The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon China 2025 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.
Please note: This schedule is automatically displayed in Hong Kong Standard Time (UTC+8:00). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change and session seating is available on a first-come, first-served basis.
Sign up or log in to add sessions to your schedule and sync them to your phone or calendar.
Zemlin’s career spans three of the largest technology trends to rise over the last decade: mobile computing, cloud computing and open source software. Today, as executive director of The Linux Foundation, he uses this experience to accelerate the adoption of Linux and support the... Read More →
Chris Aniszczyk is an open source executive and engineer with a passion for building a better world through open collaboration. He's currently a CTO at the Linux Foundation focused on developer relations and running the Open Container Initiative (OCI) / Cloud Native Computing Foundation... Read More →
Why consider Crossplane when so many IaC tools exist—Terraform, Pulumi, CloudFormation, Config Connector, and KRO? What unique challenges does it solve, and is it always the right choice? Join Cortney & Amit as they explore why Crossplane is gaining traction, not just as an IaC tool but as a Platform Engineering enabler. Learn how Crossplane extends the Kubernetes API to manage both infrastructure and applications declaratively, empowering platform teams. Beyond provisioning, security and compliance are critical. Discover how the Crossplane + ArgoCD + Kyverno stack enables GitOps-driven automation, ensuring deployments align with organizational compliance and security policies. Through real-world use cases, we’ll explore: Where does Crossplane fit among IaC tools? When is Crossplane NOT the right choice? How can it enable scalable, self-service platforms? How does it integrate with ArgoCD & Kyverno for GitOps and security?
Amit Dsouza is an IT professional with over 13 years of experience in the industry. He is a co-founder of Odyssey Cloud, Australia. With experience in Fortune 500 companies & startups, he has worked in various locations including Australia, Singapore, & India. Amit specializes in... Read More →
Cortney is Head of Community at Nirmata. As a CNCF and Civo Ambassador, co-organizer of CNCF Bilbao Community, and speaker and organizing member of various KCD events, she is a recognized voice in the cloud native space. Initially, a non-techie, she turned techie as employee 7 at... Read More →
AI is quickly becoming the most important workload in our clouds. However, AI is not like other cloud native workloads. Whereas before, clouds could manage elastic resources that easily and cheaply scaled out, AI workloads do not readily support this. AI hardware infrastructure is moving towards large clusters of processors, is not readily scaled out, is not readily available on-demand, and is much more expensive. This requires significant changes to how we build and manage our clouds, from the operating system up to our cloud native infrastructure. This talk will highlight how this evolution towards clouds of AI clusters is happening through projects such as Linux, Volcano, and Karmada.
Chief Open Source Liaison Officer,Board member of CNCF, Huawei
Bill Ren holds an EMBA and Master Degree from Peking University, and a CS Bachelor Degree from Shanghai Jiaotong University. Since Joining Huawei in 2000, Bill served as an Intelligent Network Research and Development Engineer, Product Manager and Architect of India Branch, General... Read More →
Running GenAI workloads on Linux is a challenge due to the complexity of AI runtime toolchains and dependencies of heterogeneous GPU devices. The problem is especially acute in containers where the host and guest OSes must have compatible versions of GPU drivers and application software stacks.
CNCF’s Flatcar Linux project aims to simplify containerized Linux deployment. It has an immutable system that can be optimized for both host and guest systems. Furthermore, it supports cross-platform and cross-GPU Wasm workloads. As Wasm runtimes such as WasmEdge and LlamaEdge support a wide range of AI models, Flatcar Linux has become a good candidate for running GenAI workloads in containers.
In this talk, we will cover the basics of Flatcar and its support for Wasm runtimes. We will also discuss WasmEdge’s support for portable AI models and inference applications. Finally, we will give a demo of a complete GenAI app running in Flatcar across GPUs and CPUs.
Dr. Michael Yuan is a maintainer of WasmEdge Runtime (a project under CNCF) and a co-founder of Second State. He is the author of 5 books on software engineering published by Addison-Wesley, Prentice-Hall, and O'Reilly. Michael is a long-time open-source developer and contributor... Read More →
Training massive AI models at scale is tough—but doing it efficiently in Kubernetes is even tougher. In this keynote, we’ll share how iFlytek tackled key challenges in large-scale model training, including low GPU utilization, fragile workflows, and resource contention across teams. By leveraging Volcano, they boosted GPU usage by over 40%, and cut failure recovery time by 70%. This talk offers a quick but powerful look at how intelligent scheduling and orchestration can unlock performance, reliability, and fairness in multi-tenant AI platforms.
Xuzheng Chang is a maintainer of the Volcano community, with in-depth research and practical experience in the fields of batch computing and cloud-native AI scheduling. Xuzheng has spearheaded several significant features within the Volcano community. Actively contributing to open-source... Read More →
The release of HKGAI V1 marks a new chapter in the development of AI in Hong Kong. Leveraging the strengths of both local connectivity and global outreach, the HKGAI team embraces the open-source community to tackle challenges ranging from optimizing high-performance computing clusters to exploring cutting-edge AI models. Looking ahead, Hong Kong aims to further integrate resources from mainland China and the international community, deepening technological innovation and application expansion, and contributing a "Hong Kong Solution" to global AI standards and use cases.
