Mark your calendar – KubeCon Europe 2022 is just around the corner! This year’s conference offers a hybrid model that takes place in person in Valencia, Spain with a virtual component from May 16-20. As the Cloud Native Computing Foundation’s flagship conference, KubeCon gathers technologists, developers and contributors from leading open source and cloud native communities all over the world. This year’s hybrid event is focused on keeping cloud native connected, as we all adapt to and make the most of a new ecosystem of online collaboration.
VMware joins KubeCon 2022 as a Diamond Sponsor and several of our experts will be sharing best practices and insights, as well as presentations of their work in the Kubernetes space. Here’s a breakdown of some of our hosted sessions you won’t want to miss:
Lightning Talk: Addressing Log4j with Software Supply Chains – Tuesday May 17, 2022 18:04 – 18:09 CEST
Hosted by VMware Product Director Duane Dicapite, this five-minute session will summarize how the open source Buildpacks, flux and Cartographer projects can automate the software supply chain and help to address Log4j builds at scale while minimizing the burden on developers.
The Risks of Single Maintainer Dependencies – Wednesday, May 18 • 14:30 – 15:05 CEST
John McBride is a single maintainer for Cobra, a Go command line bootstrapping library and core dependency for many CNCF projects, including Kubernetes, Helm, Etcd, Istio, Linkerd and many more. He’ll discuss the challenges of being a single maintainer on the critical project called The Lottery Factor, the need for a contributor community and the secure software supply chain implications this has for the entire CNCF ecosystem.
Good Governance Practices for CNCF Projects – Wednesday, May 18 • 16:30 – 17:05 CEST
Many maintainers operate under the assumption that they don’t need governance. But what happens if something goes wrong? Undefined or inadequate governance results in a lack of transparency that causes confusion over how decisions are made, unrealistic expectations, and unresolved disagreements. The CNCF helps projects adopt good governance practices with a focus on fair and transparent governance from sandbox to incubating to graduated. Throughout this discussion, Dawn Foster will cover:
- Why governance is important
- Selecting an appropriate governance model
- Templates with patterns that work well to bootstrap CNCF projects
- The role of mission, values, and scope in setting expectations
- Defining roles, responsibilities, processes, and procedures within your governance model
- Contributor ladders to help people move into leadership positions
- The governance pros and cons of contributing a project to the CNCF
The audience will receive practical advice about creating fair and neutral governance structures and processes for open source projects.
Keynote: PlatformOps: It’s all about Developer Experience – Thursday, May 19 • 10:05 – 10:10 CEST
Ben Hale, Technical Lead, VMware Tanzu: Kubernetes has reached mainstream adoption, with 5.6 million developers using it worldwide. However, organizations are still challenged to make developers productive using Kubernetes. PlatformOps teams are now being asked to build, run and manage platforms that lead with developer experience.
This requires embracing a PlatformOps philosophy that treats developers as customers while meeting their organization’s policies. VMware understands this transition building on 20 years of stewarding the most popular Java framework, Spring, which fundamentally changed the enterprise Java landscape on the back of a superior developer experience. That history allows us to identify patterns and attributes that we believe are critical to delivering a better cloud native developer experience on Kubernetes.
In this talk, Ben Hale, VMware Senior Staff Engineer and Technical Lead for VMware Tanzu® developer experience, will highlight three things PlatformOps teams should focus on:
- Reducing complexity without sacrificing flexibility
- Shifting outcomes left without shifting the burden left
- Ensuring consistency and security without giving up agility
Digging Into Your App’s Container Image Layers for Sneaky Vulnerabilities – Thursday, May 19 • 14:30 – 15:05 CEST
Mitigating vulnerabilities in container images is (most of the time) a straight-forward task: update the base image, use a newer version of Node or Java, bump the patch version of a project dependency, etc. However, all useful pieces of software are complex and vulnerability scanning tools fall short on explaining why they are flagging some edge-cases. In this session, Pablo Galego will walk you through mitigating critical vulnerabilities in popular container images. This will be a hands-on session, first using Aqua’s Trivy scanner to analyze an image generated for a Spring Boot app and then wagoodman’s dive to explore in which layer we are introducing a version of a library with critical vulnerabilities, while Maven seems to tell us otherwise.
Contour Ingress Intro and Deep Dive – Friday, May 20 • 14:55 – 15:30 CEST
Contour, a CNCF incubating project, is a high performance ingress and load balancer solution for Kubernetes. Contour offers a richer feature set than some common alternatives while maintaining a lightweight profile. At its core, Contour is providing a control plane for the Envoy edge and service proxy. During this session, VMware’s Nick Young, Orlin Vasilev and Nigel Brown will show you how to leverage Contour and Envoy for Kubernetes workloads in a multi-tenant environment as well as include a demo of recent Contour features. They will also explain the project roadmap including enhanced support for Gateway API, the Contour Operator for enhanced lifecycle management, distributed tracing support and much more.
Optimize Kubernetes on vSphere with Event-Driven Automation – Friday, May 20 • 14:55 – 15:30 CEST
Kubernetes abstracts out differences across hosting infrastructure, but there are cases when integrated monitoring across the layers of storage, compute, etc., are essential. When faults or reconfiguration happen, manual monitoring, diagnosis and remediation can be slow, costly, and error prone. The VMware Event Broker Appliance is an open source project, usable with Cloud Events and Knative to optimize availability, auditing, compliance, etc. based on vSphere events. VMware’s Steven Wong and Michael Gasch will cover popular use cases and how to get started. The K8s VMware User Group shares best practices for hosting K8s on VMware infrastructure, and we will close the session with details on how you can participate in the group.
The sessions listed above are just a glimpse at what VMware innovators will be offering at KubeCon 2022. Check out the full list of VMware-led sessions by searching for VMware in the event schedule. We look forward to connecting and collaborating with you at KubeCon 2022!
Stay tuned to the Open Source Blog and follow us on Twitter (@vmwopensource) for updates leading up to and throughout the summit.
