The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon China 2025 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.
Please note: This schedule is automatically displayed in Hong Kong Standard Time (UTC+8:00). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change and session seating is available on a first-come, first-served basis.
Sign up or log in to add sessions to your schedule and sync them to your phone or calendar.
Running GenAI workloads on Linux is a challenge due to the complexity of AI runtime toolchains and dependencies of heterogeneous GPU devices. The problem is especially acute in containers where the host and guest OSes must have compatible versions of GPU drivers and application software stacks.
CNCF’s Flatcar Linux project aims to simplify containerized Linux deployment. It has an immutable system that can be optimized for both host and guest systems. Furthermore, it supports cross-platform and cross-GPU Wasm workloads. As Wasm runtimes such as WasmEdge and LlamaEdge support a wide range of AI models, Flatcar Linux has become a good candidate for running GenAI workloads in containers.
In this talk, we will cover the basics of Flatcar and its support for Wasm runtimes. We will also discuss WasmEdge’s support for portable AI models and inference applications. Finally, we will give a demo of a complete GenAI app running in Flatcar across GPUs and CPUs.
Dr. Michael Yuan is a maintainer of WasmEdge Runtime (a project under CNCF) and a co-founder of Second State. He is the author of 5 books on software engineering published by Addison-Wesley, Prentice-Hall, and O'Reilly. Michael is a long-time open-source developer and contributor... Read More →
Fast growing technologies, such as 5G networks, industrial Internet, and AI, are giving edge computing an important role in driving digital transformation. As each new technology brings benefits, it brings challenges. First, there are massive heterogeneous edge devices and it encompass a broad range of device types. Second, Edge devices are often located in unstable and complex physical and network environments, such as limited bandwidth, high latency, etc. How to overcome these challenges and build a stable, large-scale edge computing platform needs to be resolved. KubeEdge is an open source edge computing framework that extends the power of kubernetes from central cloud to edge. Now, Kubernetes clusters powered by KubeEdge, can stably support 100,000 edge nodes and manage more than one million pods. In this session, we will share the Key challenges of manage massive heterogeneous edge nodes and tell how using ChaosMesh to makes KubeEdge more Reliable in large-scale edge nodes.
Yue Bao serves as a software engineer of Huawei Cloud. She is now working 100% on open source, focusing on lightweight edge for KubeEdge. She is the maintainer of KubeEgde and also the tech leader of KubeEdge SIG Release and Node. Before that, Yue worked on Huawei Cloud Intelligent... Read More →
work at DaoCloud as Quality Director, more than 20 years IT industry experience, China Mobile, Siemens, HP, EMC, and startup company. Newcomer in Cloud Native and open source fans. Would like to adopt open source projects to improve enterprise software quality with fast release.
End-to-end large model training is crucial for advancing autonomous driving technology. Horizon Robotics leads in this field by leveraging deep learning algorithms and chip design. They efficiently train and deploy advanced perception models like Sparse4D using cloud-native technologies. Training these models poses challenges, such as managing massive video data and numerous small files. Ensuring high-performance training with over 2000 GPUs on RDMA, quickly identifying different failures, and diagnosing issues in large-scale training. This session covers how Horizon Robotics manages large-scale training on Kubernetes. It highlights the role of distributed data caching, network topology awareness, and job affinity scheduling in optimizing a 2000 GPU training job. We'll also discuss strategies for restoring interrupted training jobs through backup machine replacement to enhance task resilience. Furthermore, experiences with CNCF projects like Volcano, Fluid, and NPD will be shared.
Zhihao Xu is currently a software engineer at Alibaba Cloud focusing on infrastructure for AI model training and large-scale model inference. Also, he is now a Maintainer of the CNCF sandbox project Fluid, which is designed for data orchestration for data-intensive applications running... Read More →
I'm Chen Yangxue, a software engineer at Horizon Robotics. With years of cloud - native experience, I'm building a ten - thousand - card training platform with a hybrid cloud setup.I've used tools like Kubernetes, Volcano, etc., to solve tough technical problems. I know how to optimize... Read More →
A variety of applications in Kubernetes typically require higher memory or compute resources during startup—such as Java, .NET, and Node.js applications, as well as those utilizing large data processing frameworks or machine learning models—due to the need to load substantial dependencies and perform complex initialization tasks. To prevent startup failures from resource contention, these applications typically have their resource requests set based on peak startup demands. However, this often leads to resource waste after startup is complete. To address this challenge, this session presents a queue-based approach using Karpenter. This method allows applications set resource requests based on typical usage instead of peak startup needs. It temporarily spreads applications across multiple smaller nodes during startup, preventing single-node overload. After startup, it smoothly consolidates them onto fewer but larger nodes to optimize resource usage while maintaining service stability.