Professor Guo Yike assumed office as the Provost of the Hong Kong University of Science and Technology (HKUST) on December 1, 2022. He is concurrently a Chair Professor in the Department of Computer Science and Engineering and also the Director of Hong Kong Generative AI Research... Read More →
Roby Chen, Founder and CEO of DaoCloud, Master of Computer Science from Fudan University, CNCF Ambassador, has a deep understanding of cloud-native business models and technologies. Roby is an evangelist of open source cloud computing technology, gaining valuable experience in building... Read More →
Cloud Native Buildpacks presents a great way to build containers that can then be deployed to Kubernetes. In this talk, I will demo how a container can be built, how it uses optimal paths by default, and how it can promote security.
I will also present project updates, upcoming areas of work, and where we need help and support from the community.
With the rapid development of cloud computing, IoV, and IoT, time series data, such as metrics and logs, increases rapidly. As a result, time series databases face higher challenges in terms of read/write performance, data analysis efficiency, and data storage costs.
openGemini aims to reduce data storage costs, quickly write massive time series data, and efficiently analyze. Open source in 2022 and became a sandbox project of CNCF in 2024.
Now, openGemini has been applied in 9 scenarios, including the Internet of Things (IoT), DevOps, Internet of Vehicles (IoV), electric power, energy, mining, logistics, and aerospace, with 177 contributors. More and more developers are exploring the technical advantages of openGemini.
In this lighting talk, the following topics will be covered:
Fluid is an open-source project for orchestrating data and workloads in Kubernetes. In the 2024 CNCF Technology Radar Report, Fluid is recognized as an "Adopted" project in the cloud-native AI landscape, considered ready for use by developers without further evaluation.
Maintainer from the Fluid community will reveal why it is so popular, detailing its architecture and the "Data Anyway, Anywhere, Anytime" features. He will also showcase the dynamic data mounting capabilities beneficial for data scientists, along with insights into future feature plans.
This issue has plagued Kubernetes for nearly 8 years: K8s issue #52757. The challenge of flexibly sharing GPUs across multiple containers is particularly prominent in AI scenarios, where inference tasks are typically short-lived. As a result, resource utilization becomes a critical concern.
In this talk, we will share solutions and practices for implementing GPU sharing in Kubernetes, focusing on two key projects gaining traction recently: Dynamic Resource Allocation (DRA) and the CNCF sandbox project HAMi. The presentation will cover the following topics:
1. Challenges in GPU sharing.
2. Approaches for sharing AI chips beyond NVIDIA GPUs.
3. How sharing technologies integrate with projects like Volcano, Koordinator, and Kueue.
Due to security-related considerations, eBPF technology imposes significant restrictions on the use of kernel functions, typically allowing indirect calls to kernel functions only through helper functions, which is quite inconvenient for applications related to KubeCon. Kmesh requires intrusive modifications to the kernel to implement Kernel-native Mode Seven-layer Traffic Governance Capability, hindering the adoption of the technology. Through exploration and research on the kernel, we have employed some methods to extend the usability of eBPF, reducing the need for intrusive modifications to the kernel, and enabling Kmesh-related capabilities on higher versions of Linux without requiring intrusive kernel modifications.
Open Cluster Management (OCM) allows easy integration with other projects via its Addon mechanism, enabling them to leverage multi-cluster capabilities. This 5-minute talk will introduce the OCM Addon mechanism, showing how projects can integrate with OCM as addons. I will also highlight the AddonTemplate API, which simplifies addon development by providing simple yaml files, reducing complexity and accelerating integration.
Key points:
- OCM Addon Overview: Introduction to the Addon mechanism and its role in multi-cluster environments.
- Addon Integration: How projects (e.g., Fluid) integrate with OCM to enhance multi-cluster management.
- AddonTemplate API: How the API simplifies addon creation and management.
- Real-World Benefits: Demonstrating the efficiency and scalability of OCM Addons.
This talk will help attendees understand how OCM Addons can help other projects extend the multicluster management capability.
KubeEdge, the industry’s first cloud-native open-source edge computing project, has achieved CNCF graduation last year. In this session, we will share the new features and advancements in community governance since graduation.
As a graduated project, KubeEdge has been widely used in intelligent transportation, smart city, smart park, smart energy, smart factory, smart bank, smart site, CDN and other industries to provide users with integrated edge cloud collaborative solutions. This session will also share the 10+ KubeEdge user cases in various industries, to help users understand the practical experience of cloud-native edge computing and edge AI.
Kubernetes has evolved into a complex ecosystem with numerous core components and hundreds of Custom Resources. This complexity poses significant challenges when designing workloads that involve multiple technologies. Engineers often find themselves burdened with Complex Configuration Management with YAML files, ensuring correct network configurations, RBAC rules and so on which is tedious and error-prone.
