KubeCon + CloudNativeCon Europe 2026#

Thursday, March 26, 2026

Total Sessions: 115

Badge Pick-Up #

Time: 8:00am CET - 4:00pm CET

Venue: Entrance C, Amsterdam, Netherlands

Type: REGISTRATION

Badge Pick-Up #

Time: 8:00am CET - 4:00pm CET

Venue: Entrance K, Amsterdam, Netherlands

Type: REGISTRATION

Cloakroom #

Time: 8:00am CET - 4:15pm CET

Venue: Entrance C, Amsterdam, Netherlands

Type: REGISTRATION

Cloakroom #

Time: 8:00am CET - 4:15pm CET

Venue: Entrance K, Amsterdam, Netherlands

Type: REGISTRATION

Keynote: Welcome Back + Opening Remarks - Jorge Castro, Developer Relations, Cloud Native Computing Foundation #

Time: 9:00am CET - 9:03am CET

Speakers: Jorge Castro, Developer Relations, Cloud Native Computing Foundation

Venue: Hall 12, Amsterdam, Netherlands

Type: KEYNOTE SESSIONS

Keynote: The Cloud Native Feedback Loop: How End Users and Developers Drive CNCF Projects Forward - Karena Angell, Red Hat; Katie Gamanji, Apple; Chad Beaudin, Boeing Software Factory; Ahmed Bebars, New York Times #

Time: 9:05am CET - 9:20am CET

Speakers: Karena Angell, Red Hat; Katie Gamanji, Apple; Chad Beaudin, Boeing Software Factory; Ahmed Bebars, New York Times

Venue: Hall 12, Amsterdam, Netherlands

Type: KEYNOTE SESSIONS

Description: How do today’s reference architectures become real, production platforms built on CNCF projects that evolve, mature, and earn long-term trust?

In this joint keynote, the CNCF End User Technical Advisory Board (TAB) and Technical Oversight Committee (TOC) cover the development and adoption perspectives, mapping reference architectures and real-world production needs to the project lifecycle decisions that shape the CNCF ecosystem. Along the way, they connect this technical and governance journey to the data and tools that support smarter decisions at scale, including LFX and LF Insights, showing how contributor health, adoption signals, and ecosystem metrics increasingly guide both end-user platform strategy and project stewardship.

Keynote: How Ubisoft Orchestrates Global Multiplayer Games with Agones - Jean-François Hubert, Development Director, Ubisoft Entertainment & Mark Mandel, Staff Developer Advocate, Discord #

Time: 9:29am CET - 9:32am CET

Speakers: Jean-François Hubert, Development Director, Ubisoft Entertainment & Mark Mandel, Staff Developer Advocate, Discord

Venue: Hall 12, Amsterdam, Netherlands

Type: KEYNOTE SESSIONS

Description: For Ubisoft, delivering seamless multiplayer experiences to a global player base is an infrastructure challenge of massive scale. It requires managing thousands of game servers with a global footprint and absolute resilience.
Join us to see how Ubisoft solves this by leveraging Agones, the open-source game server scaling engine on Kubernetes. We will dive into the real-world use case and production data behind Ubisoft's fleets, demonstrating why they bet on cloud-native tech. Along the way, we’ll trace Agones' evolution from its origins at Google to its current home in the CNCF—showing how a community-driven standard is now powering the biggest names in the industry.

Keynote: From Cloud-Native Apps to Cloud-Native Platforms - Abby Bangser, Principal Engineer, Syntasso #

Time: 9:34am CET - 9:44am CET

Speakers: Abby Bangser, Principal Engineer, Syntasso

Venue: Hall 12, Amsterdam, Netherlands

Type: KEYNOTE SESSIONS

Description: Platform engineering often fails quietly. Teams build portals, pipelines, and templates, yet delivery slows, ownership blurs, and change becomes harder, not easier. When this happens, the problem is rarely effort or tooling. It is architectural.

This keynote explores why durable platforms depend on each of the infrastructure orchestration, platform orchestration, and application choreography layers for success. Then looks at why the trend of collapsing these layers for short-term convenience creates fragile systems that struggle as organisations grow. By examining where responsibilities leak across layers, we can see how platforms become tightly coupled, difficult to evolve, and resistant to change.
No single tool or project is to blame. Instead, this talk argues that the same architectural discipline that made cloud-native applications successful must be applied to the cloud-native platforms themselves. The twelve-factor app provided a shared model for building resilient applications; platform teams now need an equivalent level of clarity for platform capabilities to benefit from preserving clear boundaries.

This keynote is for platform engineers, speciality platform contributors, and leaders defining platform strategy who want to understand why platforms fail under real organisational pressure, and how deliberate architectural boundaries can turn them into systems that scale and endure.

Keynote: Agents as First-Class Users in Production - Mathias Biilmann, Co-Founder and CEO, Netlify #

Time: 9:53am CET - 9:56am CET

Speakers: Mathias Biilmann, Co-Founder and CEO, Netlify

Venue: Hall 12, Amsterdam, Netherlands

Type: KEYNOTE SESSIONS

Description: Software is increasingly built and operated by agents acting on behalf of humans, while most cloud-native platforms were designed for people at a keyboard. Mathias Biilmann will share how Netlify, which runs build and deploy workloads on Kubernetes, designed AX (agent experience) into its deployment workflows so agents can carry work safely toward production with humans staying in control. The takeaway is a set of workflow and safety-rail patterns Kubernetes operators can apply as agents become first-class users of production systems.

Keynote: Building Autonomous Networks for the AI Era - Gergely Csatari, Senior Open Source Specialist, DMTS, Nokia #

Time: 9:58am CET - 10:01am CET

Speakers: Gergely Csatari, Senior Open Source Specialist, DMTS, Nokia

Venue: Hall 12, Amsterdam, Netherlands

Type: KEYNOTE SESSIONS

Description: Networks are the hidden nerve system of the internet, the nerve system what connects all human and artificial intelligence. In his keynote Gergely a Senior Open Source Specialist from the Open Source Program Office of Nokia will explain how these networks evolve towards being autonomous networks with the help of cloud native technology. Technology evolution in open source requires participation in communities and community events. Gergely will discuss the CNCF community projects, groups and events where Nokia is actively collaborating with the CNCF community in its mission to bridge the ever closing gap between cloud native and telecoms.

Keynote: Live Demo Showcase #

Time: 10:03am CET - 10:18am CET

Venue: Hall 12, Amsterdam, Netherlands

Type: KEYNOTE SESSIONS

Keynote: Closing Remarks #

Time: 10:20am CET - 10:30am CET

Venue: Hall 12, Amsterdam, Netherlands

Type: KEYNOTE SESSIONS

Coffee Break ☕#

Time: 10:30am CET - 11:00am CET

Venue: Hall 1-5 | Solutions Showcase, Amsterdam, Netherlands

Type: BREAKS

Solutions Showcase #

Time: 10:30am CET - 2:00pm CET

Venue: Hall 1-5 | Solutions Showcase, Amsterdam, Netherlands

Type: SOLUTIONS SHOWCASE

Description: In order to facilitate networking and business relationships at the event, you may choose to visit a third party’s booth or access sponsored content. You are never required to visit third party booths or to access sponsored content. When visiting a booth or participating in sponsored activities, the third party will receive some of your registration data. This data includes your first name, last name, title, company, address, email, standard demographics questions (i.e. job function, industry), and details about the sponsored content or resources you interacted with. If you choose to interact with a booth or access sponsored content, you are explicitly consenting to receipt and use of such data by the third-party recipients, which will be subject to their own privacy policies.

Learning Lounge: CNPA or CNPE? Roles, Skills & Which One is Right For You? - Alex Coma, Linux Foundation Education #

Time: 10:45am CET - 11:00am CET

Speakers: Alex Coma, Linux Foundation Education

Venue: Hall 1-5 | Bridge Zone | Learning Lounge, Amsterdam, Netherlands

Type: SOLUTIONS SHOWCASE

Description: 10-Minute Tip Talk

Security Slam Awards Ceremony #

Time: 10:45am CET - 11:10am CET

Venue: Hall 1-5 | Gouda Zone | Project Pavilion, Amsterdam, Netherlands

Type: PROJECT OPPORTUNITIES

Description: Come celebrate the winners of the 2026 Security Slam at KubeCon + CloudNativeCon Europe! In the past month, projects have been competing to improve their security posture. They have been using LFX insights to achieve measurable security improvements, while getting support from TAG Security and Compliance. Learn about the tools used in this competition, and how you can apply them to your own project. Then we will give out awards to the teams that have made the most improvement leading up to the event.

Click here to see the Security Slam Objective Details: https://securityslam.com/slam26

A Bug’s-Eye View: Kubernetes SIG Security Explains It All - Ian Coldwater, Independent; Tabitha Sable & Rory McCune, Datadog; Iain Smart, AmberWolf; Mahé Tardy, Isovalent at Cisco #

Time: 11:00am CET - 11:30am CET

Speakers: Ian Coldwater, Independent; Tabitha Sable & Rory McCune, Datadog; Iain Smart, AmberWolf; Mahé Tardy, Isovalent at Cisco

Venue: E106-108, Amsterdam, Netherlands

Type: MAINTAINER TRACK

Description: SIG Security helps the Kubernetes project to keep pesky bugs contained, and to spread the word when they escape! From the OWASP Top Ten and WONTFIX issues, to third-party audit results and CVEs, Kubernetes bugs have many different shapes and lifecycles. How do some Kubernetes bugs grow wings to become published vulnerabilities? What happens to other bugs that stay underground for years? Is that bug really a feature, or is that feature really a bug? Creep, crawl, flutter, or fly on in to learn about how it all happens. We all make Kubernetes more secure together, so join the SIG Security entomologists and learn how you can get involved! There’s always interesting bugs to study, catch, track, and share. See you there!

Achieving Resilient Multi-Cluster AI Inference on Kubernetes With Karmada and KubeRay - Wei-Cheng Lai, Bloomberg & Han-Ju Chen, Anyscale #

Time: 11:00am CET - 11:30am CET

Speakers: Wei-Cheng Lai, Bloomberg & Han-Ju Chen, Anyscale

Venue: Auditorium, Amsterdam, Netherlands

Type: AI + ML

Description: AI inference at scale faces bursty traffic, uneven GPU supply, regional latency, varied SLO requirements, and occasional cluster or availability zone outages. A single cluster cannot reliably meet all of these demands. This session shares a practical blueprint: use Karmada to orchestrate Kubernetes fleets—policy-based placement, replica spreading, and automated failover—and run Ray Serve-based inference with KubeRay’s RayService. Ray Serve provides a distributed, scalable Python API for inference across heterogeneous compute, built on Ray, while KubeRay manages it in Kubernetes. Together they deliver a resilient multi-cluster inference architecture that fits smoothly into existing environments. Attendees will learn when multi-cluster is warranted, how to encode Karmada placement/override/failover policies to meet SLOs, and how to operate Ray Serve via RayService with safe scaling and upgrades—and will leave with a reference architecture, as well as ready-to-use manifests and templates.

Addressing Non-Deterministic Scheduling: Introducing the Node Readiness Controller - Ajay Sundar Karuppasamy, Google; Sreeram Venkitesh, DigitalOcean; Karthik K N, IBM; Priyanka Saggu, SUSE #

Time: 11:00am CET - 11:30am CET

Speakers: Ajay Sundar Karuppasamy, Google; Sreeram Venkitesh, DigitalOcean; Karthik K N, IBM; Priyanka Saggu, SUSE

Venue: F002-005, Amsterdam, Netherlands

Type: MAINTAINER TRACK

Description: Kubernetes nodes report “Ready” before critical dependencies, such as CNI plugins, storage drivers or device plugins are fully functional. This “readiness gap” causes non-deterministic scheduling, where sensitive workloads immediately fail upon placement. Since our KubeCon NA Unconference discussion, this initiative has matured into an official SIG-Node subproject. In this session, its maintainers will present the architecture of the Node Readiness Controller, which uses ‘NodeReadinessRules’ to declaratively manage taints based on custom conditions, ensuring a protected node initialization. This session is designed for platform builders and contributors. We will discuss: -Architecture patterns: Leveraging existing node-problem-detector ecosystem as a unified mechanism for readiness reporting. -Roadmap: Discuss current status, upcoming features and potential integration pathways. -Cross-SIG alignment: how the controller interacts with existing scheduling primitives and autoscalers.

Advanced Kyverno Patterns : Automating Platform Security and Operations - Frank Jogeleit, Nirmata; Johannes Sonner, Deutsche Telekom #

Time: 11:00am CET - 11:30am CET

Speakers: Frank Jogeleit, Nirmata; Johannes Sonner, Deutsche Telekom

Venue: Amtrium 1+2, Amsterdam, Netherlands

Type: MAINTAINER TRACK

Description: How do you secure an Internal Developer Platform (IDP) serving over 30 million customers without stifling developer velocity? At Deutsche Telekom, the answer lies in a policy-driven platform architecture that goes far beyond simple validation checks. Join Kyverno maintainers and Deutsche Telekom platform engineers for a deep dive into implementing policy-as-code at massive enterprise scale. Beyond the basics, they will dissect real-world architectural patterns, from dynamic RBAC provisioning, to advanced GitOps resource management, used to automate platform security while preserving developer autonomy.

