CNCF has many open-source projects, and you might feel it's challenging to contribute. But let ChengHao tell you it's not difficult at all!
This session will cover:

• Why you should participate in open-source contributions
• Standard ways to contribute
• Common labels used for project issues
• Websites for CNCF open-source contributions
• Etiquette and mindset for contributions
• Rewards of open-source contributions

Throughout the presentation, ChengHao will share real-life cases to boost your confidence. We believe that after attending the session, you'll be able to find your "good first issue" and start your open-source contribution journey!

Most people have encountered the term CAP Theorem in discussions and articles related to distributed systems, which stands for Consistency, Availability, and Partition Tolerance. This theory presents a classic dilemma: the impossibility of achieving all three qualities simultaneously.

In the realm of Kubernetes, there exists a similar logic to the CAP theorem. It dictates that the infrastructure of Kubernetes can only meet two of the three critical demands at any one time: cost, availability, and performance.

This presentation will delve deep into how the principles of the CAP theorem apply within Kubernetes environments, analyzing common challenges faced while managing large clusters and the corresponding solutions. The speaker will share insights gained from hands-on projects, including how to optimize cluster configurations to maximize system performance while balancing cost and availability.

As a developer, it can be daunting to choose how and with what strategy to instrument an application. This is the story of how to get started collecting and visualizing data from instrumenting an application with OpenTelemetry.

Kubernetes External Secrets Operator 和 Secrets Store CSI Driver 皆為 Kubernetes 中管理機密的工具。External Secrets Operator 透過同步外部機密到 Kubernetes Secrets，支援多種雲端密鑰服務。Secrets Store CSI Driver 則利用 CSI 驅動將雲端密鑰直接掛載到 Pod 中，提供即時存取。兩者在管理機密上各有優勢，前者強調同步與整合，後者則著重於即時性與簡化操作。

As Kubernetes dominates container orchestration, its complexity and resource demands drive interest in lighter alternatives. This talk explores k0s, a CNCF-compliant Kubernetes distribution celebrated for its lightweight, easy-to-maintain design. We will examine k0s's architecture, emphasizing its minimal dependencies and simplified management, which includes a single-binary setup process.

Comparing k0s to other distributions like k3s and minikube, we highlight its advantages across various deployment scenarios, from bare-metal to the cloud. We'll demonstrate why k0s offers a simpler, yet functional approach to Kubernetes adoption.

Additionally, we introduce k0smotron, which enables the creation of a Kubernetes control plane within a cluster, facilitating Kubernetes as a Service. This feature underscores k0s's capability to enhance scalability and management in diverse environments.

Crossplane, a CNCF Incubating project, has simplified how organizations build and manage their cloud infrastructure. Crossplane empowers teams to create internal platforms tailored to their specific needs by enabling the composition of cloud resources and services into platform APIs. In this talk, we will explore the evolution of Crossplane, the benefits of a control plane approach, and how it streamlines the development of internal developer platforms (IDPs).

We will begin by tracing the journey of Crossplane from its inception to its current state as a CNCF Incubating project. The talk will highlight the key milestones and innovations that have shaped Crossplane's development, showcasing its growing maturity and industry adoption.

Next, we will explore the advantages of embracing the control plane approach for building IDPs. By leveraging the familiar Kubernetes API for infrastructure management, Crossplane enables developers to consume infrastructure resources using the same declarative approach they are accustomed to for application deployment. This consistency simplifies the learning curve and promotes a unified experience across the development lifecycle.

The talk's core will focus on Crossplane internals and how they facilitate the composition of infrastructure and services. We will explore the key concepts, such as providers, managed resources, and compositions, and demonstrate how they create a powerful platform API. Through practical examples, attendees will gain a solid understanding of Crossplane's architecture and its potential for simplifying infrastructure management.

Finally, we will guide attendees on how to get started with developing their compositions using Crossplane. We will walk through the process of composing resources, creating custom APIs, and integrating them into an IDP. By the end of the talk, attendees will have a clear roadmap for leveraging Crossplane to build robust and scalable internal platforms.

