On the 21st of September this year, we attended the Swiss Cloud Native Day. I was accompanied by two of my colleagues, Arnaud Berbier and Christoph Bernhard. This event took place for the third time, and this year, it landed in Bern at the Gurten. Surrounding the capital, Mount Gurten is reachable after 11 minutes of funicular. It’s definitely a great spot to discuss, share, and learn new things!
And learning sessions were organised; the day before was dedicated to workshops, provided on three different subjects
- GitOps with ArgoCD
- Platform Engineering with Backstage
- Kubernetes Basics
Jumping on the tramway, spending a bit of time on the Gurtenbahn, we were right on time to start our journey. All was well organised. At the time specified in their email communication, staff was waiting for all the attendees. Badges were alphabetically sorted, so we didn’t suffer from any waiting queues!
After wandering across the site, we took a seat in the main pavillon, where the welcome session and keynote were going to start.
Anais Urlichs, from Aqua Security, introduced the day by talking about, naturally, security and cloud native. Her title, “Back to the future in the space of cloud native security” definitely ended up with a picture of a sports car, which became popular after a 1985 movie 😉 She started to flashback five years ago and came back to some security events. Codecov in 2021, SolarWinds in 2020, and MGM Resorts early this month: here are some breaches publicly reported.
What do they have in common? They were undetected by the security measures in place, which obviously failed. But staying positive, she closed her session by pushing the public to look at open-source and cloud native solutions, mentioning Sigstore for signing digital artefacts, Kyverno for policies, and Tracee using eBPF for monitoring.
A short break, we moved on, and the next session we chose was from Kunal Kushwaha “Embarking on a Kubernetes Odyssey: A Tale of Building, Deploying, and Scaling”. It was very worthwhile; his session was easy to follow with always a hint of humour. He was embarking us on a K8s journey as he promised, using his virtual assistant, Alex, and was tagging some questions and quotes: “Why should I go cloud native?”, “Benefits of a multi-cloud approach”. The most interesting was maybe this one: “Understanding the hype cycle”. From the “initial hype” to the “plateau of productivity”, he explained each step we would be faced with.
As a huge fan of Cilium from Isovalent, I stayed there to listen to Marga Manterola. She has been appointed Director of Engineering. We, at dbi services, use Cilium in Kubernetes deployments, running in a kube-proxy free setup. Even if I’m familiar with the concept of eBPF, it is always a great pleasure and an opportunity to learn new functionalities around the use of eBPF in the Cilium stack.
A few slides after the start of her session, she announced the great news, following a GitHub PR opened in Oct 2022! Cilium is finally upgraded to Graduated Project at the CNCF. Unfortunately, the Cilium page does not seem to reflect this change. This marks the maturity of the project, proving its stability and wide adoption.
Security on Kubernetes, using Cilium, involves the following points
- network policies (facilitated by the online editor),
- transparent encryption across nodes (either powered by the Wireguard or IPSec protocols),
- observability using Hubble (either the UI, the CLI, or the metrics for Prometheus and Grafana),
- and runtime security using Tetragon, Cilium’s sister project.
Annie Talvasto, during the afternoon, provided us with an interesting overview of an unfortunately popular subject. Working at VSHN, Annie’s goal was to show us “How Kubernetes Optimisation Can Combat Climate Change”. Ambitious topic, I naively thought fighting against global warming would simply require some
kubectl scale sts mylittle_voracious_statefulset --replicas=0. I was wrong. She went through the principles of green software, location shifting (moving workload across different locations), time shifting (scaling up and down accordingly to the time of the day), and demand shaping. She displayed the website of the Branch Magazine. Based on the demand, the website is showing more or less components, from full monochrome-text-only, to a color-flavored-with-nice-pictures web site.
Informative, KEDA was also mentioned at the end of the talk. I would definitely look at this tool, as it provides much more functionalities for automatic scaling on Kubernetes. At least much more than the “traditional” HPA.
I’ve probably forgotten to tell you about the other sessions, but all were, even if not as technical as initially expected, very informative. This was the first year we joined this event, and we’ll definitely be back next year! See you soon, Swiss Cloud Native Day !