Conference overview
KubeCon EU 2022 Summary: Cloud Novices, Golden Paths, and Software Supply Chains
The Ambassador Labs team and I have safely returned from another KubeCon EU, and after a two-year hiatus for many of us, this time we attended in person (with real people in 3D)! It was awesome to catch up with so many of our cloud native friends after only interacting via Zoom or Slack over the past 24 months. We also met many new members of the community and learned a lot from chats at our booth, by attending sessions, and by taking part in the hallway track.
Here are my top takeaways from KubeCon EU 2022:
- The cloud native community continues to grow: Education is vitally important
- Platforms and “golden paths” enable productivity and reduce developer friction
- Developer experience is top of mind for everyone
- Cloud networking: Striving to simplify ingress and service mesh
- Increasing focus on security and the software supply chain
Let’s break these takeaways down into more detail, but before I do, I wanted to thank everyone who responded to my tweet asking about topics of interest!
I’ll also offer a big thank you to all the CNCF organizers, speakers, sponsors, and attendees. With the specter of Covid still looming, this wasn’t necessarily an easy event to organize or participate in.
And I’ll give a big shout-out to all my Ambassador Labs teammates that joined me onsite and also supported our virtual efforts from across the globe. My colleague Edidiong Asikpo has shared her experiences of attending and speaking at her first KubeCon here: “My Cloud Native Developer Diary: KubeCon EU.” It was awesome to meet Edidiong for the first time in person, and she aced her talk!
The cloud native community continues to grow: Education is vitally important
At the opening keynote, Priyanka Sharma, Executive Director at CNCF, stated that 65% of attendees were new to KubeCon. And many of these folks were new to the cloud native space, period. From discussions at our booth, I noticed that people were asking a lot of 101-level questions and stating that their companies were just starting to explore Kubernetes. It’s generally thought that Kubernetes has “crossed the chasm” with regard to the diffusion of innovation, and it was clear that the early-to-late majority were out in force at this event.
Personally, I think this is great. Many of us have been working in the cloud space for 10+ years, and it’s rewarding to see that the level of adoption continues to increase. However, it does mean that the need for education is also increasing, and specifically, the need for education that targets the late majority of folks. Depending on the role of the people I chatted with at the event, the type of education required typically boils down to:
- C-level: Understanding core value propositions of the space and how this will impact their organizational structure, KPIs, and reliance on third-party vendors
- Platform architects: Learning about the big picture and how to choose and bolt solutions together to create an effective platform
- Developers: Interested in getting stuff done (coding, shipping, etc.), rather than focusing purely on exploring the underlying tech.
The targeting of these personas and associated messaging could be seen in many of the keynotes. I thoroughly enjoyed the keynote presentation by Henrik Høegh, Platform Engineer at Lunar, “Push It to the Limit: From Canary Deployments to Canary Clusters”. The business problem statement was clear, the technical solution was well-architected (and good insight into the tech stack presented), and the Lunar developers were ultimately presented with a clear abstraction in order to accomplish the task at hand.
As I mentioned in the above Twitter thread, over the past several years I’ve learned a lot from Kasper Nissen, Lead Platform Architect at Lunar, and it was a privilege to have Kasper join the Ambassador Labs podcast recently. If you want to know more about the Lunar platform and continuous delivery tech stack, this is the podcast for you!
One place I think education is especially important is in helping developers with a traditional background map their existing mental models to the cloud native way of thinking. My teammate, Edidiong Asikpo, and Alejandro Pedraza from Buoyant provided a perfect example of this in their talk on debugging cloud native applications using Linkerd and Telepresence. Not only have new tools been created to solve old problems, but new best practices like local-to-remote debugging have also emerged:
Platforms and “golden paths” enable productivity and reduce developer friction
One of my personal highlights from KubeCon EU was getting on the stage again to present “From Kubernetes to PaaS to… err what’s next?”. After two years of virtual events and presenting to a camera, I no longer am taking the head nods or quizzical looks from people in the audience for granted!
I began the talk with a spoiler alert; I believe the next iteration of Platform as a Service (PaaS) is all about “golden paths” (and thanks to Kasper, Giulio, Paula, Dan, and several others for all of the great tweets!):
Developers are being told to “shift left” on everything from observability to security to reliability and more, and this isn’t possible without the correct abstractions, tooling, and workflows. For me, all these things need to be part of the platform on which developers code, ship, and run their applications.