Developers often need to manually copy and paste reference configurations or manage and store either Helm or Kustomize templates to achieve this which has a high learning curve and is difficult especially for newcomers to ecosystem.
This talk helps in understanding how Meshery a CNCF project and cloud-native manager, with intuitive visual interface, reduces cognitive load, aligns with users' mental models, streamlines infrastructure design backed by OPA policies and how Meshery makes Kubernetes more accessible, empowering you to visualize your infrastructure.
Get a rapid snapshot of Kyverno’s latest features! In this 5-minute talk, Shuting Zhao highlights how Kyverno now supports CEL (Common Expression Language) for expressive, dynamic policies and introduces new policy types to align with Kubernetes’ ValidatingAdmissionPolicy and MutatingAdmissionPolicy. See how these updates empower you to create more flexible policies, improve cluster security, and streamline compliance workflows. Whether you’re managing policies or exploring Kyverno for the first time, this session offers a quick, impactful look at what’s new and how it can benefit your Kubernetes environment.
WasmEdge 0.15.0 is coming soon! This release brings key WebAssembly features including the component model proposal, plus expanded support for multimodal models and the latest OpenVINO plugin support. Join us to learn about the release highlights and future roadmap.
Observability is essential, but common antipatterns like over-collecting data, siloed tools, and poorly instrumented code can derail your efforts. This session uncovers the most frequent observability pitfalls and shows how OpenTelemetry addresses these challenges with its standardized approach. From eliminating vendor lock-in to streamlining telemetry pipelines, you’ll gain insights into building a more effective and sustainable observability strategy. Real-world examples will highlight how teams have successfully overcome these antipatterns, empowering you to avoid costly mistakes and maximize OpenTelemetry’s potential.
Steve Flanders is a Senior Director of Engineering at Splunk responsible for the Observability Platform team, which includes contributions to the OpenTelemetry project. Previously, he was the Head of Product and Experience at Omnition, which Splunk acquired. Prior to Omnition, he... Read More →
Observability for cloud-native software applications requires efficient and reliable methods to gain insights into distributed systems. This talk will explore various instrumentation approaches for Golang, focusing on the concept of compile-time auto-instrumentation with OpenTelemetry. We will unveil implementation details of compile-time auto-instrumentation, highlighting the revolutionary features including flexible custom plugin capabilities, enhanced context propagation, trace-log correlation, and etc. The talk will cover examples of using compile-time auto instrumentation, lessons learned from the practice and scenarios that benefit from such an implementation. The audience will take away a solid understanding of how compile-time auto instrumentation works and why it presents an efficient and more performant solution for achieving observability.
Przemek is a founding engineer at Quesma, working in the data transformation space and responsible for architectural direction. An observability veteran with over 15 years of experience at Dynatrace and Sumo Logic. OpenTelemetry Maintainer. Designs programming languages for fun
Distributed databases like OceanBase offer scalability and fault tolerance but can be challenging to manage in Kubernetes. Kubernetes is widely used for managing workloads, but deploying OceanBase on a single cluster creates a risk of failure. If the cluster fails, the entire database may become unavailable, which is problematic in production environments.
This talk will explore how deploying OceanBase across multiple Kubernetes clusters can solve this problem. Distributing the database across clusters ensures high availability and reduces the impact of a cluster failure. It also makes Kubernetes upgrades safer for operations teams.
We’ll cover the challenges of managing distributed databases in Kubernetes, like data consistency and load balancing. We’ll also show how multi-cluster deployments improve stability and resilience, making the solution stronger for critical applications. Attendees will learn how this architecture boosts fault tolerance and simplifies database management.
Peng Wang is the Global Technical Evangelist for OceanBase, a distributed relational database designed for cloud-native applications. He has over a decade of experience in the database industry, including his previous role as a team lead in Intel’s database R&D group.He is currently... Read More →
As AI/ML workloads continue to scale in complexity, developers and platform engineers are pushing Kubernetes beyond typical MLOps boundaries.
This talk dives into strategies for orchestrating GPU-accelerated training and inference across large-scale clusters -integrating HPC principles, operator-based scheduling, and novel debugging workflows.
Attendees will learn how to implement fine-grained GPU partitioning, harness ephemeral containers to probe and adjust multi-node training in real time, and adopt eBPF-driven instrumentation for low-overhead kernel-level performance insights. We’ll explore cutting-edge scheduling optimizations—like reinforcement-learning approaches and HPC-inspired batch-queuing orchestration on Kubernetes that dynamically respond to heterogeneous job demands.
Real-world case studies will highlight HPC integration scenarios (RDMA, GPU Direct) for data-parallel workloads and complex training frameworks such as Horovod, Ray, and Spark on Kubernetes.