Alibaba Cloud technical expert, maintainer of Kubernetes elastic scaling component cluster-autoscaler, initiator of open source elastic component kubernetes-cronhpa-controller, responsible for the design and implementation of elastic solutions for Alibaba Cloud industry customers... Read More →
Rentian, a Software Engineer at CloudPilot AI, focuses on the Karpenter open-source project, contributing to karpenter-provider-alibabacloud and -aws. He has also contributed to various projects and serves as a Karmada Reviewer, the Member of the Volcano and Hwmaeistor communities... Read More →
With the growing adoption of Kubernetes, managing configurations and ensuring compliance across extensive clusters becomes increasingly complex. Kyverno, a native Kubernetes policy engine, offers a streamlined solution to these challenges. In this session, we'll explore how adopting Kyverno can enhance efficiency, simplify operations, centralize control, and reduce maintenance in Kubernetes environments. We'll demonstrate how Kyverno empowers organizations to effectively manage policies and tackle the unique challenges of large-scale Kubernetes deployments. Drawing from real-world experiences, we will share valuable lessons and best practices that facilitate seamless policy integration and management. Attendees will gain practical insights and tools to optimize their Kubernetes environments using Kyverno.
Currently, he works at Xiaohongshu leading a team focused on building a highly reliable and scalable container platform. He is the founder of CNCF Sandbox Project Clusternet. Also, he is a top 50 code contributor in Kubernetes community. He had spoken many times at open source conferences... Read More →
Distributed databases like OceanBase offer scalability and fault tolerance but can be challenging to manage in Kubernetes. Kubernetes is widely used for managing workloads, but deploying OceanBase on a single cluster creates a risk of failure. If the cluster fails, the entire database may become unavailable, which is problematic in production environments.
This talk will explore how deploying OceanBase across multiple Kubernetes clusters can solve this problem. Distributing the database across clusters ensures high availability and reduces the impact of a cluster failure. It also makes Kubernetes upgrades safer for operations teams.
We’ll cover the challenges of managing distributed databases in Kubernetes, like data consistency and load balancing. We’ll also show how multi-cluster deployments improve stability and resilience, making the solution stronger for critical applications. Attendees will learn how this architecture boosts fault tolerance and simplifies database management.
Peng Wang is the Global Technical Evangelist for OceanBase, a distributed relational database designed for cloud-native applications. He has over a decade of experience in the database industry, including his previous role as a team lead in Intel’s database R&D group.He is currently... Read More →
With the rapid growth of AI applications, optimal GPU utilization is essential, particularly in GPU sharing and job scheduling. Balancing performance, flexibility, and isolation is as challenging as the “Impossible Trinity”. Technologies such as vCUDA, MPS, and MIG are promising attempts, but each has its pros and cons. Managing clusters with multiple sharing techniques adds complexity due to differing resource names and configurations. In this talk, we will demonstrate how to combine these methods easily. Users specify the memory and core count without managing GPU types or sharing methods. Based on user preferences and GPU resources, the best node and method will be selected. Requests are automatically translated into optimal profiles, and GPUs are dynamically partitioned. This approach streamlines GPU management, enhances utilization, and improves scheduling. By integrating Volcano and HAMi, the solution strengthens GPU pooling and scheduling, optimizing AI workload management.
Member of volcano community responsible for the development of gpu virtualization mechanism on volcano. It have been merged in the master branch of volcano, and will be released in v1.8. speaker, in OpenAtom Global Open Source Commit#2023
Technical expert, China Unicom Cloud Data Co., Ltd
I am a technical expert at China Unicom Cloud Data Co., Ltd, specializing in cloud computing infrastructure. I actively contribute to open-source projects, including KubeEdge, Openeular iSula, and Volcano.
It is widely recognized service meshes sidecar have introduced significant resource overhead, adversely affecting memory and CPU utilization. Farthermore, the tight coupling of sidecars with workloads complicates lifecycle management.
