KubeCon + CloudNativeCon Europe 2026#

Wednesday, March 25, 2026

Total Sessions: 203

Group Fun Run/Walk #

Time: 6:30am CET - 7:45am CET

Venue: nhow Amsterdam RAI | Hotel Lobby, Europaboulevard 2b, 1078 RV Amsterdam, Netherlands

Type: EXPERIENCES

Description: Start your day on the move with our casual conference walk/run! Whether you’re chasing a PR or just a good conversation, this all-levels outing is designed to get you outside, meet new people, and shake off the screen time. Choose your own pace—run, jog, or stroll—and enjoy a relaxed route with fellow attendees before the sessions begin. No timing chips, no pressure—just fresh air, friendly faces, and a fun way to connect with the community.
Meet at the nhow Amsterdam RAI hotel (right next to RAI Amsterdam) at 06:30 for a 06:45 departure.

Badge Pick-Up #

Time: 8:00am CET - 6:00pm CET

Venue: Entrance C, Amsterdam, Netherlands

Type: REGISTRATION

Badge Pick-Up #

Time: 8:00am CET - 6:00pm CET

Venue: Entrance K, Amsterdam, Netherlands

Type: REGISTRATION

Cloakroom #

Time: 8:00am CET - 6:30pm CET

Venue: Entrance C, Amsterdam, Netherlands

Type: REGISTRATION

Cloakroom #

Time: 8:00am CET - 6:30pm CET

Venue: Entrance K, Amsterdam, Netherlands

Type: REGISTRATION

Keynote: Cloud Native in Europe: Regulation, Sovereignty, and the Future of Open Collaboration - Jan Melen, General Manager, Ericsson Software Technology #

Time: 9:00am CET - 9:03am CET

Speakers: Jan Melen, General Manager, Ericsson Software Technology

Venue: Hall 12, Amsterdam, Netherlands

Type: KEYNOTE SESSIONS

Description: Open source has long thrived on inclusivity, bringing diverse use cases together through shared codebases and open collaboration. As cloud native adoption grows across Europe evolving priorities around digital sovereignty security and regulatory compliance is starting to shape how organizations engage with open source. With increased attention on vulnerability management teams are thinking more carefully about dependencies and how software is maintained at scale. This session will kick off the morning’s keynotes diving into how Europe’s regulatory and technology landscape is influencing cloud native development and how open source communities can continue to evolve to support these new requirements.

Keynote: The CRA and What it Means for Open Source Communities - Greg Kroah-Hartman, Linux Kernel Maintainer & Fellow, The Linux Foundation #

Time: 9:05am CET - 9:10am CET

Speakers: Greg Kroah-Hartman, Linux Kernel Maintainer & Fellow, The Linux Foundation

Venue: Hall 12, Amsterdam, Netherlands

Type: KEYNOTE SESSIONS

Description: The CRA is about to go into affect for manufacturers in the EU in a mere few months. This short talk will go into the latest information from the EU CRA Expert Group as to how the law will affect the open source community and the companies who integrate open source into their products.

Keynote: Digital Sovereignty by Design: Turning Developer Intent into Portable, Enterprise-Scale Automation - Oskar Kristiansen, Enterprise Platform Engineer, Saxo Bank #

Time: 9:12am CET - 9:17am CET

Speakers: Oskar Kristiansen, Enterprise Platform Engineer, Saxo Bank

Venue: Hall 12, Amsterdam, Netherlands

Type: KEYNOTE SESSIONS

Description: Digital sovereignty in the enterprise is not just about where workloads run - it is about controlling identity, network boundaries, and infrastructure dependencies without locking applications into specific vendors or platforms.

At Saxo Bank, we faced a common challenge: Kubernetes manages workloads, but identity providers, databases, event streaming systems, and network controls live outside the cluster, owned by different teams and governed by different processes. This fragmentation created weeks of onboarding delays and tightly coupled systems.

In this talk, we share how Saxo Service Blueprint uses Kubernetes operators and GitOps to introduce an abstraction layer between developer intent and underlying infrastructure. Services declare what they need in a governed catalog, and automation reconciles identity, access control, network policies, Kafka ACLs, and database permissions across multiple environments.

Over the past year, 379 commits from 121 developers triggered more than 1,800 automated infrastructure operations - reducing provisioning from weeks to minutes while eliminating manual handoffs. Because all dependencies are declarative and version-controlled, environments can be reconstructed consistently from Git, enabling fast, repeatable disaster recovery and preventing configuration drift.

We’ll also show how this model is extending beyond Kubernetes: onboarding on-prem workloads into automated DNS, certificate, load-balancing, identity, and network workflows - creating a sovereign, portable platform that remains flexible as infrastructure evolves.

Keynote: Keeping Sovereignty on Track: Kubernetes Powering a National Railway Platform - Thomas Comtet, Senior Staff Engineer, SNCF & Yann Rotilio, Senior Staff Engineer - Kubernetes Specialist, SNCF #

Time: 9:19am CET - 9:22am CET

Speakers: Thomas Comtet, Senior Staff Engineer, SNCF & Yann Rotilio, Senior Staff Engineer - Kubernetes Specialist, SNCF

Venue: Hall 12, Amsterdam, Netherlands

Type: KEYNOTE SESSIONS

Description: As France’s national railway operator, SNCF has always treated data governance and operational control as mission-critical. That priority became even more urgent when we launched our large-scale cloud migration program in 2018.

Today, 70% of our 2,000 applications run across public clouds, modernized through containers, serverless architectures, and managed services. Kubernetes quickly became a central pillar of this transformation and now powers roughly 30% of our application portfolio. At scale—operating more than 200 Kubernetes clusters across Azure and AWS—we learned that Kubernetes is not just a container orchestrator; it is the control plane for modern application platforms.

But we also learned something deeper: Kubernetes performs best when it runs on infrastructure that is predictable, programmable, and fully under your control. Networking, storage, compute, and load balancing must be designed to serve Kubernetes—not constrain it.

To bring that level of control to our remaining on premise workloads, we built our private cloud strategy around Kubernetes and full automation. In 2023, we selected OpenStack to provide the infrastructure layer beneath it, enabling us to deliver a cloud-native platform with public-cloud parity while maintaining sovereignty and governance requirements. In addition Openstack allows us to serve simple architectural patterns based on Virtual Machines, simple solutions for simple needs.

The overall result is a high-performance, open-source platform where Kubernetes is the consistent abstraction layer across every environment—public and private—allowing us to continue modernizing applications at scale while retaining full control of our infrastructure's future.

Keynote: Building a Sovereign, Multi-Cloud Strategy with Cloud Native Technologies - Goetz Reinhaeckel, Program Director Cloud, BWI #

Time: 9:31am CET - 9:34am CET

Speakers: Goetz Reinhaeckel, Program Director Cloud, BWI

Venue: Hall 12, Amsterdam, Netherlands

Type: KEYNOTE SESSIONS

Keynote: Powering the European Space Agency’s Space Missions with Open Source Software - Aaron Whitehouse, Senior Product Manager, Canonical #

Time: 9:36am CET - 9:39am CET

Speakers: Aaron Whitehouse, Senior Product Manager, Canonical

Venue: Hall 12, Amsterdam, Netherlands

Type: KEYNOTE SESSIONS

Description: You can’t explore space without infrastructure. It’s not just expert personnel, satellites, and spacecraft: it takes mountains of software, computer systems, data and networks to get space missions off the ground. To meet its objective of doubling the number of space missions by 2030, ESA started work on a solution that would allow it to deploy infrastructure and software automatically for its missions, and simplify the workflow and processes for ESA engineering teams. The agency enlisted Canonical’s help in building and managing an open source infrastructure stack that would launch its missions into the future. This talk will take the audience on a journey into space, showing how open source software can help reach new frontiers.

Keynote: Awards Ceremony #

Time: 9:48am CET - 10:03am CET

Venue: Hall 12, Amsterdam, Netherlands

Type: KEYNOTE SESSIONS

Keynote: From Orbit to the Grid: Automating a Greener Future - Faseela K, Cloud Native Developer, Ericsson; Chris Holmes, Vice President, Planet Labs; Michael Reichenbach, Senior Platform Engineer, 1KOMMA5°#

Time: 10:05am CET - 10:20am CET

Speakers: Faseela K, Cloud Native Developer, Ericsson; Chris Holmes, Vice President, Planet Labs; Michael Reichenbach, Senior Platform Engineer, 1KOMMA5°

Venue: Hall 12, Amsterdam, Netherlands

Type: KEYNOTE SESSIONS

Description: Cloud native changed how we build software. Now it is changing how we protect the planet.

As AI workloads accelerate and energy demands rise, the question is no longer just if we should act, but how we can architect systems that are as sustainable as they are scalable.

In this interactive keynote, we will take the audience on a journey through three distinct layers of cloud-native sustainability. Chris Holmes starts from orbit, showing how cloud-native processing of satellite imagery delivers real-time planetary insights. Faseela K then brings it down to sustainable cloud infrastructure, highlighting how organizations are rethinking their systems for efficiency and using CNCF projects, observability, and Kubernetes tooling to make energy, cost, and carbon visible and actionable. Finally, Michael Reichenbach connects it directly to the grid, showing how Kubernetes drives real-time decisions to optimize renewable energy in everyday homes.

This is not just a slide deck. You are invited to join a live interactive simulation using your phone. Together, we will create a virtual power plant and test our collective ability to stabilize the energy grid in real time.

Leave this session with a clear understanding of what’s possible today, what gaps remain, and what the cloud-native community can do next to build a greener future.

Keynote: Closing Remarks #

Time: 10:22am CET - 10:30am CET

Venue: Hall 12, Amsterdam, Netherlands

Type: KEYNOTE SESSIONS

Coffee Break ☕#

Time: 10:30am CET - 11:00am CET

Venue: Hall 1-5 | Solutions Showcase, Amsterdam, Netherlands

Type: BREAKS

Solutions Showcase #

Time: 10:30am CET - 5:00pm CET

Venue: Hall 1-5 | Solutions Showcase, Amsterdam, Netherlands

Type: SOLUTIONS SHOWCASE

Description: In order to facilitate networking and business relationships at the event, you may choose to visit a third party’s booth or access sponsored content. You are never required to visit third party booths or to access sponsored content. When visiting a booth or participating in sponsored activities, the third party will receive some of your registration data. This data includes your first name, last name, title, company, address, email, standard demographics questions (i.e. job function, industry), and details about the sponsored content or resources you interacted with. If you choose to interact with a booth or access sponsored content, you are explicitly consenting to receipt and use of such data by the third-party recipients, which will be subject to their own privacy policies.

Time: 10:35am CET - 11:05am CET

Venue: Hall 1-5 | Solutions Showcase, Amsterdam, Netherlands

Type: SOLUTIONS SHOWCASE

Description: Sponsor: ClickHouse Demo: ClickStack AI-Powered Notebooks on ClickHouse Booth Number: 261 Sponsor: GtiHub Demo: The future is continuous: A sneak peek into GitHub Copilot Agentic Workflows Booth Number: 931 In order to facilitate networking and business relationships at the event, you may choose to visit a third party’s booth or access sponsored content. You are never required to visit third party booths or to access sponsored content. When visiting a booth or participating in sponsored activities, the third party will receive some of your registration data. This data includes your first name, last name, title, company, address, email, standard demographics questions (i.e. job function, industry), and details about the sponsored content or resources you interacted with. If you choose to interact with a booth or access sponsored content, you are explicitly consenting to receipt and use of such data by the third-party recipients, which will be subject to their own privacy policies.

Project Pavilion Tour with Marino Wijay, CNCF Ambassador #

Time: 10:40am CET - 11:00am CET

Venue: Hall 1-5 | Gouda Zone | Project Pavilion, Amsterdam, Netherlands

Type: PROJECT OPPORTUNITIES

Description: Explore the Project Pavilion, a hub of innovation and discovery! Take part in daily tours, interact with project maintainers at their kiosks, gain insights on community engagement and KCD event organization, and learn more about certification opportunities to showcase your expertise.This tour will include an introduction to the Pavilion, making introductions, interacting with maintainers, and ensuring you end up talking to the right projects!

Learning Lounge: Living Open Source Foundation - How Linux Foundation Education is Used to Open Source a Country - Sander van Vugt & Chisha Mambwe, Living Open Source Foundation #

Time: 10:45am CET - 11:00am CET

Speakers: How Linux Foundation Education is Used to Open Source a Country - Sander van Vugt & Chisha Mambwe, Living Open Source Foundation

Venue: Hall 1-5 | Bridge Zone | Learning Lounge, Amsterdam, Netherlands

Type: SOLUTIONS SHOWCASE

Description: 10-Minute Tip Talk

Project Demo #

Time: 10:45am CET - 11:10am CET

Venue: Hall 1-5 | Gouda Zone | Project Pavilion, Amsterdam, Netherlands

Type: PROJECT OPPORTUNITIES

Automate Once, Run Anywhere: The Docker Moment for Security Workflows - Nancy Chauhan & Aseem Shrey, ShipSecAI #

Time: 11:00am CET - 11:30am CET

Speakers: Nancy Chauhan & Aseem Shrey, ShipSecAI

Venue: Hall 7 | Room C, Amsterdam, Netherlands

Type: SECURITY

Description: Most security automations are fragile and tied to a single environment, once you leave a team, they break or vanish. In this talk, we explore how to make security automation portable, reproducible, and Kubernetes-native. Using open, declarative workflow definitions, we built a model where each automation runs as a containerized workload with custom resource specs, security policies, and observability baked in. The result? Automations that can be deployed on any cluster, across teams or organizations, without rewriting code or losing visibility just like containers revolutionized application delivery, this approach aims to do the same for security workflows.

Automating and Scaling of Threat Modelling for Cloud Native Architecture - Hanna Papirna & Emma Yuan Fang, EPAM Systems #

Time: 11:00am CET - 11:30am CET

Speakers: Hanna Papirna & Emma Yuan Fang, EPAM Systems

Venue: Elicium 2, Amsterdam, Netherlands

Type: SECURITY

Description: Security teams often struggle to threat model cloud-native applications running on Kubernetes in cross-tenant environments. Traditional methods cannot keep pace with microservices, containers, serverless deployments and continuous delivery cycles. This session presents a block-based methodology that divides applications into four clear domains: gateway, service mesh, identity management, and storage. The approach makes threat analysis scalable and integrates seamlessly into development workflows. Attendees will also learn to adopt threat modelling as code with declarative models validated in CI/CD pipelines. A demo illustrates how to use AI tools optimally to reveal security risks in complex microservices applications and highlights how CNCF-graduated project controls address many threats while exposing remaining gaps. Attendees will leave with a repeatable workflow for threat modelling applicable to Kubernetes, serverless, or hybrid cloud-native systems.

Building Cloud Native Culture in a Bank: With Open Source as a Compass - Marcy Paramonova, The Pictet Group & Stéphane Cusin, Banque Pictet & Cie SA #

Time: 11:00am CET - 11:30am CET

Speakers: Marcy Paramonova, The Pictet Group & Stéphane Cusin, Banque Pictet & Cie SA

Venue: Hall 7 | Room B, Amsterdam, Netherlands

Type: CLOUD NATIVE EXPERIENCE

Description: How can a financial institution build a truly cloud-native platform while adopting open source?
This is a story of how one engineering team built a cloud-native Kubernetes platform capable of migrating seamlessly between data centers and even different virtualization technologies without altering the user experience. With a single folder move in Argo CD, workloads can be redeployed, proving the platform’s true cloud agnosticism.

The journey included the progressive installation and adoption of open-source technologies: starting with Apache Tomcat middleware, then embracing Kubernetes at the platform level, and finally introducing open-source virtualization. Cloud-native and open source worked hand in hand, bringing standardization, flexibility, and transparency. This talk highlights why these principles are essential to building resilient infrastructure and how other organizations can adapt them to achieve freedom, scalability, and sustainable innovation within their own environments.

Cloud Native Theater | EnvoyCon: Opening Remarks - Kateryna Nezdolii, Isovalent, Erica Hughberg, and Chris Mazur, Tetrate #

Time: 11:00am CET - 11:05am CET

Speakers: Kateryna Nezdolii, Isovalent, Erica Hughberg, and Chris Mazur, Tetrate

Venue: Hall 1-5 | Tram Zone | Cloud Native Theater, Amsterdam, Netherlands

Type: SOLUTIONS SHOWCASE

Code and Brain: Health and Performance in High Cognitive Demand Tech Communities #

Time: 11:00am CET - 11:30am CET

Venue: G104 - 105 | Community Hub, Amsterdam, Netherlands

Type: INCLUSION + ACCESSIBILITY

Description: This session aims to share how high cognitive demand environments impact performance, mental health, and brain functioning for people working in tech communities. From an applied neuroscience perspective, the discussion explores how cognitive load, constant pressure, multitasking, and information overload affect attention, decision-making, productivity, and everyday well-being in tech work.

Beyond reflection, the session focuses on sharing practical actions and approaches that individuals and tech communities can adopt to build more sustainable work environments, support healthier daily performance, and reduce the personal and professional impact of high cognitive demand. Participants are invited to exchange experiences, recognize shared challenges, and collectively explore strategies for care, belonging, and sustainable performance.

The session is led by Dri Cardoso, neuroscientist and clinical, hospital, and sports neuropsychologist, and João Brito, a Kubernetes-focused sysadmin based in Brazil. The initiative is connected to NEUROPSI.io, a USP-born healthtech created within the University of São Paulo’s innovation and technology ecosystem, focused on mental health and cognition in high-demand intellectual work.

From GitOps to AIOps: Evolving RBI's Kubernetes Platform with Crossplane and Sharded Kargo - Gabor Horvath & Ewald Überall, Raiffeisen Bank International #

Time: 11:00am CET - 11:30am CET

Speakers: Gabor Horvath & Ewald Überall, Raiffeisen Bank International

Venue: Forum, Amsterdam, Netherlands

Type: PLATFORM ENGINEERING

Description: In this talk, the Raiffeisen Bank International's platform team shares how they evolved from advanced GitOps with Argo CD and Kargo to empowering application teams through abstraction and automation. They will cover centralized multi-cluster GitOps promotions with sharded Kargo pipelines, and how Crossplane 2.0 lets teams create buckets, databases, or IAM roles with minimal YAML while maintaining security via namespace-scoped resources. They will also demonstrate their use of AI tools to analyze pull requests, assess deployment risks, and guide safe application promotions, including a live demo of MCP integration with Argo CD and GitHub. This session provides lessons learned for platform builders who are looking into combine GitOps, infrastructure abstraction, and AI-enhanced automation using open source and CNCF tools to deliver developer-friendly Kubernetes in regulated enterprises.

From “It Works!” to “It’s Secure!”: Hardening Your First Kubernetes Cluster - Paul Zerdilas-Herrera, Nutanix & Leon Schulze, Palo Alto Networks #

Time: 11:00am CET - 11:30am CET

Speakers: Paul Zerdilas-Herrera, Nutanix & Leon Schulze, Palo Alto Networks

Venue: Hall 7 | Room A, Amsterdam, Netherlands

Type: CLOUD NATIVE NOVICE

Description: Every Kubernetes beginner knows the thrill of seeing their first cluster run, until that excitement fades into, “Wait… is this secure?” Too often, the answer is no. Within minutes of deployment, attackers can discover and exploit exposed clusters. This session turns that “it works” moment into “it’s secure” by demonstrating how a few simple security practices make a big difference.

Two early-career Solution Engineers, a cloud native and a security engineer, walk participants through three common attack patterns behind most Kubernetes compromises, using real incident data and industry-standard frameworks. You’ll see how attackers exploit misconfigurations and learn beginner-friendly ways to stop them.

No security background needed. Through clear analogies and relatable examples, you’ll see why maintaining a strong security posture isn’t optional, it’s a core skill for anyone building in Kubernetes. Leave with practical next steps and the confidence to say: “It works AND it’s secure!”

GPUs on Kubernetes: What Actually Happens When You Request Nvidia.com/gpu: 1 - Gulcan Topcu & Daniele Polencic, LearnKube #

Time: 11:00am CET - 11:30am CET

Speakers: Gulcan Topcu & Daniele Polencic, LearnKube

Venue: Hall 8 | Room G, Amsterdam, Netherlands

Type: AI + ML

Description: You write nvidia.com/gpu: 1 in your pod spec and somehow your container can use a GPU. But what actually happened? This session pulls back the curtain on GPU scheduling in Kubernetes. We'll trace a GPU workload end-to-end. You'll see how device plugins advertise GPUs to the scheduler, how the container runtime mounts device files into your container, and why the NVIDIA driver does all the real work while the Linux kernel stays blind. Along the way, you'll learn why GPUs break every assumption Kubernetes makes about resource isolation.Then we tackle the expensive problem: your team wants to share a single GPU between multiple pods, but Kubernetes only understands whole numbers. We'll compare practical approaches like time-slicing, MIG hardware partitioning, and software enforcement. You'll learn when each makes sense and why "GPU utilization" metrics often lie. No GPU background needed. Just bring curiosity about how things work under the hood.

Generalizing Kubernetes Controller Sharding: Patterns That Work Beyond Simple Operators - Motohiro Otsuka, LY Corporation & Tomoyuki Nakamura, LY Corporation #

Time: 11:00am CET - 11:30am CET

Speakers: Motohiro Otsuka, LY Corporation & Tomoyuki Nakamura, LY Corporation

Venue: Hall 8 | Room D, Amsterdam, Netherlands

Type: OPERATIONS + PERFORMANCE

Description: We run a multi-cluster Kubernetes PaaS with 10K+ nodes. The bottleneck wasn’t the data plane—it was the controllers. We evaluated kubernetes-controller-sharding, whose default usage targets simple, single-operator, single-cluster setups. Our controllers span multiple resources and clusters, so the default didn’t fit.

This talk shows how we use the OSS as-is while changing how we apply it: keep the core untouched, make minimal controller side changes, and shard safely across resources and clusters. We cover where start-up and cache resync become hotspots, the adaptations that enable sharding—stable partition keys, shard-scoped caches/watchers, shard-aware queues, clear reconciliation boundaries and idempotency—and how we rolled it out incrementally.

Results: lower latency and a steadier control plane. The approach is generic: patterns are operator-agnostic, require little code, and map to common controller designs. Attendees leave with a practical checklist they can use quickly.

Hacking GPU Observability: eBPF & Ephemeral Containers in Action on Kubernetes - Brandon Kang, Akamai Technologies #

Time: 11:00am CET - 11:30am CET

Speakers: Brandon Kang, Akamai Technologies

Venue: Hall 8 | Room F, Amsterdam, Netherlands

Type: SECURITY

Description: Struggling to observe or secure GPU workloads on Kubernetes? You’re not alone. As AI/ML pipelines scale, ensuring visibility and trust across GPU-accelerated environments becomes increasingly critical. This session dives into how ephemeral containers and eBPF can be combined to troubleshoot, monitor, and protect GPU-based applications—without disrupting production. You’ll learn how to replicate live GPU environments for debugging with ephemeral containers and how eBPF enables real-time kernel-level telemetry, anomaly detection, and zero-trust policy enforcement. We’ll walk through real examples: tracing GPU performance bottlenecks, monitoring unauthorized access to compute resources, and securing container provenance with cryptographic techniques. Whether you're scaling LLM training or deploying HPC workloads, this session will arm you with modern, production-ready techniques for securing and observing your GPU pipelines.