Principal Technical Solutions Architect, Akamai Technologies
Brandon Kang is a Principal Technical Solutions Architect at Akamai Technologies, specializing in cloud-native projects across Asia as a compute specialist.Before joining Akamai, he served as a Lead Software Engineer at Samsung, a Senior Program Manager at Microsoft, and a Service... Read More →
In this Lightning Talk, we’ll dive into K8sGPT, a CNCF sandbox project that uses AI to enhance Kubernetes management. K8sGPT leverages LLMs to diagnose cluster issues, offering root cause analysis and solutions in simple terms. It encodes SRE expertise into analyzers, extracting key insights and enriching them with AI-powered explanations. Key highlights: - Core Features: Learn to use the CLI and K8sGPT Operator for cluster error analysis and contextualized insights. - AI Integration & Security: Explore integration with AI models like OpenAI, Azure, and Ollama, with data anonymization for security. - Real-world Demos: See how K8sGPT simplifies Kubernetes troubleshooting. - Enterprise Strategies: Discover techniques like LoRA and RAG to tailor K8sGPT for specific environments. Whether you're new to Kubernetes or an expert, K8sGPT can streamline cluster management, reduce troubleshooting time, and boost efficiency.
Kay Yan is kubespray maintainer, containerd/nerdctl maintainer. He is the Principal Software Engineer in DaoCloud, and develop the DaoCloud Enterprise Kubernetes Platform since 2016.
Service Mesh is thriving, with new versions always incorporating exciting features and significant CVE fixes that bring considerable benefits to users. However, the disruption of service traffic caused by Service Mesh upgrades or restarts, leading to system instability, remains a major obstacle to the usage of Service Mesh in production. In the most mature sidecar model, upgrading the data plane of the service mesh results in the redeployment of services; in some cases, this is nearly unacceptable, as certain business applications may face substantial cold start costs . Even for the rising sidecarless mode, it is still necessary to address the issue of interrupting existing user connections, which requires difficult choices. This topic will begin with real-world case studies, where technical experts from Huawei Cloud and Alibaba Cloud will share practical experiences on seamless service mesh upgrades in real production scenarios with the users.
Hang Yin, senior engineer of Alibaba Cloud, focusing on Kubernetes, service mesh and other cloud native fields. Currently served in the Alibaba Cloud Service Mesh (ASM) team, responsible for core abilities of ASM such as performance improvement, ecosystem and Mesh Topology.
Senior Engineer at Huawei Cloud, specializes in Kubernetes, service mesh, and other cloud-native technologies. I am the primary developer and maintainer of the CNCF project Kmesh and actively contribute to several other CNCF projects, with a particular emphasis on service mesh and... Read More →
- Kubernetes 1.31: Moving cgroup v1 Support into Maintenance Mode: making cgroup v2 (kernel 5.8+) a key requirement. - Linux Kernel Version Requirements shows kernel requirements of Kubernetes features - eBPF and Modern Networking and observibility
This talk will provide a detailed look at the kernel version requirements for Kubernetes, with a focus on evolving trends in AI infrastructure, SIG-Node, and SIG-Network. We will explore how different kernel versions influence Kubernetes cluster operations, especially in the areas of network performance, resource management, and security enhancements. This session will also highlight some of the rising star projects in the cloud-native ecosystem, including Cilium, Falco, Pyroscope, Kepler and DeepFlow.
Key Topics: - AI Infrastructure(device related) - Kubernetes SIG-Node(cgroup) - Kubernetes SIG-Network(nftables) - eBPF-based Projects requirements - Is kernel version checked enough? - Dependencies/Ecosystem Maintenance
I'm a software developer from DaoCloud, China, and a Kubernetes contributor. Outside work, I'm often active in Kubernetes Networking, including Kube-Proxy, Calico, Cilium, Metallb, and more.
Tech startup in early stage normally aim low running cost on infrastructure spend but fast development and delivery. When there are a first few clients onboard, disaster recovery plan is a must have. When DR is required and an agreed RTO is 6 hours for example, how to not only remain low running cost but also to meet agreed RTO and SLA, our DR plan and implementation is a success to share with the audience. We onboarded container orchestration platform Kubernetes, DevOps best practices, for example Infrastructure-and-Configuration-as-Code and Pipeline-as-Code. Our DR implementation only spends a minimum cost on always-on resources. When a DR incident happens, automated pipelines will bring up on-demand resources that include a Kubernetes cluster, and geo-recover database and storage, then deploy the latest applications into kubernetes cluster, production DR can be live within 2 hours.
As a Senior DevSecOps Engineer at KPMG Australia, I have been leading the cloud operations and security for Origins, a blockchain-based SaaS solution for supply chain traceability, since May 2022. I have brought the best practices of DevSecOps into day-to-day development and delivery... Read More →
Discover how the LF Energy working group is driving innovation in sustainable living with the Open Renewable Energy Systems (ORES) project. This session will explore how ORES leverages cloud-native technologies to build an open architecture, open standards, and APIs for software-defined home energy networks. By embracing Kubernetes and other cloud-native principles, ORES enables seamless integration of renewable energy sources, energy storage, and smart devices for a future-proof, scalable, and sustainable energy ecosystem. Learn how ORES promotes collaboration, interoperability, and innovation to shape the next generation of energy solutions in the cloud-native era.
