KubeCon + CloudNativeCon North America 2025#

Tuesday, November 11, 2025#

Total Sessions: 178

🏃 Fun Run #

Time: 7:00am EST - 9:00am EST

Venue: Corner of Marietta St. and Park Ave across from Centennial Olympic Park, 267 Marietta St NW, Atlanta, GA 30313

Type: EXPERIENCES

Description: Start your day with fresh air, energy, and great company! Join fellow KubeCon + CloudNativeCon attendees for a guided run through downtown Atlanta, taking in the city’s vibrant streets and skyline as the morning comes to life. Whether you’re a casual jogger or a seasoned runner, this relaxed, this social run is a perfect way to stretch your legs, connect with new people, and see a bit of the city before the day’s sessions begin. You can find Ann Wallace and Jed Salzar at the meeting point which is on the corner of Marietta St. and Park Ave in Centennial Olympic Park, near the Starbucks.

Badge Pick-Up #

Time: 7:30am EST - 6:15pm EST

Venue: Building B | Level 4 | Registration Hall B, Atlanta, GA, USA

Type: REGISTRATION

Coat + Bag Check #

Time: 7:30am EST - 8:15pm EST

Venue: Building A | Level 4 | A412, Atlanta, GA, USA

Type: REGISTRATION

Description: Please note we are unable to store any items overnight and cameras, laptop equipment or any other electronic devices cannot be stored at any time.

Keynote: Welcome + Opening Remarks #

Time: 9:00am EST - 9:25am EST

Speakers: Jonathan Bryce (Executive Director, Cloud and Infrastructure); Chris Aniszczyk (CTO, Cloud and Infrastructure, Linux Foundation)

Venue: Building B | Level 1 | Exhibit Hall B2, Atlanta, GA, USA

Type: KEYNOTE SESSIONS

Keynote: Supply Chain Reaction: A Cautionary Tale in K8s Security #

Time: 9:27am EST - 9:42am EST

Speakers: Stacey Potter (Manager of Community, OpenSSF & Adolfo García Veytia, Founder and Engineer, Carabiner Systems)

Venue: Building B | Level 1 | Exhibit Hall B2, Atlanta, GA, USA

Type: KEYNOTE SESSIONS

Description: Your Kubernetes cluster seems bulletproof: network policies, mTLS, no external API access, GitOps workflows, and automated CI/CD. But you’re still vulnerable. This talk follows a real-world attack where a hacker bypasses traditional defenses through supply chain exploits: poisoned commits, tainted build tools, malicious images, and backdoored dependencies. A diligent DevOps engineer struggles to keep up. But this isn’t just a tale of doom. Each attack vector is met with a practical counter using OpenSSF projects: Sigstore for image signing. SLSA attestations for build security, OpenVEX/SBOM for dependency protection, gittuf for source control This session highlights how hardening the supply chain transforms into defense-in-depth without burdening the developer. Takeaways include: -How supply chain attacks bypass secure K8s setups -Actionable implementation and enforcement of OpenSSF tooling, coordinated through the OSPS Baseline -Practical CI/CD and GitOps integrity improvements

Keynote: Scaling Geo-Temporal ML: How Pokémon Go Optimizes Global Gameplay With Kubernetes and Kubeflow #

Time: 9:51am EST - 10:06am EST

Speakers: Yunpeng Liu (Director, Big Data and Machine Learning, Niantic Inc.); Andy Zhang (Staff Machine Learning Scientist, Niantic Inc.)

Venue: Building B | Level 1 | Exhibit Hall B2, Atlanta, GA, USA

Type: KEYNOTE SESSIONS

Description: Pokémon Go continues to engage millions of players worldwide with its location-based gameplay. Behind the scenes, this presents a unique ML challenge: how to optimize real-world player experiences using massive volumes of geo-temporal data? In 2024, a team of ML practitioners at Niantic started tackling this by optimizing Raid Battle spawns—across dimensions of location, time, and difficulty—at a global scale spanning millions of S2 cells. The complexity of this problem goes beyond pure modeling: it also demands high standards for player satisfaction, scalability, and privacy protection. This talk shares how the team designed a geo-aware recommender system and operationalized it in a cloud-native environment. Attendees will learn: - Modeling recommendations across spatial, temporal, and difficulty axes - Geo-temporal feature engineering at scale - Building and scaling recommender systems using Kubernetes and Kubeflow - MLOps lessons from one of the most popular location-based games

Keynote: Apple Containerization: Secure, Private Containers on macOS #

Time: 10:15am EST - 10:20am EST

Speakers: Madhu Venugopal (Director of Engineering, Apple)

Venue: Building B | Level 1 | Exhibit Hall B2, Atlanta, GA, USA

Type: KEYNOTE SESSIONS

Description: The past decade has transformed how we build server applications at scale. Solutions such as containerization and microservices enabled a new cloud native approach of building apps with the cloud in mind, in turn kickstarting an entire ecosystem of cloud native tools. Yet containers themselves remain ripe for innovation—particularly in areas like security and privacy. Apple’s newly open-sourced Containerization Framework addresses these gaps by letting developers build and run Linux containers directly on macOS while maintaining Apple’s rigorous security and privacy standards. We’ll explain why we built this solution, the key design decisions that set it apart, and how this framework can enhance your cloud native development experience.

Keynote: Maximum Acceleration: Cloud Native at the Speed of AI #

Time: 10:22am EST - 10:37am EST

Speakers: Joseph Sandoval (Principal Product Manager, Adobe)

Venue: Building B | Level 1 | Exhibit Hall B2, Atlanta, GA, USA

Type: KEYNOTE SESSIONS

Description: Cloud Native is not the end of the journey; it has become the substrate for what comes next. Breakthroughs in AI promise a future where ideas move from research to reality at unprecedented speed, but the gap between experimentation and production is widening. The challenge is not AI capability, it is infrastructure. Today’s platforms were built for predictable, human-driven workloads, not for adaptive models that demand scale, resilience, and portability. This keynote explores how the CNCF community can focus on the critical areas that matter most for AI adoption. It will highlight where attention and investment can deliver maximum acceleration, ensuring that Cloud Native continues to evolve as the foundation for deploying and operating intelligent systems into the future.

Keynote: Closing Remarks #

Time: 10:39am EST - 10:45am EST

Venue: Building B | Level 1 | Exhibit Hall B2, Atlanta, GA, USA

Type: KEYNOTE SESSIONS

Coffee Break ☕#

Time: 10:45am EST - 11:15am EST

Venue: Building B | Level 1 | Exhibit Hall B3-B5, Atlanta, GA, USA

Type: BREAKS

Relaxation Station #

Time: 10:45am EST - 7:45pm EST

Venue: Building B | Level 1 | Exhibit Hall B3-B5, Atlanta, GA, USA

Type: EXPERIENCES

Description: Take a break from the buzz of the Solutions Showcase and sit back and relax at the Relaxation Station. Enjoy a soothing massage, try your hand at crocheting, or challenge someone to a game of chess. This is the perfect spot to recharge and unwind before diving back into action. Sponsored by:

Time: 10:45am EST - 11:15am EST

Venue: Building B | Level 1 | Exhibit Hall B3-B5, Atlanta, GA, USA

Type: SOLUTIONS SHOWCASE

Description: Sponsor: groundcover Demo: Tracing the Untraceable: Full-Stack Observability for LLMs and Agents Booth Number: 520 Sponsor: Spectro Cloud Demo: Living on the Edge with Spectro Cloud — Find us at Booth #621! Booth Number: 621 In order to facilitate networking and business relationships at the event, you may choose to visit a third party’s booth or access sponsored content. You are never required to visit third party booths or to access sponsored content. When visiting a booth or participating in sponsored activities, the third party will receive some of your registration data. This data includes your first name, last name, title, company, address, email, standard demographics questions (i.e. job function, industry), and details about the sponsored content or resources you interacted with. If you choose to interact with a booth or access sponsored content, you are explicitly consenting to receipt and use of such data by the third-party recipients, which will be subject to their own privacy policies.

Solutions Showcase #

Time: 10:45am EST - 7:45pm EST

Venue: Building B | Level 1 | Exhibit Hall B3-B5, Atlanta, GA, USA

Type: SOLUTIONS SHOWCASE

Description: In order to facilitate networking and business relationships at the event, you may choose to visit a third party’s booth or access sponsored content. You are never required to visit third party booths or to access sponsored content. When visiting a booth or participating in sponsored activities, the third party will receive some of your registration data. This data includes your first name, last name, title, company, address, email, standard demographics questions (i.e. job function, industry), and details about the sponsored content or resources you interacted with. If you choose to interact with a booth or access sponsored content, you are explicitly consenting to receipt and use of such data by the third-party recipients, which will be subject to their own privacy policies.

Project Pavilion Tour #

Time: 10:55am EST - 11:15am EST

Speakers: Atul Sharma (Engineering Leader, AIML Platform Engineering, Observability, Apple)

Venue: Building B | Level 1 | Exhibit Hall B3-B5 | Project Pavilion, Atlanta, GA, USA

Type: PROJECT OPPORTUNITIES

Description: Explore the Project Pavilion, a hub of innovation and discovery! Take part in daily tours, interact with project maintainers at their kiosks, gain insights on community engagement and KCD event organization, and learn more about certification opportunities to showcase your expertise. This tour will include an introduction to the Pavilion, making introductions, interacting with maintainers, and ensuring you end up talking to the right projects!

Learning Lounge: The “Must Have” OKR for 2026 #

Time: 11:00am EST - 11:15am EST

Speakers: Clyde Seepersad (SVP & General Manager, Linux Foundation Education)

Venue: Building B | Level 1 | Exhibit Hall B3-B5 | Learning Lounge, Atlanta, GA, USA

Type: EXPERIENCES

Description: 10-Minute Tip Talk

Student Community Gathering #

Time: 11:00am EST - 12:00pm EST

Venue: Building B | Level 2 | B211-212, Atlanta, GA, USA

Type: INCLUSION + ACCESSIBILITY

Description: Strong communities foster a feeling of belonging by providing opportunities for interaction, collaboration, and shared experiences. We hope to do just that with a gathering of student attendees at KubeCon + CloudNativeCon North America! Join fellow students in the Community Hub for a conversation with Kelsey Hightower on the future of cloud-native, open source, and building your path in tech.

Benchmarking GenAI Foundation Model Inference Optimizations on Kubernetes #

Time: 11:15am EST - 11:45am EST

Speakers: Sachin Mathew Varghese (Capital One & Brendan Slabe, Google)

Venue: Building B | Level 5 | Thomas Murphy Ballroom 1, Atlanta, GA, USA

Type: AI + ML

Description: Foundation models are general purpose deep learning models trained on vast amounts of data capable of responding to a diverse set of tasks. To minimize the recurring inference costs, such large model deployments are now being optimized in various ways to reduce the model computations without substantial loss in accuracy. These include techniques to optimize the attention mechanism like flash attention, paged attention etc, model parameter optimizations like quantization and other serving optimizations like in-flight batching, speculative decoding, disaggregated serving and other smart routing strategies. One of the biggest requirements to testing and deploying any such inference optimization technique is a consistent framework to measure and benchmark the inference performance. This talk introduces a Kubernetes SIG project to benchmark GenAI foundation model inference and validate the performance usability of inference optimizations in a standard manner for real world applications.

Rust Is the Language of AGI #

Time: 11:15am EST - 11:45am EST

Speakers: Michael Yuan (Founder, Second State)

Venue: Building B | Level 4 | B401-402, Atlanta, GA, USA

Type: AI + ML

Description: Strongly and statically-typed programming languages, like Rust, could be difficult for humans, but they are especially well-suited for AI coding, as the generated code can be validated by compilers for real-time feedback and reinforcement learning. However, unlike Python, there are few examples of Rust code in LLMs’ training corpora, and hence limiting the LLM’s capability in generating Rust code. This talk will discuss the open-source RustCoder project, which provides an integrated agentic framework based on MCP for generating complete and valid Rust projects. It enables the following functionalities for IDEs and coding tools. 1. Generates a Rust Cargo project from a user request (aka vibe coding). 2. Compiles and executes Rust Cargo projects. 3. Automatically fixes compiler errors. The project is supported by two Linux Foundation Mentorship grants, as well as content provided by the Rust Foundation.

Taming the Complexity Beast: How Organizations Are Rethinking Software Architecture and Deployment #

Time: 11:15am EST - 11:45am EST

Speakers: Katie Norton (Research Manager, DevSecOps & SSC Security, IDC); Alex Zenla (Co-Founder and CTO, Edera); Jason Hall (Principal Software Engineer, Chainguard); Jon Ceanfaglione (Chief Architect, DevSecOps & IT Automation, IBM)

Venue: Building B | Level 3 | B308-309, Atlanta, GA, USA

Type: CLOUD NATIVE EXPERIENCE

Description: After a decade of “microservices all the things,” the industry is experiencing a fascinating recalibration. Organizations that rushed to decompose monoliths are now grappling with distributed system complexity, operational overhead, and the cognitive load on development teams. This panel explores how modern organizations are making more intentional architectural choices and evolving their approach to software consumption and deployment. This panel will cover: From “microservices by default” to “complexity-aware” architectural decisions The hidden costs of distributed systems: network calls, data consistency, observability overhead Why some organizations are consolidating services or building “modular monoliths” The rise of platform engineering as a response to operational complexity Shifting from “move fast and break things” to sustainable velocity

Anatomy of a Kubernetes Scheduler: Narrate Workloads Priority in Sequence #

Time: 11:15am EST - 11:45am EST

Speakers: Hoon Jo (Cloud Solutions Architect | Cloud Native Engineer, Megazone)

Venue: Building B | Level 2 | B206, Atlanta, GA, USA

Type: CLOUD NATIVE NOVICE

Description: By default, Kubernetes workloads are distributed as evenly as possible across a pool of Kubernetes (worker) nodes. i.e., they are designed to be automatically deployed where they are best suited based on the state of each node. However, sometimes we need to modify the code in order to ensure that the workloads are deployed where we want them to be, and this can be as simple as ‘nodeName’, but sometimes we can use options like ‘affinity’ to ensure that they are deployed based on conditions. With all these different conditions, which one will take more precedence? On the flip side, we also add values like ‘taints’ to limit what we deploy to. If the condition you restrict are “SHIELD”, then the condition you deploy can be likened to “SPEAR”. Who win? Let’s decode this paradox with an actual example in each case.

Fix First, Investigate Later: When an eBPF Rollout Brought Down Our Network #

Time: 11:15am EST - 11:45am EST

Speakers: Zain Malik (Exostellar & Grzegorz Głąb, Whatnot)

Venue: Building B | Level 4 | B405-406a, Atlanta, GA, USA

Type: CONNECTIVITY

Description: When your production network suddenly starts dropping packets, the last thing you expect is that your cloud provider quietly deployed a new monitoring tool. This talk shares our journey from mysterious outage to desperate fix to surprising discovery. It started with alerts: packet loss spiking, network throughput crashing from 800MB/s to near 250MB/s. No recent changes on our end. Hours into the crisis, we discovered an unfamiliar DaemonSet running eBPF programs - Retina, silently rolled out across our clusters. But here’s the catch: we couldn’t remove it. The daemonset was reconciled instantly back to original state after an update. With users impacted and no time for root cause analysis, we took a leap: build a mutation webhook to intercept and neuter this mysterious DaemonSet. It worked instantly - networks recovered, crisis averted. Only then could we investigate: How did an eBPF observability tool cause such devastation? And why didn’t we know it was being deployed?

