[KubeCon Day 2] Participation Report
#SRGThe Service Reliability Group primarily provides comprehensive support for the infrastructure surrounding our media services, focusing on improving existing services, launching new ones, and contributing to open-source software (OSS).
This article is a report on my experience at KubeCon, and will cover the keynotes and sessions from Day 2.
Introduction
Day 1 of KubeCon + CloudNativeCon North America 2025 was held as a "Co-located Event," focusing on specific projects and themes, similar to ArgoCon and Platform Engineering Day.
A Co-located Event is an event held in conjunction with the main conference at the same venue, providing an opportunity to delve deeper into specific technological fields and deepen interaction with the community.
The main KubeCon event then began on Day 2.
This article summarizes the Day 2 keynote and reports on sessions that I personally found particularly interesting.
KeyNote
This year's KubeCon saw a record-breaking attendance of approximately 9,000 people, and amidst the excitement, a keynote speech celebrating the 10th anniversary of the CNCF (Cloud Native Computing Foundation) was held.
CNCF's Past and Present
In just 10 years since its founding, the CNCF has grown into a massive global community with approximately 300,000 contributors and over 230 projects across 90 countries worldwide.
Over the past decade, many projects, such as "etcd" and "containerd," have reached "graduation" status, indicating maturity. In 2024, new incubation projects such as Cubescape, OpenFGA, Metal, KServe, and Lima joined the CNCF.
Furthermore, the number of member companies has increased from 22 at its inception to over 700, and the introduction of CVS Health as a Platinum Member demonstrates strong support from across the industry.
The fusion of cloud-native and AI
Data was presented showing that approximately half of the more than 15 million cloud-native developers are currently involved in AI-related work, emphasizing that the convergence of cloud-native and AI is a major trend.
In particular, the rapid growth of the inference domain within AI workloads was highlighted as the greatest opportunity, and the astonishing figure of 13 quadrillion tokens processed monthly by Google's AI-related systems was also presented.
Following this trend, the CNCF, in collaboration with Google, NVIDIA, and others, announced the "Kubernetes AI Performance Program." This is a new initiative to make AI/ML workloads portable and standardized on Kubernetes.
The demo showcased GPU resource management using the DRA (Dynamic Resource Allocation) API and automatic scaling combining Prometheus and HPA (Horizontal Pod Autoscaler), and encouraged active participation from the community.
Security and supply chain initiatives
It was reported that the CNCF has invested over $3 million in security and conducted audits over the past few years as a countermeasure against supply chain attacks.
A large-scale audit by OSTIF (Open Source Technology Improvement Fund) reportedly uncovered and rectified more than 40 critical vulnerabilities.
Furthermore, the etcd project was presented as an example of how they have introduced an automated testing and simulation tool called "Antithesis" to ensure the reproducibility of complex bugs and improve quality.
others
Niantic discussed how they are leveraging cloud-native technologies such as Kubernetes, Kubeflow, and Argo in their globally popular game, Pokémon GO. Their presentation covered how combining geospatial data and machine learning optimizes raid battle timing and difficulty, improving the experience for millions of players.
Apple also announced a new framework that allows containers to run directly on Macs without using virtual machines, highlighting improvements in performance and privacy.
Introduction to particularly interesting sessions
I've picked out three sessions that I found particularly interesting from among the ones I attended, and I'd like to share them with you.
Platform Engineering in Action: Test-Driven Development Applied To Developer Platforms
This session demonstrated how to develop a platform using Test-Driven Development (TDD) with Kyverno's testing tool, Chainsaw.
The scenario demonstrated how to prevent connection problems that occur when the secret name for connecting to a database built with Crossplane is changed, using TDD.
The session was highly practical, using GitHub Actions to launch a local cluster with kind (Kubernetes IN Docker) and then executing test cases defined in Chainsaw.
No Joke: Two Security Maintainers Walk Into a Cluster
This was a fascinating session where two engineers demonstrated and explained how to progressively strengthen the security of a Kubernetes cluster.
First, the importance of the "principle of least privilege" was emphasized, and common misconfigurations of RBAC (Role-Based Access Control) and the necessity of encrypting Kubernetes Secrets (Encryption at rest), which are only Base64 encoded by default, were explained.
Furthermore, concrete practices useful in the field were introduced one after another, such as utilizing the "Secret Store CSI Driver" to integrate with external key management services (e.g., HashiCorp Vault), designing network policies starting with "Deny all" (since communication between all Pods is allowed by default), applying Pod security standards (Privileged, Baseline, Restricted), and introducing vulnerability scanning tools (e.g., Trivy) into CI/CD pipelines.
Sync or Swim: Building Platforms You Can See
In this session by Apple engineers, the importance of observability on Kubernetes-based platforms was discussed.
The demo showcased how combining tools such as Crossplane, Argo CD, Grafana, and OpenTelemetry can improve observability, including the state of user-requested resources and platform health.
Furthermore, using a specific failure scenario—the accidental deletion of an authentication resource in a staging environment—the presentation demonstrated how Jaeger tracing and metrics can be used to quickly identify the scope of impact and determine the root cause.
From a technical standpoint, Kube State Metrics was used to quantify the state of Kubernetes objects, and this was linked to instrumented Go code using OpenTelemetry, resulting in integrated visualization of traces and metrics. The emphasis on "Observability as Code," where these observability settings themselves are managed as code using Git, was particularly striking.
Booth interaction and trends
Between sessions, I had the opportunity to visit various company booths and interact with many engineers. Conversations started with questions like, "Did you come from Japan? How long did it take? That's far..." and some even asked, "Is CyberAgent a security company?" It was an interesting opportunity to learn about the corporate image conveyed by company names, something I hadn't really considered before.
Throughout the sessions, I noticed that many focused on the policy engine "Kyverno" or introduced it as part of their technology stack. The fact that KyvernoCon was also held as a co-located event on Day 1 suggests that Kyverno is being adopted and that community interest is growing.
summary
KubeCon Day 2 was incredibly packed with content, from major announcements in the keynote to sessions offering in-depth insights into various technologies.
In particular, I was reminded that the convergence of AI and cloud-native technologies, and the supporting themes of security and observability, will be major trends going forward.
I look forward to keeping up with the latest technological trends during the remaining days of the conference.
SRG is looking for new team members.
If you are interested, please contact us here.