I took the audience on a tour of my engineering career, showing how cognitive load increased as I grappled with microservices, cloud, and containers. From this experience, I learned three things about successfully building a platform:
- Treat the platform as a product
- You can’t have good developer experience without good user experience
- Focus on workflow and tooling interoperability
I also gave a shout-out to the Team Topologies authors, Matthew Skelton and Manuel Pais, as I’ve learned a lot from them over the years (and this was my most important book recommendation from the talk)!
I then explored how you should approach building a golden path, with pointers towards the concept that is emerging on “platform engineering.”
Building on all of the great learnings shared in the Ambassador Labs podcast, I summarized my key learnings from chatting to leaders in this space, such as Crystal Hirschorn, Kasper Nissen, Bo Daley, Nicki Watt, Alan Barr, Katie Gamanji, Mario Loria, Cheryl Hung, and many more:
You can find the slide deck of “From Kubernetes to PaaS to… err what’s next?” on Slideshare, and I’ll add a link to the recording as soon as the CNCF release this:
If you want to know more about this topic, be sure to check out our recent article series and also subscribe to the Ambassador Labs podcast.
And of course, I wasn’t the only one talking about platform engineering! There were a series of great talks that you can check out:
- No Docker, No YAML and a Polyglot Developer Experience on Top of Kubernetes — Thomas Vitale, Systematic & Mauricio Salatino, VMware
- Backstage: Restoring Order To Your Chaos — Dave Zolotusky, Spotify
- Production-scale Containerized Game Platform Practice in Bytedance — Chenyu Jiang, ByteDance, Inc & Viktor Farcic, Upbound
My friend, Ara Pulido, from Datadog, captured the evolution of this role perfectly:
And as usual, Keith Townsend, CTO Advisor was on point with his industry observations:
Developer experience is top of mind for everyone
Closely related to the observation above, in addition to hearing a lot about platforms, developer experience was also a hotly discussed topic. Although not at the event in person, Kelsey Hightower’s tweet about this sparked a lot of great debate, both on the Twitter thread and also in person:
Like many concepts in our industry, developer experience means many things to many people. However, as I suggested in my reply to Kelsey’s tweet, I believe there is consensus on the idea that a good developer experience results in reduced friction and toil during the process of delivering software to users. And enabling developers to code, ship, and run at speed — with safety and with insight — appears to be non-contentious too.
Throughout KubeCon, the consideration of developer experience was visible regardless of organization size or history. The “unicorns” clearly understand the value, and it appeared that the “horses” have been quietly shifting their tooling and practices towards this trend too. In the very first end-user keynote, Mercedes Benz talked about their seven-year journey to golden paths, with a focus on creating platforms and providing a good developer experience.
VMware were also getting involved in the mix with a sponsored keynote that focused on developer experience. This was nicely captured by Kaslin Fields (and FYI, this is before the big VMware acquisition by Broadcom was announced!):
With his Jurgen alter ego, Dean from VMware also pointed out that that developer experience is often driven “bottom up” by developers, and the beginnings of this can be as simple as a humble web-based dashboard that integrates insight from existing tooling:
We’ve clearly come a long way since this tweet I sent at the 2017 KubeCon EU event, but there is also still much work to be done in order to reduce the complexity of the cloud native ecosystem for developers:
Cloud networking: Striving to simplify ingress and service mesh
On Monday of the KubeCon week, the team and I joined the Tetrate folks for their Service Mesh Immersion Day. Here, Matt Klein, Ambassador Labs, Tetrate, VMware, and Fidelity announced the formation of the Envoy Gateway project, with the goal of simplifying Kubernetes Ingress.
Matt Klein’s blog post is a great read, and also provides a lot more detail about the project. Quoting Matt, Envoy Gateway is ‘a new member of the Envoy Proxy family aimed at significantly decreasing the barrier to entry when using Envoy for API Gateway (sometimes known as “north-south”) use cases.’ The project is now live and open to contributions.
In his keynote, Varun Talwar, co-founder of Tetrate, drew everyone’s attention to the impact that Envoy’s xDS API has had on the cloud native networking community. Once again, we see the benefits of open standards in the cloud ecosystem!
As explored in a very interesting hybrid in-person and remote panel, Envoy Gateway will implement the Kubernetes Gateway API spec. Both projects will co-evolve as the community learns more from implementing Envoy Gateway.
