Rory McCune, Datadog

Venue: Hall 8 | Room G, Amsterdam, Netherlands

Type: SECURITY

Description: LLMs are fast becoming a fact of life in many organizations and one of the things we can use them for is.... Kubernetes! So that leads us to a question, if LLMs can do Kubernetes related tasks, can they do them securely and what in general do the know and not know about Kubernetes security? This talk will show the results of our research into how LLMs handle Kubernetes security tasks, how techniques like improved prompting can change the outcomes, and the places where they fall down.

What's Coming Next in Containerd 2.3? - Mike Brown, IBM & Krisztian Litkey, Intel #

Time: 2:30pm CET - 3:00pm CET

Speakers: Mike Brown, IBM & Krisztian Litkey, Intel

Venue: E103-105, Amsterdam, Netherlands

Type: MAINTAINER TRACK

Description: A year and a half after the release of containerd 2.0, the containerd project has shifted to time based releases and recently released containerd 2.2. As the project has matured, the maintainers have continued to focus on stability along with more reliable release cadence and steady stream of new features. The upcoming 2.3 release, tentatively scheduled for early May, will be filled with new features to support the next generation of container runtime plugins (NRI v1.0), filesystems and container image and artifact formats. Join maintainers to discuss these project updates, integrations with Kubernetes, and how these new features can be used to support new use cases and increase runtime performance.

What's New in gRPC - Kevin Nilson & John Feig, Google #

Time: 2:30pm CET - 3:00pm CET

Speakers: Kevin Nilson & John Feig, Google

Venue: E106-108, Amsterdam, Netherlands

Type: MAINTAINER TRACK

Description: This talk will go through all the exciting new features we have recently added to gRPC. We will be covering topics such as OpenTelemetry, Service Mesh, K8s Gateway APIs and GAMMA. We will also cover tips and tricks for building a Microservices Application with gRPC.

📚 Tutorial: AI on Kubernetes Without the Chaos: Building Reproducible ML Environments with Argo and Kubeflow - Nourhan Mohamed, KodeKloud #

Time: 2:30pm CET - 3:45pm CET

Speakers: Nourhan Mohamed, KodeKloud

Venue: Elicium 1, Amsterdam, Netherlands

Type: 📚 TUTORIALS

Description: A 2023 study found that data leakage compromised reproducibility in nearly 300 ML papers — showing how fragile machine learning remains. On Kubernetes, this fragility often becomes chaos: version drift, broken pipelines, and the “it worked on my laptop” problem make reproducibility a daily challenge. In this tutorial, we’ll walk through a practical, open-source blueprint for building reproducible ML environments with Kubeflow, Argo and ML Metadata. You’ll learn how to design modular workflows that can be rerun consistently, track experiments and dataset lineage, and apply GitOps principles to make pipelines auditable. We’ll also cover techniques like image pinning, artifact caching, and environment snapshots — plus strategies to avoid pitfalls like dependency drift and GPU scheduling conflicts. By the end, you’ll have a clear framework to improve reliability and repeatability in ML workflows on Kubernetes.

🚨 Contribfest: Bring Agentic AI To Cloud Native, One PR at a Time With Kagent - Lin Sun, Peter Jausovec & Eitan Yarmush, Solo.io & Dmytriy Rashko, Amdocs #

Time: 2:30pm CET - 3:45pm CET

Speakers: Lin Sun, Peter Jausovec & Eitan Yarmush, Solo.io & Dmytriy Rashko, Amdocs

Venue: G107, Amsterdam, Netherlands

Type: 🚨 CONTRIBFEST

Description: Curious how kagent brings agentic AI to the cloud native ecosystem? Interested in contributing to one of the fastest growing CNCF Sandbox projects (incubation pending), featured on the latest CNCF Technology Radar for agentic AI? Want to explore the codebase behind the kagent framework, or peek behind the curtain to see how it all works?

This is your chance. Join the kagent maintainers for a hands-on session diving into the codebase and learn how you can help shape the future of kagent, one PR at a time.

During this session, we will cover the architecture of kagent, how agents and MCP tools work together, how to set up your development environment, how to interact with the community, and how to start contributing your first PR to kagent.

🚨 Contribfest: Testing the Waters: Getting Started With Kgateway - Nina Polshakova, Solo.io; Mayowa Fajobi, Marsh McLennan; David Jumani & Steven Thwaites, Solo.io #

Time: 2:30pm CET - 3:45pm CET

Speakers: Nina Polshakova, Solo.io; Mayowa Fajobi, Marsh McLennan; David Jumani & Steven Thwaites, Solo.io

Venue: G106, Amsterdam, Netherlands

Type: 🚨 CONTRIBFEST

Description: Getting started with kgateway can feel daunting due to its layers of testing, from Gateway API conformance to unit, end-to-end, and performance tests. kgateway is a fully compliant, feature-rich Gateway API implementation. Since joining the CNCF, it has grown rapidly, adding OTEL tracing, inference routing, and MCP authentication, making thorough testing essential.

This session will guide newcomers through running and writing tests that validate kgateway’s functionality and Gateway API behaviors. Using virtualized environments that simulate realistic traffic and services, we’ll show how to run kgateway locally, build tests, measure performance, and validate Gateway API behaviors.

Speakers include past LFX mentors and mentees who can share first-hand experience making their first open source contributions. Participants will gain skills in structured testing and reproducibility applicable across CNCF projects. Bring your laptop, join our community, and start contributing to kgateway!

Cloud Native Theater | Istio Day: Zero-Downtime Migration from ingress-nginx to Istio in a Multi-Cluster Kubernetes Platform at Bloomberg - Joe Abellard, Bloomberg #

Time: 3:00pm CET - 3:30pm CET

Speakers: Joe Abellard, Bloomberg

Venue: Hall 1-5 | Tram Zone | Cloud Native Theater, Amsterdam, Netherlands

Type: SOLUTIONS SHOWCASE

Description: Bloomberg runs a large-scale managed multi-cluster Kubernetes platform built atop Karmada. As this infrastructure platform evolved, ingress-nginx became a crucial dependency for managing ingress traffic to essential services, including Karmada API server instances. With ingress-nginx now deprecated, we undertook a platform-wide migration to Istio.

This talk walks through our journey migrating from ingress-nginx to Istio in a complex, multi-cluster Kubernetes environment without downtime. We begin by describing our Kubernetes platform architecture, including how ingress-nginx fronted important control plane components across multiple clusters and regions. We then dive into our migration strategy, describing how Istio was introduced incrementally to help us maintain the platform's stability.

We will cover key challenges we encountered, such as preserving existing routing semantics and minimizing operational impact. Finally, we will share lessons learned and operational best practices for teams planning similar platform-level migrations.

Project Demo #

Time: 3:05pm CET - 3:30pm CET

Venue: Hall 1-5 | Gouda Zone | Project Pavilion, Amsterdam, Netherlands

Type: PROJECT OPPORTUNITIES

Amplifying End User Voices: Platform Architects on the Future of Kubernetes - Rajas Kakodkar & Zach Shepherd, Broadcom; Kevin Klues, NVIDIA; Elias Tarn, AWS; Dawn Chen, Google #

Time: 3:15pm CET - 3:45pm CET

Speakers: Rajas Kakodkar & Zach Shepherd, Broadcom; Kevin Klues, NVIDIA; Elias Tarn, AWS; Dawn Chen, Google

Venue: Hall 7 | Room C, Amsterdam, Netherlands

Type: PLATFORM ENGINEERING

Description: Platform architects bridge Kubernetes innovation and real-world adoption, engaging daily with end users facing operational challenges. Their direct engagement makes them uniquely qualified to amplify user voices. In this panel, they share practical lessons and strategies attendees can apply directly to their environments:

Conveniently treading the line between escalating configuration complexity and supporting diverse workloads
Extending beyond traditional Kubernetes distributions
Hard-won lessons from production incidents - upgrade anxiety, configuration drift and disaster recovery
How user feedback drives features like Dynamic Resource Allocation and app packaging frameworks like Kubernetes Resource Orchestrator
How enterprises can draw from CNCF TOC, TAG, K8s SIG to structure teams and responsibilities around Kubernetes operations

We will address how the community can contribute to this effort by engaging with CNCF TAG Workload Foundation and leveraging the End User TAB.

Choose Your Own Adventure: AI Meets Internal Developer Platform - Whitney Lee, Datadog & Viktor Farcic, Upbound #

Time: 3:15pm CET - 3:45pm CET

Speakers: Whitney Lee, Datadog & Viktor Farcic, Upbound

Venue: Hall 7 | Room A, Amsterdam, Netherlands

Type: CLOUD NATIVE NOVICE

Description: Our hero app lives in a Kubernetes cluster supported by an Internal Developer Platform built with Crossplane and OpenTelemetry. But the developers want more: can an AI agent make their experience even smoother?

