Kubernetes is a great normalizer for clouds, but is it enough to create applications that are portable across clouds? Unfortunately not! There are two problems: First, there is a steep learning curve for Kubernetes. The developer has to worry about master nodes, worker nodes, services, ingresses, stateful sets, and many more details which are infrastructure-related and not application development. This results in developers spending more time working on infrastructure before they can start working on the application. Second, the serverless development platforms that are available in the public cloud are proprietary so the code is often tied to a particular cloud vendor. This negates the important value of running Kubernetes which enables your application to be cloud-agnostic.

This session will focus on an open-source-based serverless stack that runs on any Kubernetes environment and makes the development frictionless with infrastructure automation and a rich set of developer APIs. Attendees will also learn how to run both containers and function workloads with the same serverless stack during their serverless journey on Kubernetes.

We will also demonstrate how to deploy a serverless controller and use serverless runtimes to execute functions, covering the gap from the deployment of Docker containers to a fully-featured serverless engine.

Attacker's use one of three things to exploit and gain access to protected systems. The lack of (or misconfiguration) of security controls, vulnerabilities in the infrastructure and code itself or social engineering techniques to obtain information that can be used to gain access.

In this talk, we shall see, using demos, various techniques and tactics that attacker's use to gain access to Kubernetes environments and map them to the Kubernetes MITRE ATT&CK framework.

The talk will contain the journey of how an attacker moves from gathering information and obtaining initial access to planting backdoors, evading defenses, escalating privileges and eventually causing an impact on the infrastructure.

Measuring costs in Kubernetes environments is often complex. But it does not need to be. In this session, you will learn how you can achieve complete cost transparency and optimize your cloud spends, while retaining infrastructural flexibility.

We will discuss how to control and optimize in minutes the cost of your AWS EKS, Google GKE and Azure AKS applications. Instantly. You will learn about powerful -yet simple- strategies to rightsize your clusters: automated scaling up and scaling down to zero your nodes and pods, smart selection of VM shapes, and the automated use of spot instances.

A Terraform child module is great to gather code that will deploy a specific service based on your needs, for instance Azure Kubernetes Service (AKS). At the bare minimum, AKS can be a deployment of one node pool but at the other end it might be several pools, identity management, choices about versioning, much more.

This talk is based on a battle hardened module, which helps you create Kubernetes clusters that adhere to best practices and standards, while is flexible enough to break patterns when you need it. For this session we will not be looking at slides, but actual code. We will deep dive into some of the functions and expressions that Terraform has to offer, so there should be something for everyone in this talk.

Kubernetes allows a lot. After discovering its features, it’s easy to think it can magically transform your application deployment process into a painless no-event. For Hello World applications, that is the case. Unfortunately, not many of us do deploy such applications day-to-day because we need to handle state. Though it would be much easier to have stateless apps, and despite our best efforts in this direction, state is found in (at least) two places: sessions and databases.

You need to think keeping the state while stopping and starting application nodes. In this talk, I’ll demo how to update a Spring Boot app deployed on a Kubernetes cluster with a non-trivial database schema change with the help of Hazelcast, while keeping the service up during the entire update process.