►
Description
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe in Amsterdam, The Netherlands from April 17-21, 2023. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Keynote: CNCF Project Updates Continued - Ricardo Rocha, Computing Engineer, CERN; Emily Fox, Security Engineer, Apple; Frederick Kautz
Speakers: Ricardo Rocha, Emily Fox, Frederick Kautz
A
C
All
right,
you
ready.
Let's
do
this
if
you've
seen
this
before
it
will
take
a
while,
but
we
can
handle
this.
So,
let's
start
with
cupboard.
So
cupboard
is
a
virtual
machine
management
add-on
for
kubernetes.
It
offers
virtualization
Solutions
on
top
of
kubernetes.
The
recent
initiatives
from
the
project
include
the
alignment
with
kubernetes
releases
for
improved
operations.
The
introduction
of
instance,
type
and
preference
custom
resources
for
a
human
friendly
way
of
defining
virtual
machine
resources
and
seamless
integration
with
service
meshes
with
past
a
new
user
mode,
Network
binding
that
can
connect
VMS
to
pod
Networks.
C
The
version
0.57
focus
on
continuing
stabilization
integration
with
the
with
the
broader
Cloud
native
ecosystem,
while
making
steady
traction
on
initiatives
for
the
future,
it
adds
USB
support,
VMS
VM
snapshots
as
an
export
resource
and
improves
the
virtual
CTL
support
with
Windows
consoles
expanding
functionality
for
day-to-day
operations.
Cupboard
has
also
improved
virtctl
to
support
connections
proxied
by
Rancher
and
added
failure,
volt
as
their
first
integrated
backup
and
Recovery
provider.
A
friendly
mind
reminder
from
the
project
to
be
kind
with
criticisms,
patient
with
the
reviewers
and
always
run
your
local
tests.
C
Now
we
have
flux,
flux
is
provides
ketops
for
both
applications
and
infrastructure,
with
a
set
of
continuous
and
Progressive
Delivery
Solutions
for
kubernetes
that
are
open,
extensible
and
secure
and
scalable.
Recent
highlights
from
the
project
include
the
advanced
support
for
oci
and
cosine,
bringing
greater
security
and
scalability
to
githubs
improvements
in
the
controller
and
security,
including
fuzzing
and
docs
for
Best
Practices,
as
well
as
API
consolidation.
Putting
it
near
to
ga
the
terraform
controller
is
something
that
got
the
users
excited
as
one
of
flux,
tools
that
help
help
strengthen
the
ecosystem.
C
Users
have
shown
excitement
as
well
about
the
support
of
oci
in
flux
with
the
Manifest
alongside
app
image
layers,
the
ecosystem
continues
growing
with
terraform
integration,
as
well
as
vs
code
and
using
flux
with
openshift
version.
0.32
brings
greater
security
for
Enterprise
users,
oci
support
across
all
types,
all
Source
types,
and
this
is
home.
Customized
plain
yaml,
terraform
queue,
Etc
the
helm,
support
retains
release
info,
supports,
Dynamic
functions
and
hooks
the
flux
project
asks
everyone
to
go
ahead
and
try
the
terraform
controller,
the
vs
code,
extensions
and
UI,
which
is
fully
supported
by
the
project.
C
Next
up,
we
have
k-native,
so
k-native
was
recently
included
in
incubation
earlier
this
year.
It's
a
project
that
adds
components
for
deploying
running
and
managing
serverless
Cloud
native
applications
to
kubernetes,
focusing
on
improved
productivity
and
operational
cost
reduction
with
K
nav
K
native
1.8
functions
is
now
generally
available
and
the
same
happens
for
rapid
and
queue
apis
for
broker
and
Source.
C
K
native
is
also
moving
from
a
six-week
release
cycle
to
quarter
releases
on
the
adapter
side,
the
Project's,
Downstream
vendors
or
assets
and
end
users
will
have
a
better
update
experience
with
these
fewer
releases
per
year.
The
rabbitmq
apis
provide
a
high
performance
out
of
order
message:
delivery
alternative
to
Kafka
for
those
who
need
it.