In this session, we will compare pros and cons of the main stream implement: Istio, Ambient and Cilium. But all use a userspace proxy per node, introducing a single point of failure and increasing connection numbers per hop. In this discussion, we aim to demonstrate how eBPF and programmable kernel modules can significantly mitigate these issues.
Lastly, we will introduce several use cases about adopting it to improve micro-service performance while minimizing the interruption on applications during infrastructure upgrades.
Operating system engineer of Huawei Technologies Co., Ltd., core member of Kmesh, contributor of libxdp. Enthusiastic about cloud native technology and eBPF-based high performance network.
Zhonghu is an Istio Steering Committee member and has been an core maintainer of istio since 2018 and also istio TOP 3 contributors. He is also the CNCF TAG-Network Tech Lead. He is maintainer of many CNCF projects, istio, kmesh and volcano, etc. Also Kubernetes TOP 100 contributors... Read More →
- Kubernetes 1.31: Moving cgroup v1 Support into Maintenance Mode: making cgroup v2 (kernel 5.8+) a key requirement. - Linux Kernel Version Requirements shows kernel requirements of Kubernetes features - eBPF and Modern Networking and observibility
This talk will provide a detailed look at the kernel version requirements for Kubernetes, with a focus on evolving trends in AI infrastructure, SIG-Node, and SIG-Network. We will explore how different kernel versions influence Kubernetes cluster operations, especially in the areas of network performance, resource management, and security enhancements. This session will also highlight some of the rising star projects in the cloud-native ecosystem, including Cilium, Falco, Pyroscope, Kepler and DeepFlow.
Key Topics: - AI Infrastructure(device related) - Kubernetes SIG-Node(cgroup) - Kubernetes SIG-Network(nftables) - eBPF-based Projects requirements - Is kernel version checked enough? - Dependencies/Ecosystem Maintenance
I'm a software developer from DaoCloud, China, and a Kubernetes contributor. Outside work, I'm often active in Kubernetes Networking, including Kube-Proxy, Calico, Cilium, Metallb, and more.
Discover how the LF Energy working group is driving innovation in sustainable living with the Open Renewable Energy Systems (ORES) project. This session will explore how ORES leverages cloud-native technologies to build an open architecture, open standards, and APIs for software-defined home energy networks. By embracing Kubernetes and other cloud-native principles, ORES enables seamless integration of renewable energy sources, energy storage, and smart devices for a future-proof, scalable, and sustainable energy ecosystem. Learn how ORES promotes collaboration, interoperability, and innovation to shape the next generation of energy solutions in the cloud-native era.
Chris Xie, Head of Open Source Strategy at Futurewei, is a prominent advocate for global open source collaboration. With a background that includes roles at both Fortune 500 companies and startups, he brings a unique combination of technical and strategic business expertise. Recently... Read More →
Imagine an API gateway standing tall as the guardian of your cloud-native applications - directing traffic, enforcing policies, and ensuring everything runs smoothly. The Kong Gateway Operator orchestrates the control and data planes in Kubernetes, ensuring this process stays on track. But what happens when things start to wobble? A misstep here, a failure there and suddenly, chaos!
In this session, we’ll dive into the twists and turns of API gateway resilience. Think of it as an adventure where the operator faces unexpected disruptions, configuration hiccups, control plane mysteries, and unexpected traffic surges. We’ll explore what happens under the hood, how the gateway responds, and what we can learn from its behavior.
By the end, you’ll walk away with a deeper understanding of how to prepare your gateways for the unexpected and turn "uh-oh" moments into "we've got this" wins.
CNCF Ambassador, Kubernetes Ingress-NGINX maintainer, Kong Inc.
Jintao Zhang is a Microsoft MVP, CNCF Ambassador, Apache PMC, and Kubernetes Ingress-NGINX maintainer, he is good at cloud-native technology and Azure technology stack.
Sayan Mondal is a Senior Software Engineer II at Harness, building their Chaos Engineering platform and helping them shape the customer experience market. He's the maintainer of a few open-source libraries and is also a maintainer and community manager of LitmusChaos (the Incubating... Read More →
Agentic AI is revolutionizing how we create intelligent agents that can interact with the real world. However, building and deploying these systems often involves significant complexity and time investment. This demo-driven session introduces a cloud-native scaffolding approach, leveraging software templates to streamline and simplify the development of agentic AI projects. This results in a more efficient and developer-friendly experience. Through live demonstrations, attendees will see firsthand how this innovative scaffolding framework accelerates the development lifecycle of agentic AI applications. It provides automated code generation and pre-configured infrastructure. Seamless integration with popular AI libraries reduces overhead and complexity. By the end of the session, participants will have a clear understanding of how to adopt cloud-native scaffolding to revolutionize their development process and gain practical skills to drive innovation in their projects.
