About SRGTechnical articleRecruitment Information
About SRGTechnical articleRecruitment Information
HOME/Technical article/[KubeCon Day 3] Participation Report

[KubeCon Day 3] Participation Report

This is Masaya Matsuda (@mm_matsuda816) from the Service Reliability Group (SRG) of the Media Division.
#SRGThe Service Reliability Group primarily provides comprehensive support for the infrastructure surrounding our media services, focusing on improving existing services, launching new ones, and contributing to open-source software (OSS).
This report covers the main trends discussed in the third day's keynote address, as well as two particularly interesting technical sessions: "Continuous Upgrades of Kubernetes Add-ons" and "Utilizing KubeEdge in Edge Computing."
 
 

On the way to the venue

Before the keynote speech, Render was distributing coffee and snacks around the venue.

KeyNote

The keynote address on the third day presented the present and future of the cloud-native ecosystem.

The evolution of open source and AI infrastructure

Next, the focus shifted to the power of the open-source ecosystem and the evolution of AI infrastructure.
The Prometheus project, widely known as a monitoring tool, was showcased, highlighting its journey from taking initial risks to developing alongside the community and growing into a mature project (Graduated Project) of the CNCF (Cloud Native Computing Foundation), thus emphasizing the power of open source once again.
stat

About the Cyber ​​Resilience Act (CRA)

Regarding the impact of the Cyber ​​Resilience Act (CRA) coming into effect in the EU on open source, the view has been expressed that the law primarily places responsibility on businesses that provide commercial products, and that individual developers and non-commercial projects do not need to worry excessively.

Cloud-native technologies that solve social problems

Finally, examples were presented showing how cloud-native technologies are contributing not only to business efficiency but also to solving social issues.
Nonprofit organizations such as the United Nations and the Red Cross are leveraging open source and cloud-native technologies to tackle challenging issues such as tracking organized crime, providing internet connectivity in the Global South, and building healthcare data platforms, demonstrating that technology is a powerful tool for creating a better society.

Featured Session ①: Kubernetes Add-on Vulnerabilities and Continuous Upgrade Strategies

Patch Me If You Can: Tackling Outdated Addons Before They Become a Risk
This session focused on the unavoidable challenge of "add-on management" in maintaining the security and stability of Kubernetes clusters.

Challenges in add-on management: The risk of "don't touch it if it's not broken."

Kubernetes add-ons, such as networking (CNI), ingress, certificate management, and monitoring tools, are essential components of cluster functionality. However, they often operate with very high privileges, and vulnerabilities in add-ons expose the entire cluster to serious security risks.
In recent years, vulnerabilities in open-source software have been increasing exponentially, making add-on management increasingly important.
On the other hand, upgrading add-ons is a significant operational burden. Breaking API changes, complex upgrade procedures, and the need to review unstandardized release notes all rely heavily on manual work, leading many engineers to adopt a "don't touch it if it's not broken" attitude. As a result, technical debt and security risks quietly accumulate.

Solution: "If you feel pain, do it more frequently."

In the session, we strongly recommended applying the CI/CD approach to this problem: "If it hurts, do it more often."
Avoiding upgrades continuously leads to massive changes and increased risks when upgrades are finally implemented. Instead, it has been suggested that continuous upgrades, such as monthly, should be performed at a high frequency to reduce the amount of change at each upgrade and make risk easier to manage.
The key to this is automation using the following tools.
  • TriVy: Vulnerability Scanner
  • Nova: Add-on version checker
  • Renovate: Automatic dependency update tool
By combining these tools, you can automate everything from detecting new versions to checking for vulnerabilities and creating pull requests for upgrades.
Also, Fairwinds is developingThis detects deprecated APIs.or version checkerIt was also mentioned that combining this with other methods can further streamline the upgrade verification process.
It was emphasized that a phased approach, which involves testing and validating in a staging environment before deploying to the production environment, and the establishment of an automated upgrade process are essential for keeping the cluster secure and up-to-date.

Featured Session ②: KubeEdge - Real-World Use Cases for Extending Kubernetes to the Edge

KubeEdge DeepDive: Extending Kubernetes To the Edge With Real-World Industry Use Cases
This session provided an in-depth explanation of "KubeEdge," an open-source project that extends Kubernetes management capabilities from the cloud to "real-world" edge devices, and introduced specific industrial use cases.

KubeEdge solves edge-specific challenges.

Unlike the cloud, edge computing environments face unique challenges such as limited computing resources, unstable network connectivity, and high latency.
KubeEdge is designed to address these challenges. It features a highly resilient architecture that optimizes communication between the cloud-side control plane and edge nodes, allowing the edge to operate autonomously even in unstable network conditions.

Applications ranging from smart retail to robot control.

KubeEdge is being widely adopted, particularly in traditional industrial sectors such as transportation, energy, manufacturing, and automotive in Asia.
The session featured smart retail as a specific use case. One well-known retail chain uses KubeEdge to centrally manage a vast number of devices (cameras and sensors) installed in numerous stores. For example, when a customer approaches a specific product shelf in the store, the edge device detects and processes their movement, automatically displaying information about related products on a nearby screen, providing a low-latency, interactive customer experience.
The main advantages of implementing KubeEdge are as follows:
  • Low latency: Data is processed at the edge, resulting in improved responsiveness.
  • Offline function: Operation can continue even if the network connection is interrupted.
  • Simplified Operations and Maintenance (O&M): Deploying and upgrading applications to numerous devices is significantly simplified.
Other advanced use cases were also presented, including device management in highway toll booths and monitoring systems, coordinated control of robot groups, and execution of AI (such as large-scale language models) at the edge.

Community Strategies for Sustainable Projects

At the end of the session, the importance of project sustainability was emphasized.
The KubeEdge community has established a clear governance structure to ensure that projects do not depend on a small number of key members. By building broad partnerships with industry and academia, and expanding the ecosystem through regular meetings and events, they aim to create an environment where everyone can easily contribute to the project and achieve sustainable development.

In conclusion

This concludes our report on KubeCon Day 3.
Time flies, and there's only one day left. I'll make sure to catch up on the remaining sessions.
 
If you are interested in SRG, please contact us here.