KubeCon Europe 2021: Our Personal Highlights

Kenny | 13 May 2021

KubeCon + CloudNativeCon Europe 2021 has come to a close, and at this point needs little introduction. Much as we’re all looking forward to the return of in-person conferences, there were some cracking virtual talks this year! There’s so many that we’re still catching up on, and we’ll be publishing a second part to this blog next week. We’ll also be updating our posts with the VOD links to these talks, at the very moment that CNCF releases them to the public. Now we’re handing over to Kenny, for his personal highlights and recommendations…

As I navigated through the various KubeCon sessions; watching them in no particular order. I noticed that different sessions often shared a common theme (or topic), but at a different technical level or a different point in the journey. I’d like to share and categorise the sessions that I watched, enjoyed and found useful.

I’ll split the talks into two sections. In the first section, I’ll start with the talks that I believe may help someone gain a better understanding of the inner workings of different sections of Kubernetes. The second section will go over the security-related sessions followed by the CSI volumes sessions that are related to security.

Section 1: Fundamental Kube Talks

Session 1: Resource Requests and Limits Under the Hood: The Journey of a Pod Spec | Kohei Ota, Hewlett Packard Enterprise & Kaslin Fields, Google

The speakers of this session very successfully used Dogs and Doggy Daycares to explain how the various Kubernetes components work together to schedule an app onto a node within a Kubernetes cluster whilst explaining how resource requests and limits work and diving deep down to the CRI and OCI runtimes.

Session Link

Session 2: Understanding Isolation Levels in the Kubernetes Landscape | Jiaqi Liu, University of Chicago

Session 1 explained the journey of an individual pod in a Kubernetes cluster, but what about multiple tenants deploying multiple pods in a Kubernetes cluster?

This session goes over the differences between a single-tenant Kubernetes cluster vs a multi-tenant Kubernetes cluster and provides useful information for building, designing or figuring out how a Kubernetes platform can and should be used.

Session Link

Session 3: How to Break your Kubernetes Cluster with Networking | Thomas Graf, Isovalent

I think it’s important to know how to break a Kubernetes cluster with networking. This session happens to go over the basic Kubernetes networking concepts before teaching us how things can be broken.

Session Link

Session 4: Traces from Events: A New Way to Visualise Kubernetes Activities | Bryan Boreham, Weaveworks

This session goes over distributed tracing and events in Kubernetes. I think the demo, in particular, showcases how beneficial visualising Kubernetes activities can be for learning what Kubernetes is doing and the explanation of the object ownership chain will come in handy for future troubleshooting.

Session Link

Session 5: Operationalizing Kubernetes Sidecars in Production at Salesforce | Mayank Kumar, Salesforce

Session 1 mentions that a developer makes a request to the Kubernetes API when deploying an app. The speaker of this session goes through the journey of an API request in Kubernetes close to the beginning of the session.

The rest of the session justifies the intermediate (mid-level experience) tag. Going over the various use cases for sidecar containers (i.e. another container running alongside the main app container inside the same pod), a solution to automatically inject generic sidecar containers with admission webhooks and how they continue to maintain, test and develop the solution.

Session Link

Section 2: Security and CSI Volumes

Session 6: Compliance Beyond Security: a Cloud Native GDPR Implementation Experience | Johan Tordsson, Elastisys AB

When it comes to security, a possible first step is learning about the security regulations. This session focuses on the European GDPR; going over possible technical challenges and recommendations for handling these regulations in a cloud-native setting.

Session Link

Session 7: The Art of Hiding Yourself | Lorenzo Fontana, Sysdig

The speaker of this session provides insight into how an attacker can compromise a Kubernetes cluster, whilst hiding their activities and how a security team can implement measures to detect detection evasion with Falco.

Session Link

Session 8: Uncovering a Sophisticated Kubernetes Attack in Real-Time | Jed Salazar & Natália Réka Ivánkó, Isovalent

Session 8 provides additional information around detecting Kubernetes attacks in real-time and advocates for a pre-data and post-data paradigm using data to continuously measure that hardening and security configurations can handle real-world threats detectable by the observability tools within a Kubernetes cluster.

Session Link

Session 9: CSI Volume Attacks – The SRE Strikes Back | Hendrik Land, NetApp

This session could also be put under the Fundamental Kube Talks section since the speaker goes over the basics of Persistent Volumes, Persistent Volume Claims and how an attack might try to get access to the data. In addition, the speaker covers Kubernetes’s inherent security models and recommendations for configurations that should be applied for increased protection.

Session Link

Session 10: Secrets Store CSI Driver: Keeping Secrets Secret | Anish Ramasekar, Microsoft & Tommy Murphy, Google

This session showcases a demo of a sig-auth subproject called Secrets Store CSI Driver; showing how it can be used to mount and rotate sensitive secrets externally stored outside of a Kubernetes cluster.

Session Link

That’s all for now — but hopefully it will be a good starting point to help you decide what KubeCon sessions to watch. Let us know below if you feel we missed anything, though with more interesting sessions to come in part 2 of this post we may well be covering it imminently.

Additional KubeCon 2021 Blogs:

KubeCon Europe 2021: Hot Topics to look out for

KubeCon Europe 2021: Post roundup 2

Thank you for reading

Do you need help with a Cloud Native or Kubernetes implementation? Get in touch and let's work together.

Contact Us

At LiveWyer Labs we innovate through research and development, see what else we've been working on lately.