This week the Jetstack team jetted off to Valencia, Spain for Kubecon + CloudNativeCon 2022. Between paella and the beach we managed to get to a few sessions across the week, and we had a lot of fun!
Jetstack had a booth in Pavillion 2, and we enjoyed our time talking to friends and customers alike. We had many great conversations about Jetstack, our work, and Jetstack Secure with hundreds of attendees. If you didn’t get a chance to see us at KubeCon we’ll be at KubeCon North America in Detroit later this year, or reach out to us anytime online.
Many Jetstackers were on the cert-manager booth too, over in the CNCF project pavilion. They handed out loads of cert-manager t-shirts, spoke to many members of the community, and even ran an amazing interactive certificate signing display. If you visited the cert-manager booth in Valencia I hope you enjoy your certificate signed by the cert-manager mantainers (and remember to renew it before it expires!).
Themes & Talks
We’re hugely proud of our own Jetstackers who spoke this week. Steve Judd from Jetstack and Chris Clarkson from our customer Improbable Defence spoke at Cloud Native Security Con on the topic of supply chain security with their lightning talk “What’s Inside Your Container Image?”. In the main KubeCon schedule Jake Sanders and Charlie Egan spoke about next-generation identity management with their talk “Multi-Cloud Workload Identity With SPIFFE”.
We were excited to attend many sessions across the Contributor Summit, co-located events, and the main conference. We saw so many amazing talks by many talented presenters and community members, and we’d like to congratulate everyone who spoke at KubeCon. Across all the tracks, a handful of major themes really stood out to us and our work at Jetstack: Stability, Supply Chain Security, and Community.
Stability and Maturity
Kubernetes has been a mature technology for several years, with thousands of production deployments from startups to banks. At this KubeCon the theme was very much the stability of the ecosystem as a whole. Not just Kubernetes, but cloud native projects across a wide range of areas are maturing. The excellent KubeCon co-chairs Ricardo Rocha, Emily Fox, and Jasmine James spoke to us in their Friday morning keynote “CNCF Project Updates”. They covered updates about a wide range of CNCF projects, many of which are building day-two features around security and reliability.
Supply Chain Security
Eighteen months after the discovery of the SolarWinds attack, the security of our supply chain is still a major topic in the industry. We saw Shane Lawrence’s keynote “Securing Shopify’s Software Supply Chain” detailing their journey with securing their supply chain, and Adolfo García Veytia’s talk “Make the Secure Kubernetes Supply Chain Work for You” about the supply chain improvements in the Kubernetes release process.
These aren’t just changes for the sake of changes either. Andrew Martin spoke about the landscape of attacks in his talk “A Treasure Map of Hacking (and Defending) Kubernetes”, where he demonstrated how supply-chain attacks can move into clusters, exfiltrate secrets, and lead to cloud account compromise that effect cloud native businesses and their customers.
Supply chain security is deeply important to us a Jetstack, and we’ve recently published our supply chain security toolkit to help you get started securing your approach to shipping software.
Community and Maintainership
Finally, we saw many talks discussing the difficulties around building communities and open source. In the Contributor Summit on Monday, we had a long talk about the importance of long term stewardship and maintainership of open source projects. In their keynote “Nurturing The Whole Project” Josh Berkus and Catherine Paganini spoke about all of the elements that an open source project requires beyond the obvious, and the support that the CNCF can give projects in growing.
This is an issue that’s close to our heart. As the original creators of cert-manager, a project which has now joined the CNCF and is undergoing it’s own journey along this path, we see the importance of strong open source community foundations. We’re excited for what opportunities await for cert-manager in the CNCF, and for all the Jetstackers who contribute to upstream work such as Jake Sanders with Kubernetes SIG Network, Ashley Davis with Sigstore, Josh Van Leeuwen with SPIFFE, or my own work on the Kubernetes release team.
It was great to see everyone who could make it in person, and we loved speaking with friends we haven’t been able to see recently. But the pandemic still continues, and we know not everyone could make it or felt comfortable in person. We’re always happy to connect with people online, and if you’re along to KubeCon + CloudNativeCon North America we’ll see you there!
From sunny Valencia, Adiós!