How Was KubeCon Europe and What Could Have Made It Even Better?
In March this year, I visited Paris with my Curity colleagues for the European rendition of KubeCon. On this side of the Atlantic, the Linux Foundation hosts the event annually in a different city. We’ve been to one KubeCon before, in 2023 in Amsterdam, and again, we encountered something spectacular — a gathering of well over 10,000 engineers and cloud experts.
Overall Experience
Despite being very large, KubeCon didn’t feel overcrowded and was very well organized. There were hardly any queues for food and drinks, and you could always get coffee quite easily (an important indicator of a well-organized event, right?). The venue was huge, which is required for such a large event, of course. But it also meant that you had to brace for a good amount of walking to get anywhere — to another session room, to get food or drinks, to get some fresh air, to the toilets, etc.
Even though the session rooms were bigger than last year, there were still sessions that I couldn’t get into. It’s worth remembering that at KubeCon, it’s sometimes important to arrive at the presentations early. You should keep that in mind if you plan to visit KubeCon in the future.
The Exhibition Hall
The exhibition hall was enormous. Plenty of companies and products to check out. One could have easily spent a whole day thoroughly visiting every booth. A day might not even be enough. With so many vendors, it sometimes becomes hard to wrap your head around all the products, but this is also why you attend such events in the first place. KubeCon is definitely a place where you can learn about many technologies and solutions in one place.
Obviously, it can also be fun. With all the companies trying to grab your attention, there are a lot of activities at the booths. Raffles, games, swag, bars, virtual reality experiences, baristas, you name it.
The Sessions
With such a large event, of course, you get a lot of session threads. Interestingly, when you look at the full schedule, you notice that some subjects are more popular than others in a given year. I don’t know if this is because speakers submit similar topics or if the content committee decides to choose talks around a topic. In Paris, the main subject was, unsurprisingly, artificial intelligence and machine learning, in all flavors. Keynotes addressed these themes, as did sessions on running large language models on Kubernetes and using AI to support cloud-native development.
Outside of the main theme, there were still other patterns in the schedule. For example, last year we saw many sessions about the Gateway API and eBPF. I had the impression that sessions on these topics were scarce this year. This year, there was a lot more talk about multi-cluster and multi-cloud. It seems that this area has become an important subject for the cloud-native community.
What I noticed, is that even at such a large event that receives tons of session submissions, quite a few speakers had two or more talks during the three days of KubeCon. This is something the organizers can still improve on. It would be better to have as many different speakers as possible.
The Missing Piece
Compared to KubeCon Amsterdam, this year there were more sessions about authorization. However, I think there were still not nearly enough of these talks. Especially talks about application-level authorization. When people talk about authorization in the cloud-native landscape, they usually mean authorizing access to infrastructure resources or Kubernetes configurations. This is, of course, an important part of an organization’s security solutions, but it’s not the only one. Cloud-native applications are distributed systems by design and must communicate frequently. You have to ensure that this communication is secure and properly authorized. Thankfully, the topic is gaining awareness also in the cloud-native community. This year the IETF started a new working group around it: the Workload Identities in Multi-System Environments (WIMSE) working group. It gathers experts from different fields, but the group focuses on cloud-native technologies.
Only a handful of sessions touched on the subject of application-level authorization, for example:
Ahmet Soormally and Yaara Letz from Tyk gave a talk about OAuth Token Exchange. They described the standard and explained why it’s important that once you process a request inside your infrastructure you should use different access tokens than the ones a user sends to your APIs.
Antonio Nappi and Sebastian Lopienski from CERN described how they use OAuth and OpenID Connect to enable access to CERN’s resources for many researchers worldwide.
The Open Policy Agent (OPA) project was mentioned in a few sessions, but again, this was never in the context of externalizing authorization from the application code. I think that OPA offers many great opportunities in this field and, together with OAuth, can be used to implement virtually any authorization rules.
The scarce sessions about authorization were very popular, and people were turned away from some as the session rooms hit their capacity. This shows that the community is interested in security and authorization (which is good), and I hope that future KubeCons will have more talks that touch on this subject.
There are some things I would like to see done better at KubeCon, but still, it’s an impressive event. I recommend visiting it at least once to anyone working in the cloud-native environment.