Day 2 here at KubeCon + CloudNativeCon Europe 2022 has a lot to offer, with the overall themes being Software Supply chain and Shifting Security left. The keynotes on day 2 strengthened these themes. Here’s a quick synopsis of each one.
May 19, 2022:
Shane Lawrence from Spotify spoke about securing the software program supply chain. We looked at how traditional defensive techniques can be applied in the cloud using tools like voucher and a grafeas implementation and how together they can give you control over the software that runs in your clusters. Taking into account the varied vulnerabilities that exist each time we set up a bundle or dependency. How can we measure the combination of danger possibly in our software program dependencies? Also shared was a method to confirm your provider chain is thru the SBOM (Software Bill of Materials), composed of instruments and requirements corresponding to CycloneDX, Trivy, and Cosign. One other framework tackling the software program provider chain is SLSA (Security framework to ensure software supply chain integrity).
Stephen Augustus from Cisco gave a short talk with tips on how to begin your cloud native journey by sharing info about SiG ContribEx (Contributor Experience Special Interest Group) and TAG ContribStrat (CNCF Technical Advisory Group on Contributor Strategy). Moving on from learning to contributing, he mentioned there are a large number of ways to take action, together with the Open Supply Software program Safety Mobilization Plan from the Open Source Security Foundation (OpenSSF).
Ricardo Rocha from CERN gave us insight into his expertise implementing HPC in a cloud native way. It was an interesting overview of the CERN use case and the way Kubernetes is used to handle its particular wants for high-throughput computing.
now onto the exciting things for me the sessions of the day:
In the talk Sharing Knowledge: Writing Good Docs for Quick Approval Jared Bhatti shared his experience leading Kubernetes SIG Docs from 2016 to 2020, by walking developers through best practices for creating inclusive, accessible, high quality documentation in pull requests designed for quick approval. This demonstration included how to structure documentation using content templates, write with clarity and technical accuracy, and avoid common pitfalls that trap PRs in prolonged reviews.
In the talk Cloud Native Mentorship: Tips for Being a Great Mentor to CNCF Students Lucas Servén Marín discussed challenges, successes, and lucky breaks he experienced through two years of non-stop mentorship as a maintainer of Thanos. Based on these lessons, he provided concrete strategies and tips that Thanos mentors and mentees have leveraged to communicate effectively and to meet the community’s goals
In the Talk Cilium: Welcome, Vision and Updates Thomas Graf, Liz Rice and Laurent Bernaille Introduce Cilium and give a brief overview on the origin and vision of the CNI / Service mesh, and roundtable to discuss the beta for servicemesh as well as talk about the upcoming roadmap for cilium.
In the talk Scaling K8s Nodes Without Breaking the Bank or Your Sanity – Brandon Wagner & Nick Tran from Amazon gave a talk on how to best utilize spot capacity to reduce cost, and shared some interesting best practices, as well as showed off tools like karpenter
In the talk Emissary + Linkerd: A Guide to End-to-end Encryption for your Cluster – Flynn from Ambassador Labs & Jason Morgan from Buoyant show the painless way to get four CNCF projects (Emissary, Linkerd, Kubernetes, and Envoy) running smoothly together to provide end-to-end encryption for application calls. They’ll guide you through the best practices for using Linkerd and Emissary to give you capabilities like advanced L7 routing, in-cluster mTLS, embedded authentication, rate limiting, and much more. They’ll take you on a tour of each project and show you how they complement each other and make a great addition to your Kubernetes stack. Finally, they’ll introduce a reference architecture for running Linkerd and Emissary together and walk you through how to implement it in practice.
Stay tuned for part 3.