🚩An Introduction to Capture The Flag #

Time: 11:15am EST - 12:00pm EST

Venue: Building B | Level 2 | B203, Atlanta, GA, USA

Type: EXPERIENCES

Description: The Cloud Native Capture The Flag (CTF) is available to all KubeCon + CloudNativeCon attendees. In preparation for starting the activity, you are invited to attend an introductory session. This session aims to introduce how to participate in CTF competition to those new to them. We will share tips and tricks for completing these challenges and work through a practice scenario together. Learn more about the CTF.

10 Years of Cilium: Connecting, Securing, and Simplifying the Cloud Native Stack #

Time: 11:15am EST - 11:45am EST

Speakers: Bill Mulligan (Community Pollinator, Isovalent at Cisco); Paul Arah (Community Build, Security, Isovalent@Cisco); Neha Aggarwal (Principal Software Engineer Manager, Microsoft); Satish Krishnan (Director, UBS)

Venue: Building C | Level 3 | Georgia Ballroom 3, Atlanta, GA, USA

Type: MAINTAINER TRACK

Description: Join us as we celebrate a decade of Cilium, now the de-facto standard CNI for Kubernetes and a cornerstone of cloud native networking and security. This session provides updates on the latest Cilium release and showcases how its unified eBPF-powered stack is transforming Kubernetes environments and beyond by replacing fragmented toolchains with seamless, secure, scalable, and simplified solutions. We’ll showcase advancements in multi-cluster connectivity and support for massively scalable clusters. You’ll also hear updates from sub-project Tetragon for runtime enforcement and security observability. Contributors and adopters from Isovalent, Microsoft, and UBS will share how they’re using Cilium to streamline operations and reshape the cloud native stack cementing Cilium’s role as the networking and security data plane for modern infrastructure for the next decade to come.

Emissary-ingress: Version 4 and the Road Ahead #

Time: 11:15am EST - 11:45am EST

Speakers: Flynn (Tech Evangelist, Buoyant)

Venue: Building C | Level 3 | Georgia Ballroom 1, Atlanta, GA, USA

Type: MAINTAINER TRACK

Description: After a quick detour to do Emissary-ingress 3.10, we’re back to working on Emissary-ingress 4.0! This is the first new major version in some years for Emissary, one of the first Kubernetes-native, self-service API gateways and ingress controllers, and it’s quite a significant change under the hood. In this session, we’ll start with a quick overview of the need for ingress controllers in general, the benefits of self-service developer workflows, and how Emissary-ingress can help with these issues. We’ll also talk about the state of project, the path we’re taking with Emissary 4, and how to get involved as a contributor, how to best offer feedback, and what’s in store for the project in the future. Emissary’s maintainer sessions are always great opportunities to talk directly with Emissary-ingress maintainers and make sure your voice is heard when it comes to the project’s future – looking forward to seeing you there!

Kubernetes Data Protection WG Intro & Deep Dive #

Time: 11:15am EST - 11:45am EST

Speakers: Dave Smith-Uchida (Technical Leader, Veeam)

Venue: Building C | Level 3 | Georgia Ballroom 2, Atlanta, GA, USA

Type: MAINTAINER TRACK

Description: Data Protection WG is dedicated to promoting data protection support in Kubernetes. The Working Group is working on identifying missing functionalities and collaborating across multiple SIGs to design features to enable data protection in Kubernetes. In this session, we will discuss what is the current state of data protection in Kubernetes and where it is heading in the future. We will also talk about how interested parties (including storage and backup vendors, cloud providers, application developers, and end users, etc.) can join this WG and contribute to this effort. Details of the WG can be found here: https://github.com/kubernetes/community/tree/master/wg-data-protection.

What’s New in Containerd 2.2 #

Time: 11:15am EST - 11:45am EST

Speakers: Derek McGowan (Docker & Phil Estes, AWS)

Venue: Building C | Level 1 | C111-112, Atlanta, GA, USA

Type: MAINTAINER TRACK

Description: A year after the release of containerd 2.0, the containerd project has shifted to time based releases and recently released containerd 2.2. As the project has matured, the maintainers have continued to focus on stability along with more reliable release cadence and steady stream of new features. The 2.2 release is filled with new features to support the next generation of filesystems and container image formats. Join maintainers to discuss these project updates, integrations with Kubernetes, and how these new features can be used to support new use cases and increase runtime performance.

Taming Telemetry at Scale: Platform Blueprints for Consistent Observability #

Time: 11:15am EST - 11:45am EST

Speakers: Aakansha Priya (Solution Architect, Dash0); Marino Wijay (Staff Solutions Architect, Kong Inc.)

Venue: Building B | Level 3 | B304-305, Atlanta, GA, USA

Type: OBSERVABILITY

Description: Observability is only as good as its implementation—and at enterprise scale, it’s often fragmented. With teams deploying their own OpenTelemetry (OTel) configurations, inconsistencies arise in metrics, logs, and trace data, making it harder to validate system health or pinpoint root causes. This talk explores how platform engineering teams can address these inconsistencies using a standardized architecture built on OpAMP, Gateway API, and service mesh technologies like Kuma and Envoy. We’ll cover: - Common deployment patterns and team-specific observability needs - How Gateways and Meshes serve as rich telemetry aggregation points - How OpAMP helps centralize and automate OTel configuration management - Real-world examples of customer setups and results Attendees will walk away with reusable blueprints to align observability across teams while reducing MTTR and boosting operational clarity

Unleash the Power of Inplace Pod Resource Resizing for Startup and Cost Optimization #

Time: 11:15am EST - 11:45am EST

Speakers: Zhang Zhen & Yuxing Yuan (senior software engineer, alibaba cloud)

Venue: Building B | Level 4 | B406b-407, Atlanta, GA, USA

Type: OPERATIONS + PERFORMANCE

Description: In-place pod resource resizing is a powerful K8S feature that can significantly accelerate application startup and improve autoscaling responsiveness. However, its integration with k8s workload and tooling, e.g. PodDisruptionBudget is lacking, and support across programming languages and frameworks remains limited, hindering widespread adoption. In this session, we share real-world experiences from Alibaba and RedNote on deploying in-place resource resizing. We will discuss challenges such as CgroupV1 compatibility issues, and demonstrate language-level techniques to make resized resources available to applications, including JVM parameter tuning and elastic heap management for Java workloads. Additionally, we introduce a novel approach for dynamically resizing instances based on daily traffic patterns to optimize resource utilization. Finally, we show how to automate in-place resizing during workload rollouts and to minimize disruption caused by resizing using OpenKruise.

Platform Engineering: Day Zero, The Origin Story #

Time: 11:15am EST - 11:45am EST

Speakers: Murriel McCabe (Customer Engineer, Google)

Venue: Building B | Level 3 | B312-314, Atlanta, GA, USA

Type: PLATFORM ENGINEERING

Description: How do you get started with platform engineering if you don’t have time and resources to build a platform? – In an ideal world, you are building a developer platform from the ground up with best practices, scalability, modularity, automation, self service capabilities, and best-of-breed technology in a greenfield environment. In reality however, there may be no paved roads, golden paths, guardrails, or organizational buy in, and the legacy of developers and sysadmins past may have generated mountains of debt that continue to accrue with compounding interest. In this talk, we will build a platform engineering roadmap, starting from your team or organization’s current state - wherever that may be. You will have the opportunity to learn about some of the most common tools and technologies that go into building an internal developer platform, and to explore approaches for championing a platform engineering mindset, iterating on improvements to teams, processes, and technologies.

Demonstration of Automatic Kubernetes Network Policies Generation #

Time: 11:15am EST - 11:45am EST

Speakers: Boaz Michaely (OpenShift Security Product Management, Red Hat); Adi Sosnovich (Research Staff Member, IBM Research)

Venue: Building B | Level 3 | B302-303, Atlanta, GA, USA

Type: SECURITY

Description: Kubernetes networking by default is Malicious Actors’ heaven. Why? Because by default, any pod can send and receive traffic to and from any other pod, ignoring namespace and privilege boundaries. External traffic in both directions is allowed as well, as far as Kubernetes is concerned. Indeed, best practices rightfully dictate that this default be modified, using “Kubernetes Network Policies” . Yet most teams find this too difficult to implement. Authoring NetworkPolicy YAML is very challenging. Baseline/AdminNetworkPolicy fills a gap for cluster administrators, but authoring these policies and understanding their impact is a new, additional challenge. Furthermore, policy authors may not know what the application’s communication needs are. What if there was a way to automatically produce tight network policy rules, in YAML, and see the impact of applied B/ANP network policies? Join this session to see the magic yourself, and learn how you can leverage this technology today!

🚨 Contribfest: Contribute To Zero Friction Kubernetes: Scale K0s With the Community #

Time: 11:15am EST - 12:30pm EST

Speakers: Prithvi Raj & Jussi Nummelin (Senior Community Manager & Developer Advocate, Mirantis)

Venue: Building B | Level 2 | B207, Atlanta, GA, USA

Type: 🚨 CONTRIBFEST

Description: k0s is more than just a zero-friction Kubernetes distribution, it’s a growing open source project committed to simplifying the Kubernetes experience while remaining fully upstream-conformant, production-grade, and lightweight. But like all great open source initiatives, k0s thrives when its community is active, and empowered. That’s where you come in. In this contribfest, we’ll open the doors to the k0s contributor journey. No matter whether you’re a seasoned Go developer, a DevOps practitioner, a docs enthusiast, or someone curious about Kubernetes internals. You’ll learn what makes k0s different from other Kubernetes distributions and where we need help: docs, CLI, testing, integrations, issues, features. We will shed light on how to get started: contributor workflows, issues to pick and guide you. Whether you’re looking for a bug fix or major issue to hack on, or want to make long-term impact in the Kubernetes space, the k0s community is ready to support your contribfest journey.

🚨 Contribfest: Making SlimToolkit Autonomous: Adding AI Assistant Mode and Built-in MCP Server #

Time: 11:15am EST - 12:30pm EST

Speakers: Kyle Quest (Founder, MinToolkit)

Venue: Building B | Level 2 | B208, Atlanta, GA, USA

Type: 🚨 CONTRIBFEST

Description: The DevOps tools are often intimidating because you have to use them as CLIs that have many different options and users don’t know about all their flags and the ones they do know about have constraints and gotchas that’s hard to remember. When SlimToolkit got its interactive prompt mode its user experienced improved significantly. It was easier to discover the CLI flag and autocomplete many of them, but still many users struggle with understanding what flags to use and when. With this ContribFest session we’ll build the AI Assistant Mode where SlimToolkit will be able to explain, recommend and automatically select the right flags when you inspect, debug and slim container images. We’ll also add a built-in MCP Server, so SlimToolkit can be used by AI agents. No low level SlimToolkit, container tech and AI expertise is required. You only need basic knowledge of Go. This is also an opportunity to learn how to build LLM-based AI assistants and agents as well as MCP Servers in Go.

📚 Tutorial: Build-a-Bot Workshop: Enabling Trusted Agents With SPIRE + MCP #

Time: 11:15am EST - 12:30pm EST

Speakers: Maia Iyer (Research Software Engineer, IBM Research); Mariusz Sabath (Sr. Technical Staff Member, IBM Research); Anjali Telang (Senior Principal Product Manager for OpenShift Security and Identity, Red Hat); Andrew Block (Distinguished Architect, Red Hat)

Venue: Building B | Level 5 | Thomas Murphy Ballroom 2-3, Atlanta, GA, USA

Type: 📚 TUTORIALS

Description: Agentic platforms are redefining how cloud-native applications interact—but behind every action lies a critical question: who is allowed to do what, and why? Emerging standards such as MCP allow AI agents to easily connect with tools, but organizations looking to support agents must maintain security and transparency. They can do so by combining the power of OAuth 2.0 with strongly attested workload identity from SPIFFE. In this hands-on workshop, we’ll dive into the mechanics of secure workload identity for agents and tools—no prior experience required. Attendees will work hands-on with a working agentic stack, including MCP for agentic tool-calling, and integrate with cloud-native tools such as SPIRE for workload identity, and Keycloak for user management. These existing technologies are key for enabling granular access control and rich audit trails across the full agentic flow. This workshop lays the foundations to building identity-first, zero-trust agentic platforms.

LFX Overview #

Time: 11:20am EST - 11:45am EST

Speakers: Kieran McDermott (The Linux Foundation)

Venue: Building B | Level 1 | Exhibit Hall B3-B5 | Project Pavilion, Atlanta, GA, USA

Type: PROJECT OPPORTUNITIES

Description: Discover the power of data-driven open source intelligence with LFX, a Linux Foundation toolset designed to empower maintainers, contributors, and users like you. Join Kieran McDermott as he dives into how LFX Overview delivers actionable insights on People, Project, and Organization metrics for the ecosystems powering CNCF and beyond. Learn how leveraging LFX can foster supporting your project or companies through growing your communities—all while enhancing transparency in the open source world. Perfect for open source enthusiasts at KubeCon!

1000 Clusters, 1 Brain: Salesforce’s Approach To Self-Healing Using AIOps #

Time: 12:00pm EST - 12:30pm EST

Speakers: Vikram Venkataraman (Principal Solution Architect, AWS); Srikanth Rajan (Senior Director of Software Engineering, Salesforce.com INC)

Venue: Building B | Level 5 | Thomas Murphy Ballroom 1, Atlanta, GA, USA

Type: AI + ML

Description: As Kubernetes environments grow increasingly complex, platform teams struggle with the escalating challenges of managing multi-tenant clusters efficiently. This session presents a groundbreaking approach to Kubernetes operations, leveraging generative AI and multi-agent collaboration to create a self-healing, intelligent cluster management system. Drawing from real-world implementations, we’ll demonstrate how intelligent agents can manage and troubleshoot over 1,000 Kubernetes clusters, dramatically reducing mean time to identify (MTTI) and mean time to resolve (MTTR) for critical cluster issues. Our solution combines advanced AI technologies with GitOps principles to create a comprehensive automation framework that: Intelligently analyzes cluster health using AI-powered introspection Automatically diagnoses complex Kubernetes problems Implements guardrail workflows for secure, validated remediation Orchestrates multi-step resolutions with minimal human intervention

Simplifying Advanced AI Model Serving on Kubernetes Using Helm Charts #

Time: 12:00pm EST - 12:30pm EST

Speakers: Ajay Vohra (Amazon & Tianlu Caron Zhang, Apple)

Venue: Building B | Level 4 | B401-402, Atlanta, GA, USA

Type: AI + ML

Description: The AI model serving landscape on Kubernetes presents practitioners with an overwhelming array of technology choices: From inference servers like Ray Serve and Triton Inference Server, inference engines like vLLM, and orchestration platforms like Ray Cluster and KServe. While this diversity drives innovation, it also creates complexity. Teams often prematurely standardize on limited technology stacks to manage this complexity. This talk introduces an innovative Helm-based approach that abstracts the complexity of AI model serving while preserving the flexibility to leverage the best tools for each use case. Our solution is accelerator agnostic, and provides a consistent YAML interface for deploying and experimenting with various serving technologies. We’ll demonstrate this approach through two concrete examples of multi-node, multi-accelerator model serving with auto scaling: 1/ Ray Serve + vLLM + Ray Cluster, and 2/ LeaderWorkerSet + Triton Inference Server + vLLM + Ray Cluster + HPA.

