The European version of the KubeCon+CloudNativeCon in Amsterdam instead of. The rush to the Cloud Native Computing Foundation (CNCF) in-house exhibition this year was greater than ever before: over 10,000 participants came to the Dutch capital, another 2,000 only made it onto the waiting list, many of whom are online.
With these numbers, this conference is the largest open source conference in Europe. It is remarkable that more than half of the participants are taking part for the first time. And the other figures of the CNCF are also steadily increasing: almost 160 projects are now under the patronage of the CNCF. Over 200,000 developers from more than 180 countries are involved, said the organization under the umbrella of the Linux Foundation, which originally came into existence to manage Kubernetes code.
Community in Bloom is the motto of KubeCon Europe 2023, which takes place in Amsterdam.
In the opening speech, CNCF CTO Chris Aniszczyk announced new paying members at gold or platinum level. The former includes the auditing firm EY (Ernst & Young) and the Japanese industrial conglomerate Hitachi. The Indian IT service provider HCLTech was already a Gold member and decided to upgrade to Platinum status. Market competitor Infosys entered directly at this highest level. The list of new Silver level members includes more than 50 companies.
Kubernetes security audit
Kubernetes is the CNCF’s best-known project and was the first to receive Graduate status from the CNCF. Since 2018, the container orchestrator has had to undergo regular security checks by an external company. During the conference, the CNCF the current version of the security audit report.
The basis of the audit is version 1.24 of Kubernetes. The auditors highlighted four points: The complexity of authorization control is less of a technical problem and more of an organizational one. Reviewers raise general concerns that admins get all the details right – bugs manifest themselves in unnecessary permissions and avoidable gaps. Vulnerabilities in the communication between various Kubernetes components can be exploited to gain administrative access. This goes hand in hand with inadequacies in the logging or verification of events. The last point is very specific and even below CVE-2022-3162 documented. An error in the processing of user input allows certain authorization checks to be bypassed and thus access to data that should not actually be accessible.
qualification
The CNCF strives to make Kubernetes and projects from the ecosystem known and understandable to an ever wider audience. The extensive training program has now been expanded to include two new ones certifications extended: “Cloud Native Security Associate” and “Certified GitOps Associate”.
In his opening speech, Aniszczyk again advertised the in-house mentoring program. This includes events such as Googles Summer of Code. Typically, mentee and mentor work together on a project. In addition, the program gives tips on how to fill the respective role particularly effectively and usefully. During the opening speech, the participants were able to see a concrete example of how a developer developed from a complete Kubernetes newbie to a mentor. A well-known hurdle for getting started with any technology is the unfamiliar technical vocabulary or abbreviations. For some time, the CNCF community has managed a Cloud Native Glossary. This is now available in 10 languages - German is also included.
KubeCon Europe 2023 will not be the last of its kind and the CNCF has already announced the date and location for the event in 2024. From the From March 19th to 22nd, Paris will be the meeting place the cloud native community. The North America variant The conference will take place in Chicago in early November 2023. For the first time since 2019, China is also part of the schedule: At the end of September, the CNCF welcomes the Community in Shanghai.
(jam)
