KubeCon + CloudNativeCon 2022 North America
A colleague (Nikos Stathis) and I attended the Kubecon+CloudNativeCon 2022 North America held in Detroit from the 26th-28th of October 2022. KubeCon + CloudNativeCon is a conference organized by the Cloud Native Computing Foundation (CNCF) that focuses on the technologies and practices related to cloud-native computing and Kubernetes.
In XM, we invest a lot in our people, always trying to educate them and trying to give them all the necessary skills and knowledge in order to deliver state of the art solutions. For that purpose, amongst other initiatives (online training platforms and courses, internal technology talks and seminars etc.), members of the IT team frequently participate in well known technology events and conferences across the world.
The KubeCon + CloudNativeCon conference is held several times a year in different locations around the world and brings together developers, DevOps professionals, system administrators, and other technology leaders to learn about the latest developments in cloud-native computing and to share their own experiences and best practices. The conference features keynote presentations, technical talks, and networking opportunities, as well as an expo floor where attendees can learn about the latest tools and services from leading vendors in the cloud-native ecosystem.
This year’s conference had a 13% talk acceptance rate and 166 talks took place in parallel sessions over the course of the conference. (There is also an unofficial one day event taking place before the conference where some of the presentations that were rejected from the main conference are presented!). The Kubernetes/Cloud Native community is vibrant and fast evolving. Currently there are 140+ projects under the CNCF umbrella, many of them competing to solve similar issues (e.g. service mesh/observability/tracing/etc.). The majority of the projects are in the Sandbox phase, which demonstrates the interest in providing solutions in the domain of cloud native solutions. Project owners appealed for contributors in their open source repositories (it may not come as a surprise most of the projects are written in Go).
In this article we try to summarise the talks we attended and found most interesting based on the talk content:
- Inspiring Sessions
- Kubernet-Bees: How Bees Solve Problems Of Distributed Systems
- Arsenal Of Democracy: What Open Source Can Learn From the Motor City - Community Update Talks
- Cloud Native Computing Foundation (CNFC) updates
- A Cloud Native Swiss Knife
- SIG Autoscaling Updates And Feature Highlights - Developer Support Tools
- Backstage: Shaping the Future Of DeveloperExperience - Service Mesh
- Istio Today and Tomorrow: Sidecars and Beyond
- Flagger, Linkerd, And Gateway API: Oh My! - Cloud Native
- Cloudy With a Chance Of Chaos
- Path To Production: Sustainable Compliance In Strict Environments - Conclusion
- How to Become an Open Source Mechanic
Inspiring Sessions
Kubernet-Bees: How Bees Solve Problems Of Distributed Systems
Many CNCF participants use bees as logos (e.g. eBPF, Cilium, GiantSwam, Honeycomb). This is no coincidence; the two worlds have more in common than you might think. Honey bees are social animals which operate as a distributed system. As experienced beekeepers and cloud-native engineers, the similarities between bees and Kubernetes are fascinating. Bee hives autoscale, self-heal, have message passing mechanisms, service discovery, and RBAC. For bee colonies, these are fundamental processes which must be cost-effective. This talk is an introduction to the fascinating world of honey bees, explains how bees have solved problems we face on a daily basis as Kubernetes users and gives an outlook on features that are missing from Kubernetes which bees support today.
Arsenal Of Democracy: What Open Source Can Learn From the Motor City
In this talk the speaker is taking a look at Detroit’s history and the lessons we can learn from its dominant industry, describes parallels between open source software and manufacturing, explains how lessons learned by automakers in the last century can benefit software development today and points out potential pitfalls made by industrialists that we should seek to avoid.
Community Updates Talks
Cloud Native Computing Foundation (CNFC) updates
Community updates about the latest developments from some of the most popular projects such as containerd and Fluent Bit.
