[KubeCon Day 2] Participation Report
#SRG(Service Reliability Group) is a group that mainly provides cross-sectional support for the infrastructure of our media services, improving existing services, launching new ones, and contributing to OSS.
This article is a report on participating in KubeCon, introducing the contents of the keynote and sessions on Day 2.
Introduction
Day 1 of KubeCon + CloudNativeCon North America 2025 was held as a "co-located event" focused on specific projects or themes, such as ArgoCon and Platform Engineering Day.
A co-located event is an event held in conjunction with the main conference at the same venue, providing an opportunity to delve deeper into specific technical fields and deepen interactions with the community.
Day 2 is when KubeCon really gets started.
In this article, I'll summarize the Day 2 keynote and report on the sessions that I personally found particularly interesting.
KeyNote
This year's KubeCon was the largest ever, with approximately 9,000 participants, and amidst the excitement, a keynote was held to celebrate the 10th anniversary of the CNCF (Cloud Native Computing Foundation).
CNCF, then and now
In the 10 years since its founding, CNCF has grown into a massive global community with approximately 300,000 contributors and more than 230 projects from 90 countries.
Over the past decade, many projects, such as "etcd" and "containerd," have reached "graduated" status, indicating maturity, and in 2024, new incubation projects including Cubescape, OpenFGA, Metal, KServe, and Lima joined the organization.
In addition, the number of member companies has increased from 22 at the time of its founding to more than 700, with CVS Health being introduced as a new Platinum member, demonstrating strong support from across the industry.
The fusion of cloud native and AI
Data showed that currently, of the more than 15 million cloud-native developers, approximately half are involved in AI-related work, emphasizing that the fusion of cloud-native and AI is a major trend.
In particular, the rapid growth of inference within AI workloads was cited as the greatest opportunity, and the staggering figure that Google's AI-related systems process 1.3 quadrillion tokens per month was also mentioned.
In response to this trend, the CNCF announced the "Kubernetes AI Performance Program" in collaboration with Google, NVIDIA, and others. This is a new initiative to make AI/ML workloads portable and standardized on Kubernetes.
Demos showed GPU resource management using the Dynamic Resource Allocation (DRA) API and autoscaling combining Prometheus and the Horizontal Pod Autoscaler (HPA), and called for active community participation.
Security and Supply Chain Initiatives
It was reported that, as a countermeasure against supply chain attacks, the CNCF has invested more than $3 million in security and conducted audits over the past few years.
A large-scale audit by the Open Source Technology Improvement Fund (OSTIF) reportedly resulted in the discovery and remediation of more than 40 critical vulnerabilities.
It was also mentioned that the etcd project has introduced an automated testing and simulation tool called "Antithesis," which aims to ensure the reproducibility of complex bugs and improve quality.
others
Niantic spoke about how it uses cloud-native technologies such as Kubernetes, Kubeflow, and Argo in its globally popular game "Pokémon GO." They explained how combining geospatial data and machine learning improves the experience for millions of players by optimizing the timing and difficulty of raid battle appearances.
Apple also announced a new framework for running containers directly on Macs without using virtual machines, and discussed how it improves performance and privacy.
Particularly interesting sessions
Here are three sessions I found particularly interesting.
Platform Engineering in Action: Test-Driven Development Applied To Developer Platforms
In this session, Kyverno's testing tool, Chainsaw, was used to demonstrate how to develop a platform using test-driven development (TDD).
The session presented a scenario in which a database built with Crossplane could no longer be connected after changing the secret name used to connect to it. The session demonstrated how TDD could be used to prevent this.
The session was very practical, featuring a local cluster set up using kind (Kubernetes in Docker) on GitHub Actions and the execution of test cases defined in Chainsaw.
No Joke: Two Security Maintainers Walk Into a Cluster
It was a very interesting session, with two engineers demonstrating how to step by step strengthen the security of a Kubernetes cluster.
They began by emphasizing the importance of the "principle of least privilege," explaining common misconfigurations of Role-Based Access Control (RBAC) and the need to encrypt Kubernetes secrets, which are only Base64 encoded by default.
They then went on to introduce a series of specific practices that are useful in the field, such as using the "Secret Store CSI Driver" to connect to external key management services (e.g., HashiCorp Vault), designing network policies that start with "Deny all" because communication between all pods is allowed by default, applying pod security standards (Privileged, Baseline, Restricted), and introducing vulnerability scanning tools (e.g., Trivy) into CI/CD pipelines.
Sync or Swim: Building Platforms You Can See
This session, delivered by an Apple engineer, discussed the importance of observability in Kubernetes-based platforms.
The demo showed how a combination of tools, including Crossplane, Argo CD, Grafana, and OpenTelemetry, can be used to improve observability, including the status of resources requested by users and the health of the platform.
Based on a specific failure scenario in which an authentication resource was accidentally deleted in a staging environment, Jaeger traces and metrics were used to quickly identify the scope of impact and investigate the root cause.
From a technical perspective, Kube State Metrics was used to metricize the state of Kubernetes objects, and by linking this with Go code instrumented with OpenTelemetry, traces and metrics were visualized in an integrated manner. Another notable highlight was the emphasis on the "Observability as Code" concept, in which these observability settings themselves are managed as code using Git.
Booth interaction and trends
Between sessions, I had the opportunity to visit each company's booth and interact with many engineers. Conversations started with things like, "You came from Japan? How long did it take? That's far..." and some even asked, "Is CyberAgent a security company?" I don't usually pay much attention to that, so it was an interesting opportunity to learn what kind of corporate image the company has just from its name.
One thing I noticed throughout the sessions was that many sessions featured the policy engine "Kyverno" or introduced it as part of a technology stack. The fact that KyvernoCon was also held at the Co-located Event on Day 1 indicated that Kyverno is being adopted and that interest in it is growing within the community.
summary
KubeCon Day 2 was an incredibly packed day, from the major keynote presentations to sessions that provided in-depth insight into each technology.
In particular, I was reminded that the fusion of AI and cloud-native technologies, and the themes that support it such as security and observability, will be major trends in the future.
I plan to spend the remaining days of the event thoroughly catching up on the latest technology trends.
SRG is looking for people to work with us.
If you are interested, please contact us here.