Lima Project Updates: Expanding the Focus To Hardening AI - Akihiro Suda, NTT & Anshuman Sahoo, BITS Pilani #

Time: 11:00am CET - 11:30am CET

Speakers: Akihiro Suda, NTT & Anshuman Sahoo, BITS Pilani

Venue: Amtrium 1+2, Amsterdam, Netherlands

Type: MAINTAINER TRACK

Description: Lima (Linux Machines) is a command line tool to launch a local Linux virtual machine, with the primary focus on running containers on a laptop.

Aside from container workloads, Lima is also known to be useful for running an AI coding agent inside a VM. This setup ensures that even if an AI agent is deceived by malicious instructions searched from the Internet (e.g., fake package installations), any potential damage is confined within the VM or limited to files specified to be mounted from the host.

In this session, the maintainers will introduce the recent news in the project, including:

Promotion to CNCF Incubating (October 2025)
New features in v2.0 (November 2025)
Plugin infrastructure
GPU acceleration
MCP server
Other updates planned in v2.1 and onward.

Project website: https://lima-vm.io/

Linkerd: Reliable Production in an AI/MCP World - William Morgan, Buoyant #

Time: 11:00am CET - 11:30am CET

Speakers: William Morgan, Buoyant

Venue: E103-105, Amsterdam, Netherlands

Type: MAINTAINER TRACK

Description: Linkerd is evolving. In this talk, we’ll share how the Linkerd maintainers are partnering with organizations that are pushing the boundaries of cloud native, through scale, sophistication, or through the deployment of a new class of workloads: LLMs, agentic AI workloads, and MCP servers. By learning from real-world incidents—sometimes triggered by Linkerd, more often revealed by it—we’re reshaping the project’s roadmap to become an even more powerful reliability layer for platform teams.

We’ll discuss lessons learned, features delivered, and the upcoming roadmap for Linkerd designed to help platform engineers stabilize failing infrastructure, isolate app issues, and move forward with confidence, even in AI and MCP environments. You’ll get a behind-the-scenes look at the upcoming 2.20 release and how production lessons are being directly applied to build a system that thrives under pressure.

SIG Scheduling Update: Transition From Pod To Workload Scheduling - Kensei Nakada, Independent & Maciej Skoczeń, Google #

Time: 11:00am CET - 11:30am CET

Speakers: Kensei Nakada, Independent & Maciej Skoczeń, Google

Venue: E106-108, Amsterdam, Netherlands

Type: MAINTAINER TRACK

Description: Over the past year, SIG Scheduling has been redefining how Kubernetes approaches scheduling—moving from a Pod-centric model toward a holistic, Workload-aware architecture. This shift influences not only the scheduler internals, but also many external components which interact or integrate with kube-scheduler over a new set of APIs. In this session, we will walk through the major scheduling enhancements introduced in recent releases and explain how they fit into the broader Workload-Aware Scheduling initiative. We will also share updates from related sub-projects, including Kueue and the Descheduler. Finally, we will present what is on the agenda for the future releases, summarize community contributions and outline opportunities to help in shaping the future of Kubernetes scheduling.

Sandbox Operator: Enabling Session-Aware, Efficient MCP Tool Execution in Kubernetes - Mingshan Zhao & Zhen Zhang, Alibaba #

Time: 11:00am CET - 11:30am CET

Speakers: Mingshan Zhao & Zhen Zhang, Alibaba

Venue: Auditorium, Amsterdam, Netherlands

Type: AI + ML

Description: As AI agent architectures evolve, MCP is emerging as the standard interface connecting LLMs with external tools. MCP tools must maintain contextual state within user sessions to support multi-turn interactive tasks.

However, in Kubernetes environments, launching separate Pods for each user session to run MCP Tools presents challenges: 1. Massive concurrent sessions lead to explosive Pod growth (potentially reaching hundreds of thousands); 2. Sparse tool invocations cause Pods to remain idle for extended periods, resulting in severe resource waste; 3. Traditional “use-and-destroy” patterns fail to preserve runtime state, disrupting contextual continuity.

I implemented the Sandbox Operator to natively support MCP Tools within K8s. Its core features are: 1. Managing Sandbox Pods based on session lifecycle; 2. Integrating community Checkpoint/Snapshot mechanisms to persist tool state; 3. Reconstructing tool context during recovery to maintain user continuity.

Serverless GPUs in Production: How Cerebrium Built a Globally Efficient Low-Latency AI Platform with Knative - Dave Protasowski, Dave's Consulting Company & Elijah Roussos, Cerebrium #

Time: 11:00am CET - 11:30am CET

Speakers: Dave Protasowski, Dave's Consulting Company & Elijah Roussos, Cerebrium

Venue: F002-005, Amsterdam, Netherlands

Type: MAINTAINER TRACK

Description: The session offers an in-depth exploration of Knative’s adoption at Cerebrium, a serverless cloud platform supporting international customers with low latency and optimized costs.
End-users use Knative for modernizing development workflows, efficiently scaling microservices, and building resilient event-driven architectures. This talk will discuss the challenges faced across diverse operational environments, the solutions Cerebrium implemented with Knative, and the key lessons learned along the way. These firsthand experiences offer practical insight into Knative’s operational strengths, real-world performance, and broad applicability when building an AI Platform. Whether you’re looking to optimize existing Knative deployments, learn from proven production use cases, or gather inspiration for your next project, this session delivers actionable takeaways from Cerebrium running Knative in production today.

Strengthening CNCF Projects: Impact of Security Self-Assessments - Eddie Knight, Sonatype; Bradley Andersen, k8gb; Justin Cappos, New York University; Shuting Zhao, Nirmata; Orlin Vasilev, SUSE #

Time: 11:00am CET - 11:30am CET

Speakers: Eddie Knight, Sonatype; Bradley Andersen, k8gb; Justin Cappos, New York University; Shuting Zhao, Nirmata; Orlin Vasilev, SUSE

Venue: G102-103, Amsterdam, Netherlands

Type: MAINTAINER TRACK

Description: This panel brings together TAG Security and Compliance Technical Leads and maintainers who have completed TAG Security and Compliance self-assessments to discuss how this process transformed their security posture. From identifying blind spots to implementing best practices, panelists will share practical insights on navigating the assessment, addressing findings, and building security into their projects' DNA.

Attendees will learn:

How the self-assessment process works and why it matters for CNCF projects
Real-world challenges and wins from projects that completed assessments
Actionable security improvements that emerged from the process
How to approach security documentation and threat modeling
Tips for maintainers considering or starting their own assessment

Whether you're a maintainer preparing for an assessment or curious about elevating your project's security practices, this panel offers practical guidance from those who've been through the journey.

The Future of Kubernetes Node Lifecycle - Lucy Sweet, Uber & Dawn Chen, Google #

Time: 11:00am CET - 11:30am CET

Speakers: Lucy Sweet, Uber & Dawn Chen, Google

Venue: Hall 8 | Room E, Amsterdam, Netherlands

Type: EMERGING + ADVANCED

Description: Keeping a Kubernetes fleet healthy shouldn't feel like rocket science, yet large scale operators know the pain: draining waves of nodes, evictions that cause incidents, upgrade rollouts that take days. In this talk Lucy Sweet (Node Lifecycle Working Group Lead) and Dawn Chen (SIG Node Tech Lead) will guide you through the evolution of Kubernetes Node Lifecycle Management, sharing how large-scale operators have wrestled with its limits across diverse workloads.

We'll start by the simpler past, where managing stateless workloads was the primary focus, before examining the present challenges brought by the explosion of workload diversity. We'll explore current bottlenecks: expensive disruption, hard to understand eviction, lack of observability. Finally, we'll look at the future, including emerging needs driven by intense workloads like AI, and previewing the communities ongoing efforts and proposals in Kubernetes that aim to address these challenges.

📚 Tutorial: Building Intelligent Apps with RAG on Kubernetes: From Raw Data to Real-Time Insights - Cedric Clyburn, Natale Vinto, Christopher Nuland & Legare Kerrison, Red Hat #

Time: 11:00am CET - 12:15pm CET

Speakers: Cedric Clyburn, Natale Vinto, Christopher Nuland & Legare Kerrison, Red Hat

Venue: Elicium 1, Amsterdam, Netherlands

Type: 📚 TUTORIALS

Description: With cloud-native AI, we typically hear a lot about the models, but what about our data? Efficient ingestion and retrieval of enterprise knowledge is the backbone of intelligent applications, yet developers still struggle with messy, unstructured formats, governance concerns, and runaway costs from inference. Join us for this hands-on workshop showing how Kubernetes-native tooling can help build scalable Retrieval-Augmented Generation (RAG) applications.

What you’ll learn (and practice):

Structure Unstructured Data: Use open-source projects like Docling to transform PDFs, proprietary formats, and unstructured text into query-ready knowledge for your apps.
Deploy and Scale RAG: See how RAG improves generative responses without heavy fine-tuning, using projects such as Kafka, Knative, and Kubeflow Pipelines for data ingestion and processing.

We'll finish by building a Kubernetes-native AI-powered ticketing system retriever, with complete data sovereignty and scalability!

🚨 Contribfest: Headlamp: Build Kubernetes Experiences Your Way! - Joaquim Rocha, Amutable & Santhosh Nagaraj, Microsoft #

Time: 11:00am CET - 12:15pm CET

Speakers: Joaquim Rocha, Amutable & Santhosh Nagaraj, Microsoft

Venue: G107, Amsterdam, Netherlands

Type: 🚨 CONTRIBFEST

Description: Join the Headlamp maintainers for a hands‑on workshop on how to extend Headlamp to include a UI for your favorite project, Custom Resources, or CNCF tool!

Headlamp is an extensible Kubernetes UI that is officially part of the Kubernetes project (under the SIG UI). It offers a great base UX for managing Kubernetes, and a comprehensive plugin system for creating new interfaces and experiences.

In this session, you will learn to build a Headlamp plugin, with the assistance of Headlamp's maintainers. You will leave with knowledge of how Headlamp's plugins work, and it's hopefully the kickstart of a new UI for your projects that you may choose to also publish with the community.

If you are already experienced in Headlamp, this Contribfest session is still a great chance to have discussions with maintainers and the community, in order to take your contributions further.

Do not forget to bring your laptop, and we hope to see you!

Cloud Native Theater | EnvoyCon: Inside Spotify’s Envoy Architecture: What We Learned the Hard Way - Leonardo da Mata, Spotify #

Time: 11:10am CET - 11:24am CET

Speakers: Leonardo da Mata, Spotify

Venue: Hall 1-5 | Tram Zone | Cloud Native Theater, Amsterdam, Netherlands

Type: SOLUTIONS SHOWCASE

Description: Running Envoy at scale is not just about performance; it’s about where logic lives, how it’s deployed, and what it costs to operate over time.

At Spotify, our core service perimeter had become a liability in a modern CNCF world. While Envoy was already in use, critical request-handling logic was running in a heavyweight Java sidecar, creating performance bottlenecks, high resource costs, and fragmented operations across Compute Engine and Kubernetes.

In this talk, we’ll walk through how we re-architected our Envoy deployment by:

Migrating fully to Kubernetes
Standardizing on gRPC
Replacing a complex Java sidecar with Envoy-native custom C++ filters

We’ll share the concrete design decisions, trade-offs, and operational consequences of moving logic into Envoy itself and what that meant for latency, reliability, and cost at Spotify scale.

This presentation is not a “happy path” story. You’ll hear what worked, what didn’t, and what we would do differently if we were starting today.

Cloud Native Theater | EnvoyCon: External Processing, Internal Leverage: MCP Tool Calls to REST with Envoy - Jens Kat, ING #

Time: 11:29am CET - 11:43am CET

Speakers: Jens Kat, ING

Venue: Hall 1-5 | Tram Zone | Cloud Native Theater, Amsterdam, Netherlands

Type: SOLUTIONS SHOWCASE

Description: AI agents are quickly becoming first-class consumers of APIs. However most enterprises already have mature API ecosystems they can't (and shouldn't) rebuild for "agentic" workflows.
At ING we operate a large service mesh with thousands of services owned by hundreds of teams and serving millions of customers.
These services all implement OpenAPI specifications. To bridge agent tool calls to existing REST endpoints at scale, we implement an MCP server as an Envoy external processing (ext_proc) integration, keeping the innovation outside the proxy while using Envoy as the production-grade data plane.
This talk focuses on why ext_proc is the right extension point. Envoy's external processing filter connects a gRPC "external processor" over a bidirectional stream, allowing the processor to examine and mutate headers, bodies, and trailers, or even return an immediate response, while Envoy remains in control of traffic handling and policy.
We'll show how we use this model to keep MCP "thin": no business logic in tool definitions just 1:1 mapping from tool calls to API endpoints, and why that decision matters for maintainability and governance. Finally, we'll highlight what we get out of the box by building on Envoy: built-in filter statistics (including ext_proc stats), standard access logging, and OpenTelemetry-based distributed tracing patterns plus an operational model we already trust at scale.
We'll close with our plan to open-source the implementation so others can adopt MCP-on-Envoy in their own meshes.

🚩Capture The Flag Experience - Fabian Kammel & John Kjell, ControlPlane #

Time: 11:30am CET - 1:30pm CET

Speakers: Fabian Kammel & John Kjell, ControlPlane

Venue: Hall 1-5 | Gouda Zone | Project Pavilion, Amsterdam, Netherlands

Type: PROJECT OPPORTUNITIES

Description: The Capture The Flag (CTF) experience runs concurrently to KubeCon + CloudNativeCon Europe 2026!Delve deeper into the dark and mysterious world of Cloud Native security! Exploit supply chain attacks and start your journey deep inside the target infrastructure, or scan the visible horizon to hunt and collect the mysterious hidden flags, and hopefully learn something new and wryly amusing along the way!Instructors are on hand to equip you with everything you need for your adventure. Attendees can play three increasingly treacherous and demanding scenarios to bushwhack their way through the dense jungle of Cloud Native security. Everybody is welcome, from beginner to seasoned veterans, as we venture amongst the low-hanging fruits of insecure configuration and scale the lofty peaks of cluster compromise!

Bob and Alice Revisited: Understanding Encryption in Kubernetes - Jackie Maertens & Mitch Connors, Microsoft #

Time: 11:45am CET - 12:15pm CET

Speakers: Jackie Maertens & Mitch Connors, Microsoft

Venue: Hall 7 | Room C, Amsterdam, Netherlands

Type: SECURITY

Description: Encryption is a fundamental aspect of securing data, yet many Kubernetes users struggle to differentiate between various encryption methods such as symmetric, asymmetric, TLS, mTLS, and VPN. This talk aims to demystify these concepts using the classic fictional characters Bob and Alice, who have been used to explain encryption since the 1970s. We will revisit their story and adapt it to the modern Kubernetes ecosystem, providing clear explanations and practical examples. These examples will demonstrate encryption in Kubernetes use cases such as ingress, API server communication, SPIFFE and service mesh traffic with projects like Istio. We will also explore trade-offs between data security and usability - helping you answer the age-old question: how much encryption is enough? Attendees will leave with a solid understanding of encryption techniques and how to apply them effectively in their Kubernetes environments.

Designing Slides You Can’t See (But Can Still Understand)#

Time: 11:45am CET - 12:15pm CET

Venue: G104 - 105 | Community Hub, Amsterdam, Netherlands

Type: INCLUSION + ACCESSIBILITY

Description: Slides are often designed as visual posters — but blind and visually impaired attendees experience them through screen readers (if slides shared beforehand) and the speaker’s voice.

This interactive talk shows how to create slides that remain fully understandable without being seen. Through live exercises, real examples, and short audience challenges, participants will learn practical best practices: meaningful titles, verbal description of visuals, accessible charts and code, and why color alone is never enough.

Fluent Bit V5: Pushing the Limits of Observability at Scale - Eduardo Silva, Chronosphere | A Palo Alto Networks Company #

Time: 11:45am CET - 12:15pm CET

Speakers: Eduardo Silva, Chronosphere | A Palo Alto Networks Company

Venue: F002-005, Amsterdam, Netherlands

Type: MAINTAINER TRACK

Description: Fluent Bit v5 marks a major leap forward in high-performance telemetry collection for cloud-native and enterprise environments. This release focuses on breaking performance ceilings through architectural refinements, smarter routing, and lower-overhead processing across logs, metrics, and traces.

We’ll explore how Fluent Bit v5 aligns natively with OpenTelemetry, enabling seamless hybrid pipelines while preserving Fluent Bit’s signature efficiency and operational simplicity.

The talk will cover new enterprise-grade capabilities around scalability, reliability, security, and fleet-wide management, designed for real-world, large-scale deployments. Attendees will gain a practical view into how Fluent Bit v5 serves as a foundational data plane for modern observability strategies, from edge to core, without sacrificing performance or control.

From Projects to Products: The Sociotechnical Journey Behind Sony’s Internal Cloud Platform - Eugenia Bergman & Hagen Tonnies, Sony Interactive Entertainment #

Time: 11:45am CET - 12:15pm CET

Speakers: Eugenia Bergman & Hagen Tonnies, Sony Interactive Entertainment

Venue: Forum, Amsterdam, Netherlands

Type: PLATFORM ENGINEERING

Description: Like many large engineering organizations, Sony Interactive Entertainment, the company behind PlayStation, faced the challenge of scaling infrastructure that had evolved through years of projects and automation scripts. After eight years of running Kubernetes in production—across data centers and hybrid environments—shifting to a product mindset became essential to deliver a consistent, API-driven platform experience.

This talk shares how we moved from infrastructure as projects to infrastructure as products. We’ll show how applying product thinking to platform architecture helped us balance CRDs, controllers, and Crossplane with the social systems that make them effective—through discovery habits, feedback loops, and shared ownership that turned platform delivery into a continuous product practice.

Cloud-native success isn’t just about controllers and CRDs—it’s about cultivating the organisational behaviours that make them thrive.

From “No Time for GitOps” to Enterprise Adoption: Selling Flux the Human Way - Lucas Hornung & Christian Matthaei, Tchibo GmbH #

Time: 11:45am CET - 12:15pm CET

Speakers: Lucas Hornung & Christian Matthaei, Tchibo GmbH

Venue: Hall 7 | Room B, Amsterdam, Netherlands

Type: CLOUD NATIVE EXPERIENCE

Description: For years at Tchibo, a traditional, family-owned German coffee and retail company, GitOps was ignored. Developers were fully booked, product owners prioritized features and arguments about YAML consistency or self-healing clusters didn’t convince. Management didn’t see GitOps as a priority, developers didn’t see the need.

What changed? We stopped making the case for Flux as a tool and started telling stories. Inspired by Simon Sinek’s Start With Why, Cole Nussbaumer Knaflic’s Storytelling With Data and Philip Collins’ The Art of Speeches and Presentations, we reframed GitOps around developer pain, business value and memorable narratives. We even borrowed from Dale Carnegie’s How to Win Friends and Influence People to win allies in unlikely places. The turning point came, when the Head of webshop made GitOps a priority. Suddenly, what was ignored for years, became a mandate. We also hacked one of the coffee machines on our floor with a simple message: “Don’t be Hans-Peter - Use Flux.”

Fusing FinOps, Forecasting, and Kubernetes at Scale - Ankur Singh, Red Hat & Satyam Bhardwaj, Mirantis #

Time: 11:45am CET - 12:15pm CET

Speakers: Ankur Singh, Red Hat & Satyam Bhardwaj, Mirantis

Venue: Hall 8 | Room G, Amsterdam, Netherlands

Type: AI + ML

Description: Multi-cloud Kubernetes fleets are growing faster than FinOps teams can model spend. This talk introduces an emerging pattern: FinOps-aware agents that autonomously observe telemetry, forecast resource demand, and report right-sizing decisions.

We present an open source reference architecture unifying OpenCost, Prometheus, and advanced time-series Forecasting AI Models within GitOps control loops. These agents ingest normalized cluster signals to generate explainable multi-horizon forecasts with quantified uncertainty bounds, then translate predictions into actionable policies i.e., autoscaler configurations, capacity plans, workload placements, etc., all while maintaining vendor neutrality and full auditability.

Attendees will learn the architectural patterns for building such systems: feature extraction from raw Kubernetes metrics, adaptive retraining pipelines that respond to workload drift, and human-in-the-loop approval workflows for high-impact changes.

Hack Me If You Can: Learning Kubernetes Security Through a Role-Play Battle - Aoi Takahashi, Recruit Co., Ltd. & Keita Mochizuki, NTT DATA Japan Corporation #

Time: 11:45am CET - 12:15pm CET

Speakers: Aoi Takahashi, Recruit Co., Ltd. & Keita Mochizuki, NTT DATA Japan Corporation

Venue: Hall 8 | Room F, Amsterdam, Netherlands

Type: SECURITY

Description: Have you ever felt that Kubernetes and container security are too difficult, and that running them safely in production feels uncertain?
With the rise of AI, many of us have started “Vive Yamling” — quickly generating YAML manifests with AI. It accelerates development but can also introduce fragile or insecure configurations. Meanwhile, attackers now use AI to automate discovery and exploitation.
In this talk, we turn Kubernetes security into an interactive stage play. Two presenters perform a live “role-play battle” between a Hacker, a Security Hero, and the Audience. The audience experiences what it feels like to be attacked.
Through this playful yet realistic performance, you’ll see how AI can both create and exploit vulnerabilities, and take away practical insights to defend your cluster in an era where even attackers are powered by AI. You’ll build, get attacked, and defend — deepening your understanding of Kubernetes security while having fun along the way.

In-place Updates with Cluster API: The Sweet Spot Between Immutable and Mutable Infrastructure - Fabrizio Pandini & Stefan Büringer, Broadcom #

Time: 11:45am CET - 12:15pm CET

Speakers: Fabrizio Pandini & Stefan Büringer, Broadcom

Venue: Hall 8 | Room D, Amsterdam, Netherlands

Type: OPERATIONS + PERFORMANCE

Description: Immutability or Mutability, that’s a tricky choice.

But why do I have to choose?
Why can’t a system like Cluster API take care of picking the best available option to reach the desired state?

And here we are, once again, the Cluster API team has turned your wishes into reality!

Join this talk to discover how Cluster API in-place updates makes it possible to operate your cluster taking benefits from both immutable rollouts and in-place updates.

Let’s focus on the beauty and simplicity of the user interface, on the intricacies of how this feature works under the cover, and on how it is possible to leverage new extension points to adapt Cluster API behaviour according to your need and the type of infrastructure you are using.

Kube-Oddities - The Quirks That Keep Kubernetes Interesting - Marcus Noble, Monzo & Márk Sági-Kazár, Independent #

Time: 11:45am CET - 12:15pm CET

Speakers: The Quirks That Keep Kubernetes Interesting - Marcus Noble, Monzo & Márk Sági-Kazár, Independent

Venue: Hall 7 | Room A, Amsterdam, Netherlands

Type: CLOUD NATIVE NOVICE

Description: I'm sure we all agree, Kubernetes is amazing. But sometimes, it’s also... confusing. That’s why Marcus and Márk are here to deliver a brutally honest (and thoroughly entertaining) deep dive into the "Kube-Oddities" - those baffling decisions, peculiar behaviors, and downright WTF moments that make this platform so uniquely interesting.

Let’s ditch the sales pitches and feature announcements. We’re diving down the rabbit hole. We'll explore the weirdness surrounding sidecars, the baffling behavior of image tags, and the downright confusing default behavior of Pod DNS.

This isn’t a technical lecture, it's a fun chat among friends, a shared experience of frustration and occasional triumph. Join Marcus and Márk as they unpack the quirks that keep you constantly questioning, and hopefully, leave you with a deeper appreciation (and a slightly more skeptical eye) for the world of Kubernetes. Prepare for laughter, head-scratching, and maybe just a few ‘WTF?’ moments.

