Oh là là! What a fantastic week we had in Paris. Given that it was the last KubeCon for Isovalent as an independent entity before its upcoming acquisition by Cisco, it felt particularly meaningful. Many of us took the time to thank, in person, Isovalent customers and partners, Cilium users and contributors, and everyone in the broader ecosystem who contributed to the success of Cilium, eBPF and Isovalent.
It’s my fourth KubeCon wrap-up blog post and, this time, I am not just going to just reflect on what was the biggest KubeCon ever but also share some insights into what happens behind the scenes.
Allons-y.
Remember when KubeCon was only 2-days long?
Look back at the agenda of the inaugural KubeCon in Europe in 2016. The 2-day long event was hosted in London and only had 4 main tracks. It must have felt like a short, fleeting family reunion compared to this year’s event. KubeCon is now more of a marathon – with Cloud Native Rejekts taking place on Sunday and Monday; followed by the co-located events on the eve of KubeCon.
Isovalent was well represented at Cloud Native Rejekts – James, Filip, Piotr, Michael, and Nick all took turns unravelling complex topics like eBPF, CNI, Egress routing, and CRDs. And check out the fancy stage!
In parallel, Datadog hosted the first Cilium Developer Summit with representatives from Datadog, Elastic, Google, Isovalent, Microsoft, Palantir, Solo.io, Seznam, and more.
We then had a full day of Cilium and eBPF presentations at the Cilium and eBPF co-located event, hosted by Laurent Bernaille (also from Datadog) and Bill Mulligan, two great advocates for Cilium and eBPF.
While the afternoon sessions were presented by Cilium users (more of them later), the first part of the day was focused on Cilium’s architecture. Beyond the technical insights that Jussi, Martynas, Hemanth, and Joe – all core contributors to the Cilium project – provided, I particularly liked their desire to shed light on Cilium’s design principles and to help aspiring Cilium contributors.
The Cilium community is as healthy as ever and will continue to remain open and inclusive.
eBPF was clearly one of the topics of the week but another one took center stage:
AI, Wasm and eBPF lead the way
The most trendy technologies this year were AI, followed by Wasm (WebAssembly) and eBPF.
The conversations around Wasm have evolved over the past year: the use cases are clearer and the focus has shifted to optimize running Wasm-based applications on Kubernetes.
AI was – for better or worse- the talk of KubeCon. This is my 4th KubeCon wrap-up post and, somehow, it’s the first time I have mentioned Artificial Intelligence. There was evidently a lot of excitement around running AI applications, with Priyanka’s impressive demo of Ollama running on Kubernetes being the highlight of the opening keynote:
There remains a lot of scepticism and cynicism about AI hype and AI washing. Let’s focus instead on the intersections of eBPF with AI and Wasm.
As mentioned in my networking predictions, Wasm and eBPF have in common to be abstractions able to unlock inflexible environments – the browser for Wasm and the Linux kernel for eBPF. This Cilium user story on Cosmonic is a fascinating look into the similarities between eBPF and Wasm and why you would run Cilium for Wasm workloads.
Surprisingly, given how hype both topics are, eBPF and AI have not seen many mentions together. What we do know is that some of the largest Machine Learning models run on Kubernetes and that Cilium is already being used to connect and secure training data created by machine learning workloads.
Cilium’s eBPF-based performances and security features such as Cilium Network Policies and Cilium Transparent Encryption are a strong fit for the huge clusters running ML workloads and to secure the precious training data and models.
I was wrong: talk of eBPF fatigue is premature.
On my rare ventures beyond the Isovalent booth, I noticed how many more eBPF-based tools were on display across the solution showcase, with many start-ups promoting their eBPF-based networking, tracing, profiling, observability, and security projects. Even Microsoft open-sourced their eBPF-based networking observability platform Retina on the eve of KubeCon.
I predicted that eBPF fatigue was going to kick in this year: this was clearly premature. It’s actually the opposite: one of the most popular talks of the week was Liz Rice’s and John Fastabend’s session on eBPF’s abilities and limitations.
eBPF is still evolving and more use cases are being discovered, including the upcoming support of eBPF programs running on Windows environments.