Performance Tuning Java Apps for Kubernetes: From Startup Time To Container Efficiency #

Time: 12:00pm EST - 12:30pm EST

Speakers: Ryan Jarvinen (Principal Developer Advocate, IBM); Daniel Oh (Senior Principal Developer Advocate, Red Hat)

Venue: Building B | Level 3 | B308-309, Atlanta, GA, USA

Type: CLOUD NATIVE EXPERIENCE

Description: Running Java applications in Kubernetes brings a set of performance expectations: fast startup, low memory usage, and efficient container images. This session is a hands-on walkthrough of tools and techniques to help meet those goals. You’ll learn how to use Jib to build lean container images, accelerate cold starts with GraalVM native image compilation, and improve runtime responsiveness with Class Data Sharing (CDS) and Coordinated Restore at Checkpoint (CRaC). We’ll dive into real-world configuration examples, discuss trade-offs, and demonstrate how to combine these tools to boost performance in Kubernetes-native Java workloads.

Surviving to Thriving: Building an Open Source Business in the Era of Rugpulls and OSPO Layoffs #

Time: 12:00pm EST - 12:30pm EST

Speakers: Michael Lieberman (CTO & Co-Founder, Kusari)

Venue: Building B | Level 5 | Thomas Murphy Ballroom 4, Atlanta, GA, USA

Type: CLOUD NATIVE STARTUP

Description: Kusari, a cybersecurity startup, was founded during the Summer of 2022, right before the bloodbath of OSPO layoffs and reorgs pulling employees away from open source contributions. We made missteps, learned hard lessons, and ultimately found a model that works. Starting at end user companies in the finserv and defense contracting spaces, Kusari’s founders took their learnings along with their work in the open source community and founded a business. They leveraged some of their roles in the Cloud Native Computing Foundation (CNCF), Open Source Security Foundation (OpenSSF) community to build early connections and partnerships that help them stand above their competitors. From early challenges with trying to productize FRSCA, an open source CI/CD project to success on early traction on an open source supply chain security tool called GUAC, it has been a rollercoaster ride. All the while the founders as well as the early employees came from open source and contributed to open source. Over time Kusari’s reputation in the open source grew and grew leading to leadership roles in the OpenSSF, Clearly Defined, and various other open source communities. Our role in open source helped drive the reputation that Kusari were the expert startup in the space. We’ve learned a lot of things along the way about what to focus on, what not to focus on, what is valuable to open source, and what isn’t. We now have a business model that works for us that is enabled through our adoption, contribution, and leadership in the open source community. This talk shows how not only is it viable to create an open source centric business model, but done right, an advantage. Key Takeaways What open source activities you need to focus on as a small startupHow your startup can stand out from the competition through open source contributionsHow to convince skeptical VCs of the viability of open source strategiesHow participation in the open source ecosystems helps with your go to market strategyWhen it’s time to wind down that open source project that just isn’t working

On-Prem Load Balancing Reimagined: Serving 20 Million QPS With Gateway API and EnvoyGateway #

Time: 12:00pm EST - 12:30pm EST

Speakers: Isaac Wilson (Staff Software Engineer, The Trade Desk)

Venue: Building B | Level 4 | B405-406a, Atlanta, GA, USA

Type: CONNECTIVITY

Description: In this session, The Trade Desk shares how we evolved our HAProxy Community Edition (open source) based load-balancing architecture running on bare metal into a cloud-native, Kubernetes-based Envoy Gateway platform powered by Gateway API. You’ll learn how we migrated core services, refactored service discovery, and extended EnvoyGateway with advanced controls such as Circuit Breakers and Zone Aware Routing (plus upstream Envoy contributions) to gain richer control, smarter traffic distribution, and higher resilience across topology zones. We’ll walk through our key architectural decisions, automation strategies, things we broke along the way, and lessons learned to help you execute a smooth, large-scale migration.

AdminNetworkPolicy: From Alpha To Beta and Beyond #

Time: 12:00pm EST - 12:30pm EST

Speakers: Dan Winship (Senior Principal Software Engineer, Red Hat); Surya Seetharaman (Principle Software Engineer, Red Hat); Nadia Pinaeva (Senior Software Engineer, Nvidia); Bowei Du (Senior Staff, Google)

Venue: Building C | Level 3 | Georgia Ballroom 3, Atlanta, GA, USA

Type: MAINTAINER TRACK

Description: The Network Policy API working group, part of Kubernetes SIG Network, focuses on designing and evolving APIs to secure Kubernetes cluster networking. Over the past year, the community has been actively working towards graduating the alpha-level AdminNetworkPolicy (ANP) and BaselineAdminNetworkPolicy (BANP) resources—designed to give administrators powerful, cluster-wide controls—towards Beta status. In this session, we’ll take a deep dive into the latest updates to the AdminNetworkPolicy API, including the consolidation of ANP and BANP into a unified resource and improvements to how ports are expressed to allow for greater extensibility. We’ll also share our roadmap to GA, discuss how you can get involved in shaping the future of Kubernetes network security, and host an open Q&A with project maintainers. Whether you’re an operator, contributor, or just curious about cluster-level network policy, this session is for you!

Beyond the Operators: The Full Strimzi Ecosystem for Kafka on Kubernetes #

Time: 12:00pm EST - 12:30pm EST

Speakers: Paolo Patierno (Senior Principal Software Engineer, IBM); Michael Morris (Master Software Engineer, Ericsson Software Technology)

Venue: Building B | Level 2 | B206, Atlanta, GA, USA

Type: MAINTAINER TRACK

Description: Strimzi is best known for its operators, but its ecosystem includes a rich set of components that make Apache Kafka on Kubernetes truly production-ready. This talk dives into the broader Strimzi landscape: the HTTP Bridge for RESTful Kafka access, the Drain Cleaner for safe node maintenance, the OAuth library for secure authentication, the Access Operator for declarative user and ACL management, and the Metrics Reporter for enhanced observability. We’ll also touch on other complementary tools like the Kubernetes Config Provider for dynamic configuration and the MQTT Bridge for IoT integration. Whether you’re running Kafka at scale or exploring cloud-native streaming for the first time, this session will offer a practical look at how the full Strimzi ecosystem works together to simplify and strengthen your deployment.

Time: 12:00pm EST - 12:30pm EST

Speakers: Why Does a Project Need It - Chris Short (CIQ & Kaslin Fields, Google)

Venue: Building C | Level 3 | Georgia Ballroom 1, Atlanta, GA, USA

Type: MAINTAINER TRACK

Description: An update to the Maintainer’s Track session conducted at CNCF Maintainer Summit EU 2025. Kaslin Fields and I would be doing this updated version. CFP FOLLOWS Most projects have a website. Most projects attempt to establish some form of Social Media presence. However, let’s face the hard truth: communications for a project are challenging, and we can encounter various pitfalls. Let’s explore the mechanisms and processes you can use in a project to ensure better communication. We begin by identifying mechanisms and target groups for Kubernetes Contributor Communications, what channels to use and will end in drafting social media policies and guidelines for the contributors when they are publishing comms in the name of a project. Also, have you ever considered critical communications for a project - how do you handle communications if something critical is happening? After the session, you have ideas for your project to move towards a more consistent and reliable communication.

Rook: Intro and Deep Dive With Ceph Storage #

Time: 12:00pm EST - 12:30pm EST

Speakers: Blaine Gardner & Benamar Mekhissi (Storage System Architect and Rook maintainer, IBM)

Venue: Building C | Level 3 | Georgia Ballroom 2, Atlanta, GA, USA

Type: MAINTAINER TRACK

Description: The Rook project will be introduced to attendees of all levels and experience. Rook is an open source cloud-native storage operator for Kubernetes, providing the platform, framework, and support for Ceph to natively integrate with Kubernetes. The panel will discuss various scenarios to show how Rook configures Ceph to provide stable block, shared file system, and object storage for your production data. Rook was accepted as a graduated project by the Cloud Native Computing Foundation in October 2020.

Using Buildpacks To Boost Developer Productivity #

Time: 12:00pm EST - 12:30pm EST

Speakers: Joe Kutner (Architect, Salesforce); Joey Brown (Platform Engineer, Heroku)

Venue: Building C | Level 1 | C111-112, Atlanta, GA, USA

Type: MAINTAINER TRACK

Description: Widespread container adoption has inadvertently overburdened developers. While Dockerfiles simplified initial container creation, they lack the abstraction needed to clearly delineate responsibilities between developers and platform teams. This often results in developers managing operational tasks like app containerization, base image maintenance, and remediating third-party vulns–time-consuming burdens that hinder productivity. In addition, platform teams need to manage inconsistencies in Dockerfiles across teams which leads to difficult-to-manage images, and troubleshooting complex builds consumes valuable developer time. Cloud Native Buildpacks (CNBs) provide a solution by enabling a clear separation of concerns. Operations teams can manage base images and security updates, while developers focus on writing code. In this talk, you’ll learn how your organization can leverage CNBs to empower developers, enhance security, and optimize your containerization workflows.

Talk To Your Dashboards: Using MCP and LLMs To Simplify Observability #

Time: 12:00pm EST - 12:30pm EST

Speakers: Prashant Gupta & Raj Bhensadadia (Machine Learning Engineer, Apple Inc)

Venue: Building B | Level 3 | B304-305, Atlanta, GA, USA

Type: OBSERVABILITY

Description: In large-scale application services, dashboards serve as windows into system health. But as the number of systems grow, so does the complexity. Dashboards can become outdated, and queries may drift over time. Large Language Models (LLMs) offer a way to simplify the management of dashboards and alerts using natural language prompts. However, integrating this capability into open-source systems is challenging to scale due to fragmented APIs. Enter, Model Context Protocol (MCP), which addresses this challenge by exposing observability primitives—dashboards, datasources, alerts—through a standardized schema that LLMs can understand. In this session, we’ll demonstrate how MCP servers & clients can bridge LLMs with dashboard & alert management tools via natural language. You’ll leave with practical techniques to integrate LLMs into your observability visualization stack like Perses—no custom wrappers, & no brittle integrations.

Taming Rollout Risks in Distributed Web Apps: A Location-Aware Gradual Deployment Approach #

Time: 12:00pm EST - 12:30pm EST

Speakers: Angela Victorio (Lead Software Engineer, JP Morgan Chase)

Venue: Building B | Level 4 | B406b-407, Atlanta, GA, USA

Type: OPERATIONS + PERFORMANCE

Description: Deploying updates to web apps installed on managed client devices—such as airport kiosks or retail POS systems—comes with unique challenges. In this session, we’ll share how we used Kubernetes, Istio, and CI/CD pipelines to implement a location-aware gradual rollout strategy. Rather than applying global traffic weights, we targeted per-location percentages to minimize localized risk. The solution includes release-aware routing, dynamic profile updates, and flexible tooling—adaptable across tech stacks for anyone managing applications deployed to physical sites or edge clients.

Platform Engineering in Action: Test-Driven Development Applied To Developer Platforms #

Time: 12:00pm EST - 12:30pm EST

Speakers: Charles-Edouard Brétéché (Nirmata & Sara Qasmi, NTT Data)

Venue: Building B | Level 3 | B312-314, Atlanta, GA, USA

Type: PLATFORM ENGINEERING

Description: How do you design and evolve a robust platform for Kubernetes? And how can you ensure seamless testing at every stage, from development to CI pipelines? Join us to dive into the answers, showcasing Chainsaw alongside powerful tools like ArgoCD and Crossplane, to build a simple platform. In this hands-on session, you’ll: - Define the key expectations for a demo platform. - Watch Charles-Edouard and Viktor implement it live. - Discover how Chainsaw can be seamlessly integrated to test the platform during development and ensure its reliability under CI conditions. This session is designed for platform engineers, DevOps practitioners, and Kubernetes enthusiasts eager to enhance their workflows with practical tools and best practices. Prepare to walk away with actionable insights and inspiration to take your Kubernetes projects to the next level. Don’t miss this opportunity to learn from two industry leaders shaping the future of platform engineering!

Project Demo #

Time: 12:00pm EST - 12:25pm EST

Venue: Building B | Level 1 | Exhibit Hall B3-B5 | Project Pavilion, Atlanta, GA, USA

Type: PROJECT OPPORTUNITIES

End-to-End Security With gRPC in Kubernetes #

Time: 12:00pm EST - 12:30pm EST

Speakers: Shiva & Abhishek Agrawal (Software Engineer, Google)

Venue: Building B | Level 3 | B302-303, Atlanta, GA, USA

Type: SECURITY

Description: As cloud-native architectures continue to scale, ensuring secure communication across microservices is a critical challenge. gRPC is widely adopted for its high performance and efficiency, but achieving end-to-end security in Kubernetes-based deployments introduces unique complexities. This session will explore best practices for securing gRPC applications in Kubernetes environments. We will cover the implementation of TLS and MTLS for encrypted communication, authentication using JWT and OAuth2. Special focus will be given to leveraging Kubernetes-native tools like Cert-Manager and Secrets for certificate management and integrating service meshes such as Istio for automated security configurations.

Lunch 🍲#

Time: 12:30pm EST - 2:30pm EST

Venue: Building B | Level 1 | Exhibit Hall B3-B5, Atlanta, GA, USA

Type: BREAKS

Women’s Community Gathering #

Time: 12:30pm EST - 1:30pm EST

Venue: Building B | Level 2 | B211-212, Atlanta, GA, USA

Type: INCLUSION + ACCESSIBILITY

Description: Strong communities foster a feeling of belonging by providing opportunities for interaction, collaboration, and shared experiences. We hope to do just that with a gathering of attendees who identify as women and non-binary individuals at KubeCon + CloudNativeCon North America! Feel free to grab your box lunch from the Solutions Showcase, and join members of Women in Cloud Native and fellow community members for networking and connection in the Community Hub.

Time: 12:30pm EST - 1:00pm EST

Venue: Building B | Level 1 | Exhibit Hall B3-B5, Atlanta, GA, USA

Type: SOLUTIONS SHOWCASE

Description: Sponsor: Mirantis Demo: Bootstrap AI Services Instantly with k0rdent AI Booth Number: 820 In order to facilitate networking and business relationships at the event, you may choose to visit a third party’s booth or access sponsored content. You are never required to visit third party booths or to access sponsored content. When visiting a booth or participating in sponsored activities, the third party will receive some of your registration data. This data includes your first name, last name, title, company, address, email, standard demographics questions (i.e. job function, industry), and details about the sponsored content or resources you interacted with. If you choose to interact with a booth or access sponsored content, you are explicitly consenting to receipt and use of such data by the third-party recipients, which will be subject to their own privacy policies.

Network Nook Meetup: 1st Time Attendees #

Time: 1:00pm EST - 2:00pm EST

Venue: Building B | Level 1 | Solutions Showcase, Atlanta, GA, USA

Type: EXPERIENCES

Description: Join us for casual and engaging meetups at the Network Nook during lunch breaks! These informal gatherings are open to all, whether you’re a first-time attendee, a solo traveler, or simply looking to chat about shared interests. This is a great way to connect with others. Today’s theme is: 1st Time Attendees New to KubeCon + CloudNativeCon? Connect with fellow first-time attendees, share tips, and get insights from CNCF ambassadors on how to make the most of your conference experience!