Daniel Oh is a Java Champion and Senior Principal Developer Advocate at Red Hat to evangelize developers for building cloud-native apps and serverless ob Kubernetes ecosystems. He's also contributing to various cloud open-source projects and ecosystems as a CNCF ambassador for accelerating... Read More →
The Common Expression Language (CEL) is a powerful solution already used in the Kubernetes API, with the recent Kubernetes v1.32 highlighting it for mutating admission policies. It is also used in Envoy and Istio. This topic will explore the benefits and features that CEL can offer for multi-cluster scheduling.
There is a growing demand for granular and customizable requirements in scheduling. For example, users may want to filter clusters with the label "version" > v1.30.0 instead of listing all versions. Many also wish to use their CRD fields or metrics for scheduling. CEL's extensibility effectively addresses these challenges as it can handle complex expressions.
In this talk, we will showcase how Open Cluster Management (OCM) leverages CEL in multi-cluster scheduling. Using the ClusterProfile API as an example, we will demonstrate how CEL meets complex scheduling needs and illustrate its potential to improve GPU utilization for AI applications by solving bin-packing challenges.
Qing Hao is a Senior Software Engineer at Red Hat, where she works as the maintainer of Open Cluster Management. She is also the CNCF Ambassador, the speaker at KubeCon China 2024, and the mentor for OSPP 2022 and GSoC 2024. Qing focuses on solving complex challenges... Read More →
The rise of WebAssembly (WASM) has sparked comparisons with Docker which often leads to questions and confusion: Are WASM and Docker competing technologies?
In this talk, we will see how this is far from the truth. On one side, Docker revolutionised how we bundle and deploy applications, offering unparalleled portability and simplifying workflows across environments. On the other hand, WASM brings speed, security, and efficiency, enabling the execution of code written in languages like C, C++, and Rust almost at native speed, performance, and rapid startup time even in the browser.
We will explore how these two technologies bring the best of both worlds and help developers achieve portability, efficiency, security, and flexibility. We will also look at how Docker is actively working to make WASM mainstream by allowing WASM container images to be hosted on DockerHub and run WASM containers alongside traditional Linux and Windows containers.
Pradumna is a Developer Advocate, Docker Captain, and a DevOps and Go Developer. He is passionate about Open Source and has mentored hundreds of people to break into the ecosystem. He also creates content on X (formerly Twitter) and LinkedIn, educating others about Open Source and... Read More →
As China's leading video platform, Bilibili faces 4 key challenges in multi-cluster AI workloads management: 1. Workload Diversity: Training/inference/video processing workloads have different scheduling requirements. 2. Cross-Cluster Complexity: Managing workloads across multiple Kubernetes clusters in expanding IDCs with SLAs. 3. Performance Demands: Minimal startup latency and best scheduling efficiency for short-running tasks e.g. video processing. 4. Efficiency-QoS Balance: maximizing resource utilization while ensuring priority workload stability.
This talk will share experiences and delve specific optimization techniques: 1. Leveraging and optimizing CNCF projects such as Karmada and Volcano to build a unified, high-performance AI workload scheduling platform. 2. Integrating technologies such as KubeRay to schedule various AI online and offline workloads. 3. Maximizing resource efficiency through online and offline hybrid scheduling, tidal scheduling and other technologies.
Technical Expert, Lead of Cloud Native Open Source, Huawei
Kevin Wang has been an outstanding contributor in the CNCF community since its beginning and is the leader of the cloud native open source team at Huawei. Kevin has contributed critical enhancements to Kubernetes, led the incubation of the KubeEdge, Volcano, Karmada projects in CNCF... Read More →
Long Xu is a Senior Software Engineer in the Infrastructure Department at Bilibili. He has rich experiences in the Kubernetes field, including scheduling, autoscaling and system stability.
When we started CNCF in 2015 to help advance container technology, Kubernetes was the seeding technology to provide a de facto container orchestration platform for all cloud native applications. Almost a decade later, the community has exploded with 200+ open source projects building on top of cloud native technologies. Looking ahead, what challenges will we have in the next decade? What gaps remain for users and contributors? And how do we evolve to meet the demands of an increasingly complex and connected world?