In this interactive session, the audience will vote at key moments to guide the investigation of a broken app — with help from AI. We'll explore three categories of AI tooling: agent frameworks, vector databases, and observability backends. At each step, we'll introduce a concept, present options, and let the audience decide which to use in the live demo.

This talk isn't just about how AI works — it's about how an AI agent can interface with and enrich a modern platform.

Will our AI choices help or hinder? However it goes, you'll see how an agent with the right tools can investigate and deploy on behalf of a developer who has no direct cluster access. Expect surprises, stumbles, and a lively discussion about what AI is (and isn't) ready for in platform engineering.

Crossplane - The Cloud Native Framework for Platform Engineering - Jared Watts & Adam Wolfe Gordon, Upbound #

Time: 3:15pm CET - 3:45pm CET

Speakers: The Cloud Native Framework for Platform Engineering - Jared Watts & Adam Wolfe Gordon, Upbound

Venue: Amtrium 1+2, Amsterdam, Netherlands

Type: MAINTAINER TRACK

Description: The maintainers of the CNCF Crossplane project (https://www.crossplane.io/) will lead this session that will not only introduce the project to new attendees, but also dive deep into the details of Crossplane’s latest features, releases, and roadmap. There is always something new to show off at Kubecon! With the v2.2 release complete and new features continuously shipping and maturing based on community feedback, we have plenty of new material to showcase. Join us for live demos highlighting the latest Crossplane improvements and features and why they matter, and learn first-hand from the maintainers how to adopt them into your own Crossplane-powered control planes.

Instrumenting Kueue Scheduling for ML Training - Amy Chen, CoreWeave & Gabriel Saba, Google #

Time: 3:15pm CET - 3:45pm CET

Speakers: Amy Chen, CoreWeave & Gabriel Saba, Google

Venue: Hall 8 | Room F, Amsterdam, Netherlands

Type: AI + ML

Description: Kueue is a job scheduler with functionality essential for running batch/ML workloads. Operating it at scale surfaced opaque scheduling failures. We take learnings from our large-scale ML training platform, detailing how we cracked open Kueue's scheduler’s “black box,” improving observability and translating complex scheduling logic into clear, actionable signals.

In this session, we will first deep dive into the stages of Kueue's scheduling to create a foundational understanding. Then present a subtle fairsharing quota reclamation bug, showcasing the metrics and logging we added to detect it and prove its impact. And finally, present examples where Kueue metrics helped us identify critical bottlenecks in Kueue’s preemption logic.

Attendees walk away with practical knowledge to instrument the Kueue workload lifecycle, enabling them to track workloads through each stage, from reservation to admission, definitively answering the critical question: “Why is my workload still pending?”

Kubeflow in Cloud Native AI: Orchestrating the Next Wave of Agentic AI and LLMOps - Johnu George, Nutanix; Valentina Rodriguez Sosa & Antonin Stefanutti, Red Hat; Alexander Perlman & Michael Zazula, Capital One #

Time: 3:15pm CET - 3:45pm CET

Speakers: Johnu George, Nutanix; Valentina Rodriguez Sosa & Antonin Stefanutti, Red Hat; Alexander Perlman & Michael Zazula, Capital One

Venue: E103-105, Amsterdam, Netherlands

Type: MAINTAINER TRACK

Description: The definition of Cloud Native AI is shifting. Beyond standard training and serving pipelines, the next frontier involves complex, agentic workflows, advanced fine-tuning algorithms, and efficient resource orchestration at scale. Kubeflow is adapting to meet next-generation requirements, ensuring its modular core remains the robust foundation for building AI platforms on Kubernetes.

This session explores the strategic vision for Kubeflow in 2026. We will map out the ecosystem’s evolution, focusing on advanced GenAI use cases while maintaining critical stability for enterprise adopters. Maintainers will discuss how cross-community collaboration is driving a unified architecture that balances flexibility with standardized interfaces across all Kubeflow projects.

Finally, we will outline the roadmap, highlighting initiatives to improve the developer experience. Attendees will leave with a clear understanding of the project's direction and how to align their internal platforms.

Kubernetes Network Driver Unpacked: Modularity, Trade-offs and the Road Ahead - Lionel Jouin & Sebastian Scheinkman, Red Hat; Antonio Ojea, Google; Sunyanan Choochotkaew, IBM #

Time: 3:15pm CET - 3:45pm CET

Speakers: Lionel Jouin & Sebastian Scheinkman, Red Hat; Antonio Ojea, Google; Sunyanan Choochotkaew, IBM

Venue: Hall 7 | Room B, Amsterdam, Netherlands

Type: CONNECTIVITY

Description: This panel brings together contributors from several pioneering Kubernetes Network (DRA) Drivers (KND), including the CNI-DRA-Driver and DraNet to explore how the Device Resource Allocation (DRA) framework is transforming Kubernetes networking through modular, composable, and interoperable components.

Panelists will share early experiences with DRA for networking, lessons learned, and trade-offs between building a single, complete KND (Kubernetes Network Driver) versus an ecosystem of smaller, purpose-driven ones. They will also discuss how to balance imperative and declarative models, maintain simplicity while ensuring extensibility, and what these choices mean for vendors, developers, and end users.

Attendees will gain a clear understanding of where the ecosystem is headed and what paths exist toward interoperability across projects. Whether you are a cluster operator, vendor, or contributor, this session will help you navigate the next generation of Kubernetes networking.

Laughter Workshop #

Time: 3:15pm CET - 4:00pm CET

Venue: Europe Foyer, Amsterdam, Netherlands

Type: EXPERIENCES

Leveling up with Radius: Custom Resources and Headlamp Integration for Real-World Workloads - Nuno Guedes, Millennium bcp & Will Tsai, Microsoft #

Time: 3:15pm CET - 3:45pm CET

Speakers: Nuno Guedes, Millennium bcp & Will Tsai, Microsoft

Venue: Forum, Amsterdam, Netherlands

Type: PLATFORM ENGINEERING

Description: As teams adopt Radius to simplify and unify application dependencies management, one of the biggest challenges becomes extending it for real-world, production-grade workloads. In this session, Millennium bcp shares how we evolved Radius beyond the basics to model and operate complex dependencies like Datadog monitors, AI models, and internal APIs—treating them as first-class resources inside the Radius app graph.

We’ll walk through the architecture behind custom resource providers, lifecycle automation, and policy enforcement that make these extensions reliable and compliant. Finally, we’ll demo the Radius plugin for Kubernetes Headlamp, which brings app visualization, dependency mapping, and operations into the same UI developers already use. Attendees will leave with proven design patterns for extending Radius, improving developer experience, and achieving consistent app management across clouds.

OpenCost - Cost and Resource Management Deep Dive - Rajith Attapattu, Randoli #

Time: 3:15pm CET - 3:45pm CET

Speakers: Cost and Resource Management Deep Dive - Rajith Attapattu, Randoli

Venue: G102-103, Amsterdam, Netherlands

Type: MAINTAINER TRACK

Description: The OpenCost project has been incubating in the CNCF and has helped thousands of users not only track Kubernetes cost, but also implement best practices in resource management.

This session will cover an overview of what OpenCost does, how it works, how it is architected, and how to get started.
We’ll also cover exciting developments from the last 12 months: an MCP server that provides cost metrics and guides for improvement, health tracking, diagnostics, easy export, and constantly improving functionality with the cloud providers.
We’ll also give some peeks into the roadmap for the rest of 2026, including KubeModel: OpenCost's next-generation data model.

Operators in Action: Making Kubernetes Work for You - Verena Traub, b'nerd GmbH #

Time: 3:15pm CET - 3:45pm CET

Speakers: Verena Traub, b'nerd GmbH

Venue: Elicium 2, Amsterdam, Netherlands

Type: PLATFORM ENGINEERING

Description: When our team needed to automate the creation of multiple app instances, we quickly realized that existing tools weren’t enough. Writing a custom operator turned out to be the most practical way to manage their lifecycle — and a surprisingly effective way to see how Kubernetes works under the hood. In this talk, I’ll walk you through the lessons learned while building an operator for a real-world multi-service application. We’ll explore designing Custom Resources, implementing reconciliation logic, and handling state and configuration challenges. Along the way, I’ll share the pitfalls I ran into, debugging tricks that helped, and the patterns that made the operator framework click. Whether you’re curious about what goes on behind the scenes in Kubernetes operators or planning to build one yourself, you’ll leave with practical tips and a clear roadmap to get started confidently.

