KubeCon + CloudNativeCon China 2025: Full Schedule

10-11 June
Learn More and Register to Attend

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon China 2025 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Hong Kong Standard Time (UTC+8:00). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change and session seating is available on a first-come, first-served basis.

arrow_back View All Dates

09:00 HKT

Keynote: Welcome Back + Opening Remarks - Keith Chan, Director of Strategic Planning, The Linux Foundation APAC

Wednesday June 11, 2025 09:00 - 09:10 HKT

Level 16 | Grand Ballroom I

Speakers

Keith Chan

Director of Strategic Planning, The Linux Foundation APAC

Wednesday June 11, 2025 09:00 - 09:10 HKT
Level 16 | Grand Ballroom I

Keynote Sessions

Content Experience Level Intermediate
Presentation Language English

09:12 HKT

Keynote: Optimizing AI Workload Scheduling: Bilibili's Journey To an Efficient Cloud Native AI Platform - Long Xu, Bilibili & Kevin Wang, Huawei

Wednesday June 11, 2025 09:12 - 09:22 HKT

Level 16 | Grand Ballroom I

As China's leading video platform, Bilibili faces 4 key challenges in multi-cluster AI workloads management:
1. Workload Diversity: Training/inference/video processing workloads have different scheduling requirements.
2. Cross-Cluster Complexity: Managing workloads across multiple Kubernetes clusters in expanding IDCs with SLAs.
3. Performance Demands: Minimal startup latency and best scheduling efficiency for short-running tasks e.g. video processing.
4. Efficiency-QoS Balance: maximizing resource utilization while ensuring priority workload stability.

This talk will share experiences and delve specific optimization techniques:
1. Leveraging and optimizing CNCF projects such as Karmada and Volcano to build a unified, high-performance AI workload scheduling platform.
2. Integrating technologies such as KubeRay to schedule various AI online and offline workloads.
3. Maximizing resource efficiency through online and offline hybrid scheduling, tidal scheduling and other technologies.

Speakers

Kevin Wang

Technical Expert, Lead of Cloud Native Open Source, Huawei

Kevin Wang has been an outstanding contributor in the CNCF community since its beginning and is the leader of the cloud native open source team at Huawei. Kevin has contributed critical enhancements to Kubernetes, led the incubation of the KubeEdge, Volcano, Karmada projects in CNCF... Read More →

Long Xu

Senior Software Engineer, Bilibili

Long Xu is a Senior Software Engineer in the Infrastructure Department at Bilibili. He has rich experiences in the Kubernetes field, including scheduling, autoscaling and system stability.

Wednesday June 11, 2025 09:12 - 09:22 HKT
Level 16 | Grand Ballroom I

Keynote Sessions, AI + ML

Content Experience Level Any
Presentation Language Chinese

09:24 HKT

Keynote: Key Cloud Native Technologies in its Next Decade - Lin Sun, Head of Open Source, Solo.io

Wednesday June 11, 2025 09:24 - 09:34 HKT

Level 16 | Grand Ballroom I

When we started CNCF in 2015 to help advance container technology, Kubernetes was the seeding technology to provide a de facto container orchestration platform for all cloud native applications. Almost a decade later, the community has exploded with 200+ open source projects building on top of cloud native technologies. Looking ahead, what challenges will we have in the next decade? What gaps remain for users and contributors? And how do we evolve to meet the demands of an increasingly complex and connected world?

Let us review some of the key CNCF projects today and lay out some possible avenues for where cloud native is going for the next decade, AI, agentic network, sustainability and beyond.

Speakers

Lin Sun

Head of Open Source & CNCF TOC, Solo.io

Lin is the Head of Open Source at Solo.io, and a CNCF TOC member and ambassador. She has worked on the Istio service mesh since the beginning of the project in 2017 and serves on the Istio Steering Committee and Technical Oversight Committee. Previously, she was a Senior Technical... Read More →

Wednesday June 11, 2025 09:24 - 09:34 HKT
Level 16 | Grand Ballroom I

Keynote Sessions

Content Experience Level Any
Presentation Language English

09:36 HKT

Keynote: Who Owns Your Pod? Observing and Blocking Unwanted Behavior at eBay With eBPF - Jianlin Lv, eBay & Liyi Huang, Isovalent at Cisco

Wednesday June 11, 2025 09:36 - 09:46 HKT

Level 16 | Grand Ballroom I

Kubernetes admins often struggle to understand pod activities, both for regular pods and those with various privileges. This session explores two use cases that highlight why Tetragon, an eBPF-based observability and enforcement tool, for pod security:
1.Replacing Auditbeat with Tetragon: Learn how Auditbeat rules mapped to Tetragon tracing policies, identifying functionality gaps, and how eBay contributed back to the community
2.Auditing Container Process Permissions: See how Tetragon helped analyze pod behavior and determine if applications could migrate to more restrictive pod security policies, ensuring adherence to the principle of least privilege
We also cover deployment challenges, such as integrating with SIEM platforms, resource utilization, and implementing runtime enforcement for unwanted pod behavior. This talk provides practical insights into using Tetragon for observability, policy refinement, and improving overall pod security posture in Kubernetes environments.

