KubeCon Europe 2025: day 1

Carlos Santana, AWS

The first talk we made it to was an introduction to the various layers involved in running GPUs on Kubernetes. The speaker broke down the layers from device driver, CUDA runtime, container toolkit to node and GPU feature discovery and the device plugin to handle scheduling and access to the compute resources. It was a good introduction to the various things that are needed to set up GPU-enabled workflows, but what caught me the most was a passing comment about how EKS hybrid nodes allowed an AWS-managed EKS cluster to include nodes running remotely (for example in a homelab) over a VPN like Wireguard.

Christian Posta, Solo.io

I missed the start of this one as I was wandering around trying to find the room for the CTF intro, but after giving up on that until the later session I ended up watching this “sponsored demo” of an LLM attached to a Kubernetes cluster. The introduction that I missed presumably explained exactly what I was looking at, but it seemed to be a web interface for a chatbot that was connected to a Kubernetes cluster which could explain the state of resources in a namespace, preview and apply changes (yes, it did have kubectl and working credentials), as well as reading and summarising online documentation for the user. The speaker also made a big deal of its support for MCP, which apparently stands for the “Model Control Framework” for “domain-specific extensions”. I have no idea what that is, but I’m sure if you are into LLMs that is a good thing.

Álvaro Revuelta, SciLifeLab Data Centre & Valentin Georgiev, Uppsala University

This was one of the things I thought would be the closest thing to the work we do in providing scientific data to other researchers. It turned out that it wasn’t really the same thing, more a tool for short-term sharing of datasets with known collaborators who have requested it specifically, rather than publishing ongoing data publicly for anyone to access.

Andy Martin & Kevin Ward, ControlPlane

Having successfully found the right room, there was a short introduction from the team running the CTF at KubeCon this year, in which they provided an overview of how it worked, one hint² and then some background music for a roomful of people trying to break into an imaginary Kubernetes cluster in a scenario used at a previous conference. I initially felt like I wasn’t making much headway, and was aware of the time ticking away until the next talk I wanted to go to, before I suddenly found the first flag just before I had to pack up and go back downstairs. I guess that’s how these things often go. I learned a lot more about Hashicorp Vault than I was expecting to and I look forward to having a bash at the “real thing” tomorrow.

Abu Kashem, Red Hat Inc. & Stefan Schimanski, Upbound

This talk was framed as the answer to a hypothetical interview question of “what happens when you create a new resource with kubectl apply -f job.yaml?”. It gave a good tour of what happens inside the request handler in the apiserver, mostly covering the various validations, timeouts and audit logs that are added, as well as what “creating a new resource” actually entails in the registry and etcd. There were a lot of details that I’m unlikely to remember, but it’s almost certainly useful to have a sense of what’s going on in there, as well as some trivia like the differences between kinds and resources and what is going on with different apiVersions.

Stefan Prodan, ControlPlane & Sanskar Jaiswal, Kong

Again I missed the start of this talk having accidentally walked to the wrong end of the conference centre to find the room. Luckily, I don’t think I missed too much and was able to figure out that Flagger is a system for doing canary rollouts that we are unlikely to ever use at our scale. It’s not something I’ve ever looked into in detail, and while I’m sure it’s obvious to people who do do this sort of thing, the idea of progressively rolling a new version out automatically as long as the metrics look good is not something I’d considered before.

The main thing I was interested in from this talk was Flux, something we definitely do use. There were a lot of exciting-sounding new features discussed, mostly enabled by the Flux Operator. Ephemeral environments for PRs/MRs is something I’ve thought about before for when we are reviewing changes, and it seems like these should be fairly straightforward to set up with the operator, as well as making Flux component upgrades a lot easier than re-running the bootstrap to update the component manifests in the git repository. Even the presenter said that it was scary and easy to blow up your own cluster before!

Aurélie Vache, OVHCloud & Sherine Khoury, Red Hat

It was definitely by now time for the “fun” talks, starting with this interactive quiz about Docker and OCI containers. For a moment before the questions got too hard I made it onto the top 5 leaderboard, but then we got onto the things I’d actually come along to learn about. It was a good format to have the audience answer a question, then give the answer and a live demo to explain it even more. I was also very impressed with whatever technology they were using to handle typing the demo commands into the terminal, as it clearly was actually doing the work live but also seemed to grab the hashes out of the command output for use in later commands.

Alex Leong, Buoyant

This one was a bit more of a punt, as I didn’t really know what a Service Mesh was or how you’d debug one, but I always enjoy hearing war stories about this sort of thing. The morals of the two bugs presented are almost just about relevant to some of the things I do, and are probably general enough to think about: make sure you aren’t calling blocking functions in places that blocking would lead to deadlock/client service denial, and be careful with different versions of CRDs. I’d also not heard of HTTP2 flow control before, which is something good to be aware of before I encounter some weird bug caused by it in the future.