OpenFeature Update From the Maintainers - Lukas Reining, codecentric AG; André Silva, LexisNexis Risk Solutions; Thomas Poignant, Gens de Confiance; Alexandra Oberaigner, Dynatrace #

Time: 11:45am CET - 12:15pm CET

Speakers: Lukas Reining, codecentric AG; André Silva, LexisNexis Risk Solutions; Thomas Poignant, Gens de Confiance; Alexandra Oberaigner, Dynatrace

Venue: E103-105, Amsterdam, Netherlands

Type: MAINTAINER TRACK

Description: OpenFeature is an open specification that offers a vendor-agnostic, community-driven API for feature flagging, designed to work seamlessly with your favourite feature flag management tool or in-house solution. This year, we’re excited to share updates on the new OpenFeature MCP server, introduce tools like the OpenFeature GitHub Action to help clean up your flags, and celebrate the stable release of our own flag evaluation protocol (OFREP). We’ll also take you behind the scenes of our open-source community, sharing the challenges we’ve tackled, the solutions we’ve crafted, and the lessons we’ve learned along the way. We’d love for you to join the conversation. Feel free to bring your questions, ideas, and curiosity as we will explore the current state and future of OpenFeature!

Route, Serve, Adapt, Repeat: Adaptive Routing for AI Inference Workloads in Kubernetes - Nir Rozenbaum, Red Hat & Kellen Swain, Google #

Time: 11:45am CET - 12:15pm CET

Speakers: Nir Rozenbaum, Red Hat & Kellen Swain, Google

Venue: Auditorium, Amsterdam, Netherlands

Type: AI + ML

Description: Running inference on K8s can be costly and extremely slow.
Today’s inference routing strategies like traffic splitting, node affinity or session stickiness — are all static. Once defined, they ignore changing load, queue build-ups, and cache locality.

Inference workloads, however, are dynamic: requests vary, cache states shift, and cluster conditions evolve. Static routing strategies simply can’t keep up, leading to latency spikes and wasted GPU cycles.

With K8s Gateway API Inference Extension, we introduce adaptive routing strategies for inference, driven by real-time signals such as queue length and cache utilization. By continuously adapting, the system balances cache efficiency with load distribution, reduces latency, improves GPU utilization, and lowers costs at scale.

Attendees will learn why static routing strategies limit inference performance and see benchmarks demonstrating latency, efficiency, and cost gains with adaptive routing in K8s Gateway API Inference Extension.

SIG-Windows Updates - Claudiu Belu, Cloudbase Solutions & JR Valdes, Red Hat #

Time: 11:45am CET - 12:15pm CET

Speakers: Claudiu Belu, Cloudbase Solutions & JR Valdes, Red Hat

Venue: E106-108, Amsterdam, Netherlands

Type: MAINTAINER TRACK

Description: At this maintainer track talk we will cover what is new in the Windows Special Interest Group.
This talk will focus on improvements to our test infrastructure, and highlight some of the features we plan to GA in upcoming Kubernetes releases.

Solving Industrial Challenges With KubeEdge: A Post-Graduation Report - Yue Bao, Huawei; Hongbing Zhang, DaoCloud; Yin Ding, VMware by Broadcom #

Time: 11:45am CET - 12:15pm CET

Speakers: Yue Bao, Huawei; Hongbing Zhang, DaoCloud; Yin Ding, VMware by Broadcom

Venue: Amtrium 1+2, Amsterdam, Netherlands

Type: MAINTAINER TRACK

Description: Following its graduation within the CNCF, KubeEdge has solidified its position as the premier platform for extending Kubernetes to the edge. In this session, project maintainers will explore KubeEdge's evolution, offering a deep dive into the core architecture that enables efficient management of edge workloads. Attendees will gain insights from real-world deployments across diverse sectors, including Smart Cities, Industrial IoT (IIoT), Edge AI, Robotics, and Retail. Beyond success stories, the talk will cover critical technical updates, including the newly introduced Certified KubeEdge conformance test, recent technological advancements, and the latest updates on community governance.

Sovereign Identities for Your Cloud Native Architecture With Keycloak - Alexander Schwartz, IBM & Sebastian Łaskawiec, Defense Unicorns #

Time: 11:45am CET - 12:15pm CET

Speakers: Alexander Schwartz, IBM & Sebastian Łaskawiec, Defense Unicorns

Venue: G102-103, Amsterdam, Netherlands

Type: MAINTAINER TRACK

Description: When building and evolving your sovereign cloud-native architecture, identities bring together your applications, data and infrastructure and keep them secure. Keycloak is well-known for managing human and non-human identities with OpenID Connect and SAML. You can use it with your applications and infrastructure, and also to broker with other external identity providers across organizations. With its built-in OpenTelemetry capabilities, it provides you deep insights to trace down root causes for failed requests and slowdowns. Join this talk to learn how to use strong authentication and leverage trust relationships across organizations. See our latest features on how to use automatically rotating Kubernetes service account tokens as client secrets, and gather insights with our unified OpenTelemetry setup.

The Shell Awakens: Cloud Native Workflows for Particle Physicists - Raulian-Ionut Chiorescu & Hannes Hansen, CERN #

Time: 11:45am CET - 12:15pm CET

Speakers: Raulian-Ionut Chiorescu & Hannes Hansen, CERN

Venue: Hall 8 | Room E, Amsterdam, Netherlands

Type: EMERGING + ADVANCED

Description: High Energy Physics users at CERN have long relied on interactive, command-line environments powered by SSH, shared software stacks, and large-scale batch systems. As computing shifts toward containerized and cloud-native models, preserving a familiar experience while embracing modern orchestration platforms is key. This talk shows how CERN enables physicists to access Kubernetes-based GPU resources through traditional workflows. With ContainerSSH, users open shell sessions that feel like classic terminals while running in isolated pods. The platform supports notebooks, VSCode, Kubeflow for ML, and CI/CD with GitLab or GitHub. It unifies interactive and batch jobs — from single-node analyses to distributed training and MPI — powered by a shared GPU pool and high-performance fabrics like InfiniBand and RoCEv2. With backfilling, fair-share scheduling, and hybrid extensions via MultiKueue and interLink, CERN delivers a seamless, scalable environment combining HPC and cloud-native agility.

Why Security of Kubernetes Comes Down to Linux Security - Marina Moore, Edera #

Time: 11:45am CET - 12:15pm CET

Speakers: Marina Moore, Edera

Venue: Elicium 2, Amsterdam, Netherlands

Type: SECURITY

Description: Have you ever wondered why so many container escape vulnerabilities stem from vulnerabilities in the Linux kernel? This talk will take you beneath Kubernetes and into the Linux kernel to explore how the underlying kernel impacts your containers. We will look at the history of containers to see how they evolved from Linux containers to today’s cloud native world. We will then dive into Linux features still at work in containers today, with a demo showing these features at work in an unprivileged container. We’ll start with cgroups and namespaces: what do these actually do, and what’s in and out of scope for their protection? We’ll then move on to looking at devices, system calls, and processes in the container to explore what you can see, what you can change, and how OCI runtimes masks work. You’ll walk away with a clearer understanding of Kubernetes security rooted in an understanding of the underlying Linux kernel and how you can access it from within a container.

Cloud Native Theater | EnvoyCon: The Next Generation of Envoy Extensibility: Dynamic Modules for Network, Listener, and HTTP Filters - Rohit Agrawal, Databricks #

Time: 11:48am CET - 12:02pm CET

Speakers: Rohit Agrawal, Databricks

Venue: Hall 1-5 | Tram Zone | Cloud Native Theater, Amsterdam, Netherlands

Type: SOLUTIONS SHOWCASE

Description: Dynamic Modules have evolved from an HTTP-only experimental feature to a comprehensive extension mechanism spanning Envoy's entire filter pipeline. This session covers the new Listener Filter and Network Filter support which got added in v1.37, alongside the enhanced HTTP Filter capabilities including streaming body manipulation and per-route configuration. We will walk through the architecture showing how the C-ABI ensures compatibility while the official Rust SDK provides a safe, idiomatic developer experience. Unlike Wasm, Lua, or External Processors which have added latency and limited scope, Dynamic Modules offer zero-copy access to headers and bodies at near-native performance—all without recompiling Envoy. The talk includes live demos for a Listener Filter that inspects connection bytes for protocol detection and populates filter state for routing and a Network Filter implementing TCP stream manipulation and connection-level logging. We will also cover the roadmap for ABI stabilization, expanded API surface, multi-language SDK development, and the path toward cross-version compatibility.

Kubernetes Meet + Greet #

Time: 12:00pm CET - 3:00pm CET

Venue: Europe Foyer, Amsterdam, Netherlands

Type: PROJECT OPPORTUNITIES

Description: PLEASE GRAB YOUR LUNCH FIRST, THEN EXIT THE SHOWCASE TOWARDS ENTRANCE K TO THE EUROPE FOYER. The Kubernetes Meet & Greet is your chance to connect directly with the teams that build and run Kubernetes.
Representatives from Kubernetes SIGs and Working Groups will be available to share what they work on, the challenges they’re tackling, and how you can get involved, whether that’s through code, documentation, testing, events, or community support.

This is an informal, drop-in session designed for both new and existing contributors. If you’re curious about contributing to Kubernetes, looking for a SIG that matches your interests, or hoping to expand your involvement in the community, this is the perfect place to start conversations and make connections.

Cloud Native Theater | EnvoyCon: Zone Aware Routing With Per-Locality Load Awareness- Isaac Wilson, The Trade Desk #

Time: 12:07pm CET - 12:21pm CET

Venue: Hall 1-5 | Tram Zone | Cloud Native Theater, Amsterdam, Netherlands

Type: SOLUTIONS SHOWCASE

Description: Demo of a new locality_basis mode (not merged into Envoy yet) for Zone Aware Routing which uses real load stats to determine capacity/weights vs relying on number of hosts.

Lunch 🍲#

Time: 12:15pm CET - 2:15pm CET

Venue: Hall 1-5 | Solutions Showcase, Amsterdam, Netherlands

Type: BREAKS

Cloud Native Theater | EnvoyCon: The Future of AI Traffic: What's New in Envoy AI Gateway 2026 - Xiaolin Lin, Bloomberg #

Time: 12:26pm CET - 12:40pm CET

Speakers: Xiaolin Lin, Bloomberg

Venue: Hall 1-5 | Tram Zone | Cloud Native Theater, Amsterdam, Netherlands

Type: SOLUTIONS SHOWCASE

Description: In 2025, we crossed a major milestone — Envoy AI Gateway went from vision to production-ready reality. Now, we're just getting started. This talk looks ahead to what's coming in 2026: new capabilities and the next frontier of AI traffic management. Come learn what we built, what we learned along the way, and where we're taking it next.

Cloud Native Theater | EnvoyCon: From ingress-nginx to Envoy Gateway at Zapier: The Benefits, Challenges, and Migration Lessons That Matter - Kalen Wessel, Zapier #

Time: 12:45pm CET - 12:59pm CET

Speakers: Kalen Wessel, Zapier

Venue: Hall 1-5 | Tram Zone | Cloud Native Theater, Amsterdam, Netherlands

Type: SOLUTIONS SHOWCASE

Description: When Kubernetes announced that ingress-nginx was officially going end-of-life, many teams were left wondering what comes next. At Zapier, we were already deep into rethinking our ingress layer as we were wrestling with annotation sprawl, config drift across clusters, and limitations that made scaling increasingly difficult.In this talk, we’ll share what led us to choose the open-source Envoy Gateway project as our path forward and walk through how we approached the migration in a real production environment.We will share practical lessons we learned, from reconciliation performance and config transitions to strategies for reducing risk during rollout, during our migration.

We will cover:

Migrating incrementally
Validating with observability and weighted DNS
Adapting to behavioral differences between the old and new defaults.

This talk will help you if you’re considering starting or are mid-migration from Ingress-nginx. This session offers grounded, real-world insights to help you plan your next steps with confidence and clarity.

Network Nook Meetup: Conference Buddies #

Time: 12:45pm CET - 1:45pm CET

Venue: Hall 1-5 | Tram Zone | Network Nook, Amsterdam, Netherlands

Type: EXPERIENCES

Description: Join us for casual and engaging meetups at the Network Nook during lunch breaks! These informal gatherings are open to all, whether you're a first-time attendee, a solo traveler, or simply looking to chat about shared interests. This is a great way to connect with others.

Today's topic: Conference Buddies
Meet other attendees, make new connections, and find a conference buddy to explore sessions and events together!

Project Pavilion Tour with Daniel Drack, CNCF Ambassador #

Time: 12:45pm CET - 1:05pm CET

Venue: Hall 1-5 | Gouda Zone | Project Pavilion, Amsterdam, Netherlands

Type: PROJECT OPPORTUNITIES

Learning Lounge: Knowledge is a Map, Not a Badge - Nicola Noviello, KLARO #

Time: 1:00pm CET - 1:15pm CET

Speakers: Nicola Noviello, KLARO

Venue: Hall 1-5 | Bridge Zone | Learning Lounge, Amsterdam, Netherlands

Type: SOLUTIONS SHOWCASE

Description: 10-Minute Tip Talk

Cloud Native Theater | EnvoyCon: The End of a Decade, the Start of an Age: Reflecting on the Past, Present, and Future of Envoy - Erica Hughberg, Tetrate, Kateryna Nezdolii, Isovalent, Yan Avlasov, Google, Rohit Agrawal, Databricks and Leonardo da Mata, S #

Time: 1:04pm CET - 1:34pm CET

Speakers: Erica Hughberg, Tetrate, Kateryna Nezdolii, Isovalent, Yan Avlasov, Google, Rohit Agrawal, Databricks and Leonardo da Mata, S

Venue: Hall 1-5 | Tram Zone | Cloud Native Theater, Amsterdam, Netherlands

Type: SOLUTIONS SHOWCASE

Description: 2026 marks the 10th anniversary of the Envoy Project, a decade that transformed how applications communicate. From empowering engineers breaking their monoliths into microservices in 2016, to powering the next generation of GenAI platforms in 2025, the Envoy project has continually evolved to enable what’s next.
In this panel, maintainers, adopters, and contributors will the milestones and inflection points that shaped Envoy’s evolution.Discuss the project’s current focus areas and technical challenges.Explore how Envoy continues to integrate with the broader cloud-native ecosystem.Highlight real-world stories from adopters who have built on Envoy.Discuss the opportunities for the future: project sustainability, innovation, and community-driven growth.Attendees will gain a deeper understanding of Envoy’s evolution and community, as well as what it takes to build an open-source project that continues to reinvent itself for the next generation of challenges.

Time: 1:15pm CET - 1:45pm CET

Venue: Hall 1-5 | Solutions Showcase, Amsterdam, Netherlands

Type: SOLUTIONS SHOWCASE

Description: Sponsor: vCluster Demo: Kubernetes Without Kubernetes: Local Dev with vind (not KinD) Booth Number: 520 In order to facilitate networking and business relationships at the event, you may choose to visit a third party’s booth or access sponsored content. You are never required to visit third party booths or to access sponsored content. When visiting a booth or participating in sponsored activities, the third party will receive some of your registration data. This data includes your first name, last name, title, company, address, email, standard demographics questions (i.e. job function, industry), and details about the sponsored content or resources you interacted with. If you choose to interact with a booth or access sponsored content, you are explicitly consenting to receipt and use of such data by the third-party recipients, which will be subject to their own privacy policies.

🤟 Sign Language Crash Course #

Time: 1:15pm CET - 2:15pm CET

Venue: G104 - 105 | Community Hub, Amsterdam, Netherlands

Type: INCLUSION + ACCESSIBILITY

Description: Did you know the CNCF Cloud Native Glossary includes a section for sign language? If you’ve ever wondered how to sign Kubernetes, OpenTelemetry, or Linkerd—or simply how to say, “Hi, how are you?”—this hands-on crash course has you covered.

Led by members of the Deaf and Hard of Hearing Working Group, this session will teach you basic signs to start a conversation and key cloud native terms to boost your accessibility awareness. Whether you are collaborating on a project, interviewing a candidate, or meeting a new colleague, knowing a few signs can make a massive difference in making someone feel truly welcome. Add it to your schedule today!

🪧 Poster Session: Efficient Inference for Training Hurricane Data and Predicting Future Movement - Avery Yang, North Carolina School of Science and Mathematics #

Time: 1:15pm CET - 2:15pm CET

Speakers: Avery Yang, North Carolina School of Science and Mathematics

Venue: Hall 1-5 | Gouda Zone | Poster Pavilion, Amsterdam, Netherlands

Type: 🪧 POSTER SESSIONS

Description: The past few years have shown the devastating impact of hurricanes on communities worldwide. What if we could predict the future movement of hurricanes more accurately using historical data, enabling more proactive preparation and better disaster response? Key metrics include classification of storm, latitude, longitude, wind speed, pressure, storm trajectory, precipitation, sea surface temperature, hurricane category and more.

A major challenge is training models effectively with limited computational resources, especially for environmental projects like hurricanes, which generate large datasets across multiple dimensions. In my recent research work, I leverage the Kubernetes Gateway API, inference extensions, and vLLM to build a scalable and efficient training stack for hurricane movement prediction. This approach ensures models are robust, resilient, and capable of near real-time inference, supporting faster decision-making and enhanced preparedness for future hurricanes.

🪧 Poster Session: Fantastic KEPs – Part II: Writing and Contributing To Kubernetes Enhancements - Priyanka Saggu, SUSE & Mario Jason Braganza, Janusworx #

Time: 1:15pm CET - 2:15pm CET

Speakers: Priyanka Saggu, SUSE & Mario Jason Braganza, Janusworx

Venue: Hall 1-5 | Gouda Zone | Poster Pavilion, Amsterdam, Netherlands

Type: 🪧 POSTER SESSIONS

Description: We, Priyanka and Jason, took you on a journey last year, through the Kubernetes Enhancement Proposals (KEPs) and how to make sense of them.

Since that last session, we’ve gone a step further: writing our own KEPs from scratch and helping others progress theirs to completion. And once again, wow, did we learn a lot on this journey! We’ve filled in more of the puzzle!

KEPs aren’t just feature proposals—they reveal the full lifecycle of a feature, from its design to final implementation, making them a great way to understand Kubernetes.

While each KEP is different, and every Kubernetes SIG has its own process, there’s a shared structure that keeps all KEPs familiar and relatable.

We have been involved in Kubernetes release cycles for years, working with and around KEPs in all sorts of ways.
So join us to see how an idea can move through this process, accrue feedback, and develop into an enhancement while gaining valuable knowledge and insight to contribute and author KEPs yourself!

🪧 Poster Session: From FaaS To WaaS: Building Event-Driven Workloads With Wasm in Kubernetes - Brandon Kang, Akamai Technologies & Nam Hai, Hylatek Co.,ltd #

Time: 1:15pm CET - 2:15pm CET

Speakers: Brandon Kang, Akamai Technologies & Nam Hai, Hylatek Co.,ltd

Venue: Hall 1-5 | Gouda Zone | Poster Pavilion, Amsterdam, Netherlands

Type: 🪧 POSTER SESSIONS

Description: This session examines how WASM can advance serverless computing by evolving FaaS into Wasm-as-a-Service(WaaS) in Kubernetes. Rather than introductory demos, we present a production-grade architecture informed by recent research on cold start modeling, multi-tenant sandboxing with Wasm and performance benchmarking.

Our implementation integrates Wasm runtimes(SpinKube, WasmEdge) with Kubernetes-native primitives such as Knative Eventing, KEDA, and Cilium, enabling predictable latency under bursty workloads.

A case study demonstrates why Wasm’s ahead-of-time compilation and lightweight isolation were chosen over containers, and how the system was engineered to reduce latency by >60% in edge inference pipelines.

Attendees will gain insights into workload placement strategies, security guarantees, and observability challenges uncovered at scale. The talk delivers concrete technical value for engineers building next-generation high-performance serverless systems on Kubernetes.

🪧 Poster Session: Instant Kubernetes Runtime Anomaly Detection Via SBOBs (Bill of Behavior) - Constanze Roedig, fusioncore.ai & Matthias Bertschy, ARMO #

Time: 1:15pm CET - 2:15pm CET

Speakers: Constanze Roedig, fusioncore.ai & Matthias Bertschy, ARMO

Venue: Hall 1-5 | Gouda Zone | Poster Pavilion, Amsterdam, Netherlands

Type: 🪧 POSTER SESSIONS

Description: Achieving anomaly detection at reasonable noise-levels still is inaccessible to most Kubernetes practitioners due to required effort, maintenance and missing skills. CNCF Kubescape enables a much more achievable UX and how the concept of SBoBs shifts the burden of secure-by-default baselines to the producer/vendor of the software.
The key benefit for the ecosystem is scalability of runtime-rule-maintainance by allowing users to inherit the rules and their updates from vendors directly.
In this talk, you'll learn how Kubescape leverages eBPF both to detect anomalies and filter them into relevant alerts in real-time while keeping performance overhead at bay. Its key advantage is UX: the profiles integrate with the CNCF ecosystem (e.g. gitOps) while staying human-readable and insightful, even without extra tools. Which is why SBoBs can do what seccomp and AppArmor somehow never could: give users sufficiently specific behavior profiles that neither block nor drown the analysts in noise

🪧 Poster Session: Kubernetes as the Universal GPU Control Plane for AI Workloads - Satyam Soni, Devtron.ai & Rudraksh Karpe, ZS Associates Inc #

Time: 1:15pm CET - 2:15pm CET

Speakers: Satyam Soni, Devtron.ai & Rudraksh Karpe, ZS Associates Inc

Venue: Hall 1-5 | Gouda Zone | Poster Pavilion, Amsterdam, Netherlands

Type: 🪧 POSTER SESSIONS

Description: AI workloads are driving huge demand for GPUs and AI accelerators, yet the default Kubernetes model still leans on vendor-specific device plugins, which tie workloads to particular hardware and complicate portability across heterogeneous clusters. In this session, members from the Kubernetes and KAITO projects will present a more unified alternative: coupling HAMi’s device virtualization and unified scheduling abstraction with KAITO’s AI workload automation, transforming Kubernetes into a cross-vendor GPU control plane. Together, they enable cross-vendor accelerator management, reducing lock-in and improving workload portability.

We’ll walk through demos that show how HAMi abstracts device details (splitting, isolation, topology-aware scheduling), while KAITO automates workload lifecycles (model deployment, node provisioning, scaling). Attendees will leave with a practical blueprint for running AI workloads on heterogeneous infrastructure on Kubernetes.

🪧 Poster Session: LLMs, Logs, and Lost Prompts: Monitoring AI on Kubernetes - Ashok M, DigitalOcean & Kumar Soundarajan, Fidelity Investments #

Time: 1:15pm CET - 2:15pm CET

Speakers: Ashok M, DigitalOcean & Kumar Soundarajan, Fidelity Investments

Venue: Hall 1-5 | Gouda Zone | Poster Pavilion, Amsterdam, Netherlands

Type: 🪧 POSTER SESSIONS

Description: In this AI era, Large Language Models are transforming modern applications. However, running them reliably at scale on Kubernetes presents unique and complex observability challenges. From unpredictable prompt failures to resource-intensive workloads and complex distributed architectures, understanding the behavior of AI services is critical for operational success and efficiency.

In this talk, we'll explore how to build effective monitoring and observability pipelines specifically tailored for LLM workloads on Kubernetes. We'll cover:

Key metrics and logs to track for LLM services, including prompt success rates, latency, and resource usage
Handling "lost prompts" diagnosing failed or dropped inference requests with distributed tracing and log correlation
Integrating AI specific telemetry with standard Kubernetes observability tools like Prometheus, Grafana, and OpenTelemetry
Strategies for alerting and auto-remediation in AI inference pipelines.

