Virtualization Technology News and Information
KubeCon 2024 Paris: The Largest Open Source Fair Becomes a Major Attraction

By Dr. Jens-Henrik Soeldner

This year, Kubernetes celebrates its 10th anniversary, having been introduced by Google in 2014 as an open-source project. Its success story and impact on the cloud computing market are as impressive as the success of the associated conference. This year's European edition of the conference, "KubeCon + CloudNativeCon", held from March 19 to 22 in Paris, set a new visitor record with over 12,500 participants.

Even before the official start, the conference was in full swing during the "Cloud_Native Rejekts" pre-event on March 17 and 18, allowing those who didn't make it into the official conference program to present their talks. Tickets for this pre-conference event were offered for free, thanks to generous sponsorship from Cisco, Microsoft Azure, and Rancher by SUSE, in line with the spirit of the open source community.

Priyanka Sharma, the CEO of the organizing Cloud Native Computing Foundation (CNCF), introduced the latest developments in the Kubernetes and cloud-native ecosystem in her keynote. In her keynote, she focussed strongly on the pervasive role of artificial intelligence (AI). Many AI workloads are now running in containers managed by Kubernetes. Companies can use NVIDIA's AI Enterprise as a curated platform and run AI applications in their own data center environments on commercial Kubernetes distributions  like Red Hat OpenShift, VMware Tanzu, Canonical Kubernetes, Mirantis Kubernetes Engine, or directly in the public cloud with AWS, Azure, or Google Cloud. GPU support in Kubernetes is continually expanding, with GPUs from AMD, Intel, and NVIDIA dynamically assignable to clusters since Kubernetes 1.26. However, there is still much development work to be done, especially in terms of scaling and high availability. The CNCF is contributing significantly to making the operation of AI workloads in the cloud more uniform and user-friendly with their AI-focused projects like Kubeflow, Ray, and KubeRay. At the conference, the CNCF's AI working group introduced a white paper on "Cloud Native Artificial Intelligence," offering decision-makers, developers, and administrators a comprehensive overview of AI with cloud-native technologies. The working paper can be downloaded directly from the CNCF announcement:

The extensive exhibition area was particularly spectacular, easily surpassing other conferences with over 200 vendors showcasing their products and services related to Kubernetes and many other CNCF projects. VMblog took the opportunity to speak with selected exhibitors on-site to get an overview of the news and trends.

As expected, providers of commercially supported Kubernetes distributions were very present on the show floor of the conference. Canonical, the open-source veteran behind Ubuntu, introduced the new generation of its Kubernetes distribution, MicroK8s (pronounced "micro kates"). Until now, it has been available in two editions to address different customer needs: "Canonical Charmed Kubernetes" for large environments requiring customization and integration with legacy systems, and "Canonical MicroK8s," focused on ease of use and scalability. Canonical plans to evolve MicroK8s into a single-edition Kubernetes distribution that meets all customer needs. Cédric Gégout, VP of Product Management at Canonical, emphasized in a discussion with VMblog that "the new version of MicroK8s, offered under the name Canonical Kubernetes, will serve the needs of both developers and administrators. We have focused on three key points: first, enabling developers to build applications based on an ultra-small and extremely secure containerization that runs on all infrastructures. Second, serving all systems from a single developer laptop to large environments in data centers and the cloud with the same edition. And third, supporting developers' innovation by taking care of reliable patching for security and support." The next version is scheduled for release in May. Those interested in testing it as a beta can find more information at

Mirantis, a specialist in Kubernetes and OpenStack and the company that acquired Docker's enterprise business in 2019, also introduced the new version of its popular Kubernetes IDE, "Lens Desktop," during the conference. The manufacturer aims to make working in the IDE more efficient and productive with simplified processes, a sleeker interface with a new UI/UX concept, a unified navigator for all Kubernetes clusters and resources, and a new API for extensions. The 2024 version of Lens is now available as an Early Access version. Mirantis also offers the IDE with additional security and management features as a Lens Enterprise subscription for the needs of large customers.

