Open Source Summit Korea 2026: Full Schedule

11-12, August 2026
Seoul, South Korea
View More Details & Registration
Note: The schedule is subject to change.

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for Open Source Summit Korea 2026 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

This schedule is automatically displayed in Korea Standard Time (KST), UTC +9. To see the schedule in your preferred timezone, please select from the drop-down menu to the right.

11:00 KST

Building Event-Driven WebAssembly on Kubernetes: Runtime, Observability, and Security - Brandon Kang, Akamai Technologies & Nam Hai, Hylatek JSC

Tuesday August 11, 2026 11:00 - 11:30 KST

Orchid 2

As cloud native systems evolve, WebAssembly(WASM) is emerging as a runtime that complements and sometimes challenges container based approaches. With fast startup, strong isolation, and portability, WASM enables efficient and secure event driven workloads.

In this session, we explore how to build and run the systems using WebAssembly on Kubernetes, focusing on SpinKube, an open source project that brings WASM workloads into Kubernetes.

Through a live demonstration, we will deploy and run WASM workloads using SpinKube, highlighting real workflows. We will also compare cold start and execution performance, showing millisecond startup and lower latency than traditional containers. Plus to demonstrate observability using eBPF based telemetry, we enable visibility into runtime behavior without overhead. Attendees will learn how to trace execution, monitor performance, and troubleshoot distributed WASM systems.

Finally, we will talk how WebAssembly improves security and operational efficiency by reducing the attack surface and enabling consistent execution across environments, providing a practical guide for production adoption.

Speakers

Kai Nguyen

Engineer, Hylatek JSC

Nam Hai is a senior backend engineer with over 12 years of experience in cloud infrastructure, serverless architecture, and blockchain technology. He has led projects across domains such as IoT, e-commerce, and decentralized finance. Currently, he is focused on building AI-powered... Read More →

Brandon Kang

Principal Technical Solutions Architect, Akamai Technologies

Brandon Kang is a principal solutions architect at Akamai, driving cloud-native and AI initiatives.
With experience at Samsung, Microsoft, and Akamai, he brings deep expertise in large scale cloud native architecture and AI.
He is the author of 12 IT books on S/W engineering, Sec... Read More →

Tuesday August 11, 2026 11:00 - 11:30 KST
Orchid 2

Cloud + Orchestration

11:40 KST

Self-Healing Rollouts: Automating Production Fixes With Agentic AI - Kevin Dubois, IBM & Carlos Sanchez, Adobe

Tuesday August 11, 2026 11:40 - 12:10 KST

Orchid 2

Your software rollouts to production are probably always flawless, right? For the rest of us, once in a while we do run into issues when releasing code to production. Even with robust CI/CD, production rollouts can hit unexpected snags. While in Kubernetes, ArgoCD and Argo Rollouts excels at Progressive Delivery and automated rollbacks to mitigate deployment issues, what if we could go a step further?

This session explores how to elevate your release process by integrating Agentic AI and asynchronous coding agents, with Argo Rollouts canary deployments. We'll demonstrate how an intelligent agent can automatically analyze a rollout failure, pinpointing the root cause. Beyond diagnosis, these agents can take proactive steps on your behalf, suggesting and even implementing code fixes as new pull requests, which can be redeployed automatically after PR review. This approach moves us closer to truly self-healing deployments.

Join us to learn how to combine the power of cloud native projects like Kubernetes, ArgoCD and Argo Rollouts with the autonomous capabilities of Agentic AI, achieving a release experience that is not only seamless but also resilient.