Let us review some of the key CNCF projects today and lay out some possible avenues for where cloud native is going for the next decade, AI, agentic network, sustainability and beyond.
Lin is the Head of Open Source at Solo.io, and a CNCF TOC member and ambassador. She has worked on the Istio service mesh since the beginning of the project in 2017 and serves on the Istio Steering Committee and Technical Oversight Committee. Previously, she was a Senior Technical... Read More →
With the growing demand for heterogeneous computing power, Chinese users are gradually adopting domestic GPUs, especially for inference. vLLM, the most popular open-source inference project, has drawn widespread attention but does not support domestic chips.Chinese inference engines are still developing in functionality, performance, and ecosystem. In this session, we’ll introduce how to adapt vLLM to support domestic GPUs,enabling acceleration features like PageAttention, Continuous Batching, and Chunked Prefill. We’ll also cover performance bottleneck analysis and chip operator development to maximize hardware potential. Additionally, Kubernetes has become the standard for container orchestration and is the preferred platform for inference services. We’ll show how to deploy the adapted vLLM engine on Kubernetes using the open-source llmaz project with a few lines of code, and explore how llmaz handles heterogeneous GPU scheduling and our practices for monitoring and elastic scaling.
Senior Software Engineer, China Mobile (Suzhou) Software Technology Co., Ltd.
The author has rich experience in cloud-native and AI inference development, currently works at China Mobile, focusing on the research and development of cloud-native and AI inference related products. He shared experiences of service mesh at some technical conferences such as the... Read More →
Kante is a senior software engineer and an open source enthusiast from DaoCloud, his work is mostly around scheduling, resource management and LLM inference. He actively contributes to upstream Kubernetes as SIG-Scheduling Maintainer and helps in incubating several projects like Kueue... Read More →
Peer Group Mentoring allows participants to meet with experienced open source veterans across many CNCF projects. Mentees are paired with 2 – 10 other people in a pod-like setting to explore technical, community, and career questions together.
Not everything can be thought about while designing or developing the applications, and as such lot of the design decisions are based on estimates and potential usage patterns.
More often that not, these estimates differ from reality and introduce inefficiencies in the system across several fronts - and if at all visible, it always much later in the lifecycle when you already have several customers & high footprint.
And hence, unless there is a clear sign of performance degradation or unjustified costs, there is often no incentive to invest time & effort for some unknown gains.
In this session Yash will outline a real world case study about how they went about building an internal platform for handling several aspects of post deployment challenges like
1. rightsizing opportunities, 2. architecture migrations like moving to serverless, 3. finding right maintenance windows, etc
by using a wide range of metrics, and how impactful these minor optimizations turned out to be.
Yash is working with Google as Software Engineer, and has 9 years of industrial experience with cloud architectures and micro-service development across Google and VMware. He has been a speaker at several international conferences such as KubeCon + CloudNativeCon and Open Source... Read More →
Strong communities foster a feeling of belonging by providing opportunities for interaction, collaboration, and shared experiences. We hope to do just that with a gathering of attendees who identify as women and non-binary individuals at KubeCon + CloudNativeCon China! Join fellow women community members for networking and connection.
Recently, the health of open-source projects, particularly, vendor diversity and neutrality, has become a key topic of discussion. Many projects have faced challenges due to a lack of vendor diversity, threatening their sustainability. It is increasingly clear that setting up the right governance structure and project team during a project’s growth is critical. KubeEdge, the industry's first cloud-native open-source edge computing project, has grown from its initial launch in 2018 to achieving CNCF graduation this year. Over the past few years, KubeEdge has evolved from a small project into a diverse, collaborative and multi-vendor open-source community In this panel, we will discuss the lessons learned from KubeEdge community graduation journey, focusing on key strategies in technical planning, community governance, developer growth, and project maintenance. Join us to explore how to build a multi-vendor and diverse community, and how to expand into different industries.
Huan is an open source enthusiast and cloud native technology advocate. He is currently the CNCF ambassador, and TSC member of KubeEdge project. He is serving as experienced technical director for HarmonyCloud.
