Schedule

What should we do if the images take 30–40 minutes to assemble, the obvious solutions no longer work, and the problem cannot be fixed? There is no perfect solution, but there are techniques and tools that make it possible to speed up the most complex assemblies several times.

I will tell you about our approach to development and about the architecture of the "Network drives for dedicated Servers" product, in which each disk is an RBD volume in Ceph connected to a dedicated server via the iSCSI Gateway.

Testing roles in infrastructure administration. Tools of Infrastructure as Code approach and testing practices of configuration management systems such as Ansible, Puppet, Salt, and Chef. Attendees will gain a comprehensive understanding of the available tools, their advantages and disadvantages, as well as Avito's best testing practices.

Immutable Infrastructure is one of the main trends of recent years. But the bloody enterprise makes its own adjustments. At MWS, we really love the Cluster API and its core concepts, but at some point we needed to make child K8s nodes mutable. We'll talk about this.

Transformation of the logging system in the ecom.tech infrastructure. You will learn how the company decided to optimize the system using VictoriaLogs. This reduced the volume of stored data by 10 times, simplified the architecture and ensured stable logging without losing critical data.

How to build an Internal Developer Platform in an enterprise: from the first pain to a successful pilot. I will show you how to turn Kubernetes from a "container twister" into the basis of an automated platform for developers. Honestly about lessons learned and architecture, seasoned with practical advice.

How to make the system fault-tolerant without Google's budget? We will analyze solutions for each level of architecture from DNS to database in three variants: minimal, optimal and industrial. I will show you, using examples of on-premise and Russian clouds like Yandex, VK, Selectel, what mistakes to avoid and how to save money without losing reliability.

How can I speed up GPU inference in Kubernetes and not go crazy? It's all about scaling, sharing, speeding up the start and choosing shaders. With examples, hacks, and conclusions from real production.

How the fallback caching system allows users not to lose Avito, even if production is down. You will learn how we collect statics from all of Avito, how the cache gets into production and why we are sure that it works.

The standard Kubernetes scheduler kube-scheduler was developed with general load balancing principles in mind and is not specialized for the unique characteristics of GPU workloads. I propose examining the full spectrum of possibilities: from built-in K8s scheduling mechanisms to customization of the standard scheduler and specialized schedulers such as Volcano, Apache YuniKorn, and KAI-Scheduler.

A talk on a declarative approach to managing access to Kafka, implemented on the basis of Open Policy Agent. We will find out the principle of operation of Open Policy Agent, as well as get answers to the most popular questions regarding this approach and learn about the experience of real-life operation.

Inter-zone traffic can lead to increased cost of ownership and latency. For a long time it was thought that the solution is only possible through the use of Service Mesh. I will tell you how to solve these problems through native Kubernetes mechanisms.

How to "cook" Kafka in K8s as a product.

How Cilium’s built-in L2 announcement feature enables native Kubernetes LoadBalancer services in bare-metal clusters without external components or complex setups, leveraging modern eBPF technology. This approach provides reliable external access to services with minimal operational overhead.

How to build secure multi—tenant monitoring in Kubernetes — from requirements to a custom solution, with an analysis of why standard approaches do not work.

How to build an Internal Developer Platform in an enterprise: from the first pain to a successful pilot. I will show you how to turn Kubernetes from a "container twister" into the basis of an automated platform for developers. Honestly about lessons learned and architecture, seasoned with practical advice.

We created a public zoo website with open source code, for free, with a full-fledged development team, and even wrapped it in a Kubernetes. We'll tell you why and how we did it.

How can I speed up GPU inference in Kubernetes and not go crazy? It's all about scaling, sharing, speeding up the start and choosing shaders. With examples, hacks, and conclusions from real production.

The standard Kubernetes scheduler kube-scheduler was developed with general load balancing principles in mind and is not specialized for the unique characteristics of GPU workloads. I propose examining the full spectrum of possibilities: from built-in K8s scheduling mechanisms to customization of the standard scheduler and specialized schedulers such as Volcano, Apache YuniKorn, and KAI-Scheduler.