Real-World Supply-Chain Security - Alex Leong, Buoyant #

Time: 3:15pm CET - 3:45pm CET

Speakers: Alex Leong, Buoyant

Venue: Hall 8 | Room G, Amsterdam, Netherlands

Type: SECURITY

Description: Supply-chain security isn’t optional any more – but what does it take to actually get it working for an existing project? The Linkerd project recently had to go through exactly this exercise, which turned out to be quite a bit more involved than one might expect! We build multi-architecture images using both Rust and Go, we need fully-automated signing and attestation for all those artifacts, and we ship multiple images that all need the same treatment. What we found when we dove into doing this work was that the supply-chain ecosystem was less mature than we’d thought, and also that Linkerd’s build system wasn’t as well tailored to it as we would have liked. In this session, we’ll look at the challenges we found, the work we did to meet those challenges, and the places where there’s more yet to do – and while this is, of course, talking about the experiences of the Linkerd project, you’ll walk away with practical insights about how to manage your own supply chain security.

Rust Vs. Go: Building a Container Network Stack From Scratch - Matt Heon, Red Hat & Shivang K Raghuvanshi, Podman Container Tools #

Time: 3:15pm CET - 3:45pm CET

Speakers: Matt Heon, Red Hat & Shivang K Raghuvanshi, Podman Container Tools

Venue: Hall 8 | Room E, Amsterdam, Netherlands

Type: APPLICATION DEVELOPMENT

Description: For over a decade, Go has been the language of choice for cloud native development. But is it always the right choice? When the Podman team built their new network stack, Netavark and Aardvark, despite many years of Go experience, they chose Rust instead. This talk covers the practical reasons they chose Rust, the concrete advantages it offered, and the tradeoffs made moving to another language. Join Matt Heon, Podman core maintainer, who will discuss how and why the decision was made, and Shivang K Raghuvanshi, LFX mentee, who will talk about his experiences contributing to the project and fixing a critical bug in the network stack, showing how mentorship in Open Source can solve real, difficult problems.

Schema Inference and Automation: A New Era for Telemetry Management - Nicolas Takashi, Coralogix & Arthur Silva Sens, Grafana Labs #

Time: 3:15pm CET - 3:45pm CET

Speakers: Nicolas Takashi, Coralogix & Arthur Silva Sens, Grafana Labs

Venue: Hall 12, Amsterdam, Netherlands

Type: OBSERVABILITY

Description: If you’ve ever spent hours fixing broken dashboards after a metric change or chasing down why an alert stopped firing, you’re not alone. The struggle of maintaining backward compatibility makes telemetry brittle, hard to trust, and difficult to evolve. The OpenTelemetry community has introduced the idea of Telemetry First, advanced by the Weaver project, where telemetry schemas are treated as first-class citizens. In this session, you will see how adopting a schema-driven approach can transform observability from an afterthought into a design principle.
The talk will cover two dimensions: manually defining schemas to bring order to new and existing telemetry, and exploring how runtime schema inference can accelerate adoption in complex, legacy platforms. Attendees will learn how Telemetry First enables automation of dashboards, alerts, and instrumentation clients; enforces data quality checks; powers contract testing; and establishes a living telemetry catalog with history and lineage.

The Future of Kubernetes Scalability: Challenges of the GigaWatt Computing Power of the AI Era - Maciek Różacki, Google Cloud & Artur Rodrigues, Anthropic #

Time: 3:15pm CET - 3:45pm CET

Speakers: Maciek Różacki, Google Cloud & Artur Rodrigues, Anthropic

Venue: Hall 8 | Room D, Amsterdam, Netherlands

Type: OPERATIONS + PERFORMANCE

Description: AI (and LLMs in particular) are pushing the boundaries of what we thought is possible with compute infrastructure. Traditional Kubernetes, designed for microservices, faces new challenges in scheduling, data gravity, and resource management for massive, distributed workloads. 5000 nodes, 65000, 100000 …. - should clusters keep growing or perhaps we need a paradigm shift in how we are thinking about the evolution of Kubernetes? This talk explores the architectural shifts required for Kubernetes to remain the backbone of modern computing. We will discuss emerging workload patterns, the role of custom schedulers, hardware acceleration integration (GPUs/TPUs), and the potential evolution of core components to handle the scale and unique demands of the AI era. Attendees will gain a forward-looking perspective on where the ecosystem is heading.

To Swap or Not To Swap: Memory Management Design Patterns for AI Workloads in Kubernetes 1.34+ - Nic Vermande, ScaleOps #

Time: 3:15pm CET - 3:45pm CET

Speakers: Nic Vermande, ScaleOps

Venue: Auditorium, Amsterdam, Netherlands

Type: AI + ML

Description: Kubernetes swap support is now stable, reopening a debate the industry thought was settled: is swap still evil? For AI/ML workloads with 100GB+ memory footprints, the answer is nuanced. This talk explores when swap helps vs. hurts GPU inference and training workloads. We'll cover 3 real production scenarios: - Overcommitting Memory: Running multiple small models on shared nodes where occasional swap prevents OOMKills. - Burst Traffic Handling: Using swap as a safety valve during traffic spikes when KV cache grows beyond predictions. Live demo with vLLM showing graceful degradation vs. pod eviction. - When Swap Kills You: Training workloads and real-time inference where swap latency destroys performance. By the end of this talk, you will know exactly when to enable swap and when to keep it disabled. Production-tested configs included!

What Happens in Kubernetes SIG Scalability: Intro + DeepDive - Wojciech Tyczyński, Google #

Time: 3:15pm CET - 3:45pm CET

Speakers: Wojciech Tyczyński, Google

Venue: E106-108, Amsterdam, Netherlands

Type: MAINTAINER TRACK

Description: This session will cover different efforts that SIG Scalability is involved in: defining what scalability means for Kubernetes, driving performance improvements, maintaining infrastructure for scalability testing, guarding Kubernetes against performance regressions. In addition to overall overview, the most recent achievement and challenges are always the top focus for the presentation. Cooperation with other SIGs is an important aspect of the presentation as many improvements driven from the SIG are in fact owned by other SIGs. Time for Q&A will be reserved at the end of the session to understand how the SIG can better engage with the community as well as to allow the audience to provide the input about the roadmap.

etcd 3.6 Updates and 3.7 Roadmap - Arka Saha, Broadcom & Josh Berkus, Red Hat #

Time: 3:15pm CET - 3:45pm CET

Speakers: Arka Saha, Broadcom & Josh Berkus, Red Hat

Venue: F002-005, Amsterdam, Netherlands

Type: MAINTAINER TRACK

Description: Where has etcd been recently, and where is it going? Since most of the Kubecon audience are already etcd users, whether directly or as part of Kubernetes, they'll be interested to find out about the changes since Kubecon Atlanta and our plans for etcd 3.7.

First, we'll go over changes to etcd in the last five months, including 3.4 downgrade support, the v3store migration (and problems), performance enhancements, livez/readyz, and more. We'll even have a few demos. Next, we'll talk about the v3.7 roadmap, including image registry update, range stream, RAFT async writes, and diagnostic tooling. We'll give you an update on the robustness tests and Go workspace support as well.
Anyone who uses etcd will want to check in, find out the latest, and give us some feedback.

Cloud Native Theater | Istio Day: The Good, The Ugly, and The Bad: Leaving Sidecars Behind with Istio Ambient Mesh - Alfonso Ming and Jorge Turrado, SCRM Lidl International Hub #

Time: 3:30pm CET - 4:00pm CET

Speakers: Alfonso Ming and Jorge Turrado, SCRM Lidl International Hub

Venue: Hall 1-5 | Tram Zone | Cloud Native Theater, Amsterdam, Netherlands

Type: SOLUTIONS SHOWCASE

Description: We found ourselves at a difficult inflection point: continue to grapple with the substantial cost and sheer operational complexity of our traditional sidecar deployment, or commit to a forward leap into the developing landscape of Istio Ambient Mesh. We chose the latter.

This session offers an unvarnished retrospective on that migration—what truly worked, what became unexpectedly messy, and the hard trade-offs we had to accept.

The immediate return on investment was significant. We achieved a massive, quantifiable reduction in resource overhead. Furthermore, Ambient delivered an immediate security uplift: mTLS encryption in transit, courtesy of the ztunnel, which finally allowed us to responsibly deprecate highly complex internal legacy systems, such as our long-standing HMAC-based authentication setup.

The challenge lay in the infrastructure shift. Adopting Ambient necessitated a comprehensive overhaul of our operational processes. This spanned from painstakingly integrating Argo Rollouts with the Gateway API to achieve sophisticated traffic steering, to the fundamental re-tooling of our observability stack. Learning to effectively monitor L7 data when it is isolated within waypoint proxies required deep adaptation across our metrics, logging, and alerting strategies.

We will also address the compromises we encountered—the architectural nuances of the ztunnel model and the current limitations when operating certain advanced L7 features within a proxy-less topology. Join us to move past the marketing and explore the real-world benefits and tangible operational hurdles of choosing the Ambient Mesh path over the established sidecar model.

