KubeCon North America 2023 was fantastic and included several memorable moments for the Cilium community.
Cilium and Isovalent were everywhere at KubeCon whether sharing knowledge, building community, or hosting the incredible Hive Mind Mingle. This Isovalent team was ever present!
Let’s start with what happened before KubeCon:
Cloud Native Rejekts
Duffie: This has been yet another fantastic experience. If you have never been, Cloud Native Rejekts is a b-side type of conference where folks can submit talks that have been rejected from the main KubeCon + CloudNativeCon. This means the talks are usually a list of talks with folks from all over our community.
This is also a smaller conference this time with around 130 folks most of whom are well known in the open source community. Since it is a smaller conference it’s a lot easier to spend time connecting to everyone. It’s a great opportunity to meet new folks and catch up with old friends. This year I was joined at Rejekts by one of our new bees (Carla Gaggini), Jef Spaleta, and Liz Rice.
So many great conversations and what a great way to get pumped up for the week.
CiliumCon – A Mosaic of Cilium User Stories
Nico: I arrived too late in Chicago to join Cloud Native Rejekts but hopefully I will be attending the next one! My first event of the week was CiliumCon. I remember attending Cilium & eBPF day in Valencia and feeling, well, slightly overwhelmed – it was, after all, my first day at Isovalent.
18 months later, I felt much more comfortable with the topics. And I think that would be a common observation across the whole week: Cilium is much less of an unknown quantity by now – it is mainstream.
Going back to CiliumCon – I thought the chairs did a great job curating the submissions into a coherent set of talks.
There were also some great sessions more focused on Security, such as:
- John and Natalia’s session on the past, present, and future of Tetragon (did you know Tetragon just reached 1.0 status?)
- Leonard’s session on improving Cilium’s WireGuard implementation
- Christine’s keynote on Cilium’s effortless Mutual Authentication
- Thomas’ session on a new concept of leveraging deep Tetragon’s runtime context into a Cilium Network Policy
For me though, the most valuable aspect of CiliumCon is listening to user testimonials – and the likes of Adobe, SuperOrbital, ClickHouse, Datadog, Seznam and Cosmonic didn’t disappoint.
The stories told were vastly different – Adobe talked about how they use multiple platforms across many clouds, with only two common denominators: Kubernetes and Cilium.
Seznam and Cosmonic talked about using Cilium outside Kubernetes (on Nomad and with OpenStack) – Kubernetes might be popular, but it’s far from being ubiquitous (yet). Kudos to Dan for sharing their Cilium Nomad plugin and to Ondrej for being one of the most savvy Cilium users in the industry (read Ondrej’s blog post on Cilium High Performance Standalone Load Balancer to learn why).
And then there are the start-ups that are building and securing their applications and APIs with Cilium – SuperOrbital‘s use of Layer 7 policies to restrict access to specific GitHub repos was simple but ingenuous. ClickHouse is one of many organizations providing a managed service underpinned by Cilium (in their case, they use Cilium to run a secure multi-tenant database-as-a-service platform).
I was particularly excited to hear the official announcement about the Cilium Certified Associate (CCA). Having been involved in the certification since its inception, I was delighted to finally hear it announced publicly (you can read more about it in the blog about Cilium’s CNCF graduation post-Liz and I published last week).
My thanks to solo.io and Microsoft for sponsoring CiliumCon alongside Isovalent – it’s well worth attending or re-watching all CiliumCon sessions on YouTube.
Another common topic at KubeCon and CiliumCon was running Cilium at scale.
Cilium at Scale
Nico: During CiliumCon, Maxime, and Hemanth from Datadog shared their experiences about running Cilium at scale. Their infrastructure is almost too large to comprehend: hundreds of clusters, tens of thousands of nodes, and hundreds of thousands of pods.
Datadog are great contributors to Cilium so when they identify issues that only appear at their large-scale usage, they submit fixes for the benefit of all Cilium users.
Hemanth and Laurent Bernaille (a Cilium maintainer and the co-chair of CiliumCon) also went on the keynote stage to talk about their major large-scale Kubernetes outage with the brilliantly named “Everything Everywhere All At Once” session. I love the transparency of Datadog – sharing lessons of how they recovered from an outage where they lost 60% of their Kubernetes nodes is another way to help the community. Many SREs can relate and sympathize!
With users running Cilium at this scale, the Cilium engineers need to ensure they test and push the limits of Cilium. In his talk, Ryan summarized in 20 minutes a 6-month project evaluating Cilium Cluster Mesh’s scaling limitation and how the recently-released KVStoreMesh addresses some of the limitations seen when running Cluster Mesh across 50K nodes and 255 clusters.
And Marcel presented alongside Dorde from Google the implications behind scaling clusters to 100,000 nodes.
Duffie: This year’s KubeCon was an interesting new experience for those of us who have attended for years. It seems that more folks were talking about what had happened vs what is about to happen. This change in tense is indicative of a change in the way that Kubernetes is perceived.
We have reached a point where Kubernetes is everywhere and folks expect that things are going to reach a point of sustainability rather than innovation. I still think there are a ton of areas where innovation can happen in our ecosystem! Like the integration of WebAssembly (Wasm) and container based workloads or some of the more interesting work around continuous profiling.