Speakers

Jianlin Lv

Senior Linux Kernel Development Engineer, eBay

https://www.linkedin.com/in/jianlin-lv-25650141/

Liyi Huang

customer success architect, Isovalent at Cisco

senior solution architect @isovalent.com

Wednesday June 11, 2025 09:36 - 09:46 HKT
Level 16 | Grand Ballroom I

Keynote Sessions, Observability

Content Experience Level Intermediate
Presentation Language Chinese

09:48 HKT

Keynote: How We Save $900 per Day with Self-Hosted AI: Building Scalable Local LLM Infrastructure - Vivian Hu, Product Manager, Second State & Lv Yi, CTO, 5miles

Wednesday June 11, 2025 09:48 - 09:58 HKT

Level 16 | Grand Ballroom I

While SaaS AI providers like OpenAI offer convenient LLM services, they come with significant drawbacks: high costs, lack of customization, lack of privacy, and usage limitations that can throttle high-volume applications.

This presentation shows how a leading e-commerce web site deployed a highly customized suite of LLM applications on private cloud infra, reducing costs by 90% while maintaining complete control over scalability and quality of service. We'll discuss the technology stack for orchestrating inference workloads on cloud GPUs, and explore practical strategies for building stable, scalable, high-performance AI apps on your own private cloud infra.

Speakers

Lv Yi

CTO, 5miles

Lv Yi is the CTO of 5miles, a leading e-commerce platform in the United States. With 19 years in IT, he is a cloud native enthusiast who previously served as a mobile business expert at AsiaInfo. In 2012, he led Zhangyue's systems evolution toward microservices architecture. At 5miles... Read More →

Vivian Hu

Product Manager, Second State

Vivian Hu is a Product Manager at Second State and a columnist at InfoQ. She is a founding member of the WasmEdge project. She organizes Rust and WebAssembly community events in Asia.

Wednesday June 11, 2025 09:48 - 09:58 HKT
Level 16 | Grand Ballroom I

Keynote Sessions

Presentation Language Chinese

10:00 HKT

Keynote: Building a Large Model Inference Platform for Heterogeneous Chinese Chips Based on VLLM - Kante Yin, DaoCloud

Wednesday June 11, 2025 10:00 - 10:10 HKT

Level 16 | Grand Ballroom I

With the growing demand for heterogeneous computing power, Chinese users are gradually adopting domestic GPUs, especially for inference. vLLM, the most popular open-source inference project, has drawn widespread attention but does not support domestic chips.Chinese inference engines are still developing in functionality, performance, and ecosystem. In this session, we’ll introduce how to adapt vLLM to support domestic GPUs,enabling acceleration features like PageAttention, Continuous Batching, and Chunked Prefill. We’ll also cover performance bottleneck analysis and chip operator development to maximize hardware potential.
Additionally, Kubernetes has become the standard for container orchestration and is the preferred platform for inference services. We’ll show how to deploy the adapted vLLM engine on Kubernetes using the open-source llmaz project with a few lines of code, and explore how llmaz handles heterogeneous GPU scheduling and our practices for monitoring and elastic scaling.

Speakers

Kante Yin

Software Engineer, DaoCloud

Kante is a senior software engineer and an open source enthusiast from DaoCloud, his work is mostly around scheduling, resource management and LLM inference. He actively contributes to upstream Kubernetes as SIG-Scheduling Maintainer and helps in incubating several projects like Kueue... Read More →

Wednesday June 11, 2025 10:00 - 10:10 HKT
Level 16 | Grand Ballroom I

Keynote Sessions, AI + ML

Content Experience Level Any
Presentation Language Chinese

10:10 HKT

Keynote: Closing Remarks

Wednesday June 11, 2025 10:10 - 10:15 HKT

Level 16 | Grand Ballroom I

Wednesday June 11, 2025 10:10 - 10:15 HKT
Level 16 | Grand Ballroom I

Keynote Sessions, Platform Engineering

Content Experience Level Intermediate
Presentation Language English

11:00 HKT

Unified Observability in GRPC: Metrics and Tracing Using OpenTelemetry Plugin - Purnesh Dixit, Google

Wednesday June 11, 2025 11:00 - 11:30 HKT

Level 16 | Grand Ballroom I

gRPC’s performance advantages hinge on minimizing latency, but its binary protocol and streaming capabilities make debugging and monitoring inherently opaque. While distributed tracing identifies bottlenecks, metrics like error rates and throughput are critical for holistic insights. Yet, manual instrumentation for these signals in gRPC is complex, error-prone, and lacks standardization.