Advancing Kubernetes AI Conformance: Current State and Roadmap - Yuan Tang, Red Hat; Mario Fahlandt, Kubermatic; Janet Kuo, Google #

Time: 11:00am CET - 11:30am CET

Speakers: Yuan Tang, Red Hat; Mario Fahlandt, Kubermatic; Janet Kuo, Google

Venue: E103-105, Amsterdam, Netherlands

Type: MAINTAINER TRACK

Description: As AI workloads become first-class citizens in the Kubernetes ecosystem, conformance testing ensures interoperability, reliability, and trust across platforms and vendors. The Kubernetes AI Conformance Working Group has made significant progress in defining a shared baseline for AI/ML workloads — establishing a foundation for consistent APIs, workload behavior, and runtime interoperability.

In this session, we’ll recap what we’ve achieved so far, outline key opportunities for community contribution, and discuss the roadmap for 2026. We’ll explore the next phase of automated conformance testing, clarify program ownership and scope, and collaborate on identifying and evolving the requirements. Attendees will gain insight into how AI Conformance can create measurable value for vendors, integrators, and end-users in the growing cloud-native AI landscape.

An Immersive and Visual Journey Into Kubernetes Networking - Benoit Entzmann, Feesh #

Time: 11:00am CET - 11:30am CET

Speakers: Benoit Entzmann, Feesh

Venue: Elicium 2, Amsterdam, Netherlands

Type: CONNECTIVITY

Description: Kubernetes networking is still intimidating for many, but what if you could see it to actually understand it? Have you ever been inside a cluster and experienced routing like a roller-coaster? Embark on an immersive visual journey where we follow packets through imagined realms, transitioning from the familiar land of traditional networking to the deep ocean of Kubernetes. Mastering core concepts, eBPF, network policies, service meshes with sidecars, and Ambient Mesh has never been more accessible. In an instant, you'll grasp how packet processing differs across these technologies. By the end, you’ll see Kubernetes networking with fresh eyes and maybe even discover a new passion for it!

Beyond Stateless: Distributed Transactions with Autoscaling and Consistency on Kubernetes - Jumpei Nishitani, Hitachi #

Time: 11:00am CET - 11:30am CET

Speakers: Jumpei Nishitani, Hitachi

Venue: Hall 7 | Room A, Amsterdam, Netherlands

Type: DATA PROCESSING + STORAGE

Description: This session presents a practical method for implementing distributed transactions with strong consistency and seamless autoscaling on Kubernetes. By integrating a transaction monitor with the Horizontal Pod Autoscaler, we show how stateless business applications can retain ACID properties while scaling efficiently. Based on real-world examples, the session offers actionable insights into system design and deployment.

Who Should Attend:

Cloud architects seeking robust transaction strategies for microservices
Engineers modernizing legacy update-heavy systems
Developers interested in distributed online transaction processing

Technical Stack Highlights:

Kubernetes: Centralized orchestration of transaction monitors and business apps
Paxos Commit Transaction Orchestrator: Reliable state management
Horizontal Pod Autoscaler: Automated scaling of monitors and workloads

Cert-manager – Project Update: Beyond 2026 - Tim Ramlot & Maël Valais, Palo Alto Networks #

Time: 11:00am CET - 11:30am CET

Speakers: Tim Ramlot & Maël Valais, Palo Alto Networks

Venue: G102-103, Amsterdam, Netherlands

Type: MAINTAINER TRACK

Description: Join the cert-manager maintainers for an in-depth look at the state of the project in 2026. We’ll recap major milestones from the past year, including new features, security improvements, and new automation infrastructure.

Learn how cert-manager continues to evolve to meet the needs of cloud-native security, and get a sneak peek at what’s coming next: work in progress, community initiatives, and upcoming challenges we aim to tackle. Whether you’re a long-time user or just getting started, this session will help you understand where cert-manager is headed and how you can get involved.

Cloud Native Theater | KubeVirt Summit: Opening Remarks and Community Update - Andrew Burden and Itamar Holder, Red Hat #

Time: 11:00am CET - 11:10am CET

Speakers: Andrew Burden and Itamar Holder, Red Hat

Venue: Hall 1-5 | Tram Zone | Cloud Native Theater, Amsterdam, Netherlands

Type: SOLUTIONS SHOWCASE

Description: Welcome to KubeVirt Summit Live@KubeCon!In this session we will give a lightning community update, covering the significant milestones of the last 6 months, including our Graduation application.We will also highlight KubeVirt’s new VEP process that is helping drive cross-company innovation in the project, illustrated by major feature contributions from Microsoft and Nvidia. We will cover the process and show you exactly how to participate and contribute to the project's future.

Cutting Metrics Traffic, Cutting Costs: The AZ-Aware Observability Blueprint - Iris Dyrmishi & Rodrigo Fior Kuntzer, Miro #

Time: 11:00am CET - 11:30am CET

Speakers: Iris Dyrmishi & Rodrigo Fior Kuntzer, Miro

Venue: Hall 8 | Room D, Amsterdam, Netherlands

Type: OBSERVABILITY

Description: We know observability gets expensive, yet we consistently overlook the highest-cost element: network traffic. Optimizing for storage and compute is common, but inter-AZ data transfer remains a major budget sink.
This talk presents a field-proven strategy for significantly reducing cloud traffic costs by minimizing cross-availability zone (AZ) metrics collection. We'll show how to leverage standard relabeling mechanisms in popular tools, like Prometheus, OpenTelemetry, and VictoriaMetrics, to implement an AZ-aware sharding strategy. Configuring agents to scrape only targets within their own zone drastically reduces inter-AZ transfer. We'll share a practical, vendor-agnostic blueprint, including real-world savings data, applicable to any large-scale metrics pipeline. This approach directly addresses unnecessary cloud spend and provides a clear path to a more cost-efficient and resilient observability stack.

Enforce VIP Access Only Through Node Attestation - Alice Frosi & Jakob Naucke, Red Hat #

Time: 11:00am CET - 11:30am CET

Speakers: Alice Frosi & Jakob Naucke, Red Hat

Venue: Forum, Amsterdam, Netherlands

Type: PLATFORM ENGINEERING

Description: Think of a confidential Kubernetes cluster as an exclusive nightclub. Only nodes with the right credentials, the attestation token, get past the bouncer. We'll demonstrate how attestation is the ultimate "VIP pass" and the Confidential Cluster Operator acts as the club manager, orchestrating the access and ensuring the party in the cluster stays secure. We'll show how Trustee validates node boot artifacts and enforces attestation policies on a per-node basis. We present an operator that configures Trustee, continuously updates reference values and monitors and manages OS image updates. This guarantees that only trusted nodes join the cluster. Attendees will learn practical insights into building and operating confidential clusters, and how attestation enforces a "VIP-only" Kubernetes experience, where no untrusted node can crash the party.

From Chaos to Control: A Prescription for Managing Apps on Private Cellular Networks - Luis Ariza, Beanters #

Time: 11:00am CET - 11:30am CET

Speakers: Luis Ariza, Beanters

Venue: Hall 7 | Room C, Amsterdam, Netherlands

Type: EMERGING + ADVANCED

Description: If you think managing application chaos in Kubernetes is a challenge, welcome to the world of private cellular networks. Here, open-source software collides with the unforgiving laws of physics. We aren't just tuning YAMLs; we are tuning antenna gains, transmission power, and virtualization layers to shave off microseconds of latency, all while navigating complex country regulations.
This talk translates the red-eyed, migraine-inducing chaos of telco engineering into a symphony of cloud-native solutions. You'll leave with a new appreciation for your "manageable" chaos and see how these extreme challenges provide powerful lessons for any complex Kubernetes deployment.

Kubernetes Book Club Gathering #

Time: 11:00am CET - 12:00pm CET

Venue: G104 - 105 | Community Hub, Amsterdam, Netherlands

Type: INCLUSION + ACCESSIBILITY

Description: Come grab a fresh copy of your favorite cloud-native titles, on the house! We’re bringing together the authors you love and the readers who make this community great for a morning of signings, stories, and strictly zero YAML. Whether you’re a Book Club regular or a first-time attendee, come say hello, chat to the experts and get your library started.

For more information about the virtual book club: https://community.cncf.io/kubernetes-virtual-book-club/

We're looking forward to seeing everyone in-person!

SPIFFE Meets OAuth: Federated Identity for Cloud Native Workloads - Yoshiyuki Tabata, Hitachi, Ltd.#

Time: 11:00am CET - 11:30am CET

Speakers: Yoshiyuki Tabata, Hitachi, Ltd.

Venue: Hall 8 | Room F, Amsterdam, Netherlands

Type: SECURITY

Description: Cloud-native systems increasingly operate across multiple trust domains, creating significant challenges for securely propagating identity and authorization. Traditional approaches, such as static credentials or mTLS-only solutions, often introduce operational complexity and fail to scale in dynamic Kubernetes environments. This session addresses these challenges by introducing federated identity patterns that combine SPIFFE and emerging OAuth extensions. Yoshiyuki Tabata will demonstrate how SPIFFE JWT SVID and OAuth Identity Chaining (draft-ietf-oauth-identity-chaining), together with Assertion Framework (RFC 7521/7523), enable secure multi-hop authorization and scalable identity propagation without relying solely on mTLS. Attendees will gain practical insights through a demo integrating Keycloak, SPIRE, and OAuth flows, and learn how these patterns improve interoperability and security in multi-cluster Kubernetes environments.

Scaling Valkey the Right Way: Kubernetes at XL Scale - Sarthak Aggarwal & Madelyn Olson, AWS #

Time: 11:00am CET - 11:30am CET

Speakers: Sarthak Aggarwal & Madelyn Olson, AWS

Venue: Hall 8 | Room E, Amsterdam, Netherlands

Type: DATA PROCESSING + STORAGE

Description: As cloud-native platforms become the standard for running distributed systems, the need for horizontally scalable, highly available in-memory datastores has immensely increased. In this session, we'll deep dive how Valkey, an open-source Redis fork, fulfills this demand at a very large scale with Kubernetes.

We will share what it takes to run large Valkey clusters within Kubernetes, from first principles. We will walk through how to build and operate a sharded, replicated Valkey cluster that spans hundreds of nodes, while keeping things fast, stable, and easy to operate. We will cover key components like cluster bus communication, DNS-based discovery, and resource planning. We will further explore operator-based automation, gossip traffic optimization, and strategies to minimize CPU spikes and failover delays.

Whether you’re migrating from Redis, or starting fresh with Valkey, this talk will give you a practical guide to running it confidently at scale in the cloud-native world.

Time: 11:00am CET - 11:30am CET

Speakers: Mariam Fahmy, Nirmata & Adam Crowder, AWS

Venue: Hall 8 | Room G, Amsterdam, Netherlands

Type: PLATFORM ENGINEERING

Description: Managing resource quotas in a multi-tenant Kubernetes cluster often feels like a game of whack-a-mole. Are you tired of exporting YAMLs and summing up requests in a spreadsheet just to answer a simple question: "Is Team A still within their budget?" This manual toil is slow, error-prone, and leaves you guessing about your cluster's true capacity.
What if you could have a live dashboard for each team's total resource usage? And what if you could use that same dashboard to enforce a cluster-wide budget, rejecting any new request that would push a team over their limit?
In this session, we'll show you how to combine two powerful open-source tools, Kyverno and the Kube Resource Operator (KRO), to build a fully automated, self-healing quota management system. This talk moves beyond theoretical policy discussions and showcases a powerful, reusable design pattern: using Kyverno to aggregate distributed state into a centralized custom resource created by KRO for both reporting and enforcement.

To Upstream or Not? Why Becoming the Maintainer of Your Dependencies Matters - Christos Markou, Elastic #

Time: 11:00am CET - 11:30am CET

Speakers: Christos Markou, Elastic

Venue: Hall 7 | Room B, Amsterdam, Netherlands

Type: CLOUD NATIVE EXPERIENCE

Description: How much time should we invest in maintaining open-source software we rely on? This dilemma often bothers companies, especially observability vendors that build on OpenTelemetry. In this session, the speaker, an active OpenTelemetry contributor and code owner, will share a story showing why caring about open source dependencies is not just altruism. It benefits a company in the not-so-long run and helps keep open source sustainable. The story is about an OTel component marked for deprecation with no clear path forward. It would have been easy to just accept it and wait. Instead, the speaker will show how driving discussion, staying engaged, and pushing for consensus kept the component alive. Later, this same component helped solve an issue affecting multiple customers quickly and confidently. Isn’t that the magic of open source? Being present pays off. Join this session and leave with a concrete example to share with your manager showing why investing in oss's health matters.

📚 Tutorial: KV-Cache Wins You Can Feel: Building AI-Aware LLM Routing on Kubernetes - Tyler Michael Smith, Red Hat; Kay Yan, DaoCloud; Vita Bortnikov, Nili Guy & Maroon Ayoub, IBM #

Time: 11:00am CET - 12:15pm CET

Speakers: Tyler Michael Smith, Red Hat; Kay Yan, DaoCloud; Vita Bortnikov, Nili Guy & Maroon Ayoub, IBM

Venue: Elicium 1, Amsterdam, Netherlands

Type: 📚 TUTORIALS

Description: Every LLM request carries invisible state: the KV-cache. Hit it, and your response is 10x cheaper and 50x faster. Miss it, and you're recomputing work you just did. Yet Kubernetes' default load balancing is cache-blind, scattering related requests across pods and destroying locality. The result? Your AI workloads are slower and vastly more expensive than they should be.

In this hands-on tutorial, we’ll fix that.

Attendees will deploy a distributed vLLM cluster, benchmark its performance, and visualize how cache-blind routing wastes GPU cycles. Then, we’ll replace the default Service with the Kubernetes Gateway API (Inference Extension) and deploy llm-d, a Kubernetes-native framework for distributed LLM inference with an AI-aware scheduler. By re-running the same benchmarks, you’ll see latency and throughput transform as prefix-reuse becomes first-class. You’ll leave with a working lab, dashboards, and a mental model for building cache-aware routing into any production AI stack.

