Reflecting on KubeCon Europe 2022
As technologists, we often need reminding that there’s life outside our computers, even when we’re attending KubeCon | CloudNativeCon Europe, which wrapped up in Valencia on Friday.
A poignant video message from popular CNCF Developer Advocate Ihor Dvoretskyi, missing his first Kubecon in six years to fight with Ukraine’s Territorial Defence Force, was the centrepoint of an opening keynote that emphasised the importance of humanity, bridge building and community. Addressing the audience in fatigues, Ihor delivered a sombre message about the change in his life over the last 84 days, thanking his colleagues and industry friends for their support so far.
Community is arguably the CNCF’s secret sauce, and it was highlighted in several talks. Mercedes’ success with inner source (and their pivot to preferring rather than rejecting open source) underlined the success it’s possible to have when we have shared goals.
It left me wondering how significantly we, in financial services, are participating. Most talks I attended ended with a plea for help: for more contributors and maintainers — even donations. In one session, ‘The Risks of Single Maintainer Dependencies’, John McBride, of VMware, implored us to ‘invest, invest, invest’ — to offer engineering resources, to become project maintainers. Yet the Open Source Contributor Index shows no Banking, Insurance & Financial Services names amongst the top 80 contributing firms. Google, unsurprisingly, tops the list.
A open source project with a single owner presents a clear Supply Chain risk. Fortunately, there was near unanimous interest in improving the Supply Chain of open source tools. With v1.23, Kubernetes achieved SLSA Level 1. With May’s 1.24 release, it is close to SLSA Level 3, setting the tone for how seriously the CNCF ecosystem (and industry) should approach signing and safety.
I enjoyed Shane Lawrence of Shopify quipping that Log4Shell, the most high-profile of recent Supply Chain vulnerabilities, was not merely a global problem but actually an interplanetary one (given that Ingenuity, the Mars Helicopter, was claimed by Apache to be ‘powered by log4j’). I’m sorry to report that NASA have since debunked that claim (and Apache’s tweet has been deleted). Still, there’s no reason to let that get in the way of a good conference anecdote.
The Supply Chain is fundamental to our software security, but it also seemed to have led to a scarcity of KubeCon coffee. Most developers won’t write a line of code without it, but it didn’t stop the observability community from showing their latest work. The Observability track was one of the most popular, perhaps a sign of a maturing userbase.
Open Telemetry, a set of open source technologies for metrics, traces and (soon) logs, saw an uptick in popularity. Although there is more to do before it can fulfil its promise, with the industry support it has (including GCP), that feels inevitable. For the uninitiated, the space is starting to feel a little crowded, with many projects trying to find their niche. Gravel Gateway, Fluent Bit, Thanos, Grafana Loki, Jaeger, Parca & Open Telemetry all seem to overlap. I was left wanting a roadmap.
Ultimately, though, some things are more important than technology. The CNCF is backing two efforts — Razom for Ukraine and Operation Dvoretskyi. If you haven’t already, or even if you already have, please consider giving them your support.
