What You Missed at KubeCon North America 2023

KubeCon North America 2023 was abuzz with compelling sessions on AI, security, and the environmental impact of software development. In case you missed it, here are some of the key takeaways:

AI & GPU Utilisation are on Everyone’s Mind

KubeCon Chicago featured 47 sessions on ML/AI, data processing, and storage (not to mention KubeCon’s inaugural co-located AI Hub). There were many discussions around the growing opportunities for AI innovation in the cloud space. Not least of these was a compelling spotlight on AI’s potential for driving improvements across security ecosystems - especially when it comes to malicious pattern recognition.

However, conference sessions did not shy away from the ethics, security, and environmental sustainability concerns that loom over AI innovation. Shane Lawrence of Shopify led an excellent session on some of the potential security issues that accompany the adoption of AI, including information leakage and exploit obfuscation - especially in cases of phishing attacks.

Another big concern with AI, especially LLMs, is the requirement for vast, power-hungry computing resources. Currently, Kubernetes provides limited support for resource sharing and allocation. This means it’s often difficult to right-size workloads so that GPU resources are used efficiently. Kevin Klues shared some excellent insights from the work Nvidia is doing to tackle issues in this space via dynamic resource allocation (DRA), which allows platform engineers to describe GPU resources more efficiently. This allows multiple GPU types per node, and easier allocation of GPU resources via time slices and multi-instance groups. Optimising resource consumption for AI workloads will become increasingly important as large language models grow - especially while GPU hardware remains scarce.

Supply Chain Security is Crucial

Security, Auditing, and Compliance were prominent themes at KubeCon Chicago. For vendors of software, platforms, and open-source tooling, ensuring security within cloud-native ecosystems is vital for building trust and positive relationships both within the industry and with end users.

A big focus of this year's event was how we can ensure supply chain security. Cloud-native technology is an ever-changing landscape that supports rapid development, and simplifying adoption. To achieve this, the community shares its knowledge and resources. Supply-chain security is crucial for securing open-source and community-based channels of information.

A solution that stood out across the security sessions was In-Toto. In-Toto is an attestation framework that focuses on improving supply chain security by creating secure documents detailing the contents and operations applied to each step of building secure software. These documents are signed through cryptographic primitives, ensuring their contents are secure, and allowing an end user to verify the chain of software development. In-Toto’s ability to be applied on top of existing build infrastructure to produce a secure and verifiable build chain makes it an exciting option for enhancing supply-chain security.

eBPF Has Received Some Exciting Upgrades

For those who aren’t familiar, eBPF is a kernel technology that allows efficient interaction with kernel state through a programmable interface. The power and application of eBPF are becoming increasingly apparent, and there are a number exciting new developments in eBPF across security, networking, and observability.

Isovalent and Cilium, some of the main propagators of eBPF, have further diversified their eBPF-based operations into security via Tetragon. The first major release of this tool was published at the start of November, bringing exciting new features for monitoring runtime security in Kubernetes. Daniel Borkmann of Isovalent detailed their work in improving the performance of networking within Kubernetes. This included some impressive features such as a new veth replacement called netkit, that aims to improve the performance of eBPF when applied in the network namespace context. Support and development for BIG TCP were also covered, allowing cluster operators to achieve the maximal performance of their network stack, whilst also reducing latency and system load.

There were also a number of presentations covering eBPF in the observability space. Mauricio, Principal Software Engineer at Microsoft, talked about leveraging eBPF for gathering low-level system metrics in Linux through projects like ebpf_exporter, Inspektor Gadget, and Tetragon. Due to eBPF being low-overhead and fast, application of it for system monitoring is an ingenious idea.

Environmental Sustainability is Increasingly Important

Environmental sustainability is a hot-topic across industries, and KubeCon was no different. The first keynote of the conference saw panellists from various environmentally-focused advisory boards discussing the current challenges of measuring the environmental impact of software. Together, they promoted a directive for software development to achieve net zero carbon emissions.

The environmental sustainability keynote introduced a compelling technique called Software Carbon Intensity specification, which can be used to determine the environmental impact of software and hardware development. The team of panellists leading this discussion also highlighted the meaningful sustainability impacts of High-Performance Computing, AI and ML, and generic workloads. It’s clear that widespread adoption of sustainability efforts will be necessary to improve the environmental impact of the software industry.

And that’s a wrap for KubeCon North America 2023. See you in Paris for KubeCon Europe 2024!