Coffee Break ☕#

Time: 3:45pm CET - 4:15pm CET

Venue: Hall 1-5 | Solutions Showcase, Amsterdam, Netherlands

Type: BREAKS

Time: 3:45pm CET - 4:15pm CET

Venue: Hall 1-5 | Solutions Showcase, Amsterdam, Netherlands

Type: SOLUTIONS SHOWCASE

Description: Sponsor: Cloudsmith
Demo: AI’s Impact on Dependency Risk: When Your Build Pulls Code You Didn’t Choose
Booth Number: 570

Sponsor: PortDemo: Agents sprawl. Solved.Booth Number: 330

Sponsor: Sysdig
Demo: Pivoting from detection to investigation with Falco and Stratoshark
Booth Number: 671

Sponsor: Veeam
Demo: Modern Kubernetes Data Protection - Live Demo!
Booth Number: 950

Learning Lounge: Don’t Cross Wires - Cross-Skill: Aligning Teams Around Smart Learning Paths - Mary Campbell & Randi Armour, Linux Foundation Education #

Time: 3:45pm CET - 4:00pm CET

Speakers: Cross-Skill: Aligning Teams Around Smart Learning Paths - Mary Campbell & Randi Armour, Linux Foundation Education

Venue: Hall 1-5 | Bridge Zone | Learning Lounge, Amsterdam, Netherlands

Type: SOLUTIONS SHOWCASE

Description: 10-Minute Tip Talk

Project Demo #

Time: 3:45pm CET - 4:10pm CET

Venue: Hall 1-5 | Gouda Zone | Project Pavilion, Amsterdam, Netherlands

Type: PROJECT OPPORTUNITIES

Cloud Native Theater | Istio Day: Panel: Tales From the Mesh: Horrors and Successes of Running Istio in Production #

Time: 4:00pm CET - 4:45pm CET

Venue: Hall 1-5 | Tram Zone | Cloud Native Theater, Amsterdam, Netherlands

Type: SOLUTIONS SHOWCASE

Description: Tune in to this discussion to hear from real Istio users and their experiences.They will share about their use cases for service mesh, what issues and hurdles they faced and, ultimately, whether it all paid off.

Project Pavilion Tour with Joseph Sandoval, CNCF Ambassador #

Time: 4:00pm CET - 4:20pm CET

Venue: Hall 1-5 | Gouda Zone | Project Pavilion, Amsterdam, Netherlands

Type: PROJECT OPPORTUNITIES

Women's Community Gathering #

Time: 4:00pm CET - 5:00pm CET

Venue: G104 - 105 | Community Hub, Amsterdam, Netherlands

Type: INCLUSION + ACCESSIBILITY

Description: Women’s Gatherings are strategic community spaces designed to foster inspiration, empowerment, knowledge sharing, and leadership visibility. They create intentional opportunities to amplify the voices of individuals who identify as women and non-binary, celebrate achievements, and strengthen representation across the ecosystem.

The objective of this session is to establish a dedicated community gathering for Women in Cloud Native at KubeCon + CloudNativeCon enabling meaningful networking, peer mentorship, collaboration, and sustained engagement. We aim to drive inclusion, increase participation, and support the long-term growth of women leaders within the cloud native community.

Celebration of Newly Graduated Projects + Project Birthdays 🎉#

Time: 4:15pm CET - 5:00pm CET

Venue: Hall 1-5 | Gouda Zone | Project Pavilion, Amsterdam, Netherlands

Type: PROJECT OPPORTUNITIES

Description: Join us in the Project Pavilion to recognize our newest Graduated Project 🎉 Kyverno!Grab a treat & stop by these projects kiosks to say congratulations on their recent graduation or project birthday!Project Birthdays!10 Years: Cilium, Envoy, Falco & Jaeger

From Alert Fatigue To Self-Healing: Building AI-Enabled Control Planes in Banking - Nuno Guedes, Millennium bcp & Yury Tsarev, Upbound #

Time: 4:15pm CET - 4:45pm CET

Speakers: Nuno Guedes, Millennium bcp & Yury Tsarev, Upbound

Venue: Hall 8 | Room D, Amsterdam, Netherlands

Type: OPERATIONS + PERFORMANCE

Description: When Millennium bcp, one of Portugal’s largest banks, faced alert fatigue and long MTTR across their multi-cloud platform, we built AI-enhanced Crossplane control planes to bring self-healing and intelligent scaling to production. Using LLM-powered composition functions, Kubernetes alerts are automatically triaged and remediated, cutting SRE escalations dramatically. Workload-aware algorithms dynamically scale resources across multiple clouds—remaining fully auditable and compliant. We’ll share the architecture, open-source components, and lessons learned from running AI-enabled control planes in a regulated banking environment—showing how to adopt AI Ops responsibly using CNCF projects like Crossplane and Kubernetes.

From Static Tokens to Attestation: The Evolution of Secure Node Joining - Ciprian Hacman & Jack Francis, Microsoft; Michael McCune & Josephine Pfeiffer, Red Hat; Justin Santa Barbara, Google #

Time: 4:15pm CET - 4:45pm CET

Speakers: Ciprian Hacman & Jack Francis, Microsoft; Michael McCune & Josephine Pfeiffer, Red Hat; Justin Santa Barbara, Google

Venue: F002-005, Amsterdam, Netherlands

Type: MAINTAINER TRACK

Description: In an era where Karpenter can spin up capacity in seconds, Cluster API reconciles entire machine fleets, and users routinely plug custom nodes into managed control planes, “if the kubelet connects, it’s in” is no longer good enough. This panel brings together maintainers and practitioners from projects like kOps and Cluster API, along with engineers from major cloud providers, to describe secure node joining today, and explore how it should look in the future.Attendees can expect the panelists to cover a wide range of topics including: defining a root of trust, validating node identities with metadata and attestation, locking down CSR approval, binding joins to declarative objects, and using post-join controls (NodeRestriction, scoped RBAC, admission, and drift detection) to keep privilege creep in check. If your clusters can “join me, maybe” at any time, this session will help ensure only the right nodes ever hear “you’re in.”

How to Build Your Cloud Native Balance Sheet - Danielle Cook, Akamai & Simon Forster, Stackegy #

Time: 4:15pm CET - 4:45pm CET

Speakers: Danielle Cook, Akamai & Simon Forster, Stackegy

Venue: Hall 7 | Room A, Amsterdam, Netherlands

Type: CLOUD NATIVE EXPERIENCE

Description: Every company has a financial balance sheet. But what’s your cloud-native balance sheet? Can you identify your cloud native assets and liabilities? Do you know how to quantify your tangible and intangible resources?

This session looks at cloud native investment through a CFO’s lens. We’ll introduce the idea of a Cloud Native Balance Sheet and break down topics like CapEx vs. OpEx, the cost of delay, and the cost of failure. You’ll learn how to assess assets and liabilities across technology, security, process, and policy, and how organizations are redefining FinOps and platform engineering as business enablers rather than cost centers. We’ll also explore the human and organizational dynamics (i.e. politics!) behind cloud native success, and how to align finance, engineering, and product around measurable outcomes.

LLM Inference at Scale: Orchestrating Prefill-Decode Disaggregation - Zhonghu Xu, Huawei Technologies Co., Ltd #

Time: 4:15pm CET - 4:45pm CET

Speakers: Zhonghu Xu, Huawei Technologies Co., Ltd

Venue: Forum, Amsterdam, Netherlands

Type: PLATFORM ENGINEERING

Description: Prefill-Decode (PD) disaggregation has emerged as the reference architecture for large language model (LLM) inference deployments. By separating the prefill and decode stages, PD disaggregation eliminates cross-stage interference, significantly improving Time-To-First-Token (TTFT) and Time-Per-Output-Token (TPOT) metrics. This session introduces Kthena's approach to orchestrating PD-disaggregated LLM workloads in Kubernetes through a simple, lightweight API. Our hierarchical role-based design natively supports multi-group xPyD inference deployments with the following capabilities: - Dynamically adjust instance ratios between prefill and decode stages accordingly - Either collaborate with LeaderWorkerSet (LWS) for role-based deployments or direct Pod management - Enhanced network topology aware shceduling: combined with Volcano or Kueue supernode-aware scheduling to achieve better inference performance.

Lessons Learned Orchestrating Multi-Tenant GPUs on OpenShift AI with NVIDIA KAI (G/H200) - Luca Berton, Dell Technologies #

Time: 4:15pm CET - 4:45pm CET

Speakers: Luca Berton, Dell Technologies

Venue: Hall 8 | Room F, Amsterdam, Netherlands

Type: AI + ML

Description: How do you run shared, production-grade GPUs for AI/ML safely and efficiently? This experience report distills hard-won lessons from implementing multi-tenant GPU orchestration on OpenShift AI using NVIDIA KAI on G/H200 hardware, fronted by Traefik and backed by Dell Technologies platforms. We’ll cover tenant isolation patterns (namespaces, quotas, priority classes), scheduling on heterogeneous nodes, MIG vs. full-GPU trade-offs, throughput vs. latency tuning, driver/firmware pitfalls, upgrade/rollback strategies, and day-2 ops (observability, autoscaling, chargeback). Expect practical manifests and guardrails you can apply immediately.