Also new from Mirantis is the expansion of its existing training program with the "Mirantis Academy." The manufacturer aims to help IT specialists further develop their expertise in key technologies of the cloud-native computing spectrum with a 30-day training program. Combining live interaction with trainers and recorded content, the manufacturer wants to provide a personalized learning experience tailored to the participants' needs. Within the academy, there are currently three primary modules that participants can complete with a recognized certification: Kubernetes Operations, Docker Containerization Essentials, and OpenStack Operations. More information about the Mirantis Academy is available at

VMware by Broadcom presented its comprehensive offering in the field of cloud-native technologies under its Tanzu product line, focusing on knowledge transfer presentations in the exhibitor area. Timo Salm, Senior Lead Solution Engineer for Tanzu and developer topics at VMware by Broadcom, informed participants about the value proposition of the Tanzu Developer Portal, a commercial implementation of the currently very popular Backstage project, which was originally made available to the open-source community by Spotify.

Red Hat took advantage of the conference to simultaneously introduce the new version 4.15 of its commercial Kubernetes distribution "Red Hat OpenShift," now generally available. OpenShift 4.15 is based on Kubernetes 1.28 and the Container Runtime Interface CRI-O 1.28. In a conversation with VMblog, Chuck Dubuque, responsible for Product Marketing of OpenShift at Red Hat, emphasized: "The new version introduces additional features to accelerate the development and deployment of cloud-native applications also in the hybrid cloud. We support almost all platforms customers have in use: besides our own technology stack, of course, VMware, Microsoft Azure, Google Cloud, and AWS. New in Red Hat OpenShift 4.15 is the support for AWS Outpost and AWS Wavelength Zones, allowing us to manage Mobile Edge Computing applications directly via OpenShift."

Cloud Foundry, the open-source platform for developing and deploying cloud applications, remains an important part of the cloud-native landscape even after VMware's acquisition by Broadcom. Broadcom plans to invest more in the platform, and Cloud Foundry continues to contribute significantly to the revenue of VMware Tanzu. Powerful tools like Buildpacks and the CNCF-native project Korifi enable customizable workflows and simplified use of Kubernetes. "With continuous investments, strong partnerships, and innovative projects, Cloud Foundry is well-positioned to play a significant role in application development and deployment in the future," representatives of the organization said in a conversation with VMblog.

Observability specialist Dynatrace presented its solutions for observability and security in Kubernetes environments at KubeCon 2024. The focus was on AI-based optimization, data observability, and open-source engagement. Highlights included reducing costs and complexity through intelligent analysis of cloud environments, ensuring data quality for better decisions and AI models, and an enterprise-focused OpenTelemetry distribution with security hardening and support. Dynatrace also announced at the end of January that it had acquired Runecast, a company specializing in AI-supported compliance and security reviews in the VMware and cloud environment, and has successfully completed the acquisition., also active in the observability field, claims to be currently the only provider fully committed to the OpenTelemetry standard, offering simple and cost-efficient solutions for capturing logs, metrics, and traces. The company announced a new AI solution based on Large Language Models (LLM) and Generative AI. The vision is to enable interaction with the data on a chat basis in the coming months, integrating the first functions into ObservabilityIQ. intends to integrate AI features into all products, including App360, an APM solution known for its simplicity, as well as introducing enhancements for K8s 360 and launching a new Explorer in ObservabilityIQ.

JFrog, known as a provider of DevOps solutions and Binary Repository Manager, is increasingly focusing on artificial intelligence and machine learning. With the introduction of FrogML, the company offers standardized packaging of training data to support the developer community. JFrog aims to automate security and use machines instead of humans to detect and block malicious models. By integrating AI-powered features into its platform, JFrog seeks to improve security and compliance around machine learning.

Sysdig has evolved from an observability provider to a leading company in cloud-native security. With Sysdig Monitor and Sysdig Secure, the company offers a unified security platform (CNAPP). A core product of Sysdig is Falco, a "security camera" for cloud-native infrastructures that monitors kernel syscalls to detect malicious behavior in VMs and Kubernetes. Initially developed 8 years ago, Falco has been part of the Cloud Native Computing Foundation (CNCF) for 6 years and recently achieved Graduated status. Sysdig uses streaming and runtime technologies to monitor events in clusters and detect anomalies using AI, analyzing not only the kernel but also logs and events to identify compromised credentials or crypto mining, for example. Currently in beta, Sysdig Sage is a solution that integrates Large Language Models (LLMs) into Sysdig software to help users better understand and fix exploits.