Chris Xie, Head of Open Source Strategy at Futurewei, is a prominent advocate for global open source collaboration. With a background that includes roles at both Fortune 500 companies and startups, he brings a unique combination of technical and strategic business expertise. Recently... Read More →
As we see, organizations are investing heavily in bringing AI accelerators into their data centers or using them on the public cloud but continue to struggle with the cost-effective and efficient management of these critical resources. There are some existing approaches to address them but heavy and inflexible. Here, we'd like to take this chance to review if-how we can address the challenges of expensive and limited machine learning compute resources like GPU and identifies solutions for GPU fractional optimization with our technical PoC - GPU.x by transparent backend Python hooker within ML upstream frameworks running Kubernetes. It's lightweight, easy and flexible without any code changes to your AI applications towards cloud native.
Tiejun Chen was Sr. technical leader. He ever worked at several tech companies such as VMware, Intel, Wind River Systems and so on, involved in - cloud native, edge computing, ML/AI, WebAssembly, etc. He ever made many presentations at AI.Dev NA 2023, kubecon China 2021 & 2024, Kube... Read More →
Kubernetes Isekai (異世界) is an open-source RPG designed for hands-on Kubernetes learning through gamification. Ideal for junior to Higher Diploma students at Hong Kong Institute of Information Technology (HKIIT), it transforms Kubernetes education into an engaging adventure.
Role-Playing Adventure: Students interact with NPCs who assign Kubernetes tasks. Task-Based Learning: Tasks involve setting up and managing Kubernetes clusters. Free Access: Uses AWS Academy Learner Lab with Minikube or Kubernetes. Scalable Grading: AWS SAM application tests Kubernetes setups within AWS Lambda. Progress Tracking: Students track progress and earn rewards. This game offers practical Kubernetes experience in a fun, cost-effective way. GenAI Chat: Integrates Generative AI to make NPC interactions more dynamic and fun, enhancing the overall learning experience. Demo https://www.youtube.com/watch?v=dIwNWwz681k
Senior Lecturer, Hong Kong Institute of Information Technology
Cyrus Wong is an accomplished senior lecturer who oversees the Higher Diploma program in Cloud and Data Centre Administration at the Hong Kong Institute of Information Technology (HKIIT) in Hong Kong. He is a passionate advocate for the adoption of cloud technology across various... Read More →
Cloud major student, Hong Kong Institute of Information Technology at IVE(Lee Wai Lee)
I am pursuing a Higher Diploma in Cloud and Data Centre Administration at the Hong Kong Institute of Information Technology at IVE (Lee Wai Lee) and am currently interning at Cathay Pacific Airways. This project teaches Kubernetes concepts and commands in a gamified way. By turning... Read More →
Agentic AI is revolutionizing how we create intelligent agents that can interact with the real world. However, building and deploying these systems often involves significant complexity and time investment. This demo-driven session introduces a cloud-native scaffolding approach, leveraging software templates to streamline and simplify the development of agentic AI projects. This results in a more efficient and developer-friendly experience. Through live demonstrations, attendees will see firsthand how this innovative scaffolding framework accelerates the development lifecycle of agentic AI applications. It provides automated code generation and pre-configured infrastructure. Seamless integration with popular AI libraries reduces overhead and complexity. By the end of the session, participants will have a clear understanding of how to adopt cloud-native scaffolding to revolutionize their development process and gain practical skills to drive innovation in their projects.
Daniel Oh is a Java Champion and Senior Principal Developer Advocate at Red Hat to evangelize developers for building cloud-native apps and serverless ob Kubernetes ecosystems. He's also contributing to various cloud open-source projects and ecosystems as a CNCF ambassador for accelerating... Read More →
Search, advertising, and recommendation services are among the primary business types within Xiaohongshu. Due to the strong dependency of these services on index table, each instance replica needs to maintain its own independent state. As a result, such services are deployed using the stateful workload. With the rapid growth of Xiaohongshu's business scale, the size limit of a single Kubernetes cluster has made it impossible to further scale stateful services. To address daily traffic and business growth, the only solution was to migrate workloads to idle clusters. However, this migration approach has caused significant inconvenience and risks for developer. To tackle this challenge, Xiaohongshu leveraged Karmada to implement the federation of stateful services. By designing scheduling and deployment capabilities for stateful services on federated clusters, This approach has seamlessly resolved the scaling limitations caused by single-cluster capacity constraints for stateful services.
Sunweixiang has previously worked in the Alibaba Cloud container team as software engineer and is a contributor to the OpenKruise community's main, Karmada, and other communities. He is deeply involved in container application orchestration, multi-cluster.
Song Yang is a Cloud Native Development Engineer at Xiaohongshu, currently working on multi-cluster and Kubernetes scheduler. He is a maintainer of the CNCF incubating project KubeVela.
