Table of Contents
KubeCon + CloudNativeCon Europe 2023 was held in Amsterdam, The Netherlands, from April 19-21. The RAI Convention Center was the venue, and the event sold out at 10,000 registrations. I was told there was a waitlist of 2,000 more people who wanted to attend, which is a very impressive number. It’s been great to see the crowds growing since the in-person KubeCons resumed.
This was my first time visiting Amsterdam, and it’s a lovely city. I arrived the weekend before the conference to attend Cloud Native Rejekts, which is a much smaller event but had a great lineup of talks.
While I had a great time at the conference, my jet lag this time around was pretty brutal. I think it happened partly because I arrived in the morning and took a nap that first afternoon after I was able to check into the hotel. I ended up in a pattern of only sleeping a few hours at night and being too tired to function without a nap the next day. One night I slept zero minutes; I just tossed and turned for eight hours. So, I didn’t end up exploring Amsterdam as much as I would have liked, although I did see a bit more the second weekend.
I’ll share some thoughts about the talks I saw at the conference. The videos for the talks haven’t been posted yet, but they should arrive on the CNCF YouTube channel in the next few weeks. So if something sounds interesting to you, check their channel later for the videos.
Note: In the past, these wrapup posts have relied pretty heavily on embedded tweets from Twitter. I’m beyond disenchanted with that service, but I didn’t have a better option yet, so we’ll go with tweets again this time. But follow me on Bluesky if you have an invite and/or LinkedIn, and I’ll try something different for Chicago.
Day 1 - Wednesday
Keynotes
There was a brief video from Priyanka Sharma, who could not attend the conference. Chris Aniszczyk stepped in after and did the live opening of the show.
There were some cool metrics about the growth of the community. 58% of the attendees were at their first KubeCon, which was wild. It’s been great seeing so many new people still joining us.
Perhaps the biggest announcement was that KubeCon EU will take place in Paris next year, which made me very happy to hear. I’ve never been to Paris, and I hope I’ll be able to attend. I haven’t taken PTO the last couple of KubeCon EUs, but I could see hanging out in Paris before or after the conference.
I had a chat with Chris later in the conference where he mentioned that they booked the KubeCon Chicago venue a couple of years ago and that they would pick a bigger venue if they were doing it today. He’s expecting another sellout, so if you are planning to attend, make sure to register early.
Another big focus of the keynotes was lots of info about end-users, companies that are Kubernetes users, not vendors. This segment and the panel that followed were presented by Taylor Dolezal, who is largely known for one thing:
{{< single-tweet 1648592176526553088 >}}
It’s always great to hear from him.
Oh and thank you to the CNCF for listening to the feedback from me and others about labeling the sponsored keynotes in the schedule.
{{< single-tweet 1648588778813140992 >}}
There was also a great talk from Dawn Foster, who is a real expert at the care and feeding of open source communities. She mentioned a big catch-22 in open source.
{{< single-tweet 1648602479360356352 >}}
How We Securely Scaled Multi-Tenancy with VCluster, Crossplane, and Argo CD - Ilia Medvedev & Kostis Kapelonis, Codefresh
This was a very interesting talk about how Codefresh uses vcluster, Argo CD, and Crossplane to provide isolated sandboxes in shared clusters for their users. I work at the company that created vcluster (Loft Labs) and I’ve been working with the project since it launched, and it’s been great to see so many people talking about it. Kubernetes multi-tenancy is very challenging, and in a scenario like Codefresh’s you just can’t afford to hand every user a cluster.
I had the opportunity to review the slides ahead of the talk but I was still impressed while watching with how thorough and well-explained it was.
{{< single-tweet 1648629187190702082 >}}
There were a lot of great questions about vcluster after the talk too. If you aren’t familiar with virtual Kubernetes clusters and vcluster, it’s become a pretty hot topic in cloud native, and this talk would be a good introduction.