Speakers

Kevin Dubois

Sr Principal Developer Advocate, IBM

Kevin Dubois is often featured as a (keynote) speaker at conferences around the world, where he shares his passion and knowledge about developer experience, open source, cloud native development and Java. He is also an author, java Champion, and an accomplished software architect... Read More →

Carlos Sanchez

Principal Scientist, Adobe

Carlos Sanchez is a Principal Scientist at Adobe Experience Manager, specializing in software automation, from build tools to Continuous Delivery and Progressive Delivery. Involved in Open Source for over 20 years, he is the author of the Jenkins Kubernetes plugin and a member of... Read More →

Tuesday August 11, 2026 11:40 - 12:10 KST
Orchid 2

Cloud + Orchestration

13:35 KST

Beyond Round-Robin: GPU-Aware Load Balancing for LLM Inference in Kubernetes - Seokhwan Kong, NETLOX

Tuesday August 11, 2026 13:35 - 14:05 KST

Orchid 2

Standard load balancers route LLM requests without awareness of KV-cache state or GPU queue depth — causing inflated Time-To-First-Token and wasted accelerator capacity.

loxilb closes this gap with an eBPF-native AI gateway. The L4 layer uses XDP/TC and kernel sockmap for zero-copy forwarding. The L7 layer adds API-key validation, token-quota enforcement, and accelerator-aware routing via Consistent Hashing with Bounded Loads (CHWBL).

This talk focuses on KV-exact routing for P/D disaggregated deployments. When requests share a prompt prefix, prefill GPUs recompute identical KV tensors repeatedly — wasting up to 80% of GPU cycles. Tier 1.5 eliminates this: loxilb tokenizes the prompt in-process (HuggingFace Rust tokenizer via CGO), computes block hashes matching vLLM's internal format, and routes to the exact GPU already holding those KV blocks — via a live inventory fed by vLLM's native ZMQ event stream.

Unlike serving-layer schedulers (llm-d, Dynamo), this runs in the eBPF data-plane hot path with no Kubernetes dependency — works on bare metal, VMs, and BlueField DPUs.

We'll trace a live request through the P/D testbed and share lessons from building GPU-state-aware routing

Speakers

Seokhwan Kong

CO-CEO & CTO, NETLOX

SeokHwan Kong is CTO and Co-Founder of NetLOX and creator of LoxiLB, an open-source eBPF-powered cloud-native load balancer. I holds a Ph.D. from Yonsei University with 15+ years in networking, SDN, Kubernetes, and Telco/5G. He has published at IEEE Future Networks World Forum (2024... Read More →

Tuesday August 11, 2026 13:35 - 14:05 KST
Orchid 2

Cloud + Orchestration

14:15 KST

How I Tricked ArgoCD Into Sharding on a Single Cluster - Faeka Ansari, Slice Financial Bank

Tuesday August 11, 2026 14:15 - 14:45 KST

Orchid 2

One controller at 846m CPU. The other at 6m. Both running. Both supposedly doing the same job.

We had two ArgoCD application controllers. Scaling looked solved on paper. Except -- one was doing all the work and the other was just... sitting there.

The thing nobody tells you when you first set up ArgoCD HA is that sharding works at the cluster level, not the application level (sadly). So when you only have one cluster -- it doesn't matter how many controller replicas you spin up. The work doesn't split. It all piles onto one pod.

We were running 300+ apps across 11 EKS clusters in a banking environment. Dropping availability was not an option. So we went digging.

What we found was not in the official docs. It was a trick - something so counterintuitive that the first time I thought of it, I laughed. Then I tried it. Then it worked.

This talk is the story of that fix -- how we found it, why it works, and how we shipped it safely to production using Terraform without touching a single app config.

Speakers

Faeka Ansari

Senior Software Engineer | CNCF Ambassador, Slice Financial Bank

Faeka is Senior Software Engineer at fintech startup, an International technical speaker and helping maintain open-source K8s-native projects. She is a Kubernetes Release team member and was an Linux Fn. mentee under Istio. She leads several community initiatives across CNCF, Google... Read More →

Tuesday August 11, 2026 14:15 - 14:45 KST
Orchid 2

Cloud + Orchestration

14:55 KST

The Butterfly Effect of a Broken Disk: Top-Down Ceph Troubleshooting To Upstream Contribution - Sangyun Lee, CJ Olivenetworks

Tuesday August 11, 2026 14:55 - 15:25 KST

Orchid 2

Tech blogs usually talk about huge Ceph clusters with thousands of disks. But in reality, many of us run smaller on-prem setups. I will share my real experience of debugging a small Ceph cluster (10 nodes, 10 NVMe, 15 normal SSDs) and how tracking a slow app led me to write an upstream C++ patch.

