May saw an event that I've loved for two years: KubeCon + CloudNativeCon Europe! This hybrid event (virtual and face-to-face in Valencia, Spain) allowed thousands of people (more than 7,000 face-to-face and more than 10,000 online) to come together around the cloud-native ecosystem for three days, and of course, Cycloid had to attend!
In this series of 3 articles, you will find a short report of all the fun information, announcements, and discoveries collected from the various online sessions in which I participated. Let's go!
For the first keynote of the first day, many announcements, interventions, and speakers followed one another.
A small summary of the universe surrounding the CNCF is essential (you won't believe number 7!):
Priyanka Sharma, who presented the opening keynote, was joined by special guests Van Jones (and his famous speech summarized with the following quote: “Disagreement is good, but disrespect is destructive”), Ihor Dvoretskyi, Ukrainian Developer Advocate from CNCF, and Olena Nyzhnykevych from Razom for Ukraine.
This was followed by a remarkable talk by Mercedes-Benz (Jenz Erat, Peter Mueller & Sabine Wolz) on their use of Kubernetes over the past seven years. They shared how they adopted a DevOps approach in 2015 thanks to one team's efforts and made a change towards 100% free & open-source (FOSS), without forgetting all the dimensions of automation, self-service, and continuous improvement that many companies encounter today.
Finally, the last thing I noticed from all of these talks is the presence of Kubernetes in space thanks to KubeEdge or the absolute need to rethink our development models and the languages used (did you know that the Python language consumes 75 times more than the C language in energy?). Beautiful and significant speeches for our current needs.
Now let's get serious! After realizing that all of the face-to-face sessions were also virtually available, I had to choose among those offered in the first slot. So I decided to orient myself on the container runtime interface (or CRI) that I heard about here and there…CRI-O!
Presented by Peter Hunt, Urvashi Mohnani, Mrunal Patel, & Sascha Grunert, this introductory talk introduced the compliant OCI runtime and its specificities: focus on Kubernetes and mainly focus on security.
A fascinating talk, especially with the announcement of common-rs and a deep dive on SELinux and the problem linked to the “relabeling” of container volumes.
Probably one of the most exciting talks from the three days! Rick Spencer & Wojciech Kocjan brilliantly told us how a simple pull request (PR) caused a chain reaction that ended in directly deleting an entire production environment!
What was interesting to me (apart from understanding how it happened) was how they were able to recover from this incident and what measures they took to save the same headache in the future.
In summary? The teams worked together to get the environment back up and running with no data loss while avoiding “panic” as much as possible. They realized that no runbook was written to rebuild the environment and, unfortunately, the automation put in place could not prevent the incident.
Nevertheless, after recovery, they set up detection mechanisms, a better naming convention, and segmented the Kubernetes resources into several files instead of a single large YAML file (which makes it possible to detect more potential problems). Beautiful lessons that I invite you to review in replay on YouTube (when the video is available on the CNCF channel!).
Are you familiar with confidential computing? This practice allows end-to-end data security. Encryption of stored data, on the network or during processing by the processor for example.
With this in mind, James Gagowan & Samuel Ortiz presented the community and open-source tools related to Confidential Containers to bring confidential computing to the container level.
Confidential computing & confidential containers bring the notions of enclave and attestation and allow a Kubernetes workload (basically a pod) to run in an encrypted and verified environment both in terms of memory and codes, etc.
Some public clouds even offer services around confidential computing, allowing you to run your sensitive workloads anywhere. The dream, right? It's a subject I think will be talked about more and more!
To avoid making this article too long, let's quickly talk about the two less technical - but just as valuable - sessions I participated in on the same day.
For a technical project to work, especially over time (and even more so when it’s open-source), it’s necessary to have good overall governance, as speaker Dawn Foster points out. If it doesn’t evolve simultaneously with the technical aspect of the solution, a project risks slowing down its progress or even destroying the efforts undertaken.
The CNCF recommends that the first step in establishing good governance around an open-source project is to set expectations regarding missions, values, and scope to avoid confusion.
Obviously, aspects related to documentation, procedures, and the community are just as important for good governance.
It’s also essential to remember the leadership dimension or notions of diversity, equity, and inclusion which are only part of a non-exhaustive list for good governance.
As you will have understood, the governance of a project is transversal and affects many aspects. Finally, it is interesting to note that the process of graduating a project within the CNCF imposes a more advanced mastery of its governance as the project becomes more mature. A good thing, in my opinion, which summarizes well that the evolution of an open-source project does not only happen via the tech side!
Finally, I particularly liked the last session, since it’s a subject that I find very engaging (unlike most people!) - it’s documentation! In this talk, several recommendations were made by Celeste Horgan and what interested me the most were the recommendations by "size" of projects. A summary?
Good advice, which made me want to learn more about contributing to the documentation of OSS (open-source) projects!
And that's it for this first summary of KubeCon + CloudNativeCon EU 2022! As always, you can find me on Twitter, where I often "live-tweet" events I attend. Did you attend any of the sessions this year? Which ones were your favorite?