KubeConEu 2023 Recap and Highligts

calendarApr 23, 2023 · 7 min read · Kubernetes AKS Sustainability KubeCon CloudNativeCon  ·
Share on: linkedincopy

Last week I had the privilege to be present at KubeCon | CloudNativeCon EU. This year it was hosted in the Netherlands, which felt as home game! In this post I want to share my story and my personal highlights. The highlights include links to awesome talks, great tools, lovely talks with vendors and other impressions of KubeCon EU 2023. Next year KubeConEu 2024 will be hosted in Paris from 19 - 22 of March.

Introduction KubeCon
A short explanation, if you are not familiar with KubeCon. The Cloud Native Computing Foundation (CNCF) conference gathers adopters and technologists from leading open source and cloud native communities. They bring together the world’s top developers, end users, and vendors and run the largest open source developer conferences. This year KubeCon / CloudNativeCon Europe was held in the Netherlands at the RAI conference center in Amsterdam.

Kids Day
First event ever, that gives attention to kids. On Sunday, 16 April 2023, the CNCF, hosted a complimentary Kids Day in Amsterdam! How cool is that! Kids are welcome on the age of 8 - 14. Nice initiative! Never too young to learn!

CNCF hosted colocated events
After Kids Day, KubeCon started with the different sponsor hosted and CNCF hosted colocated events like ArgoCon, CiliumCon, Observability day and Azure Day with Kubernetes. Pitty that I had to choose. For the first three events, my old colleque Arnold van Wijnbergen has written some interesting blog with "must watch video's". Personally I was present at the Azure Day with Kubernetes, sponsered by Microsoft that was hosted a colocated event. This day had a fully packed schedule with lots of information, tips and announcements, which can be found via this link. If you want to watch the videos because you missed them or just watch them again, register at https://azuredaywithkubernetes2023.com.

KubeCon Keynote highlights
Information that was shared at the KeyNote session via Priyanka Sharma and Chris Aniszczyk:

  • KubeCon was sold out
  • 10.000 attendees;
  • 58% of the attendees was for the first time at KubeCon;
  • 159 CNCF projects;
  • 1300 maintainers, 200k contributors;
  • 155 ambassadors in 2023;
  • 406 community groups;
  • 24 Kubernetes Community Days;
  • Two new certificates that where announced: Kubernetes and Cloud Native Security Associate (available in Q3 2023) and Certified GitOps Associate (coming soon);
  • KubeConEu 2024 will be hosted in Paris from 19 - 22 of March;
  • KubeCon Project updates and End user experience.

KubeCon Session highlights
Some interested sessions that I had followed:

  • [CloudNative talk] - Taylor Dolezal from CNCF talked about "Tulips, Terabytes, and Transformations: Blooming Innovations in the Cloud Native Garden".
  • [Sustainability] - Jorge Palma from Microsoft spoke about Building a Sustainable Carbon-Aware Cloud. Jorge announced the availability of the carbon-aware-keda operator. A recap of the keynote can be found in this blog. More information can be found at Microsoft Docs.
  • [Green software engineering] - Kristina Devochko who inspired my and others developers to code with sustainability, security and cloud native principles in mind. Her presentation can be found at this link.
  • [Confidential Containers] - Jeremi Piotrowksiy from Microsoft talked about "The Next Episode in Workload Isolation: Confidential Containers". Container based workloads are isolated at the OS level by default. Stronger isolation can be achieved using Kata Containers which adds a hardware isolation boundary. New hardware capabilities have appeared in CPUs in recent years that open up the possibility of enhancing this isolation with an added level of confidentiality. Kata-CC is an extension of Kata Containers that makes use of Trusted Execution Environment features present in modern CPUs to enhance security in a multi-tenant environment by combining workload attestation and memory encryption. Jeremi will talk about the available ways to deploy containers in SEV-SNP (secure encrypted virtualization - secure nested paging) protected confidential virtual machines and dig into their respective architectures. He will also talk about the challenges with hardware attestation and how it ensures workload portability.
  • [vCluster] - Ilia Medvedev from CodeFresh who talked about vCluster which is an open source project that allows you to create virtual clusters in any Kubernetes cluster. Virtual clusters enjoy higher isolation than simple namespaces and can also be used for cluster level resources like CRDs without any versioning conflicts.
  • [Observability] - Duffie Cooley from Isovalent who talked abount Security Observability in general, which is about providing more context into events involving an incident. However, researching those events does not have to be confusing or difficult. In this session, the Security Observability and Runtime Enforcement kind is explained: 1. Introduce the fundamentals of Cilium Tetragon and the basics of Security Observability 2. Discuss the layers where Tetragon can extract data from and provide enforcement 3. Determine exactly what activities to care about and to monitor, and how to spot those activities 4. Walk through a brief deep dive into network connections and the associated events with the solution Cilium.
  • [Cilium updates] - Liz Rice gave an update on how Cilium has been progressing as a project and on the road towards graduation. The latest developments and future roadmap was shared. Liz has also shared bringin eBPF powered data to the world of observability and why Cilium has become the CNI of choice in the wild. In this session you'll hear from Cilium contributors and users Isovalent, Grafana Labs, and Eficode.
  • [Certmanager] - Ashley Davis has talked about control your own certificate authority (CA), whether for just one Kubernetes cluster or for your whole organization.
  • [Usecase - Kubernetes Edge] - Stefan van Gastel from Ministry of Defense and Anna Magdalena Kosek from TNO, has shown W a tactical cloud concept developed together by TNO and the Dutch Ministry of Defence, where manned or unmanned vehicles join spontaneously in ad-hoc cloud constellations to deliver a resilient, distributed, and collaborative computation. Their presentation can be found at this link.
  • [Usecase - KEDA] - Jorge Turrado Ferrero has shared their KEDA usecase. KEDA is an open-source project that allows users to scale their applications based on the number of events rather than resource usage. This makes it perfect for event-driven architectures and workloads in general, where cost-saving is essential. Furthermore, KEDA provides autoscaling (including scaling to zero) that allows for better utilization of resources by only running pods when there is an actual workload.

Personal contributions
This year twice I had the opportunity to provide my contribution to this valuable community:

  • First contribution is being a part of the NL community talk. Live from the theCUBE stage with my old colleagues Daniel Paulus and Arnold van Wijnbergen, we shared our story about KubeCon with the host Joep Piscaer. You can see the recorded session here.
  • Second contribution is providing a short talk with the vendor Palo Alto specific Prisma Cloud and the value it brought to me and the community.

Personal list of conversations
Conversations that still are on top of my mind.

  • Isovalent about eBPF and Cilium of course. Book signing was Epic to see the line of people that where waiting to get their book signed by Liz Rice;
  • Talking with HashiCorp on using HashiCorp Vault in highly secure environments;
  • Intel on Confidential Compute, using Gramine as wrapper, next to the SDK. Other interesting was Occlum OSS project;
  • Meeting the people behind Opster about the OpenSearch Operator and awesome UI they created;
  • Meeting Venafi at the cert-manager booth and learning more about their new product for distributed machine identities called Firefly;
  • Getting some in-depth info about Open Telemetry and understanding the progress on embedding logs into the OpenTelemetry Protocol (OTLP) specification;
  • Gitpod is an open-source Kubernetes application for ready-to-code cloud development environments that spins up fresh, automated dev environments for each task, in the cloud, in seconds.
  • and so many more ...

Wrapping up
Learned a lot of new things. Met a lot of old and new friends in person again! Did a lot of networking with people from Tigera, Codefresh, Aqua, Intel, Suse, Isovalent, Sysdig, Paolo Alto, Spectro Cloud and more. I was not able to always attend the sessions that I had planned for. Luckily I but also you can watch those sessions back when they come available online.
Keep your eyes open at the CNCF Youtube channel here and catch new talks that get published soon! If you have any questions, please contact me.