OpenTelemetry Logs Driving a Major Shift: Events, Richer Data, and Smarter Semantics - Robert Pająk, Splunk #

Time: 4:15pm CET - 4:45pm CET

Speakers: Robert Pająk, Splunk

Venue: Elicium 2, Amsterdam, Netherlands

Type: OBSERVABILITY

Description: OpenTelemetry Logs are no longer the least mature signal. They’re driving major changes across the project. This talk explores how recent developments, including the introduction of OpenTelemetry Events, richer semantic conventions, and support for complex attribute values like nested objects and arrays. These changes are not isolated. They represent a coordinated effort to unify and modernize telemetry data, improve correlation across signals, and enable richer, more structured observability experiences.

This session will dive into the technical challenges, design decisions, and emerging patterns that are turning logs into a first-class citizen in the OpenTelemetry ecosystem.

This session makes the case that logs are no longer “legacy”, they’re a foundation for smarter, more unified observability. Whether you're a platform engineer, SRE, or tooling vendor, understanding this shift is key to staying ahead as OpenTelemetry evolves.

OpenTelemetry Project Update and 'Ask the Experts' - Pablo Baeyens, Datadog; Juraci Paixão Kröhling, OllyGarden; Marylia Gutierrez, Grafana Labs; Severin Neumann, Causely #

Time: 4:15pm CET - 4:45pm CET

Speakers: Pablo Baeyens, Datadog; Juraci Paixão Kröhling, OllyGarden; Marylia Gutierrez, Grafana Labs; Severin Neumann, Causely

Venue: G102-103, Amsterdam, Netherlands

Type: MAINTAINER TRACK

Description: Join us for the official project update OpenTelemetry session at KubeCon+CloudNativeCon. OpenTelemetry contributors have been working hard to evolve the project to be stable by default and simplify its usage. Governance Committee members will discuss these and other exciting improvements in the project since the last update in Atlanta. This session will also be your opportunity to engage with contributors and maintainers from across the project and get your questions answered!

Privacy as Infrastructure: Declarative Data Protection for AI on Kubernetes - Joaquin Rodriguez, Microsoft & Krishnendu Dasgupta, AXONVERTEX AI #

Time: 4:15pm CET - 4:45pm CET

Speakers: Joaquin Rodriguez, Microsoft & Krishnendu Dasgupta, AXONVERTEX AI

Venue: Hall 8 | Room G, Amsterdam, Netherlands

Type: SECURITY

Description: AI services are multiplying faster than privacy controls can keep up. This talk covers a Kubernetes-native approach to make privacy "just work": an open-source framework that treats data protection as infrastructure, not application code. It introduces the concept of a Privacy Operator that discovers AI and ML workloads, applies declarative privacy policies, and enforces anonymization at deployment and runtime. Instead of developers wiring in libraries or filters, the platform ensures that sensitive data never leaves a workload unprotected. We will demonstrate the architecture, policy model, and enforcement patterns, from webhook-based mutation to service-level mediation, with key trade-offs for latency, reliability, and observability. This session will show privacy automation in action as policies update dynamically across running AI workloads.

SIG API Machinery: SIG Updates and Deep Dive in the AI/ML Era - Stefan Schimanski, NVIDIA #

Time: 4:15pm CET - 4:45pm CET

Speakers: Stefan Schimanski, NVIDIA

Venue: E103-105, Amsterdam, Netherlands

Type: MAINTAINER TRACK

Description: SIG API Machinery: SIG Updates and Deep Dive in the AI/ML Era

Slinky Expanded: Slurm, Kubernetes, and DRA - Praveen Krishna, Google & Marlow Warnicke, SchedMD LLC #

Time: 4:15pm CET - 4:45pm CET

Speakers: Praveen Krishna, Google & Marlow Warnicke, SchedMD LLC

Venue: Auditorium, Amsterdam, Netherlands

Type: AI + ML

Description: For training and multi-node inference jobs to be performant and efficient, you must maximize cluster use and minimize resource costs. This requires fine-grained resource scheduling plugged into an advanced scheduler; without it, your workloads will not meet these goals. The Kubernetes ecosystem has solved half of the problem by exposing hardware information via Dynamic Resource Allocation (DRA), but an advanced scheduler is needed to use that information for efficient scheduling.

The slurm-bridge scheduler, part of the SlinkyProject, brings this advanced scheduling to Kubernetes for multi-node workloads. Historically, it relied on slurmd daemons running directly on the node to get the detailed topology information. We have now adapted the slurm-bridge to consume resource information directly from the Kubernetes-native CPU DRA driver, demonstrating a new level of attainable efficiency.

Join us for a demonstration of how these technologies work together.

Smart Routing at Scale: How Spotify’s XDS Control Plane Cut 75% of Cross-Zone Traffic - Yannick Epstein & Anya Hristova, Spotify #

Time: 4:15pm CET - 4:45pm CET

Speakers: Yannick Epstein & Anya Hristova, Spotify

Venue: Hall 7 | Room B, Amsterdam, Netherlands

Type: CONNECTIVITY

Description: Running workloads across multiple availability zones is essential for reliability, but at Spotify’s scale it also drives significant cross-zone network cost. Historically, Spotify relied on client-side routing based on each service’s limited local view, which improved efficiency but couldn’t globally optimize where requests were sent.
This talk describes how Spotify extended its in-house xDS control plane to enable dynamic, data-driven zone-aware routing across a proxyless service mesh spanning two million nodes. By combining Envoy’s routing principles with real-time load telemetry, the control plane continuously recalculates optimal per-zone weights and updates routing state in real time.
The system achieved a sustained 75% reduction in cross-zone traffic across Spotify’s compute infrastructure without impacting reliability. While grounded in Spotify’s environment, the same design principles apply to any large-scale service mesh balancing cost efficiency and high availability.

Smoothed and Anchored Rate Calculation in PromQL - Björn Rabenstein, Grafana Labs #

Time: 4:15pm CET - 4:45pm CET

Speakers: Björn Rabenstein, Grafana Labs

Venue: Hall 12, Amsterdam, Netherlands

Type: OBSERVABILITY

Description: The “rate” function and its friends “increase” and “delta” are easily the most used (and probably also the most abused) functions in all of PromQL. Unsurprisingly, a lot of discussion has happened over the years about how to improve these functions. The Prometheus maintainers took a conservative approach here, much to the dismay of some. But finally things are moving, and there are now two new experimental modifiers in PromQL: “smoothed” and “anchored”. This session will not only explain how to use them and for what, it will also provide some context why it took so long and what triggered the recent changes.

The Developer’s Nightmare: How To Survive Compliance Checklists (and Still Ship Fast) - Alexandra Hou Aldershaab, Eficode & Thomas Vitale, Systematic #

Time: 4:15pm CET - 4:45pm CET

Speakers: Alexandra Hou Aldershaab, Eficode & Thomas Vitale, Systematic

Venue: Hall 8 | Room E, Amsterdam, Netherlands

Type: APPLICATION DEVELOPMENT

Description: You did it! The new feature you’ve been implementing is now ready and you can’t wait to ship it. “Not so fast”. Oh no, it’s them: the guardians of compliance! You know what’s about to happen. You’ve been there before. - Are you using any license that is not approved? - Is there any CVE reported for the new dependencies you added? - Can you guarantee the artifact running in production has not been tampered with? Several checklists, paperwork, and meetings later, you’re finally approved for release. Not fun. Where did the developer joy go? In this session, Alexandra and Thomas explore how to break the compliance barriers for developers, even in highly-regulated industries. The goal is to enhance the developer experience while letting the platform automate and enforce compliance and security checks. You'll follow the mishaps of a developer and learn how to deal with compliance, using practical solutions based on OSS tools like Backstage, Dependency-Track, Sigstore and Buildpacks.

Towards Building an Open Source AI Reference Stack for EU Sovereign Cloud - Madhav Bhargava, SAP Labs & Sanjay Chatterjee, NVIDIA #

Time: 4:15pm CET - 4:45pm CET

Speakers: Madhav Bhargava, SAP Labs & Sanjay Chatterjee, NVIDIA

Venue: Hall 7 | Room C, Amsterdam, Netherlands

Type: EMERGING + ADVANCED

Description: Europe's pursuit of digital sovereignty supported by the NeoNephos foundation under the IPCEI-CIS initiative aims to build an open, enterprise-grade, multi-provider cloud-to-edge continuum towards fostering the European Industrial AI ecosystem. As part of this initiative we will present the end-to-end open source AI inference stack built on top of the Gardener Kubernetes platform. The building blocks of this stack include: - Community Container Native Linux image flavors with baked in NVIDIA drivers. - First class integration of NVIDIA Kubernetes GPU operator. - Grove project (co-developed by Gardener and NVIDIA) that enables multi-GPU multi-node distributed inference workloads serving generative AI efficiently on Kubernetes. We will demonstrate the capabilities of this stack running disaggregated multi-node inference workloads using NVIDIA Dynamo inference platform.