Project Pavilion Tour #

Time: 1:00pm EST - 1:20pm EST

Speakers: Orlin Vasilev (Principal Open Source Technology Advocate, SUSE)

Venue: Building B | Level 1 | Exhibit Hall B3-B5 | Project Pavilion, Atlanta, GA, USA

Type: PROJECT OPPORTUNITIES

Time: 1:00pm EST - 1:30pm EST

Venue: Building B | Level 1 | Exhibit Hall B3-B5, Atlanta, GA, USA

Type: SOLUTIONS SHOWCASE

Description: Sponsor: vCluster Demo: Multi-vCluster Argo CD PR Previews Across Kubernetes Versions (promoted) Booth Number: 421 In order to facilitate networking and business relationships at the event, you may choose to visit a third party’s booth or access sponsored content. You are never required to visit third party booths or to access sponsored content. When visiting a booth or participating in sponsored activities, the third party will receive some of your registration data. This data includes your first name, last name, title, company, address, email, standard demographics questions (i.e. job function, industry), and details about the sponsored content or resources you interacted with. If you choose to interact with a booth or access sponsored content, you are explicitly consenting to receipt and use of such data by the third-party recipients, which will be subject to their own privacy policies.

Learning Lounge: Bridging Skill Gaps to Train 30K in Africa #

Time: 1:15pm EST - 1:30pm EST

Speakers: Ibrahim Kabiru & Nicola Lyons (Learning Manager, Andela)

Venue: Building B | Level 1 | Exhibit Hall B3-B5 | Learning Lounge, Atlanta, GA, USA

Type: EXPERIENCES

Description: 10-Minute Tip Talk

Time: 1:30pm EST - 2:00pm EST

Venue: Building B | Level 1 | Exhibit Hall B3-B5, Atlanta, GA, USA

Type: SOLUTIONS SHOWCASE

Description: Sponsor: Komodor Demo: LIVE DEMO: Komodor’s Autonomous AI SRE Platform Booth Number: 721 Sponsor: Tigera Demo: Accelerating Cloud-Native AI Security & Performance with Calico eBPF and XDP Booth Number: 521 In order to facilitate networking and business relationships at the event, you may choose to visit a third party’s booth or access sponsored content. You are never required to visit third party booths or to access sponsored content. When visiting a booth or participating in sponsored activities, the third party will receive some of your registration data. This data includes your first name, last name, title, company, address, email, standard demographics questions (i.e. job function, industry), and details about the sponsored content or resources you interacted with. If you choose to interact with a booth or access sponsored content, you are explicitly consenting to receipt and use of such data by the third-party recipients, which will be subject to their own privacy policies.

Project Demos #

Time: 1:45pm EST - 4:40pm EST

Venue: Building B | Level 1 | Exhibit Hall B3-B5 | Project Pavilion, Atlanta, GA, USA

Type: PROJECT OPPORTUNITIES

Becoming an Impactful CNCF Member #

Time: 2:00pm EST - 2:30pm EST

Venue: Building B | Level 1 | Solutions Showcase, Atlanta, GA, USA

Type: EXPERIENCES

Description: How CNCF members directly fuel the health and growth of the cloud native community. This session goes beyond sponsorship to show how member contributions, addressing financial support to engineering resources which are vital for sustaining core projects, funding security audits, and enabling community programs. Learn about the tangible impact of membership and what an ideal contributing member looks like. You’ll leave with a clear understanding of the virtuous cycle that connects membership to community vitality.

Learning Lounge: Sensitive Keys in Codebases & Hidden in Layers Contest #

Time: 2:00pm EST - 2:15pm EST

Speakers: Aleks Jones (Technical Trainer, Linux Foundation Education)

Venue: Building B | Level 1 | Exhibit Hall B3-B5 | Learning Lounge, Atlanta, GA, USA

Type: EXPERIENCES

Description: Live Security Challenge

Deep Roots: Black, Indigenous, and People of Color Community Gathering #

Time: 2:00pm EST - 3:00pm EST

Venue: Building B | Level 2 | B211-212, Atlanta, GA, USA

Type: INCLUSION + ACCESSIBILITY

Description: Strong communities foster a feeling of belonging by providing opportunities for interaction, collaboration, and shared experiences. Please join members of the Deep Roots Initiative and fellow community members for networking, connection and open discussion in the Community Hub.

Time: 2:00pm EST - 2:30pm EST

Venue: Building B | Level 1 | Exhibit Hall B3-B5, Atlanta, GA, USA

Type: SOLUTIONS SHOWCASE

Description: Sponsor: Arm Demo: Multi-architecture Cloud Native Applications: from Scalable Inference to Trusted Agents Booth Number: 231 Sponsor: Infisical Demo: Open source secrets, certificates, and privileged access management Booth Number: 720 Sponsor: Intuit Demo: Numaflow: Intuit’s open-source platform for event processing at scale Booth Number: 431 Sponsor: JetBrains Booth Number: 921 Sponsor: MinIO Demo: MinIO AIStor Tables Booth Number: 620 Sponsor: OpenSearch Demo: OSCAR: Simplifying OpenSearch Releases with Conversational AI Booth Number: 1431 In order to facilitate networking and business relationships at the event, you may choose to visit a third party’s booth or access sponsored content. You are never required to visit third party booths or to access sponsored content. When visiting a booth or participating in sponsored activities, the third party will receive some of your registration data. This data includes your first name, last name, title, company, address, email, standard demographics questions (i.e. job function, industry), and details about the sponsored content or resources you interacted with. If you choose to interact with a booth or access sponsored content, you are explicitly consenting to receipt and use of such data by the third-party recipients, which will be subject to their own privacy policies.

Meta’s Kubernetes-based Portable AI Research Environment #

Time: 2:30pm EST - 3:00pm EST

Speakers: Shaun Hopper (Meta); Navarre Pratt (Infrastructure Engineer, CoreWeave)

Venue: Building B | Level 5 | Thomas Murphy Ballroom 1, Atlanta, GA, USA

Type: AI + ML

Description: As Meta’s AI research demands grow, providing researchers with a consistent, high-productivity computing environment across diverse infrastructure has become essential. At the same time, infrastructure engineers need a consistent and portable platform to deploy the environment across multiple cloud providers. This session explores how Meta collaborated with CoreWeave to leverage SUNK (Slurm on Kubernetes) to enable a reliable and unified Slurm experience that runs seamlessly across heterogeneous multi-cloud environments, backed by comprehensive health checking, consistent security controls, deep centralized observability and unified research experience. In this session, Meta and CoreWeave will share how SUNK enables researchers to focus on their work through a familiar Slurm interface, secure per-user isolation, shared storage mounts, and streamlined access management, abstracting away underlying infrastructure complexity. While allowing infrastructure engineers to realize the benefits of deploying everything on top of kubernetes. Key takeaways: How Meta platformized their Slurm research environment on top of kubernetes, enabling a portable and consistent experience for researchers across different cloud providers.Novel patterns for enabling users to deploy infrastructure on top of kubernetes withoutrealizing it.Leveraging OpenTelemetry as a unified interface for both platform and research levelinsights.

Slurm Bridge: Slurm Scheduling Superpowers in Kubernetes #

Time: 2:30pm EST - 3:00pm EST

Speakers: Alan Mutschelknaus & Tim Wickberg (Senior Cloud Engineer, SchedMD)

Venue: Building B | Level 4 | B401-402, Atlanta, GA, USA

Type: AI + ML

Description: If you are looking to run multi-node AI inference, AI training, or High Performance Computing workloads, scheduling resources efficiently is imperative. Kubernetes was created to manage microservices which requires reliability, but does not natively handle optimal workload placement. Slurm scheduling does account for the minutiae of node resources, such as node hardware topology, and other desired features such as workload planning, fair use, and batch type scheduling. With Slurm’s scheduling combined with fine-grained resource control offered by DRA drivers for CPUs, NICS, and GPUs, Kubernetes will be leveled up to support large-scale, granular resource scheduling. We demonstrate how the recently released Slurm Bridge, one of the projects within SlinkyProject, which uses the Kubernetes Scheduling Framework and the Slurm scheduler to drive multi-node workload placement decisions.

The Myth of Portability: Why Your Cloud Native App Is Married To Your Provider #

Time: 2:30pm EST - 3:00pm EST

Speakers: Corey Quinn (Chief Cloud Economist, The Duckbill Group)

Venue: Building B | Level 3 | B308-309, Atlanta, GA, USA

Type: CLOUD NATIVE EXPERIENCE

Description: We’ve been sold a lie. The cloud native ecosystem promises portability—write once, run anywhere! Just containerize everything, sprinkle some YAML, and you’re cloud-agnostic! Except you’re not. This talk examines how cloud native applications become inadvertently locked to their cloud provider, despite our best intentions. We’ll dissect the subtle ways your “portable” application gets married to a specific cloud: from IAM systems that don’t translate, to provider-specific load balancers masquerading as standard ingress, to that innocent-looking object storage bucket your app “temporarily” writes to. Through real-world examples and architectural patterns, we’ll explore the hidden dependencies that make cloud switching a multi-million dollar project, why “cloud-agnostic” usually means “works poorly everywhere,” the true cost of maintaining actual portability (spoiler: it’s more than just running containers), and when portability actually matters versus when it’s expensive theater.

Don’t Panic! A Beginner’s Guide To K8s Debugging #

Time: 2:30pm EST - 3:00pm EST

Speakers: Ivan Porta & Phil Henderson (Customer Engineer, Buoyant)

Venue: Building B | Level 2 | B206, Atlanta, GA, USA

Type: CLOUD NATIVE NOVICE

Description: It’s 9 AM on Monday morning, and you’re eager to dig into the new feature you’ve been designing over the past weeks. You write the code, deploy to testing, send your first request, and… it doesn’t work. Now what? If you’re new to Kubernetes, this kind of thing can be a showstopper. Kubernetes is powerful and capable, but complex enough that knowing where to look when things go wrong can be a real challenge. This session, we’ll give you what you need for a fighting chance. We’ll look at how Services, Deployments, and Pods hang together; logging and events (and their strengths and weaknesses); basic observability using a service mesh; health checking; and some common gotchas along the way. We’ll use Linkerd for our examples, but everything we show is applicable to other technologies as well. Join us and walk away with tools you can use immediately to make life easier!

Building a Closed-Source AI DevTool for Open Source and Enterprise #

Time: 2:30pm EST - 3:00pm EST

Speakers: Devin Stein (CEO, Dosu)

Venue: Building B | Level 5 | Thomas Murphy Ballroom 4, Atlanta, GA, USA

Type: CLOUD NATIVE STARTUP

Description: Most DevTool startups either lean towards full open source licensing or specifically target enterprise customers. At Dosu, we’re doing something different! We are building a closed-source AI tool that helps open source maintainers AND enterprises. Join Devin as he discusses Dosu’s journey so far. You’ll learn about why Dosu chose this approach, how we balance free community support with paid customers, what we are learning by dogfooding our own product, and the operational realities of supporting over 60,000 developers with a small team. We’ll cover some of our product strategy, community trust dynamics, and the frameworks we use to inform our decision-making process on what we build. If you’re a startup founder developing developer tools or seeking insights on business models where your users and buyers are different, this talk is for you!

Kubernetes IP Management: From Core Concepts To Strategic Solutions #

Time: 2:30pm EST - 3:00pm EST

Speakers: Ivy Zhuang & Whitney Jenkins (Software Engineer, Google)

Venue: Building B | Level 4 | B405-406a, Atlanta, GA, USA

Type: CONNECTIVITY

Description: Kubernetes’ “IP-per-pod” model is often praised for simplifying container networking by providing a flat, routable network that streamlines application deployment. But what happens when that “simplification” becomes a significant hurdle? Effective IP address management (IPAM) is challenging, and cluster administrators must carefully plan network connectivity as these early decisions are often irreversible. This talk will cover fundamental Kubernetes IPAM concepts, including CNI plugin roles and IP assignment for pods/services/nodes. We’ll explore IPAM modes and address common challenges, like IP exhaustion (CIDR allocation, subnetting), dual-stack (IPv4/IPv6) complexities, and troubleshooting connectivity problems. Finally, we will cover new Kubernetes IPAM features such as Extend Service IP Range alongside a general look at common IPAM solutions. Attendees will gain knowledge to design, implement, and troubleshoot robust and scalable solutions for their containerized applications.

BoF | Let’s Discuss: The Future of macOS Containers with Cloud Native Tooling #

Time: 2:30pm EST - 3:00pm EST

Venue: Building B | Level 2 | B202, Atlanta, GA, USA

Type: EXPERIENCES

Description: Apple’s newly open-sourced Containerization framework enables developers to build and run Linux containers directly on macOS, using lightweight virtual machines. Join this session to meet the developers behind the Container project, hear about the upcoming roadmap, and join discussions on integrating it with the existing cloud native ecosystem, including: Support for non-ephemeral distrosIntegration with tools such as kindUse of the Container runtime with Kubernetes

🚩An Introduction to Capture The Flag #

Time: 2:30pm EST - 3:15pm EST

Venue: Building B | Level 2 | B203, Atlanta, GA, USA

Type: EXPERIENCES

CRI-O: Thriving in a Changing World, One Container at a Time #

Time: 2:30pm EST - 3:00pm EST

Speakers: Ayato Tokubi & Sohan Kunkerkar (Software Engineer, Red Hat)

Venue: Building C | Level 3 | Georgia Ballroom 3, Atlanta, GA, USA

Type: MAINTAINER TRACK

Description: As the container ecosystem continues to evolve, CRI-O is innovating to meet new challenges. In this session, we will explore the latest advancements in CRI-O, including support for OCI Artifacts beyond container images, such as AI and ML model deployment, as well as new security features like advanced seccomp profile controls and customizable stop signal handling. We’ll also highlight performance and infrastructure updates. Through demos, we’ll examine these capabilities and preview future additions. Attendees will gain insights to improve the security, adaptability, and operational efficiency of their container environments. This talk is ideal for SysAdmins, SREs, and Developers.

Discover Cortex: High Scalability Metrics in 2025 #

Time: 2:30pm EST - 3:00pm EST

Speakers: Friedrich Gonzalez (Software Engineer, Apple); Alolita Sharma (Engineering Leader, AIML Platform Engineering, Observability, Apple); Anand Rajagopal (Software Engineer, Amazon Web Services)

Venue: Building C | Level 3 | Georgia Ballroom 1, Atlanta, GA, USA

Type: MAINTAINER TRACK

Description: Dive into Cortex with us in this interactive session designed to help you get started with one of the most powerful open-source metrics platforms. We’ll also highlight key improvements from the latest 1.19 release and share what’s ahead on the roadmap. Whether you’re just beginning your journey with Cortex or already contributing to the project, you’ll walk away with practical insights and expert tips. Stick around for a live Q&A with core maintainers—your chance to ask questions, share thoughts, and connect directly with the team driving Cortex forward.

