Olga Lugai shares her key takeaways from her virtual visit to KubeCon 2020.

KubeCon, the Cloud Native Computing Foundation (CNCF)’s flagship four-day conference, has gathered the open source and cloud native communities from all over the world for a virtual event. Between 17th and 20th November 2020 all attendees could access a conference online platform with a range of insightful talks, workshops, tutorials, sponsor events, and even games and quizzes.

It was a great opportunity for everyone involved or interested in the open-source community to gather virtually and connect with each other from the comfort of their homes. The news on the CNCF graduated and incubating projects, new approaches to the cloud-native development and operations, end-user stories, and much more were discussed during these four days.

Attending a virtual event felt unusual: all conversations and applause moved to the Slack channels, networking to Virtual Happy Hour sessions lead by Priyanka Sharma, General Manager of CNCF, and the presentations on a stage were replaced by the pre-recorded videos and the live QnA sessions.

It seemed difficult to keep up with the development of new tools as the cloud native landscape is rapidly growing. However, the KubeCon presenters did not leave the attendees to deal with these complexities on their own. I recommend watching “A Flight Over the Cloud Native Landscape” presented by Carson Anderson. Carson goes through most of the projects which shape the current cloud-native landscape. The KubeCon presentation recordings are now available on the CNCF Youtube Channel.

I grouped my key takeaways into five topics:

Increased focus on security

  • If you are interested in the recent developments of cloud native security, follow the CNCF’s Special Interest Group for Security. It aims to create an ecosystem of tools for building secure cloud native applications and makes the security assessments of CNCF projects. You can read more about their work on their Github page and even join them in their efforts.
  • Get certified: CNCF launched the new “Certified Kubernetes Security Specialist” exam. It was created as a response to the development of best security practices for cloud native systems and a need to develop a baseline for security-focused skills. 
  • If you need to enable security alerting, check Falco, the first runtime security project to be promoted to the CNCF incubation level. It will notify you if there are unexpected changes in the system and any rule violations.
  • How to ensure your system is secure? To answer this question the community members created the Attacking and Defending Kubernetes Clusters: A Guided Tour Walkthrough Guide, which was presented at KubeCon last year. Learn about the techniques an attacker might use and the ways you can protect your system. As one presenter concluded on KubeCon, the fastest way to identify security flaws in your system is to look at your system as an attacker and predict the worst scenarios when, for instance, a container gets compromised.

GitOps Practices

  • Do you want to see your environment changing in response to updates to your repo or even your Google Spreadsheets? If yes, then explore what GitOps has to offer. The projects like Argo, with its visualization capabilities, or Flux, allow applying the changes to the clusters automatically. By approving a Pull Request with a configuration change, you can see a cluster being updated without having to do any extra steps.
  • GitOps helps to track the state of all clusters, ensures consistency across all environments, and allows you to revert to a previous state of a cluster by referencing a working version of your code. Any drift from the desired state will force the system to get updated without requiring any manual intervention. To learn about the GitOps technique, watch the KubeCon presentation by Cornelia Davis, CTO at WeaveWorks.
  • And what about Google Spreadsheets? Katie Gamanji calls this approach SheetOps: you can connect your Google Spreadsheets to a cluster and by editing the values in the sheet, trigger the changes in your environment. Try it yourself using the code GitHub repo.

Extend kubectl capabilities

  • How? By using plugins. For example, kubetail can help you to aggregate logs from multiple pods, kubectl ns easily changes kubernetes namespace and kubectx switches the context. To manage plugins you can use Krew.

Configuration Management

  • You might have already used Helm which allows you to write the reusable Helm Charts, but what about reusing your code for different environments? And to do so without using templates? Kustomize enables you to reference multiple customized objects from different sources and create overlays by adding specific configuration files for each environment. For more examples of using templates and overlays check a blog post on JFrog.
  • Abstraction – tools like Pulumi, cdk8s, and also Helm can create the abstractions of Kubernetes objects using programming languages. However, you should find the right balance between abstracting Kuberentes objects and letting developers configure everything themselves. For example, abstractions allow you to control the standards across the organization, but they can also “hide” what is causing an issue with your Kubernetes objects. 

End User Stories

  • The importance of connecting with the end-users and getting their feedback was certainly a focus of the whole conference. When discussing a release of the new Helm version, Helm maintainers agreed that listening to an end user and understanding their concerns and issues is central to their commitment to continually iterate.
  • We all break things, and Airbnb developers, Joseph Kim and Jian Cheung, are not afraid to admit that and share their experience of breaking their clusters. Be ready to scale vertically, use init containers, be aware of other processes that are running on your pods and adjust the limits accordingly, have good error handling and alerts for the infrastructure issues, be aware of k8s apply ordering – it is only a part of the lessons learned in their team. You can watch their presentation here

Breaking things happens to all of us, but why not learn from the mistakes of others> Especially when such a big event as KubeCon gives us this opportunity!

No matter where you were, no matter which particular interests you had – we all could benefit from the informative and insightful content that KubeCon had to offer. The CNCF projects are always maturing, new tools are being introduced, and as this vast cloud-native landscape is growing so are our opportunities in this innovative cloud-native world! So keep an eye on the new cloud-native events!

Explore How Kubernetes Can Help Your Business Modernize

Our Kubernetes Launchpad is a high-impact solution that helps enterprise teams quickly experience the benefits of cloud-native application development by rapidly deploying a DevOps platform and re-platforming an application on your chosen Cloud platform: AWS, GCP or Azure.