What's New With Kubectl and Kustomize … and How You Can Help! - Marly Salazar, Integral Ad Science; Yugo Kobayashi, SB Intuitions; Eddie Zaneski & Maciej Szulik, Defense Unicorns; Arda Guclu, Red Hat #

Time: 4:15pm CET - 4:45pm CET

Speakers: Marly Salazar, Integral Ad Science; Yugo Kobayashi, SB Intuitions; Eddie Zaneski & Maciej Szulik, Defense Unicorns; Arda Guclu, Red Hat

Venue: E106-108, Amsterdam, Netherlands

Type: MAINTAINER TRACK

Description: Have you ever wondered how kubectl and kustomize enhancements are designed and built? Curious why your favorite feature request wasn't accepted? Join the folks from Kubernetes SIG CLI to find out!

In this session, the SIG CLI maintainers will provide an introduction to the plethora of tooling they are working on and an overview of how to get started contributing. They will share the work done over the past year and the roadmap for what is next. Join us to help shape your favorite tools!

📚 Tutorial: Attack Defense: Leverage eBPF To Reveal Attack Flows With Rich Context - Constanze Roedig, fusioncore.ai; Markus Gierlinger, Independent; Teodor Janez Podobnik, Prewave GmbH #

Time: 4:15pm CET - 5:30pm CET

Speakers: Constanze Roedig, fusioncore.ai; Markus Gierlinger, Independent; Teodor Janez Podobnik, Prewave GmbH

Venue: Elicium 1, Amsterdam, Netherlands

Type: 📚 TUTORIALS

Description: In this tutorial you learn how mature, well-maintained FOSS eBPF tools make invisible activity visible - and how hooking the kernel allows you to understand what is really happening.

We guide you through a series of attacks (MITRE TTPs) using an intuitive UI and use eBPF to watch how the steps are detonated

Intercepting malicious payloads in encrypted traffic
Watching file access in a smart way
The value and dangers of hooking STDOUT/IN
Fileless malware abusing (deleted) filedescriptors
Rating the usefulness: syscalls, file-hashes, packets etc
Tracing a pivot across neighboring services (in UI and kernel level)
Capability/RBAC abuse for e.g. Node/Proxy RCE

Please note, that in this workshop you will be using your own laptop to access a pre-configured lab-machine via the browser. Please save your spot by signing up. Once we reach capacity, it may be required to share the remote labs.

Please make sure to

have a GitHub account
with GitHub account register your seat at https://labs.iximiuz.com/trainings/KubeConEu-b26d69dc (free, no need to purchase anything)
sign up at https://work.getcosmic.ai/auth/signup (CNCF Pixie) with a valid email
make sure you have connectivity on your laptop (the speakers cannot guarantee for conference WIFI)

🚨 Contribfest: Dive Into cert-manager and Start Contributing! - Richard Wall & Mladen Rusev, Palo Alto Networks #

Time: 4:15pm CET - 5:30pm CET

Speakers: Richard Wall & Mladen Rusev, Palo Alto Networks

Venue: G106, Amsterdam, Netherlands

Type: 🚨 CONTRIBFEST

Description: Join us for a hands-on, interactive session with the cert-manager maintainers and community! cert-manager, a graduated CNCF project, automates certificate management for Kubernetes and is a critical component for securing cloud-native applications. This workshop is perfect for both first-time contributors and seasoned open-source enthusiasts. You'll learn about cert-manager's architecture, the role of its key components, and how to set up your environment to start contributing. We’ll walk through the contribution process, tackle curated GitHub issues, and provide guidance tailored to your skill level. Whether you're interested in improving code, documentation, or community engagement, this session offers a great way to make an impact while learning valuable skills. Let’s build cert-manager together!

🚨 Contribfest: Getting Started in the Tinkerbell Playground - Jacob Weinstock, NVIDIA #

Time: 4:15pm CET - 5:30pm CET

Speakers: Jacob Weinstock, NVIDIA

Venue: G107, Amsterdam, Netherlands

Type: 🚨 CONTRIBFEST

Description: Get hands on with deploying and using Tinkerbell. In this session we will use the Tinkerbell Playground to deploy and use Tinkerbell and the Tinkerbell Cluster API infrastructure provider. We'll take you from zero to provisioning machines and Kubernetes clusters, all without needing to bring your own physical machines. Be sure to bring a laptop. For the Tinkerbell Cluster API Playground you'll need a linux machine. Check out all the Playground requirements here :https://github.com/tinkerbell/playground

Project Demo #

Time: 4:25pm CET - 4:40pm CET

Venue: Hall 1-5 | Gouda Zone | Project Pavilion, Amsterdam, Netherlands

Type: PROJECT OPPORTUNITIES

Building the Next Generation of Multi-Cluster with Gateway API - Mike Morris, Microsoft & Alan Grosskurth, Google #

Time: 5:00pm CET - 5:30pm CET

Speakers: Mike Morris, Microsoft & Alan Grosskurth, Google

Venue: Hall 7 | Room B, Amsterdam, Netherlands

Type: CONNECTIVITY

Description: The Multi-cluster Service (MCS) API was one of the earliest “out-of-tree” Kubernetes APIs, defining a specification for extending service networking beyond the cluster boundary.

As multi-cluster connectivity needs have grown from simple geo-replication into complex organizational topologies and addressing limited availability of critical GPU infrastructure for AI workloads, we’ve seen challenges with the MCS API model, including overly-prescriptive DNS expectations, the difficulty of adopting “namespace sameness” principles across large organizations, and the lack of flexibility needed for sharing newer resources like InferencePool across clusters.

Join us as we discuss some of the limitations we’ve seen in practice, and explore how we might be able to address these challenges through the Gateway API ecosystem while enabling more flexible and powerful service discovery and routing capabilities for modern service networking demands.

Declarative Edge Kubernetes: Immutable Clusters with Talos + Zarf - Brandt Keller, Defense Unicorns & Merijn Keppel, TrueFullstaq #

Time: 5:00pm CET - 5:30pm CET

Speakers: Brandt Keller, Defense Unicorns & Merijn Keppel, TrueFullstaq

Venue: Hall 8 | Room D, Amsterdam, Netherlands

Type: OPERATIONS + PERFORMANCE

Description: Running Kubernetes at the edge is tough. You need simplicity, security, and the ability to work even when the internet is unreliable or completely disconnected.

In this session, we'll show you how to handle these challenges. We’ll deploy and manage an entire Kubernetes cluster in a completely "air-gapped" environment using Talos Linux and Zarf. Talos is a rock-solid, predictable operating system built specifically for Kubernetes. Zarf is the magic that bundles everything; the OS, Kubernetes itself, and all your apps into a single package you can take anywhere.

Join us for a live demo where we'll spin up a Talos cluster from bare metal on-stage with zero internet connectivity. Then, we'll upgrade the entire cluster and its OS right on the spot using a simple Zarf package. You'll leave with a clear blueprint for managing secure, independent Kubernetes clusters at the edge without all the usual complexity.

Demystifying the Kubernetes Network Stack (From Pod to Pod) - Simone Rodigari, Microsoft #

Time: 5:00pm CET - 5:30pm CET

Speakers: Simone Rodigari, Microsoft

Venue: Hall 8 | Room G, Amsterdam, Netherlands

Type: CLOUD NATIVE NOVICE

Description: When two Pods talk, what really happens under the hood?
This session unpacks the Kubernetes network stack step by step: from Pod namespaces and virtual Ethernet pairs to CNI plugins, kube-proxy, and DNS. Using simple diagrams and live command-line demos, we’ll trace a packet’s journey across nodes and clusters to reveal how traffic actually flows in Kubernetes.

Attendees will learn how CNIs like Cilium and Calico establish Pod connectivity, how kube-proxy manages Services through iptables or IPVS, and how CoreDNS ties everything together with name resolution. We’ll also highlight common pitfalls such as misconfigured routes, DNS delays, and hairpin traffic, and show practical debugging commands (ip, tcpdump, kubectl exec) to investigate them.

By the end, you’ll have a clear mental model of how Kubernetes networking works end to end, understand where to look when things break, and gain the confidence to reason about performance, connectivity, and security in any cluster.