🪧 Poster Session: Let’s Embrace Green Cloud Native Engineering - Henrik Rexed, Dynatrace #

Time: 1:15pm CET - 2:15pm CET

Speakers: Henrik Rexed, Dynatrace

Venue: Hall 1-5 | Gouda Zone | Poster Pavilion, Amsterdam, Netherlands

Type: 🪧 POSTER SESSIONS

Description: Over the past decade, software has become central to our lives but much of it runs in data centers, contributing to 3% of the global carbon footprint. With the rise of AI and ML workloads, this impact is growing by 2% annually and could reach 15%, surpassing the airline industry. In this talk, we’ll explore how to make Kubernetes clusters more energy-efficient and environmentally responsible. We’ll cover practical strategies: measuring resource usage, using energy as a KPI, dismantling idle environments, and optimizing workload allocation. Attendees will discover CNCF projects like Kepler, KubeGreen, or solution like Ecologits or CodeCarbon for LLM that support sustainable cloud-native practices. Let’s rethink our cloud-native culture and build a greener future one cluster at a time. 🌿

🪧 Poster Session: Prompt Raider: The Ultimate AI-based CTF - Alberto Rodríguez Fernandez, ControlPlane #

Time: 1:15pm CET - 2:15pm CET

Speakers: Alberto Rodríguez Fernandez, ControlPlane

Venue: Hall 1-5 | Gouda Zone | Poster Pavilion, Amsterdam, Netherlands

Type: 🪧 POSTER SESSIONS

Description: As AI adoption grows across the digital landscape, security continues to struggle to keep pace with rapid innovation. New attacks are discovered every day, and cybercriminals exploit the general lack of awareness in this field.

To help reduce this gap, we created a portable Capture The Flag (CTF) game focused on AI systems, designed to run in Kubernetes environments that we aim to showcase in a poster session.

In this poster session we will educate attendees with common cybersecurity principles applied to AI and we will let them try to solve the different scenarios of our simulated AI systems.

Solving the scenarios involves using prompt injection techniques to exfiltrate senstivie information. The first scenarios will be easier, for example, our assistant will refuse to provide the information but will do it if asked nicely. Harder scenarios may involve using more complex techniques like poisoning an MCP server or a tool.

🪧 Poster Session: Reimagining Auto-Instrumentation: Prototyping Distributed Tracing Without Header Propagation on K8s - Kenta Iijima, NTT, Inc.#

Time: 1:15pm CET - 2:15pm CET

Speakers: Kenta Iijima, NTT, Inc.

Venue: Hall 1-5 | Gouda Zone | Poster Pavilion, Amsterdam, Netherlands

Type: 🪧 POSTER SESSIONS

Description: Distributed tracing, essential for pinpointing delays and errors in microservices, is typically achieved through context propagation by embedding tracking data in headers. Manual instrumentation, embedding header propagation logic in applications, incurs high implementation costs and tight coupling. Auto-instrumentation, requiring no code changes, resolves manual instrumentation issues; however, it faces limitations in language, library, and protocol support because it must achieve header propagation below the application layer.
This presentation introduces a new auto-instrumentation method without header propagation. It benefits development and operation because it requires no code changes and removes the limitations associated with conventional auto-instrumentation. We applied TraceWeaver, a tool that employs this method, to an application implemented in a pipeline architecture on K8s. This presentation covers our process, key insights, and remaining challenges.

🪧 Poster Session: VM-Powered Kubernetes: Extreme Density & Sustainable Efficiency - Chen Zhang, JD.com #

Time: 1:15pm CET - 2:15pm CET

Speakers: Chen Zhang, JD.com

Venue: Hall 1-5 | Gouda Zone | Poster Pavilion, Amsterdam, Netherlands

Type: 🪧 POSTER SESSIONS

Description: The Dilemma: Large Kubernetes operators face a critical trade-off: strong security isolation versus high density and performance. Traditional containers rely on namespaces and cgroups, must set tight CPU/IO limits to prevent "noisy neighbors," a practice that causes CPU throttling, preventing workloads from bursting, and leading to poor physical resource utilization.
JD.com solved this based on Kata Containers ecosystem(VM-isolation). This talk details our strategy for co-locating over a million pods (online and batch) securely on shared nodes. Key architectural innovations such as the Kata IOThread framework (boosting virtio-blk performance by over 30%), etc, which enabled a massive improvement in physical CPU utilization.
Learn the proven blueprint that delivered robust security, extreme efficiency, and a huge reduction in energy consumption during the demanding "618" shopping festival. Gain a blueprint for enhancing security and sustainability in your large-scale cloud.

Learning Lounge: Don’t Cross Wires - Cross-Skill: Aligning Teams Around Smart Learning Paths - Mary Campbell & Randi Armour, Linux Foundation Education #

Time: 1:30pm CET - 1:45pm CET

Speakers: Cross-Skill: Aligning Teams Around Smart Learning Paths - Mary Campbell & Randi Armour, Linux Foundation Education

Venue: Hall 1-5 | Bridge Zone | Learning Lounge, Amsterdam, Netherlands

Type: SOLUTIONS SHOWCASE

Description: 10-Minute Tip Talk

Cloud Native Theater | CNCF Members: Leaving Your Mark In The Community - David Palilonis & Jake Pineda, The Linux Foundation; Danielle Cook, Akamai #

Time: 1:45pm CET - 2:15pm CET

Speakers: David Palilonis & Jake Pineda, The Linux Foundation; Danielle Cook, Akamai

Venue: Hall 1-5 | Tram Zone | Cloud Native Theater, Amsterdam, Netherlands

Type: SOLUTIONS SHOWCASE

Description: CNCF members drive the cloud native community's health. Membership goes beyond sponsorship. This session outlines the direct link between member involvement and the mechanics of contribution, including financial support, engineering resources, and security audits. We examine how members shaped the current ecosystem. Attendees will learn to define the ideal contributing member and the connection between support and community vitality.

Making Correct and Verifiable SBOMs Meeting #

Time: 2:00pm CET - 4:00pm CET

Venue: L103-104, Amsterdam, Netherlands

Type: EXPERIENCES

Description: Want your SBOMs to never miss anything? This meeting focuses on SBOMit, a technique for generating in-toto attestations and build time and using them to create SBOMs that will never miss included libraries or dependencies. We welcome anyone who is interested to come and learn more.

Audit-Ready Kubernetes: How Chase UK Leveraged Policy as Code for Continuous Compliance - Jim Bugwadia, Nirmata & Nischay Goyal, JP Morgan Chase #

Time: 2:15pm CET - 2:45pm CET

Speakers: Jim Bugwadia, Nirmata & Nischay Goyal, JP Morgan Chase

Venue: Hall 7 | Room C, Amsterdam, Netherlands

Type: SECURITY

Description: Building a foundational cloud platform in a regulated financial environment is a massive undertaking. This session dives into how a Chase UK’s Cloud Platform team leveraged CNCF and open source tools like Kyverno, OpenReports, and Grafana to enable backend engineers to build services safely at speed by enforcing real-time compliance and governance with Policy as Code. Facing stringent regulatory needs, the bank’s platform team evaluated solutions and selected Kyverno as a unified policy and governance solution driving a critical shift-left security strategy. Today, this solution is deployed in production, enabling the security team to independently write policies. Crucially, the solution cut compliance audit times dramatically, from weeks to minutes, automating complex requirements at scale. This session will detail the team's journey, lessons learned, and scaling plans and is Ideal for platform teams in regulated industries or anyone running critical workloads on Kubernetes.

CoC Session: Restorative Justice: What It Is, and Why The Practice is Critical to Community #

Time: 2:15pm CET - 2:45pm CET

Venue: Hall 1-5 | Gouda Zone | Project Pavilion, Amsterdam, Netherlands

Type: PROJECT OPPORTUNITIES

Description: The CNCF Code of Conduct committee practices restorative justice. Centering healing and paths forward. In this conversation with the community committee members will give and overview, examples, and take questions on the practice and the working of the committee.

Durable Execution in DevOps: How Uniphar Built Reliable Systems with Dapr - Alice Gibbons, Diagrid & Vaclav (Oisin) Haken, Uniphar #

Time: 2:15pm CET - 2:45pm CET

Speakers: Alice Gibbons, Diagrid & Vaclav (Oisin) Haken, Uniphar

Venue: Hall 8 | Room E, Amsterdam, Netherlands

Type: APPLICATION DEVELOPMENT

Description: This session presents an end-user case study of how Uniphar, a global pharma and medtech manufacturing partner, uses Dapr to achieve durable execution across critical business systems. With Dapr’s Workflow and Actor APIs, Uniphar added a durability layer that ensures key processes complete reliably despite failures or restarts. Uniphar’s Mammon app uses Dapr Workflows to automate Azure cost allocation and stakeholder attribution, driving cost accountability in teams. Another app, KeyRotationTool, built with Dapr Actors, enhances security by automatically rotating keys through persistent actor reminders. Both apps are core pieces of Uniphar’s DevOps practices, with new resources being registered for rotation at deployment time, with their cost counted regularly in reports. Join Oisín and Alice to learn how Uniphar built fault-tolerant DevOps systems, the lessons-learned from production, and see a live demo of how the Dapr APIs implement durable execution in distributed systems.

Evolving Baremetal-as-a-Service: Secure Multi-Cluster Networking and Service Identity Automation - Yushiro Furukawa & Mitsuhiro Tanino, LY Corporation #

Time: 2:15pm CET - 2:45pm CET

Speakers: Yushiro Furukawa & Mitsuhiro Tanino, LY Corporation

Venue: Hall 7 | Room B, Amsterdam, Netherlands

Type: CLOUD NATIVE EXPERIENCE

Description: This session explains how we evolved our Baremetal-as-a-Service (BMaaS) into a cloud-native infrastructure by combining Kubernetes Custom Controllers, OpenStack Nova extensions, and AthenZ-based automation. Our goal is to provide a unified, secure, and scalable environment where both physical and virtual machines can be operated consistently through modern cloud-native patterns. Key points are as follows: * Extending OpenStack Nova with Kubernetes Custom Controllers to enable baremetal provisioning and lifecycle management through declarative APIs. * Implementing ACL-based access control between multiple in-house Kubernetes clusters, automatically applied to new pods for secure cross-cluster communication. * Integrating AthenZ to automatically issue certificates during baremetal instance creation, enabling trusted and encrypted inter-service communication. * Lessons learned from merging legacy private cloud expertise with modern Kubernetes-based automation and policy-driven design.

Hello World, Meet the Spanimals: Observability for Beginners - Tiffany Jernigan, Grafana Labs & Matthias Haeussler, CGI #

Time: 2:15pm CET - 2:45pm CET

Speakers: Tiffany Jernigan, Grafana Labs & Matthias Haeussler, CGI

Venue: Hall 7 | Room A, Amsterdam, Netherlands

Type: CLOUD NATIVE NOVICE

Description: What do a raccoon, a goat, and a goose have in common? They all take part in this beginner-friendly session, where we’ll use OpenTelemetry and the Grafana observability stack to easily showcase a cloud-native observability scenario. In this session, you’ll learn what distributed tracing is, why it’s incredibly helpful for understanding how requests flow through multi-service systems, and how it can reveal issues like latency and unexpected errors — alongside logs, metrics and profiles for a complete observability picture. We’ll walk through a multi-service application that uses AI to generate animal facts and images, tracing each request from API call to OpenAI fact and image generation to database storage. Along the way, you’ll learn how to use OpenTelemetry to instrument Python and Java applications and visualize the full request journey using easy to understand, open-source dashboards for metrics, logs and traces. If a goat can survive cloud-native observability, so can you.

How Much Platform Is Enough Platform? - John Keates, Wehkamp Retail Group #

Time: 2:15pm CET - 2:45pm CET

Speakers: John Keates, Wehkamp Retail Group

Venue: Forum, Amsterdam, Netherlands

Type: PLATFORM ENGINEERING

Description: Like so many organisations, we've tried to build a runtime platform and a matching internal developer platform to go with it. From simple lists of bookmarks to a complete build-out of Backstage, it turns out, the right amount of platform is somewhere in the middle for us. By sharing our story on finding out what we really needed, we hope you'll gain tools, methods and insights to use on your own journey. We'll investigate what we thought we wanted, find out what we actually needed, and how to take more than just the technical aspects into consideration. Sometimes you want to build something because it would work really well, but you don't have the time and you have to buy something instead. Or you have to drop some features because there is no time, no budget, and after some analysis, no users either! While the various trade-offs work out differently for everyone, just knowing the choices exist and what factors come with them can be a huge help when you're in a similar situation.

How To Break Multi-Tenancy Again and Again ...and What We Can Learn From It - Lorin Lehawany & Sven Nobis, ERNW #

Time: 2:15pm CET - 2:45pm CET

Speakers: Lorin Lehawany & Sven Nobis, ERNW

Venue: Hall 8 | Room F, Amsterdam, Netherlands

Type: SECURITY

Description: Namespace-based multi-tenancy is challenging to implement and less effective than control-plane isolation. Thus, the latter is the standard today. But is this really true? Workloads such as machine learning, pipelines, or scripting capabilities can introduce unobvious multi-tenancy in clusters and become increasingly popular. So the question is: How to isolate those workloads from each other securely? Pod Security Standards, Network Policies, and Admission Controller are well-adopted, but is it enough? The answer is no: This talk presents real-world exploits in Kubeflow, Istio, and Traefik to bypass threat boundaries between namespaces and workloads. Based on these examples, this talk presents a methodology for assessing complex environments with isolation problems and guides how to address them.

Improving Pod Disruption and Node Lifecycle - Filip Křepinský, Red Hat; Lucy Sweet, Uber; Ryan Hallisey, NVIDIA #

Time: 2:15pm CET - 2:45pm CET

Speakers: Filip Křepinský, Red Hat; Lucy Sweet, Uber; Ryan Hallisey, NVIDIA

Venue: F002-005, Amsterdam, Netherlands

Type: MAINTAINER TRACK

Description: Achieving application availability with minimum resource consumption while handling all the various types of disruptions possible in Kubernetes is not an easy task. How can we reconcile this with being a good cluster citizen?
Join the Node Lifecycle Working Group, where our goal is to provide Kubernetes users and administrators with an improved experience of handling node and workload lifecycle.

We will present a novel EvictionRequest Kubernetes API, which offers a better, more cooperative approach to handling pod disruption. We will also discuss the challenges of integrating this with the current Kubernetes paradigm (PDBs, API-initiated eviction, preemption, etc.) and the ecosystem.

Furthermore, we will consider the bigger picture from the node and cluster perspectives. Although cluster maintenance differs between organizations, the challenges are similar. We look forward to hearing about your issues and discussing potential Kubernetes solutions.

Istio's Ambient Mesh: The Real Cost of Sidecar-less Tracing - Mofesola Babalola, Tempo.io & Hannah Olukoye, mobile.de #

Time: 2:15pm CET - 2:45pm CET

Speakers: Mofesola Babalola, Tempo.io & Hannah Olukoye, mobile.de

Venue: Hall 12, Amsterdam, Netherlands

Type: OBSERVABILITY

Description: The promise of Istio's Ambient Mesh is a future free from sidecar overhead. But what is the true cost of adopting this new model for production workloads? Our team went beyond the hype to perform a deep, pragmatic analysis. This session presents our comprehensive findings on the economics of sidecar-less tracing. We'll show our before-and-after cluster utilization metrics (Resource Cost) and present latency benchmarks for the new ztunnel and waypoint proxy architecture (Performance Cost). We'll also detail the hidden Operational Cost of new debugging patterns and the impact on our platform team's cognitive load. Finally, we'll share strategies for solving the observability "blind spot," ensuring developers receive actionable insights by correlating mesh telemetry with rich application context. This is the data-driven talk we wish we had, presented by the platform builder (SRE) and a key platform customer (EM).

Open Policy Agent. (OPA) Intro & Deep Dive - Charlie Egan & Anders Eknert, Apple #

Time: 2:15pm CET - 2:45pm CET

Speakers: Charlie Egan & Anders Eknert, Apple

Venue: E103-105, Amsterdam, Netherlands

Type: MAINTAINER TRACK

Description: Come to this session to learn about the Open Policy Agent (OPA) project. OPA is a general-purpose policy engine that solves a number of policy-related use cases for Kubernetes, API Authorization, CI/CD, infrastructure permissions, and more. During this session OPA maintainers will introduce the project for newcomers and then provide updates on noteworthy new features landing in OPA projects and the wider ecosystem. If you are interested in policy as code and security as it relates to cloud native technology, this session is for you. OPA maintainers will also be available for questions after the session.

Panel: How Platforms Can Save Junior Engineers (and Thus the Tech Industry) - Jennifer Riggins, The New Stack; Leena Mooneeram, Chainalysis; Molly Clarke, easyJet; Paula Kennedy, Syntasso #

Time: 2:15pm CET - 2:45pm CET

Speakers: Jennifer Riggins, The New Stack; Leena Mooneeram, Chainalysis; Molly Clarke, easyJet; Paula Kennedy, Syntasso

Venue: Hall 8 | Room D, Amsterdam, Netherlands

Type: PLATFORM ENGINEERING

Description: You can’t grow senior engineers without them being juniors first so you're risking the entire stability of your engineering org by thinking of replacing juniors with AI. AI is a tool that can help empower engineers at all levels, but only with guardrails can there be speed. The internal developer platform can assist throughout the developer lifecycle.

When platform teams offer better onboarding and docs, junior developers can ask better questions, get faster feedback and feel successful faster. An IDP facilitates better mentorship and a better understanding of your organizational and code complexity. A platform allows everyone to find and fix issues faster. And these golden paths make for better, more compliant, more secure code, no matter who or what creates it.

Never forget that investing in junior tech talent, accelerates long-term team velocity and stability. Join the conversation to learn how an IDP facilitates speed and collaboration, even in the most regulated of industries.

Platform Mesh: Breaking API Lock-In for True Multi-Cloud Service Portability - Mirza Kopic, SAP & Mangirdas Judeikis, Independent #

Time: 2:15pm CET - 2:45pm CET

Speakers: Mirza Kopic, SAP & Mangirdas Judeikis, Independent

Venue: Hall 8 | Room G, Amsterdam, Netherlands

Type: PLATFORM ENGINEERING

Description: Platform engineering with CRDs is great—until you add a second cluster or cloud provider. Suddenly, you're locked into provider-specific APIs. Migrating a database from provider A to B requires rewriting manifests and workflows. This API fragmentation is the new vendor lock-in.

We propose the Platform Mesh: a layer providing generic, portable service APIs to consumers. Application teams request a generic Postgres instance, and the mesh intelligently provisions it on any capable backend (AWS RDS, on-prem operators), translating APIs on the fly. This enables seamless, policy-driven migration between providers—even with live data—creating true service portability.

This talk demonstrates how generic APIs strengthen cloud sovereignty by treating providers as interchangeable commodities within the native Kubernetes Resource Model. We'll explore alignment with the EU Data Act, which mandates provider switching capabilities and data portability for cloud services.

REST in Peace: AI Needs to Be Async - Meet Asya🎭 - Artem Yushkovskiy, Delivery Hero #

Time: 2:15pm CET - 2:45pm CET

Speakers: Meet Asya🎭 - Artem Yushkovskiy, Delivery Hero

Venue: Auditorium, Amsterdam, Netherlands

Type: AI + ML

Description: Modern AI isn’t just POST /predict anymore. It’s messy, long-running conversations between models, tools, services — with errors, timeouts and rate limits. At Delivery Hero, we’ve rethought the AI orchestration layer with message queues, actor-model microservices, and external state store for durable execution.

Here's the idea: every step is an async actor ("asya"). Video generator? One asya. Smart router? Another. Agents, tools, backend workers — dozens of specialized actors coexist in the cluster, each scaling from zero to whatever you need (thanks, KEDA!). The result: true composability, independent scalability, and no hidden bottlenecks.

Open-sourced as Asya, the framework is battle-tested in production and powers real AI workloads today. It also now includes native support for A2A (agent-to-agent) and MCP protocols to turn your AI pipelines into a distributed agent mesh.

Come see why async isn't an optimization — it's a paradigm shift for AI orchestration.

TAG Operational Resilience: Sustainability Month To Release Guidelines - Mario Fahlandt, Kubermatic; Alolita Sharma, Apple; Carol Valencia, KrolCloud; Nabarun Pal, Broadcom; Saiyam Pathak, vCluster #

Time: 2:15pm CET - 2:45pm CET

Speakers: Mario Fahlandt, Kubermatic; Alolita Sharma, Apple; Carol Valencia, KrolCloud; Nabarun Pal, Broadcom; Saiyam Pathak, vCluster

Venue: Amtrium 1+2, Amsterdam, Netherlands

Type: MAINTAINER TRACK

Description: TAG Operational Resilience is currently driving three strategic initiatives to advance system stability and efficiency. In this Session we will explore how to join Initatives and also what the TAG is currently driving.

Let's take a look how the Sustainability Month sparked joined cooperation across the planet to focus on the impact of GreenOps.

We are formulating standardized best practices for software delivery in OSS projects to mitigate deployment risks and ensure safe velocity in our Release Guidelines Initiative

We are developing a Reference Framework to categorize levels of automation, guiding organizations from manual operations toward fully autonomous, self-healing systems with the Service Reliability Automation Initiative

Learn how to get Involved!

The KEP Lifecycle: How the Release Team Guides Enhancements To Stability - Kat Cosgrove, Minimus; Sreeram Venkitesh & Rayan Das, DigitalOcean; Subhasmita Swain, Independent #

Time: 2:15pm CET - 2:45pm CET

Speakers: Kat Cosgrove, Minimus; Sreeram Venkitesh & Rayan Das, DigitalOcean; Subhasmita Swain, Independent

Venue: E106-108, Amsterdam, Netherlands

Type: MAINTAINER TRACK

Description: Kubernetes Enhancement Proposals (KEPs) define how new features, deprecations and design changes are introduced into Kubernetes. Over time, the KEP and release processes have evolved to improve traceability, stability and production readiness.

As part of the Release Team’s Enhancements subteam under SIG Release, we track and guide enhancements through each milestone, managing freezes such as Enhancements & Code Freeze, and the newly enforced PRR Freeze (which was a soft deadline before), now requires production readiness reviews to be completed earlier.

This session covers the KEP lifecycle from two perspectives: the Release Team, who ensures enhancements are on track and meet requirements and contributors, who author and implement them. We’ll discuss recent process changes, including the introduction of a hard PRR Freeze, how it enforces production readiness earlier in the cycle and how it affects the broader release timeline (Enhancements & Code Freeze and Exception handling).

The Missing Half of Performance Profiling: Understanding Memory in Cloud Native Systems - Dom Delnano, Cosmic #

Time: 2:15pm CET - 2:45pm CET

Speakers: Dom Delnano, Cosmic

Venue: Elicium 2, Amsterdam, Netherlands

Type: OPERATIONS + PERFORMANCE

Description: The dynamic nature of cloud-native systems has made performance visibility a first-class concern. As performance needs rose in importance, tools like OTel's eBPF profiler, Pixie and Parca have made continuous CPU profiling mainstream, offering always-on, low-overhead insight into hot paths and compute waste across fleets. In contrast, memory profiling lacks the standardization and efficiency that made CPU profiling ubiquitous. Existing tools range from language-specific debuggers to emerging observability integrations, each with unique sampling strategies and trade-offs. Few provide a unified view across containers or garbage-collected runtimes, and most remain too heavy for production use. This talk offers a primer on memory profiling: what it measures, why it’s hard, and how it can evolve to match the success of continuous CPU profiling. We’ll walk through the landscape of profilers, from language-specific tools to system-wide approaches, and explore when each is most effective.