It started when our Valkey (Redis) pods suffered from severe write latency. We checked CephFS metadata and Istio network metrics, but they were fine. So we dug into the storage layer using ceph osd perf. We saw huge latency on one specific node. Looking at the kernel logs (dmesg -k), we found a failing NVMe disk. I will explain the "Slow OSD" issue—how one broken disk can freeze a 3-replication cluster.

During this outage, reading ceph osd perf was very frustrating because the OSD IDs were completely unordered. Since it made debugging harder, I decided to fix it. I looked into Ceph's C++ code, changed the unordered hash map to a sorted vector (std::sort), and opened PR #67915 (https://github.com/ceph/ceph/pull/67915). I will share my experience discussing the fix with Ceph maintainers and why I believe engineers should fix the open-source tools they use.

Speakers

Sangyun Lee

AI Platform Engineer @ CJ Olivenetworks AI Research Lab., CJ Olivenetworks

Sangyun Lee is a 1st-year AI Platform Engineer at CJ Olivenetworks AI Research Lab, building on-prem K8s AI platforms using Ceph, Istio, ArgoCD, and Airflow. As a Kubestronaut (aiming for Golden status by August), he explores the depths of vLLM inference and low-level infrastructure... Read More →

Tuesday August 11, 2026 14:55 - 15:25 KST
Orchid 2

Cloud + Orchestration

15:55 KST

From Region To Multi-AZ: Building Resilient Cloud Infrastructure With OpenStack, Kubernetes, and OVN - 승진 한, kt cloud

Tuesday August 11, 2026 15:55 - 16:25 KST

Orchid 2

As cloud service providers evolve their infrastructure, Multi-AZ architecture becomes essential for service continuity, failure isolation, and operational resilience. However, building a Multi-AZ cloud with open source technologies is not simply about spreading components across data centers. It requires design decisions across compute, networking, storage, observability, automation, and failure validation.

This session shares a CSP’s journey from a region-centric architecture toward a Multi-AZ cloud model using open source technologies such as OpenStack, Kubernetes, OVN, Kube-OVN, OpenStack-Helm, Cluster API, Ceph, and cloud native observability tools.

The talk will cover regional versus AZ-local service design, OpenStack control plane deployment on Kubernetes, zone-aware networking, storage replication, image availability, observability, and DR validation. It will also discuss trade-offs in traffic locality, failover behavior, data consistency, and complexity.

Rather than presenting a vendor-specific platform, this session focuses on reusable architecture patterns and lessons for cloud operators who want to build resilient open cloud infrastructure with open source software.

Speakers

John Haan

cloud engineer, kt cloud

John Haan is a cloud platform engineering leader at kt cloud, focusing on open source-based cloud infrastructure, OpenStack, Kubernetes, and cloud native operations. His work includes OpenStack-on-Kubernetes architecture, Multi-AZ cloud design, automation, observability, and resilient... Read More →

Tuesday August 11, 2026 15:55 - 16:25 KST
Orchid 2

Cloud + Orchestration

16:35 KST

What Happens When Your AI Agent Meets OPA - Jyoti Bisht, Harness

Tuesday August 11, 2026 16:35 - 17:05 KST

Orchid 2

Tom and Jerry has run for over 80 years. Every episode follows the same plot: Tom builds an elaborate trap, Jerry walks straight through it, the house is destroyed, and the owner blames Tom. Sound familiar?

