KubeConEurope 2025 Recap and Highligts

Last week I had the privilege to be present at KubeCon | CloudNativeCon EU 2025. This year it was hosted in the city of London (located in England). In this post I want to share my story and my personal highlights. The highlights include links to awesome talks, great tools, lovely talks with vendors and other impressions of KubeCon EU 2025.

Introduction KubeCon

A short explanation, if you are not familiar with KubeCon. The Cloud Native Computing Foundation (CNCF) conference gathers adopters and technologists from leading open source and cloud native communities. They bring together the world’s top developers, end users, and vendors and run the largest open source developer conferences. This year KubeCon / CloudNativeCon Europe was this year held in England in the city of London.

CNCF hosted colocated events

KubeCon started with the different sponsor hosted and CNCF hosted colocated events like ArgoCon, CiliumCon, Observability day and Azure Day with Kubernetes. Pitty that I had to choose. Personally I was present at the Azure Day with Kubernetes, sponsered by Microsoft that was hosted a colocated event. This day had a fully packed schedule with lots of information, tips and announcements, which can be found via this link. If you want to watch the videos because you missed them or just watch them again, click here. If you have interest in the AKS Best Practices eBook, click this link.

KubeCon keynote highlights

Information that was shared at the KeyNotes sessions via Chris Aniszczyk:

• 13.000 attendees;
• Lots of sessions about observability, AI and LLM;
• KubeCon Project updates and feedback of the End User Experience;
• New CNCF certifications that where announced:
  • Cloud native platform engineering associate (CNPA);
  • Cloud Native Platform Engineer (CNPE).
• New Opensource training becoming available:
  • CODE (Certified open source developer);
• KubeCon will next be hosted in:
  • 23-26 March 2026 in the city of Amsterdam, located at Netherlands;
  • 26-29 October 2026 in the city of Los Angeles, located at Calafornia in North America;
  • 15-18 March 2027 in the city of Barcelona, located at Spain.

Session highlights

Here is my list of highlights of KubeCon 2025:

• [KeyNote] - Chris Aniszczyk from CNCF talked about the new trends (like AI, LLM and Observability) and the CNCF released Whitepaper;
• [Into the blackbox, observability in the age of LLMs] - Christine Yen from Honeycomb.io. She was explaining about "LLMs != like APIs we know and love", how to define it correctly, the laws of building on LLMs and how to evaluate it's quality and use observability via "Feedback loops" to get more visuals in tracking the "inputs and the outputs".
• [NeoNephos] - Vasu Chandrasekhara which was sharing the topic Build a sovereign cloud-edge continuum for europe. It has emerged as a response to the growing demand for secure, scalable, and transparent cloud solutions that support European goals of digital sovereignty. By bringing together leading organizations, technology providers, and academic institutions, NeoNephos serves as a hub for developing and promoting open source solutions that empower European enterprises and public sector entities. Projects they support, are Gardener, Greenhouse, Katalis, Platform-meshand more.
• [Dynamic Resource Allocation] - Laura Lorenz and Corentin Debains from Google. They showcased the power of DRA, which is used as advanced cluster-autoscalers and multicluster schedulars, making it possible to fullfil varied requirements of your workloads and learn how the system adapts resources and scheduling to fit those needs.
• [Headlamp] - Andrew Randall from Microsoft, showcasing Headlamp, an easy-to-use and extensible Kubernetes web UI.
• [OpenTelemetry Project Update] - Severin Neumann and Daniel Gomez Blanco from OpenTelemetry explores how platform engineers can bridge the gap between developers, operators, and observability by integrating OpenTelemetry into cloud-native stacks. OpenTelemetry, a CNCF project that unifies observability data across traces, logs, and metrics, reducing metadata fragmentation and vendor-specific lock-in. With zero-code instrumentation, developers can collect insights effortlessly, while platform engineers can enforce observability as code, enabling scalable, repeatable monitoring.
• [CI/CD Observability] - Dotan Horovits from OpenSearch, AWS and Adriel Perkins from Liatrio, explaining observability as a must-have for operating systems in production. In this session, they shared about the new SIG, its role, the milestones achieved and roadmap ahead. This talk also discussed the alignment with adjacent open source communities such as the CDF's Jenkins and CDEvents and the Eiffel community.
• [Confidential Storage] - Aurélien Bombo from Microsoft talked about processing and storing sensitive data in the cloud. Confidential Containers (CoCo) is a CNCF project that leverages Trusted Execution Environments (TEEs) to tackle this challenge. A critical aspect in this effort is providing secure and confidential storage solutions that can be seamlessly deployed across cloud providers. This session explores the implementation of trusted storage in CoCo, highlighting key aspects such as Kubernetes storage drivers, device virtualization, and the role of attestation in secure key release and data encryption. They also demonstrate how to prevent attackers from injecting data into the TEE using the CNCF Rego policy language. This presentation can be found here.
• [Production-Ready LLMs on Kubernetes] - Priya Samuel from Elsevier and Luke Marsden from HelixML had a session about patterns, pitfalls and performance. They went into architectural patterns, optimalization, techniques for GPU sharing and improving resource utilization.
• [Lessons learnded by the LEGO group] - Paul Farver and Thomas Øther Rasmussen are from The LEGO Group. They explained that developers are free to choose the tools they believe suit their task best. Limiting this autonomy will stifle developer creativity and lead to shadow IT, so how can you leverage as a Platform Engineering team. This session was focussed on how the LEGO Container Platform Team successfully onboards new applications, engages with developers, and keeps them happy.
• [How to Scale cloud & On-Prem infra while cutting costs] - Arnaud Pons and Gabriel Quennesson from Michelin shared their journey. Michelin re-architected its Kubernetes platform to support 441 business applications across 62 clusters in both cloud and on-prem environments. By leveraging Cluster API, Crossplane, and ArgoCD, we automated infrastructure management, reduced platform costs by 44%, and cut upgrade lead times by 85%. This transformation not only improved scalability and efficiency but also ensured Michelin remains an attractive workplace for top engineering talent.
• [Observability for AI] - Nicole van der Hoeven from Grafana Labs, discussed the different types of AI, the factors that make observing AI different from observing applications, and the telemetry signals specific to AI that we might want to listen to. How do we deal with large data sets? How do we observe for model drift? How do we take into account the costs of LLMs? How can we use distributed tracing to follow event sequences? Part cautionary tale and part technical demo, this talk shows how to instrument and monitor AI apps using OpenTelemetry, Prometheus, OpenLit, and more.
• [Sign and verify all the things] - Jeremy Rickard from Microsoft explained about supply chain threats. Digital signing and policy enforcement can help! In this talk, he explained at how CNCF projects like ORAS, Notary, Flux, and Kyverno can be used together to ensure that everything in your production clusters, from images to configuration YAML, comes from a trusted source and has been digitally signed to ensure it hasn't been tampered with and. How to do this with a registry you control. His session delivered knowledge of how these tools work together to enable you to protect your clusters, some of the gaps, and how you can address them.