The State of Backstage in 2026 - Ben Lambert & Patrik Oldsberg, Spotify #

Time: 2:15pm CET - 2:45pm CET

Speakers: Ben Lambert & Patrik Oldsberg, Spotify

Venue: G102-103, Amsterdam, Netherlands

Type: MAINTAINER TRACK

Description: This year’s State of Backstage will explore how the Software Catalog model and the core framework is increasingly powering new ways of interacting with your platform, whether through the UI, CLI, or AI. Maintainers will show how ongoing improvements to the data model, catalog, and supporting systems are enabling these use-cases and creating a more flexible, multi-surface Backstage experience. The session will also cover major developments like the stable release of Backstage’s new frontend system, the Backstage UI design system, and updates to the release process. Expect project updates, community spotlights and live demos. The maintainers will also share a look at the roadmap ahead, and as always, leaving time for Q&A.

📚 Tutorial: DRA-matically Simple: On-Demand GPUs for MLOps - Doug Smith & Miguel Duarte Barroso, Red Hat #

Time: 2:15pm CET - 3:30pm CET

Speakers: Doug Smith & Miguel Duarte Barroso, Red Hat

Venue: Elicium 1, Amsterdam, Netherlands

Type: 📚 TUTORIALS

Description: Head back from the coffee shop and join Doug Smith and Miguel Duarte for a hands-on tour of Kubernetes Dynamic Resource Allocation (DRA) for MLOps. With DRA now GA in Kubernetes 1.34, it’s time to learn how pods can request specialized hardware like GPUs and FPGAs while the scheduler picks devices automatically. Using a full stack of open source software, we’ll try k8shazgpu, a DRA driver we built to simplify GPU sharing for AI/ML developers across a cluster. You’ll get hands-on with vLLM, the open-source LLM inference framework from the Linux Foundation, and learn to allocate GPUs on demand, keep caches warm, and spin up model servers without ever writing YAML (unless you want to!). We’ll explore DRA from three angles: as a user you’ll run simple commands; as a cluster admin you’ll see DeviceClasses and ResourceClaims in action; and as a developer you’ll peek under the hood to start writing your own DRA driver. Expect rhetorical questions, surprises, and maybe a meme or two.

🚨 Contribfest: K3s ContribFest Session - Manuel Buil & Orlin Vasilev, SUSE #

Time: 2:15pm CET - 3:30pm CET

Speakers: Manuel Buil & Orlin Vasilev, SUSE

Venue: G107, Amsterdam, Netherlands

Type: 🚨 CONTRIBFEST

Description: Join us to learn how to contribute to K3s, what issues we have and where we need help!

🚨 Contribfest: Tell Us How You’re Using Argo CD: A Community ContribFest Session - Alexander Matyushentsev & Nitish Kumar, Akuity; Leonardo Luz Almeida, Michael Crenshaw & Alexandre Gaudreault, Intuit; Regina Voloshin, Octopus Deploy #

Time: 2:15pm CET - 3:30pm CET

Speakers: Alexander Matyushentsev & Nitish Kumar, Akuity; Leonardo Luz Almeida, Michael Crenshaw & Alexandre Gaudreault, Intuit; Regina Voloshin, Octopus Deploy

Venue: G106, Amsterdam, Netherlands

Type: 🚨 CONTRIBFEST

Description: Argo CD is one of the most widely adopted GitOps tools, yet there are fewer opportunities to learn how teams are actually using it in real-world environments. This ContribFest session shifts the focus from feature walkthroughs to understanding practical Argo CD usage patterns, repository structures, and operational approaches used by the community.

This will be an interactive, discussion-driven session where attendees are encouraged to come prepared to briefly share how they use Argo CD today. Topics may include GitOps repository layouts, multi-cluster setups, promotion strategies, and common challenges encountered in day-to-day operations. Argo CD maintainers will help guide the conversation and ensure broad participation.

To kick off the discussion, maintainers will highlight commonly observed patterns and frequently requested Argo CD features. The insights gathered during this session will help inform future documentation, blog posts, and contributor initiatives.

Cloud Native Theater | Data on Kubernetes Day: Opening Remarks - Edith Puclla, Percona #

Time: 2:30pm CET - 2:35pm CET

Speakers: Edith Puclla, Percona

Venue: Hall 1-5 | Tram Zone | Cloud Native Theater, Amsterdam, Netherlands

Type: SOLUTIONS SHOWCASE

Description: Welcome message from Data On Kubernetes Community members. Learn how to get involved in the community and where to find resources to help you on your DoK journey.

LGBTQ+ Community Gathering #

Time: 2:30pm CET - 3:30pm CET

Venue: G104 - 105 | Community Hub, Amsterdam, Netherlands

Type: INCLUSION + ACCESSIBILITY

Description: This community gathering brings together LGBTQ+ professionals and allies for meaningful networking and focused, small-group discussions. Led by members of Friends of Dorothy, a cloud native community group, participants will work together to generate new initiatives for empowerment and active ecosystem contribution, while building a resilient support network.

Cloud Native Theater | Data on Kubernetes Day: Tuning Elastic on Kubernetes; How Assumptions On Your Persistency Can Wreak Havoc... - Luuk Stolk and Artur Gromek, ING #

Time: 2:40pm CET - 3:05pm CET

Speakers: Luuk Stolk and Artur Gromek, ING

Venue: Hall 1-5 | Tram Zone | Cloud Native Theater, Amsterdam, Netherlands

Type: SOLUTIONS SHOWCASE

Description: This is the story of how ING ran into issues with our Elastic estate hosted on OpenShift with Portworx. We'll start with telling a bit more about our Elastic estate as it is one of our biggest K8s environments in operation (measured in CPU capacity).

After having this in operation for about 2 years, our colleagues running the Elastic estate started to complain about performance. But we as the OpenShift/Portworx operators could not spot anything in our observability...

So what was going on? In this presentation we'll take you along that journey and explain our wrong assumptions, the failed attempts as well as the solution we found and the lessons we learned.

Banking on Reliability: Cloud Native SRE Practices in Financial Services - Clément Nussbaumer, PostFinance #

Time: 3:00pm CET - 3:30pm CET

Speakers: Clément Nussbaumer, PostFinance

Venue: Elicium 2, Amsterdam, Netherlands

Type: OPERATIONS + PERFORMANCE

Description: Join me for real-world stories from 5 years operating a Kubernetes platform at a major Swiss bank. First, I'll explain how Service Level Objectives (SLOs) drove cascading improvements to API server load-balancing, nginx readiness probes, and etcd leadership transitions. Second, I'll showcase two open-source Golang monitoring tools we built: a DNS server monitoring tool and a distributed mesh for node-to-node checks that detects network problems and performance degradations. I'll explain how open-sourcing led to community contributions, including O(n²) to O(n) scaling improvements. Third, you'll learn about our continuous end-to-end Golang test suite covering all platform aspects, with reproducible building blocks you can implement. Finally, we'll have an interactive debugging session tracking down rare 502 errors (6 per million requests) caused by mismatched connection timeouts - critical in banking where failed requests mean denied payments.

Dynamic Mocking for Event-Driven APIs: A Cloud Native Approach With Kubernetes - Harshvardhan Parmar, YosemiteCrew & Anushka Saxena, Google #

Time: 3:00pm CET - 3:30pm CET

Speakers: Harshvardhan Parmar, YosemiteCrew & Anushka Saxena, Google

Venue: Hall 8 | Room E, Amsterdam, Netherlands

Type: APPLICATION DEVELOPMENT

Description: Mocking event-driven APIs is much harder than mocking REST endpoints. In asynchronous architectures powered by Kafka, MQTT, or AMQP, messages are contextual, time-sensitive, and schema-driven — making static, hardcoded mocks quickly obsolete. To truly support developer velocity and early integration, teams need dynamic mocks that behave like real event producers and consumers. In this session, we’ll explore how to bring realistic, dynamic mocking to event-driven systems using Kubernetes-native tooling. You’ll learn how to automatically generate and deploy mocks from AsyncAPI contracts, simulate message streams over Kafka, MQTT, or AMQP all inside your Kubernetes environment. We’ll discuss: - Managing and generating dynamic mocks from AsyncAPI specifications - Running event producers and consumers as Kubernetes-native components - Using Kubernetes-native tools like Microcks to orchestrate and scale mocks dynamically - Keeping mock behavior realistic as schemas and topics evolve

Enterprise Challenges with MCP Adoption - Christian Posta, Solo.io #

Time: 3:00pm CET - 3:30pm CET

Speakers: Christian Posta, Solo.io

Venue: Hall 7 | Room C, Amsterdam, Netherlands

Type: AI + ML

Description: The Model Context Protocol specifies how MCP servers expose tools, data, and workflows to agents. The spec was written in terms of single tenant, desktop based use cases. Enterprises need to move beyond this definition of and begin building “MCP services”: secure, remotely accessible, multi-tenant, governed services that expose sensitive business capabilities to AI agents.

In this talk, I'll highlight three challenges that arise:

Onboarding & Discovery: How do you register, approve and safely expose MCP services while defending against tool poisoning and shadow services?

Authorization & Identity: How much of the MCP Authorization spec can be adopted when most IdPs don’t support the RFCs it assumes? What’s the gap between the spec’s design for public SaaS and the reality of enterprise SSO, policy engines, and workload identity?

Upstream Access & Consent: Once an MCP service needs to call enterprise APIs on behalf of a user, how do we govern delegation and prevent credential misuse?

From Creepers to Clusters: Evolving Minecraft Into a Cloud Native Platform - Jaden Walderich & Alex Mizerak, Ziax Ltd.#

Time: 3:00pm CET - 3:30pm CET

Speakers: Jaden Walderich & Alex Mizerak, Ziax Ltd.

Venue: Hall 7 | Room B, Amsterdam, Netherlands

Type: CLOUD NATIVE EXPERIENCE

Description: Many organizations adopting cloud native technologies began long before Kubernetes existed. But what happens when you take one of the world's largest Minecraft servers and transform it into a modern cloud native game platform that goes beyond a single video game?

In this talk, we'll share how we evolved the CubeCraft server from a monolith powered by scripts and legacy jobs, into a scalable platform built on OKD and Quarkus. This goes beyond Minecraft, orchestrating diverse workloads, game applications and client services. We'll explore the challenges of untangling legacy systems, abstracting services and creating a developer-friendly platform capable of scaling far beyond a single game.

If you’ve ever wondered how platform engineering can modernize even the most unconventional workloads into a feature-complete, cloud native platform, this session will show that transformation, with lessons that extend far beyond gaming to anyone modernizing complex, antiquated systems in Kubernetes.

Ghost in the Platform: How the Dutch Tax Authority Built a Service To Scale K8s To 99+ Applications - Jerry van Hulst, Belastingdienst & Marcel Kerker, HCS Company B.V.#

Time: 3:00pm CET - 3:30pm CET

Speakers: Jerry van Hulst, Belastingdienst & Marcel Kerker, HCS Company B.V.

Venue: Forum, Amsterdam, Netherlands

Type: PLATFORM ENGINEERING

Description: How do you transform a mostly empty Kubernetes platform into a thriving ecosystem running 100+ production applications? This talk shares the Dutch Tax Authority's journey from a "ghost platform" to a secure-by-default, self-service platform developers actually want to use.

In 2019, we started our Kubernetes platform with minimal automation and scattered knowledge. Today, we run a fully automated Project as a Service platform guiding teams from idea to production with built-in security and best practices.

We'll demonstrate how we achieved this through:

Developer enablement via Communities of Practice, workshops, and hackathons
Automated onboarding with security and validation baked in
integration of Tekton and Backstage
Centralized management using ArgoCD, RHACM, and Kyverno
Self-service powered by our open-source PaaS Operator

This session includes a live demo, architecture insights, and lessons learned. You'll leave with a blueprint and access to our open-source tools.

How Manual OTel Instrumentation Saves More Than Just Money - Juliano Costa, Datadog & Yuri Oliveira, OllyGarden #

Time: 3:00pm CET - 3:30pm CET

Speakers: Juliano Costa, Datadog & Yuri Oliveira, OllyGarden

Venue: Hall 12, Amsterdam, Netherlands

Type: OBSERVABILITY

Description: Many companies that have reached a mature observability practice continue to rely on auto-instrumentation, often without realizing it’s quietly draining their budgets. At this stage, observability engineers start spending countless hours chasing down cost anomalies, unaware that the problem may lie not in how much they collect, but what they collect. What if the key to a more efficient telemetry pipeline lies inside the traces themselves? In this talk, we will show how manual instrumentation can deliver leaner and more business-oriented telemetry. By comparing traces produced through automatic and manual instrumentation, it will be demonstrated how controlling spans and their attributes can cut data volume by up to 60%, reducing resource overhead and storage costs while improving signal-to-noise ratio. Attendees will learn the do’s and don’ts of span and attribute management, how to identify unnecessary telemetry metadata, and practical steps to achieve higher observability efficiency.

How Will Customized Kubernetes Distributions Work for You? a Discussion on Options and Use Cases - Michael McCune & Joel Speed, Red Hat; Bridget Kromhout, Microsoft; Jesse Butler, AWS; Bowei Du, Google #

Time: 3:00pm CET - 3:30pm CET

Speakers: Michael McCune & Joel Speed, Red Hat; Bridget Kromhout, Microsoft; Jesse Butler, AWS; Bowei Du, Google

Venue: F002-005, Amsterdam, Netherlands

Type: MAINTAINER TRACK

Description: When installing Kubernetes there are many choices to be made; from the platform to the cluster topology to the workloads, you have options and configurations to select. The choices becomes even more pronounced in hybrid cloud environments where consistent functionality is required across heterogeneous infrastructures. In a world where automated upgrades and rollbacks are becoming reality, could the Kubernetes community help to make life easier for users?

In this panel, the SIG Cloud Provider maintainers will discuss the idea of Kubernetes distributions: self-contained customized releases targeted at specific infrastructures or use cases. The panelists will talk about topics that include the advantages and disadvantages of distribution models, what distributions offer to users, and how distributions will help the Kubernetes testing process. While not seeking to invent a “15th standard”, the SIG would like to engage the community in a vigorous discussion about the future of Kubernetes.

Invisible Guardrails: Enabling Developer Velocity With a Secure Platform - James Elías Sigurðarson & Vignir Hafsteinsson, Asana #

Time: 3:00pm CET - 3:30pm CET

Speakers: James Elías Sigurðarson & Vignir Hafsteinsson, Asana

Venue: Hall 8 | Room F, Amsterdam, Netherlands

Type: SECURITY

Description: Security is often seen as a brake—a necessary friction that slows down development. But what if the platform itself could make you fast and secure? At Asana, we built our platform security model around one core principle: the fastest path for a developer must also be the most secure path. We achieved this by building invisible guardrails directly into the platform, automating security to the point where it gets out of the developer's way. We will share how we built security functionality into our platform using frameworks such as Crossplane and Cilium, enabling developers to seamlessly take responsibility for the security of their services. We'll show you how this developer-centric security model works in practice, and how this resulted in a high-trust environment where developers are empowered to move quickly, with confidence that the platform provides a secure foundation by default.

Jaeger V2: The Maintainers' Guide To OpenTelemetry-Native Tracing - Pavol Loffay, Red Hat #

Time: 3:00pm CET - 3:30pm CET

Speakers: Pavol Loffay, Red Hat

Venue: Amtrium 1+2, Amsterdam, Netherlands

Type: MAINTAINER TRACK

Description: Join the Jaeger maintainers to explore Jaeger v2, where OpenTelemetry is now fundamentally integrated into the project's core architecture. This session examines how OpenTelemetry has become the central framework driving capabilities to transform distributed tracing and observability. We will detail significant milestones from the past year including enhanced UI customization options, synced dark themes, and fuzzy search capabilities. On the backend, we expanded the storage ecosystem to include experimental ClickHouse support and compatibility for newer Elasticsearch and OpenSearch versions while maturing Service Performance Monitoring capabilities. Attendees will see the new Kubernetes demo environment in action to help visualize these changes. The presentation concludes with a critical look at the roadmap, including the deprecation of Jaeger v1 at the end of 2025, and opportunities for community involvement through LFX and Google Summer of Code programs.

OpenAPI Meets Kubernetes: Auto-Generating CRDs and Operators the Smart Way - Sergiusz Urbaniak & Jose Vázquez González, MongoDB #

Time: 3:00pm CET - 3:30pm CET

Speakers: Sergiusz Urbaniak & Jose Vázquez González, MongoDB

Venue: Hall 8 | Room D, Amsterdam, Netherlands

Type: PLATFORM ENGINEERING

Description: Today, Kubernetes is being not only used any more as a means to launch container workloads but more and more importantly as a means to expose APIs to developers using Internal Developer Platforms. Developing operators to expose those APIs though is still cumbersome and error prone, especially if backing services expose functionality via OpenAPI or other structured non-Kubernetes APIs. This talk deep dives on a complete auto-generation pipeline called "crd2go" that converts OpenAPI non-Kubernetes backed services to generate operators that reconcile CRD backed Kubernetes APIs against OpenAPI services. It details all aspects of converting OpenAPI endpoints to CRDs, generating Go code from generated CRDs, and proposes a universal state machine logic that streamlines the behavior of controllers.

Operationalizing AI Workloads on Kubernetes With OpenKruise - Zhang Zhen, Alibaba Cloud & Vec Sun, Xiaohongshu(RedNote)#

Time: 3:00pm CET - 3:30pm CET

Speakers: Zhang Zhen, Alibaba Cloud & Vec Sun, Xiaohongshu(RedNote)

Venue: E103-105, Amsterdam, Netherlands

Type: MAINTAINER TRACK

Description: AI workloads on Kubernetes face unique operational challenges: container images packed with large models and libraries require pre-warming for fast startup, and distributed training jobs often run as PodGroups that must be scheduled and disrupted together. However, native Kubernetes lacks group-aware disruption handling—PodDisruptionBudget treats pods individually, risking partial job failures during node maintenance or hardware issues.

In this talk, we showcase OpenKruise’s solutions: (1) cron-based image pre-warming to proactively cache AI images on target nodes; (2) an advanced disruption policy that enforces availability constraints at the PodGroup level; and (3) upcoming enhancements to ContainerRestartRequest to support planned, in-place restarts of entire PodGroups—rebuilding only necessary pods while restarting others inplace. These features enable reliable, efficient AI workload operations on Kubernetes at scale.

Peeking Into the GPU Black Box: Continuous Profiling on Kubernetes With eBPF - Zahari Dichev, Buoyant #

Time: 3:00pm CET - 3:30pm CET

Speakers: Zahari Dichev, Buoyant

Venue: Auditorium, Amsterdam, Netherlands

Type: AI + ML

Description: Gaining insight into how GPUs are used inside a Kubernetes cluster is a daunting challenge. Most existing tools weren’t built with containerized workloads in mind, leaving GPU activity opaque and hard to monitor. As AI and ML workloads increasingly run on Kubernetes, we need ways to introspect GPU usage at scale and understand how our services interact with these critical devices. In this session, we’ll show an end-to-end approach to GPU observability with eBPF. You’ll learn how to continuously profile workloads and their interactions with GPU devices—tracing kernel launches, catching CUDA memory leaks, identifying faulty hardware, and visualizing workload activity across pods and nodes. By bridging Kubernetes, GPUs, and eBPF, this solution transforms the GPU from a mysterious black box into a transparent, observable part of your cloud-native stack. If you’re ready to move beyond guesswork and gain actionable visibility into GPU workloads on Kubernetes, this talk is for you.

Pull Request Wars: The Flux Awakens - Ephemeral Kubernetes Environments Strike Back - Matteo Bianchi, GitHub & Stefan Prodan, ControlPlane #

Time: 3:00pm CET - 3:30pm CET

Speakers: Ephemeral Kubernetes Environments Strike Back - Matteo Bianchi, GitHub & Stefan Prodan, ControlPlane

Venue: Hall 8 | Room G, Amsterdam, Netherlands

Type: PLATFORM ENGINEERING

Description: Platform Engineering is about delivering a safe, standardized golden path that accelerates value delivery without sacrificing control. We will show how Flux Operator ResourceSets turn GitHub PR into on-demand, ephemeral Kubernetes environments that platform teams can ship as a service. We’ll design PR-driven previews, where the platform owns templates, policies, and guardrails, while app teams self-serve by opening a simple PR. Using the Flux Operator - PR integration, we’ll filter which PRs qualify, templatize resources with PR metadata, and manage the full lifecycle: create on open, reconcile on push, and uninstall on close or merge events. We’ll also dig into multi-tenancy boundaries and show how the Flux MCP Server can help debug deployments and propose fixes. The result is a declarative, low-toil configuration that can replace your bespoke pipelines, tightens governance, cuts review cycle time, and brings production-like validation into every GitHub PR, all powered by Flux CD.

The Next Chapter of Developer Experience: TAG DevEx in Action - Julien Semaan, Kubex; Graziano Casto, Akamas; Mona Borham, swengin.io; Kevin Dubois, IBM; Daniel Oh, IBM #

Time: 3:00pm CET - 3:30pm CET

Speakers: Julien Semaan, Kubex; Graziano Casto, Akamas; Mona Borham, swengin.io; Kevin Dubois, IBM; Daniel Oh, IBM

Venue: E106-108, Amsterdam, Netherlands

Type: MAINTAINER TRACK

Description: As CNCF efforts evolve beyond infrastructure, improving the developer experience has become a central focus. The rebooted CNCF Technical Advisory Groups introduced TAG Developer Experience (TAG DevEx) to drive concrete, impactful outcomes across projects and their communities.

This panel will showcase how TAG DevEx reduces friction in developer workflows, advances best practices, and delivers resources that benefit contributors and end users alike. We’ll highlight key initiatives and how TAG DevEx helps maintainers adopt a developer-first mindset. We’ll also discuss our ongoing efforts, including research around success stories and pain points from adopting secure coding practices, the emerging role of agentic AI in development, and a working group defining a specification for declaring application integration dependencies.

Join us to learn how TAG DevEx is shaping the next generation of cloud native developer experience—and how you can get involved.

The Road To Strimzi 1.0 - Jakub Scholz, Cloudera & Paolo Patierno, IBM #

Time: 3:00pm CET - 3:30pm CET

Speakers: Jakub Scholz, Cloudera & Paolo Patierno, IBM

Venue: G102-103, Amsterdam, Netherlands

Type: MAINTAINER TRACK

Description: Some projects reach their 1.0 release in a few months. Others need a year or two. And in Strimzi, we needed 8 years. Join us for this talk to celebrate Strimzi 1.0. You will learn what new features this milestone Strimzi release brings, what you need to know before upgrading to it, and what the future of Strimzi looks like beyond 1.0. But we will also look back and do a retrospective of why it took us so long to get the 1.0 release out, and what mistakes we made along the way. So even if you are not a Strimzi user, you might take away some lessons learned from our road to Strimzi 1.0.

Cloud Native Theater | Data on Kubernetes Day: From PVC to Mount Point: Dissecting a Custom CSI Plugin to Master Dynamic Volume Provisioning on Kubernetes - Vivek Singh, MongoDB #

Time: 3:10pm CET - 3:35pm CET

Speakers: Vivek Singh, MongoDB

Venue: Hall 1-5 | Tram Zone | Cloud Native Theater, Amsterdam, Netherlands

Type: SOLUTIONS SHOWCASE

Description: Dynamic Volume Provisioning in Kubernetes often feels like "magic", you create a PVC, and storage appears that can later be consumed by your workload. But when you are running critical stateful workloads in production, reliance on magic is a risk. To truly trust your storage layer and have confidence in running stateful workloads, you need to look under the hood.

