KubeCon is Cloud Native Computing Foundation’s flagship multi-day tech conference that gathers contributors and maintainers of Kubernetes and various other open-source and cloud-native projects. This year’s KubeCon was a hybrid event held in-person with a virtual component between May 16-20 in Valencia, Spain.
What was different about this year’s KubeCon?
There was a lot of talk about day 2 operations like observability, monitoring, and going deeper into the security aspects of Kubernetes. This means that for many enterprises, Kubernetes has become really critical and they want to get more control of it.
The pandemic has accelerated the pace of innovation, especially inside the CNCF, which is by far the most critical repository of open-source projects that governments, enterprises, and individuals rely on around the world in order to deliver new experiences. This has led to Kubernetes encapsulating almost all of the tech infrastructure. So naturally, this year’s theme at KubeCon was to simplify the Kubernetes ecosystem. New adopters require easier options to get them started with cloud-native platforms in a secure way.
There was also some discussion around FinOps and cost control as Kubernetes is being deployed everywhere and if everything is not controlled, monitored, and optimized, costs go through the roof. This year was less about infrastructure and more about the application. This was a developer-centric event.
Key takeaways for KubeCon Europe
1. Trampoline pods
Trampoline pods sound like fun, right? Well, apparently not! Security researchers from Palo Alto Networks presented research on “trampoline pods” – powerful pods with an elevated set of privileges. These pods can pose a major security issue as they can be used as a jumping-off point to gain escalated cluster admin privileges. Additionally, if the node of these trampoline pods goes rogue, it can potentially launch disastrous attacks against the cluster or even completely take over it. Pod Security will be replacing PodSecurityPolicy from Kubernetes 1.23.
2. Multi-cloud is the norm
Multi-cloud is no longer a feature, it is now a requirement. Nearly all enterprises have a public cloud presence at this point. This presence for most of them is singular but the cloud needs to be plural now. The cloud operating model doesn’t just mean public cloud, it essentially means more clouds. Kubernetes is one of the biggest facilitators of the multi-cloud explosion which is bound to escalate.
3. Security is the default
If the entire data center is automated with Kubernetes, when is the right time to address security issues? Well, the tech community says it’s right now! The key thing that was realized is when it comes to security, the problem is humans. It turns out that when it comes to security, we don’t really think about it. There are numerous steps involved before an application is deployed in Kubernetes. And every step is a new way to expose your application to a multitude of vulnerabilities. This means there is a possibility of security breach every step of the way if we dilly-dally for too long before putting the right security measures in place. The solution to this problem is to make security the default.
The CNCF Technical Advisory Group for Security announced a Secure Software Factory Reference Architecture that specifically focuses on the crucial concern of provenance, particularly on the activity stage of the build. This is because of the rudimental role provenance verification plays in all supply chain security concerns.
4. The significance of operators
One of the recurring themes of KubeCon 2022 was operators, given that operators are everywhere. Kubernetes employed the operator model to empower vendors to extend its orchestration capabilities with custom operators. They help facilitate the extension of the Kubernetes API with operational knowledge. Operators make the lives of Dev and Ops teams simpler by introducing custom controllers, custom resource definitions, metrics, and other cloud resources.
The growth of stateful services in the cloud operating model has led to the snowballing of operators. This is mostly because although Kubernetes knows how to orchestrate stateless services well, it lacks the knowledge to orchestrate stateful services. Each stateful service needs defined knowledge to implement a custom operator. So, the significance of operators is quite obvious.
5. Cloud Native Maturity Model 2.0
CNCF projects are structured in a way that is self-sustaining. Technical Advisory Groups (TAGs) render technical guidance across a cross-section of projects in the CNCF terrain, pertaining to individual domains.
KubeCon 2021 saw the launch of the Cloud Native Maturity Model that would help adopters, as well as end-users, navigate the CNCF terrain and the entire cloud native ecosystem. KubeCon 2022 saw the launch of an update to this model – the Cloud Native Maturity Model 2.0 – aimed at providing confidence to enterprises working with Kubernetes.
The model includes five levels where each one covers process, policy, people, and technology and are divided by key themes. The 2.0 update saw the most significant addition to this model – “Business Outcomes”. This update highlighted the fact that enterprises don’t move to the cloud just for technical reasons, the business aspect is as important.
KubeCon Europe did not disappoint. Not only did it not disappoint, I think it has gotten us excited about where the cloud native community is headed. Hopefully, this excitement translates into fun projects, addition of more contributors, and exponential growth of the community. With KubeCon Detroit is only six months away, and it’s exciting to keep track of all the innovations.
Stay tuned with us here at Amazic for the latest scoop on all the happenings from the CNCF. While youre at it, don’t forget to check out our recent interview with Taylor Dolezal, Head of Ecosystem at the CNCF.
If you have questions related to this topic, feel free to book a meeting with one of our solutions experts, mail to firstname.lastname@example.org.