This talk is structured exactly like a Tom and Jerry cartoon except Tom is OPA and Jerry is your AI agent. Jerry is not malicious. He just wants the cheese. He will find every gap in every policy, squeeze through every webhook, and retreat to his mouse hole (MCP) the moment Tom gets close. The audience will root for Jerry. Jerry is still the problem.

We walk through three episodes. Episode one: Jerry discovers he can call kubectl delete and Tom's first policy stops him — but not before he's renamed two deployments. Episode two: Jerry finds a namespace Tom forgot to cover and provisions a GPU node at $8/hour. Episode three: Jerry and Tom finally cooperate — the agent runs a legitimate right-sizing workflow, OPA approves every step, and the cluster is actually better for it.

You'll leave with an OPA policy library for agentic tool-call governance, Argo Workflows, and a threat model built from real agent misbehaviour.

Speakers

Jyoti Bisht

Senior Developer Relations Engineer, Harness

Jyoti Bisht is a Senior Developer Relations Engineer with 4+ Years of experience working at the intersection of cloud infrastructure, open source and community building. A CNCF community member, GSoC contributor, and MLH pod leader, she has spoken at DevRelCon, etc. When she is not... Read More →

Tuesday August 11, 2026 16:35 - 17:05 KST
Orchid 2

Cloud + Orchestration

17:15 KST

From Frankenstein To Kamaji: Lessons in Building a Single CAPI Cluster Across Multiple Providers - Antonia von den Driesch, Giant Swarm

Tuesday August 11, 2026 17:15 - 17:45 KST

Orchid 2

At Giant Swarm we use Cluster API to provision and bootstrap our k8s clusters. With this setup, control plane (CP) and worker nodes must run on the same infrastructure which was never an issue so far...

However, in bare-metal environments, using 128-core servers for CP nodes is luxury. It's far more efficient to host them as virtual machines on a hypervisor while keeping workers on physical hardware. But can we get around CAPI's limitations?

We will walk through how we built Frankenstein's cluster by mixing vSphere for the CP and Proxmox for workers as a testing ground. While technically functional, this required "hacky engineering". We will share the hurdles we hit and the operational risks of this hybrid cluster setup.

Finally, we will demonstrate how we solved this challenge with a cleaner, upstream-friendly alternative. Kamaji lets us run the CP as pods in a management cluster. We achieved even better resource optimisation with full native community support and no custom hacks.

Speakers

Antonia von den Driesch

Platform Engineer, Giant Swarm

Antonia has been a platform engineer at Giant Swarm for 5 years and is currently working on development of Giant Swarms Industrial IoT platform which brings their managed Kubernetes product to Smart Factory customers.

Tuesday August 11, 2026 17:15 - 17:45 KST
Orchid 2

Cloud + Orchestration

11:00 KST

Building and Orchestrating Production-ready Agentic AI Systems - Kevin Dubois, IBM & Daniel Oh, Red Hat

Wednesday August 12, 2026 11:00 - 11:30 KST

Orchid 2

Agentic AI is all the hype right now, but how do you actually implement such a system for real enterprise, cloud based use cases?

The challenge for developers, architects and platform engineers alike lies in custom building agents, and even more so, orchestrating these agents to collaborate effectively towards a common goal. Unfortunately though, despite all the promises from vendors, a "one-size-fits-all" or “off-the-shelf” approach just doesn't work due to the complex nature of software. In addition, just like traditional apps, these agentic systems will likely need to be deployed, managed and observed in cloud environments.

In this session we'll explore:
* The spectrum of Agentic AI patterns
* A real world-ish implementation of a highly performant - open source - agentic system (with Java!)
* Deploying this agentic system to Kubernetes
* Other considerations such as observability and fault tolerance to get it all running smoothly in production.