In this talk, we move beyond high-level architecture diagrams to dissect the implementation of a custom Container Storage Interface (CSI) plugin. By walking through the code logic of a real driver, we will demystify the rigorous contract between the Kubernetes Orchestrator and the storage backend.

We will mainly focus on the lifecycle of a request that provisions the volume. Which will include looking into and understanding what exactly happens when the PVC resource is created in the cluster, and how exactly that PVC creation request is forwarded and communicated to the storage provider. And eventually we will see how the volume is mounted to the Kubernetes node, which can later be used by your workloads.

Attendees will leave with a clear understanding of how sidecars, drivers, and the kubelet collaborate to provision the volume, giving them the confidence to debug storage failures and run stateful workloads on Kubernetes with confidence.

Coffee Break ☕#

Time: 3:30pm CET - 4:00pm CET

Venue: Hall 1-5 | Solutions Showcase, Amsterdam, Netherlands

Type: BREAKS

Time: 3:30pm CET - 4:00pm CET

Venue: Hall 1-5 | Solutions Showcase, Amsterdam, Netherlands

Type: SOLUTIONS SHOWCASE

Description: Sponsor: IBM Kubecost Demo: Kubernetes Resource Quota Rightsizing Booth Number: 961 Sponsor: Tailscale Demo: Tailscale Demo: Secure Multi-Cloud Connectivity for Kubernetes and AI Workloads Booth Number: 470 In order to facilitate networking and business relationships at the event, you may choose to visit a third party’s booth or access sponsored content. You are never required to visit third party booths or to access sponsored content. When visiting a booth or participating in sponsored activities, the third party will receive some of your registration data. This data includes your first name, last name, title, company, address, email, standard demographics questions (i.e. job function, industry), and details about the sponsored content or resources you interacted with. If you choose to interact with a booth or access sponsored content, you are explicitly consenting to receipt and use of such data by the third-party recipients, which will be subject to their own privacy policies.

Learning Lounge: The CKA Exam Has Evolved - Are You Ready? -Chad M. Crowell, Akamai #

Time: 3:30pm CET - 3:45pm CET

Speakers: Are You Ready? -Chad M. Crowell, Akamai

Venue: Hall 1-5 | Bridge Zone | Learning Lounge, Amsterdam, Netherlands

Type: SOLUTIONS SHOWCASE

Description: 10-Minute Tip Talk

Cloud Native Theater | Data on Kubernetes Day: From Billions of Rows to Sub-Second Queries for K8s Stacks - Victoriya Kalmanovich, Sr. Engineering Leader and Shahar Azulay, groundcover #

Time: 3:40pm CET - 4:05pm CET

Speakers: Victoriya Kalmanovich, Sr. Engineering Leader and Shahar Azulay, groundcover

Venue: Hall 1-5 | Tram Zone | Cloud Native Theater, Amsterdam, Netherlands

Type: SOLUTIONS SHOWCASE

Description: Kubernetes makes it easy to spin up workloads, but at scale, it also generates a tidal wave of metrics, logs, and traces that can cripple storage & query engines not built for the load. Luckily there is a battle-tested CNCF-driven observability/data stack, built to handle this flood without sacrificing speed or resilience.We’ll demo how ClickHouse powers the analytics layer, ingesting hundreds of billions of rows per day while serving sub-second queries. VictoriaMetrics handles time-series data with PromQL compatibility, a K8s operator for deployment, and simple horizontal & vertical scaling across zones and regions. Running both on K8s unlocks powerful advantages: Helm for consistent packaging & upgrades, Flux to automate cluster-wide changes, and native integrations with object storage & retention policies to reduce costs while improving durability.Come away with a practical understanding of how to build data-driven o11y on K8s that doesn’t collapse under real-world workloads.

Neurodiversity at Work: Practical Tools, Open Source Paths, and Inclusive Community Building #

Time: 3:45pm CET - 4:45pm CET

Venue: G104 - 105 | Community Hub, Amsterdam, Netherlands

Type: INCLUSION + ACCESSIBILITY

Description: Neurodiversity is part of every tech community yet it’s often invisible, misunderstood, or quietly navigated alone. From hiring processes and workplace dynamics to open source contribution and networking at conferences, neurodivergent people frequently face barriers that are structural rather than personal.

This interactive Community Hub session creates a safe, practical space to explore what neurodiversity means in tech today, how it shows up in our communities, and how both individuals and organizations can do better, starting immediately.

This session is built around short discussions, hands-on exercises, and shared reflection. Attendees will explore real-world scenarios, discover neurodiversity-friendly tools and practices, and leave with concrete techniques they can apply in workplaces, open source projects, and community events.

https://community.cncf.io/neurodiversity/

AI-Powered Cloud Native Modernization: From Real Challenges to Concrete Solutions - Savitha Raghunathan, Red Hat; Daniel Oh, IBM; Kenneth Kilty, Microsoft; Duncan Doyle, Solo.io #

Time: 4:00pm CET - 4:30pm CET

Speakers: Savitha Raghunathan, Red Hat; Daniel Oh, IBM; Kenneth Kilty, Microsoft; Duncan Doyle, Solo.io

Venue: Hall 8 | Room E, Amsterdam, Netherlands

Type: APPLICATION DEVELOPMENT

Description: Modernizing legacy applications for the cloud native world is full of challenges, from technical to strategic. This panel doesn't just list the problems such as technical debt, migration risk, skill gaps, cost constraints, and infrastructure misalignment; we jump straight to the solutions. Panelists will share practical strategies for phased migration, emphasizing how these efforts pave the way for Kubernetes adoption. Our discussion will focus on critical questions like:

How do you assess whether AI-enabled tools are right for preparing workloads for K8s vs manual refactoring?
When leveraging AI for refactoring, what validation or human oversight processes are needed?

*How do we design a Cloud Native AI reference architecture that runs modernized apps and AI workloads on Kubernetes, and accelerates innovation and time-to-market for new AI capabilities?
Attendees will leave with a practical roadmap to adopt AI modernization tools that balance innovation with safety and oversight.

Detect, Decide, Defend: Building Cloud Native Security That Fights Back - Matthias Bertschy, ARMO #

Time: 4:00pm CET - 4:30pm CET

Speakers: Matthias Bertschy, ARMO

Venue: Hall 7 | Room C, Amsterdam, Netherlands

Type: SECURITY

Description: Let’s face it: most Kubernetes security tools surface alerts- but don’t help teams act. Incidents trigger noisy dashboards and virtual war rooms, with engineers stitching logs and manifests, unsure what’s safe to fix. Cloud Application Detection and Response (CADR) introduces a new approach: combining real-time detection with automated remediation to create a full lifecycle for runtime security. By correlating posture, configuration, and runtime behavior, CADR delivers high-confidence alerts with actionable context. RemOps then translates those signals into safe, automated responses using Kubernetes-native APIs and declared manifests. In this session, you’ll learn how CADR detects threats by analyzing manifests, metrics, and network policies, and how RemOps closes the loop, without manual toil. Real-world demos will show how to auto-rollback config drift, mitigate privilege escalation, and reconcile live and desired state using fully native Kubernetes constructs.

From Classroom To Container: Teaching Distributed Systems With CNCF & Cloud Native Technologies - Matthias Haeussler, CGI #

Time: 4:00pm CET - 4:30pm CET

Speakers: Matthias Haeussler, CGI

Venue: Hall 7 | Room B, Amsterdam, Netherlands

Type: CLOUD NATIVE EXPERIENCE

Description: Teaching distributed systems today means more than explaining replication and consistency—it’s about connecting theory with the CNCF ecosystem that powers modern infrastructure. Over nearly a decade, I’ve evolved a uni lecture that introduces students to distributed system fundamentals and extends into practical cloud-native development using Container, Kubernetes, and CNCF tools like Envoy, OpenTelemetry, and Cilium.

In this session, I’ll share lessons learned from continuously modernizing this course: how to translate concepts like CAP theorem, the 12-factor app, and RESTful architecture into hands-on labs using real-world tooling. We’ll discuss teaching strategies for helping novices grasp complex topics like orchestration, service discovery, and declarative infrastructure—without overwhelming them.

Attendees will take away a roadmap for integrating open-source CNCF technologies into learning environments, empowering the next generation of developers to build and deploy.

GenAI Observability: Keeping GenAI Honest Without Oversharing - Liudmila Molkova, Grafana Labs #

Time: 4:00pm CET - 4:30pm CET

Speakers: Liudmila Molkova, Grafana Labs

Venue: Hall 12, Amsterdam, Netherlands

Type: OBSERVABILITY

Description: Generative AI is non-deterministic, and as an industry we are still learning how to use it. This makes observability especially important for AI applications. Beyond typical performance and usage telemetry, AI systems require capturing conversation data to ensure responsible behavior and meaningful results. Conversation history, however, is verbose and often contains sensitive information, which introduces extra challenges and costs. In this session, we’ll show you how to instrument your AI applications with OpenTelemetry following the Generative AI Semantic Conventions. Through a live demo, we’ll demonstrate how to record conversation history alongside performance-related telemetry, and how to separate sensitive data for compliance and cost-saving purposes. We’ll also explore options for running evaluations and recording results based on telemetry data.

How to Build a European Cloud Orchestration Platform From Within an Enterprise - Maximilian Techritz & Johannes Ott, SAP SE #

Time: 4:00pm CET - 4:30pm CET

Speakers: Maximilian Techritz & Johannes Ott, SAP SE

Venue: Forum, Amsterdam, Netherlands

Type: PLATFORM ENGINEERING

Description: As an enterprise Kubernetes user, we learned the hard way how complex adoption can be. We started as a small group of engineers, aiming to provide a robust cloud orchestration platform for our enterprise. Today, our open source platform powers thousands of control planes. The most relevant key to our success has been our focus on people and culture.

To excite developers, system admins, management, and many other roles within our enterprise, we foster contributions from different engineering units, by conducting internal TechTalks or holding workshops on creating Crossplane providers. This talk explores our technical, in particular our non-technical challenges to drive adoption of our Kubernetes-like service within an enterprise.

We will share strategies for engaging engineers and management through relatable user stories and workshops, demonstrating the platform's value in solving real-world problems. Attendees will learn how to create an engaged community in their own organizations.

Kubernetes Data Protection WG Intro & Deep Dive - Dave Smith-Uchida, Veeam #

Time: 4:00pm CET - 4:30pm CET

Speakers: Dave Smith-Uchida, Veeam

Venue: Amtrium 1+2, Amsterdam, Netherlands

Type: MAINTAINER TRACK

Description: Data Protection WG is dedicated to promoting data protection support in Kubernetes. The Working Group is working on identifying missing functionalities and collaborating across multiple SIGs to design features to enable data protection in Kubernetes. In this session, we will discuss what is the current state of data protection in Kubernetes and where it is heading in the future. We will also talk about how interested parties (including storage and backup vendors, cloud providers, application developers, and end users, etc.) can join this WG and contribute to this effort. Details of the WG can be found here: https://github.com/kubernetes/community/tree/master/wg-data-protection.

Kubernetes Security at Shopify Scale: Automating Security Across an Infrastructure Monorepo - Jie Wu & Pulkit Garg, Shopify #

Time: 4:00pm CET - 4:30pm CET

Speakers: Jie Wu & Pulkit Garg, Shopify

Venue: Hall 8 | Room F, Amsterdam, Netherlands

Type: SECURITY

Description: Security isn’t just a checkbox — it’s what enables teams to move fast with confidence. Managing Kubernetes security across thousands of services and deployments is like herding cats — except the cats can accidentally expose your entire infrastructure. This talk shares Shopify’s real-world journey of securing its infrastructure monorepo, where a single misconfiguration could impact millions of merchants worldwide. We’ll walk through how Shopify combined Semgrep for static code analysis and Open Policy Agent (OPA) for dynamic policy enforcement to detect and prevent risky configurations before they reach production. Along the way, we’ll share the wins, rough patches, and lessons that helped us integrate these tools at scale with less friction. Attendees will learn how to use open-source tools to automate security checks, enforce policy, and enable their teams to ship fast and securely.

Kubernetes-Native ≠ Cloud Native: Avoiding Architecture Theater - Prerit Munjal, Groupon #

Time: 4:00pm CET - 4:30pm CET

Speakers: Prerit Munjal, Groupon

Venue: Hall 7 | Room A, Amsterdam, Netherlands

Type: CLOUD NATIVE NOVICE

Description: Just because something runs on Kubernetes doesn’t mean it’s “cloud-native.” In this session, we’ll break down the gap between Kubernetes-native deployment and actual cloud-native design with examples from teams (including mine) that got it wrong before getting it right. We’ll cover how blindly adopting controllers, CRDs, and operators can lead to complex systems with no clear ownership or value. Throughout the talk we will see various examples of systems and evaluate: • Where we used Kubernetes just because it was cool, and regretted it. • What “cloud-native” actually looks like when it comes to observability, service contracts, and failure recovery. • How we re-architected one app to remove unnecessary “K8s theater” and simplify its lifecycle. Whether you're deploying apps, managing clusters, or designing internal platforms, this talk will help you prioritize outcomes over orchestration buzzwords.

One Controller to Rule Them All - Taming Multiple Orchestrators at Uber Scale - Srikar Paruchuru & Egor Grishechko, Uber #

Time: 4:00pm CET - 4:30pm CET

Speakers: Taming Multiple Orchestrators at Uber Scale - Srikar Paruchuru & Egor Grishechko, Uber

Venue: Hall 8 | Room D, Amsterdam, Netherlands

Type: PLATFORM ENGINEERING

Description: Uber’s Compute platform powers 1M+ diverse workloads deployed onto 200 Kubernetes clusters spread across two regions. Every day, 3k+ Service owners are empowered by the “Up” orchestration to deploy workloads at desired scale. As the Compute ecosystem began to mature, the Up orchestration needed to co-exist within a microcosm of other orchestrations designed to achieve auto-scaling, regional failovers etc.

When orchestrators dictate different target scales for a single workload, which one gets to win?
Behold the Service Scale abstraction! with its own CRD and a controller with a single purpose, to serve as the defining authority of the target scale, agnostic to orchestrators.

We will discuss our controller design contrasting it with alternatives like the scale sub-resource, and demonstrate how it optimises regional failovers at Uber, saving us ~70M$ so far. We shall conclude with the 1 year+ controller migration challenges (controller races, event overload) and our learnings.

Optimizing LLM Inference for the Rest of Us - Abdel Sghiouar, Google #

Time: 4:00pm CET - 4:30pm CET

Speakers: Abdel Sghiouar, Google

Venue: F002-005, Amsterdam, Netherlands

Type: AI + ML

Description: Not every organization operates with the hyperscale resources of Anthropic, Google, or OpenAI. For the majority of businesses integrating Large Language Models (LLMs) into their critical paths, the high costs and scarcity of GPU/TPU accelerators present a significant challenge. Striking the balance between performance, availability, scalability, and cost-efficiency is a must.

While Kubernetes is a ubiquitous runtime for modern workloads, deploying LLM inference effectively demands a specialized approach. This session dives deep into practical strategies for optimizing your Kubernetes clusters and LLM Inference workloads to run efficiently and cost effectively. We will explore:

Container and Model Optimization
Accelerator Management
Data & Storage
Network & Load Balancing
Observability

Attendees will leave with practical techniques for maximizing cost/performance for LLM inference for their AI-powered applications on Kubernetes.

Rook: Intro and Deep Dive With Ceph Storage - Artem Torubarov & Deepika Upadhyay, Clyso; Niels de Vos, Red Hat #

Time: 4:00pm CET - 4:30pm CET

Speakers: Artem Torubarov & Deepika Upadhyay, Clyso; Niels de Vos, Red Hat

Venue: E103-105, Amsterdam, Netherlands

Type: MAINTAINER TRACK

Description: The Rook project will be introduced to attendees of all levels and experience. Rook is an open source cloud-native storage operator for Kubernetes, providing the platform, framework, and support for Ceph to natively integrate with Kubernetes. The panel will discuss various scenarios to show how Rook configures Ceph to provide stable block, shared file system, and object storage for your production data. Rook was accepted as a graduated project by the Cloud Native Computing Foundation in October 2020.

SIG-Multicluster Intro and Deep Dive - Stephen Kitt, Red Hat; Jeremy Olmsted-Thompson & Laura Lorenz, Google #

Time: 4:00pm CET - 4:30pm CET

Speakers: Stephen Kitt, Red Hat; Jeremy Olmsted-Thompson & Laura Lorenz, Google

Venue: E106-108, Amsterdam, Netherlands

Type: MAINTAINER TRACK

Description: SIG-Multicluster is focused on solving common challenges related to the management of many Kubernetes clusters, and applications deployed across many clusters, or even across cloud providers.

In this session, we'll give attendees an overview of the current status of the multi-cluster problem space in Kubernetes and of the SIG. We’ll discuss current thinking around best practices for multi-cluster deployments and what it means to be part of a ClusterSet. Then we’ll highlight current SIG projects, focused use cases, and ideas for what’s next.

Most importantly, we’ll provide information on how you can get involved either as a contributor or as a user who wants to provide feedback about the SIG's current efforts and future direction. Bring your questions, problems, and ideas - help us expand the multi-cluster Kubernetes landscape!

Saxo Service Blueprint: Bridging Legacy and Modern World With Kubernetes Operators - Jinhong Brejnholt, Saxo Bank #

Time: 4:00pm CET - 4:30pm CET

Speakers: Jinhong Brejnholt, Saxo Bank

Venue: Hall 8 | Room G, Amsterdam, Netherlands

Type: PLATFORM ENGINEERING

Description: Managing dependencies for traditional applications - those running on heavy VMs outside Kubernetes - is a major pain point in large enterprises. Tasks like provisioning DNS records, certificates, load balancing, and access controls often require multiple tickets across infrastructure teams, leading to delays and inefficiencies. At Saxo Bank, we’ve addressed this challenge with Saxo Service Blueprint, a Kubernetes operator-powered platform that extends the benefits of GitOps and automation to both traditional and cloud-native applications.

Over the past two years, we’ve built number of automations that have saved thousands of developer hours, while also strengthen disaster recovery capability for apps running both within and outside Kubernetes.

Join me to learn how we transform dependency management, bring the power of Kubernetes operators and GitOps to traditional applications, simplify operations, reducing toil, and accelerate delivery in complex enterprise environments.

Steering the Ship: Ask the Kubernetes Steering Committee - Kat Cosgrove, Minimus; Maciej Szulik, Defense Unicorns; Antonio Ojea, Google #

Time: 4:00pm CET - 4:30pm CET

Speakers: Kat Cosgrove, Minimus; Maciej Szulik, Defense Unicorns; Antonio Ojea, Google

Venue: G102-103, Amsterdam, Netherlands

Type: MAINTAINER TRACK

Description: Kubernetes is the second largest open source project in the world, and its future is driven by an elected committee of seven people serving two-year terms. Especially in a project of our size, it’s important to work publicly and in the open, so join us for an open-format interactive session with representatives of the Kubernetes Steering Committee. Bring your questions about project governance, the future of Kubernetes, how you can get involved (or more involved!), or anything else you can think of that we might be able to help you with. A form will be provided to ask questions anonymously.

The Hyperscale Uncertainty Principle: Debugging Tail Latency in a Trillion-Object System - Yashraj Kakkad, Google #

Time: 4:00pm CET - 4:30pm CET

Speakers: Yashraj Kakkad, Google

Venue: Elicium 2, Amsterdam, Netherlands

Type: OPERATIONS + PERFORMANCE

Description: At Google Photos, we designed our integrity pipeline by the book. We partitioned a trillion-object workload into perfectly balanced shards to minimize variance. Yet, at exabyte scale, this system, critical for global data integrity, began exhibiting tail latency behaviors that challenged our strictest reliability targets.

This talk is a deep dive into the hunt for a ghost in the machine. We’ll show how we ruled out the obvious culprit (data skew) to find the true bottleneck: the non-linear impact of P99 latency, where a fraction of slow requests can disproportionately govern system throughput.

You will get a front-row seat to the engineering analysis of three competing solutions: the standard fix (traffic shaping), the high-cost trade-off (request hedging), and the novel architectural pattern we call the "Partition Alignment Principle." This is a dispatch from the bleeding edge of hyperscale SRE, revealing why average performance is a vanity metric, and why predictability is the ultimate engineering constraint.

📚 Tutorial: Full-Stack Observability on a Budget: A Guide to Strategic Sampling and Data Optimization - Pavol Loffay, Red Hat #

Time: 4:00pm CET - 5:15pm CET

Speakers: Pavol Loffay, Red Hat

Venue: Elicium 1, Amsterdam, Netherlands

Type: 📚 TUTORIALS

Description: Observability costs can quickly spiral out of control. This tutorial provides a holistic framework for managing these costs without sacrificing insight. We will systematically compare head-based, probabilistic, and tail-based sampling, explaining their trade-offs in cost, computational overhead, and data fidelity. We'll directly address the hidden costs of tail sampling—which can increase compute load—and clarify when to use it. Beyond sampling, you'll learn to profile telemetry to eliminate waste (duplicates, debug logs) and use smart routing to send data to cheaper backends. You will leave equipped to design a cost-effective observability strategy in Kubernetes using OpenTelemetry, choose the right sampling method for your workload, and gain clear visibility into your spending.

🚨 Contribfest: Kyverno Contribfest: Building the Future Together - Jim Bugwadia, Shuting Zhao, Ammar Yasser & Charles-Edouard Brétéché, Nirmata #

Time: 4:00pm CET - 5:15pm CET

Speakers: Jim Bugwadia, Shuting Zhao, Ammar Yasser & Charles-Edouard Brétéché, Nirmata

Venue: G106, Amsterdam, Netherlands

Type: 🚨 CONTRIBFEST

Description: This is a hands-on workshop to guide you through making your first contribution to Kyverno, the CNCF policy engine for Kubernetes. Join Kyverno maintainers and contributors to dive into the project's architecture, set up your development environment, and submit your first pull request—all within this session.

This workshop is designed for everyone. We will have dedicated tracks for both developers and non-developers, ensuring anyone passionate about cloud native governance can participate. Whether you want to write Go code, create new sample policies, or enhance our documentation, we'll provide direct mentorship to help you get started.

You will leave this session not just with knowledge of Kyverno's internals, but with a tangible contribution made to a leading CNCF project.

🚨 Contribfest: Prometheus New Contributor Introduction - Bryan Boreham, Grafana Labs; Saswata Mukherjee, Red Hat; Arianna Vespri, OllyGarden; Ben Kochie, Reddit #

Time: 4:00pm CET - 5:15pm CET

Speakers: Bryan Boreham, Grafana Labs; Saswata Mukherjee, Red Hat; Arianna Vespri, OllyGarden; Ben Kochie, Reddit

Venue: G107, Amsterdam, Netherlands

Type: 🚨 CONTRIBFEST

Description: Prometheus is an extremely popular Open Source monitoring system, with over a million installations. The project relies entirely on volunteer contributions, with no commercial owner or enterprise version.
If you have recently made your first PR to Prometheus, or you would like to know more about the process, come along! We will walk through one contribution, then open the floor for your questions.
Suited to people who know how Go or React, or are interested in other project aspects such as documentation.

