Last week it was time again – the KubeCon + CloudNativeCon Europe in London was on the agenda! As in previous years, NETWAYS Managed Services was there again with some colleagues – not least because our membership in the CNCF was officially announced. You can find out everything else here in our KubeCon London Review.
The official figures had already led us to expect an even bigger edition of the CNCF’s flagship conference, and that’s exactly how it turned out on site: Around 12,500 Kubernetes enthusiasts gathered in the huge ExCel London to listen to numerous contributions from the 650 speakers and talk shop with each other. And then there were the stands of the 215 sponsors to find out about new products, solutions and trends in the cloud-native environment.
We have summarized the most important information and news here together with our favorite articles in our KubeCon London Review.
Day 1 – NETWAYS at the CNCF and NeoNephos announcement
After arriving in London on Tuesday afternoon, we made our way to ExCel London on Wednesday morning – the first round of keynotes was on the agenda. Of course, we were particularly excited to welcome the new members to the CNCF.
Together with companies such as UBS and T-Systems, we joined the CNCF as Silver Members a few months ago – we are looking forward to working in the CNCF!
Also during the keynotes, the European cooperation project NeoNephos was presented by SAP’s Chief Architect for Cloud Native Strategy Vasu Chandrasekhara. The aim of the project, which is funded by the IPCEI-CIS EU initiative, is to create a secure, scalable and transparent cloud platform in the spirit of European data sovereignty.
NeoNephos means something like new cloud and is intended to create an alternative to the US hyperscalers. More information on the project can be found at neonephos.org.
The keynote speech Rust in the Linux Kernel: A New Era for Cloud Computing by Greg Kroah-Hartman, responsible for the stable releases of the Linux kernel, was also insightful and focused primarily on the guarantees that Rust can provide in contrast to C and what this means for Linux kernel development in the medium and long term.
Afterwards we went into the first talks – for us the most important ones were Day 2000 – Migration from kubeadm+Ansible to ClusterAPI+Talos: A Swiss Bank’s Journey stood out. The live migration of 35 clusters in an airgapped environment with all its technical difficulties gave an interesting insight into what can go wrong when migrating a larger platform and how to counteract this.
The project update for Open Telemetry (OTel), presented by Daniel Gomez Blanco, Severin Neumann, Alolita Sharma, Trask Stalnaker and Pablo Baeyens, once again had a lot of new things to offer. In general, Open Telemetry was once again an omnipresent topic at this KubeCon, including the project pavilion in the middle of the Diamond sponsors – and packed to the rafters!
After a lively first day of the conference, we ended the evening with music and drinks – karaoke was on the program!
Day 2: Shared GPUs at CERN and secure gateways with Envoy
On the following day of the conference, we got back into the thick of things, and the second day of the conference also had some highlights to offer. In her presentation GPU Sharing at CERN: Cutting the Cake Without Losing a Slice, Diana Gaponcic presented how the research facility maximizes the use of its GPUs for simulations and machine learning. Keywords included various sharing approaches such as time sharing, MPS and MIG, as well as Dynamic Resource Allocation (DRA), a newer feature in Kubernetes that had already been addressed in a keynote speech by Google on the first day.
For us as platform operators, the talk Securing the Gateway: A Deep Dive Into Envoy Gateway’s Advanced Security Policy by Huabing Zhao was also interesting. The movement in the Kubernetes ecosystem is increasingly moving away from the well-known Ingress API towards the newer standard Gateway API, so it is definitely time to take a detailed look at topics such as introduction, implementation, migration and security. For the last aspect, the article provided valuable insights into Envoy’s implementation of the Gateway API, its CRDs and further features.
But back to observability – here we looked at the post Pushing the Limits of Prometheus at Etsy by Chris Leavoy and Brian Boreham, in which they presented how a single Prometheus instance (and 128 CPU cores or 4TB RAM) at Etsy processes 500 million metrics.
In addition to Prometheus-specific information and starting points for tuning and scaling, there were also some more general points about scaling, operating and troubleshooting complex systems.
After another successful day, we opted for the KubeClash in the evening from the plethora of sponsor parties taking place, and what can we say – the decision was spot on. With gin and tonics, burger bites and either punk rock from the loudspeakers or a fantastic live band, it was great fun!
Day 3: Container security from runtimes to images
Our last day at KubeCon was also our return day, so we had to make the most of the last few hours! On Friday, the range of talks, workshops and panels was still very strong, so it was quite difficult to make a choice, but in the end we decided to attend the presentation Container Runtimes… on Lockdown: The Hidden Costs of Multi-tenant Workloads by Lewis Denham-Perry and Caleb Woodbine, in which they discussed the status quo in terms of container runtimes, their functionalities, security measures and the associated performance differences.
This was followed directly by another talk on container security, this time on the side of container images:Enhancing Software Composition Analysis Resilience Against Container Image Obfuscation by Agathe Blaise and Jacopo Bufalino was a very academic talk on the analysis and identification of various methods forobfuscating software contained in container images.
After a subsequent analysis of available security scanners such as Trivy (all of which struggled with some of the methods identified), there was a final thought-provoking question: How to find a good balance between minimum size and maximum security when creating container images, which goes hand in hand with storing metadata etc. in the image?
Our KubeCon London Review – summarized
As we always see our trips to KubeCon as a team-building experience, we have to focus on two points in our conclusion: The opportunities to (get to) learn new things and the fun surrounding it. Either way, this KubeCon was a complete success!
A well-organized venue, too many interesting and well-presented talks to even watch them all (we’re still struggling through YouTube playlists afterwards), and from mini golf and pickleball at KubeCon to the sponsor parties, more than enough opportunities to have fun as a team – a great week!
In general, topics such as AI, LLMs and open telemetry can no longer be ignored, and we will use the coming weeks and months to make further progress in these areas, which will be impressive – stay tuned!
We hope that our KubeCon London review has given you a brief insight into what happened last week in terms of Cloud Native and Kubernetes, maybe you’ll even take a look at some of the linked articles. It’s back to business for us now: Back to business, and see you next year in Amsterdam, KubeCon!
0 Comments