In this talk, Purnesh Dixit from the gRPC team unveils the new OpenTelemetry plugin for gRPC, developed by the gRPC team at Google, which provides unified metrics and tracing out-of-the-box to monitor retries, diagnose streaming bottlenecks, and optimize performance without invasive code changes.
1) Client-per-call: Track overall RPC lifecycle (e.g., grpc.client.call.duration).

2) Client-per-call-attempt: Analyze individual retries/hedges (e.g., grpc.client.attempt.duration).

3) Server-instruments: Measure concurrency, request queuing, and stream lifetimes (e.g., grpc.server.call.started).

Speakers

Purnesh Dixit

Purnesh Dixit (gRPC Team, Google), Google

Purnesh is a software engineer on the gRPC team at Google. He is a contributor to the OpenTelemetry and xDS support in gRPC-go.

Unified Observability in GRPC Metrics and Tracing using OpenTelemetry Plugin pdf

Wednesday June 11, 2025 11:00 - 11:30 HKT
Level 16 | Grand Ballroom I

Observability

Content Experience Level Intermediate
Presentation Language English

11:45 HKT

China Mobile's Panji Platform: Observability Practices and Implementations for LLM Applications Base - Jing Shang, China Mobile & Casey Li, Yunshan Networks, Inc.

Wednesday June 11, 2025 11:45 - 12:15 HKT

Level 16 | Grand Ballroom I

As large language model (LLM) applications are widely deployed, their complex architectures challenge business observability. APM probes, which rely on instrumentation or proxy operation, consume system resources and impact traffic and performance, restricting their use in complex scenarios. Also, multiple teams handling different LLM instances make it hard to coordinate unified observability construction.
To solve this, China Mobile‘'s Panji platform collaborates with DeepFlow to achieve zero-intrusion (Zero Code) and full-stack (Full Stack) observability instantly, using eBPF and Wasm technologies. eBPF collects real-time data at the kernel level, while Wasm plugins parse streaming requests. By integrating existing data, the platform provides service universal map, distributed tracing, and multi-dimensional metric analysis, ensuring the stability and performance optimization of LLM applications.

Speakers

Jing Shang

Chief Expert of China Mobile Group, China Mobile

Dr. Shang Jing, Chief Expert at China Mobile Group, has over 20 years of experience in IT system development, construction, and operation. Specializing in big data and cloud technologies, she led the development of China Mobile's Wutong Big Data Platform. Under her leadership, the... Read More →

Casey Li

Product Manager, Yunshan Networks, Inc.

Starting from graduate school at Huazhong University of Science and Technology in 2013, I joined Tencent Cloud virtual network team in 2016, which provided me with in-depth theoretical knowledge and practical experience in cloud networks. In 2018, I joined YUNSHAN Networks as PM... Read More →

中国移动磐基平台 LLM 应用的可观测性实践 pdf

Wednesday June 11, 2025 11:45 - 12:15 HKT
Level 16 | Grand Ballroom I

Observability

Content Experience Level Advanced
Presentation Language Chinese

13:45 HKT

Connecting Dots: Unified Hybrid Multi-Cluster Auth Experience With SPIFFE and Cluster Inventory API - Chen Yu, Microsoft & Jian Zhu, Red Hat

Wednesday June 11, 2025 13:45 - 14:15 HKT

Level 16 | Grand Ballroom I

As the multi-cluster pattern continues to evolve, managing K8s identities, credentials, and permissions for teams and multi-cluster apps, such as Argo and Kueue, has become a hassle, typically involving managing individual service accounts on each cluster and passing credentials around. Such setup is often scattered, repetitive, difficult to track/audit, and may impose security and ops complications. This is especially true with hybrid environments, where different solutions could be in play across platforms.

This demo presents a solution based on OpenID, SPIFFE/SPIRE, and Cluster Inventory API from the Multi-Cluster SIG that provides a unified, seamless, and secure auth experience. Facilitated by CNCF multi-cluster projects, OCM and KubeFleet, attendees could be inspired to leverage open source solutions to eliminate credential sprawl, reduce operational complexity, and enhance security in hybrid cloud environments, when setting up teams/applications to access a multi-cluster setup.