KubeEdge TSC Member, Senior Software Engineer at Huawei Cloud. Focusing on Cloud Native,Kubernetes, Service Mesh, EdgeComputing, EdgeAI and other fields. Currently maintaining the KubeEdge project which is a CNCF graduated project. And has rich experience in Cloud Native and EdgeComputing... Read More →
KubeSphere founding member, KubeEdge TSC member, Director of Cloud Platform, QingCloud Technologies
Benjamin Huo leads QingCloud Technologies' Architect team and Observability Team. He is the founding member of KubeSphere and the co-author of Fluent Operator, Kube-Events, Notification Manager, OpenFunction, and most recently eBPFConductor. He loves cloud-native technologies especially... Read More →
Yue Bao serves as a software engineer of Huawei Cloud. She is now working 100% on open source, focusing on lightweight edge for KubeEdge. She is the maintainer of KubeEgde and also the tech leader of KubeEdge SIG Release and Node. Before that, Yue worked on Huawei Cloud Intelligent... Read More →
Hongbing Zhang is Chief Operating Officer of DaoCloud. He is a veteran in open source areas, he founded IBM China Linux team in 2011 and organized team to make significant contributions in Linux Kernel/openstack/hadoop projects. Now he is focusing on cloud native domain and leading... Read More →
Maximizing security in multi-tenant clusters while maintaining cost-effectiveness is crucial for enterprise OPS. Most enterprise clusters deploy multiple daemonsets, which are attractive targets for attackers seeking to escape and move laterally, ultimately taking over the entire cluster.
The SIG community has introduced several advanced security features recently, such as CRD Field Selectors, Field and Label Selector Authorization, validating admission policy (VAP), and Structured Authorization Config. These allow users to define more flexible authorization configurations, addressing filtering and authorization needs for CRDs, kubelet, and other resources in multi-tenant environments.
We will share the lessons learned from the node escape incidents and demonstrate how to implement these new features and show how to use the Common Expression Language (CEL) to configure customized policies in Authorization Webhook and VAP, resulting more node-specific restrictions within clusters.
Dahu Kuang is a Security Tech Lead on the Alibaba Cloud Container Service for Kubernetes (ACK) team, focusing on the design and implementation of container security-related work, especially within the context of secure supply chain.
Cheng Gao, Senior Security Engineer at Alibaba Cloud, focuses on the Security Development Lifecycle (SDL) for cloud-native applications. With expertise in container services, observability, and Serverless architectures, Cheng has led security assurance for several internal container... Read More →
AI developer in K8S: either in Jupyter notebook or LLM serving: Python Dependency is always a headache : - Prepare a set of base Images? The maintenance amounts & efforts will be a nightmare: Since (1) packages in AI world are rapidly version bumping, (2) diff llm codes require diff packages permutation/combination. - Leave users to `pip install` by themselves ? The resigned waiting blocks productivity and efficiency. You may agree if you did it. - If on a GPU Cloud, the pkg preparation time may even cost a lot: you rent a GPU but wasted in waiting pip downloading... - you may choose to D.I.Y: docker-commit your own base-images, but you have to worry about the Dockerfile, registry and additional cloud cost if you don't have local docker env.
---- So we introduce https://github.com/BaizeAI/dataset.
The solution: 1. A CRD to describe the dependency and env. 2. K8S Job to pre-load the packages. 3. PVC to store and mount 4. `conda` to switch from envs 5. share between namespaces
Cloud native developer, AI researcher, Gopher with 5 years of experience in loads of development fields across AI, data science, backend, frontend. Co-founder of https://github.com/nolebase
In the rapidly evolving landscape of cloud computing and microservices architecture, efficiently and securely managing communication between services has become a critical challenge. Traditional methods of network traffic authentication often become a performance bottleneck, especially when handling large-scale data flows. This session introduces an innovative solution — leveraging Linux kernel technology XDP (eXpress Data Path) to achieve efficient traffic authentication for service-to-service communications.
We will delve into how to use XDP for rapid filtering and processing of packets before they enter the system's protocol stack, significantly reducing latency and enhancing overall system throughput. Additionally, we will share practical application experiences from projects such as Kmesh, including but not limited to performance tuning, security considerations, and integration with other network security strategies.
Operating system engineer of Huawei Technologies Co., Ltd., core member of Kmesh, contributor of libxdp. Enthusiastic about cloud native technology and eBPF-based high performance network.
Zhonghu is an Istio Steering Committee member and has been an core maintainer of istio since 2018 and also istio TOP 3 contributors. He is also the CNCF TAG-Network Tech Lead. He is maintainer of many CNCF projects, istio, kmesh and volcano, etc. Also Kubernetes TOP 100 contributors... Read More →
