On the second day of KubeCon, nearly 9,200 attendees had the opportunity to focus on the theme of the day – security – while attending sessions, visiting the Sponsor Showcase, and networking. The mood was upbeat, and the enthusiasm for learning and sharing was real.
Here’s a snapshot of the day.
Keynotes
An update from the End User TAB
Taylor Dolezal, head of ecosystem, kicked off the morning by asking the crowd, “what was your first mountain in this ecosystem?” His first mountain was Kubernetes! He announced the return of CNCF’s Tech Radar service (here’s a look at Tech Radar in 2021), and then introduced the End User Technical Advisory Board. The End User Tab, “the voice of the end user,” shared their 2024 achievements including the publication of multiple reference architectures, integration with LFX Insights, a successful feedback pilot program, and increased end user participation.
Meet the Envoy AI Gateway
Alexa Griffith, senior software engineer with Bloomberg, debuted a new GenAI platform known as Envoy that is a collaborative open source effort between engineers at Bloomberg and Tetrate. The Envoy AI Gateway aims to solve 3 major pain points common to LLMs: different LLM providers require different access patterns, use different ways to manage credentials, and the service-specific models have different needs.
Awards!
Every year the community votes for the top end users based on their contributions and what they’ve achieved. Taylor Dolezal presented this year’s top three winners.
3rd place: Reddit
Supporting millions of daily active users and processing billions of page views monthly, Reddit has demonstrated exceptional implementation of CNCF technologies across their hybrid cloud infrastructure, while actively contributing to core projects and fostering diversity through mentorship programs and scholarships in the cloud native community.
2nd place: Capital One
As the first major U.S. bank to fully transition to the cloud, Capital One has leveraged CNCF projects to revolutionize their financial services infrastructure, contributing the widely-adopted Cloud Custodian to the ecosystem, while achieving remarkable metrics including a two-orders-of-magnitude increase in deployment frequency and a 4x cost reduction in AWS expenses compared to non-Kubernetes alternatives.
1st place: Adobe
Adobe has transformed their massive cloud infrastructure supporting Creative Cloud, Document Cloud, and Experience Cloud through extensive CNCF project adoption, making over 5,160 contributions across 46 different projects, while demonstrating particular technical leadership in Kubernetes implementations and developer experience tooling that powers creative tools used by millions globally.
Chris Aniszczyk presented the Community Awards.
The Top committer/maintainer is Joe Stringer.
The Top Documentarians are Qiming Teng and Haifeng (Michael) Yao.
The Taggie is Nancy Chauhan.
The Chop Wood Carry Water awards – created to represent all work happens behind the scenes in a project – went to Stefan Schimanski, Ali Ok, James Spurin, Priyanka Saggu, Sandeep Kanabar, and William Rizzo.
This year there were also two new awards including the “Lift and Shift” awards, relating to work done for Kubernetes. The winners are: Tim Hockin, Aaron Crickenberger, Ben Elder, Amaud Meukam, Davanum Srinivas, Mahamed Ali, Ricky Sadowski, Hichelle Shepardson, Koray Oksay, Patryk Przekwas, Marko Mudrinic, Justin Santa Barbara, Cole Wagner, Caleb Woodbine, Hippie Hacker, and Linus Arver.
And the first-ever Lifetime Achievement Award goes to Tim Hockin!
Stop being a software ostrich!
Kubernetes is stable and boring, according to Nikhita Raghunath, principal software engineer at Broadcom. And while that is great, because it means Kubernetes is ubiquitous, it also means attackers are not going to leave things alone. In fact they are only going to get a lot sneakier. So “if you think cloud native is done disrupting things, buckle up, because things are about to get wild,” Raghunath said.
From actually *using* SBOMs to AI bills of materials and quantum computing, security has to be built into every layer so we can truly disrupt cloud native, Raghunath explained.
Open source security is not a spectator sport
Despite what conventional wisdom might tell you, anyone can contribute to security, even if you aren’t an expert or don’t have a PhD. That is the conclusion of Justin Cappos of NYU and Santiago Torres-Arias of Purdue University, who’ve studied cybersecurity extensively and believe the more people who get involved, the better. So for those wanting to learn more about security, they have a number of suggestions including take classes, get hands-on experience, join a security project, or find a group which specializes in security. Their group recommendations include CNCF’s TAG Security Group and Linux Foundation’s OpenSSF.
Announcements
- CNCF Launches Technology Landscape Radar, Reference Architectures to Address Gaps in Cloud Native Ecosystem
- CNCF Presents Top End User Award to Adobe
- Cloud Native Computing Foundation Announces the 2024 Community Awards Winners
- Inside Argo: a new documentary on the tool simplifying Kubernetes deployments through automation