KubeCon & CloudNativeCon NA 2021 Key Takeaways: Security, Kyverno and Community

KubeCon & CloudNativeCon NA 2021 Key Takeaways: Security, Kyverno and Community

After 2 years of virtual events, it was refreshing to attend KubeCon North America 2021 live! Of course, the event was held as a hybrid and we’re glad they did for this. Before we go into our recap, I want to give virtual high fives to Tin Matienzo, Kristi Tan, Libby Schulze and everyone at CNCF and YES, the community for coming together and providing us a space to geek out on all things open source.  If you are unfamiliar with KubeCon, this is the signature event put on by the Cloud Native Computing Foundation [CNCF] which is the home for Kubernetes and a myriad of other cloud-native projects (like Kyverno). KubeCon is an event where project maintainers and end-users come together under one hybrid roof.

Increasing in Popularity with co-located events!

There were twelve different co-located events, showing the breadth and depth of cloud-native technologies.

Shuting Zhao, Kyverno maintainer, presented on pod security and how Kyverno policies can be used to replace the recently deprecated Pod Security Policies (PSPs).

In this session, Shuting focused on securing sensitive aspects of the Pod specification → how can you continue to ensure that “Bad Pods” stay out of your cluster and don’t compromise the security posture? Shuting provided an overview of Kyverno and presented a set of Kyverno policies for Pod that is based on Pod Security Standards. It’s awesome to see how much Kyverno has grown (thank you to our maintainers and contributors!) because during this session, Shuting gave us a great demo on how Kyverno can enforce best practices for Pod security and how Kyverno can help add default security context to Pods and improve the security posture of Kubernetes clusters. Believe us who were there in person, it was a great session, still waiting on the on-demand, but once we have it, we’ll update and share!

Another fun event BEFORE the actual event

Jim Bugwadia, our co-founder and CEO participated in a Capture The Flag (CTF) livestream! If you have not tried a CTF, it’s a lot of fun and a great way to learn about Kubernetes security.

The basic idea is to find “flags” (strings of data) that are hidden in the cluster. The events are organized and run by the awesome team at Control Plane, and this panel was coordinated by Magno Logan from Trend Micro and Ashish Puri from the Cloud Security Podcast. Besides Jim, the session had Duffie Cooley, Field CTO at Isovalent and Nicole (Nikki) Becher, who is a Security Engineer at Google. Hmmm, wondering if this was recorded? Also props to Magno Logan for dressing up like a pirate! Or, Ninja? Or, a Ninja-pirate! That’s commitment folks!

Here we go folks, the main event! Day 1

Some stats from CNCF, around 24,000 people attended Hybrid KubeCon NA 2021, and about 3,500 attended in person. Yes, small event, but again, CNCF did an amazing job with social distancing and safety measures in place to make us feel safe. Also, it was nice to see PEOPLE, have conversations and of course the awkwardness should we shake, wave, or fist-bump hellos! But what about the sponsor pavilion? Ok, yes, the floor was massively spread out but the conversations were personal and productive!  

We have to say, after two years of not having to set up a booth – looks like we still got it :). Mind you, this is how it started, a nice, put together booth!

Here’s us, on the last day of the conference, smiling! Also, since being remote, it was nice to have the TEAM under one convention center (LOLZ). From the left, Kim (marketing), Anubhav (customer success), Jim (CEO/OSS), Ritesh (Products) and Shuting (Eng/Kyverno maintainer). By the way, did anyone grab our amazing t-shirt?

Kyverno, a mainstream conversation at KubeCon 2021!

We donated Kyverno to CNCF November of 2020, and our mission was clear – automate and simplify Kubernetes security for all! Kyverno is a policy engine designed for Kubernetes. With Kyverno, policies are managed as Kubernetes resources and no new language is required to write policies. Kyverno understands Kubernetes OpenAPIv3 structural schemas to make writing and managing policies easier for Kubernetes administrators and users!

It’s been a year, and KubeCon is kinda our first experience of community adoption at Nirmata. I mean, we have stats of # of downloads, GitHub stars, and mentions, but it was actually really great to have people coming to our booth, pulling us aside, telling us of their Kyverno use cases!

If you want to learn more about Kyverno and start contributing to the project, you can find more information here.

Join our slack channel, it’s vibrant and full of amazing members!

Or if you are using Kyverno, you can get certified via our certification program!

OK, OK, on to our sessions at KubeCon!

Jim was a panelist in a session on cloud native policy management, along with community members from Red Hat, TIAA, and Sunstone Secure. They discussed why policy management is important for Kubernetes, what problems it helps solve, and how you can apply and manage policies across clusters. We hear that this esteemed group of contributors is releasing a paper on Kubernetes Policy Management soon, so stay tuned! (UPDATE: here is the on-demand: https://youtu.be/6s3tc9QGxDo)

Another session that Jim did was on multi-tenancy! This talk featured folks from VMware, Google, and Alibaba, and discussed approaches to managing multi-tenancy for Kubernetes. If you have not seen it, check out the blog post, Three Tenancy Models For Kubernetes.  (UPDATE: Here is the on-demand: https://youtu.be/E0fzizq8knE)

Kyverno office hours

Did you miss our Kyverno Office Hours? No worries, CNCF shared the recording, you can watch is here: https://www.youtube.com/watch?v=v0yh8b6lPXQ

That’s a wrap!

That’s it folks, a week full of fun, community and tech! Life has gotten back to before KubeCon, but we also wanted to take the time (and seeing that you read down this far) to thank each and every one of you for making this event so amazing and for supporting Kyverno! We’re just thankful to be back with our Kubernetes community!

Hope to see you all soon (Valencia, you ready?) and please stay in touch, either through our LinkedIn channel or other sources.

Want to get your hands dirty on our product, you can sign up for a free trial here.

If you want to see a customized demo or have questions, feel free to reach out to us! 

Why Kyverno is the Most Adaptable Policy Engine For Kubernetes
5 Things DevOps Teams Can Do to Make Kubernetes Secure and Compliant
No Comments

Post a Comment