🚨 Contribfest: Podman/Buildah Contribfest - Ashley Cui & Matt Heon, Red Hat #

Time: 11:00am CET - 12:15pm CET

Speakers: Ashley Cui & Matt Heon, Red Hat

Venue: G107, Amsterdam, Netherlands

Type: 🚨 CONTRIBFEST

Description: KubeCon EU ContribFest: Podman & Buildah - BuildKit Integration!
The Podman and Buildah communities are driving a critical effort to integrate BuildKit for improved compatibility with industry-standard tooling. We need your help to make it happen at our ContribFest!
Join core maintainers for a hands-on coding session. You will:

Code Deep Dive: Contribute directly to issues impacting BuildKit integration.
Architecture Review: Learn the impacted systems and the current roadmap.
Contribution Mastery: Understand our policies, CI/CD pipeline, and how to get your PR reviewed and merged into main.

Prerequisites: Familiarity with Go and Git workflows.
This is your chance to make a significant, tangible contribution to two essential open-source container tools. Come collaborate, code, and connect with the community!

🚨 Contribfest: kcp: From Zero To Your First Pull Request - Karol Szwaj, Kubermatic & Nelo-T. Wallus, SAP #

Time: 11:00am CET - 12:15pm CET

Speakers: Karol Szwaj, Kubermatic & Nelo-T. Wallus, SAP

Venue: G106, Amsterdam, Netherlands

Type: 🚨 CONTRIBFEST

Description: kcp, a CNCF Sandbox project, is a control plane for serving Kubernetes-style APIs, built on top of Kubernetes core libraries with a strong focus on multitenancy. Getting started with, and contributing to, multi-tenant systems can be a daunting experience. There are many moving parts, but we’re here to go through it with you.

Join kcp maintainers on this unique journey and become a kcp contributor! We’ll start with a deep dive into the kcp architecture and codebase, then show how to set up a development environment for building and testing different parts of the project. Finally, we’ll pick up an issue from a curated list and work through it together, starting with analysis, identifying the relevant code, and discussing how to implement and test a solution.

Whether you’re into code, documentation, or community work, this session is a hands-on way to contribute, learn new skills, and shape the project’s future together.

Cloud Native Theater | KubeVirt Summit: Breaking the Performance Barrier: High-Performance AI Storage Virtualization with KubeVirt - Jian Li, SK Telecom and Yves Weisser, NetApp #

Time: 11:15am CET - 11:40am CET

Speakers: Jian Li, SK Telecom and Yves Weisser, NetApp

Venue: Hall 1-5 | Tram Zone | Cloud Native Theater, Amsterdam, Netherlands

Type: SOLUTIONS SHOWCASE

Description: The rapid expansion of generative AI requires infrastructure that combines the agility of virtualization with the raw power of bare-metal systems. SK Telecom's Petasus AI Cloud has demonstrated this at scale through the successful commercialization of the Haein Cluster, one of the Korea's largest virtualized GPU environments featuring over 1,000 NVIDIA Blackwell GPUs. Building on this proven production experience, SK Telecom has partnered with AI Storage vendor to further enhance the Petasus platform by integrating the fast filesystem. This collaboration focuses on pushing the boundaries of KubeVirt to support the most I/O-intensive AI workloads by virtualizing Ethernet Fabrics to enable Native NFS over RDMA and GPUDirect Storage (GDS) directly within virtual machines.

In this session, we will detail the specific optimization techniques—from fabric virtualization to memory mapping—that allow the Petasus solution to achieve I/O performance nearly indistinguishable from bare-metal environments. We will move beyond theory to share empirical data from fio and gdsio benchmarks, comparing the performance of standard KubeVirt setups against our optimized stack. By showcasing how we successfully mitigated the ""virtualization tax"" in a GPU cluster, this talk provides a comprehensive technical blueprint for cloud-native architects and engineers aiming to deploy high-performance, production-ready AI infrastructure on KubeVirt.

Project Demo #

Time: 11:25am CET - 11:50am CET

Venue: Hall 1-5 | Gouda Zone | Project Pavilion, Amsterdam, Netherlands

Type: PROJECT OPPORTUNITIES

AI Agents & Platform Engineering: Efficiency Boost or New Source of Trouble? - Hasith Kalpage, Cisco; Vincent Caldeira, Red Hat; Sara Qasmi, United Nations; Idit Levine, Solo.io; Carlos Santana, AWS #

Time: 11:45am CET - 12:15pm CET

Speakers: Hasith Kalpage, Cisco; Vincent Caldeira, Red Hat; Sara Qasmi, United Nations; Idit Levine, Solo.io; Carlos Santana, AWS

Venue: Auditorium, Amsterdam, Netherlands

Type: AI + ML

Description: As application developers accelerate their output with AI-assisted coding tools, platform engineers face mounting pressure to keep pace. Can nondeterministic AI agents help bridge this gap, or are they a troublesome new source of complexity and unpredictability? What common challenges cause these AI initiatives to stall, and what does a “minimum viable” platform foundation for success actually look like? How do teams evaluate agent effectiveness and manage the cost implications of AI in production? How can platform engineers build trust in nondeterministic systems, and how does the human–agent collaboration model differ from traditional team dynamics? This vendor-neutral KubeCon panel brings together platform engineering leaders, project creators, and technical experts to share practical insights on the real-world impact of AI agents in platform engineering, offering proven patterns for defining golden metrics, avoiding common pitfalls.

Beyond Image Pull-Time: Ensuring Runtime Integrity With Image Layer Signing - Toddy Mladenov, Flora Taagen & Dallas Delaney, Microsoft #

Time: 11:45am CET - 12:15pm CET

Speakers: Toddy Mladenov, Flora Taagen & Dallas Delaney, Microsoft

Venue: F002-005, Amsterdam, Netherlands

Type: MAINTAINER TRACK

Description: Ensuring runtime integrity for container images is essential in cloud-native ecosystem. The existing image signing solutions only protect at pull time, leaving workloads exposed to runtime tampering. Notary Project is closing this gap with per-layer dm-verity signing and verification,enabling Linux kernel-enforced integrity and IPE policies for continuous protection at runtime and offline. In this session, Toddy will share Notary Project overview and the latest project updates. Flora and Dallas, as new contributors, will provide an in-depth overview of per-layer dm-verity signing, technical workflows, and integration points with Notation CLI, containerd, and OCI registries. Join us to learn how Notary Project is enhancing container security beyond pull-time verification by delivering continuous runtime protection for workloads. Whether you’re new to container security or an experienced professional, this session is packed with insights you won’t want to miss!

Building a Scalable and Cost-Effective MLOps Platform at PepsiCo Using CNCF Tools - Chaitanya G, PepsiCo #

Time: 11:45am CET - 12:15pm CET

Speakers: Chaitanya G, PepsiCo

Venue: Hall 8 | Room D, Amsterdam, Netherlands

Type: AI + ML

Description: As PepsiCo continues to scale AI-driven innovation, we have built and operationalized a robust, cloud-native MLOps platform leveraging the CNCF ecosystem—including Kubernetes, Helm, ArgoCD, Kubeflow, Keda, OPA and KubeRay. This platform supports enterprise-grade AI use cases such as demand forecasting and supply chain optimization, enabling scalable, automated, and cost-efficient machine learning lifecycle management.
In this session, we’ll dive into architectural decisions, MLOps pipelines, resource orchestration, and workload optimization strategies using open-source, cloud-native tooling. Attendees will gain insights into how we automated training, deployment, and monitoring workflows while ensuring governance, reliability, and scalability for critical ML use cases. We’ll also cover how we optimized for performance and cost by leveraging horizontal scaling, GPU-aware scheduling, and distributed training with KubeRay.

Cloud Native Theater | KubeVirt Summit: KubeVirt on GB200: Virtualizing a Rack-Scale Supercomputer - Fan Zhang, Kevin Klues, and Alay Patel, NVIDIA #

Time: 11:45am CET - 12:20pm CET

Speakers: Fan Zhang, Kevin Klues, and Alay Patel, NVIDIA

Venue: Hall 1-5 | Tram Zone | Cloud Native Theater, Amsterdam, Netherlands

Type: SOLUTIONS SHOWCASE

Description: GB200 (Grace Blackwell) changes the implementation for virtualization versus classic PCIe-based servers. Instead of discrete CPU and GPU devices connected through PCIe, GB200 couples CPU and GPU through a cache-coherent interconnect and unified memory, and the rack behaves like a single logical system. That shift breaks long-standing assumptions in the VFIO/QEMU/Kubernetes stack and requires changes in KubeVirt.

In this talk, we’ll share the practical enablement path for running KubeVirt successfully on GB200. We’ll cover:

VFIO and kernel requirements.
QEMU/libvirt requirements
Topology Manager requirements for Device Plugins or using DRA
Rack-scale orchestration: introducing Compute Domains as the unit of allocation for multi-node GPU fabrics, and how IMEX domain bring-up/teardown is orchestrated via an IMEX daemon integrated with KubeVirt lifecycle.
Guest topology pass-through: Pass host CPU/memory/GPU topology into the guest, and how we mirror host topology so the guest driver can online and use memory correctly.

Attendees will leave with an end-to-end mental model, practical integration patterns, and a validation checklist for bringing KubeVirt to GB200-class racks.

Ctrl-X, Ctrl-V Your Pods: WG Checkpoint Restore in Kubernetes - Peter Hunt & Adrian Reber, Red Hat; Radostin Stoyanov, University of Oxford; Viktória Spišaková, Masaryk University #

Time: 11:45am CET - 12:15pm CET

Speakers: Peter Hunt & Adrian Reber, Red Hat; Radostin Stoyanov, University of Oxford; Viktória Spišaková, Masaryk University

Venue: Elicium 2, Amsterdam, Netherlands

Type: EMERGING + ADVANCED

Description: Checkpoint/Restore is a relatively old technology in linux that allows taking a snapshot of a process, and later resuming the execution of that checkpoint. In Kubernetes 1.25, preliminary support was added for checkpointing containers in KEP 2008. However, there is a lot more that can be done with Checkpoint/Restore. The Kubernetes community has recently pulled together a working group to accelerate the adoption of Checkpoint/Restore technologies. Some items on the roadmap are pod level checkpointing, an in-tree API, and using checkpoint/restore for advanced use cases like preemption and eviction (which will especially help batch workloads, like ones for training AI models). Join the leads of the WG Checkpoint Restore and learn about what has been done already, and what lies on the horizon of this WG.

Dragonfly V2.4.0 - Intro, Updates, Data Distribution in AI Infrastructure - Wenbo Qi & Chenyu Zhang, Ant Group #

Time: 11:45am CET - 12:15pm CET

Speakers: Intro, Updates, Data Distribution in AI Infrastructure - Wenbo Qi & Chenyu Zhang, Ant Group

Venue: G102-103, Amsterdam, Netherlands

Type: MAINTAINER TRACK

Description: Dragonfly provides efficient, stable, and secure file distribution and image acceleration using P2P technology within cloud-native architectures. This talk will briefly introduce Dragonfly and highlight the features of its latest version. Key updates include enhanced security and new functionalities tailored for more efficient and robust model distribution. We will also demonstrate how Dragonfly preheats and distributes AI models (packaged as OCI Artifacts) to read-only volumes in Kubernetes, enabling faster deployments. Additionally, we will introduce P2P-based state snapshot and restore capabilities in AI agent scenarios.

End User Technical Advisory Board (TAB) Town Hall #

Time: 11:45am CET - 12:15pm CET

Venue: Hall 1-5 | Gouda Zone | Project Pavilion, Amsterdam, Netherlands

Type: PROJECT OPPORTUNITIES

Description: Come meet the CNCF’s end-user TAB! Learn about the TAB’s initiatives on reference architectures, project health and feedback. And use this opportunity to ask questions about areas where and how end-users can get involved.

Evolution or Revolution: Istio as the Network Platform for Cloud Native - Mitch Connors, Microsoft & Daniel Grimm, Red Hat #

Time: 11:45am CET - 12:15pm CET

Speakers: Mitch Connors, Microsoft & Daniel Grimm, Red Hat

Venue: Amtrium 1+2, Amsterdam, Netherlands

Type: MAINTAINER TRACK

Description: Since 2018, Istio has been the premier service mesh for Kubernetes, offering Security, Observability, and Traffic Controls to users around the world. Now, in its eighth year, Istio is evolving beyond a simple service mesh to become the foundational network for cloud-native technologies, integrating with solutions like Cilium, Calico, and agentgateway, establishing itself as the industry standard for secure cloud-native networking. In this session, two long-time Istio maintainers will reflect on the project's history, tracing how the vision of a universal dataplane for all cloud environments has consistently guided Istio. They will cover how this vision continues today, powering global scale with multicluster connectivity and fueling the AI revolution via the Inference Extension. The talk will also address how users can contribute as "Istio power user contributors." Finally, they will discuss potential improvements based on user feedback and audience input.

