Open Source Summit India 2026

Running global, self-managed k8s for stateful apps is notoriously complex. Most teams opt for managed platforms or VMs to mask the difficulty.

For platform engineers and SREs, this talk reveals how to confidently run mission-critical StatefulSets on bare-metal k8s. We share how we sustain 99.99% availability SLAs and sub-second recovery. We also explain why bare-metal drastically outperforms VM or managed setups by eliminating hypervisor overhead and granting direct hardware access.

We will dive into the architectural decisions behind:

Cluster-of-clusters: Scaling geographically with isolated regions.
Intent-driven placement: Hardware isolation for predictable performance.
Blast-radius containment: Limiting fallout via dedicated failure domains.
Automated recovery: Software, not humans at 2 a.m., handles failures.
Continuous reconciliation: Shifting operational burden to code.

This is not a "Kubernetes solves everything" pitch. It’s a candid, numbers-driven account of engineering a multi-region bare-metal k8s platform where performance and reliability are non-negotiable.

Kubernetes supports OIDC login, but in real life it often becomes painful: users can’t log in, TLS trust breaks with private Keycloak, usernames don’t match RBAC rules, and people end up sharing kubeconfigs or using long‑lived tokens.

In this talk I’ll show a practical way to run Kubernetes access with Keycloak: configure OIDC the right way, bind users/groups to Kubernetes RBAC, and use kubelogin (kubectl exec plugin) so tokens are short‑lived and refresh is handled automatically on the client side.
I’ll also cover the “boring” but important part: handling the Keycloak CA certificate so the login works from admin machines without manual steps.
You’ll leave with a clear checklist and a working “golden path” setup you can copy for your own clusters, that eliminate manual day‑2 steps while keeping security and auditability intact.

As India transitions from being the world’s largest consumer of open-source software to a leading creator of digital public infrastructure, a new mandate has emerged: Sovereign AI. To achieve true digital autonomy, Indian enterprises and public institutions must build AI ecosystems that protect data residency, reflect local context, and avoid vendor lock-in. But how do we practically build this sovereign stack?

This session provides an end-to-end technical blueprint for building enterprise-grade sovereign AI infrastructure entirely on open-source technologies. Using a homegrown, production-ready AI coding assistant as a practical case study, we will deconstruct the architectural layers required for AI independence. We will explore how to orchestrate scalable infrastructure with OpenStack, abstract complex multi-vendor GPU environments using Kubernetes, and deploy high-throughput inference for open-weight models using vLLM.

Beyond the architecture, we will discuss how Indian firms can adopt this open-source stack to implement highly secure, air-gapped environments, protect intellectual property, and empower local engineering talent to shift from consuming global AI to building it.

Java is fundamentally changing. Enterprises deploying to Kubernetes now demand nanosecond startup times, minimal memory footprints, and fully optimized containers. This advanced session goes beyond basic JVM tuning to explore the cutting edge of Java modernization for cloud-native deployment. We’ll provide a deep dive and comparative analysis of optimization techniques, including Jib for minimal image creation, utilizing GraalVM Native Image for incredible cold-start acceleration, and leveraging the CRaC project (Coordinated Restore at Checkpoint) for state-of-the-art responsiveness. Join this hands-on Cloud Native Experience walkthrough to see live demonstrations of complex configuration patterns, detailed trade-off discussions, and actionable strategies for dramatically improving the cost-efficiency and velocity of your containerized Java microservices.

In large Kubernetes clusters, scaling isn’t just about replicas — it’s about distribution efficiency.
When hundreds of pods start simultaneously, container image pulls can silently become your biggest bottleneck.

In this session, we’ll explore how Dragonfly (D7y) transforms traditional image pulling into a peer-to-peer, high-performance distribution system within Kubernetes.

We’ll break down:
Why image pull storms happen
How P2P distribution solves real scaling problems
Dragonfly architecture in Kubernetes
Live flow of how images propagate across nodes
Real-world performance improvements and use cases
This talk is for engineers who want their clusters to scale smarter — not slower.
Because Kubernetes is fast
but only if your images are too.