Disaggregating the prefill and decoding phases in LLM inference has garnered significant attention in the industry because it can enhance performance. Several solutions have been developed, including Mooncake, TetriInfer, Splitwise, DistServe, and RTP-LLM. However, deploying a disaggregation LLM inference at scale on Kubernetes, while evaluating its performance and cost benefits presents numerous challenges. In this talk, we will introduce a solution that uses a LeaderWorkerSet as the workload, an Ingress Controller and a node discovery service. It can deploy disaggregated PD on Kubernetes, supporting multiple LLM inference engines like Mooncake and RTP-LLM with zero intrusion. Furthermore, we will discuss improving load balancing using Envoy and ORCA, based on KVCache and metrics, and recommending optimal ratios for the PD phases. Finally, we will cover essential features for production deployment such as high availability, elastic scaling, canary releases, and observability.
Yang Che, is a senior engineer of Alibaba Cloud. He works in Alibaba cloud container service team, and focuses on Kubernetes and container related product development. Yang also works on building elastic machine learning platform on those technologies. He is an active contributor... Read More →
Jing Gu is a senior engineer at Alibaba Cloud. She works on Alibaba Cloud Container Service for Kubernetes , focusing on serving large language models (LLMs) within Kubernetes and optimizing LLM inference processes.
Kata Confidential Containers (CoCo) is a technology that provides hardware-based isolation for containerized workloads. It’s built on top of the Kata Containers project, which uses lightweight VMs to provide container isolation. It has the ability to disable file system sharing between host nodes and pods, which helps to reduce attack surfaces. However, such protection ability limits usage of Persistent Volumes. During this session, we will provide an introduction to Kata Confidential Containers and discuss the typical volume mount workflow of CSI drivers. We will cover the challenges that arise when supporting Kata CoCo in CSI drivers. We will explore the solutions we have developed to overcome these challenges and support Kata CoCo in our open source Azure File CSI driver. By the end of this session, you will have a comprehensive understanding of Kata confidential containers and be able to use them with persistent volumes including all the necessary details.
Andy Zhang is the storage lead in Azure Kubernetes Service team at Microsoft, maintainer of multiple Kubernetes projects, including Windows csi-proxy project, Azure CSI drivers, SMB, NFS, iSCSI CSI drivers, etc. Andy focuses on improving the experience of using storage in Kuberne... Read More →
The rise of WebAssembly (WASM) has sparked comparisons with Docker which often leads to questions and confusion: Are WASM and Docker competing technologies?
In this talk, we will see how this is far from the truth. On one side, Docker revolutionised how we bundle and deploy applications, offering unparalleled portability and simplifying workflows across environments. On the other hand, WASM brings speed, security, and efficiency, enabling the execution of code written in languages like C, C++, and Rust almost at native speed, performance, and rapid startup time even in the browser.
We will explore how these two technologies bring the best of both worlds and help developers achieve portability, efficiency, security, and flexibility. We will also look at how Docker is actively working to make WASM mainstream by allowing WASM container images to be hosted on DockerHub and run WASM containers alongside traditional Linux and Windows containers.
Pradumna is a Developer Advocate, Docker Captain, and a DevOps and Go Developer. He is passionate about Open Source and has mentored hundreds of people to break into the ecosystem. He also creates content on X (formerly Twitter) and LinkedIn, educating others about Open Source and... Read More →
What does the future of AI look like when we push the boundaries of cloud-based models and take it to the edge? In this talk, we’ll explore how Wasm and edge computing power AI deployment by providing developers with a fast, lightweight, and secure framework for running machine learning models across devices.
We’ll focus on how Wasm enables AI models to run efficiently on edge devices like NVIDIA GPUs, Mac, etc, driving LLM agents that require low latency and high throughput. This session will demonstrate the scalability of Wasm when integrated into distributed systems for AI processing, showing how the combination of edge computing and Wasm allows for faster, responsive AI applications that don’t rely on centralized cloud resources.
We’ll showcase real life use cases such as AI streamers commenting in real time, video translation agents deployment. Developers will walk away with an understanding of how to combine Wasm with edge infra to build and deploy AI apps that scale seamlessly
CNCF Ambassador, Founding member at WasmEdge, WasmEdge
Miley is a Dev Advocate who build & contribute to open source. She is the co-chair and keynote speaker for KubeCon+Open Source Summit and AI Dev China 2024. With 6 years of experience working on WasmEdge runtime in CNCF sandbox as the founding member, she talks at KubeCon, KCD Shenzhen... Read More →
As China's leading video platform, Bilibili faces 4 key challenges in multi-cluster AI workloads management: 1. Workload Diversity: Training/inference/video processing workloads have different scheduling requirements. 2. Cross-Cluster Complexity: Managing workloads across multiple Kubernetes clusters in expanding IDCs with SLAs. 3. Performance Demands: Minimal startup latency and best scheduling efficiency for short-running tasks e.g. video processing. 4. Efficiency-QoS Balance: maximizing resource utilization while ensuring priority workload stability.
This talk will share experiences and delve specific optimization techniques: 1. Leveraging and optimizing CNCF projects such as Karmada and Volcano to build a unified, high-performance AI workload scheduling platform. 2. Integrating technologies such as KubeRay to schedule various AI online and offline workloads. 3. Maximizing resource efficiency through online and offline hybrid scheduling, tidal scheduling and other technologies.