From Laptop to Cluster: Running AI Workloads Seamlessly from Podman to Kubernetes - Ashley Cui & Urvashi Mohnani, Red Hat #

Time: 5:00pm CET - 5:30pm CET

Speakers: Ashley Cui & Urvashi Mohnani, Red Hat

Venue: Hall 8 | Room E, Amsterdam, Netherlands

Type: APPLICATION DEVELOPMENT

Description: Developing and deploying AI workloads may require bridging the gap between local development and production Kubernetes environments.
In this talk, we will demonstrate a streamlined AI toolchain using open source projects such as Podman, Ramalama, Kubernetes, and bootc. We will start by using Ramalama to pull and convert an AI model into a standard OCI image. We then will test the containerized AI model locally using Podman and Podman Desktop, highlighting how developers can inspect and manage these containerized workloads. We also will use quadlet to run the containers under systemd, and kube generate to jump from a locally managed application to something we can run in a cluster.
As a bonus, we’ll explore bootc, a next-gen approach that can run consistently across clusters, edge devices, or bare metal. We will demo the full Dev-to-Kube-to-Edge lifecycle: running a containerized AI application locally, turning it into a production ready deployment for Kubernetes and edge.

Moving Spotify’s Infrastructure Management Up the Stack from Kubebuilder to Kro and K-poperator - Alexander Buck & Tomas Aschan, Spotify #

Time: 5:00pm CET - 5:30pm CET

Speakers: Alexander Buck & Tomas Aschan, Spotify

Venue: Forum, Amsterdam, Netherlands

Type: PLATFORM ENGINEERING

Description: Spotify’s Resource Management platform, built on Kubernetes, enables other platform teams in various domains such as Storage, Workloads, Data and AI Platforms to ship infrastructure products to Spotify’s developers through a consistent interface. The infrastructure products are modelled as CRDs, supported by kubernetes operators written by those platform teams/

Rather than using kubebuilder (go SDK for kubernetes operators), Spotify platform teams now use the open-source project kro to abstract and compose underlying resources, and k-poperator (an internal Spotify operator) to integrate tightly with Spotify’s service ecosystem.

In this talk, you will learn how these technologies have significantly increased the developer experience, and have moved the operational burden from the platform teams to the platform itself.

And you will see case studies of how Spotify platform teams have solved real problems with these technologies, rather than struggling to build operators from scratch.

Observing Chaos: Real-Time Monitoring of AI-Driven Kubernetes Destruction - Josh Halley, Cisco & Ricardo Aravena, CNCF #

Time: 5:00pm CET - 5:30pm CET

Speakers: Josh Halley, Cisco & Ricardo Aravena, CNCF

Venue: F002-005, Amsterdam, Netherlands

Type: OBSERVABILITY

Description: Traditional chaos engineering uses predefined failures. What if chaos evolved with your system’s resilience?

This session showcases a feedback loop where reinforcement learning agents generate progressively sophisticated chaos in a live Kubernetes cluster. We integrated ViZDoom and KubeDoom so AI agents play DOOM against real workloads. As gameplay improves, agents kill pods, disrupt services, and stress infrastructure.

Using OpenTelemetry for distributed tracing and Cilium for network observability, a central dashboard visualizes real-time impact across agent workloads. We will demo this system live, showing how gamification turns static tests into adaptive challenges that push infrastructure limits.

Attendees will learn patterns for instrumenting distributed AI workloads, building resilient agent architectures, and using CNCF tools for chaos observability.

OpenTelemetry Collector SIG: Project Updates - Jade Guiton, Datadog; Dmitrii Anoshin, Cisco; Alex Boten, Honeycomb; Evan Bradley, Dynatrace LLC; Antoine Toulme, Splunk #

Time: 5:00pm CET - 5:30pm CET

Speakers: Jade Guiton, Datadog; Dmitrii Anoshin, Cisco; Alex Boten, Honeycomb; Evan Bradley, Dynatrace LLC; Antoine Toulme, Splunk

Venue: G102-103, Amsterdam, Netherlands

Type: MAINTAINER TRACK

Description: The OpenTelemetry Collector is a critical component of the observability ecosystem, enabling users to collect, process, and export telemetry data at scale. In this maintainers track session, the Collector SIG will share insights into community organization, development priorities, and the project’s evolution over the past year.

We will cover new components, signals, and distributions, our ongoing work stabilizing the Collector’s core packages to reach the coveted 1.0 mark, and internal Collector improvements. We’ll also discuss how we’re managing growth in the component ecosystem and changes to existing functionality based on community feedback.

Policy Engines for Kubernetes: Picking One Without Losing Your Mind - Nabarun Pal, Broadcom #

Time: 5:00pm CET - 5:30pm CET

Speakers: Nabarun Pal, Broadcom

Venue: Hall 7 | Room A, Amsterdam, Netherlands

Type: SECURITY

Description: Enforcing Kubernetes policies sounds simple until you actually have to do it. Block privileged pods? Sure. Inject sidecars automatically? Easy, right? There's more to consider than you'd think.

This talk will explore the prominent options people use: native Validating/Mutating Admission Policies, Kyverno, OPA/Gatekeeper, Kubewarden. Each has its pros and makes different tradeoffs.

Native k8s policies need no extra services but require CEL knowledge. Kyverno uses simple YAML for validation and mutation. OPA offers maximum flexibility with Rego, but adds a learning curve. Kubewarden uses WebAssembly, allowing to write policies in any Wasm-compatible language and distribute via OCI registries.

We'll dig into performance at scale because that additional overhead matters when you're deploying 1000s of pods. I'll share lessons running them in production, beyond what usually doesn’t make it to elevator pitches. You'll leave knowing which engine fits your situation.

Retroactive Sampling with OpenTelemetry: Cut 90% Distributed Tracing Bandwidth Usage - Roman Khavronenko & Zhu Jiekun, VictoriaMetrics #

Time: 5:00pm CET - 5:30pm CET

Speakers: Roman Khavronenko & Zhu Jiekun, VictoriaMetrics

Venue: Hall 12, Amsterdam, Netherlands

Type: OBSERVABILITY

Description: Have you considered the traffic consumed by tail-sampling traces in large-scale setups, where:

Apps run across clusters/AZs.
Trace spans from apps must be sent to an intermediate OpenTelemetry collector for tail-sampling.

While cross-cluster/AZ traffic is unavoidable, most spans sent over the network get discarded, wasting much bandwidth.

In this session, we’ll share the retroactive sampling approach: each OpenTelemetry collector buffers spans from the node/cluster it resides in, sending only necessary data to the centralized trace backend for decision-making. The backend then requests raw spans only if the trace is marked as sampled.

By joining our session, you'll have more insights into:

How tail-sampling burns your costs and how retroactive sampling cuts them by 9x.
How to use the OpenTelemetry collector for retroactive sampling: architecture design and benefit-maximizing strategies.
Practical ways to adopt it in your existing architecture, plus trade-off analysis.

SIG Network: The State of Networking for AI on Kubernetes - David Martin, Red Hat; Haiyan Meng & Bowei Du & Kellen Swain, Google; Nadia Pinaeva, NVIDIA #

Time: 5:00pm CET - 5:30pm CET

Speakers: David Martin, Red Hat; Haiyan Meng & Bowei Du & Kellen Swain, Google; Nadia Pinaeva, NVIDIA

Venue: E103-105, Amsterdam, Netherlands

Type: MAINTAINER TRACK

Description: In Kubernetes SIG Network a lot of our most recent endeavors have been around providing networking support for AI use cases. From foundational components like Gateway API, to specific AI extensions like the Gateway API Inference Extension, to our most recent endeavor to support networking for Agentic AI systems, we've been busy maintaining Kubernetes as a tier 1 platform for AI workloads, and in particular their networking requirements.

This session will be a blend of presentation and panel: We'll present on some of the highlights, talk about key projects, and up-and-coming initiatives. We'll discuss the ways in which networking for AI is just networking, and the ways in which it isn't. We'll shift into more guided discussion, and then take questions from the audience. If you're generally interested in where we're going with AI networking on Kubernetes, OR if you have specific things you want to ask us about, join us in Amsterdam for the discussion!

Securing the AI/ML Lifecycle With MLSecOps: Open Source Best Practices - Bahaulddin Shammary, Dell & Andrey Shorov, Ericsson #

Time: 5:00pm CET - 5:30pm CET

Speakers: Bahaulddin Shammary, Dell & Andrey Shorov, Ericsson

Venue: Auditorium, Amsterdam, Netherlands

Type: AI + ML

Description: AI/ML adoption is accelerating, but security remains an afterthought in many MLOps pipelines. Unlike traditional software, ML systems face unique threats like data poisoning, adversarial manipulation, and model theft. This session introduces MLSecOps, a “secure-by-design” approach that embeds security across the AI/ML lifecycle starting from data preparation and training to deployment and monitoring. During the session, the presenters elaborate on the current OpenSSF work in this field while mapping OWASP AI/ML threats (e.g., data poisoning, adversarial manipulation, model theft) to concrete mitigations and OSS tools (e.g., Sigstore, SLSA, CycloneDX, Syft) that practitioners can apply today. Attendees will learn how to operationalize MLSecOps in their organizations, improve trust in AI systems, and engage with the OpenSSF AI/ML Security Working Group. By leveraging open source, the community can reduce risk, increase resilience, and lead the way in securing AI innovation.