Speakers

Daniel Oh

Senior Principal Developer Advocate, Red Hat

Java Champion, CNCF Ambassador & TAG DevEX Co-Chair, Microsoft MVP, Developer Advocate, Technical Marketing, Keynote Speaker, Published Author

Kevin Dubois

Sr Principal Developer Advocate, IBM

Wednesday August 12, 2026 11:00 - 11:30 KST
Orchid 2

Cloud + Orchestration

11:40 KST

From Static Rules To Reasoning Platforms: Scaling Intelligent Canary Delivery in 2026 - Daniel Oh, Red Hat

Wednesday August 12, 2026 11:40 - 12:10 KST

Orchid 2

As organizations scale their Kubernetes footprint, the "Day 2" reality of GitOps becomes clear: static thresholds are brittle. Standard Canary rollouts rely on fixed Prometheus queries (e.g., Error Rate < 1%), but these rules lack the context to distinguish between a minor transient blip and a systemic failure. For Platform Engineers, this results in "Alert Fatigue" and manual "promotion" gates that slow down the delivery pipeline.
In 2026, we are moving from Static Automation to Reasoning Platforms.
This session explores how to evolve your delivery infrastructure into an intelligent system that doesn't just follow rules, but reasons through data. We will demonstrate how to wrap ArgoCD Rollouts with an Agentic Reasoning Layer capable of cross-referencing metrics, logs, and distributed traces to make autonomous "Go/No-Go" decisions.

We will trigger a Canary deployment that passes basic health checks but introduces a "silent failure" (e.g., a cache hit-rate drop causing downstream latency). You will see the Reasoning Platform detect the anomaly, pause the rollout, "investigate" the root cause, and present a natural-language justification for the automated rollback.

Speakers

Daniel Oh

Senior Principal Developer Advocate, Red Hat

Java Champion, CNCF Ambassador & TAG DevEX Co-Chair, Microsoft MVP, Developer Advocate, Technical Marketing, Keynote Speaker, Published Author

Wednesday August 12, 2026 11:40 - 12:10 KST
Orchid 2

Cloud + Orchestration

13:35 KST

EZIO: Predictable, Fast, Scalable BitTorrent-Based Bare Metal Provisioning - Date (Yu-Chiang) Huang, DozenCloud

Wednesday August 12, 2026 13:35 - 14:05 KST

Orchid 2

Deploying OS images to bare metal clusters is painful. Unicast scales linearly with node count. Multicast stalls if one node is slow. Past BitTorrent approaches either transfer entire raw partitions (wasting bandwidth) or require RAM buffering for image conversion (size limited).

EZIO's provisioning time depends on image size and bandwidth, not node count. It transfers only used filesystem blocks and writes directly to raw disk by calculating offsets on the fly. No RAM buffering, no image conversion, no size limit. Each node works independently. Broken nodes can rejoin after recovery. This enables deploying large HPC environments with pre-installed software and data. Clonezilla has integrated EZIO for production use.

Benchmarks: On HDD (50GB, 32 nodes), 11x faster than unicast, 50% faster than multicast. In the cluster with NVMe SSD and 10G network at Taiwan's National Center for High-performance Computing (NCHC), 500 MB/s across 32 nodes. Lab tests reach 700 MB/s.

This talk covers EZIO's architecture, real-world benchmarks, and integration approach.

Speakers

Date (Yu-Chiang) Huang

Cloud and Network Solution Architect, DozenCloud

Date Huang is a Solution Architect with 7+ years of experience in cloud and datacenter networking. He is the creator of STUNMESH-go and maintainer of EZIO Project. His expertise includes AWS/Azure/GCP networking, OpenStack, Kubernetes, SD-WAN, and open-source development.Speaking... Read More →

Wednesday August 12, 2026 13:35 - 14:05 KST
Orchid 2

Cloud + Orchestration

14:15 KST

Clouds on Clouds: OpenStack and Kubernetes With Cloud-Barista - Seokho Son, ETRI

Wednesday August 12, 2026 14:15 - 14:45 KST

Orchid 2

Can you build OpenStack and Kubernetes clusters anywhere, across multiple clouds, and still understand how network connectivity works?