Introducing TAG Workloads Foundation: Advancing the Core of Cloud Native Execution #

Time: 2:30pm EST - 3:00pm EST

Speakers: Yuan Tang (Senior Principal Software Engineer, Red Hat); Paco Xu (Lead of open source team, DaoCloud); Marlow Weston (Principal Cloud Engineer, SchedMD LLC); Rajas Kakodkar (Staff Software Engineer at Broadcom | Tech Lead TAG Workload Foundation CNCF, Broadcom); Stephen Rust (Principal Architect, Akamai)

Venue: Building C | Level 3 | Georgia Ballroom 2, Atlanta, GA, USA

Type: MAINTAINER TRACK

Description: The CNCF Technical Advisory Groups (TAGs) play a vital role in shaping the future of cloud native. We’re excited to introduce a new addition: the TAG Workloads Foundation. This session will present the mission, scope, and early initiatives of TAG Workloads Foundation, focused on defining and advancing practices and standards for cloud native workload execution environments and lifecycle management. Attendees will learn how this TAG supports the CNCF’s technical vision, why workload execution is critical for adopters, and how community members can get involved to help solve real-world challenges across container platforms, schedulers, orchestration systems, etc. Join us to help shape the next phase of cloud native maturity—from fundamental runtime environments to future-forward workload patterns.

Strengthening Supply Chain for Kubernetes: Cross-Cloud SLSA Attestation Verification #

Time: 2:30pm EST - 3:00pm EST

Speakers: Feynman Zhou (Product Manager, Microsoft); Dahu Kuang (Senior Engineer, Alibaba Cloud)

Venue: Building C | Level 1 | C111-112, Atlanta, GA, USA

Type: MAINTAINER TRACK

Description: As software supply chain threats increase, verifying the provenance and integrity of container images is essential for securing Kubernetes workloads. The SLSA framework provides a standardized way to achieve this through artifact attestations, and platforms like GitHub have begun integrating provenance features into their CI/CD systems. However, organizations often face practical challenges when verifying these attestations at deployment time, particularly in controlled or restricted environments. In this talk, maintainers from Microsoft Azure and Alibaba Cloud will introduce upcoming support for SLSA attestation verification in the Notary Project and Ratify. We’ll demonstrate how these open-source tools enable policy-based verification of OCI artifact attestations across cloud providers and on-premise, making them suitable for a wide range of enterprise and Kubernetes scenarios.

Making Application Rollouts Observable, Actionable and Boring #

Time: 2:30pm EST - 3:00pm EST

Speakers: Vasudev Bongale (Staff Software Engineer, LinkedIn, LinkedIn)

Venue: Building B | Level 3 | B304-305, Atlanta, GA, USA

Type: OBSERVABILITY

Description: Managing and understanding thousands of workload rollouts is challenging—especially in Kubernetes, where the system is always converging, making it difficult to track deployment origins, changes, and statuses. Developers and platform teams want clear answers: Did the rollout succeed? What changed? Is it stable? At LinkedIn, we handle 50,000+ app deployments weekly, making visibility and quick debugging crucial. We’ve built a system that tracks every change—from pipeline-triggered rollouts and kubectl edits to controller-driven podSpec mutations—capturing both the source and the result. It helps surface failure reasons such as pod scheduling issues, app/init container crashes, and image pull delays. In this talk, we’ll share our journey building a unified system, categorizing failures, simplifying interactions by abstracting Kubernetes, and delivering out-of-the-box app health metrics. Our goal: to enhance platform reliability and streamline the developer experience with Kubernetes.

Time: 2:30pm EST - 3:00pm EST

Speakers: Sunyanan Choochotkaew (Staff Research Scientist, IBM); John Belamaric (Senior Staff Software Engineer, Google)

Venue: Building B | Level 4 | B406b-407, Atlanta, GA, USA

Type: OPERATIONS + PERFORMANCE

Description: Divvying up a network card using Kubernetes is really hard to do. If you need to spin up virtual interfaces on top of a NIC, limit their bandwidth, and hand them out to different Pods, you will have a rough time. Come find out how the Kubernetes project will make sharing network hardware just as easy as sharing node CPU and memory! And networking is just the initial use case - this functionality can work with any device. Being able to sub-divide devices will really improve utilization of your pricey hardware. In this talk, we detail a new way to request resources from attached devices like NICs, GPUs, and DPUs. Building on the recently released Device Resource Allocation (DRA), this feature performs on-demand provisioning based on resource requests, allowing a physical device to be independently shared among Pods multiple times. It extends K8s multi-tenancy to the sub-device level. We’ll dive deep and explore real-world use cases, under the hood details, and future extensions.

Real-World Strategies for Cutting Kubernetes Costs: Why One Size Doesn’t Fit All #

Time: 2:30pm EST - 3:00pm EST

Speakers: Dolis Sharma (Solution Architect, Nirmata)

Venue: Building B | Level 3 | B312-314, Atlanta, GA, USA

Type: PLATFORM ENGINEERING

Description: Are your Kubernetes costs spiraling out of control? You’re not alone—and there’s no silver bullet. This talk explores the most common cost pitfalls in Kubernetes environments and offers multiple, practical solutions that teams can tailor to their needs. We’ll dive into real-world FinOps challenges like over-provisioned workloads, idle resources, inefficient scaling, and lack of governance. You’ll learn how tools like Karpenter, VPA, Spot Instances, cleanup utilities, and policy enforcement each solve a piece of the puzzle. Whether you’re just starting out or trying to reduce an already hefty bill, this session will help you map the right strategies to your workloads and teams. Expect hands-on examples, decision criteria, and battle-tested tips to help you slash your cloud spend—without compromising on performance or velocity.

From Bespoke To Bulletproof: SPIFFE/SPIRE With ESO for Enterprise Zero Trust #

Time: 2:30pm EST - 3:00pm EST

Speakers: May Large & Ivy Moore (State Farm)

Venue: Building B | Level 3 | B302-303, Atlanta, GA, USA

Type: SECURITY

Description: At State Farm, securing microservices across multi-cluster K8s environments demanded a robust zero-trust architecture. Our initial “bespoke” SPIFFE/SPIRE deployment provided workload identities but faltered under scale. To achieve enterprise-grade resilience, we transitioned to an HA nestedSpire architecture, enabling seamless integration with ESO for secure secret retrieval. This talk shares our journey, from debugging 500 errors in ESO’s webhook-based SecretStore to scaling SPIRE agents. We’ll detail how we configured nestedSpire for HA, integrated SPIFFE SVIDs with ESO’s webhook authentication, and automated secret rotation to remove credential leaks. Attendees will learn steps for deploying nestedSpire, troubleshooting common issues (like attestation failures). We’ll share lessons from our bespoke-to-bulletproof evolution. Whether you’re adopting SPIRE or optimizing an existing setup, this talk offers a blueprint for building scalable, secure zero-trust systems in Kubernetes.

Time: 2:30pm EST - 3:00pm EST

Venue: Building B | Level 1 | Exhibit Hall B3-B5, Atlanta, GA, USA

Type: SOLUTIONS SHOWCASE

Description: Sponsor: Atolio Demo: Atolio in Action: Secure, AI-Driven Search Across Your Enterprise Knowledge. Booth Number: 131 Sponsor: ClickHouse Demo: Intro to ClickStack: OTEL-Native Observability on ClickHouse Booth Number: 130 In order to facilitate networking and business relationships at the event, you may choose to visit a third party’s booth or access sponsored content. You are never required to visit third party booths or to access sponsored content. When visiting a booth or participating in sponsored activities, the third party will receive some of your registration data. This data includes your first name, last name, title, company, address, email, standard demographics questions (i.e. job function, industry), and details about the sponsored content or resources you interacted with. If you choose to interact with a booth or access sponsored content, you are explicitly consenting to receipt and use of such data by the third-party recipients, which will be subject to their own privacy policies.

🚨 Contribfest: Argo: Configure Your Local Setup and Contribute!#

Time: 2:30pm EST - 3:45pm EST

Speakers: Alexandre Gaudreault (Software Developer & Argo CD Maintainer, Intuit); Codey Jenkins (Senior Software Engineer @ Intuit and Argo CD Contributor, Intuit); Nitish Kumar (Software Engineer at Akuity Inc. & Argo CD Maintainer, Akuity)

Venue: Building B | Level 2 | B207, Atlanta, GA, USA

Type: 🚨 CONTRIBFEST

Description: Join the Argo maintainers for an interactive session designed to jumpstart your contribution journey! This workshop is perfect for aspiring contributors and experienced users who are ready to dive into the Argo CD codebase and resolve issues, but need a helping hand with their local development environment. We will walk you through the essential steps to set up your local Argo CD development environment, provide practical guidance on debugging issues within the codebase and help you run the linter, unit tests and e2e tests locally. By the end of this session, you’ll have a fully functional local Argo CD development environment and the confidence to debug issues and submit your valuable contributions to the project! And if your environment is already configured, you can still join us to tackle open issues or to discuss future enhancements to the project. Don’t forget your laptop, join our thriving community and start contributing!

🚨 Contribfest: Power up Your CNCF Tools With Headlamp #

Time: 2:30pm EST - 3:45pm EST

Speakers: Joaquim Rocha & Oleksandr Dubenko (Principal Software Engineering Manager, Microsoft)

Venue: Building B | Level 2 | B208, Atlanta, GA, USA

Type: 🚨 CONTRIBFEST

Description: Many CNCF tools and projects could become more accessible if they had a UI or an AI chat interface that’s integrated where users can also explore other Kubernetes resources and tools. But how to do this without having to “reinvent the wheel” or maintain much more than the projects need? This is exactly what Headlamp enables! Headlamp is an extensible Kubernetes UI that is part of the Kubernetes project under the SIG UI. It offers a great base UX for managing Kubernetes and serves as a building block for creating new user interfaces and user experiences, including extending its own AI assistant interface. So join us to explore Headlamp! Whether you’re looking to contribute or use it for your own project, everyone is welcome! We’ll run a quick workshop on building plugins and contributing to the core project. We’re also excited to brainstorm ways to improve Headlamp and the Kubernetes UX in general. Let’s build together!

📚 Tutorial: Build Your Internal Developer Platform With the Experts: A Hands-On Workshop #

Time: 2:30pm EST - 3:45pm EST

Speakers: Ana Margarita Medina (Staff Developer Advocate, Upbound); Cortney Nickerson (Head of Community, Nirmata); Scott Rosenberg (Lead Architect, CTO Office, TeraSky); Christian Hernandez (Technical Marketing Engineer, Tech Lead, Cisco)

Venue: Building B | Level 5 | Thomas Murphy Ballroom 2-3, Atlanta, GA, USA

Type: 📚 TUTORIALS

Description: Explore the world of platform engineering with open-source cloud native tooling in this hands-on workshop. This hands-on workshop is led by open-source experts who will guide you through building a real Internal Developer Platform (IDP) using production-proven CNCF tools like Crossplane, Backstage, Argo CD, and Kyverno. We will cover the tools and practices needed to gain platform adoption and discover how other companies are using these tools to expedite their platform journey.

Smarter Together: Orchestrating Multi-Agent AI Systems With A2A and MCP on Containers #

Time: 3:15pm EST - 3:45pm EST

Speakers: Ana Maria Lopez Moreno (Microsoft & Sharon Camacho, Summan)

Venue: Building B | Level 4 | B401-402, Atlanta, GA, USA

Type: AI + ML

Description: Smarter Together: Orchestrating Multi-Agent AI Systems with A2A and MCP on Containers AI is moving beyond single models into distributed, agent-based ecosystems. In this talk, we’ll explore how to orchestrate multi-agent systems using Agent-to-Agent (A2A) communication and Model Context Protocol (MCP), running in containerized, cloud-native environments. Through a live scenario, we’ll show how an orchestrator agent deployed in Kubernetes coordinates autonomous agents running in Azure and GCP. Attendees will learn how to enable secure, cross-cloud collaboration between agents, share memory context using MCP, and scale intelligent workflows across containers. If you’re building AI copilots or multi-agent platforms, this session will help you design modular and interoperable architectures with modern AI infrastructure.

Message In, Job Out: Build Event-Driven Workflows in Kubernetes Using NATS, CloudEvents, and Sveltos #

Time: 3:15pm EST - 3:45pm EST

Speakers: Colin Lacy & Grace Brickley (Software Engineer, Cisco)

Venue: Building B | Level 5 | Thomas Murphy Ballroom 1, Atlanta, GA, USA

Type: APPLICATION DEVELOPMENT

Description: Modern applications need to respond to real-world events—user actions, system signals, business milestones. Explore a flexible approach to orchestrating workflows that grow step by step without locking you into a fixed structure. This talk introduces a new way to build event-driven applications using Sveltos, an open source tool for declarative multi-cluster orchestration, and NATS, a lightweight messaging system designed for speed and simplicity. Instead of rigid execution graphs, this model uses declarative triggers for event-driven behavior, built on the CloudEvents standard, to guide how workflows evolve. And the best part: each step runs in a standard Kubernetes Job, making these applications easy to build, test, and extend using familiar tooling. Attendees will leave with a fresh approach to reactive system design using open source tools—and a new perspective on how orchestration can be declarative, flexible, and developer-friendly.

The Missing Manual for Open Source Community Sustainability #

Time: 3:15pm EST - 3:45pm EST

Speakers: Taylor Dolezal (Head of OSS, Dosu); Erica Hughberg (Envoy AI Gateway Maintainer, Tetrate.io)

Venue: Building B | Level 3 | B308-309, Atlanta, GA, USA

Type: CLOUD NATIVE EXPERIENCE

Description: You released an open source project that is gaining users. Now, how do you build a sustainable community? An open source project runs on people, a community. This talk is the missing manual. Learn to build and sustain cloud native open source communities and how to do so by supporting the people behind the code. We’ll explore the three pillars of every open source project: Builders – writing the code and shaping the roadmap Users – deploying and running the software Silent Users – benefiting quietly, but rarely engaging We’ll also look at the Builder-User hybrid, the vital link that fuels feedback and momentum. You’ll walk away with: A practical guide to preventing burnout and project decay Strategies to identify and retain contributors who keep the soul alive A renewed sense of purpose for growing a thriving community We have the manual you need if your project has code and user documentation, but no community playbook.

From Monolith To Microservices: A Visual Journey for Beginners #

Time: 3:15pm EST - 3:45pm EST

Speakers: Pedro Henrique Oliveira & Henrique Santana (Solutions Architect, AWS)

Venue: Building B | Level 2 | B206, Atlanta, GA, USA

Type: CLOUD NATIVE NOVICE

Description: Microservices architecture is foundational to cloud native applications, yet many beginners struggle to understand when and how to adopt this approach. This session uses visual storytelling to guide you through the evolution from monolith to microservices using a practical example application. You’ll see a step-by-step transformation that highlights key motivations, challenges, and benefits. Through clear diagrams and analogies, we’ll provide decision frameworks for when microservices make sense and when they don’t. You’ll gain a mental model that demystifies microservices and leave with practical insights to guide your own architectural decisions.

