KubeCon 2022 Retrospective

Description of image

KubeCon 2022 North America, the largest Kubernetes-centric conference, just wrapped up in Detroit, Michigan at the end of October of this year. I had the good fortune of attending for another year but this time in a role fully dedicated to the Kyverno project for which I serve as one of the maintainers. These are some of the notes I'd like to share in this event retrospective.

At only a five-hour drive from where I live, Detroit was very conveniently located for me and, it would seem, for many given the number of attendees being somewhere in the 6,000 to 7,000 range which I thought surprising. The event was held at the main conference venue, Huntington Place, right on the Detroit river with a beautiful view of Windsor, Ontario across the way. I even managed to drive into Windsor for a bit on Friday to sample some of the local breweries! With plenty of local hotel options in very convenient walking distance as well as the conference venue itself being more than large enough, I found the logistics to be quite nice and worked very well. This was not my first time visiting Detroit, however, as I had come once before in April to hear the Detroit Symphony play, and that was fantastic. During both of those visits, one thing that surprised me was how oddly empty Detroit has become. I was told anecdotally by an employee of the hotel were I stayed in April that due to a combination of COVID-19 and the housing market crash years prior, the population in Detroit was down something like fifty percent. And on that point of COVID-19, a mask mandate was in effect at KubeCon which seemed the appropriate thing to do.

I attended this year as an employee of Nirmata but in the capacity of Kyverno maintainer, a CNCF incubating project. Most of my time was divided between Kyverno booth duty, session presentations, and individual meetings. More on those below. It was great to connect with a few of the folks in the community to have some focused discussions on topics of mutual interest including supply chain security, which has become an important personal topic.

All together, I participated in about four separate sessions. The first session, preceding KubeCon proper, was a Nirmata-sponsored DevSecOps Days meet-up followed by Kyverno workshop on Tuesday the 25th lasting some combined 2-3 hours. Food and drink were provided for attendees and several folks from Nirmata, including CEO, co-founder, and Kyverno co-creator Jim Bugwadia, along with myself, presented an overview of DevSecOps practices and how people may get started. We then rolled into an hour-and-a-half Kyverno workshop which I delivered that provided a nice and gentle overview of Kyverno's features and consisted of a fairly short hands-on lab session. This was an adaptation of a similar yet more extensive workshop I delivered in Los Angeles earlier that year for SCaLE 19x. With around twenty attendees at this pre-KubeCon workshop and some good engagement, I thought it went fairly well. Slides for this workshop can be found here for those interested.

At KubeCon itself, I was fortunate to be able to co-present in two different sessions: Kyverno Introduction and Overview (with colleague Dolis Sharma) and Path to Production: Sustainable Compliance in Strict Environments (with Brandt Keller of Defense Unicorns). Both of these have been posted to YouTube and I've linked to them here. In addition, the Kyverno project also participated in a very cool ContribFest project cooked up by the CNCF and new as of KubeCon 2022. The goal of ContribFest was to gather community members and project maintainers in an informal but hands-on "hack" session which was entirely free-form in nature. Members could work together to solve common problems, add functionality, or anything else. Quite a few projects took advantage of this, which was nice to see. At the Kyverno ContribFest, Jim and I got to work with around 15 community members who attended. After assessing everyones' skill set and interest--which was quite diverse--we split into two groups. The first group, lead by Jim, were more skilled developers and worked on getting a development environment stood up in order to start tackling a documented issue. I took the second group with non-developers and more newcomers to Kyverno where we focused on ecosystem policy authoring. It was gratifying, and a true testimonial to Kyverno's simplicity, to be able to take about half-a-dozen new users through some of the basics and ending at them collaborating to write a brand new Kyverno policy for HashiCorp Consul which had never been done. They even were able to submit a joint PR to get the policy added to Kyverno's extensive policy library!

The remainder of the time was largely spent at the Kyverno booth where we had dozens upon dozens of conversations from KubeCon attendees ranging from existing users, prospective users, critics, and competitors. Having such diverse interaction was incredibly useful, insightful, and healthy for any open source project! Channeling these discussions into actionable feedback and designs has been a very fun process, I must admit. I personally thrive on criticism because, I suppose, all my years as a musician in training have proven that one never improves by one's teachers constantly praising how well they've done; they improve by others pointing out weaknesses and opportunities for improvement. While it's nice to hear what we've done well in Kyverno, I'm far more personally interested in what we haven't done well and what problems we should solve next. We definitely got much good feedback during the week!

Lessons Learned

After a full week of discussion and interaction, I took these lessons away from my experiences over the week.

  1. Security is top of mind of almost everyone. Just about everyone recognizes that security in Kubernetes is a critical component of any story. I have observed this trend growing exponentially in past KubeCons to the point it's almost number one.
  2. Policy is becoming a default. Similar to the first, people are increasingly recognizing that because Kubernetes isn't secure by default, and due to more and more companies adopting Kubernetes and exposing more inexperienced users to it, policy is a must-have and not a nice-to-have thing. Even just a couple years ago when Kubernetes was largely niche with only select few having access and therefore policy wasn't as big a deal, this has increased dramatically today to the point most agree policy is mandatory.
  3. Most people do not like Rego. This may sound like I'm trying to sling mud, but literally every single person with whom I spoke at the Kyverno booth--even those who didn't know about and weren't using Kyverno--relayed that they did not like Rego. They didn't like having to learn it, they didn't like actively using it, and they didn't want to maintain it. This wasn't at all a surprise and when looking across numerous Reddit threads, articles, and videos, the feedback all has this in common.
  4. The supply chain must be secured. It seems that no matter what business people are in, everyone is moving towards some form of supply chain security. Most tend to be spectators at this point trying to make sense of it all, but just about all of them have plans and are moving in that direction. Most are in evaluation mode, but many are in the technology selection mode.
  5. Automation is paramount. With all the complexities of Kubernetes and its expressive ecosystem, to get real meaningful work done today requires automation. Tools that can't play into an automation story don't get used. And automation goes hand-in-hand with security; they aren't separate concepts. Being able to automate tasks is seen as part of a holistic security story.

So, in summary, I felt that KubeCon 2022 North America was quite successful and I learned quite a bit. Interest in Kubernetes is definitely picking up which in turn results in many more interesting projects solving more interesting use cases. Kyverno seemed to be discussed in some fashion "everywhere" as a few folks came and told us.

And that's a wrap for this year. I am looking forward to the European meeting next year in Amsterdam where hopefully there will be some more Kyverno representation. After submitting a couple of co-presentations, we'll see what the results are and if it'll be an in-person attendance or virtual.