We are thankful to have been a part of the four Kubernetes community filled days – five, including the day zero events – at KubeCon + CloudNativeCon North America 2019 in rainy San Diego. That’s right, in an unusual turn of events, it was raining in San Diego for KubeCon. Unfortunately, I forgot to pack an umbrella again. I was hoping that vendors would give out umbrellas like they did last year in Seattle, but, I guess, no one suspected it would rain like this in San Diego, so I don’t feel too bad about making the same mistake.
It was a surreal experience watching an army of yellow raincoated KubeCon staffers struggling to hang up giant slippery-wet surfboards and KubeCon banners at the entrance of San Diego’s famous Gaslamp Quarter. I wish I could share a picture, but something inside me felt like it was a little cruel to take those pictures and I didn’t want to get wet again. I almost justified snapping a pic because there were plenty of other people taking pictures of these poor staffers, but still….
Fortunately, we were not there to be at the beach or surf, so it was still a great event for everything Kubernetes. This conference continues to grow in size, importance and scope. This growth brings implications for organizations beyond a single tool. What happens at KubeCon is a reflection the industry and this is why you should pay attention.
CyberArk realizes the importance of the CNCF and its projects, such as Kubernetes, and this is why we officially became a member of the CNCF. In addition, we sponsored KubeCon San Diego. And KubeCon led to many interesting conversations about open source, secrets management and privileged access management within organizations across North America – if not globally.
The Growing Importance of KubeCon
Approximately 12,000 people attended KubeCon in San Diego this year, but the real news is the growth the conference has experienced each year since its inception 5 years ago. The year-over-year growth between this year in San Diego and last year in Seattle is about 50%. This year, there were so many people in San Diego convention center that, at times, it seemed like the 3 floor escalator was going to collapse under the weight of all the people trying to make it from the keynotes to the breakout sessions and vendor showcase at the same time. Fortunately, there was plenty of staff on hand to tell people “one rider per a step please.”
This is impressive for any conference, but especially impressive for one that is still only 5 years old. The thing that is most staggering is the rate of growth each year across the globe, not just North America. I talked about this in my May EMEA KubeCon blog. How big will it get?
“Security + Identity + Policy” Track and Discussions on Secrets Management
Since the discovery of the most severe Kubernetes vulnerabilities ever, CVE-2018-1002105, have been a bigger part of KubeCon each year (discussed more here). The relatively new KubeCon Security trackunderscores this point. Things are moving in the right direction, but, according to Gareth Rushgrove CNCF, a member of the Security special interest group, most of the interest in Kubernetes security topics seems to center around relatively basic concepts.
My own conversations at the event mirror this sentiment. Many of the people I talked to didn’t know what privileged access management was or said things like “we manage secrets poorly.” The audience was mostly developers and DevOps engineers, so this is not too surprising, since these are not the people usually responsible for enterprise security. The problem is that DevOps mythologies and open source have given these people some security responsibilities, sometimes inadvertently. (Be sure to check out this blog on Kubernetes secrets management best practices for more information.)
Most Talked About Kubernetes Components
Helm was the most talked about k8s component with Istio finishing a respectable second, according to a social media report from Torsten Volk (see below). This isn’t too surprising, since Helm Charts make installing and configuring Kubernetes applications so much easier and Helm 3 was recently released. Everyone knows what Helm is, but Istio is starting to generate a lot of conversation too. Istio is a service mesh that defines communication and networking for microservices. As people dive into the world of microservice networking, it will become increasingly important to define access policies for these services.
The Best Part of KubeCon
The best part of KubeCon was engaging with community users and other open source professionals. We received a lot of great open source feedback and learned so much from other community professionals. We are always looking to hear from you, so join the conversation on the CyberArk Commons Community. Secretless Broker, Conjur and other open source projects are a part of the CyberArk Commons Community, an open community dedicated to developers, engineers, cybersecurity researchers and other technically minded people. To discuss Kubernetes, Secretless Broker, Conjur, or CyberArk Threat Research, join me on the CyberArk Commons discussion forum.
John Walsh has served the realm as a lord security developer, product manager and open source community manager for more than 15 years, working on cybersecurity products such as Conjur, LDAP, Firewall, JAVA Cyptography, SSH, and PrivX. He has a wife, two kids, and a small patch of land in the greater Boston area, which makes him ineligible to take the black and join the Knight’s Watch, but he’s still an experienced cybersecurity professional and developer.