About SRGTechnical ArticlesRecruitment Information
About SRGTechnical ArticlesRecruitment Information
HOME/Technical Articles/[KubeCon Day 3] Participation Report

[KubeCon Day 3] Participation Report

This is Matsuda Masaya (@mm_matsuda816) from the Service Reliability Group (SRG) of the Media Headquarters.
#SRG(Service Reliability Group) is a group that mainly provides cross-sectional support for the infrastructure of our media services, improving existing services, launching new ones, and contributing to OSS.
This report covers the major trends discussed in the keynote speeches on the third day, as well as two particularly interesting technical sessions: "Continuous Upgrades of Kubernetes Add-ons" and "Using KubeEdge in Edge Computing."
 
 

On the way to the venue

Render was distributing coffee and snacks around the venue before the keynote speech.

KeyNote

The keynote speech on the third day presented the present and future of the cloud-native ecosystem.

Open Source and the Evolution of AI Infrastructure

The next focus was on the power of the open source ecosystem and the evolution of AI infrastructure.
The Prometheus project, a widely known monitoring tool, took early risks while continuing to develop with the community, and its journey to becoming a mature project (Graduated Project) of the Cloud Native Computing Foundation (CNCF) was introduced, highlighting once again the power of open source.
stat

About the Cyber Resilience Act (CRA)

Regarding the impact of the EU's Cyber Resilience Act (CRA) on open source, the report stated that the law primarily places responsibility on businesses that provide commercial products, and that individual developers and non-commercial projects need not be overly concerned.

Cloud-native technology that solves social issues

Finally, examples were presented of how cloud-native technology is not only improving business efficiency but also contributing to solving social issues.
Nonprofits like the United Nations and the Red Cross are using open source and cloud-native technologies to tackle tough challenges like tracking organized crime, providing internet connectivity in the Global South, and building health data platforms, demonstrating how technology is a powerful tool for building a better world.

Featured Session 1: Kubernetes Add-on Vulnerabilities and Continuous Upgrade Strategies

Patch Me If You Can: Tackling Outdated Addons Before They Become a Risk
This session focused on the unavoidable challenge of managing add-ons when maintaining the security and stability of a Kubernetes cluster.

The challenge of managing add-ons: The risk of "if it ain't broke, don't touch it"

Kubernetes add-ons are essential to the functioning of a cluster, including networking (CNI), Ingress, certificate management, monitoring tools, etc. However, they often run with very high privileges, and any vulnerabilities in an add-on expose the entire cluster to serious security risks.
In recent years, open source vulnerabilities have increased exponentially, making add-on management increasingly important.
However, upgrading add-ons is a significant operational burden. It involves breaking API changes, complex upgrade procedures, and non-standardized release notes, all of which require manual work. Many engineers tend to adopt the "if it ain't broke, don't touch it" attitude. This results in the silent accumulation of technical debt and security risks.

Solution: "If it hurts, do it more often."

The session strongly recommended applying the CI/CD philosophy to this problem: "If it hurts, do it more often."
If we continue to avoid upgrades, the changes that we make when we do them will be huge, increasing the risk. Instead, it was suggested that we should perform continuous upgrades at a high frequency, such as monthly, to make the amount of changes made at one time smaller and make the risk easier to manage.
The key to this is automation, using the following tools:
  • Trivy: Vulnerability Scanner
  • Nova: add-on version checker
  • Renovate: Automatic Dependency Updater
By combining these tools, you can automate the process of detecting new versions, checking for vulnerabilities, and creating pull requests for upgrades.
Also, Fairwinds is developing, to detect deprecated APIand version checkerIt was also shown that by combining this with , upgrade verification can be made even more efficient.
He emphasized that a phased approach, always testing and validating in a staging environment before applying to production, and establishing an automated upgrade process are essential to keeping clusters secure and up-to-date.

Featured Session 2: KubeEdge - Real-World Use Cases for Extending Kubernetes to the Edge

KubeEdge DeepDive: Extending Kubernetes To the Edge With Real-World Industry Use Cases
This session provided an in-depth explanation of KubeEdge, an open source project that extends Kubernetes management capabilities from the cloud to "real-world" edge devices, and introduced specific industrial use cases.

KubeEdge: solving edge-specific challenges

Unlike the cloud, edge computing environments face unique challenges, such as limited computing resources, unstable network connections, and high latency.
KubeEdge is designed to address these challenges by optimizing communication between the cloud control plane and edge nodes, and features a highly resilient architecture that allows the edge node to operate autonomously even in unstable network conditions.

Use cases ranging from smart retail to robot control

KubeEdge is seeing widespread adoption, particularly in Asia, across traditional industry sectors such as transportation, energy, manufacturing and automotive.
The session introduced smart retail as a specific use case. A well-known retail chain uses KubeEdge to centrally manage a huge number of devices (cameras and sensors) installed in numerous stores. For example, when a customer approaches a specific product shelf in the store, the edge device detects and processes the movement, automatically displaying related product information on a nearby screen, providing a low-latency, interactive customer experience.
The key benefits of deploying KubeEdge are:
  • Low latency: Data processing at the edge improves responsiveness.
  • Offline capability: Continue operation even if network connection is lost.
  • Simplified operations and maintenance (O&M): Deploying and upgrading applications to a large number of devices is greatly simplified.
Other advanced use cases presented included device management in highway toll booths and surveillance systems, as well as coordinated control of robotic fleets and execution of AI (such as large-scale language models) at the edge.

Community Strategies for Sustainable Projects

At the end of the session, the importance of the project's sustainability was emphasized.
The KubeEdge community has established a clear governance structure to prevent the project from relying on a small number of key members. By building broad partnerships with industry and academia and expanding the ecosystem through regular meetings and events, the community aims to create an environment where anyone can easily contribute to the project and ensure its sustainable development.

Conclusion

We have delivered a report on our participation in KubeCon Day 3.
Time flies and there is only one day left. I will be catching up on the remaining sessions.
 
If you are interested in SRG, please contact us here.