Manifesting Millions: No Luck Required, Just Tenacity #

Time: 3:15pm EST - 3:45pm EST

Speakers: Emily Long (Founder & CEO, Edera)

Venue: Building B | Level 5 | Thomas Murphy Ballroom 4, Atlanta, GA, USA

Type: CLOUD NATIVE STARTUP

Description: When Edera’s all-female founding team stepped into the world of deep enterprise technology in April 2024, we weren’t just solving the “unsolvable” problem of container isolation – we were dismantling every assumption about who builds category-defining infrastructure companies. In nine months, we raised over $20 million across seed and Series A rounds, but the path to that first million revealed brutal truths about what it takes for women to secure funding in tech. While the industry talks about the value of diverse teams in theory, we’re proving it works in practice, delivering results that have customers asking “is this too good to be true?” Our approach turned conventional startup wisdom upside down. Instead of a technical CEO learning people skills, we led with operational expertise and culture-first thinking – skills investors initially questioned but now credit as key differentiators. When you’re already doing what nobody else is doing – building the first hardened runtime – why not push every boundary? This talk exposes the unvarnished reality of raising that crucial first million: the investor meetings where we had to prove container isolation was possible before we could discuss market size, the sleepless nights one month before I would have had to cash out my 401k to keep my family fed and the company alive, and how being underestimated became our secret weapon. We’ll share what it’s like to be “very rare” – having all female founders in this industry – and how that rarity opened doors traditional approaches couldn’t. Throughout this journey, we’ve learned that exceptional execution speaks louder than any bias. But getting that first check? That required everything we had – and then some serious manifesting. We turned being “foundationally unique” into a license to take even bigger risks, but more importantly, we learned that founders get to choose their investors – not the other way around. While everyone chases the biggest names on Sand Hill Road, we intentionally built our cap table with partners who shared our values and vision for what technology companies should be. Sometimes the best money isn’t the most famous money. Key Takeaways: Why choosing values-aligned investors over brand names builds stronger companiesConcrete strategies for female founders raising in enterprise techHow to weaponize skepticism when everyone thinks your problem is “unsolvable”The unexpected advantages of being the anomaly in investor meetings No luck required – just the audacity to prove the impossible is inevitable.

Lessons Applied Building a Next-generation AI Proxy #

Time: 3:15pm EST - 3:45pm EST

Speakers: John Howard (Senior Architect, Solo.io)

Venue: Building B | Level 4 | B405-406a, Atlanta, GA, USA

Type: CONNECTIVITY

Description: As the industry’s infrastructure requirements have progressed over time, so have its proxies. Apache Traffic Server gave way to Nginx as traffic scales increased, with Envoy eventually joining the picture to fill in the gaps of high scale micro-service architectures. A similar shift is happening today with the dramatic surge in AI infrastructure, which have unique requirements to efficiently run. Intelligent request batching, model-aware load balancing, and token-based rate limiting are table stakes. Traditional proxies weren’t designed for any of this. Like Envoy was built to fill the need for a micro-service optimized proxy, a new data plane is needed to fill the need for an AI optimized proxy. In this talk, I’ll walk through the design decisions behind a new CNCF AI proxy built as part of kgateway. We’ll explore what makes AI traffic unique, as well as lessons learned from existing proxies, and explore the tradeoffs needed to build an optimal AI data plane.

Beyond the Cloud(s): Falco’s Ascent in Performance and Deep Visibility #

Time: 3:15pm EST - 3:45pm EST

Speakers: Leonardo Grasso & Leonardo Di Giovanna (Open Source Enginner 1, Sysdig)

Venue: Building C | Level 3 | Georgia Ballroom 3, Atlanta, GA, USA

Type: MAINTAINER TRACK

Description: Falco is soaring higher than ever into the stratosphere of observability—faster, sharper, and with a deeper lens into cloud native runtime security. In this session, maintainers will reveal two major breakthroughs: a reengineered event collection strategy that delivers significant performance gains, and a pioneering integration with StratoShark that enables Falco to capture targeted runtime activity for powerful post-incident analysis. These innovations push Falco beyond traditional detection into a new realm of forensic depth and responsiveness. Join us for a glimpse of what’s next as Falco charts a course toward faster, wiser, and more connected runtime security.

Kyverno Everywhere: Simplifying Unified Policy as Code #

Time: 3:15pm EST - 3:45pm EST

Speakers: Jim Bugwadia & Charles-Edouard Brétéché (Co-Founder and CEO, Nirmata)

Venue: Building C | Level 3 | Georgia Ballroom 1, Atlanta, GA, USA

Type: MAINTAINER TRACK

Description: Kyverno, the Kubernetes-native policy engine, has evolved with new specialized policy types leveraging CEL (Common Expressions Language), and now works inside and outside Kubernetes. This shift enables robust, scalable, and maintainable, and unified policy-as-code. Kyverno maintainers, Jim and Charles-Edouard, will deep dive into each new policy type, demonstrating CEL use and integration with native policy resources. They’ll show how these capabilities automate complex platform engineering use cases that previously required custom controllers. The session will also cover Kyverno features like fine-grained policy exceptions and OpenReports integration for flexible, scalable policy management. Attend to understand how Kyverno simplifies cloud-native governance with policy-as-code, enhances performance, and unlocks advanced self-service automation for Kubernetes clusters, IaC, CI/CD pipelines, and everywhere policy-based guardrails are required.

Progressive Configuration Delivery for Zero-Downtime Cloud Workloads #

Time: 3:15pm EST - 3:45pm EST

Speakers: Yuxing Yuan (senior software engineer, alibaba cloud); Hao Wu (Software Engineer, Bilibili Inc.)

Venue: Building C | Level 3 | Georgia Ballroom 2, Atlanta, GA, USA

Type: MAINTAINER TRACK

Description: On June, 2025, a misconfigured quota policy is deployed without proper validation in Google Cloud, which caused widespread service disruption. Similar incidences related to un-safe configuration updates are reported by many cloud providers and users. Configuration updates in Kubernetes often lack the progressive delivery capability like code updates. While the community advocates generating new ConfigMaps with Deployment rolling updates, this approach lacks systematic support and fails to address complex scenarios where configuration and image rollouts must be decoupled. In this session, we’ll explore ConfigMapSet, an OpenKruise innovation that redefines configuration management in Kubernetes, supporting progressive delivery patterns combined with AI-ready orchestration. We’ll demonstrate how this CRD-based solution enables zero-downtime configuration updates, decouples config/image versioning, and supports dynamic AI/ML workflows like distributed model inference.

State of NATS: Scale, Performance, and Flexibility #

Time: 3:15pm EST - 3:45pm EST

Speakers: Byron Ruth (VP, Product and Engineering, Synadia)

Venue: Building C | Level 1 | C111-112, Atlanta, GA, USA

Type: MAINTAINER TRACK

Description: This session explores significant improvements made to NATS over the past year that push the boundaries of scale and performance while adding functionality that increases utility and flexibility for application developers. We’ll examine real-world use cases that drove these enhancements and demonstrate new configuration options, APIs, and patterns through examples. You’ll see how these improvements solve common challenges in cloud-to-edge systems and enable teams to build more resilient, scalable applications.

Just Do It: OpAMP #

Time: 3:15pm EST - 3:45pm EST

Speakers: Panos Tsilopoulos & Bob Johnson (Nike, Inc.)

Venue: Building B | Level 3 | B304-305, Atlanta, GA, USA

Type: OBSERVABILITY

Description: “Just Do It: OpAMP”, is an in-depth session on building an enterprise-grade implementation of the Open Agent Management Protocol (OpAMP) specification that is part of the OpenTelemetry CNCF project. In today’s cloud-native environments, managing thousands of observability agents, and especially so OpenTelemetry Collectors for which most major vendors have no fleet management solution available, is a daunting task. This session explores how OpAMP enables efficient remote configuration, update, and real-time monitoring of a fleet of such agents. We’ll break down the protocol’s core concepts by reviewing system design diagrams that address security, network and resiliency challenges. Finally, we’ll go over practical strategies for a successful roll out and enterprise-wide adoption at scale. This session aims to equip you with actionable insights and robust techniques to streamline agent management, ultimately enhancing operational efficiency in distributed environments.

Unveiling Automation: How Mercantil Transformed Data Streaming With Strimzi, Argo, and Kubernetes #

Time: 3:15pm EST - 3:45pm EST

Speakers: Marcelo Costa (Head of Data Engineering, Banco Mercantil)

Venue: Building B | Level 4 | B406b-407, Atlanta, GA, USA

Type: OPERATIONS + PERFORMANCE

Description: Discover how Banco Mercantil in Brazil revolutionized its data streaming with Strimzi, Argo, and Kubernetes. The automation of data connector creation, previously manual and complex, is now efficient. The Integration Hub engineering team uses Git to request connectors; Argo automates creation in Kubernetes; and Strimzi creates the Kafka Connect connectors. This agile and persistent process, with GitOps, reduced errors and optimized delivery, supporting growth, as in Open Finance Project (Open Finance allows consumers to share their banking data between institutions, fostering competition, innovation, and personalized financial services). Learn how this modern architecture simplifies work and scales the data ecosystem.

Shipping Secure, Reusable, and Composable Infrastructure as Code: GE HealthCare’s Journey With ORAS #

Time: 3:15pm EST - 3:45pm EST

Speakers: Feynman Zhou (Product Manager, Microsoft); Katherine Pitz (Senior Software Engineer, GE HealthCare)

Venue: Building B | Level 3 | B312-314, Atlanta, GA, USA

Type: PLATFORM ENGINEERING

Description: Before adopting a centralized approach, engineering teams at GE HealthCare managed their Infrastructure as Code (IaC) deployments independently—leading to fragmentation, inconsistent security practices, and operational overhead. Each team had its own tools, processes, and storage methods, making it difficult to scale, enforce standards, and ensure traceability across environments. To solve this, GE HealthCare introduced a shared delivery model built on ORAS and OCI registries, enabling teams to package infrastructure definitions (e.g. Terraform modules) as OCI artifacts. This decouples infrastructure delivery from specific IaC tools, while providing a secure, consistent, and versioned distribution mechanism. In this session, an engineer from GE HealthCare will share how they partnered with the ORAS community to build a SaaS platform that empowers teams to provision infrastructure using their preferred IaC technologies—without compromising on governance, consistency, or security.

Hybrid-Confidential-Cloud: Democratize Secure AI With GPUs and Confidential Containers #

Time: 3:15pm EST - 3:45pm EST

Speakers: Zvonko Kaiser (Principal Systems Software Engineer, NVIDIA)

Venue: Building B | Level 3 | B302-303, Atlanta, GA, USA

Type: SECURITY

Description: Secure AI workloads require verifiable trust regardless of where GPUs operate—on-premises, private clouds, or public CSPs. CNCF Confidential Containers facilitate infrastructure-agnostic, lift-and-shift deployments of GPU workloads, delivering confidentiality seamlessly without needing modifications. This is accomplished by layering trust-oriented elements over Kubernetes for compute, networking, storage, and the control plane. Hardware-backed confidential VMs ensure runtime integrity for GPU workloads, identity-based overlay networks, and a confidential storage layer safeguards highly valuable data against replay attacks. A confidential control plane overlays K8S default control plane, offering mechanisms for multi-tenancy, key lifecycle management, and maintenance of trust boundaries. This architecture supports trusted, portable AI infrastructure at scale, enabling secure AI deployments across any IaaS—on-premises, private cloud, or CSP—facilitating true hybrid secure AI at scale.

LGBTQ+ Community Gathering #

Time: 3:30pm EST - 4:30pm EST

Venue: Building B | Level 2 | B211-212, Atlanta, GA, USA

Type: INCLUSION + ACCESSIBILITY

Description: Strong communities foster a feeling of belonging by providing opportunities for interaction, collaboration, and shared experiences. We hope to do just that with a gathering of LGBTQIA+ attendees at KubeCon + CloudNativeCon North America! Join fellow community members for networking and connection in the Community Hub.

Coffee Break ☕#

Time: 3:45pm EST - 4:15pm EST

Venue: Building B | Level 1 | Exhibit Hall B3-B5, Atlanta, GA, USA

Type: BREAKS

Learning Lounge: Using Passion for Community & Kubernetes to Unlock Emerging Markets #

Time: 3:45pm EST - 4:00pm EST

Speakers: Angel Ramirez (CEO, Cuemby)

Venue: Building B | Level 1 | Exhibit Hall B3-B5 | Learning Lounge, Atlanta, GA, USA

Type: EXPERIENCES

Description: 10-Minute Tip Talk

Time: 3:45pm EST - 4:15pm EST

Venue: Building B | Level 1 | Exhibit Hall B3-B5, Atlanta, GA, USA

Type: SOLUTIONS SHOWCASE

Description: Sponsor: Chronosphere Demo: Guided troubleshooting: The New Standard for Cloud-Native Reliability Booth Number: 930 Sponsor: Cloudsmith Demo: Ship Happens: Spotting and Squashing Container Vulnerabilities Fas Booth Number: 530 Sponsor: Tailscale Demo: Connect to Kubernetes securely without complexity with Tailscale! Booth Number: 121 In order to facilitate networking and business relationships at the event, you may choose to visit a third party’s booth or access sponsored content. You are never required to visit third party booths or to access sponsored content. When visiting a booth or participating in sponsored activities, the third party will receive some of your registration data. This data includes your first name, last name, title, company, address, email, standard demographics questions (i.e. job function, industry), and details about the sponsored content or resources you interacted with. If you choose to interact with a booth or access sponsored content, you are explicitly consenting to receipt and use of such data by the third-party recipients, which will be subject to their own privacy policies.

Project Pavilion Tour #

Time: 4:00pm EST - 4:20pm EST

Venue: Building B | Level 1 | Exhibit Hall B3-B5 | Project Pavilion, Atlanta, GA, USA

Type: PROJECT OPPORTUNITIES

Routing Stateful AI Workloads in Kubernetes #

Time: 4:15pm EST - 4:45pm EST

Speakers: Maroon Ayoub (Research Scientist & Architect, IBM); Michey Mehta (Senior Principal Software Engineer, Red Hat Inc.)

Venue: Building B | Level 4 | B401-402, Atlanta, GA, USA

Type: AI + ML

Description: Kubernetes excels at stateless service routing - but modern AI workloads are not stateless. Generative workloads demand context-aware routing that maximizes performance while reducing costs. This talk explores layered routing strategies for stateful LLM workloads on Kubernetes - from round-robin to full KV-Cache-aware load balancing. We’ll explain when each level applies, and its effects on performance. Based on our experience developing llm-d - a framework using the K8s Gateway API Inference Extension, a collaboration between Google, IBM Research, and RedHat - we’ll cover: - Why traditional Kubernetes routing falls short for generative AI - Routing patterns for long-context, sessionful traffic - Global cache indices and local offloading for smart routing - Benchmarks showing latency, cache hit rates, and GPU utilization - Practical ways to adopt cache-aware routing without major infra changes If you’re scaling multi-turn, agentic, or LLM-powered workloads, this session is for you.

Scaling Generative AI: Building Production-Ready LLM Applications #

Time: 4:15pm EST - 4:45pm EST

Speakers: Daniel Oh & Kevin Dubois (Senior Principal Developer Advocate, Red Hat)

Venue: Building B | Level 5 | Thomas Murphy Ballroom 1, Atlanta, GA, USA

Type: APPLICATION DEVELOPMENT

Description: This session delves into the critical aspects of developing production-ready Large Language Model (LLM) applications using Java. We’ll explore how to leverage Java’s strengths to build scalable and efficient LLM systems, addressing key challenges such as performance optimization, resource management, and seamless integration with existing infrastructures. Attendees will gain practical knowledge on handling massive datasets, optimizing model inference, and fine-tuning LLMs for optimal performance. We’ll discuss strategies for ensuring the reliability and scalability of your LLM deployments, empowering you to create robust and high-performing AI applications. Whether you’re a seasoned Java developer or new to the AI domain, this session will provide valuable insights and guidance for your LLM development journey, equipping you with the tools and knowledge to navigate the complexities of building production-grade LLM systems.