Cloud Native Theater | Data on Kubernetes Day: From VMs to Kubernetes in a Large Global Bank: A DBA's Journey - Gabriele Bartolini, EDB and Laurent Parodi, HSBC #

Time: 4:10pm CET - 4:35pm CET

Speakers: Gabriele Bartolini, EDB and Laurent Parodi, HSBC

Venue: Hall 1-5 | Tram Zone | Cloud Native Theater, Amsterdam, Netherlands

Type: SOLUTIONS SHOWCASE

Description: As a global bank modernised with Kubernetes, its DBAs faced a choice: legacy VMs, a restrictive DBaaS, or lead the charge to cloud-native. They chose to lead. This is the story of how the DBA team transformed its role, bypassing public DBaaS to build a secure and compliant PostgreSQL platform on Kubernetes. They partnered with the Platform Engineering team on a shared mission to co-design the bank’s internal DBaaS, leveraging decades of expertise.

Join us, a DBA from that team and a CloudNativePG maintainer, to learn the blueprint for this journey. We’ll cover the architecture required to meet strict financial regulations for high availability, security, and disaster recovery. Learn a proven pattern for modernising the DBA role and building a secure data platform that avoids vendor lock-in from day one.

Project Demo #

Time: 4:30pm CET - 4:55pm CET

Venue: Hall 1-5 | Gouda Zone | Project Pavilion, Amsterdam, Netherlands

Type: PROJECT OPPORTUNITIES

Cloud Native Theater | Data on Kubernetes Day: KubeVirt Benchmarking at Scale: A Vendor-Neutral, End-to-End Testing Framework for Cloud-Native Virtualization - Bhumitra Nagar and Dhruv Bhatnagar, Portworx by Pure Storage #

Time: 4:40pm CET - 5:05pm CET

Speakers: Bhumitra Nagar and Dhruv Bhatnagar, Portworx by Pure Storage

Venue: Hall 1-5 | Tram Zone | Cloud Native Theater, Amsterdam, Netherlands

Type: SOLUTIONS SHOWCASE

Description: In this talk, we introduce the first vendor-neutral, end-to-end benchmarking framework designed specifically for VMs. The KubeVirt Performance Benchmarking Suite, is an open-source toolkit that provides automated, reproducible, and fully customizable performance tests for VM creation, boot storms, live migration, storage behavior, capacity limits, and failure recovery. Built around a professional, kubectl-like CLI (virtbench), the suite enables operators, SREs, and platform architects to measure the performance characteristics of KubeVirt workloads across any Kubernetes distribution and any CSI storage backend.

Attendees will learn how the suite validates cluster readiness, provisions hundreds of VMs in parallel, simulates large-scale boot storms, live migrations, executes iterative cluster capacity tests, and measures recovery behavior under simulated node failures using the MedIK8s remediation stack. We’ll also demonstrate the built-in results dashboard that visualizes trends over time and provides actionable performance insights.

Whether you're evaluating KubeVirt as a stateful workload, getting ready to migrate VMs to KubeVirt infrastructure, tuning your storage backend, planning for node evacuation performance, or validating enterprise-grade recovery SLAs, this toolkit gives you a standardized way to do it at scale, with confidence, and without vendor bias.

Confidential Platforms for Regulated Industries - William Rizzo, Mirantis #

Time: 4:45pm CET - 5:15pm CET

Speakers: William Rizzo, Mirantis

Venue: Hall 8 | Room D, Amsterdam, Netherlands

Type: PLATFORM ENGINEERING

Description: Cloud native adoption in financial and other regulated sectors demands a balance between agility, compliance, and data confidentiality. This session presents a case study on building a Kubernetes-based confidential computing platform for a major financial organization. Using Cluster API (CAPI) management clusters, we provision bare-metal child clusters running Confidential Containers to deliver hardware-based isolation and attestation. A custom mutating admission webhook transparently injects confidential runtime classes and annotations, enabling developers to deploy workloads unchanged, while Kyverno enforces policy and compliance at scale. We’ll dive into the architecture, integration challenges, and lessons learned from operationalizing confidential workloads across multi-tenant, regulated environments.

Enriching Telemetry Signals Through Lookups in the OTel Collector - João Duarte, Elastic #

Time: 4:45pm CET - 5:15pm CET

Speakers: João Duarte, Elastic

Venue: Hall 12, Amsterdam, Netherlands

Type: OBSERVABILITY

Description: Have you ever needed to augment telemetry with metadata or reference data stored outside your Collector? Maybe your network nomenclature lives in a YAML file, or your security audit logs need to be cross-referenced with HTTP-based threat feeds? Perhaps you can't migrate your existing data pipelines to the OTel Collector because it’s missing this capability? Signal enrichment is often the final piece in making observability pipelines useful, connecting context about your infrastructure, applications, or security posture to raw data they produce. In this session, you’ll learn how to enrich your signals with external data using a new lookup processor. We’ll write configuration examples, explore the performance concerns of lookups and how to address them (spoiler: caching). We’ll also walk through the journey of implementing this lookup-based enrichment processor, what’s available today, what’s coming next, and how you can help make it better through extensions.

Explore TAG Workloads Foundation: Advancing Cloud Native Execution From Core Runtime To Applications - Stephen Rust, Akamai Cloud; Yuan Tang, Red Hat; Marlow Warnicke, NVIDIA; Kante Yin, HivergeAI #

Time: 4:45pm CET - 5:15pm CET

Speakers: Stephen Rust, Akamai Cloud; Yuan Tang, Red Hat; Marlow Warnicke, NVIDIA; Kante Yin, HivergeAI

Venue: F002-005, Amsterdam, Netherlands

Type: MAINTAINER TRACK

Description: The CNCF Technical Advisory Groups (TAGs) play a vital role in shaping the future of cloud native. Explore the TAG Workloads Foundation with us! This session will present the mission, scope, early initiatives, and subprojects of TAG Workloads Foundation, focused on defining and advancing practices and standards for cloud native workload execution environments and lifecycle management. Attendees will learn how this TAG supports the CNCF's technical vision, why workload execution is critical to adopters, and how community members can get involved to help solve real-world challenges across container platforms, schedulers, orchestration systems, and more. Join us to help shape the next phase of cloud native maturity—from fundamental runtime environments to future-forward workload patterns.

Exploring NRI for Automated CA Trust Injection - Tsuzuki Tsuchiya & Kento Kubo, LY Corporation #

Time: 4:45pm CET - 5:15pm CET

Speakers: Tsuzuki Tsuchiya & Kento Kubo, LY Corporation

Venue: Hall 7 | Room C, Amsterdam, Netherlands

Type: SECURITY

Description: Large organizations use private CAs, but public container images lack their certificates. Today, fixing this means operators must manually build new images, or use Init Containers. However, manually installing these CAs in thousands of containers is complex and unreliable. In addition, many OS and programming languages often installs certificates differently. We will demonstrate a novel approach using the Node Resource Interface (NRI) to automatically inject private CA certificates into every relevant container upon startup. This eliminates per-pod customization, enforces organization-wide trust policies, and streamlines operations for secure, large-scale Kubernetes deployments without modifying base images. Attendees will learn how NRI can solve real-world security and operations challenges and we'll explore the potential of NRI as the new extension point for automating tasks.

Inside Saxo Service Blueprint: Implementing Kubernetes Operators for Legacy Enterprise Infrastructure - Oskar Kristiansen, Saxo Bank #

Time: 4:45pm CET - 5:15pm CET

Speakers: Oskar Kristiansen, Saxo Bank

Venue: Hall 8 | Room G, Amsterdam, Netherlands

Type: PLATFORM ENGINEERING

Description: At Saxo Bank, we built Saxo Service Blueprint as a set of Kubernetes operators that manage critical infrastructure dependencies such as DNS, certificates, load balancers, and access controls for applications running on traditional virtual machines outside Kubernetes, and for provisioning dependencies for cloud-native workloads.

This session focuses on the technical implementation of the system. We will walk through how legacy infrastructure is modeled using Custom Resource Definitions, how reconciliation logic coordinates Kubernetes state with external systems, and how the operators handle idempotency, ordering, failure recovery, and partial state across multiple infrastructure domains. The talk covers key architectural decisions, controller patterns, and the use of Git as a strict source of truth for driving infrastructure changes.

Attendees will gain practical insight into designing and operating Kubernetes operators that interact with existing enterprise platforms, and into the challenges of running these controllers reliably at scale in complex environments.

Introduction To Tag Infrastructure - Kashif Khan, Ericsson & Dylan Page, Lambda.ai #

Time: 4:45pm CET - 5:15pm CET

Speakers: Kashif Khan, Ericsson & Dylan Page, Lambda.ai

Venue: Amtrium 1+2, Amsterdam, Netherlands

Type: MAINTAINER TRACK

Description: This presentation will introduce the recently rebooted CNCF TAG Infrastructure. We'll cover its operational structure and its collaborative efforts with CNCF projects in key areas such as data and storage, networking, DNS, compute, service mesh, infrastructure lifecycle, edge computing, sovereignty, and load balancing. We will also highlight our ongoing work in developing ecosystem guidance and whitepapers. Attendees will learn how to contribute to and participate in the CNCF Infrastructure community, and gain practical insights into leveraging cloud-native infrastructure in their own environments.

Keeping the Cloud Afloat with Deterministic Simulation Testing - Marcus Hodgson, Antithesis & Marek Siarkowicz, Google #

Time: 4:45pm CET - 5:15pm CET

Speakers: Marcus Hodgson, Antithesis & Marek Siarkowicz, Google

Venue: Elicium 2, Amsterdam, Netherlands

Type: DATA PROCESSING + STORAGE

Description: Validating a distributed system is hard (not just hard work, but NP-hard) and all Cloud Native is distributed. If you write Cloud Native software, you'll struggle to prevent subtle bugs.

etcd, a critical part of Cloud Native infrastructure, faced a crisis when consistency errors emerged in v3.5. This led a significant investment to develop the etcd robustness testing framework, aiming for correctness in all conditions. Yet, maintaining such a guarantee requires unsustainable effort and expertise.

This talk explains deterministic simulation testing, a technique for validating entire distributed systems. This approach provides deterministic execution and fault injection, perfectly reproducing elusive bugs. Through a CNCF-sponsored collaboration with Antithesis, etcd now leverages this technology to ensure its stability and trustworthiness.

Attendees will learn deterministic simulation testing basics and its role in making etcd, CNCF projects, and their software continuously robust.

Kubernetes SIG Storage: Intro & Deep Dive - Xing Yang, VMware by Broadcom & Jan Šafránek, Red Hat #

Time: 4:45pm CET - 5:15pm CET

Speakers: Xing Yang, VMware by Broadcom & Jan Šafránek, Red Hat

Venue: G102-103, Amsterdam, Netherlands

Type: MAINTAINER TRACK

Description: Kubernetes SIG Storage is responsible for ensuring that different types of file and block storage are available wherever a container is scheduled, storage capacity management (container ephemeral storage usage, volume resizing, etc.), influencing scheduling of containers based on storage (data gravity, availability, etc.), and generic operations on storage (snapshotting, etc.). SIG Storage also has a project that provides APIs for object storage support in Kubernetes. In this session, we will deep dive into some projects that SIG Storage is currently working on, provide an update on the current status, and discuss what might be coming in the future.

Kubernetes Third Party Audit Review - Iain Smart, AmberWolf; Amir Montazery, Open Source Technology Improvement Fund; Rey Lejano, Red Hat; Tabitha Sable, Datadog; Pietro Tirenna, Shielder #

Time: 4:45pm CET - 5:15pm CET

Speakers: Iain Smart, AmberWolf; Amir Montazery, Open Source Technology Improvement Fund; Rey Lejano, Red Hat; Tabitha Sable, Datadog; Pietro Tirenna, Shielder

Venue: Hall 8 | Room F, Amsterdam, Netherlands

Type: SECURITY

Description: Kubernetes recently underwent a third party audit, organised by SIG-Security-Audit in collaboration with OSTIF, and performed by Shielder. This session will discuss the audit process, from planning and logistics to delivery and the experience of an Open Source project working with a vendor. We’ll discuss some historical context around previous audits and ongoing security improvements which have been performed as a result before diving into the findings from the 2025 audit.

This 2025 audit marked a strategic evolution, moving beyond the core-focused audits of 2019 and 2022 to scrutinize the wider ecosystem of non-core components like Cluster API, Konnectivity, and Image Builder. We will explore impactful themes from the findings discovered, such as supply chain risks, insecure design patterns, and unsafe defaults, providing actionable lessons for developers and security practitioners in the cloud-native community.

Merge Forward: Branching Inclusion, Merging Belonging - Jay Jackson, CallRevu; Jay Tihema, Stand Tall; Bhavani Indukuri, DigitalOcean; Catherine Paganini, Buoyant; Michiel van Pouderoijen, Avisi Cloud #

Time: 4:45pm CET - 5:15pm CET

Speakers: Jay Jackson, CallRevu; Jay Tihema, Stand Tall; Bhavani Indukuri, DigitalOcean; Catherine Paganini, Buoyant; Michiel van Pouderoijen, Avisi Cloud

Venue: Hall 7 | Room B, Amsterdam, Netherlands

Type: CLOUD NATIVE EXPERIENCE

Description: In open source, we branch to innovate and merge to unify. The Merge Forward initiative embodies that ethos by uniting diverse underrepresented groups and allies to build an inclusive and equitable cloud native future.

This panel brings together voices from Merge Forward to share stories of systemic barriers, allyship in action, and how belonging -not just representation- fuels innovation. From accessibility to neurodiversity, gender equity to speech diversity, each perspective adds depth to our collective innovation. Attendees will gain insight into how lived experiences can shape stronger, empathetic teams, driving technical and community success.

Through candid conversation, panelists will explore how merging perspectives transforms inclusion from initiative into infrastructure, and how allies can help shift culture from checkbox compliance to meaningful integration.

Because innovation begins not in code, but in connection - and belonging is the most powerful commit we can make.

Ping SRE? I Am the SRE! Awesome Fun I Had Drawing a Zine for Troubleshooting Kubernetes Deployments - René Dudfield, Microsoft #

Time: 4:45pm CET - 5:15pm CET

Speakers: René Dudfield, Microsoft

Venue: Hall 7 | Room A, Amsterdam, Netherlands

Type: CLOUD NATIVE NOVICE

Description: People often slide into the kubernetes-sig/headlamp slack channel with issues. I try my best. Sometimes we solve it, sometimes not. Slightly different problems. Over time patterns started to emerge. So I grabbed my notebook and began doodling.

Soon, diagrams and scribbles filled the page. Lines, notes, crossed-out ideas, and plenty of question marks. How did I do that before? I dove into docs, searched issues, drew more. It was fun! Before I knew it, the page was packed.

A folded piece of paper slipped out of the notebook. From a zine making workshop I did a few months ago.
An A4 sheet folded in such a clever way that it could make a mini zine with 16 pages. I kept drawing.

Tada! A zine sat on my desk for the next time someone came in with a problem. My personal Trouble Shooting zine was born. Pen and paper ftw.

I wanna show you my zine, and maybe convince you that drawing little zines for trouble shooting things is fun, educational... and maybe useful too?

Rabobank’s Path to Secure, Fast Kubernetes Delivery - Beatrice Forslund & Koshin Verberne, Rabobank #

Time: 4:45pm CET - 5:15pm CET

Speakers: Beatrice Forslund & Koshin Verberne, Rabobank

Venue: Forum, Amsterdam, Netherlands

Type: PLATFORM ENGINEERING

Description: At Rabobank, we run Kubernetes across three major platforms: OpenShift, AKS, and EKS. Each platform with its own history and challenges. This session will be about our journey of building a consistent Kubernetes experience for our development teams across these environments.

The talk explores our architectural evolution from Namespace-as-a-Service (NaaS) and ultimately to Cluster-as-a-Service (CaaS), highlighting the challenges and solutions.

Attendees will gain insight into our Rabobank’s GitOps-driven infrastructure provisioning model, built with tools like ArgoCD and Terraform and how it enables a secure, scalable, and automated Kubernetes platform. Special attention is given to some security requirements of running Kubernetes in a financial institution, including multi-tenancy, compliance, and internal delegation of infrastructure responsibilities.

Banks aren’t always boring, and our Kubernetes story proves it!

SIG Apps Updates: Building the Next Generation of Kubernetes Workloads Together - Maciej Szulik, Defense Unicorns & Janet Kuo, Google #

Time: 4:45pm CET - 5:15pm CET

Speakers: Maciej Szulik, Defense Unicorns & Janet Kuo, Google

Venue: E103-105, Amsterdam, Netherlands

Type: MAINTAINER TRACK

Description: Behind every workload (eg. Deployment) and batch (eg. Job) resource is a community of contributors working to solve complex orchestration challenges. In this session, the SIG Apps leads will showcase the accomplishments of the past year - focusing on how community feedback turned into concrete features. We will move beyond the changelog to discuss: 1. The "Why" behind the changes: The design decisions driving recent updates to Workload and Batch APIs. 2. Active KEPs: The specific, unfinished features where we need your user stories and input to cross the finish line. 4. Your Pathway In: How to start contributing to the most widely used APIs in the cloud-native ecosystem. We will reserve significant time for an open discussion and Q&A. If you have ever wanted to influence how Kubernetes runs applications, this is the room to be in.

The Symbiosis of Storage and Workloads: Longhorn for Hyperconverged Block Storage - Jinhong Kim & Jangseon Ryu, NAVER Corp #

Time: 4:45pm CET - 5:15pm CET

Speakers: Jinhong Kim & Jangseon Ryu, NAVER Corp

Venue: Hall 8 | Room E, Amsterdam, Netherlands

Type: DATA PROCESSING + STORAGE

Description: NAVER runs 1M+ Pods and 200K+ block PVs on Kubernetes backed by Ceph RBD. While Ceph excels at scalability, many workloads already perform application-layer replication, creating duplicate replication overhead and making fault isolation difficult.

To address these issues, NAVER adopted a hyperconverged approach to reduce duplicate replication and improve fault isolation. Longhorn emerged as a good fit, but surfaced new challenges: storage and pod schedulers act independently, and storage operations (e.g., rebuilds) can degrade workload performance.
With Longhorn maintainers, NAVER implemented coordinated scheduling to co-locate storage and workloads, and added resource-management controls that rate-limit rebuild bandwidth to protect service I/O.

This session shares NAVER's journey from Ceph to Longhorn, outlines the problems NAVER solved, and demonstrates when different storage characteristics best fit different use cases.

Unleashing Event Driven Capabilities With KEDA - Jorge Turrado, SCRM Lidl International Hub & Zbynek Roubalik, Kedify #

Time: 4:45pm CET - 5:15pm CET

Speakers: Jorge Turrado, SCRM Lidl International Hub & Zbynek Roubalik, Kedify

Venue: E106-108, Amsterdam, Netherlands

Type: MAINTAINER TRACK

Description: Kubernetes autoscaling (HPA) has served us well, but as workloads evolve, CPU and Memory metrics are no longer enough. Enter KEDA, the industry standard for application autoscaling based on actual event depth. In this session, we will move beyond the basics and explore the state-of-the-art of autoscaling. We will demonstrate how to transform modern applications into efficient, cost-effective, and resilient workloads. Attendees will deep dive into: - The Evolution of Scaling: From simple resource-based rules to advanced scaling and formulas - Complex Triggers: How to orchestrate autoscaling based on multiple external sources simultaneously - Security First: How to configure secure authentication - Autoscaling in Practice: Best practices for configuring KEDA, scaling real-time, large-scale production workloads, HTTP and more. Whether you are running batch jobs or high-traffic APIs, you will leave this talk with the patterns needed to optimize your cluster's efficiency

⚡ Lightning Talk: “Naming Things Is Hard”: A Guide to Naming Using Network Science - Nick Travaglini, Honeycomb.io #

Time: 4:45pm CET - 4:50pm CET

Speakers: Nick Travaglini, Honeycomb.io

Venue: Auditorium, Amsterdam, Netherlands

Type: ⚡ LIGHTNING TALKS

Description: Software is a socio-technical system. Nothing makes this more obvious than trying to name things.

Many organizations struggle with establishing conventions for custom OpenTelemetry instrumentation. Unified naming increases the value of all telemetry, but it's hard to achieve. The project has already published some guidance, and fortunately there is scientific research that can also help!

How should a group organize itself to get the best names? And what does “best” even mean here? In this talk, we’ll look at what network science has to say about the best way to establish telemetry naming conventions.

⚡ Lightning Talk: 10 Years of Building Platforms in the Public Sector - Hans Kristian Flaatten, Norwegian Government #

Time: 4:52pm CET - 4:57pm CET

Speakers: Hans Kristian Flaatten, Norwegian Government

Venue: Auditorium, Amsterdam, Netherlands

Type: ⚡ LIGHTNING TALKS

Description: 10 years ago Kubernetes had just shipped v1 and the two largest agencies in Norway had started planing their next generation application platform on top of this new project. By chance they met during KubeCon EU in Berlin 2017, and fueled with entusiasme form Brandon, Joe, Kelsey and others they decided to start a Public Sector Platform Engineering for all of Norway. 9 years later the network had grown from 2 engineers to 84 organizations and close to 3000 individual members covering all aspects of the public sector with multiple yearly meetups. In 2024 we published our first State of Platform Maturity in the Public Sector report detailing a strong adoption of containers and cloud, and many reaching level 2 maturity of their platforms according to the CNCF maturity scale but still had room to grow. In 2026 we are publishing our second report and this talk will focus on key findings compared to the last report and key trends we are seeing in the public sector platform engineering.

⚡ Lightning Talk: Avoiding CPU Throttling: How Go 1.25's Container-Aware Runtime Fixes GOMAXPROCS - Adarsh K Kumar, Rapido #

Time: 4:59pm CET - 5:04pm CET

Speakers: Adarsh K Kumar, Rapido

Venue: Auditorium, Amsterdam, Netherlands

Type: ⚡ LIGHTNING TALKS

Description: Did you know Go applications in Kubernetes silently suffer from unnecessary CPU throttling and poor performance due to misconfigured GOMAXPROCS? By default, the Go runtime ignores CPU limits set on the container and can spawn far more threads than available CPUs, leading to unpredictable latency. When hit with this problem, we over provision resources resulting in higher costs and unsustainable use of infrastructure that mask this problem. The issue is compounded as Kubernetes and Go adoption accelerate, most new adopters assume Go being the language Kubernetes is built in, would be container-aware by default. In the session we explore how CPU Limits work in Kubernetes, What is GOMAXPROCS and anoverview of Go Scheduler's G-M-P model. We then understand how Go 1.25 fixes this and the new GODEBUGs added if you want to switch back to previous behavior and for those who cannot immediately upgrade to 1.25 we discuss about Automaxprocs from Uber.

When Speaking Is Not Linear: What “Effective Communication” Really Means #

Time: 5:00pm CET - 5:30pm CET

Venue: G104 - 105 | Community Hub, Amsterdam, Netherlands

Type: INCLUSION + ACCESSIBILITY

Description: What we often call “effective communication” is quietly shaped by fluency norms, how fast, clear, or “polished” someone sounds. These expectations can unintentionally exclude people who stutter, use assistive speech tools, speak with disfluencies, or process language differently. This session uses speech differences as a starting point to question what we truly mean by effective speaking. Through guided discussion and reflective prompts, participants will explore how meaning, intention, and connection matter more than delivery style.

Attendees will leave with practical ways to create space for diverse speakers in meetings, conferences, and workplaces by slowing down, listening differently, and shifting from evaluating how someone speaks to understanding what they are saying. Rather than asking people to change their voices, this session asks: What if we changed how we listen?