Protecting privacy for customers and business partners is a key requirement across jurisdictions and sectors, but proving that privacy is preserved can be extremely difficult. Confidential Computing, available as a chip-level capability across servers and clouds, provides not only isolation for sensitive data and applications, but also cryptographic assurances that it is in place.
This session explains how Confidential Computing can be used as the basis for privacy-centric systems and processes, and the types of assurance that can be derived using remote attestation.
Confidential Computing also has uses across supply chain, collaboration, AI and blockchain - we will touch on these topics as well.

Writing a Kubernetes operator looks easy with Kubebuilder and controller-runtime, until production traffic hits. Then the real problems begin.

This session dives into the hard parts of building production-grade operators, focusing on the reconciliation loop and managing stateful workloads safely.

Operators inherently "live in the past" because they read from a cache populated by watch events. This stale view can cause subtle race conditions, over-creation bugs, and inconsistent state. We’ll explore how to handle this safely using optimistic concurrency, resource versions, and the memory expectations pattern used by core Kubernetes controllers.

I’ll also cover designing idempotent reconciliations, deterministic resource naming, spec-hash comparisons instead of brittle DeepEqual checks, safe pod template customization, and the realities of StatefulSets and persistent volumes, including update strategies like OnDelete and volume binding pitfalls.

If you’re building or operating controllers in real clusters, this talk will help you avoid painful production mistakes.

Modern confidential computing technologies like AMD SEV-SNP and Intel TDX provide a reliable way to isolate guest workload and data in use from the virtualization or cloud infrastructure. Protecting data at rest is, however, not something you get ‘by default’. The task is particularly challenging for traditional operating systems where users expect to get full read/write experience.

The good news is that Linux OS already offers a number of great technologies which can be combined to achieve the goal: dm-verity and dm-integrity, LUKS, discoverable disk images and others. Doing it all right, however, is left as an “exercise to the reader”. In particular, the proposed solution must allow for meaningful remote attestation at any time in the lifetime of the guest.

The talk will focus on the recent developments in various upstream projects like systemd and dracut which are focused on making full disk encryption consumable by confidential computing guests running in a cloud.

For decades, Linux servers have been maintained using package managers, configuration management, and patching cycles. But what if the operating system itself behaved like a container image?

bootc introduces a new model where a full Linux host is delivered, updated, and rolled back using OCI images — bringing application deployment semantics to operating systems.

In this talk, I explore what changes when the host becomes immutable: updates, drift management, disaster recovery, and fleet consistency. Through hands-on experimentation, I compare traditional configuration management approaches with image-based host delivery and highlight where each model succeeds or fails.

Rather than a product introduction, this session focuses on operational impact: how platform engineers can rethink provisioning, patching, and rollback strategies in data center and edge environments.

Attendees will leave with a clear mental model of when this approach simplifies infrastructure — and when it does not.

Cloud-native systems generate massive volumes of telemetry signals for metrics, logs, and traces, but more data does not always improve observability. Many teams struggle with noisy signals and poorly designed pipelines that increase storage costs and flood engineers with low-value alerts.

In this hands-on workshop, we focus on building effective, noise-free telemetry pipelines using OpenTelemetry Collector, with the LGTM stack (Loki, Grafana, Tempo, and Mimir) as the backend observability platform. Participants will deploy collectors and design pipelines using processors such as filter, transform, and attributes, along with OTTL (OpenTelemetry Transformation Language) for fine-grained filtering and signal transformation. We will also demonstrate tail-based sampling for traces and routing processors to selectively direct telemetry to appropriate backends, helping control signal volume and storage cost.

By the end of the workshop, attendees will gain practical experience designing OpenTelemetry pipelines that prioritize signal quality over quantity using various filtering and processing techniques.

Cloud-native environments are growing in scale and complexity, making traditional security approaches difficult to sustain. Static rules and fragmented tooling create operational overhead and slow down both security and platform teams.
This session explores how AI-driven security agents can shift cloud-native protection from reactive alerting to proactive risk identification. By analyzing contextual signals across infrastructure, workloads, and configurations, AI can detect risk patterns early and support faster, smarter security decisions.
The talk also introduces Model Context Protocols as a mechanism for enabling controlled, auditable, least-privilege access to infrastructure tools and telemetry. This allows AI systems to operate safely within governance boundaries while maintaining strong visibility.
Attendees will gain practical insights into embedding AI into cloud-native security workflows, reducing friction for DevOps and platform teams, and strengthening secure-by-design architectures at scale.