KubeCon + CloudNativeCon Europe 2023, Amsterdam, Netherlands – Was KubeCon Europe the biggest open-source conference ever, with over 12,000 attendees squeezing into Amsterdam's RAI Convention Center? Maybe, Maybe not. Earlier FOSDEM conferences may have taken that crown.
But, one thing certainly was underlined by this show: Kubernetes, the be-all and end-all of container orchestration, is the beating heart of cloud-native computing.
Here's a run down of the five biggest trends at the show.
1. Demand for cloud-native experts is red-hot.
How important is it? Well, I did my own unscientific survey of the over 100 exhibitions on the trade show floor, and 100% of the companies represented were hiring. This ranged from top Fortune 50 businesses such as IBM, Microsoft, and Amazon Web Services (AWS) to wet-behind-the-ear startups.
Yes, I know the headlines are full of this tech giant or that one laying people off for fear of a recession. Let me tell you, though, if you're a Kubernetes expert, you can get a new job just by snapping your fingers.
People know it too. Over half of the attendees were there for their first KubeCon. Of those, most were there to learn more about Kubernetes as fast as they could.
SUSE, the top European Linux company, which is transforming itself into a cloud power with Rancher, announced at the show that it was reopening its Rancher Academy, its online Kubernetes training site. It had no sooner opened than it was overrun with would-be students. SUSE wasn't the only one with an education announcement. KubeCampus.io is also offering new free Kubernetes training opportunities and hands-on labs.
The demand for cloud-native programmers, DevOps, security experts and administrators is hotter than hot.
2. Kubernetes 1.27
One reason why the demand is so remarkable is that cloud-native computing is in a state of constant, rapid evolution. For example, Kubernetes 1.27, the latest version, was out before KubeCon. It included numerous changes of which experts say two of which will matter to anyone doing serious work with Kubernetes.
First, the new community-owned image registry, registry.k8s.io, has replaced the old image registry, k8s.gcr.io. This older one will be frozen. After this, no further images for Kubernetes and related sub-projects will be published to the old registry.
For more on what this means in practice, be sure to check out k8s.gcr.io Redirect to registry.k8s.io — What You Need to Know.
The other major change is SeccompDefault is now stable. What that means is your Kubernetes containers will now default to seccomp. This Linux kernel feature restricts executable processes to a small number of system calls. In the long run, this means your containers will be more secure. In the short run, you'll need to give more thought to what security calls your container should be allowed before deploying them.
3. Better security through automation
Every company working with cloud-native computing agrees that there's nothing like enough qualified security staff. Or, to be honest, while they'd love to find security experts, they're turning most of their attention to security tools such as software bills of material (SBOM) and supply-chain levels for aoftware artifacts, (SLSA pronounced "salsa").
Why? Because the hope is that with these tools, they can make securing the software supply chain much easier by building security into the continuous integration and delivery (CICD) pipeline. In particular, Slim.AI's new automated container hardening service runs containers, through its existing test suite and then automatically removes unneeded files. The logic here is that the fewer files, the smaller the possible attack surface, and, thus, a more secure container. This is simple and effective.
Other newly introduced programs, such as Logz.io adding critical security scanning to its Kubernetes 360 unified observability program, also add more security tools to the Kubernetes tool belt.
The ultimate name of the game is increasing developer velocity.
"With all of these technologies, enterprises are now able to build loosely-coupled systems and are able to go to the market much faster," said Aparna Subramanian, Shopify’s director of production engineering for infrastructure and KubeCon Europe co-chair.
4. SLSA 1.0
Speaking of SLSA, the stable release of SLSA v1.0 is a significant milestone in bolstering software supply chain security, noted Brian Behlendorf, the Open Source Security Foundation (OpenSSF) general manager. By providing organizations with essential tools, SLSA enhances the software development process and protects it from supply chain attacks. It provides developers with "the tools they need to protect their software," he said.
Specifically, SLSA 1.0 give developers:
- A common vocabulary to talk about software supply chain security.
- A way to assess your upstream dependencies by evaluating the trustworthiness of the artifacts you consume, such as source code, builds, and container images.
- An actionable checklist to improve your own software’s security.
- A way to measure your efforts toward compliance with forthcoming Executive Order standards in the secure software development framework (SSDF).
This is a big deal. “In development, you can’t optimize what you can’t measure, and this is why SLSA is exciting; it provides auditable data, in machine-readable form," said Scott Robertson, CTO at cloud development and security company ActiveState.
5. Generative AI and the cloud
You could no more talk about generative artificial intelligence (AI) programs such as ChatGPT at KubeCOn than you can anywhere else.
Some people, think "the hot topic in the industry right now is AI and really the application of AI to native technology. A lot of nascent tools and the tooling around the ecosystem are already quickly evolving," said Lachie Evenson, Microsoft Azure Core principal product manager.
"For example, I've seen projects out there. There's something called Kube control AI, where somebody has actually gone and integrated some tooling that interacts with Kubernetes. So you can use natural language to say, hey, I want to spin up a workload that looks like this using your natural language and it will actually generate the entire manifest on your behalf," he said.
However, many experts at the show urged the familiar caution when it comes to AI, and are still trying to work out what it will mean for cloud-native computing, including Guillaume Savage De Saint-Marc, VP, of new technology engineering at Cisco. He noted that while AI is "going to accelerate our technologies and help use them at a bigger scale. We need to be mindful about how we use it responsibly and in an ethical way."
We will likely find out more at the next KubeCon in Chicago this November. By then we may have a better idea of where AI and Kuernets will take us next.
Want to learn more about data strategies for the cloud? Register for our Cloud Data Center Strategies virtual event here.