From Idle to Savings: Building a Global Scheduler for Cost‑Efficient Data Processing on K8s - Rainie Li & Ang Zhang, Pinterest #

Time: 11:45am CET - 12:15pm CET

Speakers: Rainie Li & Ang Zhang, Pinterest

Venue: Hall 7 | Room A, Amsterdam, Netherlands

Type: DATA PROCESSING + STORAGE

Description: At Pinterest, we built a batch scheduling service on top of Kubernetes that saves tens of millions of CPU/GPU compute costs by running big data + AI/ML (Spark and Ray/Pytorch) jobs on a mix of temporary capacity (borrowed from online service during off-peak hours) and fixed pools. The service chooses the cheapest viable placement across clusters and AZs using live capacity, capacity forecast, and an ML model–based algorithm that scores jobs (runtime/urgency/cost) and decides which jobs to run, when to start them, and to which cluster—maximizing utilization while guaranteeing SLOs. We keep in-cluster schedulers thin (Volcano/YuniKorn for pod placement + Gang scheduling) and apply pure K8s primitives: PriorityClass, nodeAffinity/topologySpreadConstraints, and PodGroup/TaskGroup. We’ll share the service design, including cost-aware routing, quota mapping (budgets→weights/caps), and dashboards showing 99% starts ≤5m and high utilization.

How To (Not) Fork Headlamp - Joaquim Rocha, Amutable #

Time: 11:45am CET - 12:15pm CET

Speakers: Joaquim Rocha, Amutable

Venue: E106-108, Amsterdam, Netherlands

Type: MAINTAINER TRACK

Description: Headlamp is a graphical user interface for viewing and managing Kubernetes, officially part of the Kubernetes project under SIG UI.

Its extensibility makes it an excellent foundation for building new graphical interfaces through its plugin system. But what happens when your needs go beyond what plugins can offer? Is that a reason to maintain a friendly fork? Even if your project is essentially Headlamp plus a set of plugins, does forking make sense?

In this talk I will give a brief overview of Headlamp's architecture including its plugin system, and go deeper into our recommendations on developing your project as a Headlamp plugin, as well as when actually creating a friendly fork of the project is adequate. We will also cover the best practices when keeping a plugin and a fork.

Kill the Ticket Queue: A CNCF Blueprint for Self-Service Platforms - Bhavani Indukuri & Aparna Prabhu, DigitalOcean #

Time: 11:45am CET - 12:15pm CET

Speakers: Bhavani Indukuri & Aparna Prabhu, DigitalOcean

Venue: Forum, Amsterdam, Netherlands

Type: PLATFORM ENGINEERING

Description: How did we cut environment provisioning time from weeks to just minutes and reduce manual infrastructure tickets by 90%? We replaced our slow, ticket-based system with a self-service, event-driven platform built entirely on CNCF projects. This talk is a deep dive into our architecture. We'll show you how we connected Backstage as a unified developer portal to an event-driven backend powered by Argo Events and Argo Workflows. See how Argo CD provides GitOps-based delivery to ephemeral vClusters for fast, isolated, and cost-effective development environments. We'll also demonstrate how Kyverno ensures continuous policy compliance and how we monitor it all with Prometheus and Grafana. This isn't just a story, it's a playbook. You will learn actionable patterns to connect these powerful tools, automate your DevOps workflows, and build a scalable internal platform that boosts developer productivity and strengthens governance.

Longhorn: Intro, Deep Dive and Q&A - David Ko & Divya Mohan, SUSE #

Time: 11:45am CET - 12:15pm CET

Speakers: David Ko & Divya Mohan, SUSE

Venue: E103-105, Amsterdam, Netherlands

Type: MAINTAINER TRACK

Description: Longhorn is a cloud-native, distributed block storage solution built on Kubernetes and designed for both container and VM workloads. It fully supports volume functionalities compliant with the CSI specification. It can flexibly run across diverse environments, including on-premises, public/private clouds, edge, and local deployments with varying resource constraints. The team is currently focused on developing the V2 data engine, which delivers significant I/O performance improvements over the existing V1 engine.

In this session, we will introduce Longhorn and update you on its current project status, highlight key features from the latest release, such as V2 feature readiness and milestones, and examine its technical architecture and design principles. We will also discuss the future roadmap and engage in an in-depth discussion with the audience. Longhorn was accepted as an incubating project by the CNCF in November 2021 and continues to be actively progressing toward graduation.

Multi-Network Step-by-Step: Enabling SR-IOV Support From Kubernetes Network (DRA) Drivers - Masaharu Kanda, NTT, Inc. & Lionel Jouin, Red Hat #

Time: 11:45am CET - 12:15pm CET

Speakers: Masaharu Kanda, NTT, Inc. & Lionel Jouin, Red Hat

Venue: Hall 7 | Room C, Amsterdam, Netherlands

Type: EMERGING + ADVANCED

Description: The SIG-Network community is on track to deliver official multi-network support in Kubernetes, using Dynamic Resource Allocation (DRA) and the PodNetwork resource to streamline NIC allocation and management. This innovation simplifies the creation of advanced networking for high-bandwidth AI/ML, Telco, and HPC workloads, integrating natively with Kubernetes rather than traditional Multus-based methods. The CNI DRA Driver, as a reference implementation, bridges DRA and CNI, enabling seamless Pod network interface configuration. With this innovation, users gain transparent NIC usage visibility and fine-grained control, such as bandwidth allocation per Virtual Function (VF) of a physical NIC, optimizing performance and predictability. This session will cover the design and implementation, and feature a demo of the enhanced driver. Attendees will learn practical methods for managing advanced NICs like SR-IOV in Kubernetes and gain insights into the latest Multi-network project updates.

Redis on EC2 to Valkey on Kubernetes: A Zero-Downtime Case Study - Joe Heyburn, Braze #

Time: 11:45am CET - 12:15pm CET

Speakers: Joe Heyburn, Braze

Venue: Hall 8 | Room E, Amsterdam, Netherlands

Type: DATA PROCESSING + STORAGE

Description: Migrating any database to Kubernetes is challenging, let alone an in-memory data store such as Valkey. In a 24/7/365 environment such as Braze, stopping traffic to copy RDB files is not an option.

Join this real-world case study to learn how Braze safely migrated 250+ mission-critical Redis instances from EC2 to Kubernetes with zero downtime and a rollback path. Enabling Braze to migrate to Valkey 8.1 in a matter of weeks, reducing tail-end latency by up to 90% when compared to Redis 7.2.

Audience members can expect to learn:

How to migrate Valkey to Kubernetes with no customer impact
The challenges overcome during and after the migration, and how they were solved
Measured performance gains after migrating to Valkey
Lessons learned from running stateful workloads on Kubernetes at scale

Tailor Made: Dynamic Fine-Grained Authorization for API Traffic - Erica Hughberg, Tetrate & Andres Aguiar, Okta #

Time: 11:45am CET - 12:15pm CET

Speakers: Erica Hughberg, Tetrate & Andres Aguiar, Okta

Venue: Hall 8 | Room F, Amsterdam, Netherlands

Type: SECURITY

Description: Modern API access control requires authorization models that can adapt to real-time conditions and complex relationships. Learn how to move beyond static authorization methods that are complex to revoke, like API keys and tokens, and improve your security posture with dynamic access decisions.

We'll demonstrate how to implement fine-grained authorization at the gateway level by integrating OpenFGA with Envoy Gateway in Kubernetes, enabling context-aware access decisions at the edge of your system.

With live demonstrations, we'll showcase how OpenFGA's Relationship-based Access Control (ReBAC) model can solve complex authorization challenges. For example, has your boss approved you to access confidential information about Project X?

We'll present three entertaining yet practical examples that showcase common multi-tenant SaaS challenges, B2B API access, and data-dependent authorization rules.

Taming Complexity: Building Observable Workflows With Dapr and OpenTelemetry - Mauricio "Salaboy" Salatino, Diagrid & Kasper Borg Nissen, Dash0 #

Time: 11:45am CET - 12:15pm CET

Speakers: Mauricio "Salaboy" Salatino, Diagrid & Kasper Borg Nissen, Dash0

Venue: Hall 8 | Room G, Amsterdam, Netherlands

Type: PLATFORM ENGINEERING

Description: Today’s cloud-native applications are complex and constantly evolving, with new requirements for infrastructure - including emerging services such as LLMs. The challenge is clear: how do we build resilient, observable systems without making life harder for developers?
In this session, we’ll explore event-driven orchestration with Dapr Workflows, and how it pairs with OpenTelemetry to reveal the interactions between application and infrastructure components. By combining the OpenTelemetry Operator with Dapr observability, we can enable no-touch instrumentation that delivers traces, metrics, and logs - even across asynchronous boundaries.
Through a live demo, we’ll illustrate these concepts, highlight common pitfalls and current gaps, and showcase the work being done to align Dapr with the OpenTelemetry specification. The result is observability that is portable across vendors and, more importantly, easy for developers to adopt.

Project Demo #

Time: 12:00pm CET - 12:25pm CET

Venue: Hall 1-5 | Gouda Zone | Project Pavilion, Amsterdam, Netherlands

Type: PROJECT OPPORTUNITIES

Lunch 🍲#

Time: 12:15pm CET - 1:45pm CET

Venue: Hall 1-5 | Solutions Showcase, Amsterdam, Netherlands

Type: BREAKS

Your Voice on Stage: The Iterative Pitch Lab #

Time: 12:15pm CET - 1:15pm CET

Venue: G104 - 105 | Community Hub, Amsterdam, Netherlands

Type: INCLUSION + ACCESSIBILITY

Description: Are you an underrepresented voice in cloud native looking to share your expertise on stage but need guidance on how to begin? We’re here to help! Join seasoned KubeCon+CloudNativeCon speakers and past program committee members for a hands-on workshop focused on crafting standout talk proposals.

This isn't a passive lecture. You’ll work in short, focused cycles learning a key pitching principle, immediately applying it, and receiving instant, constructive feedback through guided peer critiques. We’ll cover choosing compelling topics, writing a strong title and abstract, and highlighting your unique perspective for the right audience. We’ll also show best practices for using AI as a companion to refine your story for your next session on stage.

The session culminates in a live Q&A where you’ll get real-time feedback on your proposals, giving you a blueprint for success. Walk away with a refined talk abstract, actionable insights, expert guidance, and the confidence to turn your expertise into a conference submission!

Cloud Native Theater | KubeVirt Summit: Achieving 10× Faster VM Migration to KubeVirt with Storage Offload in Forklift - Ryosuke Tatsumi, Hitachi America, Ltd.#

Time: 12:25pm CET - 12:50pm CET

Speakers: Ryosuke Tatsumi, Hitachi America, Ltd.

Venue: Hall 1-5 | Tram Zone | Cloud Native Theater, Amsterdam, Netherlands

Type: SOLUTIONS SHOWCASE

Description: Migrating large-scale production virtual machines (VMs) from VMware environments to KubeVirt remains a key adoption challenge for the community, primarily due to slow data migration and limited scalability of host-based data copy approaches.

In this session, we present an enhancement to Forklift, an open-source toolkit for migrating VMs to KubeVirt, that introduces a storage offload acceleration mechanism using XCOPY, a standard storage I/O command. This work extends the open-source migration pipeline to offload bulk data movement from compute nodes to the storage layer.

This approach significantly reduces host CPU, memory, and network consumption and achieves up to 10× faster VM migrations compared to traditional methods. The design supports both cold and warm migration workflows and is engineered to scale to thousands of VMs, addressing a common pain point reported by KubeVirt users operating at scale.

We will discuss how this contribution can be reused, adapted, or extended by the broader KubeVirt community to improve VM migration performance across diverse environments.

Time: 12:30pm CET - 1:30pm CET

Venue: Hall 1-5 | Tram Zone | Network Nook, Amsterdam, Netherlands

Type: EXPERIENCES

Description: Join us for casual and engaging meetups at the Network Nook during lunch breaks! These informal gatherings are open to all, whether you're a first-time attendee, a solo traveler, or simply looking to chat about shared interests. This is a great way to connect with others.

Today's topic: Share + Continue the Conversation
What were your favorite sessions, networking events, etc., this week? Where can you contribute to the mindshare in your local community?

Project Demo #

Time: 12:30pm CET - 12:55pm CET

Venue: Hall 1-5 | Gouda Zone | Project Pavilion, Amsterdam, Netherlands

Type: PROJECT OPPORTUNITIES

Cloud Native Theater | KubeVirt Summit: Measuring KubeVirt Performance and Scale with KWOK - Sreeja Varnam, NVIDIA #

Time: 12:55pm CET - 1:05pm CET

Speakers: Sreeja Varnam, NVIDIA

Venue: Hall 1-5 | Tram Zone | Cloud Native Theater, Amsterdam, Netherlands

Type: SOLUTIONS SHOWCASE

Description: KubeVirt’s sig-scale publishes the project’s scale and performance data after every release and now we want to share some new data and techniques: using simulation with KWOK. In this talk, we’ll explore how Kubevirt leverages KWOK (Kubernetes Without Kubelet) to simulate thousands of Nodes and VirtualMachineInstances (VMIs). We’ll demonstrate how this large-scale simulated environment enables stress testing of the Kubevirt control plane. Furthermore, we will share how kubevirt sig-scale evaluates the control plane behavior under extreme scale to help uncover scalability limits and performance bottlenecks as well as benefits of leveraging other simulation techniques like the virtual kubelet.

This session also covers simulated load generation, collection and aggregation of performance metrics, and visualisation of data trends across releases to detect scalability and performance regressions.

