KubeCon EU 2023 – 6 Days full of Cloud-Native

Last week we joined KubeCon EU 2023 in Amsterdam to meet with the cloud-native and Azure communities and check out the latest project updates and trends within the open-source ecosystem. We did not only join KubeCon but also other corresponding events.

KubeCon – Community in Bloom

This KubeCon was the biggest KubeCon EU ever. With 10,000 attendees it wasn’t just fully booked but it’s now also the biggest open-source community in Europe.

Cloud Native Computing Foundation (CNCF) now hosts 159 projects backed by 1,300 maintainers and 20,0000 contributors. That is massive! Furthermore, the community runs 406 Community Group Chapters like our Cloud Native Rosenheim Meetup.

https://twitter.com/whiteduck_gmbh/status/1648580356629577733

Pre-Events and Community

On Sunday and Monday, we joined Cloud Native Rejekts. This event supports speakers in the wider community that didn’t make it onto the KubeCon agenda. It’s a fantastic event to attend, with great talks and a perfect location to connect with new and long-time community members. On Monday evening we kicked off the week with a small meet-up with our friends in a nice bar in Amsterdam. Thanks to everyone who joined!

https://twitter.com/nmeisenzahl/status/1647874286529511424

On Tuesday we focused fully on Azure and joined Microsoft at the Kubernetes on Azure Day. The day was packed with great news and announcements. Don’t miss to read all the details below! Furthermore, we found some time to connect with other MVPs.

Later that day we joined our friends from Isovalent for an evening full of Cilium fun (Don’t miss registering for our joined Cilium on Azure Workshop Day in June)! Also, don’t miss to check out their blog where they introduce some cool new Cilum Mesh features.

https://twitter.com/whiteduck_gmbh/status/1648221806090649601

What’s new on Azure and AKS

As mentioned above, last week was full of news and announcements! We have curated a list of them below.

Azure CNI Overlay becomes GA

Azure CNI Overlay streamlines the management of cluster nodes and pods within a Virtual Network (vNet) subnet. Nodes are placed directly on the vNet subnet, while Pods receive IP addresses from a separate private CIDR. An overlay network manages pod and node traffic within the cluster. To access external resources, the node’s IP address is used for Network Address Translation.

As a result, this method saves VNet IP addresses and makes it easier to scale your cluster to larger sizes. Furthermore, this provides connectivity performance between pods that is equivalent to VMs in a vNet. This is because there is no need for custom routes to be deployed on the cluster subnet or an encapsulation method to tunnel traffic between Pods.

Azure CNI Overlay also supports the Azure CNI powered by Cilium, so don’t miss checking this out!

More details are available here.

AAD workload identity with AKS turns GA

Goodbye Pod identity, long live Workload Identity. The long-awaited announcement finally happened during KubeCon. So, there are two announcements:

  • Azure Active Directory (AD) Workload Identity is generally available. Through federation, workload identity provides access to Azure AD-protected resources without the need of managing secrets. This is simpler to use and more flexible than the predecessor Pod Identity
  • Pod Identity is now deprecated but will be supported through 2023

Get started here.

Kubernetes 1.26 support in AKS going GA

Kubernetes 1.26 was released at the end of December 2022 and contains a total of 37 new features: Including 11 features leaving beta status, 10 transitioning to beta, and 16 new features in alpha. In addition to improvements in general Kubernetes metrics as well as pod scheduling, the Container Storage Interface (CSI) migration for Azure Files is also leaving beta status.

Kubernetes 1.26 also marks the change of the container registry for all Kubernetes images from k8s.gcr.io to registry.k8s.io.

Furthermore, 11 obsolete functions are discontinued and removed. The latter should be considered when updating.

More details are available here.

Announcement of AKS Long Term Support (LTS) version

Azure Kubernetes Service will provide a Long Term Support version being generally available on the day of the announcement. With Kubernetes 1.27 it is possible to activate Long Term Support. After activation, you will have a 2-year support window for a specific version of Kubernetes.

In addition, Microsoft is investing in contributing this upstream to make it an official CNCF Kubernetes LTS release.

Further details are available here and here.

Public Preview of Node Resource Group (NRG) lockdown

Node Resource Group lockdown will be a new default setting for the Resource Group created as part of the AKS cluster. You might know this Resource Group as MC_myResourceGroup_myAKSCluster_westeurope. Once enabled, this feature will deny changes that are not initiated by the AKS control plane to resources associated with the cluster like Kubernetes node VMs, Load Balancers, and more.

Find more details on the NRG lockdown here.

OpenCost for AKS cost visibility

Azure has great Cost Management with detailed cost analysis. But if you have a multi-tenant Kubernetes Cluster, it is hard to really drill down which tenant/team/user consumed which resources to generate correct bills. So usually, the costs were just split across all parties. The OpenCost project was launched to address these challenges and created an industry standard for cost monitoring. Luckily, Microsoft announced that they joined the OpenCost community to bring this standard to AKS customers.

More details are available here.

Public Preview of AKS Service Mesh Addon for Istio

Istio has been the dominant Service Mesh within the last few years and recently got accepted into Cloud Native Computing Foundation as an incubating project. A Service Mesh adds the capability of Service discovery, encryption, or more complex scenarios like rate limits, canary deployments, and more to your distributed collections of microservices. Although it offers many benefits, it was also extremely difficult to run and maintain.

With the Istio add-on for Azure Kubernetes Service, Microsoft built benefits on top of the open-source Istio project. These benefits include tested and verified Istio version, scaling, and configuration of the Istio control plane, Azure Managed Grafana & Prometheus integration, and official Azure support.

Find all the details here and a blog article here.

Summary and takeaways

We had some great days at KubeCon EU and all the side events. The event was huge but very welcoming because of the great organization and venue. We met many friends and made even more new ones.

So, what were the latest trends from KubeCon? What should you stay up to date on? In our opinion, on the following:

  • eBPF: The level of awareness of eBPF continues to rise. It’s simply everywhere. From networking through observability to security.
  • WebAssembly (wasm): It seems to be the rising star in the Kubernetes ecosystem. Bringing a flexible and lightweight option to run a workload in special scenarios like fast-scaling and event-based jobs, in the edge or sandboxed code.
  • Sidecar-less Service Meshes: Again eBPF. Services Meshes reduce complexity and latency with the help of eBPF. As a result, the move to an architecture without sidecars.

It was a blast! See you all next year in Paris!