A Cloud Native Swiss Knife
This talk focused on various tools that can be used to make the DevOps lives easier (just like a Swiss Knife does for everyday life). Highlights:
- Logging: You can get the logs from ALL pods based on a label. So you don’t need to specify the individual pod. Example:
kubectl logs -l app=nginx -f- Ephemeral Containers: You don’t need to connect to a pod (and possibly install missing tools like telnet etc. to debug). Instead there is a new command that allows you to attach an image to an existing image. So you can have an image with all your tools installed and attach it to existing images for debug. Relevant command: kubectl debug
- ContainerD eStargz: Allows for lazy pulling of images which allows for much faster startup times of big container images. For example a 18.7GB image takes 4.5 minutes to startup, but with eStargz it only takes 15 seconds.
SIG Autoscaling Updates And Feature Highlights
In this talk the speaker describes the latest updates and features from the Kubernetes Autoscaling community. He covers the status and future plans for the SIG owned projects — Cluster Autoscaler, Horizontal Pod Autoscaler, Vertical Pod Autoscaler. One of the most interesting features is that you can configure a percentage of the pods to use spot instances!
Developer Support Tools
Backstage: Shaping the Future Of Developer Experience
Backstage is one of the most popular software catalog applications. It is also able to automate the creation of repositories through templates to avoid the creation of repetitive operations/boilerplate code to facilitate coding services at scale. Additionally, through the use of 3rd party plugins it can be a fully customized framework that can be used for documentation/new developer onboarding/badges and gamification.
Service Mesh
Service Mesh solutions are all about shifting concerns such as observability (logs/metrics), routing, security (service to service authentication/mtls), reliability (circuit breaking/retries) away from the application and into the Kubernetes platform layer.
Istio Today and Tomorrow: Sidecars and Beyond
Istio Ambient Service Mesh is a new development for side-car less Istio deployments. Sidecar containers have certain challenges, such as lack of transparency and overprovisioning of resources and Ambient Service Mesh promises to overcome them by providing a solution that works on both L4 and L7 of the network stack. More information can be found here: https://istio.io/latest/blog/2022/ambient-security/ The following slide provides an overview of the architecture.
Flagger, Linkerd, And Gateway API: Oh My!
In this talk a solution was presented that uses Gateway API/Flagger and Linkerd to manage the service mesh and support canary deployments. Flagger is responsible for the canary deployments, Linkerd is the service mesh solution and Gateway API is the Kubernetes solution of the known pattern. An image is a thousand words, so an overview of the components and their functionality can be seen in the following slide:
Cloud Native Presentations
Cloudy With a Chance Of Chaos
Chaos engineering is popular and maybe essential in the cloud native world. In this talk the experience of Chaos Engineering at Goldman Sachs for a system deployed on AWS was presented. Key takeaways:
- Need to have a plan and define success criteria. What are you after when conducting this test? E.g. What are your SLAs for availability that you want to measure? Do you want to validate proper alerting?
- Manual Chaos testing is a good place to start giving you quick wins with low effort/high return ratio. (e.g. shutting down services from the AWS console).
- Have means in place to monitor/measure client experience during the chaos test
- Have logging/monitoring in place for the postmortem to be able to identify issues so as to fix them
- Chaos engineering is not trivial, it requires time and resources and need to convince both the business and the developers for its value
Path To Production: Sustainable Compliance In Strict Environments
Security and Compliance as code is evolving and will sooner or later be required for certain types of sectors. Security/Compliance as code gives the ability to audit/verify that systems satisfy certain regulatory characteristics. In this talk a solution by the company Defence Unicorns was presented. Key takeaways:
- Open Security Controls Assessment Language (OSCAL) is developed by the National Institute of Standards and Technology (NIST) to document/assess and maintain the security/compliance controls
- Kyverno is a policy engine that can be used to define and sign policies to ensure integrity throughout the software supply chain.
- Defence Unicorns have created a tool called Lula that can check the configuration for compliance of the OSCAL against the Kyverno policies.
Conclusion
Attending the KubeCon/CloudNativeCon was a once in a life-time experience, where you can see all the latest developments in the field, meet new people, discuss with experts and grow your network.
It is also a good opportunity to find a project that interests you and start contributing to it!
Bonus talk for aspiring contributors: How to Become an Open Source Mechanic https://www.youtube.com/watch?v=chZcSIIOqnY
Attending this conference is an awesome experience that allowed us to appreciate the latest trends in the domain. This wouldn’t have been possible without the full sponsorship of the trip by XM.