⚡ Lightning Talk: Building the Cloud Native Ecosystem in Africa: Stories From the Field - Daniel Osarokutamwen, Rarefy Consulting & Ileriayo Adebiyi, Cloudnativeafrica.io #

Time: 5:06pm CET - 5:11pm CET

Speakers: Daniel Osarokutamwen, Rarefy Consulting & Ileriayo Adebiyi, Cloudnativeafrica.io

Venue: Auditorium, Amsterdam, Netherlands

Type: ⚡ LIGHTNING TALKS

Description: Africa's technology landscape is experiencing rapid transformation, with engineers implementing cloud native solutions to solve unique challenges. This talk showcases the emerging cloud native ecosystem in Africa through real stories from engineers building production systems in Africa. You'll hear how African engineers leverage Kubernetes & CNCF projects to overcome infrastructure constraints and scale applications serving millions. From fintech platforms processing mobile payments to healthtech systems reaching rural communities. Beyond individual stories, we'll explore the growing community ecosystem and how African engineers are both learning from and contributing to the global cloud native movement. This session offers perspectives often missing from community conversations and highlights opportunities for knowledge exchange, mentorship, and collaboration that benefit the entire ecosystem.

⚡ Lightning Talk: From Learner To Contributor: A LFX Mentee’s Kubernetes Story - Lavish Pal, Independent #

Time: 5:13pm CET - 5:18pm CET

Speakers: Lavish Pal, Independent

Venue: Auditorium, Amsterdam, Netherlands

Type: ⚡ LIGHTNING TALKS

Description: Contributing to open-source projects like Kubernetes can be a transformative experience, but how do you begin? In this session, Lavish Pal, a computer engineering student from India and an LFX mentee, will share his personal journey on from getting rejected 8 times in LFX Mentorship program to getting selected as mentee has eased his cloud-native debut. He will share his contributor experience to Second largest project in the world, Kubernetes. Lavish will discuss how the LFX mentorship program has equipped him with the skills to excel in open-source development and collaboration. Whether you’re a beginner looking to contribute or an experienced developer seeking to give back, this session will offer valuable tips, and a roadmap for making meaningful contributions to cloud-native projects.

⚡ Lightning Talk: Going Global: Lessons From Internationalizing OpenTelemetry Docs - Severin Neumann, Causely AI & Tiffany Hrabusa, Grafana Labs #

Time: 5:20pm CET - 5:25pm CET

Speakers: Severin Neumann, Causely AI & Tiffany Hrabusa, Grafana Labs

Venue: Auditorium, Amsterdam, Netherlands

Type: ⚡ LIGHTNING TALKS

Description: A year ago, the OpenTelemetry Project started to localize the website and documentation. We seeded four languages: Chinese, Japanese, Portuguese, and Spanish. We then expanded to include French, Bengali, Ukrainian, and Romanian.

Today we have 500+ localized files, 20+ contributors, and several first-time translators who have grown into docs contributors. In this talk, we’ll share our rollout plan, guardrails, what went sideways, and what actually stuck. We’ll cover how we managed community dynamics, and the tough parts we’re still wrestling with. We hope to give you a practical playbook with realistic expectations for what it really takes to internationalize your docs.

We think localization is a welcoming path into OSS because it lowers entry barriers for non-native English speakers and contributors can learn about the project while translating. Above all, localization is about building a community, and this talk is a big THANK YOU to everyone who helped to localize the OTel docs!

⚡ Lightning Talk: How To Responsibly and Effectively Contribute To Open Source Using AI - Tyler Helmuth, Honeycomb #

Time: 5:27pm CET - 5:32pm CET

Speakers: Tyler Helmuth, Honeycomb

Venue: Auditorium, Amsterdam, Netherlands

Type: ⚡ LIGHTNING TALKS

Description: With the influx of AI tooling, it’s never been easier to contribute to open source. Instead of reading line after line of code, AI tools provide instant summaries of repositories. They can fix bugs in programming languages you don’t know, help you interact with written languages you don’t understand, and ultimately enable more contributors to get involved. But just because AI tooling allows these opportunities does not mean that it always delivers. It is incredibly easy to create “slop” contributions. As a maintainer in OpenTelemetry, I’ve seen an influx of these slop contributions adding strain to the community. This strain slows the PR cycle, increasing the time it takes your contribution to be accepted. So the real question is: how can you use AI to effectively contribute? At this session we’ll explore how you can create PRs with AI based on the patterns and anti-patterns I’ve seen. You’ll learn how to create AI-driven PRs that maintainers can merge quickly and efficiently.

Agentic Networking: Securing AI Agents on Kubernetes - Haiyan Meng, Google & Evaline Ju, IBM #

Time: 5:30pm CET - 6:00pm CET

Speakers: Haiyan Meng, Google & Evaline Ju, IBM

Venue: Elicium 1, Amsterdam, Netherlands

Type: CONNECTIVITY

Description: AI agents function like next-generation microservices, but their autonomous behavior and unique communication patterns present challenges and new security needs for existing cloud-native infrastructure. Prompt injections can exfiltrate PII to third-party tools, and poisoned tool responses can manipulate agent decisions. Kubernetes was not originally designed for the intricate and often unpredictable traffic patterns of A2A, agent-to-tool, and agent-to-LLM communication. This session introduces "Agentic Networking" to adapt Kubernetes for this new reality. We will dive into the core challenges posed by AI-first protocols like MCP and A2A, which require a fundamental rethinking of traffic management, security, and governance. We will present our work extending the Kubernetes Gateway API to provide well-governed, auditable agentic traffic, with gateway-level guardrails to further secure agents running on Kubernetes. Join us to explore the future of Kubernetes networking in the age of AI.

BoF | Beyond Nginx Ingress: Higress as the K8s Gateway for the AI Era #

Time: 5:30pm CET - 6:00pm CET

Venue: F002-005, Amsterdam, Netherlands

Type: EXPERIENCES

Description: With the Nginx Ingress Controller officially retiring this March, the Kubernetes community faces a critical security vacuum where emerging vulnerabilities may no longer receive timely patches. Coupled with long-standing architectural bottlenecks, this end-of-life status creates an urgent need for a modern, supported successor. This session introduces Higress, a high-performance gateway built on the Envoy proxy, designed not just to replace Nginx, but to redefine the gateway's role in the AI stack. We will demonstrate a "zero-friction" migration path, leveraging Higress’s 90% compatibility with Nginx Ingress annotations, allowing platform engineers to upgrade their infrastructure without rewriting thousands of lines of YAML. We will dive into the "Wasm-first" extensibility architecture that eliminates the stability risks of Lua scripts, backed by a case study from Sealos Cloud showing how Higress reduced configuration latency from minutes to seconds for over 20,000 domains. Beyond that, we will explore why Higress is the "AI-Native" gateway of choice. Attendees will discover how to implement Token-based Rate Limiting to ensure fair usage of expensive GPU resources, and how to unify traffic management for diverse LLM providers (OpenAI, DeepSeek, Qwen) with automatic failover. We will also unveil the new Model Context Protocol (MCP) support, enabling the gateway to act as a bridge connecting legacy APIs directly to the burgeoning AI Agent ecosystem. Higress is extensive used by companies like Alibaba, Ant Group, Ctrip, DJI, Kuaishou, Paypal and many more. It is on the way joining CNCF sandbox. Join us to learn how to future-proof your Kubernetes networking for the next decade.

Building a Kubernetes Platform That Scales From SaaS To Self-Managed - Florian Forster, GitLab #

Time: 5:30pm CET - 6:00pm CET

Speakers: Florian Forster, GitLab

Venue: Hall 8 | Room D, Amsterdam, Netherlands

Type: PLATFORM ENGINEERING

Description: GitLab faces a unique platform engineering challenge: building an internal platform that serves both gitlab.com (with millions of users worldwide) and thousands of self-managed installations ranging from small teams to large enterprises. This talk shares the journey of building "Runway," GitLab's internal platform, and the architectural decisions required to support this dual deployment model. We'll explore our initial iteration using Cloud Run and why it failed to meet our diverse requirements. Learn how we pivoted to Kubernetes as our foundation, treating it as the common denominator that bridges the gap between cloud-native SaaS operations and simplified self-managed deployments.

DNS Tracing & Metrics Via eBPF in OpenTelemetry - Endre Sara, Causely & Nikola Grcevski, Grafana Labs #

Time: 5:30pm CET - 6:00pm CET

Speakers: Endre Sara, Causely & Nikola Grcevski, Grafana Labs

Venue: Hall 12, Amsterdam, Netherlands

Type: OBSERVABILITY

Description: Modern cloud native applications rely heavily on DNS resolution under the hood—service discovery, external API calls, internal dependencies. Yet, DNS performance issues (latency, timeouts, misconfigurations) often remain invisible in observability stacks, hidden behind “network” or “external call” noise. This talk proposes integrating DNS observability directly into the OpenTelemetry eBPF Instrumentation (OBI) agent. We’ll cover the architectural challenges (eBPF context, semantic conventions, scalability), the proposed metrics & tracing model, and the value this adds to operators diagnosing performance or reliability issues. Attendees will walk away with lessons on how to instrument low-level system interactions (like DNS) in a cloud native world, and a blueprint for extending observability in eBPF agents beyond what exists today.

Disaster Resilient Trino on Kubernetes: Multi-Cluster Setup With Karmada and Trino Gateway - Sung Yun & Antoine Marthey, Bloomberg LP #

Time: 5:30pm CET - 6:00pm CET

Speakers: Sung Yun & Antoine Marthey, Bloomberg LP

Venue: Forum, Amsterdam, Netherlands

Type: PLATFORM ENGINEERING

Description: As firms scale their data science and AI platforms, ensuring that distributed SQL engines remain available during cluster failures or regional outages is just as crucial as governance and scalability. At KubeCon EU 2025, we shared Bloomberg’s managed Trino architecture on Kubernetes, built around centralized policy enforcement and tenant isolation. This year, we present its evolution: a disaster-resilient Trino design. With Karmada, we duplicate Trino deployments across multiple regions for high availability. On top, Trino Gateway provides namespace-scoped unified query endpoints for each tenant, enabling transparent query routing while preserving strong governance. Together, these components deliver a multi-cluster, highly available, production-ready Trino platform that powers Bloomberg’s analytics workloads. By sharing design principles, trade-offs, and operational lessons, we’ll offer attendees a practical blueprint for building resilient, governed data platforms on Kubernetes.

Let Your Network Speak! - Nadia Pinaeva, NVIDIA & Joel Takvorian, Red Hat #

Time: 5:30pm CET - 6:00pm CET

Speakers: Nadia Pinaeva, NVIDIA & Joel Takvorian, Red Hat

Venue: G102-103, Amsterdam, Netherlands

Type: OBSERVABILITY

Description: If your network could speak, what would it tell you?
Kubernetes networking is a tricky beast, and observability tools are crucial to make sure it works as you expect. But even if you see WHAT happens in your network, you still don’t know WHY it happens. Especially if you have a number of network policies in the cluster, it is always difficult to tell why exactly a given connection is allowed or denied.
During this session, we will introduce a new observability approach, where the observability agent can receive and understand messages from the network, explaining WHY something happened to a packet.
During a short demo, we will walk the path from the Linux kernel to the netobserv GUI using OVS, OVN and OVN-Kubernetes on the way and show how it makes the Kubernetes network clear to everyone.

Pay Less for More: A Practitioner's Playbook for Kubernetes Autoscaling - Malgorzata Widelicka & Lukasz Ogrodowczyk, Roche #

Time: 5:30pm CET - 6:00pm CET

Speakers: Malgorzata Widelicka & Lukasz Ogrodowczyk, Roche

Venue: Elicium 2, Amsterdam, Netherlands

Type: OPERATIONS + PERFORMANCE

Description: Running cost-effective Kubernetes clusters in the face of unpredictable, resource-hungry workloads is a common battle. High costs, long provisioning times for specialized hardware like GPUs, and the risk of instability from spot instances are frequent frustrations. How can practitioners optimize for both cost and performance without compromising stability?
This talk provides a practical guide to mastering autoscaling and cost management. It demonstrates how to leverage Karpenter to provision diverse node types on-the-fly, drastically reducing provisioning times. The session covers the essential role of observability in monitoring dynamic resources, isolating critical jobs, managing the crucial trade-off between stability and cost-efficiency, and scaling to zero with KEDA for event-driven applications. This talk will share key FinOps and DORA metrics for measuring the impact of your autoscaling strategy.

Right-sized Access Control & Pull with Proof - Stanislav Láznička, Microsoft & Lucas Käldström, Upbound #

Time: 5:30pm CET - 6:00pm CET

Speakers: Stanislav Láznička, Microsoft & Lucas Käldström, Upbound

Venue: E103-105, Amsterdam, Netherlands

Type: MAINTAINER TRACK

Description: Crank those propeller beanie‑caps to maximum lift, because once we breeze past the latest SIG Auth KEPs, we're zooming straight into two high‑octane technical adventures: the mysteries of ensure secret‑pulled images and the intricacies of conditional authorization. Prepare for turbulence, nerdy delight, and a guided tour through truly unruly authorization air currents.

Constrained Impersonation and Conditional Authorization finally allow you to escape "all-or-nothing" semantics in favor of right-sized access control policies. These features make it possible to define things like "only allow getting pods when impersonating a node", "Alice cannot set the 'sensitive' label on write requests" or "a controller can only add or remove its own finalizer, not others'".

Next, we'll explore "Ensure Secret Pulled Images," a long-awaited fix for a 10-year-old security gap. Learn how Kubelet now verifies credentials for cached images, ensuring that IfNotPresent doesn't mean "IfPresentForAnyone."

Whether you're managing access control policies, building controllers or securing multi-tenant clusters, this session will equip you with the knowledge to lock down your environment like never before.

Scaling Platform Engineering: Lessons From Europe’s Largest Enterprises - Cat Morris, Syntasso; Stéphane Di Cesare, DKB; Anna Kozachenko, Amadeus; Gayathri Thiyagarajan, AWS #

Time: 5:30pm CET - 6:00pm CET

Speakers: Cat Morris, Syntasso; Stéphane Di Cesare, DKB; Anna Kozachenko, Amadeus; Gayathri Thiyagarajan, AWS

Venue: Hall 8 | Room G, Amsterdam, Netherlands

Type: PLATFORM ENGINEERING

Description: Platform engineering is no longer new. Most large organisations now have a platform team to help product and application teams deliver faster and more reliably. But as demand grows, a key question emerges: who helps the platform team scale its own impact? In this panel, platform leaders from some of Europe’s largest enterprises will share real-world stories of how they built, structured, and grew their internal platform organisations. You’ll hear what worked (and what didn’t!) when it came to getting internal buy-in, evangelising platform thinking across the business, and hiring and evolving the team. Whether you’re starting a platform team from scratch or trying to take your current one to the next level, this session will leave you with actionable insights, hard-earned lessons, and inspiration from those who’ve done it at enterprise scale.

Signed, Sealed, Delivered: Why Reverse Proxies Outperform VPNs - Peter ONeill, Teleport & Boris Kurktchiev, Independent #

Time: 5:30pm CET - 6:00pm CET

Speakers: Peter ONeill, Teleport & Boris Kurktchiev, Independent

Venue: Hall 8 | Room F, Amsterdam, Netherlands

Type: SECURITY

Description: To use an analogy, traditional VPNs are like picking up a package from a shared storage room. Once you are inside, you can see and touch far more than the package meant for you. This model worked when networks were smaller and trust was implicit, but in cloud-native environments it creates excessive privilege, blind spots, and unnecessary risk.

Reverse proxies in contrast act like signature on delivery. Access is granted only to the intended recipient, only for the right resource, and every handoff is logged. This session will explain how reverse proxies work, the evolution from forward proxies, and why they are a better fit than VPNs for securing modern systems.

To make this concrete, we will walk through a demo using Envoy, Keycloak, and two sample applications. Attendees will see how a reverse proxy validates identity, enforces per-route authorization, and logs every action.

Sink or Swim? Team Lead and "Junior" SREs Debate "Trial by Fire" Onboarding - Verena Traub, b'nerd; David Pech, Wrike; Melody Sofia Eroshevich & Patrick Sieradzon, Cloudeteer GmbH; Petr Rais, Sluno #

Time: 5:30pm CET - 6:00pm CET

Speakers: Verena Traub, b'nerd; David Pech, Wrike; Melody Sofia Eroshevich & Patrick Sieradzon, Cloudeteer GmbH; Petr Rais, Sluno

Venue: Hall 7 | Room B, Amsterdam, Netherlands

Type: CLOUD NATIVE EXPERIENCE

Description: In this panel, two team leads and two junior engineers unpack the messy truth behind enterprise onboarding in the CNCF ecosystem. From fixing a CrashLoopBackOff on day one to learning how (not) to delete an ArgoCD Application without a finalizer, they’ll share what worked, what broke, and how it shaped their confidence and skill.

Can you hire a "junior" SRE? How much Linux knowledge do you still need today? Together, they’ll explore why hiring juniors is essential for growing sustainable teams.

Team leads who advocate for "trial by fire" and junior SREs who survived will share their unfiltered experiences. They'll debate the fine line between a motivating challenge and overwhelming pressure of cognitive load. They will cover how to grant real responsibility while maintaining psychological safety and how this approach forges ownership faster than any training module. This isn't a theoretical talk; it's a practical guide to turning new hires into confident contributors in record time.

Snapshots Gone Wild: Taming Multi-PVC Chaos with VolumeGroupSnapshot - Shubham Pampattiwar & Scott Seago, Red Hat #

Time: 5:30pm CET - 6:00pm CET

Speakers: Shubham Pampattiwar & Scott Seago, Red Hat

Venue: Hall 8 | Room E, Amsterdam, Netherlands

Type: DATA PROCESSING + STORAGE

Description: Backing up multi-volume applications in Kubernetes used to feel like conducting an orchestra where every instrument played its own tune. Databases, queues, and analytics workloads, each sitting on separate PVCs, rarely stayed in sync when snapshots fired off individually. Enter VolumeGroupSnapshot (VGS), the long-awaited API that lets you snapshot multiple PVCs together in one consistent, orchestrated operation.

This session takes you behind the scenes of bringing VGS to life in Velero and across CSI drivers. We’ll explore how Kubernetes coordinates snapshot creation, ensures group consistency, and manages recovery workflows end-to-end. You’ll see test results comparing single vs. group snapshots, learn the trade-offs of orchestration at scale, and walk away with a blueprint for using VGS to achieve fast, reliable, and truly consistent backups, without the chaos.

The Latest in GPU, TPU, NIC and Other Device Support - WG Device Management - John Belamaric, Google & Patrick Ohly, Intel #

Time: 5:30pm CET - 6:00pm CET

Speakers: WG Device Management - John Belamaric, Google & Patrick Ohly, Intel

Venue: E106-108, Amsterdam, Netherlands

Type: MAINTAINER TRACK

Description: WG Device Management continues to make great progress in enhancing support for GPUs, TPUs, NICs, and other specialized hardware in Kubernetes.

With the 1.34 release, Dynamic Resource Allocation (DRA) has finally reached General Availability, making it easier than ever to configure, allocate, and share advanced hardware resources efficiently. But the 1.34 support is just the basics, and the work is nowhere near done!

Come learn about what the community has built in 1.35 and what's coming in 1.36 to improve how you use specialized devices in Kubernetes, such as features for managing device failures, groups of devices working together across nodes, and controlled sharing of devices.

The Ultimate Kubernetes Challenge: An Interactive Trivia Game - Aurélie Vache, OVHcloud #

Time: 5:30pm CET - 6:00pm CET

Speakers: Aurélie Vache, OVHcloud

Venue: Hall 7 | Room A, Amsterdam, Netherlands

Type: CLOUD NATIVE NOVICE

Description: Kubernetes has become the de facto standard for deploying and operating containerized applications. We use it, as well as its ecosystem, on a daily basis, but do we know them as well as we think we do? With a mix of quiz and live demos, come learn and/or improve your knowledge. You will discover (or rediscover) the key concepts of Kubernetes (pods, secrets, services...), internal components but also best practices. In this fun and dynamic talk, come compete throughout the quiz and explore the wonderful world of Kubernetes. Icing on the cake: the first will win some swags.

Why Isn't the Fix in My Container? Tracking CVE Propagation Across 10,000 Projects - Mor Weinberger, Echo Security & Lior Kaplan, Kaplan Open Source #

Time: 5:30pm CET - 6:00pm CET

Speakers: Mor Weinberger, Echo Security & Lior Kaplan, Kaplan Open Source

Venue: Hall 7 | Room C, Amsterdam, Netherlands

Type: SECURITY

Description: We analyzed CVE remediation patterns across 10,000 open source projects to uncover a critical problem: vulnerabilities fixed upstream often take weeks or months to reach downstream containers. This lag creates massive security exposure windows in Kubernetes environments.

In this talk, we'll present our findings showing how CVE fixes flow (or stall) across ecosystem layers, from upstream projects to package managers to base images to final containers. You'll see real metrics on remediation delays, and the compounding effect of layered dependencies.

But we won't stop at the problem. The second half focuses on practical solutions. From automated patch backporting to in-place image patching with tools like Copa. You'll learn how to build workflows that dramatically reduce MTTR, including dependency automation patterns and risk-based prioritization.

Attendees will leave with both a data-driven understanding of the CVE remediation challenge and a practical playbook for fixing it.

⚡ Lightning Talk: KRafting the Cloud: Building a Free, Open, and Accessible Cloud - Alex Bissessur, La Sentinelle #

Time: 5:34pm CET - 5:39pm CET

Speakers: Alex Bissessur, La Sentinelle

Venue: Auditorium, Amsterdam, Netherlands

Type: ⚡ LIGHTNING TALKS

Description: Everyone knows of the big cloud service providers out there - GCP, AWS, and Azure, just to name a few. However, if you're one of the billions of people across the world without a datacenter in their backyard, suddenly, cloud platforms aren't as fancy as people make them out to be.

Born out of the desire to run workshops for the local Cloud Native Community Group, we created KRaft, a project built on top of numerous projects from the cloud native landscape for a serverless, Kubernetes-focused cloud platform which can be deployed anywhere on any hardware!

This talk will go over the challenges we faced creating such a platform, as well as the social and technical benefits we enjoyed from our little island nation in Africa. Expect technical challenges, an overview on numerous cloud native technologies, sprinkled with some social and cultural exchange.

⚡ Lightning Talk: The $100K GPU Mystery: Why Your AI Training Dies at 99% - Michael Ifeanyi, Google #

Time: 5:41pm CET - 5:46pm CET

Speakers: Michael Ifeanyi, Google

Venue: Auditorium, Amsterdam, Netherlands

Type: ⚡ LIGHTNING TALKS

Description: Your distributed AI training crashes at 99% completion after 6 hours and $100K in compute costs. It's not a bug—it's GPU memory fragmentation, the silent killer destroying workloads across Kubernetes clusters.

This 5-minute lightning talk reveals:
Why traditional monitoring misses fragmentationHow to detect fragmentation before it kills jobsConfiguration strategies that prevent failures
Walk away with actionable tools to prevent the most expensive minutes of your AI training lifecycle. Based on real production incidents from enterprise teams.CNCF Projects: Kubernetes, Prometheus, GrafanaOpen Source: NVIDIA Device Plugin, PyTorch DistributedNo more mysteries. No more $100K crashes.

Documentary Premiere: Backstage: From Spreadsheet to Standard #

Time: 6:15pm CET - 7:00pm CET

Venue: Forum, Amsterdam, Netherlands

Type: EXPERIENCES

Description: Wrap up your Wednesday at KubeCon + CloudNativeCon Europe with the exclusive premiere of the Backstage documentary at the RAI Amsterdam.

This in-depth documentary explores the evolution of Backstage at Spotify and its transformative journey as part of the CNCF.

Whether you are a platform engineer, a developer, or an open-source enthusiast, this is a story of how collaboration conquers complexity.

Waitlist/capacity note: Seats in the Forum are limited and available on a first-come, first-served basis. Add this to your Sched early to ensure you don’t miss out!