平常有很多需要 kubectl 下指令進到 Pod 裡做的事情，例如：拷貝檔案、做 JVM heep dump 之類的事情... 現在透過 Argo CD Extension 只要動動手指，就能在網頁上一鍵達成。

In this talk, I will briefly explain the control loop concept and the possibilities it brings with introducing CRDs. To get a sense of it, I'm going to showcase two applications I built as examples:

• vm-dhcp-controller
• kubevirtbmc I will also discuss the Harvester project, which consists of various controllers and CRDs integrating many features around the VM capabilities.

In modern software development and operations, distributed tracing has become one of the key tools for addressing complex system issues. This presentation will focus on how the LINE Taiwan team tackles the challenges posed by large-scale distributed tracing and implements tracing techniques to ensure system reliability and performance.

It has been some time since the Kubernetes Gateway API made its v1.0 release, signifying graduation to the generally available status for some of its key APIs.

When the Gateway API made its beta release a year ago, it did not make sense to switch to it because the API and its implementations were still in their infancy. Is that still the case?

In this talk, Navendu explores how the Gateway API evolved from the Ingress API and what users need to be aware of while choosing one over the other.

在本演講中，我將展示如何使用 Rust+Wasm 的軟體架構來設計並管理 LLM 的服務，並透過容器化(crun/WasmEdge)的方式在 podman/docker 與 kubernetes 進行部署與管理。

1. 撰寫你的 LLM 服務，以 Gemma-2b 模型與 OpenAI API 相容的後端為例
2. 使用 Podman/Docker 打包 LLM 服務並發佈到 Container Registry (e.g. dockerhub)
3. 使用 Podman/Docker 部署本地端的 LLM 服務，搭建個人的 ChatGPT
4. 使用 Kubernetes 部署 LLM 服務，並使用 GPU 進行加速

In a Kubernetes environment, security and compliance are two critical issues that administrators must consider deeply. By adopting a reliable security framework, you can effectively broaden the coverage of certification and regulatory requirements while enhancing system security.

In this presentation, we will explore how to apply the Center for Internet Security (CIS) Critical Security Controls and CIS Benchmarks in a Kubernetes security and compliance program to ensure best practices. Below are the key topics for this presentation:

• Introduction to the CIS organization and its significance: Why CIS is crucial for information system security, and an overview of its Critical Security Controls and CIS Benchmarks.
• CIS's credibility and its impact: Learn how CIS establishes authoritative security benchmarks, and how Taiwan's National Institute of Cyber Security references these benchmarks to develop the Government Configuration Baseline (GCB).
• Applying CIS benchmarks in Kubernetes: A walkthrough of key areas in Kubernetes security, including Control Plane Components, Etcd, Control Plane Configuration, Worker Nodes, and Policies, with an explanation of how to put these benchmarks into practice.
• Leveraging CNCF Landscape's security and compliance projects: How the selection of automation tools from these projects helps in implementing CIS Benchmarks, along with related use cases.

This presentation will provide you with in-depth insights into Kubernetes security and compliance, offering practical strategies and tools to help your organization ensure compliance and improve security.

VyOS is a Linux based open source router with rich networking features. We could use Kubernetes to deploy VyOS and configuration to provide quick NFV etc.

In this session, Date Huang will show how to rapidly deploy NFV with VyOS on Kubernetes, emphasizing flexibility and scalability to provide virtual network routing and other features.

1. 為什麼採用Alloy Gateway，並個別設定tenant的rate limit
2. 使用loki rulers將常見的metrics（如web-vitals）從log精煉成metrics，並呈現在Grafana上
3. 在前端app送一致的trace context propogation，並在Grafana上呈現end-to-end tracing
4. 如何快速部署Grafana Alloy，如何達到multi-tenant設計?

I will start by addressing some of the challenges encountered during the installation process of Kubernetes, with a particular emphasis on the use of BGP Mode in CNIs. Following this, I will introduce fundamental concepts such as routing, overlay networks, BGP, and ECMP, to explain how to optimize the efficiency and reliability of Kubernetes networking.

The talk will highlight the advantages brought by BGP Mode, including improved network efficiency and performance, as well as the challenges it presents, such as the need for in-depth network knowledge and management of routing tables. To conclude, the importance of understanding these network concepts for fully leveraging Kubernetes will be emphasized, encouraging a deep dive into documentation to enhance network efficiency.