I remember the first time I attended a DevOps event, which was only a couple of months back. At the time, I really felt like a trainee, which, at that time, I was. I started at Devoteam in May 2024 in the DevOps traineeship. Coming from a business and management background, I had spent most of my days staring at text documents, PDFs, Gantt charts and what not. Suffice it to say, the jump from that to the Linux terminal and exec into Docker containers was quite the leap. Fortunately, Devoteam provided me with all the tech, tools, and events to make that jump a bit easier.
The First Event: a rookie in the crowd
But going back to that first event…
Picture this—well, you don’t actually know what I look like, but imagine the guy described above sitting in the middle of an auditorium, listening to a Frenchman talk about Kubernetes clusters, network policies, ingresses, pods, and the like. The talk was in English without subtitles, and the slides contained nothing but keywords and AI-generated images. Now, add the fact that I didn’t even know what Docker was at the time. Well, that was me at the start of my DevOps traineeship.
From trainee to confident attendee
Fast forward to today: after passing both the CKA and CKAD exam (on the first try, by the way—kudos to myself), I feel much more confident attending these kinds of talks and events without scratching my head… unless it actually itches. So I did. I attended Dutch Cloud Native Day 2024, or Dutch Cloud Native Half Day to be more precise, since it was only a half-day event.
The event: insights and experiences
I attended the event hosted by the CNCF with a fellow Devoteam co-worker, at the Science Park in Amsterdam. In total, I attended seven talks covering topics like k3s on the edge, securing network flows with Cilium, securing Linux with Kairos, Kubernetes at Buienradar, and everything in between—including the lightning talks. The lightning talks, however, were a bit less exciting this time around. I remember the lightning talks at the previous DevOps event, where the slides would automatically advance every 10 or 15 seconds, but at this event, the speakers were in control of the slides. Nevertheless, the speakers did a good job entertaining and educating the audience in just five minutes each.
The extras: lunch, goodies, and coffee (or lack thereof)
Apart from the talks, there was lunch—and above all, goodies. Oh yeah, and did I score some.
But rather than describing the stickers, chocolates, and screen cleaners I managed to grab (just to name a few), I would actually like to share bits and pieces I remember from all the talks I attended. Just a quick disclaimer: this is in no way accurate to what was presented, and merely a personal interpretation from my own mental snapshots. So, if something seems off, it’s probably me.
Speaking of things that seem off, they only started serving coffee after the first two talks, which was the biggest question I had leaving the event.
Well.
The sessions
How k3s is helping farmers produce single sized apples
The first talk was about a tech company in the agricultural industry called Aurea Imaging. They have a really nice company logo—it looks a bit like a Git branch shaped as a tree, because they are in the apple tree business, kind of.
Aurea Imaging developed an edge device that farmers can put on their tractors. This device helps spray apple trees with some kind of fluid, which is just water and salt (if I remember correctly), to help the apple trees produce apples of a similar size.
Now, the device actually doesn’t directly help grow apples, but it kills the blossoms that would otherwise produce smaller or bigger apples. Apparently, apples of a medium size are sold at the highest price. In fact, just diverging a bit smaller or bigger can cut the price in half from 80 cents per kilogram to 40 cents per kilogram. The more you know.
The device uses camera sensors on each side to scan the apple trees and determine whether and how a tree needs to be sprayed.
Initially, Aurea Imaging ran into some challenges and they had two options: invest time, money, resources, and knowledge into embedded systems with C++ and the like, or use k3s and Python. Since the company already had some experience with Kubernetes and containerisation, they decided to play to their strengths and went with the k3s route.
They also had some other challenges. For example, they could only test during the blossom season, which is hard to time and lasts for only a short period of time. There were also hardware and connectivity challenges, i.e. tractors in the middle of a farm or apple tree yard relying on poor Wi-Fi and GPS connections, to name a few.
But like any good story, they figured it out in the end, and it worked for them. I guess the moral or the lesson of their story is that you can make way with whatever hardware you have. Don’t let the hardware become an obstacle and make do with what’s available. In addition, just start simple and small at first, become very good at the basics, then look at the CNCF landscape that’s available. Often, we are tempted to try everything all at once.
How Cilium prevented an entire province from going viral on the news
The second talk was about securing network flows with Cilium. This particular company called Ilionx is also using Kubernetes for their workflow. They actually used Kubernetes for their own use cases, but then they figured that they could offer this to their clients as well.
In the past, Ilionx relied on Flannel and Calico for their networking needs, but they recently switched to Cilium. I will admit that I totally forgot why they switched, but I do remember they mentioned that there was a thing or perhaps even two or more that Cilium did better or differently than the other CNIs (Container Network Interfaces). Those advantages proved critical in preventing one of their clients from going viral on the news, for all the wrong reasons.
One of their clients, Provincie Overijssel, relies on Ilionx to host their website. This website provides information about the province and typically receives between 90K and 100K visitors per month. Regardless, sometime in March this year, there was a DDoS attack on a dozen of websites, including Provincie Overijssel. At some point, this website had 280 million visitors. Now, I may be wrong about this number or the 90K and 100K visitors, in retrospect, it would make more sense that it’s between 90K and 100K visitors per day, but needless to say, this was a huge spike.
Ilionx of course got alerted. Over the next four days, they did everything they could to fix this, mainly by creating network policies and blacklisting all the IPs that were involved in this DDoS attack. They managed to do so in those four days, and they said that Cilium played a big part in that. As they managed to solve it relatively quickly, they were able to keep the website Provincie Overijssel out of the news.
Fort Kairos
Staying on the topic of security, the third talk was about securing Linux environments in untrusted environments, and the speaker basically referred to edge devices, like the one from the first talk.
He demonstrated how hackers could either boot their own operating system from a USB device or, even worse, manipulate or modify the existing operating system via a USB device. This could result in gaining access to all the data and potential new data from that edge device.
The speaker also said that Windows and MacOS actually have solutions for this, but Linux does not—at least not out of the box. This is where he introduced Kairos OS, which is an immutable vendor neutral Linux distribution that offers security features like secure boot and two other things I don’t remember the names of. In a nutshell, it allows the data on the device to be secure from data theft.
Buienradar and Kubernetes
The fourth and final talk I attended was about Buienradar. I don’t really know what to write, because this was the last talk—the talk after the lightning talks. The speaker gave us a peek behind the scenes at Buienradar, which is running on Kubernetes. They moved from a monolithic architecture, where all their APIs were tightly coupled, to Docker and then to Kubernetes. Now, everything is working wonderfully for them.
We were asked by our seniors to share our personal experience of this event, and initially, my idea was just to hit the record button in my voice memos app during each talk, feed that to Gemini or OpenAI or something similar, and prompt it to write the blog. It made sense from an efficient/effective/productive point of view, but as smart as I am, I told my senior that this is how I’m going to write the blog, which of course I got the reply to not use any AI and instead share our personal experience. Apart from being that smart, I actually am a really honest guy, so this blog was written 100% by me with zero help from AI whatsoever. Was that a good thing, I don’t know. But there you have it.