Speakers

Chen Yu

Senior Software Engineer, Microsoft

Chen Yu is a senior software engineer at Microsoft with a keen interest in cloud-native computing. He is currently working on Multi-Cluster Kubernetes and contributing to the Fleet project open-sourced by Azure Kubernetes Service.

Jian Zhu

Senior Software Engineer, RedHat

Zhu Jian is a senior software engineer at RedHat, a speaker at Kubecon China 2024, and a core contributor to the open cluster management project. Jian enjoys solving multi-cluster workload distribution problems and extending OCM with add-ons.

Kubecon China 2025 Unified Hybrid Multi Cluster Auth Experience with SPIFFE and Cluster Inventory API pdf

Wednesday June 11, 2025 13:45 - 14:15 HKT
Level 16 | Grand Ballroom I

Security

Content Experience Level Intermediate
Presentation Language Chinese

14:30 HKT

Guardians of Multi-Tenancy: Enhanced Authorization To Prevent Lateral Node Escape - Dahu Kuang & Cheng Gao, Alibaba Cloud

Wednesday June 11, 2025 14:30 - 15:00 HKT

Level 16 | Grand Ballroom I

Maximizing security in multi-tenant clusters while maintaining cost-effectiveness is crucial for enterprise OPS. Most enterprise clusters deploy multiple daemonsets, which are attractive targets for attackers seeking to escape and move laterally, ultimately taking over the entire cluster.

The SIG community has introduced several advanced security features recently, such as CRD Field Selectors, Field and Label Selector Authorization, validating admission policy (VAP), and Structured Authorization Config. These allow users to define more flexible authorization configurations, addressing filtering and authorization needs for CRDs, kubelet, and other resources in multi-tenant environments.

We will share the lessons learned from the node escape incidents and demonstrate how to implement these new features and show how to use the Common Expression Language (CEL) to configure customized policies in Authorization Webhook and VAP, resulting more node-specific restrictions within clusters.

Speakers

Dahu Kuang

Senior Engineer, Alibaba Cloud

Dahu Kuang is a Security Tech Lead on the Alibaba Cloud Container Service for Kubernetes (ACK) team, focusing on the design and implementation of container security-related work, especially within the context of secure supply chain.

Cheng Gao

Senior Security Engineer, Alibaba Cloud

Cheng Gao, Senior Security Engineer at Alibaba Cloud, focuses on the Security Development Lifecycle (SDL) for cloud-native applications. With expertise in container services, observability, and Serverless architectures, Cheng has led security assurance for several internal container... Read More →

Guardians of Multi Tenancy Enhanced Authotization to Prevent Lateral Node Escape pdf

Wednesday June 11, 2025 14:30 - 15:00 HKT
Level 16 | Grand Ballroom I

Security

Content Experience Level Any
Presentation Language English

15:30 HKT

Policy as Code: Past, Present and Future for Novice - Hoon Jo, Megazone

Wednesday June 11, 2025 15:30 - 16:00 HKT

Level 16 | Grand Ballroom I

When you're new to Kubernetes, Policy as Code (PaC) can be a very unfamiliar topic. But as you get more familiar with Kubernetes, you'll probably be interested in how you can use it securely, especially since Kubernetes is essentially a declarative system via YAML, so having security also be done in code will help with usability and reducing human error.

In order to make PaC easier to understand, I'll demonstrate the Admission Control part directly in Kubernetes. Until recently, this part was based on webhooks, but since v1.23, the decision to actively embrace the Common Expression Language (CEL) has made it possible to apply it as code directly inside Kubernetes. Validating Admission Policy became GA in v1.30, and Mutating Admission Policy is in Alpha in v1.32.

Based on this outline, I'll talk about how PaC has been applied to Kubernetes in the past, how it works today, and finally, how we can expect it to be integrated into Kubernetes in the future.

See you at the session! 🙂

Speakers

Hoon Jo

Cloud Solutions Architect, Cloud Native Engineer, Megazone

Hoon Jo is Cloud Solutions Architect as well as Cloud Native engineer at Megazone. He has many times of speaker experience for cloud native technologies. And spread out Cloud Native Ubiquitous in the world. He has written several books and latest books is 『CONTAINER INFRASTRUCTURE... Read More →

Policy as Code Past, Present and Future for Novice v1.0.0 pdf

Wednesday June 11, 2025 15:30 - 16:00 HKT
Level 16 | Grand Ballroom I

Cloud Native Novice

Content Experience Level Beginner
Presentation Language English