Learning Lounge: 3-2-1 Certify! - Everything You Want to Know About Exams, but Are Afraid to Ask - Zuzanna Piskorz-Nałęcka, Linux Foundation Education #

Time: 1:00pm CET - 1:15pm CET

Speakers: Everything You Want to Know About Exams, but Are Afraid to Ask - Zuzanna Piskorz-Nałęcka, Linux Foundation Education

Venue: Hall 1-5 | Bridge Zone | Learning Lounge, Amsterdam, Netherlands

Type: SOLUTIONS SHOWCASE

Cloud Native Theater | KubeVirt Summit: Bridging Islands: EVPN Overlays for Multi-Cluster KubeVirt - Miguel Duarte, Red Hat #

Time: 1:10pm CET - 1:35pm CET

Speakers: Miguel Duarte, Red Hat

Venue: Hall 1-5 | Tram Zone | Cloud Native Theater, Amsterdam, Netherlands

Type: SOLUTIONS SHOWCASE

Description: To address the challenge of providing seamless Layer 2 connectivity and mobility for KubeVirt virtualized applications distributed across multiple clusters (for reasons like disaster recovery, scaling, or hybrid cloud), we integrated OpenPERouter. This provides EVPN-based VXLAN overlays, solving the critical need for distributed L2 networking.OpenPERouter's declarative APIs and dynamic BGP-EVPN control plane enable L2 networks to stretch transparently between clusters, maintaining VM MAC/IP consistency during migrations and disaster recovery. This architecture facilitates deterministic cross-cluster live migrations, better supports legacy workloads needing broadcast/multicast, and allows resource pooling across multi-site infrastructures using open components. VRF-aware overlays were also implemented for traffic segregation and to provide direct routed ingress to VMs, eliminating the need for Kubernetes services to expose ports.Attendees will gain the practical knowledge to design and implement resilient, operationally safe, EVPN-based overlays with OpenPERouter, receiving actionable design patterns and configuration examples.

Non-Code Contribution Crash Course #

Time: 1:30pm CET - 2:15pm CET

Venue: G104 - 105 | Community Hub, Amsterdam, Netherlands

Type: INCLUSION + ACCESSIBILITY

Description: Want to contribute to open source but don't know how? It doesn't have to be code. Non-code contributions are an important, often overlooked part of open source contributions. Join this open discussion with Catherine Paganini, co-founder of Merge Forward, and Stéphane Este-Gracias, co-lead of Merge Forward, to chat about the high-impact ways you can get involved from organizing community events to building supportive networks and mentorship programs.

You'll learn about the principles for success: how to be proactive, reliable, and transparent to ensure you make a lasting impact on any open source community. Join us for guidance on becoming a valued non-code contributor!

Learn more about Merge Forward at https://community.cncf.io/merge-forward

AI'm at the Gate! Introducing the AI Gateway Working Group in Kubernetes - Morgan Foster & Nir Rozenbaum, Red Hat; Shachar Tal, Palo Alto Networks #

Time: 1:45pm CET - 2:15pm CET

Speakers: Morgan Foster & Nir Rozenbaum, Red Hat; Shachar Tal, Palo Alto Networks

Venue: E106-108, Amsterdam, Netherlands

Type: MAINTAINER TRACK

Description: Kubernetes Working Groups (WGs) play a vital role in shaping the future of Kubernetes and CNCF.

We’re excited to introduce a new addition: The AI Gateway WG.

This session will present the mission, scope, and early initiatives of the AI Gateway WG, focused on defining and advancing practices and standards at the intersection of AI and networking.

As AI systems increasingly rely on gateways, load balancers, and proxies, the WG is exploring the standardization of key capabilities, such as callouts to external AI backends for egress scenarios and payload-processing hooks that handle requests/responses before or after reaching an AI service. These primitives enable higher-level behaviors such as request/response guards, semantic routing, and other AI-aware traffic controls.

We’ll share the initial designs, early prototypes, and emerging directions shaping the WG’s roadmap.

Join us to learn how you can contribute and help shape the future of AI-aware gateway capabilities in Kubernetes.

Beyond the Edge: Cloud Native Application Management Under Extreme Network Conditions - Tobias Nöthlich & Maximilian Nitsch, D3TN GmbH #

Time: 1:45pm CET - 2:15pm CET

Speakers: Tobias Nöthlich & Maximilian Nitsch, D3TN GmbH

Venue: Hall 7 | Room C, Amsterdam, Netherlands

Type: EMERGING + ADVANCED

Description: Kubernetes excels at managing distributed applications in well-connected environments. But what if workloads must communicate over high-latency or intermittent links? From satellites and deep-space probes to remote research stations and air-gapped systems, many applications cannot rely on traditional IP networking and require delay- or disruption-tolerant communication.

This talk explores how cloud-native practices can support such scenarios. We show how containerized applications can be deployed, updated, and managed through Kubernetes while communicating via Delay-/Disruption-Tolerant Networking (DTN) protocols. We discuss integration points, required networking abstractions, and practical considerations for operating DTN-enabled workloads.

Attendees will learn how Kubernetes can orchestrate DTN-enabled applications beyond conventional network assumptions, enabling new use cases in space, remote operations, and other disconnected environments.

BoF: AI Infrastructure and Platform: LLMs, Agentic AI #

Time: 1:45pm CET - 2:15pm CET

Venue: G106, Amsterdam, Netherlands

Type: EXPERIENCES

Description: Cloud native is an excellent choice to running AI worklaods

Topics to be included but open to other topics during the session.
Best practices for generic MLOps on cloud native platforms, including tools such as kubeflow and mlflow as well as specific tools for LLMs and Agentic AIMost common pain points of running such workloads on cloud native infraGaps in the existing ecosystem

Cloud Native at the Far(m) Edge: Running Kubernetes and AI on Tractors - Mauro Morales, Spectro Cloud & Jordan Karapanagiotis, Aurea Imaging #

Time: 1:45pm CET - 2:15pm CET

Speakers: Mauro Morales, Spectro Cloud & Jordan Karapanagiotis, Aurea Imaging

Venue: Auditorium, Amsterdam, Netherlands

Type: AI + ML

Description: How do you take the best of cloud-native beyond the data center, to empower farmers in the field? Aurea Imaging powers precision agriculture by running AI inference directly on devices mounted on tractors. Using onboard sensors, cameras, and GPUs, these devices analyze trees in real time to optimize spraying and reduce waste. But getting cloud-native workloads to run reliably on the far edge, in environments that are often air-gapped, disconnected, and physically demanding, requires more than just containerizing code. Together with the CNCF Sandbox project Kairos, Aurea Imaging built a production platform where devices boot from container images: an immutable, reproducible system running K3s and managing its lifecycle “as code.” This approach replaces traditional embedded provisioning with declarative configuration, image-based deployment, and seamless OTA updates, bringing the power of cloud-native and AI beyond the data center.

Discover Cortex: High Scalability Metrics in 2026 - Friedrich Gonzalez & Charlie Le, Apple #

Time: 1:45pm CET - 2:15pm CET

Speakers: Friedrich Gonzalez & Charlie Le, Apple

Venue: F002-005, Amsterdam, Netherlands

Type: MAINTAINER TRACK

Description: Dive into Cortex with us in this interactive session designed to help you get started with one of the most powerful open-source metrics platforms.

We’ll also highlight key improvements from the latest 1.20 release and share what’s ahead on the roadmap. Whether you’re just beginning your journey with Cortex or already contributing to the project, you’ll walk away with practical insights and expert tips.

Stick around for a live Q&A with core maintainers—your chance to ask questions, share thoughts, and connect directly with the team driving Cortex forward.

Evolving KServe: The Unified Model Inference Platform for Both Predictive and Generative AI - Filippe Spolti & JooHoo Lee, Red Hat #

Time: 1:45pm CET - 2:15pm CET

Speakers: Filippe Spolti & JooHoo Lee, Red Hat

Venue: G102-103, Amsterdam, Netherlands

Type: MAINTAINER TRACK

Description: As generative AI transforms how organizations build and deploy intelligent applications, the need for scalable, flexible, and interoperable model serving infrastructure is becoming critical. This session explores the evolution of model serving — from early, custom-built deployments to today’s cloud-native, Kubernetes-based platforms. We’ll discuss emerging challenges in productionizing large language models (LLMs), including inference efficiency, distributed execution, KV-cache management, and cost optimization.

We are excited to introduce the latest addition to the CNCF family - KServe project - and its latest release, a major leap forward in serving generative AI workloads beyond predictive AI. This release features a new CRD purpose-built for LLM serving via llm-d, support for disaggregated inference architectures, enhanced model and KV caching, and seamless integration with the open source Envoy AI Gateway.

Evolving Policy Management with Agentic AI: Kyverno MCP and Kagent for Multi-Cluster Governance - Shuting Zhao, Nirmata & Dahu Kuang, Alibaba Cloud #

Time: 1:45pm CET - 2:15pm CET

Speakers: Shuting Zhao, Nirmata & Dahu Kuang, Alibaba Cloud

Venue: Forum, Amsterdam, Netherlands

Type: PLATFORM ENGINEERING

Description: Traditional policy management approaches often lack the flexibility needed for dynamic environments and struggle with centralized management across multiple clusters. This session will dive into how to leverage CNCF and open-source tools such as Kyverno, MCP servers, and Kagent to enable platform teams to implement policy-as-code while meeting governance requirements in highly customized scenarios. It will show how integrating Agentic AI helps maintain consistent governance across hybrid Kubernetes environments.

As a case study, confronted with the challenges of large-scale policy management, Alibaba Cloud conducted a comprehensive evaluation of policy-as-code solutions and chose to integrate Kyverno into its existing infrastructure. Join us as we explore how the team extends Kyverno’s capabilities with MCP servers for centralized policy management and Kagent for intelligent distribution across clusters, addressing multi-cluster policy management complexity.

KubeVirt's Evolution: Governance, Features, and Community Growth - Sreeja Varnam, NVIDIA & Luboslav Pivarc, Red Hat #

Time: 1:45pm CET - 2:15pm CET

Speakers: Sreeja Varnam, NVIDIA & Luboslav Pivarc, Red Hat

Venue: E103-105, Amsterdam, Netherlands

Type: MAINTAINER TRACK

Description: Maintaining a healthy open source project amid competing company interests is hard. KubeVirt addresses this with its Enhancements (VEP) process and SIG governance, inspired by Kubernetes’ KEP framework, to enable transparent, community-driven development.
In this session, we’ll explain how KubeVirt adapted these practices, walk through the VEP lifecycle from proposal to graduation, and show how it enables collaboration across companies. Using the VirtualMachinePool feature as a real-world example, we’ll highlight how an NVIDIA engineer and a Red Hat core contributor worked together to deliver IaaS-style VM lifecycle management in Kubernetes.
Attendees will gain practical strategies for fostering effective open source collaboration and see how VEP is evolving to support new challenges, including AI/high-performance workloads and multi-hypervisor support, as KubeVirt moves toward CNCF graduation.
Join us to see how Kubernetes-inspired governance drives innovation and growth.

Navigating the Gateway API Maze: 40+ Implementations, 55+ Features, and a Path to Portability - Beka Modebadze, Google & Christine Kim, Isovalent at Cisco #

Time: 1:45pm CET - 2:15pm CET

Speakers: Beka Modebadze, Google & Christine Kim, Isovalent at Cisco

Venue: Hall 7 | Room B, Amsterdam, Netherlands

Type: CLOUD NATIVE EXPERIENCE

Description: The Gateway API ecosystem has exploded, with 40+ implementations and 55+ features. While this growth is exciting, it presents a significant challenge for users as the endless choices can lead to the analysis paralysis:
How do you find an implementation that meets your needs?
How can you trust that a feature’ll behave the same way across different implementations?
How to tell if features you are already using actually aren’t supported by your implementation?
We'll cut through the confusion and provide you with the knowledge to navigate the Gateway API landscape. We’ll demonstrate a new set of tools to discover and compare implementations with desired features based on the feature name. Then, we'll examine what it means for an implementation to "support" a feature, showing how Gateway API's conformance tests guarantee portability. You'll leave this session able to make informed decisions and prepared for a truly portable, vendor-agnostic future of k8s networking.

Prometheus V3 One Year In: OpenMetrics 2.0 and More! - Jan Fajerski, Red Hat & Bartłomiej Płotka, Google #

Time: 1:45pm CET - 2:15pm CET

Speakers: Jan Fajerski, Red Hat & Bartłomiej Płotka, Google

Venue: Hall 8 | Room E, Amsterdam, Netherlands

Type: MAINTAINER TRACK

Description: This session offers an introduction to Prometheus, followed by a detailed recap of project development over the last 12 to 16 months since the 3.0 release, spanning up to version 3.8.

The audience will learn about major advancements in TSDB storage, secret providers, enhanced PromQL features (such as anchored/smoothed rate selectors and new time-series functions), and the full stabilization of Native Histograms as a feature. Jan and Bartek will also l also cover OpenMetrics 2.0 development, as well as, significant OTLP integration features, including performance improvements and new translation strategies, along with updates to Remote-Write 2.0.

Finally, you will learn about the organizational developments in community growth with the new project governance and the project's future roadmap.

Scaling the Kubernetes Ecosystem: Uber's Approach to Cluster Lifecycle Management - Silvio Simunic & Vadim Plakhtinskii, Uber #

Time: 1:45pm CET - 2:15pm CET

Speakers: Silvio Simunic & Vadim Plakhtinskii, Uber

Venue: Hall 8 | Room D, Amsterdam, Netherlands

Type: OPERATIONS + PERFORMANCE

Description: Uber manages numerous clusters that process millions of trips per day. These clusters are distributed across various zones and regions, utilizing both on-premise infrastructure and cloud providers. Our internal teams require diverse configurations for their stateless, batch, and stateful workloads, resulting in a multitude of services each needing unique cluster setups.

As the number of clusters rapidly grows and their setup evolves, there is a need for a simple, reliable, and automated way to manage their lifecycle. In this case study, we will demonstrate how we unified cluster configuration, automated provisioning and decommissioning of clusters, and integrated with observability stack. We also enabled a simpler way of running open-source operators and discovering clusters during runtime. These improvements led to a decreased manual operational load and faster cluster lifecycle turnaround time, while also enhancing safety and improving our Uber-specific systems.

