Skip to main content

KubeCon 2021: Kubernetes Is Entering Its Grownup Years

Thinking more about things like long-term sustainability and security is a reliable sign of a person’s maturity. The same can be said for communities, and the cloud native community that’s grown up around Kubernetes is no exception.

Headshot of Yevgeniy Sverdlik
Yevgeniy Sverdlik
KubeCon 2021: Kubernetes Is Entering Its Grownup Years

If there was a through line to KubeCon 2021’s keynotes, it was probably the subject of growing up.

Things like security, the software supply chain, fullness of solutions, and large sponsors and end users dominated the morning sessions last week. The signs pointed to the start of a new, more mature phase for Kubernetes and the community that’s grown up around it.

Officially dubbed KubeCon + CloudNative North America 2021, it was one of the first big tech conferences in the US held in person since the start of the pandemic. The organizers expected thousands to show up in person, with thousands more tuning in online.

The bulk of the available seats in the vast Los Angeles Convention Center keynote hall were taken during the morning sessions. Every other seat was blocked off for social distancing. Attendees -- who couldn’t enter the building without showing proof of vaccination and getting their temperature taken -- wore color-coded bracelets indicating the level of physical contact they were comfortable with. Hand sanitizer flowed freely.

AT&T, AmEx Join CNCF at KubeCon 2021

Kicking off the KubeCon 2021 opening keynote Wednesday, Priyanka Sharma, executive director of the event’s host, the Cloud Native Computing Foundation, highlighted two new large enterprise members: American Express (gold) and AT&T (platinum).

An AmEx executive spoke to the audience from a large screen about the company’s switch to the cloud native way of building and shipping software, and an AT&T executive talked about building the carrier’s 5G network to be cloud native from the ground up.

CNCF also announced nearly 100 new silver members (all tech companies) that joined in the last quarter.

Here are some recent stats about CNCF participation shared at the conference:

  • Projects: 144
  • Contributors: 137,000
  • Countries: 186

Dual-Stack Networking in Kubernetes Is Here

AT&T and other big telcos are among companies that have relied heavily on IPv6 to build out their networks in recent years. About five years ago, seeing the exhaustion of the IPv4 address space on the horizon, engineers from Google and Microsoft thought it would be a good idea for Kubernetes to support both IPv4 and IPv6 networking.

Now, according to Lachlan Evenson, a principal program manager at Microsoft Azure, the work they started then is complete. After five years, thousands of lines of code removed from the k8s code base, and more than 10,000 new lines added, the dual-stack feature with native IPv6 routing to pods and services is stable in the upcoming Kubernetes 1.23 release, he said from the KubeCon 2021 keynote stage Thursday.

“The future is IPv6,” Evenson said. “Dual stack is the bridge to get us there.”

OpenSSF Gets $10 Million to Help Secure the Supply Chain

Brian Behlendorf, a legendary figure in the open source community (and in the 1990s San Francisco rave scene), came on the KubeCon 2021 keynote stage to announce that OpenSSF (Open Source Security Foundation), a one-year-old organization formed under the Linux Foundation to improve open source software supply chain security, secured a $10 million commitment from a big group of sponsors that would fund its next phase of growth.

“Supply chain attacks have increased by almost an order of magnitude by any reasonably objective measure,” Behlendorf said. OpenSSF is building an expert community to develop better tools and scorecards, better shared security practices, and direct targeted funding for critical projects in the space.

The same morning Behlendorf announced in a blog post and a tweet that he was leaving his leadership position at Hyperledger, a Linux Foundation project around open source blockchain-based distributed ledgers, to lead OpenSSF as general manager.

APIClarity, a Project to Untangle API Spaghetti

Few things are as characteristic of the modern software supply chain as APIs, which have, unsurprisingly, become a popular target for hackers. During his KubeCon 2021 keynote slot, Vijoy Pandey, VP of engineering for emerging technologies and incubation at Cisco, went as far as predicting that APIs were “poised to become the most used attack vector for breaches.”

As the number of microservices all needing to speak to each other to make an application work balloons, making sure each service’s API is secure, up to date, and still necessary is daunting. So, Cisco, together with the API security company 42Crunch, built an open source API discovery and security tool, called APIClarity, which Pandey announced from the stage.

Implementing it requires zero code changes, according to him. It can even construct an OpenAPI spec automatically by observing API traffic within an application. It will issue alerts when it sees abnormal behavior and identify shadow and zombie APIs.

APIClarity “will sit inside your microservice infrastructure and watch your API calls from inside the service mesh (like wireshark on a monitor port) and not only watch what is happening, it will ensure your services are operating as expected based on your specification.” That’s how Cisco explained it in a recent blog post.

Hardening Multicluster Kubernetes Architectures

Kaslin Fields, developer advocate at Google Cloud, focused her KubeCon 2021 keynote slot on multicluster Kubernetes architectures, which have become a necessity for large-scale Kubernetes deployments.

Multicluster architectures make sense for a variety of reasons. According to Fields, they help with things like deploying in multiple geographic regions, designing hybrid architectures, creating clusters that match different billing models or meet certain security and compliance requirements.

But running multiple clusters has its own challenges, with things like networking (via DNS, which is notoriously fragile), separate load-balancing infrastructure for each cluster, and overall deployment and configuration complexity.

Fields highlighted work of the Multicluster SIG (Special Interest Group) and another project aimed at making multi-cluster Kubernetes easier: Gateway API. The latter is meant to be a modern replacement for Ingress, the instrumental but now outdated API for managing external access to services in a cluster.

Gateway API is designed to be role-oriented, portable, expressive, and extensible, as described by the Network SIG that manages the project.

Adoption Is Better When It’s Sustainable

Constance Caramanolis, principal software engineer at Splunk, spoke about some big strategic next steps for CNCF and the community it represents. Entire industries have now reoriented their models around open source software development, and “we all have an opportunity to leverage this momentum,” she said.

She wants CNCF to be associated with a full solution rather than just Kubernetes and a grab bag of adjacent but often disparate software tools users have to work hard to string together. “Our community has shifted and grown, and our needs are evolving.”

The projects shouldn’t be as hard to adopt as they are today, she said. There’s little integration between them, and there are gaps from a solution perspective.

There’s no shortage of adoption of Kubernetes, but success for the community should mean adoption and sustainability, Caramanolis pointed out. Addressing the solution gaps and investing in interoperability would be good ways to go about making the ecosystem sustainable over the long term.

Long-term sustainability and self-fulfillment are things people tend to be increasingly concerned about as they mature, and so, apparently, do open source communities. The KubeCon 2021 tagline was “Resilience Realized,” which nicely encapsulated the direction of travel for this next phase of Kubernetes and the cloud native community.

Published on

18 October 2021


Subscribe to our newsletter

A monthly digest of the latest news, articles, and resources.