Choose Your Own Adventure: The Treacherous Trek to Development - Whitney Lee, VMware & Viktor Farcic, Upbound
I’m honestly not sure I can describe this talk, and I mean that in the best way. Whitney and Viktor are two of my favorite people in the community, and they host a YouTube stream called You Choose, where they are building a demo of a Kubernetes development workflow. The idea is that they take steps along the path between having code for an app and deploying it to production, and at each step the audience chooses one of several tools to include in the demo.
This talk was basically the same thing but done live in front of an audience. Whitney described all of the projects and the audience voted, and then Viktor added each one to his live demo. I was very impressed with how well Whitney described the many CNCF projects used and with no notes. And Viktor is super skilled technically and very funny.
{{< single-tweet 1648666819585011717 >}}
When Whitney told me they would be doing this process live, I didn’t know if they’d be able to pull it off. Seeing it come together live was amazing. Watch this video when you can if you like some cloud native daredevil stunts, and check out their YouTube stream.
KubeCrawl + CloudNativeFest
This KubeCon, the organizers combined the evening event with the normal booth crawl instead of having an evening party at a different venue. I thought it was a pretty good call. I was able to run into some friends there, including this guy:
{{< single-tweet 1648754039935627265 >}}
Kelsey’s one of my favorite people and it’s always great to catch up with him. We’re both from Portland so I’ve seen him speak at small meetups and events over the years that most people wouldn’t have heard of, as well as bumping into him at some random places, like seeing him and his daughter at Rose City Comic Con one year. He’s always been super generous to me with his advice, which I appreciate.
Another highlight of the day was meeting a lot of the Loft Labs team in person. We were up to 25 people at the conference. My first KubeCon with the company was at Los Angeles in 2021 and there were only 4 of us. I really like working remote but the opportunity to meet people in person and get to know them outside of work is one of the keys to making remote work effective, for me. I think this was a really good conference for our team.
Day 2 - Thursday
I was moving very slowly Thursday morning and missed the keynotes entirely. I’m a big fan of Nikhita Raghunath, who has contributed a lot to the cloud native community, so I’ll have to go back and watch the video of her talk when it’s available.
From Community to Customers - Kelsey Hightower, Google Cloud
If I could pick one talk from this conference to have people watch, this would be it. I’ve already ranted about how much I like Kelsey, but this was a unique session even for him. He did 90 minutes of Q&A with the audience around open source and topics like the downsides of the VC funding model for businesses. No slides, no notes, just pure Kelsey. It was jammed with quotable bits and I had trouble keeping up while I live-tweeted it. Rather than show you a single tweet, let me point you to my Twitter thread about it to tide you over until the video is posted.
Thank you, Kelsey, for sharing your opinions and experience with us. I’m glad I was able to be in the room.
Using DevSpace to Usher in an Era of Peace for Our Developers - Rajsimman Ravichandiran, Independent
This was a talk about another tool we created at Loft Labs called DevSpace, which is now in the CNCF Sandbox. DevSpace lets a team define their development workflow in a YAML file, which has a lot of the same benefits of Infrastructure as Code (transparency, onboarding, knowing the configuration isn’t stale because it’s constantly used, etc.). Other tools in this space include Tilt and Skaffold, but they are not currently in the CNCF.
Raj did a great job explaining how the platform team he was on at Ada worked with the devs to improve their workflow and happiness. He described the teams' problems and how the new approach helped.
{{< single-tweet 1649044665880965120 >}}
If you have teams developing apps that run in Kubernetes clusters, this talk may help you avoid some pain.
Secure Your Project with the SIG Release Supply Chain Kit - Adolfo García Veytia & Carlos Panato, Chainguard
If you have followed me for a while you have probably heard me talk about my love for the Kubernetes SIG-Release team. Release management tends to be pretty thankless work, but it’s very important. I also have a lot of love specifically for Adolfo and Carlos, who are both super kind people. So I added this to my schedule early.
The talk was an update on what they’ve been building for the Kubernetes software supply chain, including signing artifacts and SBOMs. They’ve also built some GitHub Actions around the tools that they’ve shared with the community. It sounds like some other projects like PlanetScale are adopting the tooling too, which is very cool.