Spin-Up, Test, Tear-Down: How Trivago Runs Developer Preview Environments at Scale - Armin Aminian, Trivago & Jan Wozniak, Kedify #

Time: 1:45pm CET - 2:15pm CET

Speakers: Armin Aminian, Trivago & Jan Wozniak, Kedify

Venue: Hall 7 | Room A, Amsterdam, Netherlands

Type: OPERATIONS + PERFORMANCE

Description: When developers write software, they need a place to run and test their code. Preview environments empower engineers to validate changes safely, but running hundreds of them at once can blow away your cloud budget and operational sanity. At trivago, 200+ engineers build services around the clock, so a reliable, cost-efficient platform is crucial.

In this session, we'll share how we designed our Kubernetes-based preview system for speed and efficiency, using KEDA to autoscale environments based on real demand. We'll cover the architecture, challenges, and why Kubernetes & KEDA fit this use case, along with the right metrics and safety checks to keep the system reliable. We collaborated with the KEDA community and maintainers to improve HTTP‑based scaling, especially scale‑to‑zero, so it's trustworthy at large scale. You'll leave with concrete ideas and a blueprint for running previews at scale, supporting rapid delivery while keeping waste low with CNCF projects.

The Accidental Platform Team: Kubernetes Operators at Swisscom - Fabian Schulz & Jelena Malic, Swisscom #

Time: 1:45pm CET - 2:15pm CET

Speakers: Fabian Schulz & Jelena Malic, Swisscom

Venue: Hall 8 | Room G, Amsterdam, Netherlands

Type: PLATFORM ENGINEERING

Description: What happens when Operators outgrow their original scope? At Swisscom, our Operators for network automation are now used both by the 5G Core team to automate the mobile core and by our platform team to power Kubernetes-as-a-Service. Suddenly, we found ourselves running “Operators as a Service,” sitting between networking and application teams, defining boundaries, and scaling a model that spans domains. In this session, we’ll share what worked, and what didn’t. How we convinced teams with little kubernetes know-how to adopt our Operators, designing interfaces that hide complexity, and keeping reliability high without slowing teams down. Most importantly, we’ll highlight why staying close to our users, understanding their needs, workflows, and limits, was critical to building Operators they actually wanted to use.

The Shared Service Blueprint: A Guide to Multi-Tenancy, Illustrated With KEDA - Aya Igarashi, Preferred Networks, Inc.#

Time: 1:45pm CET - 2:15pm CET

Speakers: Aya Igarashi, Preferred Networks, Inc.

Venue: Hall 8 | Room F, Amsterdam, Netherlands

Type: SECURITY

Description: What should you consider when providing a service in a multi-tenant Kubernetes environment? How can you maintain strong tenant isolation when the tools weren't originally designed for it?

In this session, we share practical lessons and key considerations from our journey, using the event-driven autoscaler KEDA as a concrete case study. Key topics include:

Architectural trade-offs and secure design principles for multi-tenant components
NetworkPolicy patterns for strict network boundaries
Kubernetes APIService limitations and solutions for multi-tenancy
AuthN/AuthZ mechanisms for a Kubernetes External API Server

By the end, you'll gain actionable insights to architect secure, multi-tenant services, along with a deep understanding of crucial Kubernetes extension mechanisms.

Visualizing GitOps: A Tour of Flux UIs in the Open Source Ecosystem - Stefan Prodan, ControlPlane #

Time: 1:45pm CET - 2:15pm CET

Speakers: Stefan Prodan, ControlPlane

Venue: Elicium 2, Amsterdam, Netherlands

Type: MAINTAINER TRACK

Description: Flux has always shipped Grafana dashboards for metrics and alerting, but interactive troubleshooting has meant reaching for the Flux CLI to figure out why a HelmRelease is stuck or trace the dependencies of a Kustomization. That's changing. This talk introduces the new lightweight UI built into Flux Operator, featuring SSO authentication, Kubernetes impersonation, and a mobile-friendly design, while exploring the broader landscape including Capacitor, Headlamp, Backstage, and Freelens plugins. We'll evaluate each project's security model, Flux API compatibility and user experience to help platform teams choose the right visualization layer for their GitOps stack.

📚 Tutorial: Your Application, Batteries Included: Packaging for Deterministic, Secure, and Portable Delivery - Brandt Keller & Austin Abro, Defense Unicorns; William Crum, Spectro Cloud; Merijn Keppel, TrueFullstaq; Jessica Keppel-Drost, Isala #

Time: 1:45pm CET - 3:00pm CET

Speakers: Brandt Keller & Austin Abro, Defense Unicorns; William Crum, Spectro Cloud; Merijn Keppel, TrueFullstaq; Jessica Keppel-Drost, Isala

Venue: Elicium 1, Amsterdam, Netherlands

Type: 📚 TUTORIALS

Description: Delivering modern applications consistently across clouds, data centers, and disconnected networks is one of the hardest problems in the Kubernetes ecosystem. Developers and operators are often forced to choose between speed and security, convenience and control. But what if there were a way to package everything your application needs - from containers and manifests to policies, SBOMs, and configurations - into a single, verifiable artifact that just works anywhere?

In this hands-on tutorial, participants will learn how to use Zarf, an OpenSSF Sandbox Project that enables deterministic, portable software delivery. Together we’ll explore how to build a “batteries-included” application package, sign and verify its contents, and deploy it in both connected and airgapped environments. Along the way, attendees will gain insight into secure software delivery paradigms, provenance, and reproducibility all grounded in real-world, practical workflows.

🚨 Contribfest: Supercharge Your Open Source Impact: Backstage ContribFest Live! 🚀 - André Wanlin & Emma Indal, Spotify; Heikki Hellgren, OP Financial Group; Elaine Bezerra, DB Systel GmbH #

Time: 1:45pm CET - 3:00pm CET

Speakers: André Wanlin & Emma Indal, Spotify; Heikki Hellgren, OP Financial Group; Elaine Bezerra, DB Systel GmbH

Venue: G107, Amsterdam, Netherlands

Type: 🚨 CONTRIBFEST

Description: Ready to make your mark in the world of open source? Join us for an electrifying, hands-on Backstage ContribFest! Whether you’re a newcomer eager to learn or a seasoned pro looking to push boundaries, this interactive session is your gateway to contributing to the CNCF project revolutionizing Internal Developer Portals.

We’ll kick things off by helping you set up your dev environment (Node.js, TypeScript, Yarn and friends), then guide you through the Backstage Contributing Guide and match you with beginner-friendly GitHub issues. If you already have experience, dive straight into advanced challenges, craft new plugins, or tackle complex problems - shoulder to shoulder with maintainers and fellow innovators.

By the end of the session, you’ll walk away with meaningful contributions, and new connections. Level up, give back, and help shape the future of developer experience - together!

A Unified Management and Control Plane for Cloud Native Robots With KubeEdge - Sitong Mao, Huawei; Huan Wei, Hangzhou HarmonyCloud Technologies; Yin Ding, Broadcom #

Time: 2:30pm CET - 3:00pm CET

Speakers: Sitong Mao, Huawei; Huan Wei, Hangzhou HarmonyCloud Technologies; Yin Ding, Broadcom

Venue: Hall 7 | Room C, Amsterdam, Netherlands

Type: EMERGING + ADVANCED

Description: Cloud-native architectures are accelerating robotics: containers, microservices, and elastic scaling help robots handle complex environments and diverse tasks. Yet the absence of a unified management and control plane still limits broader adoption across industrial automation, logistics, and warehousing.
Since 2021, KubeEdge SIG Robotics has advanced a cloud–edge collaborative architecture that fuses cloud-native tech with robotics. Leveraging Kubernetes-native patterns, we improve robot intelligence, reliability, and developer productivity across heterogeneous fleets.
In this session, we will deliver plug-and-play cloud capabilities for perception, planning, and multi-robot collaboration via simple, developer-friendly interfaces. By abstracting cloud–edge integration and shortening integration cycles, developers can invoke cloud services like local libraries—achieving higher availability, scalability, and portability with seamless edge-to-cloud lifecycle management.

BoF: Infrastructure Optimization for GPUs / Inference / Training / Networking #

Time: 2:30pm CET - 3:00pm CET

Venue: G106, Amsterdam, Netherlands

Type: EXPERIENCES

Description: Advanced capabilities required for AI and ML workloads on cloud native infrastructure are not necessarily available by default, requiring effort to optimize the infrastructure and scheduling.

Topics to be included but open to other topics during the session.
Low level runtime optimizations, including CPU/GPU NUMA affinity, CPU pinning and other required configurationsLow latency networking support for Infiniband and RDMA over Converged Ethernet (RoCEv2), required for multi node training and inferenceSupport for heterogeneous hardware, multiple GPU vendors, integration of FPGAs and other specialized accelerators

Buildpacks: Towards 1.0, AI and Other Things - Aidan Delaney, Bloomberg #

Time: 2:30pm CET - 3:00pm CET

Speakers: Aidan Delaney, Bloomberg

Venue: E106-108, Amsterdam, Netherlands

Type: MAINTAINER TRACK

Description: Cloud Native Buildpacks (CNB) effortlessly transform source code into container images, making cloud-native development simpler for your organization. This session will explore two main threads: The Road to 1.0, focusing on the critical milestone of achieving the stability and feature set necessary for widespread user adoption. We will detail how the 1.0 release will provide a rock-solid, production-ready foundation for your applications, clarify what this new level of stability means for end-users, and outline the key technical components (like the Lifecycle, Platform, and Builder) that are driving this readiness. In addition, we will cover the rapidly evolving integration of AI and Machine Learning into the Buildpacks ecosystem, showcasing new features and experiments that simplify building and deploying AI-driven applications. Attendees will gain a clear understanding of the 1.0 goals for the core spec and implementation, and learn the best ways to contribute to the project.

CRI-O: Faster Pulls, Better Metrics, and a Future Beyond Images - Sohan Kunkerkar & Ayato Tokubi, Red Hat #

Time: 2:30pm CET - 3:00pm CET

Speakers: Sohan Kunkerkar & Ayato Tokubi, Red Hat

Venue: F002-005, Amsterdam, Netherlands

Type: MAINTAINER TRACK

Description: CRI-O continues to evolve to support modern Kubernetes clusters in today’s AI-driven, cloud-native environments. This session will cover ongoing and upcoming work, including runtime metrics stabilization, enhancements in OCI artifact and image volume support, and experimentation in peer-to-peer image distribution. We will also highlight recent updates from SIG Node and security improvements. Additionally, we will explore the future of CRI-O beyond P2P image distribution and traditional container images, outlining the next steps for runtime innovation. Attendees will gain insights into the direction of CRI-O and the opportunities these developments create.

Envoy in the Era of Agentic Workloads - Yan Avlasov, Google & Erica Hughberg, Tetrate #

Time: 2:30pm CET - 3:00pm CET

Speakers: Yan Avlasov, Google & Erica Hughberg, Tetrate

Venue: G102-103, Amsterdam, Netherlands

Type: MAINTAINER TRACK

Description: Agentic workloads have presented new challenges for the underlying network and require both the data and control planes to evolve. This talk presents Envoy and Envoy AI Gateway as building blocks for service-centric networking for Inference, MCP, and A2A requests. Providing you with a reliable and extensible foundation for your agentic systems. In this presentation, you will get an overview of configuration APIs, a deep dive into implementation details, and the roadmap ahead, directly from the maintainers.

Freedom Through Boundaries: Building Configurations That Age Well - Bogdan Stancu, Adobe #

Time: 2:30pm CET - 3:00pm CET

Speakers: Bogdan Stancu, Adobe

Venue: Forum, Amsterdam, Netherlands

Type: PLATFORM ENGINEERING

Description: Just a Helm Chart. It always starts simple. A few options, a couple of flags, and the best intentions. Then the requests start coming in. “Can we also support this?” “What if someone needs that?” Before long, the config file looks like a museum of past decisions, full of toggles nobody remembers adding and an ever-increasing queue of new feature requests.

After maintaining one of those for too long, I learned that flexibility is not about offering every possible switch. It is about choosing the right ones. Real freedom comes from clear boundaries, good defaults, and the courage to remove things that no longer make sense, or just say no.

We will explore what happens when configuration grows too much, how to make it healthy again, and how to better communicate decisions to users.

Harbor Project - The Maintainers Session - Yan Wang, Broadcom & Vadim Bauer, 8gears #

Time: 2:30pm CET - 3:00pm CET

Speakers: The Maintainers Session - Yan Wang, Broadcom & Vadim Bauer, 8gears

Venue: E103-105, Amsterdam, Netherlands

Type: MAINTAINER TRACK

Description: Harbor continues to evolve as a core cloud-native registry, supporting secure and scalable software delivery across Kubernetes environments. In this maintainer update, we’ll highlight key improvements from Harbor 2.14 and 2.15, shaped by operator and community feedback.

The session will cover notable enhancements in security, registry operations, and day-2 manageability, along with important architectural and API changes relevant to platform teams, integrators, and contributors. We’ll also touch on how recent releases improve upgradeability, performance, and ecosystem integration.

To close, we’ll look ahead at what’s coming next for Harbor, including upcoming roadmap items, active design discussions, and ways for the community to get involved. Attendees will leave with a clear view of where Harbor stands today and how they can help shape its future.