How to use AI tools to automate various stages of penetration testing — from reconnaissance to exploit development. Which tasks can realistically be delegated to algorithms and where human expertise is still essential. You will learn how AI can become your partner in security.

Why K8s is the best platform for deploying and testing ML models. We will demonstrate a step-by-step plan for creating high-quality machine learning environments in Kubernetes, which will allow you to automate machine learning for production environment creation and codebase management, and also make efficient use of the GPU.

A talk on building a scalable ML infrastructure based on Ray and Kubernetes with an emphasis on efficient GPU utilization, distributed task management, and integration with external orchestrators. Using real examples, I'll show you how to build a fault-tolerant production pipeline and avoid typical errors when scaling loads.

A talk on the practical application of local open-source AI tools at all stages of SDLC. Based on DORA metrics and typical tasks of developers and managers, we show where AI really helps and where it hinders. We share our personal experiences, mistakes and findings.

How we’re implementing n8n for self-service automation without involving the Data Science team: from first steps to real use cases, pitfalls, and memes. How we ended up with an on-prem solution that fits seamlessly into our infrastructure and is understandable even beyond the developer crowd.

How can I speed up GPU inference in Kubernetes and not go crazy? It's all about scaling, sharing, speeding up the start and choosing shaders. With examples, hacks, and conclusions from real production.

What is RAG and how the architecture of our solution differs from post-training, and hypotheses.

Vibe coding and active use of various code AI assistants is changing the typical developer environment. In the talk we will discuss the current issues around the use of code AI assistant and right on stage investigate and compare the efficiency and speed of different agents.

How to use AI tools to automate various stages of penetration testing — from reconnaissance to exploit development. Which tasks can realistically be delegated to algorithms and where human expertise is still essential. You will learn how AI can become your partner in security.

Not many people know how to break Kubernetes, much less how to break Kubernetes when it doesn't even exist yet. I'll share my experience of conducting cluster audits at the design stage, when all you have on hand are the Cluster API manifests of future Kubernetes. I'll tell you what types of flaws can be detected at this stage, and which ones can't. I'll dilute all this with interesting moments and automation of the process.

Let's look at how non-human identities (NHI) are fundamentally different from regular accounts, why multi-factor authentication (MFA) and “change your password once a year” are not applicable to them, and how this leads to incidents.

Methods of cluster deployment that allow to significantly reduce the attack surface of an attacker on a Kubernetes cluster. I will focus on the podsec-k8s package, which allows deploying a native Kubernetes cluster of versions 1.26 and higher in rootless mode. I will touch on the second method of reducing the attack surface — SSHless cluster (fork of the Talos@SideroLabs project)

Let's look at part of the cloud security incident monitoring process. We'll prepare a list of current cloud security risks. We'll go from security threat analytics to monitoring them.

Kubernetes is a complex ecosystem with many components and dependencies, and common vulnerabilities (CVEs) that, while not all of them are real threats, are often flagged by scanners as reliable threats, creating an overabundance of false production processes and complicating CI/CD processes. Here's how to make sense of this noise.

A talk on a declarative approach to managing access to Kafka, implemented on the basis of Open Policy Agent. We will find out the principle of operation of Open Policy Agent, as well as get answers to the most popular questions regarding this approach and learn about the experience of real-life operation.

Let's figure out whether it is possible to calculate the economic effect of such practices as CI/CD, monitoring, code review, and engineering culture in general. Using Raiffeisen Bank cases as an example, we will try to figure out how much it costs to implement any practice and whether it really saves money for a business.

I'll tell you about our Enabling team, how we created it and are developing it. And also about the prerequisites for the appearance, stages of development, problems and areas of work.

How to build an Internal Developer Platform in an enterprise: from the first pain to a successful pilot. I will show you how to turn Kubernetes from a "container twister" into the basis of an automated platform for developers. Honestly about lessons learned and architecture, seasoned with practical advice.