As the Ambassador Labs team is heavily involved in the Emissary-ingress project (being the original creators of this ingress gateway), Luke, Alice, and Flynn from Ambassador Labs ran the onsite and virtual CNCF maintainer sessions:
They also covered the Envoy Gateway announcement, and assured the audience that the community’s commitment to Emissary-ingress will not wane as both projects evolve:
Flynn and Jason Morgan from Buoyant also presented a great deep dive session into implementing end-to-end TLS with Emissary-ingress and Linkerd. And spoiler alert, it only requires a single line of config to integrate these two CNCF projects!
Changing gears slightly, and as I highlighted in my summary of last year’s KubeCon EU, cloud native networking is still very much evolving. In addition to the chatter focused on Envoy Gateway, there was also a lot of discussion about service mesh. And “discussion” might be a euphemistic term, as there were a few “hot takes” in some of the hallway track debates!
Judging from my DMs after tweeting about this topic at the event, there are a lot of differing opinions. To me, this is the sign of a healthy ecosystem, and as the Ambassador Labs team and I are friends with all the service mesh folks (and Emissary-ingress and Ambassador Edge Stack integrate with all the main service meshes), I’ll do my best to impartially summarize what I saw.
The Isovalent and Cilium teams were very visible at KubeCon EU, and there were some great use cases shared. The Buoyant and Linkerd teams were also rocking the show, and their end-user panel generated a lot of great discussions:
And of course, Istio was also visible at the event — although perhaps not as much as I would have expected given the recent news that Istio has applied to become a CNCF project. The Tetrate folks ran a series of great sessions at their Service Mesh Immersion Day as well as at KubeCon itself:
Some of the more contentious debates that emerged focused on the viability and popularity of underlying Linux kernel and proxy extension technologies, such as eBPF and Wasm. A question asked repeatedly at the event was did this spell the end of the sidecar? Probably not. At least not for a while.
In my mind, eBPF was the technology I heard the most buzz about at KubeCon. If you’re looking to get started in this tech, Liz Rice has written a great O’Reilly report, “What is eBPF?” :
I had some great discussions with folks from across the service mesh communities, including Liz, Louis Ryan, and William Morgan. I’m sure more blog posts will emerge on these topics over the coming weeks and months, so stay tuned!
Increasing focus on security and the software supply chain
Everyone attending will have noticed that security was front and center throughout the event, from the keynotes to the sessions, to the hallway chatter and vendor booths. Security is obviously very important, and it’s also now big business in the cloud ecosystem!
The keynote from Connor Gorman, a senior principal software engineer at Red Hat, provided an important message; everyone knows that security is important, but we have to enable and support engineers in addressing this.
As I touched on in my talk, a lot of this is about providing the correct abstractions and tooling. We can’t “shift left” everything and expect developers to keep rolling with the proverbial punches.
Two security-focused projects that kept cropping up are Software Bill of Materials (SBOM) and Supply-chain Levels for Software Artifacts (SLSA). I would encourage everyone to learn more about these. I’ve been playing around with SBOMs in the concept of the CNCF Buildpack project recently, and when I chatted to Kelsey Hightower recently on the Ambassador Labs podcast he shared his insight into the use of SBOMs and SLSA.
I’ll also give a hat tip to the Docker folks, who are clearly investing a lot in this space. Their new `docker sbom` command is super useful, and there are also a number of security tooling extensions in their recently announced marketplace.
Wrapping Up KubeCon EU 2022
The Ambassador Labs team and I had so much fun at KubeCon EU! The city of Valencia treated us very well, and other than a few minor travel snags, we couldn’t complain about the location!
However, what really stood out was the people and the cloud native community. There really is no substitute for meeting folks in person, and this was the best part of the event for me.
I look forward to connecting with everyone again at KubeCon NA in Detroit, October 24–28 (if not sooner!). I have a sneaky feeling that the weather might not be as welcoming as it was in Valencia… :)
Keen to learn more about Kubernetes and the cloud native community too?
- Learn about Kubernetes at our Kubernetes Learning Center
- The Ambassador Labs podcast: Learn from technology leaders and practitioners
- Check out the blog: Is Platform Engineering the New DevOps or SRE?
- Free technical lunch and learn event to help your team adopt Kubernetes