Cilium Users in the Spotlight
My preferred sessions tend to be the ones presented by actual users, especially when they highlight original scenarios and innovative use cases. During the Cilium & eBPF Day, engineers from the New York Times and Roche described use cases where they tried to simplify their architecture and remove unnecessary toolings.
I have been talking a lot recently about the “fight against complexity” and I saw plenty of evidence throughout the week that users just want to simplify their tool stack as much as possible.
For example: Sicredi, one of the largest Brazilian credit union companies. In his “Cilium ClusterMesh in Action: Strengthening Security Across Distributed Kubernetes Clusters” talk, Matheus Morais walked through the Sicredi Kubernetes architecture, explained why they adopted Cilium as a CNI (after initially going with Flannel and Weave) and provided the reasons behind their decision to use Cilium to address their service mesh requirements.
If I can paraphrase Matheus – they decided against installing another tool as the one they were using already met their needs.
Evidently, there are times when you need more tools than Cilium for complex requirements, such as regulatory and compliance. Marcel and Stephen from Schuberg Philis explained how they can address most PCI-DSS requirements using a collection of CNCF projects, including Cilium and Tetragon:
Multi-Cluster Mania & Service “Meh”
Connecting multiple clusters together might seem like a common use case but, this year, it seemed to be on everybody’s mind. It might also have been because of Liz’s excellent “Simplifying Multi-Cluster and Multi-Cloud Deployments with Cilium” session.
Many users are looking at connecting clusters together, encrypting the inter-cluster traffic, enforcing consistent network policies and load-balancing client requests across clusters. Cilium Cluster Mesh is probably one of the easiest ways to achieve this.
Cluster Mesh Lab
In this lab, we will see how to set up Cilium Cluster Mesh, and the benefits from such an architecture.
Start LabWhat we had less of this week – and I think folks were grateful for that – is the “Service Mesh wars”.
Ever since Cilium announced a sidecar-less service mesh a couple of years ago, we’ve had panels discussing the values of sidecar vs sidecar-less. While the debates were entertaining, there seems to be a consensus agreed that the side car model is bloated (the Istio folks were heavily promoting the sidecarless Istio Ambient Mode).
Users have moved on to practical matters and would rather hear how fellow engineers address their service mesh requirements, with the best tool for the job; whether it’s a CNI, a service mesh or, in the case of Cilium, both.
Vendors, why don’t you teach instead of sell?
The Isovalent booth was packed with visitors throughout the conference. You could argue that our location on the show floor helped attract curious attendees, but I actually think folks came along, not just for some of the swag on offer but because of everything we could teach them.
We hosted multiple lightning talks and book signings. If the long queues put you off, don’t worry – the books are also available as a free digital copy.
We also welcomed attendees to try out our labs. One particularly keen engineer spent a couple of days at our booth; ignoring all the breakout sessions to instead, learn about Cilium and prepare for the recently launched Cilium Certified Associate certification. Hundreds of engineers took our labs and collected badges for the Cilium Sticker Book.
If you are one of the sponsors at KubeCon, next time, reflect on what you want your visitors to come away with: hands-on knowledge of your product or another pair of socks?
Stage Fright
Allow me an egotistical moment. This year, I had the chance to present, alongside Dan Finneran, an introduction to Cilium. It’s a privilege – out of 2,541 session submissions, only 233 talks were accepted.
Being a KubeCon speaker is a significantly different experience from being a sponsor or an attendee. First, you will spend the run-up to your session finalizing your session, polishing your slides and rehearsing.
You will also feel nervous. Even if I’d previously spoken at large events such as Cisco Live or VMware’s VMworld, this KubeCon was special: it was in my hometown, and our session was on a hugely popular topic, with over 1,600 attendees signing up for it (we only had space for about 300 folks in the room).
The room was packed 25 minutes before the session started, giving us 25 minutes to worry about what could go wrong. Will my laptop let us down? Will the Wi-Fi be so congested that our demo will fail? Will there be dreadful microphone feedback like we had in the earlier rehearsal?
Thankfully, none of this happened and the session went well, even if, there’s always room for improvement (watch the session on YouTube and let us know what you think).