This session explores that question through a scenario using Cloud-Barista, an open-source multi-cloud orchestrator.

Instead of separate project overviews, this talk connects Cloud-Barista, OpenStack, and Kubernetes as infrastructure layers. Cloud-Barista provisions VMs on public clouds, then OpenStack is deployed on them. The OpenStack-based cloud is registered back into Cloud-Barista to create VMs and host a web service.

Will that service be reachable from Internet? If not, why? What makes it complex? These questions guide our explanation of network paths and reachability. We will apply the same lens to Kubernetes on multi-cloud VMs.

The focus is not just automation, but how connectivity works: public/private IPs, bastion access, cluster nodes, and how users reach workloads.

Beginners curious about these topics will gain practical insight into open-source infrastructure stacks.

This is not another cluster deployment talk. It is an experimental journey across open-source cloud layers, from multi-cloud IaaS to OpenStack and Kubernetes.

Speakers

Seokho Son

Special Fellow and Principal Researcher, CNCF Ambassador, ETRI

Dr. Son is a Special Fellow and Principal Researcher at ETRI, South Korea's national research institute. He develops systems and algorithms for cloud and cloud native computing in national projects. As a CNCF Ambassador, he promotes cloud native technologies globally. He leads the... Read More →

Wednesday August 12, 2026 14:15 - 14:45 KST
Orchid 2

Cloud + Orchestration

14:55 KST

Supply Chain Security in Air-Gapped Kubernetes: SBOM, Provenance, and What Breaks - Michel Schildmeijer, SSC-ICT

Wednesday August 12, 2026 14:55 - 15:25 KST

Orchid 2

Running Kubernetes in air-gapped environments changes how the software supply chain behaves. Image distribution, signature verification, and dependency updates cannot rely on upstream access and need to be handled explicitly.
This talk examines what breaks when enforcing SBOM and image provenance in restricted networks. It covers artifact promotion across trust boundaries, signature verification without external services, base image drift, and coordinating updates across disconnected environments.
The focus is on concrete failure patterns and trade-offs: broken trust chains, stale dependencies, inconsistent SBOM data, and operational overhead introduced by manual controls. Several common supply chain practices do not translate directly to air-gapped setups.

The session shows which parts of the supply chain need to be redesigned to keep provenance and integrity intact without relying on continuous connectivity to upstream ecosystems.

Speakers

Michel Schildmeijer

Enterprise Architect, SSC-ICT

Michel Schildmeijer began his career in the pharmaceutical industry before moving into IT. He worked as a solutions and IT architect across multiple sectors and currently serves as an Enterprise Architect for the Dutch government. Michel regularly speaks at international conferences... Read More →

Wednesday August 12, 2026 14:55 - 15:25 KST
Orchid 2

Cloud + Orchestration

15:55 KST

Who Watches the Watchers? Building Observability for the Platform Itself Across Multi-Cluster EKS - Faeka Ansari, Slice Financial Bank

Wednesday August 12, 2026 15:55 - 16:25 KST

Orchid 2

There is this moment every platform team hits where an alert fires at 1am, everyone stares at it, and nobody is quite sure what it means or whose job it is to fix it.

That was us. 11 EKS clusters. 6 AWS accounts. Alerts routing to a channel. No runbooks. No context. Just noise.

Here is what made it worse --- we were the team responsible for the observability stack itself. VictoriaMetrics, vmagent, vmselect, Grafana, CloudWatch --- we ran all of it. And most of it was set up just well enough to fire alerts, but not well enough to actually help anyone during an incident.

Most observability talks are about how to instrument your applications. This one is about what happens when the platform itself becomes the thing you need to observe! and you are the one responsible for both the problem and the solution.