Reimagining Insurance Infrastructure: CopperPoint’s Cloud Native Blueprint #

Time: 4:15pm EST - 4:45pm EST

Speakers: Sid Dixit & Sham Rao (Principal Architect, CopperPoint Insurance)

Venue: Building B | Level 3 | B308-309, Atlanta, GA, USA

Type: CLOUD NATIVE EXPERIENCE

Description: CopperPoint Insurance embarked on a bold transformation initiative—transitioning from legacy, on-premises infrastructure to a cloud-native foundation on AWS powered by CNCF-hosted technologies. This presentation is the real story of how CopperPoint leveraged Kubernetes on Amazon EKS, Prometheus, Fluent Bit, OpenTelemetry, and other CNCF projects to modernize its core systems, enhance observability, and build a composable integration layer that now powers over 100 enterprise integrations.We will share how this new platform has enabled agility, innovation, and rapid scalability via CopperPoint’s ecosystem, thus directly contributing to premium growth of over $1 billion. You will find out the architecture blueprint, top-level decisions, governance model, and lessons learned from cost and environment management perspective that you may apply to replicate this kind of transformation within your company.

No Joke: Two Security Maintainers Walk Into a Cluster #

Time: 4:15pm EST - 4:45pm EST

Speakers: Jackie Maertens & Nilekh Chaudhari (Software Engineer, Microsoft)

Venue: Building B | Level 2 | B206, Atlanta, GA, USA

Type: CLOUD NATIVE NOVICE

Description: Embark on an engaging journey with two security maintainers as they explore a Kubernetes cluster, armed with their “security toolbelts.” This 101-level session demystifies essential Kubernetes security. We’ll navigate the intricacies of Network Policies, dissect Role-Based Access Control (RBAC) permissions, evaluate Pod Security Standards, and demonstrate practical vulnerability scanning. Witness firsthand as common security pitfalls are uncovered through practical examples and learn how to fortify your defenses. Our maintainers will share crucial insights and actionable best practices, helping you understand why these foundational components are vital and how to apply them effectively. Is your cluster truly secure? Join us to find out and learn how to pass the inspection!

GAMMA in Action: How Careem Migrated To Istio Without Downtime #

Time: 4:15pm EST - 4:45pm EST

Speakers: Suren Raju (Staff Site Reliability Engineer, Careem); Sergey Marunich (Tetrate)

Venue: Building B | Level 4 | B405-406a, Atlanta, GA, USA

Type: CONNECTIVITY

Description: Careem, the leading multi-service app in the Middle East, handles over 5 billion Kubernetes-based service requests daily. As our platform evolved, we began to outgrow the operational and extensibility constraints of our existing service mesh. This talk shares how we executed an in-place, zero-downtime migration to Istio within the same Kubernetes cluster—without increasing infrastructure cost or rewriting most service configurations. A key enabler was our early adoption of the Kubernetes Gateway API (GAMMA initiative). By building on vendor-neutral, Kubernetes-native APIs for routing and traffic policies, we achieved a “define once, swap many times” model that allowed us to reuse the majority of our existing config during the transition. To validate changes in production safely, we integrated Flagger to implement metrics-driven canary rollouts and gradual traffic shifting.

Kubernetes and etcd: Common Pitfalls and How To Avoid Them #

Time: 4:15pm EST - 4:45pm EST

Speakers: Arka Saha & Nabarun Pal (Software Engineer, VMware by Broadcom)

Venue: Building B | Level 5 | Thomas Murphy Ballroom 4, Atlanta, GA, USA

Type: DATA PROCESSING + STORAGE

Description: Have you ever experienced a Kubernetes cluster that suddenly stops responding? As basic debugging steps, you run kubectl commands, but all of them result in a request timeout. So what is happening? Most likely, etcd is failing. Etcd, as we know, is the sole distributed key-value store for Kubernetes, responsible for continuously and consistently storing the state of the entire cluster. Every configuration, workload information, node registration is stored in etcd. So, a degraded etcd cluster can cause stale reads and a possible cluster-wide outage since Kubernetes cannot reconcile or serve API requests. In this session, we’ll explore common causes of etcd failures that affect Kubernetes stability and performance. We’ll also discuss debugging methods and introduce tools like etcd-diagnosis to analyse the health of etcd in a running cluster. Finally, we’ll share the best practices for operating etcd - upgrades, backups, recovery, and key workarounds to ensure a resilient control plane.

BoF | Plug & Play: How AI Agents Are Adapting #

Time: 4:15pm EST - 4:45pm EST

Venue: Building B | Level 2 | B207, Atlanta, GA, USA

Type: EXPERIENCES

Description: AI agents are supposed to make life easier, but until now, getting them to work with real world tools was a pain. If you wanted an agent to interact with your database, or IDE, you had to write custom API integrations for every single one. The thought of scaling this across multiple tools/ resources seemed impossible. But what if you could just grab an AI agent, plug it into whatever service you need, and get to work, without any extra coding or complex setup? In this talk, we’ll cover how AI agents are becoming more modular with standards like the Model Context Protocol (MCP). Instead of being stuck with whatever knowledge they were trained on, agents can now dynamically connect to APIs, dev tools, and cloud services on the fly. I’ll show a live example of how the Kubernetes MCP server enables AI agents to discover clusters, list pods, etc, making AI more flexible, powerful, and actually useful. If you’re ready to make AI agents work for you, and not the other way around, come see how the next generation is built to simply plug in and play.

BoF | Public Sector CNCF User Group #

Time: 4:15pm EST - 4:45pm EST

Venue: Building B | Level 2 | B203, Atlanta, GA, USA

Type: EXPERIENCES

Description: Join us for an in-depth session exploring the latest developments and best practices in software supply chain security, compliance, and IT management for the public sector. We’ll cover critical topics, including Executive 14186 (The Golden Dome of America), procurement rulesets, and the importance of complete and accurate Bill of Materials for hardware, software, and firmware, along with the emerging role of SBOM attestations. Discover how to meet CISA’s minimum SBOM elements, leverage insights from the group’s latest whitepaper, and implement strategies for both classified and unclassified environments, including SCIFS, JWICS, and the classified cloud. We’ll also highlight new features designed for public sector use cases, such as image sources, FIPS compliance, hardened images, and minimal-compliant Kubernetes distributions. Learn how API driven IT management strategies can streamline operations and ensure compliance, and get practical insights on what steps to take next in your organization’s journey towards secure, resilient, and compliant infrastructure from a panel of creators and implementers working in defense/public sectors from organizations such as Lockheed Martin, Defense Unicorns, SpectroCloud, and Applied Research Associates.

Crossplane #

Time: 4:15pm EST - 4:45pm EST

Speakers: The Cloud Native Framework for Platform Engineering - Jared Watts & Nic Cope (Senior Principal Engineer, Upbound)

Venue: Building C | Level 3 | Georgia Ballroom 1, Atlanta, GA, USA

Type: MAINTAINER TRACK

Description: The maintainers of the CNCF Crossplane project (https://www.crossplane.io/) will lead this session that will not only introduce the project to new attendees, but also dive deep into the details of Crossplane’s latest features, releases, and roadmap. There is always something new to show off at Kubecon! We’re especially excited this time to walk through all the details of the new Crossplane v2. Over the many years of the project, we have heard great feedback from the community and we have taken the opportunity in this major new release to invest in a number of impactful improvements. Crossplane v2 sets up the project for many years to come, so join us to see how you can accelerate your platform journey with all the details of Crossplane v2!

DRA is GA! Kubernetes WG Device Management #

Time: 4:15pm EST - 4:45pm EST

Speakers: GPUs (TPUs, NICs and More With DRA - Kevin Klues, NVIDIA & Patrick Ohly, Intel)

Venue: Building C | Level 3 | Georgia Ballroom 3, Atlanta, GA, USA

Type: MAINTAINER TRACK

Description: WG Device Management continues to make great progress in enhancing support for GPUs, TPUs, NICs, and other specialized hardware in Kubernetes. With the 1.34 release, Dynamic Resource Allocation (DRA) has finally reached General Availability, making it easier than ever to configure, allocate, and share advanced hardware resources efficiently.For 1.35, our focus is on expanding the capabilities and maturity of additional features and add-ons, ensuring they are robust and ready for broader adoption.Join our session to discover what’s new in Kubernetes 1.34, get a sneak peek at what’s planned for 1.35 and future releases, and learn how you can help shape the future of accelerated workload support in Kubernetes!

Knative Project Update #

Time: 4:15pm EST - 4:45pm EST

Speakers: Dave Protasowski (Steering Committee Member, Independent)

Venue: Building C | Level 3 | Georgia Ballroom 2, Atlanta, GA, USA

Type: MAINTAINER TRACK

Description: Knative, the most widely-adopted serverless platform on Kubernetes, offers a streamlined developer experience for deploying and managing stateless and event-driven applications. During this project update from its maintainers, attendees will learn about the latest developments in Knative, including updates on Serving, Eventing, Functions, and more. Additionally, the “sandbox” projects related to Knative, such as plugins for eventing, networking have also grown. Finally, the update will conclude with a review of the upcoming releases and roadmaps. Join us to stay informed on the latest advancements in Knative and to have your questions answered by on-site Knative maintainers.

SIG Scheduling Intro & Updates #

Time: 4:15pm EST - 4:45pm EST

Speakers: Kensei Nakada (Independent & Dominik Marciński, Google)

Venue: Building C | Level 1 | C111-112, Atlanta, GA, USA

Type: MAINTAINER TRACK

Description: SIG Scheduling is responsible for the components that make Pod scheduling decisions in a Kubernetes cluster, such as kube-scheduler for pod to node assignment, Kueue for job queueing, among other sub-projects too. In this session, you will learn the basics of kube-scheduler and improvements the community was working on around scheduling performance and communication of scheduling decisions. We will also discuss challenges that scheduling is facing related to the DRA effort and limitations of pod-by-pod scheduling approach. Then we will talk about several major updates in kube-scheduler, including the workload-aware scheduling effort that we want to kick off, which is supposed to address the above challenges. Lastly, we’ll see some updates from sub-projects, such as FairSharing and HierarchicalCohort in Kueue.

Instrumentation Score: The Difference Between Telemetry and Good Telemetry #

Time: 4:15pm EST - 4:45pm EST

Speakers: Juraci Paixão Kröhling (OllyGarden & Michele Mancioppi, Dash0)

Venue: Building B | Level 3 | B304-305, Atlanta, GA, USA

Type: OBSERVABILITY

Description: You’ve started with OpenTelemetry. Data flows. And reality hits hard. Did you instrument the right things? Is your telemetry consistent enough to analyze it easily? Do you have enough context to make sense of it? Observability efforts flounder by yielding too little insights compared to the associated costs. This session introduces the “Instrumentation Score,” an open standard to help you collect excellent telemetry. It assesses OpenTelemetry data quality, consistency and completeness. Using OTLP analysis against best practices, it offers actionable insights to identify gaps and prioritize enhancements in your instrumentation. Discover how the Instrumentation Score provides a clear path from uncertainty to effective observability. Learn to benchmark services, systematically improve telemetry, and gather truly actionable insights. Confidently mature your OpenTelemetry practice, ensuring you’re building high-value observability, rather than just collecting data.

Upgrade Nightmare To Uptime Dream: The Cloud Provider’s Playbook for Critical Kubernetes Work #

Time: 4:15pm EST - 4:45pm EST

Speakers: Yuchen Zhou (Software Engineer, Google); Uttam Kumar (Salesforce)

Venue: Building B | Level 4 | B406b-407, Atlanta, GA, USA

Type: OPERATIONS + PERFORMANCE

Description: Kubernetes upgrades often feel like a roll of the dice, especially when safeguarding critical production workloads with strict uptime requirements. A single misstep can lead to cascading failures, performance degradation, or even data loss. This talk pulls back the curtain on the battle-tested strategies of a core cloud provider’s managed Kubernetes team. We’ll share our strategies for transforming perilous upgrades into routine, reliable operations. You’ll learn directly from our operational scars and successes.This includes detailed insights into our automated remediation pipelines and intelligent, safer rollback mechanisms that minimize impact, ensuring you can react fast when things go wrong. Attendees will leave with: Actionable insights and real-world techniques from a leading cloud provider. Strategies to enhance observability, automation, and incident response for maximized uptime. The confidence to make upgrades a routine, safe, and even boring event.

The Evolution of Platform APIs in the Age of LLMs #

Time: 4:15pm EST - 4:45pm EST

Speakers: Mauricio “Salaboy” Salatino (Diagrid & Viktor Farcic, Upbound)

Venue: Building B | Level 3 | B312-314, Atlanta, GA, USA

Type: PLATFORM ENGINEERING

Description: Many projects and companies use genAI to produce source code and speed up software development tasks. Other companies focus on using generative AI to troubleshoot our environments and reduce user interactions and downtime. This presentation will look at how platform APIs are slowly evolving to be more dynamic and less strict. Slowly, we are shifting to a world where platform engineers define the platform building blocks so they can be consumed as models that can explore, discover, and guide users through wizard-like interactions, to manage the lifecycle of platform resources autonomously. The presentation’s demo highlights AI’s potential as an intuitive, powerful, and easily maintainable interface for internal platforms, radically simplifying service consumption, management, and troubleshooting for developers.

In AI We Trust? Securing the Future, One Agent at a Time #

Time: 4:15pm EST - 4:45pm EST

Speakers: Lin Sun (Head of Open Source & CNCF TOC, Solo.io); Christian Posta (Field CTO, Solo.io); Hannah Foxwell (Founder, AI for the rest of us); Andrew Martin (CEO, ControlPlane); Ricardo Aravena (Cloud Native Lead, CNCF)

Venue: Building B | Level 3 | B302-303, Atlanta, GA, USA

Type: SECURITY

Description: Can we secure AI workloads, agents, and MCP servers the same way we secure traditional microservices? Are established tools and standards—such as SPIFFE identities, mutual TLS, authorization policies, and supply chain security—sufficient, or do AI workloads require a fundamentally different approach? This panel discusses the unique challenges AI introduces across multiple dimensions: model selection, enterprise operations, hardening and red teaming, end-user management, model compute optimization, and long-running, context-heavy sessions. We’ll also explore disaster scenarios such as multi-cluster/region failovers, and what they mean for securing distributed AI applications. Join our panel of AI and security experts for a dynamic discussion that clarifies what can be reused and what must be reimagined to effectively protect AI workloads.