The
project
recommends:
checking
the
blog
post
called
Enterprise
grade
serverless
on
your
own
terms,
with
csued
stakeholders
to
understand
the
value
of
using
k-native
in
kubernetes
I.T
projects.
C
A
All
right,
I,
missary
ingrats,
is
an
open
source,
kubernetes
native
inter
and
kubernetes
Ingress
built
on
Envoy
proxy
recent
recent
initiatives
of
the
project
include
adding
support
for
HTTP
3
to
Downstream,
clients,
increase
stability
and
performance,
and
the
project
is
now
built
on
the
latest
version
of
envoy
proxy
HTTP.
3
is
the
latest
version
of
the
protocol
that
powers
the
internet,
so
organizations
aiming
to
adopt
HTTP
3
protocol
can
do
so
with
Emissary,
Ingress
and
version
3.0.
A
It
provides
improved
performance
and
increased
stability,
particularly
on
lossy
networks
and
use
cases
such
as
Edge
and
Internet
of
Things
version.
3.0
also
provides
an
upgrade
to
Envoy
proxy
122,
addressing
cves
and
older
versions
of
the
project
and
expanding
on
performance
improvements.
The
project
would
love
to
see
users
experiment
with
HTTP
3
and
welcomes
feedback
from
the
community.
A
Backstage
is
a
framework
for
building
developer
portals.
It
restores
order
to
your
microservices
and
infrastructure
without
compromising
autonomy.
The
project
has
a
lot
of
initiatives
to
report.
The
core
framework
saw
1.0
release.
A
third-party
security
audit
sponsored
by
ostiff
resulted
in
12
main
findings
and
with
eight
fixed
in
1.5.0
and
four
being
assessed
in
the
newly
introduced
threat
model.
They've
established
new
communication
Channels
with
the
software
catalog
Sig
with
more
in
development
and,
finally,
the
growth
of
the
plug-in
ecosystem
has
over
70
in
the
pipeline.
A
Today,
users
have
been
giving
very
good
feedback
from
the
1.0
release
and
the
improved
security
posture
through
the
threat
model,
documentation
and
the
project
has
grown
in
maturity
due
to
a
huge
spike
in
public
adopters,
starting
at
just
80
at
the
beginning
of
this
year
and
well
over
200.
Today,
the
1.0
release
was
a
huge
milestone
for
the
project.
With
the
current
1.6
version.
The
project
set
on
a
solid
release
Cadence
with
callouts
to
security,
fixes
new
plugins
and
back-end
services
for
improved
scalability
and
maintenance.
A
The
project
asks
you
all
to
join
the
community
check
the
existing
plug-in
ecosystem
and
would
love
to
see
more
plug-in
contributions,
particularly
from
maintainers
of
other
cncf
projects.
Philium
is
a
networking,
observability
and
security
solution
built
on
evpf
as
a
cni.
It
provides
a
simple
flat,
L3
Network
layer
that
can
span
multiple
clusters,
Ingress
in
Ingress
gateways,
service,
mesh
visibility
and
monitoring.
Among
many
other
features
of
the
project,
project
initiatives
include
the
sidecar
list,
psyllium
service
mesh
and
their
1.12
release,
which
is
all
the
buzz.
A
A
The
sidecar
list,
psyllium
service
mesh,
is
less
complex
and
has
high
throughput,
lower
latency
and
reduced
resource
consumption.
The
psyllium
project
also
has
an
LFX
mentee
to
improve
its
software
supply
chain
security.
The
project
encourages
folks
to
stop
by
their
booth
for
demos,
to
learn
more
about
the
project
and
to
fill
out
the
psyllium
user
survey.
A
Nats
is
a
connective
fabric
to
exchange
data
between
digital
endpoints,
from
microservices
to
Modern,
Cloud
native
applications
and
kubernetes.
It's
Cloud
agnostic
and
can
be
deployed
anywhere
to
bridge
kubernetes,
bare
metal,
VMS
and
low
resource
Hardware.
