Principles of the Kube API / Network Policy in Kubernetes w/ Calico

Cloud Native Berlin

Apr 25, 2017, 4:30 – 7:30 PM

In-person event

About this event

Join us for this talk with Dr. Stefan Schimanski (@the1stein), Senior Software Engineer at Red Hat, and Matt Dupre, Software Developer at Tigera (@tigeraio) about the Kubernetes API server and Network Policy in Kubernetes with Calico, respectively.

Food & drinks are sponsored by the Cloud Native Computing Foundation and Kinvolk. Food will be available at 6:30pm!



[18:30- 19:00] Food served

[19:00 - 19:35] Network policy in Kubernetes with Project Calico by Matt Dupre from TIgera

[19:45 - 20:20] Core principles of the Kube API and how to extend it in 1.6 and beyond by Dr. Stefan Schimanski from Red Hat.

[20:20 - 21:00] Mingle time



Core principles of the Kube API and how to extend it in 1.6 and beyond” 

Abstract: I will present different ways to use Kubernetes as a platform to build higher level systems. I will cover:

- ThirdPartyResources of Kube 1.5 including their limitations today and in the future
- user provided apiservers in Kube 1.6+, and the kube-aggregator
- the core API concepts that make both approaches work: discovery, api groups, resources, kinds.

"Network policy in Kubernetes with Project Calico"

Abstract:In a world where applications are now containerized and distributed across homogeneous hosts with technologies like Kubernetes, the traditional hardware firewall is no longer able to enforce the access restrictions needed to prevent intrusion and attack.  That doesn't mean network security is dead though - far from it: it just requires a different approach.  This talk will cover how we can secure modern microservices applications, in particular looking at Project Calico in Kubernetes.  We'll take a look at the Kubernetes NetworkPolicy API, go through how it addresses this problem, and then dig into how it's implemented by Project Calico.  There'll be a demonstration of how to set up Calico on CoreOS Container Linux and add network policies for a simple microservices application, and finally we'll wrap up by looking at the performance impact and perhaps some future extensions.  After a brief introduction, the intent is to quickly get into the example and do a deep dive into the solution.  It'll be tailored for a technical audience.



Dr. Stefan Schimanski: Stefan works on the OpenShift/Kubernetes team working mainly on api-machinery related topics recently. He was heavily involved in the refactoring of the Kubernetes codebase into the sub-repos, and Stefan holds a PhD in Mathematical Logic and loves to discuss why type casts in Golang are so bad.

Matt Dupre: Matt is a software engineer working on cloud native networking and network security.  He's spent the last few years as a developer on Project Calico; currently at Tigera.



Tuesday, April 25, 2017
4:30 PM – 7:30 PM UTC


  • Aleksandra Nadolski



  • Benazir Khan


    Event and Community Coordinator