How Telemetry Data Moves: Lessons From Building a High-Performance Open Source Agent - Eduardo Silva, Chronosphere | A Palo Alto Networks Company #

Time: 2:30pm CET - 3:00pm CET

Speakers: Eduardo Silva, Chronosphere | A Palo Alto Networks Company

Venue: Hall 8 | Room E, Amsterdam, Netherlands

Type: DATA PROCESSING + STORAGE

Description: Have you ever thought about how telemetry data really moves from the kernel to user space, across threads, buffers, and disks? This session goes beyond APIs and dashboards to explore the low-level mechanics of data processing at scale.

Drawing on experience developing Fluent Bit, we’ll examine how an open source agent processes billions of events per minute through custom user-space serialization, adaptive buffering, memory-mapped files, and multithreaded I/O orchestration. We’ll connect these design choices to Linux primitives like epoll, async I/O, and zero-copy strategies that keep CPU and memory footprints predictable.

This is not a product talk, it’s a deep exploration of data movement, buffering, and concurrency in modern telemetry systems, with insights valuable to anyone building high-throughput agents, collectors, or streaming engines.

Making Topology-Aware Scheduling Practical for AI Workloads: From Discovery to Simulation at Scale - Weizhou Lan, Daocloud #

Time: 2:30pm CET - 3:00pm CET

Speakers: Weizhou Lan, Daocloud

Venue: Hall 8 | Room D, Amsterdam, Netherlands

Type: OPERATIONS + PERFORMANCE

Description: In large-scale AI inference clusters, multi-tenant workloads require both efficient GPU utilization and dynamic RDMA networking. However, heterogeneous GPU interconnect technologies inevitably lead to multi-level network topologies, such as scale-up networks and RDMA spine–leaf structures.
These diverse topologies introduce several challenges: Dynamic topology discovery and health detection across multiple layers, including scale-up, RDMA spine, and RDMA leaf. Second, Topology-aware scheduling that supports priority-based placement and ensures GPUs leverage optimal communication paths.Third, Validation at scale, requiring cost-effective simulation of large, multi-level topologies instead of relying on expensive hardware.
In this talk, it will share practical approach of topology discovery to help Kueue to achieve topology-aware scheduling, and showcase how Kwok simulates thousands of virtual nodes with multi-level topologies, enabling large-scale validation at zero hardware cost.

Metal3.io’s Path to CNCF Incubation: Governance, Processes, and Community - Kashif Khan, Ericsson & Dmitry Tantsur, Red Hat #

Time: 2:30pm CET - 3:00pm CET

Speakers: Kashif Khan, Ericsson & Dmitry Tantsur, Red Hat

Venue: Hall 7 | Room B, Amsterdam, Netherlands

Type: CLOUD NATIVE EXPERIENCE

Description: We share the journey of Metal3.io as it prepared for CNCF incubation, focusing on how the project evolved into a more robust, community-friendly ecosystem. We will cover how we established and enriched governance by defining clear roles and decision-making processes, created contributing and security guidelines, and established security best practices. We’ll explain how we improved the release process to be automated, efficient, and predictable, and how we increased transparency to make it easier for new contributors to get involved. Attendees will learn how shaping processes, governance, and project workflows not only prepared Metal3.io for incubation but also strengthened the community, improved code quality, and increased engagement. This session provides actionable lessons for maintainers and contributors on how to prepare the open-source governance, secure, and community-friendly, ready for formal recognition and broader adoption.

Optimizing Error Recovery for Cost-Efficient Distributed AI Model Training with Kubernetes - Radostin Stoyanov, University of Oxford & Andrey Velichkevich, Apple; Viktória Spišáková, Masaryk University #

Time: 2:30pm CET - 3:00pm CET

Speakers: Radostin Stoyanov, University of Oxford & Andrey Velichkevich, Apple; Viktória Spišáková, Masaryk University

Venue: Elicium 2, Amsterdam, Netherlands

Type: AI + ML

Description: Achieving scalable and fault-tolerant distributed AI model training that runs efficiently across multiple nodes remains a key challenge for platform administrators and ML engineers. This problem is further exacerbated by interactive GPU workloads, such as Jupyter notebooks, that generate intermittent computations followed by idle periods while users refine their code and explore the results.

This talk will present how transparent GPU checkpointing can be integrated with Kubernetes to improve both cost efficiency and cluster utilization for distributed AI workloads. By automatically capturing and restoring the state of training jobs, this approach enables seamless recovery from preemptions or failures. This session will also explore how checkpoint policies integrate with the Kueue, JobSet, and TrainJob APIs for Kubernetes-native, infrastructure-level checkpointing of GPU workloads - empowering users to leverage preemptible spot instances for reliable, cost-effective AI model training.

Peer Group Mentoring #

Time: 2:30pm CET - 3:45pm CET

Venue: G104 - 105 | Community Hub, Amsterdam, Netherlands

Type: INCLUSION + ACCESSIBILITY

Description: Peer Group Mentoring allows participants to meet with experienced open source veterans across many CNCF projects. Mentees are paired with 2 – 10 other people in a pod-like setting to explore technical, community, career, and certification questions together.

If you're interested in being a Mentor, please sign up.
If you're interested in attending as a Mentee, seating is on a first come, first served basis.

Redefining SLIs for LLM Inference: Managing Hybrid Cloud with vLLM & LLM-D - Christopher Nuland & Hilliary Lipsig, Red Hat #

Time: 2:30pm CET - 3:00pm CET

Speakers: Christopher Nuland & Hilliary Lipsig, Red Hat

Venue: Hall 7 | Room A, Amsterdam, Netherlands

Type: OPERATIONS + PERFORMANCE

Description: Large Language Models (LLM) are reshaping application delivery, introducing new operational challenges for SREs. Traditional metrics like CPU or request latency are no longer sufficient. Latency is now measured in tokens per second, and reliability depends on routing efficiency and cache hit rates. In hybrid cloud environments, inference pipelines span gateways, schedulers, caches, and sharded backends, complicating observability and SLO management. This session explores evolving SLOs/SLIs for production LLMs, covering metrics like Time-to-First-Token (TTFT), cache hit ratio, routing latency, and GPU utilization. We’ll show how vLLM and llm-d provide the primitives for scalable, observable inference: vLLM for high-performance batching and caching, and llm-d for intelligent scheduling and KV-cache-aware routing. Attendees will learn to define new SLOs, instrument distributed inference with Prometheus, OpenTelemetry, and Grafana, and integrate LLM telemetry into Kubernetes SRE workflows.

SB💣💣M: Making SBOMs Play Together - Jacopo Bufalino, CNAM & Agathe Blaise, Thales SIX GTS France #

Time: 2:30pm CET - 3:00pm CET

Speakers: Jacopo Bufalino, CNAM & Agathe Blaise, Thales SIX GTS France

Venue: Hall 8 | Room F, Amsterdam, Netherlands

Type: SECURITY

Description: The Cyber Resilience Act (CRA) is transforming how we approach software security, demanding not only safer code but proof that it remains secure throughout its lifecycle. At the core of this is the SBOM– a transparent inventory of all components inside an application, built to reveal hidden dependencies and vulnerabilities. A growing ecosystem of open-source and cloud-based tools promises to generate these SBOMs and automatically map vulnerabilities. Yet in practice, these tools often produce conflicting results, inconsistent package lists, and mismatched vulnerability reports, especially when scanning complex container images. In this talk, we dissect why SBOMs and vulnerability reports diverge across tools, uncover the technical roots of these discrepancies in containerized environments, and discuss how developers can ensure their tooling remains CRA-compliant. Finally, we explore how the ecosystem must evolve to deliver a transparent, trustworthy, and secure software supply chain.

Three Shades of Isolation: A Multi-tenancy Fortress - Braulio Dumba & Paolo Dettori, IBM #

Time: 2:30pm CET - 3:00pm CET

Speakers: Braulio Dumba & Paolo Dettori, IBM

Venue: Hall 8 | Room G, Amsterdam, Netherlands

Type: PLATFORM ENGINEERING

Description: Multi-tenancy is a popular architectural concept in cloud native environments. For Kubernetes, it’s concerned with sharing a single cluster resource among multiple users referred to as tenants, while maintaining isolation, security, and performance between them. In this talk, we present a new approach for multi-tenancy isolation that hardening tenant’s boundaries by providing three shades of isolation (i.e., data-plane, control-plane and network) for each tenant in a cost-effective manner using open-source technologies: K3s, KubeFlex/KubeStellar, KubeVirt and UDN/OVN-k8s. Our approach helps to simplify the multi-tenancy management and enforcement strategies for clusters admins. We’ll also dive into the main requirements for multi-tenancy in Kubernetes, survey the most popular models and discuss their challenges, as well as how our approach addresses them. Finally, we’ll demonstrate how to use our framework to isolate workloads, using llm-d and vLLM production stack as case studies.

Virtualizing Large Scale GPU Cluster for Sovereign AI: Petasus AI Cloud Journey with Kubernetes - Jian Li, SK Telecom #

Time: 2:30pm CET - 3:00pm CET

Speakers: Jian Li, SK Telecom

Venue: Auditorium, Amsterdam, Netherlands

Type: AI + ML

Description: The Haein Supercluster is Korea's largest Al cluster, and with 1000+ Blackwell GPUs, it is a key part of Korea's Sovereign Al initiative. And it's built on CNCF projects.

Come and learn how we virtualized the AI infrastructure with Kubernetes and KubeVirt, achieving less than 5% performance overhead compared to bare-metal through NVLink/NVSwitch and GPUDirect RDMA virtualization - far surpassing traditional PCle and TCP-based virtualization.

We will also cover how we partition resources via namespaces to enable on-demand GPU cluster creation for tenants; how automation tools reduce provisioning from days/weeks to ~10 minutes; all while DCGM and Prometheus enhance observability, minimizing GPU service downtime and boosting service continuity.

This talk dives into our architecture, challenges in multi-tenancy for sensitive workloads, and best practices for cloud-native Al DCs. Attendees will learn scalable GPU virtualization to accelerate Al innovation with efficiency and isolation.

18 Bluetooth Controllers Walk into a Bar: Observability & Runtime Configuration with CNCF Tools - Simon Schrottner, Dynatrace & Manuel Timelthaler, Tractive #

Time: 3:15pm CET - 3:45pm CET

Speakers: Simon Schrottner, Dynatrace & Manuel Timelthaler, Tractive

Venue: Auditorium, Amsterdam, Netherlands

Type: OBSERVABILITY

Description: What happens when your "distributed system" is 18 PlayStation Move controllers on Bluetooth? Observability challenges web developers never face.

JoustMania is an open-source party game where players jostle motion controllers. Complex execution: multiple Bluetooth adapters, battery-powered devices, sensors at 100Hz. When a player complains their controller "felt different" - how do you debug it?
Challenges:

Sampling data from 18 controllers without overwhelming telemetry
Correlating hardware events with gameplay
Managing high-cardinality data
Debugging problems at 2 AM conventions

Solutions:

Context-aware flags responding to battery, skill, system load
Intelligent sampling capturing critical events, dropping noise
Trace correlation between hardware and game logic
Using OpenTelemetry to prove games are "rigged" (or not)

Demo: Change behavior via GitHub-synced flags, show real-time controller telemetry, reveal emergent behavior in physical systems.

Beyond the Cloud: Managing Baremetal the Kubernetes Way Using Metal3.io: Sylva Project as a Use-case - Ádám Rozmán, Ericsson Software Technology; Nicolas Belouin, SUSE #

Time: 3:15pm CET - 3:45pm CET

Speakers: Ádám Rozmán, Ericsson Software Technology; Nicolas Belouin, SUSE

Venue: E106-108, Amsterdam, Netherlands

Type: MAINTAINER TRACK

Description: As Kubernetes extends beyond cloud environments, managing baremetal infrastructure with the same declarative model has become essential. Metal3.io delivers exactly that—integrating provisioning and lifecycle management of physical servers into the Kubernetes ecosystem. This session will highlights technical components of Metal3.io: Baremetal Operator, Ironic, and the Cluster API provider (CAPM3). We’ll dive into features that make Metal3.io production-ready—virtual media boot for network-agnostic deployments, firmware management and servicing workflows for operations such as remediation and configuration drift correction. To ground these capabilities, we highlight the Sylva project, a European telco and edge cloud initiative using Metal3.io to provision and maintain clusters on baremetal. Sylva validates Metal3.io workflows through automated repeatable deployments, and simplified large-scale cluster management. Through this session you learn to manage baremetal the Kubernetes way.

BoF: AI Observability #

Time: 3:15pm CET - 3:45pm CET

Venue: G106, Amsterdam, Netherlands

Type: EXPERIENCES

Description: Observability of AI and ML workloads is becoming of particular importance.

Topics to be included but open to other topics during the session.
Support for observability of inference, training and agent workloads in existing toolsTools being used today in production, in and outside the cloud native ecosystemGaps in the existing ecosystem

Collisions in the Dark: Illuminating the 95% of Kubeflow You Can't See - Amine Lahouel & Laura Llinares, CERN #

Time: 3:15pm CET - 3:45pm CET

Speakers: Amine Lahouel & Laura Llinares, CERN

Venue: Hall 7 | Room A, Amsterdam, Netherlands

Type: OBSERVABILITY

Description: Ask three High Energy Physics scientists what they need from monitoring and you'll get a superposition of completely different answers: “Why is my training slow ?”, “Are we maxing the rack’s power limit ?” or “Do we need more GPUs ?”

At CERN, as we were scaling the usage of the ML platform, a new challenge emerged: gaining deep, actionable insights into the performance, resource consumption, and overall health of the entire system.