Security and identity management specialist Venafi offers a solution for cryptographically verifiable and attestable identities, similar to a Certification Authority (CA), enabling communication between workloads. By encrypting connections between workloads, security is enhanced. Venafi automates the issuance of time-limited identities according to the SPIFFE standard. With the announcement of "first-class integrity" and the Firefly WCI-Issuer, Venafi provides a scalable workflow that supports SPIFFE. The process involves generating certificates for workload components, which are then signed by the WCL Identity Issuer. These signed identities are short-lived, as they are used in Kubernetes, and are based on the organization's CA. Renewal or revocation of the identities is of course possible.

Storage specialist NetApp used KubeCon to present updates for its Kubernetes storage platform Astra. NetApp has been active in the Kubernetes environment since 2017 with "Astra Trident," its implementation of the Container Storage Interface (CSI) Driver, and has offered a data backup service with Astra Control since 2021. New improvements in the architecture of Astra Control, which NetApp plans to roll out in the first half of 2024, are now available. According to the company, NetApp offers the first managed service for data backup and disaster recovery for containerized applications and Kubernetes in the three major public clouds. In a conversation with VMblog, Hendrik Land, Solution Architect DevOps at NetApp, emphasized the importance of architectural innovations: "A focus of further development is the improved integration with current tools from platform engineering. This includes Infrastructure-as-Code tools and allows extensive automation via CI/CD pipelines, GitOps, and other tools for policy-based management. Furthermore, we have addressed scalability, now being able to manage thousands of Kubernetes clusters from a single data management layer thanks to efficient asynchronous communication."

A similar picture emerged in a conversation between VMblog and Murli Thirumale, Vice President and General Manager at Pure Storage subsidiary Portworx. Thirumale confirmed: "Kubernetes has now established itself as the de facto standard for developing modern applications. This naturally includes not only Kubernetes-based applications but also AI/ML workloads, databases, and CI/CD pipelines. With PortWorx by PureStorage, users can rely on a solution fully integrated with Kubernetes for the permanent storage of their application data, data security, and also migrations of data between the various public clouds and on-premises environments."

German companies also took advantage of KubeCon to present their solutions and news. On-site, the VMblog spoke with confidential computing provider Edgeless Systems and data center operator Hetzner, which has been offering a self-developed public cloud environment with high data protection promises and attractive pricing conditions for several years.

Edgeless Systems, a spin-off from the Ruhr University Bochum, renowned for its teaching and research in the IT security field, presented its confidential computing offerings. Confidential computing refers to protecting the confidentiality of data through continuous encryption not only "in transit" and "at rest" but also during processing within the CPU ("in use"). The latter is essential for confidentiality when processing takes place within a public cloud, where the infrastructure is managed by another party, the cloud provider. Technical foundations for confidential computing are features in current CPUs and GPUs such as AMD's SEV ("Secure Encrypted Virtualization") or Intel's TDX ("Trust Domain Extension"). NVIDIA's GPUs, with the NVIDIA Hopper and Blackwell architectures, extend confidential computing to AI and LLM workloads. The young company from Bochum provides open-source software to apply the confidential computing capabilities of current CPUs and GPUs to relevant workloads, ensuring that data remains encrypted even during processing. For this purpose, Edgeless has developed its Kubernetes distribution, "Constellation," ensuring that cloud providers cannot access the data. According to the provider, legal requirements such as the Digital Operational Resilience Act (DORA) and the GDPR can be fully met. The company has also released Continuum AI, a new solution that encrypts data in AI applications like LLMs so that the input data ("prompts") remain completely confidential and are not visible to infrastructure or AI providers.

In a conversation with VMblog, Thomas Strottner, Vice President of Business Development, emphasized: "At Edgeless Systems, we are developing the future of trustworthy data processing in Germany. Our solutions are used, for example, in electronic patient records and by major US banks. We also have strong implementation partners like Capgemini."

