KubeCon + CloudNativeCon Europe 2024 in Paris was one of the biggest tech conferences in the world and attracted over 12,000 people this year!
It’s a big community hug fest to celebrate open source projects, contributors and users on Cloud Native projects. It’s also a place where SRE, platform engineers, DevOps engineers, developers, and businesses interested in or using Kubernetes and Cloud Native technology get together to explore the latest trends, share insights and connect in person with friends, colleagues, customers and fellow enthusiasts.
It seems like all of life happens at KubeCon!
Why Was I There and What Did I Do?
I work in Developer Relations in Cloudsmith and they are a big supporter of the Cloud Native Computing Foundation (CNCF) mission. My goals were to engage with attendees at the Cloudsmith booth, give demos of our platform, talk to our current customers, meet with potential partners, and attend as many talks as possible in the area of supply chain security.
A lot of people at the event, including myself, work from home a lot and you could sense that people were enjoying talking to friends, colleagues, fellow maintainers, and attendees face to face.
I felt buzzing returning home—full of ideas, new contacts and a better understanding of the cloud-native landscape.
Keynotes: Celebrating 10 years of Explosive Growth
The Kubernetes project celebrates a decade of remarkable growth, boasting a staggering 190k-member Slack group and over 3.2k active contributors on Github. With over 100 certified Kubernetes distributions, and 200k+ Certified Kubernetes Administrators (CKAs), the ecosystem thrives. Much of the keynotes, including Bob Wise’s closing speech, were spent celebrating the success of the community over the last 10 years.
But CNCF are not resting on their laurels—AI, sustainability, security, and edge computing were laid out as the cornerstones of Kubernetes development in the coming years. CNCF really doubled down on AI in the keynote speech and published an AI whitepaper to align with the conference.
Kubernetes maintainers want to ensure the platform evolves to meet the needs of the end-user community, including new workflows like the AI. Solomon Hykes, Founder of Dagger, echoed this sentiment, urging a higher standard in deployment practices. “We have to remember we are not there yet and we need to set the bar higher,” he said. “A bunch of scripts gluing terraform and 30 other tools together—it’s not supposed to be like that and we have some work to do.”
In his closing keynote, Hykes emphasized following a model of manufacturing and working on the build process of software to continuously improve the 'software factory'. We "need to set a higher bar and think of it as an integrated process".
He called to elevate the software build process and underscored the collective commitment to continuous improvement in CNCF.
CNCF Project Highlights
The projects and maintainers are the heart of the CNCF ecosystem. CNCF aims to help open-source projects including Kubernetes, Prometheus, Envoy, and over 180 other projects to thrive. Projects are labeled Sandbox, Incubated, Graduated and Archived. These labels help organizations choose an appropriate project for their use cases. Graduated and incubating projects are considered stable and are used successfully in production environments. The Graduated project released an update video on their projects for the conference.
These are some of the CNCF projects that are in my ballpark (artifact management, CI/CD and supply chain security):
- Helm, the package manager for Kubernetes;
- OpenTofu, an official fork of Terraform, which arose when Hashicorp announced they would change the license of many of their open source tools;
- Flux, a continuous delivery solution for Kubernetes;
- Argo, Kubernetes-native tools to run workflows and manage clusters;
- Tuf, a framework for securing software update systems;
- Open Policy Agent (OPA), an open source, general-purpose policy engine;
- In-toto, a framework to protect supply chain integrity; and
- Kyverno, a Kubernetes-native policy management tool.
My Top 10 Talks From KubeCon
There were 223 talks spread across 10 tracks. It was impossible to attend all of them, but CNCF were great at quickly uploading the talks to YouTube. The following sessions focused on the topic of supply chain security, CI/CD, and package formats:
- It's Not Just About SBOMs: Perspectives on Cloud Native Supply Chain Security. There's been a surge in attacks targeting the software supply chain. While SBOMs are a crucial step, they're currently more of a compliance checkbox than a robust security measure.
- OCI as a Standard for ML Artifact Storage and Retrieval - Peyman Norouzi & Eric Koepfle, Bloomberg
- Lessons Learned from Generating 100M SBOMs Google’s Approach to SBOM Compliance.
- The IaC Evolution - on Open Source & Everything Else.
- Operating a Production TUF Repository - Kairo De Araujo, TestifySec & Fredrik Skogman, Github. On how you can use the TUF framework to secure your production delivery systems.
- GitOps Continuous Delivery at Scale with Flux - Stefan Prodan
- Open Policy Agent (OPA) Intro & Deep Dive - Anders Eknert, Styra & Xander Grzywinski, Microsoft
- Building Container Images the Modern Way - Adrian Mouat, Chainguard. Adrian goes through the different ways of building usable but minimal Docker images with a low number of CVEs.
- VEXinating Your Container Images: The European Way - Dina Truxius, Federal Office for Information Security (BSI) & Jose Antonio Carmona Fombella, VMware. On automating vulnerability management with open source tooling.
- Kubernetes Maintainers Read Mean Comments - Tim Hockin & Davanum Srinivas. A reminder to be kind to the volunteers that maintain Kubernetes even when it frustrates them.
7 Top Cloud-Native Trends from KubeCon
- Prepare for AI: One of the standout themes of the conference was the growing importance of AI/ML on Kubernetes. In reality, AI is not yet a disruptor in the cloud-native world, but the start point seems to be preparing the platform for AI workflows.
- Actionable supply chain security: Talks about how to implement supply chain security as opposed to talking about it as a concept.
- Managing resources to be more sustainable and reduce cost: WebAssembly and Pod autoscaling in Kubernetes were everywhere talking about solving this problem. There was much buzz about Spin, a new CNCF project working on WebAssembly, to develop and deploy WebAssembly workloads on Kubernetes more sustainably by reducing memory consumption significantly.
- Runtime security and eBPF: This was a hot topic. There were loads of stands at the showcase, and massive queues out the door for Cilium’s signed books and talks.
- Platform as code: A push for cloud-native pipelines to become a platform using programming languages (AKA not YAML) with a regular language with well written API docs and SDKs.
- Preparing for changes to Hashicorp: As HashiCorp contemplates a potential sale, there's uncertainty over Terraform's future direction. In this environment, OpenTofu, a fork of Terraform, was another top trending topic at KubeCon.
- Simplifying application management and the path to production with Kubernetes: This continues to be important in talks and on the showroom floor.
KubeCon is a great event to connect with the community, celebrate what has been achieved, and illuminate the path forward for the cloud-native community. Cloudsmith will be attending KubeCon North America in Salt Lake City later this year, and I hope to see you there!