We will talk about what we got wrong first, what a P1 at 1am actually teaches you about your own stack, and what we built to make sure the next time something breaks, we know exactly where to look within the first five minutes.

Speakers

Faeka Ansari

Senior Software Engineer | CNCF Ambassador, Slice Financial Bank

Wednesday August 12, 2026 15:55 - 16:25 KST
Orchid 2

Cloud + Orchestration

16:35 KST

Accelerating Open-Source 5G UPF on Kubernetes With eBPF (Live Demo) - Khushi Chhillar, NgKore

Wednesday August 12, 2026 16:35 - 17:05 KST

Orchid 2

Running the 5G User Plane Function (UPF) as a Kubernetes pod using open-source stacks like free5GC often hits a wall: kernel networking overhead destroys packet throughput. eBPF can bypass this bottleneck, but the concept remains intimidating to network engineers who don’t do kernel programming.

This lightning talk provides a zero-to-understanding educational journey. The speaker will first illustrate, with simple diagrams, the kernel’s slow path versus the eBPF XDP/AF_XDP fast path for GTP-U packets. Then, using a live (or pre-recorded) demo on a Minikube cluster, they will show an open-source UPF accelerated by a small eBPF program—demonstrating how GTP encapsulation/decapsulation is handled in the driver, with line-rate forwarding. The entire code, including a ready-to-run Docker image and Helm chart, will be shared on GitHub. Attendees will leave with a mental model of exactly where eBPF sits, which hooks to use, and how to evaluate eBPF acceleration for their own 5G cloud-native network functions. No prior eBPF or 5G core knowledge is required ,only curiosity about high-performance networking.

Speakers

Khushi Chhillar

Opensource Contributor and Maintainer, NgKore

Hi, I’m Khushi, an undergraduate pursuing a BSc in Computer Science with 3 years of active involvement in the open source community. My primary focus is on eBPF research and real-world use cases. I have contributed to the HexaBPF project, enhancing interoperability, and developed... Read More →

Wednesday August 12, 2026 16:35 - 17:05 KST
Orchid 2

Cloud + Orchestration

17:15 KST

Live Demo: Event-Driven Terraform Drift Detection With Falco - Keita Higaki, Sysdig,Inc

Wednesday August 12, 2026 17:15 - 17:45 KST

Orchid 2

Terraform is widely used to manage infrastructure as code, but traditional drift detection relies on periodic scans or manual checks such as terraform plan. This approach often fails to detect real-time changes, manual modifications, or unauthorized actions.

In this technical feature demonstration, we present an open source approach to drift detection using an event-driven model powered by Falco.

We will demonstrate how:

infrastructure is provisioned using Terraform
manual or out-of-band changes introduce drift
Falco detects these changes in real time via event streams
an open source tool analyzes and surfaces these events as actionable drift signals

Unlike traditional drift detection tools, this approach enables near real-time detection, user attribution, and continuous visibility into infrastructure changes.

This session introduces the concept of “event-driven runtime drift” and shows how it complements Terraform-based workflows using open source technologies.

The demo is based on a publicly available open source project, allowing attendees to reproduce the setup and apply it to their own environments.

Speakers

Keita Higaki

Senior Customer Solutions Engineer, Cloud-Native Security, Sysdig,Inc

eita Higaki is a Senior Customer Solutions Engineer specializing in cloud-native security and Kubernetes runtime protection. He supports enterprise environments adopting runtime security using open source technologies such as Falco. He focuses on bridging Infrastructure-as-Code and... Read More →

Wednesday August 12, 2026 17:15 - 17:45 KST
Orchid 2

Cloud + Orchestration

11:00 KST

11:40 KST

13:35 KST

14:15 KST

14:55 KST

15:55 KST

16:35 KST

17:15 KST

11:00 KST

11:40 KST

13:35 KST

14:15 KST

14:55 KST

15:55 KST

16:35 KST

17:15 KST

Get help with the event