Technical Oversight Committee: Ask the Experts #

Time: 5:00pm CET - 6:00pm CET

Venue: Hall 1-5 | Gouda Zone | Project Pavilion, Amsterdam, Netherlands

Type: PROJECT OPPORTUNITIES

Description: Have you ever wondered what emerging technologies will determine the future of cloud native, how Kubernetes will play a role in the evolving landscape, the key initiatives that the CNCF is currently undertaking to advance the state of cloud native and how you can get involved to drive this innovation - then this session is for you!

This ‘Ask the Experts’ session offers a unique opportunity to engage with the experts behind the Cloud Native Computing Foundation’s technical steering. We’ll provide an overview of the Technical Oversight Committee’s technical vision, and principles while exploring our work and direction. Bring your questions, ideas, challenges, and join us for an insightful discussion on the current and future cloud native ecosystem.

To learn more about the TOC, visit https://github.com/cncf/toc

The 10x DevOps Engineer’s Toolkit: Argo CD + AI-Driven MCP Automation - Alexander Matyushentsev, Akuity & Leonardo Luz Almeida, Intuit #

Time: 5:00pm CET - 5:30pm CET

Speakers: Alexander Matyushentsev, Akuity & Leonardo Luz Almeida, Intuit

Venue: Amtrium 1+2, Amsterdam, Netherlands

Type: MAINTAINER TRACK

Description: AI is rapidly reshaping engineering workflows and DevOps is leading the charge. With Argo CD as the central control plane for infrastructure management in thousands of organizations, the opportunity for AI-driven automation is immense.

In this talk, we’ll introduce the open source MCP server for Argo CD, and demonstrate how it enables engineers to delegate repetitive tasks to intelligent agents. By integrating LLMs and combining multiple MCP servers, we’ll show how to automate real-world use cases such as application rollbacks, sync troubleshooting, and multi-environment coordination - freeing engineers to focus on higher-value work.

By attending this session, you’ll gain a clear understanding of how MCP servers work with Argo CD and learn how to harness AI to automate day-to-day infrastructure tasks - streamlining workflows, reducing manual effort, and maximizing the value of your GitOps setup.

Volcano: Orchestrating the Full AI Lifecycle – From Training To Inference and Agents - Chen Zicong, Huawei Technologies; Hajnal Máté, Aumovio #

Time: 5:00pm CET - 5:30pm CET

Speakers: Chen Zicong, Huawei Technologies; Hajnal Máté, Aumovio

Venue: E106-108, Amsterdam, Netherlands

Type: MAINTAINER TRACK

Description: The rapid evolution of AI has led to infrastructure fragmentation, where training, inference, and agent workloads run in isolated systems, causing resource inefficiency. Volcano addresses this as a Unified Scheduling Platform for the full AI lifecycle, delivering robust scheduling capabilities with high throughput.

Volcano is evolving into the next-generation platform capable of orchestrating diverse workloads beyond batch jobs, enabling multi-scheduler coordination.

At the workload layer:

Volcano-Global splits massive training jobs across clusters, removing single-cluster limits
Kthena delivers enterprise-grade LLM serving with frameworks like vLLM
AgentCube enables rapid agent workload scheduling

At the infra layer, Volcano provides modern resource abstraction through DRA integration, HyperNode discovery, GPU sharing, and heterogeneous pooling for efficient task-to-accelerator mapping.

Join us to explore how Volcano is shaping the future of Cloud Native AI infra.

When Multitenancy Goes Wrong: A Deep Dive Into Kcp’s First CVE - Marko Mudrinić, Kubermatic & Marvin Beckers, ClickHouse #

Time: 5:00pm CET - 5:30pm CET

Speakers: Marko Mudrinić, Kubermatic & Marvin Beckers, ClickHouse

Venue: Elicium 2, Amsterdam, Netherlands

Type: SECURITY

Description: kcp, a CNCF Sandbox project, is a control plane for serving Kubernetes-style APIs built on top of Kubernetes core libraries with a strong focus on multitenancy. But what happens when isolation, a core pillar of multitenancy, begins to crumble?

Meet CVE-2025-29922, initially rated with “Medium” severity, turning into a “High” 9.6 scored beast. We'll explore virtual workspaces, a kcp feature that provides a "single pane of glass" for service providers to see and manage their resources across many different tenants. The flaw in the implementation, however, was that service providers could create and delete resources they had no permissions for.

In this deep dive, we’ll demonstrate how an innocent looking vulnerability, discovered because of a discrepancy between docs and code, can lead to a total takeover of tenants and their data. We’ll show the complete thought process behind discovering this attack vector. At the end, we’ll talk about what measures we took to protect kcp users.

Why Is It So Hard to Run a 5G Core on Kubernetes—And What Needs to Change for 6G - Joel Studler, Swisscom & Ashan Senevirathne, Telstra #

Time: 5:00pm CET - 5:30pm CET

Speakers: Joel Studler, Swisscom & Ashan Senevirathne, Telstra

Venue: Hall 7 | Room C, Amsterdam, Netherlands

Type: EMERGING + ADVANCED

Description: Telco hard standards often clash with Kubernetes best practices. Many so-called “cloud-native Network Functions” (CNFs) are in reality just “Containerized Network Functions” and remain box-centric: Helm install mimics hardware mounts, Multus wires up virtual cables, and NETCONF configures boxes. Marketed as “telco grade,” these designs bypass Kubernetes’ strengths like IPAM, networking, and high availability—limiting real cloud-native gains.
This session shares practical examples, including why a User Plane Function (UPF) isn’t inherently cloud-native, and explores how 6G can align telco design with Kubernetes-first patterns. We will also highlight how exposing APIs can enable treating the network as a product, unlocking new use cases and business models. With a Kubernetes foundation, mobile networks can evolve to be simpler, faster, and more open, bridging the gap between telco standards and the cloud-native community.

Time: 5:15pm CET - 5:45pm CET

Venue: Hall 1-5 | Solutions Showcase, Amsterdam, Netherlands

Type: SOLUTIONS SHOWCASE

Description: Sponsor: NVIDIA Demo: Dynamic GPU allocation and sharing for AI workloads on Kubernetes Booth Number: 241 In order to facilitate networking and business relationships at the event, you may choose to visit a third party’s booth or access sponsored content. You are never required to visit third party booths or to access sponsored content. When visiting a booth or participating in sponsored activities, the third party will receive some of your registration data. This data includes your first name, last name, title, company, address, email, standard demographics questions (i.e. job function, industry), and details about the sponsored content or resources you interacted with. If you choose to interact with a booth or access sponsored content, you are explicitly consenting to receipt and use of such data by the third-party recipients, which will be subject to their own privacy policies.

🎉 #KubeCrawl + #CloudNativeFest #

Time: 5:30pm CET - 7:00pm CET

Venue: Hall 1-5 | Solutions Showcase, Amsterdam, Netherlands

Type: EXPERIENCES

Description: Welcome, cloud native community! We’re excited to kick off our time in Atlanta with you. Join the community and our sponsors from 17:30 - 19:00 in the Solutions Showcase for an incredible gathering of local food favorites, beverages, games, and other activities.Grab a drink, follow the buzz, and don’t miss the Poster Sessions! Check out the Poster Sessions and dive into the latest research, community hacks, and cloud native experiments. No slides, no stage, just brilliant people talking tech.Explore the sponsor booths to learn more about the latest technologies, browse special offers, job posts, and much more.

Open Source After Hours: Demos and Dragons #

Time: 6:10pm CET - 7:00pm CET

Venue: Hall 1-5 | Gouda Zone | Project Pavilion, Amsterdam, Netherlands

Type: PROJECT OPPORTUNITIES

Description: Have a side project that you're pumped about? Working on a feature in OSS and wanna shout it from the heavens? OR, do you have an idea and want to talk it out with a crowd? Well, you have a stage, a microphone, and seven minutes. Get on out there and don't be shy!

Time: 6:15pm CET - 6:45pm CET

Venue: Hall 1-5 | Solutions Showcase, Amsterdam, Netherlands

Type: SOLUTIONS SHOWCASE

Description: Sponsor: Atlassian Demo: Deliver High Quality Software Fast with Atlassian Rovo Booth Number: 571 Sponsor: OpenObserve Demo: Observability for AI-Native Teams: Full Context at Petabyte Scale Booth Number: 920 In order to facilitate networking and business relationships at the event, you may choose to visit a third party’s booth or access sponsored content. You are never required to visit third party booths or to access sponsored content. When visiting a booth or participating in sponsored activities, the third party will receive some of your registration data. This data includes your first name, last name, title, company, address, email, standard demographics questions (i.e. job function, industry), and details about the sponsored content or resources you interacted with. If you choose to interact with a booth or access sponsored content, you are explicitly consenting to receipt and use of such data by the third-party recipients, which will be subject to their own privacy policies.