KubeCon is the Cloud Native Computing Foundation’s flagship conference around the projects which compose the constantly growing cloud native landscape.
This year the European edition was held in Amsterdam and gathered over 10.000 attendees, being the largest open-source conference in Europe which demonstrates the level of interest in one of the largest open-source ecosystems (159 projects, 1.300 maintainers, 200K contributors, +52.000 community group members, 406 group chapters, 805 member organizations).
I was privileged to be among those attendees and although it could be difficult to choose the key topics from the vast amount of available content, here are my opinionated KubeCon Europe 2023 key takeaways, which are obviously biased by my personal areas of interest.
WebAssemby, aka Wasm, continues to attract interest and was represented during KubeCon with a number of sessions and even a dedicated co-located event, the Cloud Native Wasm Day.
Wasm is a specification of a binary instruction format, designed as a portable compilation target for executing high-performance code. It allows to developers to write code in languages like C, C++, Java, JavaScript or Rust and compile it into a binary format that can be executed by one of the available runtimes, promoting portability and a near-native performance speed.
The resulting optimized runtime presents multiple advantages such as the size compared to typical LXC images (about 1/100), faster startup time, performance, portability, or the security derived from the reduced attack surface. And different uses cases were presented during the KubeCon which take advantage of these features:
It is worth noting that Wasm is still a young technology, with limitations in areas such as the availability of common libraries, the multi-threading programming model, or the development tooling, but the community is actively working to enhance the capabilities and interoperability of WebAssembly.
Service Meshes are one of the core components of a cloud-native architecture, managing common concerns in a service-to-service communication such as security, observability, service discovery or reliability. They have traditionally been based on sidecar proxies intercepting the inbound and outbound traffic as the mechanism for extending the network capabilities, but during KubeCon many sessions discussed current use of sidecars and/or proxies.
First the irruption of eBPF has opened new possibilities. It allows to run custom programs in the kernel space which can intercept and analyse network packets, system calls, and various kernel events. Compared with traditional proxies, the use of eBPF is much more efficient as it avoids data transfers from kernel to user space and minimises context switches. Networking solutions based on eBPF such as Cilium are extending their capabilities, overlapping with the space traditionally occupied by classic service meshes, although with focus on L4 networking capabilities. These solutions include support for complex scenarios such as multi-cluster or multi/hybrid cloud networking.
Meanwhile, Istio introduced Ambient Mesh as a new sidecar-less data plane option which separates the network capabilities into two layers: the L4 overlay layer and the L7 waypoint proxy layer, which enables a progressive adoption of the mesh features. While the Secure Overlay Layers leverages a CNI plug-in and a component called ztunnel, the L7 is implemented with waypoint proxies deployed per workload identity (represented per service accounts in Kubernetes).
Actually, some sessions at KubeCon were devoted to the topic of considering different level of granularity of proxies within a Service Mesh, not as sidecars but as shared proxies per node or per service account, as a mechanism for mitigating sidecar drawbacks.
Undoubtedly, the Service Mesh scenario is evolving and it’s likely that in the future multiple implementation option will be available, suitable for different use cases. And sidecar approach will remain among them as an approach suitable for cases where performance or compliance are critical.
Platform Engineering is a current industry hot topic, and Developer Portals received important attention during KubeCon as one of the fundamental elements for implementing it. From a technical perspective, Backstage seems the main reference for implementing developer portals at the moment and allows to create portals built around the definition of a centralised resource catalogue. The components within the catalogue are created from a set of available templates, which can be customized in aspects such as the required parameters or the actions to be executed on instantiation.
From a functional standpoint, the different sessions presented the different benefits derived from having a developer portal, such as the reduction of the cognitive load on developers, security by default, the agility associated with a self-service model, or compliance assurance in regulated environments.
A relevant non-technical topic of debate during KubeCon has been the European Union’s Cyber Resilience Act (CRA) legislation currently under elaboration and the potential impact on open-source use in Europe. The regulation aims to address the security across the software supply chain but as it is drafted it could load liability and risk onto open source maintainers and distributors.
As a consequence, maintainers and distributors could prevent the distribution of open source code in Europe to avoid liabilities, isolating Europe from the open source innovation space.
The topic deserved some dedicated attention during the KubeCon and was introduced during one of the Keynotes, where the Head of the Linux Foundation in Europe called on the community to take action. More details can be found in https://linuxfoundation.eu/cyber-resilience-act
As a conclusion, the elaboration of CRA regulation demands a close look as may have a huge impact on the use of open source in Europe.
ifgeekthen.nttdata.com es un blog del grupo NTT DATA. Un proyecto que busca compartir con profesionales del mundo digital temas relacionados con la tecnología y el universo geek.