The
top
initiatives
from
the
project
include
improving
memory
usage
for
kubernetes,
ultra
high
scalability
and
Mobility
features
and
runtime
placement
and
migration
of
stream
key
value,
store
and
objects.
A
This
moves
data
closer
to
applications
and
ensures
business
continuity
during
upgrades
with
the
ability
to
directly
access
data
with
a
lightweight
API
Nats
can
support
Millions
with
consumers
of
persisted
streams,
KV
and
object
stores.
This
is
useful
for
Internet
of
Things
mobile
and
any
type
of
application
at
scale.
The
2.9
release
is
a
milestone
with
improved
performance
under
kubernetes,
greater
scale,
mobility
and
improved
stability
towards
operation
at
massive
scale,
with
zero
downtime.
The
project
is
asking
folks
to
try
installing
via
Helm
charts
and
would
love
your
feedback.
B
Cloud
events
defines
common
event
metadata
and
how
to
expose
it
in
various
formats
and
transports.
It
enables
the
quick
processing
of
events
without
the
need
to
understand
the
schema
and
semantics.
Recent
project
initiatives
include
a
draft
specification
that
standardize
the
component
life
cycle
of
Eventing,
such
as
service
Discovery,
subscription
management
and
event,
delivery
to
new
Cloud
events
supported
formats
like
XML,
CBR
and
translation
of
cloud
event,
specifications
to
Chinese
and
Hebrew
release
1.0.2
has
seen
steady
adoption
growth
with
an
increase
in
end
user
participation
in
the
working
group
and
request
for
new
features.
B
Falco
is
a
runtime
security
project
enabling
threat
detection
at
scale.
It
observes
the
application
and
container
Behavior
extending
threat
detection
with
plugins.
Recent
project
initiatives
include
a
new
ebbf
probe
with
cro
and
BTF
support,
support
for
arm
and
G
visor,
with
Falco
being
able
to
monitor
gvisor,
sandboxes
and
new
plugins
to
detect
security
threats
in
GitHub
and
octave
activity.
Gviser
has
adopted
Falco
as
a
complementary
solution
for
threat
detection
in
their
security
project.
B
The
real
world
impact
from
end
users
that
benefited
from
this
collaboration
to
simultaneously
use
the
enhanced
isolation
and
g-visor
and
the
threat
detection
audits
in
Falco
improve
container
security
version.
0.33
brings
support
for
inspecting
multiple
data
sources,
simultaneously
improved
kernel
compatibility,
stabilize
support
for
arm
architecture
and
Falco
control,
a
new
first-class
tool
to
keep
rules
and
plugins
up
to
date.
Falco
is
looking
into
increasing
diversity
and
participation,
participation
in
the
community
and
is
actively
seeking
new
C,
C,
plus
plus
and
grow
developers,
and
also
non-code
contributors.
B
Cryo
is
an
oci
compliant.
Implementation
of
the
kubernetes
container
runtime
interface
strictly
built
for
kubernetes
cryo
is
reimagining
pieces
of
its
stack
to
be
better
compatible
with
Edge
use
cases
with
recent
initiatives,
including
progress
on
a
rewrite
of
its
container
Monitor
and
rust,
bringing
better
accounting
of
pod
level
resources
and
a
reduction
of
virtual
memory
for
pods
with
many
containers.
It
has
also
added
support
for
Alpha
caps
such
as
username
spaces
checkpoint
and
restore
and
release
artifact
verification
with
s-bombs
and
sixstore
release.
B
1.25.0
was
done
soon
after
kubernetes
1.25
and,
as
always,
has
been
tested
in
lockstep
with
kubernetes
release
and
follows
the
features
added
to
it.
Cryo
is
eager
for
new
contributors
of
any
variety
and
you
can
reach
out
on
the
cryo
slack
Channel
open
Telemetry
provides
high
quality
ubiquitous
and
portable
Telemetry
to
enable
effective
observability
after
metrics
become
stable
after
metrics
became
stable
in
May
they've
become
generally
available
for
Java
JavaScript
pythonm.net.