Technical Expert, Lead of Cloud Native Open Source, Huawei
Kevin Wang has been an outstanding contributor in the CNCF community since its beginning and is the leader of the cloud native open source team at Huawei. Kevin has contributed critical enhancements to Kubernetes, led the incubation of the KubeEdge, Volcano, Karmada projects in CNCF... Read More →
Long Xu is a Senior Software Engineer in the Infrastructure Department at Bilibili. He has rich experiences in the Kubernetes field, including scheduling, autoscaling and system stability.
When we started CNCF in 2015 to help advance container technology, Kubernetes was the seeding technology to provide a de facto container orchestration platform for all cloud native applications. Almost a decade later, the community has exploded with 200+ open source projects building on top of cloud native technologies. Looking ahead, what challenges will we have in the next decade? What gaps remain for users and contributors? And how do we evolve to meet the demands of an increasingly complex and connected world?
Let us review some of the key CNCF projects today and lay out some possible avenues for where cloud native is going for the next decade, AI, agentic network, sustainability and beyond.
Lin is the Head of Open Source at Solo.io, and a CNCF TOC member and ambassador. She has worked on the Istio service mesh since the beginning of the project in 2017 and serves on the Istio Steering Committee and Technical Oversight Committee. Previously, she was a Senior Technical... Read More →
Kubernetes admins often struggle to understand pod activities, both for regular pods and those with various privileges. This session explores two use cases that highlight why Tetragon, an eBPF-based observability and enforcement tool, for pod security: 1.Replacing Auditbeat with Tetragon: Learn how Auditbeat rules mapped to Tetragon tracing policies, identifying functionality gaps, and how eBay contributed back to the community 2.Auditing Container Process Permissions: See how Tetragon helped analyze pod behavior and determine if applications could migrate to more restrictive pod security policies, ensuring adherence to the principle of least privilege We also cover deployment challenges, such as integrating with SIEM platforms, resource utilization, and implementing runtime enforcement for unwanted pod behavior. This talk provides practical insights into using Tetragon for observability, policy refinement, and improving overall pod security posture in Kubernetes environments.
While SaaS AI providers like OpenAI offer convenient LLM services, they come with significant drawbacks: high costs, lack of customization, lack of privacy, and usage limitations that can throttle high-volume applications.
This presentation shows how a leading e-commerce web site deployed a highly customized suite of LLM applications on private cloud infra, reducing costs by 90% while maintaining complete control over scalability and quality of service. We'll discuss the technology stack for orchestrating inference workloads on cloud GPUs, and explore practical strategies for building stable, scalable, high-performance AI apps on your own private cloud infra.
Lv Yi is the CTO of 5miles, a leading e-commerce platform in the United States. With 19 years in IT, he is a cloud native enthusiast who previously served as a mobile business expert at AsiaInfo. In 2012, he led Zhangyue's systems evolution toward microservices architecture. At 5miles... Read More →
Vivian Hu is a Product Manager at Second State and a columnist at InfoQ. She is a founding member of the WasmEdge project. She organizes Rust and WebAssembly community events in Asia.
With the growing demand for heterogeneous computing power, Chinese users are gradually adopting domestic GPUs, especially for inference. vLLM, the most popular open-source inference project, has drawn widespread attention but does not support domestic chips.Chinese inference engines are still developing in functionality, performance, and ecosystem. In this session, we’ll introduce how to adapt vLLM to support domestic GPUs,enabling acceleration features like PageAttention, Continuous Batching, and Chunked Prefill. We’ll also cover performance bottleneck analysis and chip operator development to maximize hardware potential. Additionally, Kubernetes has become the standard for container orchestration and is the preferred platform for inference services. We’ll show how to deploy the adapted vLLM engine on Kubernetes using the open-source llmaz project with a few lines of code, and explore how llmaz handles heterogeneous GPU scheduling and our practices for monitoring and elastic scaling.
Senior Software Engineer, China Mobile (Suzhou) Software Technology Co., Ltd.
The author has rich experience in cloud-native and AI inference development, currently works at China Mobile, focusing on the research and development of cloud-native and AI inference related products. He shared experiences of service mesh at some technical conferences such as the... Read More →
Kante is a senior software engineer and an open source enthusiast from DaoCloud, his work is mostly around scheduling, resource management and LLM inference. He actively contributes to upstream Kubernetes as SIG-Scheduling Maintainer and helps in incubating several projects like Kueue... Read More →
gRPC’s performance advantages hinge on minimizing latency, but its binary protocol and streaming capabilities make debugging and monitoring inherently opaque. While distributed tracing identifies bottlenecks, metrics like error rates and throughput are critical for holistic insights. Yet, manual instrumentation for these signals in gRPC is complex, error-prone, and lacks standardization.
