►
From YouTube: Keynote: Kubernetes Project Updates - Ricardo Rocha, Computing Engineer, Emily Fox, Frederick Kautz
Description
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Keynote: Kubernetes Project Updates - Ricardo Rocha, Computing Engineer, CERN; Emily Fox, Security Engineer, Apple; Frederick Kautz
Speakers: Ricardo Rocha, Emily Fox, Frederick Kautz
A
C
C
C
Kubernetes
development
is
sustained
by
thousands
of
contributors
and
special
interest
groups
whose
dedication
and
focus
to
their
domain
areas
make
kubernetes
one
of
the
most
pivotal
infrastructure
components
of
our
time,
and
today
we've
got
quite
a
few
updates
from
these
special
interest
groups.
So
to
kick
things
off,
Sig
security
is
focused
on
all
things:
kubernetes
security.
This
includes
evolving
Community
collaboration
and
Partnerships
across
things
and
working
groups
to
improve
the
security
of
kubernetes
and
they've,
been
very
busy.
They've
developed
a
new
method
for
self-assessing
kubernetes
sub-projects
and
completed
the
cluster
API
self-assessment.
C
As
a
pilot
of
this,
they
plan
to
make
this
process
more
accessible
for
future
projects,
and
some
projects
and
they've
also
released
the
cve
feeds
so
that
everyone
can
stay
up
to
date
and
verify
the
most
recent
security
fixes
for
kubernetes
it's
available
in
Json,
which
allows
adopters
to
integrate
the
feed
into
their
own
workflows
and
the
2022
security
audit
allows
organizations
to
continue
to
remain
confident
in
the
security
of
kubernetes.
You
can
find
this
in
their
repo
Civic
Securities
documentation.
C
Subproject
has
also
helped
make
numerous
improvements
to
the
kubernetes
documentation
in
ways
that
support
good
security
for
all
end
users
and,
more
recently,
and
with
input
from
Community
experts.
The
security
checklist
provides
a
starting
point
for
end
users,
who
want
to
secure
their
kubernetes
clusters,
especially
for
those
that
may
be
overwhelmed
by
the
complexity
of
container
security.
This
is
an
amazing
resource.
I
encourage
everyone
to
check
it
out.
C
On
top
of
all
of
this,
sig
security
continues
to
focus
on
inclusion,
consent
and
mutual
support,
so
that
everyone
can
participate
in
improving
the
security
of
kubernetes
together.
Please
join
Sig
Security
on
the
kubernetes
slack
Channel
or
come
to
one
of
their
regular
meetings.
You
could
be
the
next
person
that
helps
make
kubernetes
safer
for
everyone.
C
Sig
docs
is
focused
on
providing
documentation
that
continues
to
benefit
users
and
communities
with
each
new
feature,
enhancement
and
best
practice
through
inclusivity
and
Crossing.
Partnerships
sigdox
is
especially
proud
to
announce
the
localization
of
kubernetes.io
into
Hindi.
It
is
their
first
use
of
the
Dave
and
agree
script
and
they
are
working
on
localization
for
Bengali.
They
are
closely
partnered
with
Sig
Security
on
the
development
and
publication
of
both
the
CDE
feed
and
the
security
checklist
I
talked
about
previously
and
as
the
scope
and
use
of
kubernetes
has
continued
to
grow.
C
Multi-Tenancy
has
become
more
than
just
namespaces
after
collaborating
with
multi-tenancy
working
group.
Figdocs
is
pleased
to
announce
the
new
kubernetes
multi-tenancy
overview
and
best
practices
which
describes
use
cases,
terminology
access,
controls,
data,
plane,
isolation
and
so
much
more.
Please
join
Sig
docs
on
the
kubernetes
slack
Channel
Sid
kubernetes
infrastructure
has
been
focused
on
implementing
cost-cutting
measures
for
the
cloud
infrastructure
bill
as
they
are
responsible
for
managing
the
build
and
test
infrastructure
of
the
kubernetes
project.
C
The
most
pressing
of
these
was,
with
their
storage
and
bandwidth
costs
for
container
images
that
the
project
produces
to
address
this.
They
built
a
proxy
service
that
can
route
download
requests
to
the
cloud
of
origin.
This
new
proxy
is
expected
to
save
the
project.
Nine
hundred
thousand
dollars
a
year
once
it
has
reached
adoption
and
everyone
here
can
help.
C
They
request
the
Community
start
downloading
immediately
their
images
from
registry.kates.io
instead
of
the
previously
used
kates.gcr.io.
Please
spread
the
word
through
your
company
and
your
community.
This
will
allow
kubernetes
infrastructure
to
put
resources
towards
other
initiatives
from
this
immense
cost
savings
and
thick
storage,
Works
in
all
areas
of
storage,
from
file
and
Block
store
to
generic
operations
on
storage.
They
are
thrilled
at
the
inclusion
of
several
long-term
efforts
becoming
generally
available
features
in
kubernetes
125..
The
local
ephemerate
storage
capacity.
C
Isolation
feature
provides
support
for
capacity,
isolation
of
local
ephemeral
storage
between
pods,
so
that
a
pod
can
be
hard
Limited
in
its
consumption
of
shared
Resources
by
evicting
pods.
If
the
consumption
of
local
ephemeral
storage
exceeds
that
limit,
the
CSI
ephemeral
volume
feature
allows
CSI
volumes
to
be
specified
directly
in
the
Pod
specification
for
ephemeral
use
cases,
they
can
be
used
to
inject
arbitrary
stage
such
as
configuration
or
Secrets
directly
inside
pods,
using
a
mounted
volume.
The
feature
is
used
by
some
CSI
drivers,
such
as
the
Secret
store
CSI
driver.
C
The
CSI
migration
is
an
ongoing
effort
that
Sig
storage
has
been
working
on
for
a
few
releases.
Now
the
goal
is
to
move
entry
volume
plug-ins
to
out
of
tree
CSI
drivers
and
eventually
move
the
entry
volume
plug-ins
with
less
entry
code.
The
risks
of
a
mistake
are
reduce
and
cluster
operators
can
select
only
storage
drivers
that
their
cluster
requires
now
on
Alpha
and
125,
the
container
object,
storage,
interface
or
Cosi
enables
provisioning
and
access
to
object,
storage
in
kubernetes,
alongside
file
and
block
storage
similar
to
CSI.