This talk should be great for folks interested in software supply chain security, which has rightfully become a huge topic in open source.
Day 3 - Friday
Keynotes
I was a bit preoccupied during the Friday keynotes as my own talk was about to happen, but the big highlight for me was KubeCon co-chair Frederick Kautz’s talk about zero trust. I’ve had similar feelings towards that phrase as I have towards discussions about immutable infrastructure, that those things don’t really exist in the purest sense. It was nice to hear that addressed.
{{< single-tweet 1649312547009339394 >}}
I definitely recommend catching this talk if you weren’t there, as security impacts us all.
Build Your Own Path in the Cloud Native Ecosystem - Rich Burroughs, Loft Labs & Kaslin Fields, Google
My talk with the wonderful Kaslin Fields was a lot of fun. We had some AV problems at first that were a little awkward, but thankfully the team there got things working for us pretty quickly.
I created a podcast called Kube Cuddle in 2020 where I interviewed folks from the Kubernetes community, and Kaslin is co-host of the Kubernetes Podcast from Google. Our talk was on the student track, and the idea was to share things we’ve learned from the experts we’ve interviewed on the podcasts. We played audio clips from the podcasts (hence the need for the extra AV), and I think it turned out to be a pretty unique session.
I shared clips including Joe Beda talking about scaling early Kubernetes and the creation of SIG Scalability, Kelsey Hightower talking about why he created Kubernetes The Hard Way, and Liz Rice explaining the performance benefits of eBPF and Cilium over normal Kubernetes networking. Clips from Kaslin’s podcast included Leonard Pahlke talking about how he started with open source contributions, Ben Elder talking about being a maintainer and helping users, and Emily Fox speaking about cloud native security.
I was glad to see so many friendly faces in the room, and I want to thank everyone who came out to support us.
{{< single-tweet 1649354514258862080 >}}
Check out the talk when the videos drop, or even better, find our podcasts in your podcast player of choice and subscribe :)
Malicious Compliance: Reflections on Trusting Container Scanners - Ian Coldwater, Independent; Duffie Cooley, Isovalent; Brad Geesaman, Ghost Security; Rory McCune, Datadog
This was the final talk that I attended and it’s another I added to my schedule early on. The SIG Honk crew are four cloud native security experts known for discovering some very interesting vulnerabilities, and this presentation was both entertaining and informative.
There’s been a lot of talk recently about the usefulness of software vulnerability scanners. Rory presented a talk at KubeCon Detroit with Anaïs Urlichs about some of the things to watch out for when using scanners, and this talk seemed to build on those ideas.
The narrative was that the four speakers were a team with a container that they needed to ship, but it was full of vulnerabilities and wouldn’t make it past the Compliance team. The SIG Honk crew built a container that they knew was full of vulnerabilities and then scanned it with four different popular scanning tools, which all detected many problems. Then our heroes in SIG Honk used several techniques to trick the scanners into ignoring the vulnerabilities, to the point where all four scanners detected zero vulnerabilities.
I’m not sure how realistic the scenario itself was, but I know that people attacking software supply chains would love to use these type of techniques to hide their work and cover their tracks. This talk was a good reminder that we need to be careful when we trust tools. Scanners are an important tool, but people using them need to understand how they work and what the risks are in using them. Context is always key.
Aftermath
Our Loft Labs team stayed in Amsterdam for two more days after the conference ended to see some of the city. The highlight for me was a tour of the Rijksmusem, where we saw a Van Gogh and a number of Rembrandts.
{{< single-tweet 1649722411229794304 >}}
{{< single-tweet 1649724671447773188 >}}
I had a long flight home on Monday, and while it was a fantastic trip, I’m happy to be back in my bed and in my time zone.
If you attended the conference, I hope you had a wonderful time. I’m looking forward to hopefully attending both KubeCon Chicago and the EU event in Paris next year. The Kubernetes community is my favorite open source community. It’s always a treat to get to see so many friends and learn some things too.