Of course, I wasn’t the only Frenchman speaking. There was also the one who started it all.
French Tech
I was really glad that Solomon Hykes – the creator of Docker – was presenting the keynote on the last day. France is more famous for its food rather than its technological innovations, but there are clearly amazingly talented French folks who have had a significant impact on the cloud-native industry.
At the start of his keynote, Solomon read a quote in French, which he didn’t really translate to the audience:
It took me a while to realize he cheekily referenced the movie based on the Asterix comics and this iconic scene:
Here is the full quote in French:
Moi, si je devais résumer ma vie aujourd’hui avec vous, je dirais que c’est d’abord des rencontres. Des gens qui m’ont tendu la main, peut-être à un moment où je ne pouvais pas, où j’étais seul chez moi. Et c’est assez curieux de se dire que les hasards, les rencontres, forgent une destinée…
Edouard Baer (Otis)
While the film sequence was one of the many hilarious moments in the film, the meaning of the quote still resonates. It essentially says the following: “If I had to sum up my life with you, I would say it’s primarily encounters. People who reached out to me, perhaps at a time when I couldn’t, when I was alone at home. And it’s rather curious to think that randomness and encounters could shape a destiny…”
Encounters. This is really why you would attend an event like KubeCon. As much as I enjoy the flexibility and the convenience of working remotely, you can make so much more progress in face-to-face meetings. This is why Isovalent engineers could also be found at the Contributor Summit, ContribFest sessions, Special Interest Group (SIG) meetings on topics such as Gateway API, etc…
This is why folks travelled thousands of miles (by air or even by train) to be in Paris. Human interactions are what make Kubernetes.
KubeCon isn’t built in one day
Let me explain some of the work that goes beyond an event of this magnitude.
Here are some of the questions any marketing team has to ask itself months prior to the event:
- Is it worth attending?
- Which level of sponsorship can we afford?
- What message do we want to convey?
- Which booth location should we pick?
- What are we going to wear at the booth?
- Where is all our staff going to stay? And how are they going to get there?
- What should our booth look like? What would we like attendees to take away from visiting our booth?
The last couple of questions preoccupied our marketing team for months. It influences everything from the layout of the booth, to the colours and font on display, to every logo on display, to the expected attitude of each member of staff.
As I mentioned earlier, given how crowdy the booth was throughout the event, I can only describe our event team’s work as exceptional and wanted to share my appreciation.
They also spent weeks organizing our 5th Hive Mind Mingle. The exclusive event, which we’ve been running every KubeCon since Valencia in 2022, is always a fantastic opportunity to connect with industry leaders and community members while enjoying drinks and delicious French appetizers.
This year’s Hive Mind Mingle felt even more special than usual. It was probably the last as “Isovalent” before the Cisco acquisition.
The Cisco Elephant in the Room
I will finish this KubeCon wrap-up by sharing the most frequently asked question we – Isonauts – had this week.
“How do you feel about the Cisco acquisition?”
I even ran out of adjectives to describe my feelings. Excited? Wary? Fired up? Slightly anxious? Eager?
The truth is that I don’t think things will change that much, at least for the foreseeable future.
We will still be heavily investing in Cilium Open Source and in developing our Enterprise distribution. I’ll still be promoting Cilium within the cloud-native community, creating content, and playing with great technologies.
I also see opportunities: I will get the chance to educate network engineers intimidated by Kubernetes. I will be exploring fun integrations between Cisco products and Cilium and eBPF. I will, hopefully, attend both KubeCon and Cisco Live next year.
I initially joined Isovalent in May 2022 for an opportunity to work on the most exciting networking project and, as I wrote at the time on my personal blog, “for the prospect of working with super smart folks”.
The sentiment still holds true.
Thanks for reading and see you in London for KubeCon Europe 2025.
Prior to joining Isovalent, Nico worked in many different roles—operations and support, design and architecture, and technical pre-sales—at companies such as HashiCorp, VMware, and Cisco.
In his current role, Nico focuses primarily on creating content to make networking a more approachable field and regularly speaks at events like KubeCon, VMworld, and Cisco Live.