The German hosting-focused company Hetzner, based in the Middle Franconian town of Gunzenhausen, was also an exhibitor at KubeCon and impressively demonstrated that building and operating a public cloud is not solely the domain of US companies. Known for its hosting offers with tightly calculated prices, Hetzner has also been active for several years with its Munich-based subsidiary Hetzner Cloud GmbH and their self-developed cloud offering, where the provisioning of Kubernetes application clusters naturally plays a significant role. Hetzner has been expanding vigorously in recent years and has established presences not only at its classic locations in Nuremberg and Falkenstein but also in Finland and the USA. In addition to offering a comprehensive range of services, the focus is on GDPR-compliant operation of the cloud and an attractive price-performance ratio (

CNCF's official training programme, part of the larger Linux Foundation Training & Certification programme, was also met with great interest by the attendees - they hosted a large stand in the exhibitor area. VMblog took the opportunity to find out what was on offer on site.

With the vendor-neutral, hands-on, performance-based Kubernetes certifications CKA (Certified Kubernetes Administrator), CKAD (Certified Kubernetes Application Developer) and CKS (Certified Kubernetes Security Specialist), which are considered extremely demanding exams, the CNCF certifications have set the industry standard for knowledge and skills for several years. Many commercial Kubernetes providers such as VMware require CNCF Kubernetes certifications as a prerequisite for vendor-specific specialisations.

"As a foundation, we are focused on providing vendor-neutral training and certification that helps assure employers that job candidates possess the needed knowledge and skills," said Clyde Seepersad, SVP, General Manager, Training & Certification, Linux Foundation. "And we provide IT professionals with the learning and certification opportunities they need to advance their careers."

Linux Foundation Training and Certification used the conference to present four new advanced courses for the Kubernetes environment: DevOps and Workflow Management with Argo (LFS256), Mastering Kubernetes Security with Kyverno (LFS255), Mastering Kubernetes Event-Driven Autoscaling with KEDA (LFS257), and a free entry-level course on AI with Kubeflow: Introduction to AI/ML Toolkits with Kubeflow (LFS147x).

"Keeping track of fast-paced open source technology can be a challenge, which is why we continue to release new courses on technology such as Kubeflow, and constantly update our existing materials," said Tim Serewicz, Vice President, Education, Linux Foundation. "We like to be the one-stop-shop for those keeping up with production level technology."

To recognise the expertise of Kubernetes specialists who are fit in several aspects (administration, development and security) and hold five current certificates (CKA, CKAD, CKS and the entry-level "Associate" exams KCNA and KCSA) at the same time, the CNCF introduced the new "Kubestronaut" programme as a special goodie during the conference: these highly qualified experts will receive the title "Kubestronaut" as well as a correspondingly branded jacket and further discounts on CNCF conferences and certifications. In addition to training and certification for the Kubernetes ecosystem, the CNCF offers a wide range of training and certification in Linux administration, GitOps, and programming, many of which range from free eLearning for beginners to in-depth online and classroom training offered through partners worldwide: Training & Certification | CNCF.

Recordings of the conference presentations are available on the CNCF's YouTube channel ( The next European KubeCon will take place from April 1 to 4, 2025, in London.



Dr. Jens-Henrik Soeldner  

Dr. Jens-Henrik Soeldner is professor for IT Security and Information Systems as Ansbach University of Applied Sciences, a German public university located in Ansbach, Bavaria. In addition, he has been serving as managing director of Soeldner Consult GmbH, a consultancy and training services provider focussed on cloud computing, automation, and security since 2010. Dr. Jens-Henrik Soeldner obtained his MSc. degree (German Diploma) in computer science at Friedrich-Alexander-University in 2003 and his PhD at the information systems department of the same university in 2017. Dr. Jens-Henrik Soeldner's current research interests include automation and security in cloud-computing environments, especially paradigm shifts towards platform engineering and DevSecOps principles. In the past he has also worked on social network systems focussed on research collaboration.

Published Monday, April 08, 2024 9:52 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<April 2024>