I wanted to write a quick blog on my past week at KubeCon / Cloud Native Con Europe, happening in Amsterdam. I went 4 days, with one pre conference day spent on ArgoCon. In the past, I wrote detailed report on all the talks I attended but I wanted to keep it more general this time. This blog post is the result of me going through my notes and pointing out what I found interesting and am hoping to spend some time on.
It was a long week, and I am still recovering of all the excitement on this sunday afternoon writing this blog post. I had to pick between doing a bunch more research to be absolutely sure that all I wrote down is correct, or just glance my notes and dump my brain with the risk I am not 100% accurate in what I write down. I decided to take that risk, as the first option might not happen due to time constraints. At least my memory is a bit fresh now.
Please contact me if you see any errors so they can be resolved.
We use ArgoCD at work for our GitOps needs. We have a pretty sophisticated setup with Terraform automatically adding new Kubernetes clusters to ArgoCD, but we can improve a bit here by looking into some more “advanced” usecases.
I’m interested in eBPF for years but it’s a highly technical subject on which I have not spent any time to grasp. Apparantly you can go pretty deep on this stuff, but it gives you so much power I should not longer ignore tools using this. The Cilium Project is doing a lot of work here.
Cilium adds a Container Network Interface to Kubernetes using eBPF to essentially get observability / security reporting for free. It also gives you an advanced policy framework that allows you to go beyond vanilla Kubernetes network policies. You can also add multi cluster support and even talk to external endpoints like virtual machines.
I feel the overview below is newer (as it is including Tetragon) but maybe less clear
I am really going to keep paying attention to Tetragon, as it can be dropped into any workload and gives you a lot of insights in how your application is behaving, with additional security benefits as well. I did a workshop using Tetragon and it could detect malicious processes running on a host normal Kubernetes security tooling might miss
Just a quick dump of tools and topics to end this blog post with. I need to properly look into this
To end this with, i’m thinking of started a side project in which I build some kind of reference system which you can use to spin up Kubernetes clusters in an automated, GitOps way with Cluster API and ArgoCD, this will probably keep me up at night. There was an amazing talk showcasing just this and I will probably steel everything they made.