This talk presents our journey in building a comprehensive observability stack for Kubeflow from the ground up. We'll demonstrate how we leveraged the battle-tested monitoring tooling and created missing components to gain insights into the platform’s workloads. We will showcase the custom dashboards we designed to serve two key perspectives: the researcher who needs granular metrics like GPU utilization, I/O, and power draw, and the Platform Manager who requires high-level views of usage patterns and cost allocation over time.

Day-2 Reality Check: Taming Wasteful Telemetry - Juraci Paixão Kröhling, OllyGarden & Elena Kovalenko, Delivery Hero #

Time: 3:15pm CET - 3:45pm CET

Speakers: Juraci Paixão Kröhling, OllyGarden & Elena Kovalenko, Delivery Hero

Venue: Forum, Amsterdam, Netherlands

Type: OBSERVABILITY

Description: Your observability pipeline is running and everything seems fine—until you notice the bill. High-cardinality metrics, duplicate attributes, and over-eager auto-instrumentation silently inflate costs. A developer adding user IDs as labels turned a 2k USD metric into 20k USD. .NET auto-instrumentation attaches all IPs and MACs to host attributes—data never queried. The Kubernetes processor duplicates information already captured.

This talk examines sources of telemetry waste: unbounded cardinality, redundant processor data, and auto-instrumentation defaults prioritizing completeness over practicality. We'll discuss pipeline fixes using the OpenTelemetry Collector to drop attributes and transform telemetry, plus Instrumentation Score for quality assessment. We'll explore proactive approaches reducing waste at the source through opinionated auto-instrumentation.

Attendees will learn to identify waste, assess cardinality, apply solutions, and reduce costs without sacrificing visibility.

Emissary-ingress: Version 4 and What Comes Next - Flynn, Buoyant #

Time: 3:15pm CET - 3:45pm CET

Speakers: Flynn, Buoyant

Venue: G102-103, Amsterdam, Netherlands

Type: MAINTAINER TRACK

Description: It's been a long time coming but Emissary-ingress 4 is out. This is the first new major version in some years for Emissary, one of the first Kubernetes-native, self-service API gateways and ingress controllers, and it comes with a lot of questions about what's next for the project.

In this session, we'll start with a quick overview of the need for ingress controllers in general, the benefits of self-service developer workflows, and how Emissary-ingress can help with these issues. We'll also talk Emissary 4, the state of project, and what's in store for the project in the future.

Emissary's maintainer sessions are always great opportunities to talk directly with Emissary-ingress maintainers and make sure your voice is heard when it comes to the project's future -- looking forward to seeing you there!

From Jenkins to Tekton: Our Journey Toward a Kubernetes-Native CI/CD with ArgoCD - Mustafa Barış Ege & Özge Aygül, TÜBİTAK-BİLGEM #

Time: 3:15pm CET - 3:45pm CET

Speakers: Mustafa Barış Ege & Özge Aygül, TÜBİTAK-BİLGEM

Venue: Elicium 2, Amsterdam, Netherlands

Type: CLOUD NATIVE EXPERIENCE

Description: In this session, we’ll share our journey of evolving from traditional CI/CD with Jenkins to a fully Kubernetes-native workflow using Tekton and ArgoCD. As our systems grew more cloud-native, we needed a solution that ran natively on Kubernetes, embraced declarative pipelines, and integrated seamlessly with Git-based operations. We’ll walk through why we chose Tekton, how we restructured our pipelines, and how ArgoCD now manages continuous delivery with GitOps practices. Along the way, we’ll discuss key lessons learned—like how ephemeral, on-demand workloads in Tekton helped us reduce resource consumption while improving scalability and transparency. We’ll also show how this new approach enabled faster, more reliable deployments and a secure software supply chain. Ideal for teams planning a similar migration or looking to modernize their CI/CD for Kubernetes.

From Logs to Decisions: Autonomous AI Agents for Real-Time Kubernetes Threat Response - Willem Berroubache, Orange #

Time: 3:15pm CET - 3:45pm CET

Speakers: Willem Berroubache, Orange

Venue: Elicium 1, Amsterdam, Netherlands

Type: AI + ML

Description: Cloud Native environments evolve faster than traditional security can handle. This session introduces an open-source, autonomous AI agent architecture leveraging Kubernetes, Kubeflow, and lightweight protocols like A2A and MCP to deliver real-time, adaptive threat detection and response. Agents collect signals via OpenTelemetry, Falco, and Prometheus, correlate behaviors using ML models trained in Kubeflow, and reason about threats like account takeover, lateral movement, or privilege escalation. Integrated with policy engines like OPA and Kyverno and GitOps workflows, agents can trigger secure remediation actions such as rollback, isolation, or misconfiguration fix. Each decision is transparently explained via contextual LLMs, ensuring auditability and trust. Attendees will leave with practical templates, deployable AI pipelines, and actionable strategies to build explainable, autonomous, and scalable Kubernetes-native security defenses using CNCF and OSS technologies.

How Many Spark Applications Can Your Etcd Really Handle? - João Soares & João Azevedo, Feedzai #

Time: 3:15pm CET - 3:45pm CET

Speakers: João Soares & João Azevedo, Feedzai

Venue: Hall 8 | Room E, Amsterdam, Netherlands

Type: DATA PROCESSING + STORAGE

Description: As cloud-native architectures evolve, running Apache Spark on Kubernetes has become not just feasible, but highly effective. We’ll begin by outlining our use case and approach for building a self-service Spark on Kubernetes platform, highlighting how emerging open-source tools like Volcano and Kubeflow’s Spark Operator served as key building blocks to it. During our migration from legacy YARN clusters, we hit key design challenges, including a previously hidden critical bottleneck that could severely impact cluster stability. The issue appears under high workload volume and long retention periods, as Spark custom resources – often hundreds of kilobytes in size – accumulated in the system. We’ll unpack the anatomy of a Spark Application to show how lingering objects can gradually overwhelm etcd, the central datastore in most clusters. Finally, we’ll show how novel approaches, such as the Kubernetes API Aggregation Layer, can help address storage issues in large-scale Spark deployments.

How Statistical Offices Move to Cloud Native Technology - Frédéric Comte, Insee & Trygve Tatsuya Falch #

Time: 3:15pm CET - 3:45pm CET

Speakers: Frédéric Comte, Insee & Trygve Tatsuya Falch

Venue: Hall 7 | Room B, Amsterdam, Netherlands

Type: CLOUD NATIVE EXPERIENCE

Description: The statistical offices of Norway (SSB) and France (Insee) have both chosen to embrace cloud-native technologies to modernize their data infrastructures. In our institutions, most developers are data scientists working outside the IT departments. This brings unique challenges for the platforms they use.

We will present the fundamentals of our data platform architectures and explain how both offices are building on Kubernetes and the cloud-native ecosystem. Finally, we will show why we jointly developed Onyxia, an open-source project under the MIT license, designed to empower data scientists while integrating seamlessly with the CNCF ecosystem.

Is the Agent in the Room with Us Right Now? - Nick Rutigliano & Andrew Halaney, Netflix #

Time: 3:15pm CET - 3:45pm CET

Speakers: Nick Rutigliano & Andrew Halaney, Netflix

Venue: Hall 7 | Room C, Amsterdam, Netherlands

Type: OPERATIONS + PERFORMANCE

Description: At Netflix we run hundreds of thousands of workloads every day covering every discipline of engineering from backend, frontend, data, machine learning, to the new age of AI agents. As our compute environment has evolved from a Mesos-based implementation to an increasingly more standard Kubernetes environment, we’ll discuss how our isolation strategies have both changed over time and enabled us to run everything Netflix needs in a safe and reliable manner.

In this talk we will elaborate on the benefits and drawbacks of the various isolation strategies and integration points we use in our compute environment and how we arrived at them. This will include topics such as advanced SECCOMP / AppArmor / landlock enforcement, stringent RBAC network configurations, container and user isolation via user namespaces, storage isolation, and general noisy neighbour multi-tenancy improvements.

K8s-sigs NFD × SYLVA: Declarative Image-to-Node Compatibility for Telco Clouds. - Eduardo Arango Gutierrez, NVIDIA & Chaoyi Huang, Huawei Technology Co., Ltd #

Time: 3:15pm CET - 3:45pm CET

Speakers: Eduardo Arango Gutierrez, NVIDIA & Chaoyi Huang, Huawei Technology Co., Ltd

Venue: Hall 8 | Room D, Amsterdam, Netherlands

Type: OPERATIONS + PERFORMANCE

Description: Portable images still fail or present performance degradation at runtime when host kernels, drivers, or hardware deviate—especially in telco/edge stacks. This session reports a field deployment co-developed by k8s-sigs Node Feature Discovery (NFD) maintainers and the SYLVA telco-cloud community (Linux Foundation Europe). We encode host requirements as a versioned OCI artifact stored with the image, validate target nodes pre-scheduling with the nfd client, and feed results into admission, scheduling, and CI/CD gates across heterogeneous SYLVA platforms. We cover the artifact schema, ORAS attach, NFD rule mapping/NodeFeatureGroups, and production lessons (registry behavior, kernel/driver drift, multi-vendor silicon). Live demo: GPU/RDMA/kernel-module scenarios that fail fast via policy instead of at runtime—making compatibility declarative across Kubernetes and telco clouds.

Platform Engineering 2.0: Just-Enough Kubernetes and AI-Native DevOps - Shweta Vohra, Booking.com #

Time: 3:15pm CET - 3:45pm CET

Speakers: Shweta Vohra, Booking.com

Venue: Hall 8 | Room G, Amsterdam, Netherlands

Type: PLATFORM ENGINEERING

Description: Over the past year, I’ve seen first-hand that platform engineering is shifting from building everything to building just enough. As our teams re-architected and revived multiple internal platforms, one truth became clear scale without intelligence is waste. What I’ve learned through that journey: how AI-native DevOps & lean Kubernetes architectures are reshaping the next era of platform engineering. We’ll explore how tools like k3s, k8s Gateway API, and ambient mesh enable right-sized, on-demand clusters, and how Kubeflow, Argo, and Prometheus with AI Ops turn automation into intelligence. The goal is to help platform teams evolve from heavy, static systems to self-optimising, adaptive ecosystems that align with real business value. If you’re questioning whether your platform is too big, slow, or blind to change, this session offers example & guidance to rebuild it smarter, grounded in open-source lessons, practical wins, and scars from a year spent bringing platforms back to life.

SIG Docs and You: The New Chapter of the Kubernetes API Reference Generator - Kat Cosgrove, Minimus; Lavish Pal, Independent; Rey Lejano, Red Hat #

Time: 3:15pm CET - 3:45pm CET

Speakers: Kat Cosgrove, Minimus; Lavish Pal, Independent; Rey Lejano, Red Hat

Venue: F002-005, Amsterdam, Netherlands

Type: MAINTAINER TRACK

Description: The Kubernetes project has one of the best documentation in the industry, and it’s a major reason for the project’s success. Writing and maintaining that documentation requires the support of a small army of contributors, but there’s an often unseen part of the documentation workflow that still needs attention: the API reference docs generator. During this LFX Fall mentorship, SIG DOCS improved the reference docs generator by documenting the code, adding error handling, removing deprecated functions, fixing bugs that affected every release cycle, and simplifying the steps required to generate API reference docs. But SIG Docs still needs your help. Especially around configuring and automating the workflow to make API reference generation even smoother. This session explains how automating the config.yaml file makes the process easier, what future improvements are planned, and how you can get involved in ensuring Kubernetes documentation continues to be the best it can be.

The Fourth Pillar Arrives: OpenTelemetry Profiling Alpha in Action - Felix Geisendörfer, Datadog & Florian Lehner, Elastic #

Time: 3:15pm CET - 3:45pm CET

Speakers: Felix Geisendörfer, Datadog & Florian Lehner, Elastic

Venue: Hall 8 | Room F, Amsterdam, Netherlands

Type: OBSERVABILITY

Description: The OpenTelemetry profiling signal has officially reached alpha! Join Profiling SIG members Florian and Felix as they recap the journey to this milestone.

Through a live demo, you'll learn how to use this new signal to troubleshoot an elusive bug introduced by an LLM driven refactoring. We'll show you how to set up the OpenTelemetry eBPF profiler, and explain why profiling is not just for performance optimizations, but also for rapidly root-causing incidents down to the specific line of code.

We will conclude with a discussion on the final steps needed for profiling to become a stable OpenTelemetry signal and a call to action for people to try it out in their environments.

WG-Batch Updates: What’s New and What Is Next? - Yuki Iwai, CyberAgent, Inc. & Kevin Hannon, Red Hat #

Time: 3:15pm CET - 3:45pm CET

Speakers: Yuki Iwai, CyberAgent, Inc. & Kevin Hannon, Red Hat

Venue: E103-105, Amsterdam, Netherlands

Type: MAINTAINER TRACK

Description: Join WG Batch maintainers to explore how Kubernetes is evolving to meet the demands of the AI and HPC era. We will present foundational updates to the Kubernetes Job API, such as the managedBy and Mutable Container Resource features. These enhancements enable Job to unlock higher elasticity and efficiency. Building on this, we will highlight JobSet advancements designed for resilience. We will introduce the InPlaceRestart strategy, which significantly accelerates recovery for large-scale distributed training by preserving execution context and minimizing the costly overhead of Pod recreation. Additionally, we will demonstrate Kueue as a platform for AI/ML, which showcases how capabilities such as Multi-Cluster dispatching, Fair Sharing, and Topology-Aware Scheduling can maximize hardware utilization across tenants. Finally, we will discuss our collaboration with SIG Scheduling on "Workload-Aware Scheduling", which aims to integrate batch semantics into the core scheduler deeply.