Still it was a more sedate experience than we have had in the past few years (the pandemic notwithstanding).
If you’d like to learn more some of the trends in the cloud native space, you can read some of the recent press coverage featuring some of our Isovalent teammates:
- Gateway API improves networking and connectivity in Kubernetes
- Tetragon adds visibility to Kubernetes with open-source runtime security platform
- Kubernetes security remains a big challenge for enterprise developers
- KubeCon points to the future of enterprise IT
Nico: There were so many great milestones and achievements to celebrate for the Cilium community. In addition to the 3rd Cilium co-located event and the aforementioned Cilium Certified Associate exam, there were plenty of reasons to rejoice.
We celebrated Cilium’s status as a Graduated project – it took about a year for the process to be completed and it’s great to see Cilium as the first and only graduated CNCF project in the Cloud Native Network category.
We also had the release of “Illustrated Children’s Guide to eBPF”: Quentin and Bill have done an amazing job creating a fun and colourful book that explains eBPF to the next generation. It will look nice on your bookshelves next to the “Illustrated Children’s Guide to Kubernetes“. You can also download your own copy of the Children’s guide to eBPF.
I’m going to test this with my youngest kid and see how effective it is as a bedtime story.
Finally, we had the return of the highly popular Hive Mind Mingle – the exclusive rooftop evening event that attracts some of the brilliant minds in the cloud native space.
Hive Mind Mingle
Duffie: Wednesday night at KubeCon in Chicago was littered with events all over the city. Every event like this will see a proliferation of events on some specific night. That said it was amazing that the Hive Mind Mingle was the party to attend! We had an incredible lineup of folks in attendance from all over the industry sharing their experiences and building networks! One of the highlights for me was seeing Bart Farrel rapping about all of the happenings in our community live on the floor!
There was another significant eBPF milestone that happened in Chicago: the premiere of a blockbuster movie.
eBPF: Unlocking The Kernel Documentary
Nico: I had been looking forward to seeing the “eBPF: Unlocking The Kernel” documentary ever since the trailer came out. I wasn’t disappointed – I thought the documentary was extremely well made because it made what is a very complex topic something that most of us in technology can relate to: a story about people. Once again at KubeCon, eBPF was a hot topic (according to this excellent article by Torsten Volk, it was one of the most discussed topics of the show).
Go and watch the documentary and read Thomas’s brilliant accounts of eBPF in his eBPF creation story for even more context and insights.
The documentary also tells the story of the origins of Cilium and Isovalent – or should I call it…
Nico: For a company the size of Isovalent (still fewer than 200 employees), I found our presence at the conference remarkable. Folks from Google told me our contingent at KubeCon (about 40 people) might probably be bigger than Google’s group of attendees 😅. One of the reasons so many of us were present is because of the huge amount of sessions presented by Isovalent employees.
Over 20 sessions were presented, across CiliumCon and KubeCon of course, but also at ArgoCon (Cilium is commonly deployed in a GitOps approach) and Cloud Native Telco Day (Cilium is popular with Telcos).
A Day At The Booth
Nico: I think the only session I saw during KubeCon was Daniel Borkmann’s mind-blowing session on tuning up Kubernetes networking performances with Cilium:
Otherwise, I spent most of my time talking to attendees at our booth.
Working at the booth is unpredictable – you never know what type of conversations you’re about to have. Some folks just come in for some swag (our Bees key-rings were pretty popular), some people just come in for a job (I had to direct them to isovalent.com/careers) and some people just come in to invest (VCs 😅).
But I honestly enjoyed being on “booth duty” to the point I think we need to rethink the “booth duty” expression. Talking to people about a technology you love doesn’t feel like a burden to me.
I mean – look at us; does it look like we’re having a terrible time?
Even queries of a more technical nature were fun, even if they would vary drastically: some folks asked me about the inner workings of Cilium Cluster Mesh or requested some advanced Egress Gateway feature improvements. But I also had users at the beginning of their containerization journey: our chat turned into a very enjoyable conversation, explaining concepts like service mesh, micro-segmentation, and CNI.
That made me think that we – the broader community – should not leave anybody behind: not everyone is adopting a cloud-native architecture and operational model at the same pace.
Talking about an inclusive community…
Duffie: As part of our effort to support the thriving Kubernetes ecosystem. I volunteer some of my time as a member of the Technical Oversight Committee of the CNCF.
This year at KubeCon I had the opportunity to take the big stage to share an update on what we have been working on and to share the stage with some of the leaders of the Technical Advisory Groups (TAGS) that we work closely with in our efforts to ensure that projects understand what is required to be included in the CNCF and to ensure that those projects that are accepted are supported and guided through the process to graduation.
We also shared some of the work the TAGS are working on like the Deaf and Hard of Hearing working group that is part of Tag Contributor Strategy. These things make a big difference in making our community one of the most inclusive and welcoming communities I’ve ever been a part of!
KubeCon 2024 – Paris and Salt Lake City
Nico: What a week we had! I am already looking forward to next year’s events in my hometown in Paris and to visiting Utah and Salt Lake City next November.
On this note, I will leave you with some canine charm and Carla – looks like even dogs had a great time at KubeCon North America.
See you in Paris, in March 2024.