KubeCon + CloudNativeCon India 2026

We have been coming to KubeCon for ten years and talking about supply chain security for at least five of those years. We know the attacks and the mitigations. We have the frameworks, the SBOM attestations and the CNCF projects.

So why are the houses still burning?

That is what this talk is about. Not the tools, you know the tools. The gap between knowing and doing. And what happens when AI arrives on both sides of that gap at the same time.

Every security vulnerability comes with a score. But no severity score captures what it costs to be the person who reads that advisory at two in the morning, maintaining a project in the hours between their actual job and life, for a community that depends on them.

GitHub RCE, Trivy supply chain attack, tj-actions compromise, the xz backdoor. CVSS rankings from High to Critical. And behind every one, a human.

Every technological wave has done this. Humans absorb the cost.

The CNCF TAG DevEx survey of nearly 100 projects confirms top concerns of maintainers include security vulnerabilities and the burden caused by a potential flood of low-effort PRs and issues.

This talk traces the human cost across real incidents, asks why the pattern keeps repeating, and explores what it would take to finally break it.

Key takeaways include empathy for the maintainers along with a demo of how the same AI could be used to help maintainers know whether a published CVE affects their project and to what extent.

In highly regulated fintech environments like Razorpay, compliance with RBI and PCI DSS mandates is a license to operate. A single misconfiguration can trigger severe penalties or risk payment licenses. However, traditional manual "audit toil" and late-stage production fixes create massive engineering friction and business risk.

This session explores a multi-layered, automated framework to map complex mandates directly into "Policy-as-Code" (PaC) controls. The speakers demonstrate how to move from periodic audit woes to "steady-state ops hygiene" using PaC across three critical layers: Proactive Controls (Shift-Left) to catch issues in CI/CD, Preventive Controls to block non-compliant workloads, and Detective Controls for continuous, automated evidence gathering.

You will learn how to translate abstract compliance standards into enforceable policies and immutable audit trails, reducing technical debt and satisfying regulators without slowing down innovation.

Most banks still depend on legacy core banking systems designed for on-prem infrastructure. But modern fintech workloads, real-time payments, AI systems, and evolving regulations like DPDP are forcing a very different architecture.
At Slice small finance bank, we took a different path - building and operating a deeply cloud-native banking platform on Kubernetes while handling strict uptime, security, and compliance requirements from day one.
In this short keynote, I’ll share some real engineering problems we faced while running regulated banking systems on cloud-native infrastructure:

• handling PII safely inside observability pipelines
• enforcing security and compliance at platform level
• rethinking legacy CBS assumptions for Kubernetes environments
• balancing reliability, developer velocity, and regulation together

This is not a tooling talk. It is about how regulation is starting to reshape cloud-native architecture itself.
As India’s fintech ecosystem grows, the patterns emerging here may influence how modern regulated systems are built globally.

This talk tackles the global GPU shortage and a critical cloud-native reality in batch workload scheduling: "Kueue Quota reserved" does not equal "Capacity available". For production inference, this distinction determines whether workloads succeed or remain stuck indefinitely.

The session explores transcending regional silos using MultiKueue to manage a global federation of worker clusters. Moving beyond basic setup, the speakers address the "Quota vs. Datacenter Capacity" dilemma. They reveal a critical gap discovered through experiments: workloads becoming stranded in regions with exhausted capacity despite available quotas.

The speakers share their collaboration with the community to resolve these scheduling gaps (Issue #8089). This talk demonstrates the configuration aspects of Admission Checks and provisioning classes in Multikueue to force the scheduler to "hunt" for actual capacity in worker clusters across regions rather than relying solely on user-provided quota.

AI engineers often choose between laptops that cannot keep up and expensive shared cloud clusters, which slows iteration. This session shows how to turn a single NVIDIA DGX Spark into a personal AI cluster using Kubernetes, GPU tooling, and Dynamic Resource Allocation.
Starting from a minimal single-node cluster, we add GPU enablement, an AI app stack, and DRA-based GPU sharing. You will learn how the NVIDIA GPU Operator and DRA drivers expose GPU capabilities, how ResourceClasses and ResourceClaims work, and how to enable multiple workloads to share a single device with predictable behavior. A live demo runs an interactive chat or multimodal app beside a background job on the same GPU, using different DRA policies and observing enforcement at runtime.
You leave with a clear mental model, reusable YAML, and patterns that remain portable from a desk-side Spark to multi-node cloud clusters, plus basics for utilization visibility, capacity planning, and multi-tenancy.

This session is based on real production experience building and operating an observability-driven CI/CD platform using CNCF projects. It shows how OpenTelemetry can extend beyond application monitoring to become a core primitive for modern CI/CD systems.

While running dozens of Kubernetes clusters and handling 60M+ requests per minute, costly east-west network load balancers and fragmented CI metrics created blind spots that hid deployment failures. Traditional dashboards showed healthy systems, while rollouts quietly broke.

We share how treating Jenkins pipelines as distributed systems enabled end-to-end tracing across builds, deployments, and runtime behavior. By correlating CI signals with OpenTelemetry traces, we detected cascading failures and closed the loop with automated GitOps rollbacks. The talk covers real challenges, trade-offs, and lessons learned to build reliable, self-healing delivery pipelines.

Your platform team is trying to integrate AI workloads, your developers want to deploy agents and your leadership expects 10x efficiency with AI but when you dig into the specifics, the terminology becomes a maze: AI Agents, MCP Servers, and Dynamic Resource Allocation (DRA). Where do you even start?

This session is centered around what problem each of these solve. In this hands-on 101 guide I will start by demystifying how AI agents operate on Kubernetes—how they interact with workloads, the role of MCP servers in enabling multi-agent coordination, and the fundamentals of DRA for intelligent resource management. Then, I will bring it all together with a live demo showing how AI agents can dynamically tune DRA drivers to optimize scheduling and resource usage in real time. Whether you’re an engineer, researcher, or just Kubernetes-curious, this session will equip you with the foundational knowledge and confidence to start experimenting with agentic and adaptive systems on Kubernetes.

As ML workloads move onto Kubernetes, many teams unintentionally turn their clusters into data platforms storing training data, features, and intermediate artifacts alongside compute. While convenient at first, this approach introduces hidden costs that surface over time.

This talk shares real-world lessons from operating ML pipelines on Kubernetes where data management, not models, became the primary source of failures. We’ll explore common anti-patterns involving PVCs, object storage mounts, and ephemeral volumes, and how they led to rising costs, broken reproducibility, and pipelines training on stale or incorrect data. Finally, we’ll discuss practical cloud-native patterns for managing ML data that respect data lifecycles, improve lineage, and keep Kubernetes focused on what it does best.