Often I see engineers running up grades to grow their skills and paychecks: from junior to middle, then to senior and... what's next? To become a team lead? What's a tech lead? Or maybe there's some kind of engineering track? I'll tell you about it! Not everyone needs to be a team leader (or maybe they do).

How to "cook" Kafka in K8s as a product.

A straight talk about templating CI/CD pipelines with GitLab components. Isolate it, test it, describe it.

Immutable Infrastructure is one of the main trends of recent years. But the bloody enterprise makes its own adjustments. At MWS, we really love the Cluster API and its core concepts, but at some point we needed to make child K8s nodes mutable. We'll talk about this.

How we’re implementing n8n for self-service automation without involving the Data Science team: from first steps to real use cases, pitfalls, and memes. How we ended up with an on-prem solution that fits seamlessly into our infrastructure and is understandable even beyond the developer crowd.

The graphs are green, the reliability is five nines, and the user is unhappy. Sound familiar? It means that somewhere in your calculations your math failed. I will tell you how we at VK calculated reliability for infrastructure products, highlighting critical user paths.

What the team has done to solve the alert issues and reduce the development load.

How to make the system fault-tolerant without Google's budget? We will analyze solutions for each level of architecture from DNS to database in three variants: minimal, optimal and industrial. I will show you, using examples of on-premise and Russian clouds like Yandex, VK, Selectel, what mistakes to avoid and how to save money without losing reliability.

How the fallback caching system allows users not to lose Avito, even if production is down. You will learn how we collect statics from all of Avito, how the cache gets into production and why we are sure that it works.

What should we do if the images take 30–40 minutes to assemble, the obvious solutions no longer work, and the problem cannot be fixed? There is no perfect solution, but there are techniques and tools that make it possible to speed up the most complex assemblies several times.

Let's figure out whether it is possible to calculate the economic effect of such practices as CI/CD, monitoring, code review, and engineering culture in general. Using Raiffeisen Bank cases as an example, we will try to figure out how much it costs to implement any practice and whether it really saves money for a business.

How to use AI tools to automate various stages of penetration testing — from reconnaissance to exploit development. Which tasks can realistically be delegated to algorithms and where human expertise is still essential. You will learn how AI can become your partner in security.

Transformation of the logging system in the ecom.tech infrastructure. You will learn how the company decided to optimize the system using VictoriaLogs. This reduced the volume of stored data by 10 times, simplified the architecture and ensured stable logging without losing critical data.

How to build secure multi—tenant monitoring in Kubernetes — from requirements to a custom solution, with an analysis of why standard approaches do not work.

A talk on ensuring a high level of observability of distributed systems using existing telemetry tools. Using examples, let's look at how to manage the growing cognitive complexity of supporting large systems in terms of monitoring and finding the root causes of degradation.

Testing roles in infrastructure administration. Tools of Infrastructure as Code approach and testing practices of configuration management systems such as Ansible, Puppet, Salt, and Chef. Attendees will gain a comprehensive understanding of the available tools, their advantages and disadvantages, as well as Avito's best testing practices.

How QA and SRE/DevOps teams come together to test complex changes.

We will be talking about the schedule, sessions, and activities. Join us in the hall or online to find out what's in store for you!

In IT, we are constantly integrating a lot of systems, compatible and not so compatible. And now fashionable tools like n8n are also appearing, and AI is already tightly fitting into even the bloodiest enterprises. Now we need to integrate the infrastructure for AI into the current ecosystem, and AI itself can be used to generate infrastructure schemes.

Fail Talks are frank and helpful stories about failures in DevOps practices. Not just funny stories, but an analysis of real cases.: what went wrong, what lessons were learned, and how to avoid such mistakes now.

Opinions are increasingly being heard that DevOps has changed "beyond recognition." Or not? Will we recognize our dear and understandable DevOps? 

An unusual closing session awaits you at the end of the conference: we have invited a special guest to summarize the results. Stay until the end — it will be interesting!

We will be summarising the results of the conference, recalling the highlights and talking about future plans. Join us in the hall or online so you don't miss a thing!