In this talk, Purnesh Dixit from the gRPC team unveils the new OpenTelemetry plugin for gRPC, developed by the gRPC team at Google, which provides unified metrics and tracing out-of-the-box to monitor retries, diagnose streaming bottlenecks, and optimize performance without invasive code changes. 1) Client-per-call: Track overall RPC lifecycle (e.g., grpc.client.call.duration).
As large language model (LLM) applications are widely deployed, their complex architectures challenge business observability. APM probes, which rely on instrumentation or proxy operation, consume system resources and impact traffic and performance, restricting their use in complex scenarios. Also, multiple teams handling different LLM instances make it hard to coordinate unified observability construction. To solve this, China Mobile‘'s Panji platform collaborates with DeepFlow to achieve zero-intrusion (Zero Code) and full-stack (Full Stack) observability instantly, using eBPF and Wasm technologies. eBPF collects real-time data at the kernel level, while Wasm plugins parse streaming requests. By integrating existing data, the platform provides service universal map, distributed tracing, and multi-dimensional metric analysis, ensuring the stability and performance optimization of LLM applications.
Dr. Shang Jing, Chief Expert at China Mobile Group, has over 20 years of experience in IT system development, construction, and operation. Specializing in big data and cloud technologies, she led the development of China Mobile's Wutong Big Data Platform. Under her leadership, the... Read More →
Starting from graduate school at Huazhong University of Science and Technology in 2013, I joined Tencent Cloud virtual network team in 2016, which provided me with in-depth theoretical knowledge and practical experience in cloud networks. In 2018, I joined YUNSHAN Networks as PM... Read More →
As the multi-cluster pattern continues to evolve, managing K8s identities, credentials, and permissions for teams and multi-cluster apps, such as Argo and Kueue, has become a hassle, typically involving managing individual service accounts on each cluster and passing credentials around. Such setup is often scattered, repetitive, difficult to track/audit, and may impose security and ops complications. This is especially true with hybrid environments, where different solutions could be in play across platforms.
This demo presents a solution based on OpenID, SPIFFE/SPIRE, and Cluster Inventory API from the Multi-Cluster SIG that provides a unified, seamless, and secure auth experience. Facilitated by CNCF multi-cluster projects, OCM and KubeFleet, attendees could be inspired to leverage open source solutions to eliminate credential sprawl, reduce operational complexity, and enhance security in hybrid cloud environments, when setting up teams/applications to access a multi-cluster setup.
Chen Yu is a senior software engineer at Microsoft with a keen interest in cloud-native computing. He is currently working on Multi-Cluster Kubernetes and contributing to the Fleet project open-sourced by Azure Kubernetes Service.
Zhu Jian is a senior software engineer at RedHat, a speaker at Kubecon China 2024, and a core contributor to the open cluster management project. Jian enjoys solving multi-cluster workload distribution problems and extending OCM with add-ons.
Maximizing security in multi-tenant clusters while maintaining cost-effectiveness is crucial for enterprise OPS. Most enterprise clusters deploy multiple daemonsets, which are attractive targets for attackers seeking to escape and move laterally, ultimately taking over the entire cluster.
The SIG community has introduced several advanced security features recently, such as CRD Field Selectors, Field and Label Selector Authorization, validating admission policy (VAP), and Structured Authorization Config. These allow users to define more flexible authorization configurations, addressing filtering and authorization needs for CRDs, kubelet, and other resources in multi-tenant environments.
We will share the lessons learned from the node escape incidents and demonstrate how to implement these new features and show how to use the Common Expression Language (CEL) to configure customized policies in Authorization Webhook and VAP, resulting more node-specific restrictions within clusters.
Dahu Kuang is a Security Tech Lead on the Alibaba Cloud Container Service for Kubernetes (ACK) team, focusing on the design and implementation of container security-related work, especially within the context of secure supply chain.
Cheng Gao, Senior Security Engineer at Alibaba Cloud, focuses on the Security Development Lifecycle (SDL) for cloud-native applications. With expertise in container services, observability, and Serverless architectures, Cheng has led security assurance for several internal container... Read More →
When you're new to Kubernetes, Policy as Code (PaC) can be a very unfamiliar topic. But as you get more familiar with Kubernetes, you'll probably be interested in how you can use it securely, especially since Kubernetes is essentially a declarative system via YAML, so having security also be done in code will help with usability and reducing human error.
In order to make PaC easier to understand, I'll demonstrate the Admission Control part directly in Kubernetes. Until recently, this part was based on webhooks, but since v1.23, the decision to actively embrace the Common Expression Language (CEL) has made it possible to apply it as code directly inside Kubernetes. Validating Admission Policy became GA in v1.30, and Mutating Admission Policy is in Alpha in v1.32.
Based on this outline, I'll talk about how PaC has been applied to Kubernetes in the past, how it works today, and finally, how we can expect it to be integrated into Kubernetes in the future.
Hoon Jo is Cloud Solutions Architect as well as Cloud Native engineer at Megazone. He has many times of speaker experience for cloud native technologies. And spread out Cloud Native Ubiquitous in the world. He has written several books and latest books is 『CONTAINER INFRASTRUCTURE... Read More →
