Welcome to the second in our 3-part series from Valencia, Spain where we’re present at the latest edition of KubeCon CloudNativeCon Europe 2022. In this blog, we’ll bring to you the happenings from Wednesday 18th May, day 2 of the event.
Day 2 began with the keynotes in the huge central hall, and from the outset was quite tech-heavy. The opening keynote by KubeCon co-chair Jasmine James shared updates on the Kubernetes project from the SIGs (Special Interest Groups) which are teams within the Kubernetes project working on different aspects such as SIG Node, SIG Security, SIG Release, and so on. Dave Zolotusky of Spotify and Katie Gamanji of Apple broke down how the CNCF projects function and are structured in a way that is self-sustainable. Apart from the SIGs and WGs (Working Groups), we also learned about TAGs (Technical Advisory Groups) that provide technical guidance across a cross-section of projects in the CNCF landscape pertaining to specific domains.
Supply chain security was a major theme. Keynote by Shane Lawrence of Shopify discussed lessons learned in protecting millions of businesses and how traditional defence techniques can be applied in the cloud. Ricardo Rocha of CERN in his keynote showed us a live demo of how resources are shared quickly across nodes of thousands of batch computing jobs, a system leveraged for High-Performance Computing at CERN.
One of the big announcements was the release of the CNCF Cloud Native Maturity model. The Cartografos Working Group which has been working on this over the past year shared in a breakout session on how organizations can practically use this model for guidance. The maturity model includes 5 levels each one covering people, process, policy and technology, and are broken out by key themes.
One of the overarching themes of this Kubecon was cloud-native security, and this was also the topic of the session “Threat modeling Kubernetes” by Lewis Denham. The talk was a primer on threat modeling cloud-native systems, understanding adversarial techniques and preventative measures, and helping security and engineering teams increase the security and velocity of system delivery. One of the things that is already on our agenda for when we’re back from Kubecon is doing a threat model exercise with our colleagues back in Devoteam Netherlands.
Almost every session or talk we attended today included a call for new contributors. There are many ways to contribute, and it is not necessary that one needs to write code in order to do that. SIG ContribEx has been suggested as a great place to get started.
KubeCon day 2 was definitely not just all tech. Late afternoon we were ferried to the KubeCon all-attendee party at the 17th century Masia Aldamar, which used to be historically an inn between Madrid and Valencia. The rest of the evening was spent connecting with friends, old and new, and enjoyed with food, drinks, and live music.
See you tomorrow with our last update from KubeCon!