Everybody working in cloud native is excited about visiting Amsterdam for KubeCon Europe 2023. As usual, Jetstack will be there. Don’t forget to follow us on LinkedIn and Twitter to get our latest updates.
You should come listen to our talks:
How to Avoid a Kubernetes Doom Loop
11:55 | Elicium Building | Elicium Ballroom 2
David Collom will be talking at ArgoCon about how to avoid a Kubernetes doom loop.
This lightning talk is a tale of what happens when automation becomes the problem. A single cluster running 16K Argo Workflows across more than 165 nodes, suddenly begins to melt down. One misconfigured pod starts to automate pod failures on a huge scale. Overloading a cluster is a costly recipe for failure. In this short talk, hear from bitter experience and find out why best practices provide the best basis for an easier life as a CRE.
Talking to Kubernetes with Rust
18:10 | Auditorium + Balcony, ground + first floor, Congress Centre
James Laverack will be doing a lightning talk on using Rust to interface with Kubernetes.
The Kubernetes API provides a gateway to manage cloud native resources, and there exist client libraries to interact with Kubernetes in many languages. Rust is uniquely positioned to write software for Kubernetes. With a powerful type system, fast binaries, excellent documentation, and unparalleled memory safety it is well positioned for critical tooling and infrastructure. This talk will be a crash course on how to interact with Kubernetes in Rust, and will cover the basics you need to know to write your next tool targeting Kubernetes with Rust.
A SPIFFE Debate with beer, pizza and lego
18:00 | NH Hotel Zuid, Van Leijenberghlaan 221, 1082 GG Amsterdam
Venafi will be hosting a panel discussion on the topic of SPIFFE and machine identities. If you want to attend, you can sign up here.
Before all of the other parties start we would like to invite you to hear respected influencers debate a question that is becoming increasingly important SPIFFE has become well established for machine identity in the open source ecosystem, but is it ready for mainstream enterprise production systems? And what does this mean for developer, platform and security teams?
There will be pizza, beer, soft drinks and complimentary Lego for all those who attend and the opportunity to interact and ask questions of the panelists. We will also ask you to vote on who makes the most valid and interesting points in this debate. Register and we will send you a calendar invite or just turn up – look forward to seeing you there.
Cert-Manager Can Do SPIFFE? Solving Multi-Cloud Workload Identity Using a De Facto Standard Tool
11:00 | Emerald Room, first floor, Congress Centre
Thomas Meadows and Josh Van Leeuwen (Diagrid) will be doing a joint talk on using cert-manager with SPIFFE.
If you’re like me, your Kubernetes journey started well. Booting up a cluster and deploying a demo application, only to find the dreaded “Your connection is not private” message in your web browser. Attackers could be stealing your information, credit cards and passwords? Frankly, your sock shopping addiction should be nobody’s business. Luckily I found the cert-manager project. As if by magic, this clever controller made my security woes fold away. What about secrets? API and service account keys. This highly sensitive data must be bolted to your pod to ensure it can access databases, api-servers and more. After accidentally committing raw secrets to Github (nobody got time for that), I grew tired. I crawled away into the wonders of Google Cloud Workload Identity. But wait? Haven’t I given up on the wonder of multi-cloud Kubernetes? If only identity could come batteries included. As an encore in the machine identity space, cert-manager now leverages SPIFFE to solve this problem. Pods are empowered to enter the VIP lounge of their choice in whatever cloud, provided they are on the guest list. Don’t believe me? Call me on my bluff. Join me as I explore how this industry problem has been solved using the same magic that gave us TLS on Kubernetes only a few short years ago.
Rotate Roots Right Round: Using Cert-Manager for Safer Private PKI
11:00 | Virtual
Ashley Davis will be talking about how you can use cert-manager to manage private PKI at scale.
There are plenty of benefits when you control your own certificate authority (CA), whether for just one Kubernetes cluster or for your whole organization. Putting a service mesh into production might require rolling your own CA, for example, but there are other use cases where a private PKI makes sense to avoid the headaches of rate limits, issuance costs or relying on third party services. Luckily for us, the concepts behind Public Key Infrastructure (PKI) have been around since at least the 70s and there are there’s a tonne to learn from existing PKI deployments which we can apply to today’s cloud native landscape. Plus, cert-manager is here to help! In this talk we’ll discuss how to use cert-manager to safely deploy a private PKI at organizational scale and some the things we need to think about to ensure that we can run it safely - without causing a major outage down the road by failing to plan for rotation! Ash is a public key cryptography nerd with prior experience in administering PKI at large scale. As a cert-manager maintainer he’s committed to improving the experience of anyone that runs private PKI in cloud native projects and beyond!
Help! Where Should I Start? Your Guide to Cloud Native Resources
17:25 | in G104-105, first floor, Congress Centre
Richard Collins will be participiatng in a panel discussion about the CNCF landscape.
Do you look at the Cloud Native Landscape and feel overwhelmed? You’re not alone — numerous memes certainly prove that. While the most prominent, the Landscape is far from the only resource for end users. Over the past two years, CNCF community members have created new resources to help end users navigate the ecosystem. These include the Landscape Guide, Cloud Native Glossary, Cloud Native Maturity Model, and a (newly launched) CNCF Project Summary Table. During this panel discussion, attendees will learn what they are, how to use them, and where to find them. They will also hear from these community members why they set out to create these resources and how to contribute to these efforts.
If you like
cert-manager, pop on by booth K9, at the CNCF Project Pavilion, in Hall 5. We’re always happy to hear what people have to say about the project! 🚀