• [Attesting and and verifying software Supply-chain with In-Toto] - Justin Cappos from New York University and Alan Chung Ma from Keytos introduced In-Toto. In-toto is a framework that allows users to protect their software supply chain. The framework achieves this by providing two key capabilities: cryptographically attesting steps along the supply chain and enforcing policies that govern the relationships between the attestations.
• [Benefits of TAG Security Assessment] - Brandt Keller from Defense Unicorns, he shared his story with this Presentation. Heis a Maintainer and Contributor to multiple Open Source projects and finds distinct pleasure in solving difficult problems and being a voice for Critical - Regulated - and Air-Gapped environments (most often all of the above). He is a Cloud Native Ambassador, Security TAG Technical Lead, and active member and contributor to multiple CNCF working groups and active in the Kubernetes community.
• [Strengthening Auth in Kubernetes] - Standa Láznička and Rita Zhang from Microsoft introduced ways to improve authentication and authorization in Kubernetes. The Kubernetes Auth SIG has been collaborating with other SIGs to enhance authentication and authorization across the ecosystem. In this session they have given a demo how to improve "Image Pulling, DRA Admin Access & Pod Certificates", improving security and usability in Kubernetes!
• [KubeFleet - Multi-Cluster Application Management] - Ryan Zhang from Microosft shared which operational challenges an organisation can face when deploying applications across multiple Kubernetes clusters. KubeFleet, an open-source project, offers a comprehensive framework to streamline multi-cluster application management. Feature highlights are Rich Scheduling Capability (multi-cluster policies like pick N clusters or pick all clusters), Metrics-Based Scheduling (placement strategies based on internal (GPU, CPU, memory) and external metrics (cost, IP availability)) and Built-in Continuous Deployment Strategies (olling update strategies and stage-based continuous deployment with wait and approval between stages).
• [OPA policies for FinOps] - Sathish Kumar Venkatesan from DevOpsCloudJunction Foundation Inc. shared in his session how OPA can be harnessed for FinOps practices in Kubernetes. The Open Policy Agent (OPA) is widely known for enforcing security policies, but its capabilities extend far beyond compliance. He showed in his session how to integrate OPA with tools like Gatekeeper and OpenCost to provide real-time cost visibility and actionable insights, giving the skills to use OPA for both security and cost optimization in Kubernetes environments.
• [Debug & Monitor with Inspektor Gadget] - Burak Ok, Michael Friese and Qasim Sarfraz from Microsoft showed in a interactive session the added value of Inspektor Gadget, exploring Kubernetes observability and debugging. This powerful project combines eBPF tools and a systems inspection framework tailored for Kubernetes, containers, and Linux hosts. The session started with an introduction to Inspektor Gadget, followed by hands-on guidance to set up your development environment and shared how to be participant for to improve for new gadgets, enhance existing gadgets, collaborate on brainstorming innovative features.
• [Building Secure Kubernetes Networks] - Lior Lieberman from Google and Igor Velichkovich from Stealth Startup explore the landscape of network encryption, AuthN and AuthZ solutions grounded in the principles of defense-in-depth and least privilege. As the scale of your clusters grows, so does the complexity of securing your networks. They have highlighted how the community can work together to standardize and simplify encryption and identity management, making security more accessible and robust for all users.
• [LitmusChaos] - Saranya Jena and Sarthak Jain from Harnness explored in this session the advancements in chaos engineering for cloud-native systems. This session has covered key updates from recent releases, including enhanced resilience testing, observability, and scalability features, while showcasing how they address real-world challenges faced by Developers and SREs.
• [Kubernetes Postgress Operator] - at the booth of EDB, they have showcased the Postgress Operator with its back-up and restore capability. Very usefull when using Postgress into your Kubernetes clusters and an easy to use implementation.

Networking on the stands

Did a lot of networking with people from Calico, AWS, ASML, Codefresh, Aqua, Intel, Microsoft Azure, GitHub, Isovalent, Solo.io, Dynatrace, OpenSearch, Diagrid, Grafana Labs, and more. Lot's of new names where popping up (especially on AI, LLM or Observability), but also familiar ones (on the security field).

Personal contributions

This year twice I had the opportunity to provide my contribution to this valuable community:

• First contribution is being a part of the the round table sessions on Azure Kubernetes day. I was part of the Round table "Security" and later on "Networking". Together we discussed different related topics, feedback to the productteams and heared the roadmap. Most valuable and directly feedback was amazing to have.
• Second contribution I've added is an interview with 4 MVP's (Richard Hooper, Wesley Haakman, Arnold van Wijnbergen and myself included) in which we did a recap and shared our thoughts of Azure Kubernetes Day. The interview you can find here.
  

Wrapping up

Learned a lot of new things. Met a lot of old and new friends in person again! I was not able to always attend the sessions that I had planned for. Luckily I but also you can watch those sessions back when they come available online.
Keep your eyes open at the CNCF Youtube channel here and catch new talks that get published soon!
If you have any questions, please contact me.