📚 Tutorial: A Cross-Industry Benchmarking Tutorial for Distributed LLM Inference on Kubernetes #

Time: 4:15pm EST - 5:30pm EST

Speakers: Jing Chen (Software Engineer, IBM Research); Junchen Jiang (CS Professor, University of Chicago); Ganesh Kudleppanavar (Software Engineering Manager, Nvidia Corporation); Samuel Monson (Software Engineer, Red Hat); Jason Kramberger (Software Engineer, Google)

Venue: Building B | Level 5 | Thomas Murphy Ballroom 2-3, Atlanta, GA, USA

Type: 📚 TUTORIALS

Description: As organizations deploy LLMs as distributed stacks in production Kubernetes environments, optimizing inference performance has been critical. This collaborative tutorial brings together experts from Google, NVIDIA, RedHat, IBM, and University of Chicago (LMCache) to provide practical benchmarking techniques for impactful LLM optimization strategies. Using identified use cases as examples, we’ll show how to benchmark key optimization strategies: KV Cache offloading, autoscaling, prefix/session-aware routing, KVCache-aware routing, and xPyD for prefill decode disaggregation. Attendees will learn a unified benchmarking approach integrating tools including vLLM, LMBenchmark, GuideLLM, GenAIperf, inference-perf, and fmperf. Through live demonstrations, participants gain hands-on experience with production-tested methodologies reflecting real-world scenarios. Attendees will be equipped to implement these approaches for data-driven LLM serving optimizations on Kubernetes.

Resilient by Design: Building Durable AI Agents on Kubernetes #

Time: 5:00pm EST - 5:30pm EST

Speakers: Yaron Schneider (CTO, Diagrid)

Venue: Building B | Level 4 | B401-402, Atlanta, GA, USA

Type: AI + ML

Description: As developers push the boundaries of AI-driven automation, the challenge of orchestrating and managing autonomous agents at scale becomes increasingly complex. Dapr Agents is an open-source CNCF framework that allows developers to create durable agents that persist state and are resilient to network failures, crashes and full cluster shutdowns. This talk will provide a deep dive into Dapr Agents, demonstrating how it facilitates structured LLM interactions, long-term memory, multi-agent collaboration and MCP integration. Most importantly, we will show how complex agents can remain resilient to failures as they are given more autonomy. If you’re interested in building scalable and resilient agentic systems that run natively on Kubernetes, this session will equip you with the knowledge to easily build these.

The Enterprise Is Ready for gRPC #

Time: 5:00pm EST - 5:30pm EST

Speakers: Alex Van Boxel (Principal Systems Architect, Collibra)

Venue: Building B | Level 5 | Thomas Murphy Ballroom 1, Atlanta, GA, USA

Type: APPLICATION DEVELOPMENT

Description: While gRPC is well known for its performance and efficiency, this talk argues that these are not the primary features driving enterprise adoption. Enterprises ultimately seek stability. Marking its tenth anniversary, gRPC has firmly established it is here to stay and proven itself as a dependable foundation upon which to build. This talk delves into the lesser-known, yet enterprise-critical, benefits of gRPC, highlighting features essential for building up organizational confidence. The talk covered: - In-process transport, presenting a pattern for the controlled decomposition of a monolithic. - Protobuf’s superior binary message compatibility and the strategic power of unknown fields. - The reuse of messages on an enterprise bus, notably without the requirement for a schema registry. - Compatibility with JSON and RESTful architectures. This session is designed to equip engineers and decision-makers with a comprehensive set of arguments to effectively champion gRPC adoption.

Shaping LTS Together: What We’ve Learned the Hard Way #

Time: 5:00pm EST - 5:30pm EST

Speakers: Nikhita Raghunath (Software Engineer, VMware by Broadcom); Nikhila Kamath (Technical Product Manager, Broadcom); Micah Hausler (Principal Software Engineer, AWS); Jeremy Rickard (Principal Software Engineer, Microsoft); Aniket Ponkshe (Director, Silicon Alliances, Canonical)

Venue: Building B | Level 3 | B308-309, Atlanta, GA, USA

Type: CLOUD NATIVE EXPERIENCE

Description: Everyone is talking about Kubernetes LTS—but what’s actually happening behind the scenes? While community discussions continue, several major vendors have already begun supporting Kubernetes over extended timelines to meet customer and regulatory needs. In this panel, engineering leaders from AWS, Microsoft, and Broadcom come together to share lessons learned in the community and surface common patterns that can help move the broader LTS conversation forward. We’ll explore: - Tradeoffs in LTS timelines - Navigating upgrade path complexity - Aligning with ecosystem dependencies - Defining what LTS includes: security fixes, stability, critical patches - Identifying opportunities for cross-industry collaboration and community alignment The discussion will be a real-world experience-driven conversation about what’s working, what’s challenging, and how the Kubernetes community can collectively shape the future of long term support.

No Kubectl, No Problem: The Future With Conversational Kubernetes #

Time: 5:00pm EST - 5:30pm EST

Speakers: Will Case (Product Manager, Microsoft)

Venue: Building B | Level 2 | B206, Atlanta, GA, USA

Type: CLOUD NATIVE NOVICE

Description: Kubernetes is powerful—but not always user-friendly. What if you could manage your cluster just by asking for what you need? In this talk, we’ll introduce a new AI assistant built into Headlamp, the open-source Kubernetes UI. It brings natural language interaction directly into your desktop environment, translating plain English into kubectl commands, executing them, and returning results—all through a conversational interface. We’ll demonstrate how the assistant understands UI context, supports multiple AI providers like Azure OpenAI and Claude, and simplifies complex workflows. By integrating AI directly into the Kubernetes UI, we’re making cluster management more accessible, intuitive, and efficient—no terminal required. Whether you’re new to Kubernetes or building internal platforms, this is a glimpse into a more human-centered, AI-powered future.

QEMU in the Fast Lane: Accelerating KubeVirt Networking With eBPF #

Time: 5:00pm EST - 5:30pm EST

Speakers: Daniel Borkmann & Anton Protopopov (Software Engineer, Isovalent at Cisco)

Venue: Building B | Level 4 | B405-406a, Atlanta, GA, USA

Type: CONNECTIVITY

Description: As organizations converge infrastructure by running VMs alongside containers in Kubernetes for cost savings and simplified operations, networking performance remains a key challenge especially for latency and throughput sensitive workloads. In this talk, we’ll show how eBPF with AF_XDP can improve KubeVirt networking by putting QEMU in the fast lane (all without losing the ability to observe and enforce policy on traffic in the host unlike SR-IOV). We’ll unpack an architecture built on Cilium, netkit, and upstream Linux kernel enhancements that enable KubeVirt Pods to launch QEMU/KVM instances backed by high-performance AF_XDP interfaces. You’ll learn how our contributions to QEMU and the kernel enable this accelerated path, and how it stacks up against KubeVirt defaults using real world benchmarks. Expect kernel spelunking, performance graphs, and a vision for adding a fast lane to VM networking.

Untangling CSI: Powering Persistent Storage for KubeVirt #

Time: 5:00pm EST - 5:30pm EST

Speakers: Brenda McLaren & Chris Keller (Associate Principal Specialist Solutions Architect, Red Hat)

Venue: Building B | Level 5 | Thomas Murphy Ballroom 4, Atlanta, GA, USA

Type: DATA PROCESSING + STORAGE

Description: In the cloud-native world, Container Storage Interface (CSI) drivers are the unsung heroes behind the seamless provisioning and management of persistent storage. With so many options, protocols, and features, choosing the right CSI driver can feel like navigating a maze in the dark. We’ll shine a spotlight on the CSI standard, comparing both traditional external storage platforms and software defined storage solutions, breaking down the architectures and key capabilities. You’ll learn how these solutions support VM workloads, what features to prioritize, and how to avoid common pitfalls when building a resilient storage backend for your virtualized workloads. By the end of this talk, the fog will lift, and you’ll walk away with the clarity and confidence whether you’re integrating with legacy storage arrays or adopting modern SDS solutions to unlock the full potential of virtualized infrastructure on Kubernetes with KubeVirt.

Merge + Meet: Kickoff Gathering for Underrepresented Groups and Allies #

Time: 5:00pm EST - 6:00pm EST

Venue: Building B | Level 2 | B211-212, Atlanta, GA, USA

Type: INCLUSION + ACCESSIBILITY

Description: Don’t wait until the last day to find YOUR community! Join us for the inaugural “Merge + Meet: Kickoff Gathering,” hosted by the Merge Forward team! Are you part of an underrepresented group—or an ally who wants to help foster inclusion? Come merge and meet with peers in the Community Hub, then head straight to KubeCrawl + CloudNativeFest with new friends by your side. In an increasingly virtual world, genuine, face-to-face connections are what make our community stronger. This gathering offers a welcoming and intentional space to meet others, exchange contact info, and grow your network. Join us to kick off KubeCon + CloudNativeCon with meaningful conversations that will make your experience more connected, supportive, and impactful.

A Parallel World: Understanding CNCF’s TOC, TAGs, and TCGs #

Time: 5:00pm EST - 5:30pm EST

Speakers: Eddie Knight (OSPO Lead, Sonatype)

Venue: Building C | Level 3 | Georgia Ballroom 2, Atlanta, GA, USA

Type: MAINTAINER TRACK

Description: The CNCF project landscape has long been supported by a secondary, parallel structure of Technical Advisory Groups (TAGs) chartered by the Technical Oversight Committee (TOC). The ten year anniversary of CNCF has brought with it a reboot of how the TOC is supporting the community at large. This takes the form of reorganized TAGs and all new Technical Community Groups (TCGs), Initiatives, and Subprojects. Come learn about this parallel-world within the CNCF landscape, and pick up some strategies for how you can best contribute to — or take advantage of — each different part.

Beyond the Code: How the Kubernetes Steering Committee Tackles the Hard, Non-Technical Problems #

Time: 5:00pm EST - 5:30pm EST

Speakers: Antonio Ojea & Benjamin Elder (Staff Software Engineer, Google)

Venue: Building C | Level 3 | Georgia Ballroom 1, Atlanta, GA, USA

Type: MAINTAINER TRACK

Description: What happens when a critical communication tool for thousands of contributors suddenly may need to be migrated? Or when the official documentation can no longer maintain links to third-party projects, and those projects voice their concerns? These are the kinds of real-world, non-technical challenges the Kubernetes Steering Committee tackles every day. This session will pull back the curtain on the often unseen and unglamorous work of the Steering Committee. We’ll go beyond the formal charter and talk about the “janitorial” work that’s essential to keeping a project of Kubernetes’ scale healthy and productive. From managing contributor burnout and navigating funding requests to resolving conflicts and making difficult decisions about project resources, you’ll hear firsthand what it takes to govern one of the world’s largest open-source projects.

OpenTelemetry: Unpacking 2025, Charting 2026 #

Time: 5:00pm EST - 5:30pm EST

Speakers: Alolita Sharma (Engineering Leader, AIML Platform Engineering, Observability, Apple); Morgan McLean (Senior Director of Product Management, Splunk); Josh Suereth (OpenTelemetry Technical Committee, Google LLC); Austin Parker (Director of Open Source, honeycomb.io)

Venue: Building C | Level 3 | Georgia Ballroom 3, Atlanta, GA, USA

Type: MAINTAINER TRACK

Description: Please join in for an insightful session which focuses on the impactful features and initiatives OpenTelemetry rolled out in 2025. You’ll also get the inside scoop on what’s coming in 2026 and how it’s all going to shape the future of observability. This session will also give you an opportunity to ask the awesome OpenTelemetry maintainers, TC and GC members, your questions about your favorite features or anything else OpenTelemetry. Join in and let’s chat!

SIG Instrumentation Introduction and Deep Dive #

Time: 5:00pm EST - 5:30pm EST

Speakers: Catherine Fang & David Ashpole (Software Engineer, Google)

Venue: Building C | Level 1 | C111-112, Atlanta, GA, USA

Type: MAINTAINER TRACK

Description: Kubernetes SIG Instrumentation is responsible for ensuring high quality and consistent instrumentation across the Kubernetes project. We will begin with an introductory overview of the efforts the SIG Instrumentation has worked on in the past and is currently working on. This deep dive session will go into detail about currently ongoing efforts happening within SIG Instrumentation to share with the audience concrete pieces of work to encourage future collaboration. Software engineering and operations are both disciplines practiced in SIG Instrumentation, and any experience will help the special interest group’s mission. Join this session to learn how to get involved in SIG Instrumentation to make instrumentation even better!

Integrating Data Center Observability Into Cloud Native Environment #

Time: 5:00pm EST - 5:30pm EST

Speakers: Pedro Célestin (CLDF & Julia Furst Morgado, Dash0)

Venue: Building B | Level 3 | B304-305, Atlanta, GA, USA

Type: OBSERVABILITY

Description: We’ve gotten good at observing applications in Kubernetes, but the underlying data center often remains a black box. When the physical environment breaks, it typically surfaces as a service issue, not an infrastructure one. At the Legislative Chamber of the Federal District (the CLDF) in Brazil, a small team managing on-premises Kubernetes clusters faced this challenge. This talk shows how they addressed it using an open-source observability stack built on Redfish, SNMP, and Syslog, funneled into a unified OpenTelemetry pipeline. Using tools like Telegraf Collector, OpenTelemetry Collector, Perses, and OpenSearch, they gained end-to-end visibility without commercial tools or silos. If you run Kubernetes in on-premises, retail, or edge environments, this session offers a practical, vendor-neutral approach to bridging physical infrastructure with cloud-native observability workflows.

Zero Downtime Migration of Monolith To K8s Using Sidecar and Container Lifecycle Hooks #

Time: 5:00pm EST - 5:30pm EST

Speakers: Deepak Kosaraju & James Dabbs (Site Reliability Engineer, Procore Technologies)

Venue: Building B | Level 4 | B406b-407, Atlanta, GA, USA

Type: OPERATIONS + PERFORMANCE

Description: Migrating a monolith to Kubernetes (k8s) with zero downtime comes with unique challenges depending on the tech stack. In this session, we’ll share our real-world journey, highlighting both strategy and a live demo that showcases our lessons learned—both wins and pitfalls. We will cover: - Container Lifecycle Hooks: Why they matter and how they support seamless deployments - Using Lifecycle hooks to control termination of POD to avoid HTTP 503 errors during rolling deployment. - Real config examples, troubleshooting tips, and best practices to maintain high availability You’ll leave with a solid grasp of how and when to use Lifecycle hooks to ensure smooth rolling deployments. Our live demo will dive into key issues to address for zero downtime migration of any service. By the end, you’ll understand the complexities of transitioning monolithic apps to Kubernetes using CNCF tools and gain insights to guide your own migration efforts.

The Cloud Is Lying To You: What It Really Takes To Run On-Prem #

Time: 5:00pm EST - 5:30pm EST

Speakers: Paris Nakita Kejser (Advanced Platform Engineer, DevSecOps, Terma A/S)

Venue: Building B | Level 3 | B312-314, Atlanta, GA, USA

Type: PLATFORM ENGINEERING

Description: Have you ever stopped to think about how much the cloud spoils us? Managed services, infinite scalability, auto-healing clusters, instant backups — all just a click away. But what happens when you’re told: no cloud, no internet, on-prem only? This session breaks down the brutal wake-up call that comes when cloud-native engineers are dropped into an air-gapped, on-prem world. Drawing from real-world experience rebuilding Kubernetes infrastructure in restricted environments, the talk explores what it really takes to replicate the cloud’s conveniences from scratch. From object storage and backup strategies to HA, deployment scalability, and monitoring — every layer of “magic” once taken for granted becomes a manual puzzle to solve. This talk is for anyone facing compliance constraints, cost-driven on-prem mandates, or just curious about what lies beneath the surface of their cloud-native stack. Warning: you may never see the cloud the same way again.