Kubernetes

KubeHuddle: The first Scottish Kubernetes conference

October 14, 2022

This October saw the inaugural KubeHuddle, a new Kubernetes conference. Held in Scotland at the Edinburgh International Conference Centre, this community-run conference helped to showcase how companies are using and developing their systems with Kubernetes and cloud-native technologies.

There were a couple of interesting themes I noticed in the talks presented at the conference. In particular, these themes show where organizations are looking to develop their environments.

  • GitOps: With five talks over the two days, it’s fair to say that a lot of companies are exploring and using the GitOps framework for managing their environments. There was a good mix of forward-looking talks on this, as well as people sharing their good and bad experiences with using GitOps.
  • eBPF: There were four talks and a workshop on eBPF, showing that it’s also an area of high interest. The talks mostly focused on the benefits of eBPF for observability in complex environments, but there was also a very interesting talk from Liz Rice in which she looked at how eBPF can also be applied to security and service meshes.

There were a lot of great talks at the event, but a few highlights for me were :-

Hacking Kubernetes: Live Demo Marathon by Andy Martin

This talk took a lightning-fast look at cloud-native security, focusing on some of the key areas. Andy emphasized the importance of understanding who your likely attackers are in considering where to spend time and resources. To illustrated this, he showed an interesting adversary matrix

Adversary Matrix
Adversary Matrix

Another interesting topic that Andy covered was some of the attack patterns and the attack surface that are present in cloud-native stacks. This showed how important it was to consider all the parts of the stack: code, container, cluster, and cloud.

Code to cloud attack patterns
Code to cloud attack patterns

The talk then went through some demonstrations of how, in practice, each of these layers could be attacked. The demos are well worth a watch on the recording.

K8s & meat: How we got Kubernetes into the Kaufland meat processing factories by Engin Diri

This talk followed the theme of showing some practical challenges in deploying on-premises Kubernetes clusters for a large corporation and how Kaufland's engineering teams tackled them. Some of the interesting points in this talk were how the organization had to navigate specific constraints, like teams' preferred toolsets and tight cost constraints.

While it can seem that everyone in the world is on the cloud these days and heavily usaging SaaS products, this talk showed that there are still use cases where on-premises solutions for compute and tooling can be a good option.

Another interesting part of this talk looked at how their organization’s choices of tools developed over time. With security for example, moving from Falco to Tracee to Tetragon went hand-in-hand with a move from Calico to Cilium for CNI.

Kaufland security options
Kaufland security options

Fireside chat: Open source and the global security response

Rather than the traditional talk format, this was a panel discussion in which panelists looked at how open source security is developing for companies and governments.

Security panelists
Security panelists

The panel featured experts from the Open UK group, whose goal is to help adoption of open source technology in the UK.

One of the discussion points covered in the panel was around liability for open source security issues. There was a recognition that in many ways the costs around maintenance and compliance for open source projects need to lie with the groups commercializing it rather than necessarily the individual developers of open source.

There was also a good discussion of how new regulations are entering the open source space via government actions in both the USA and the EU. They also talked through some of the challenges that are likely to arise from that.

Another topic that the panel spent some time on was supply chain security, and some of the challenges of creating and using software bills of materials (SBOMs). I expect we’ll see more developments in this space as companies start looking beyond the basics of generating SBOMs for all their software and start considering how to manage and utilize them in the longer term.

Conclusion

It’s great to see another local Kubernetes conference get started, and I’d say that KubeHuddle’s first iteration was a rousing success. We had a good crowd of local attendees and speakers as well as quite a few people who had traveled to attend.

Hopefully this will be the first of many, and we’ll see the conference back for another iteration in 2023.