One of the largest open-source and cloud-native shows, KubeCon and CloudNativeCon concluded last week. We covered the show remotely and talked to over a dozen technologists and business leaders. In this episode we sat down with the head of CNCF itself, Priyanka Sharma, to chat about the show, major announcements and what major trends she saw during the show.
These are the topics that we covered in our show:
- Priyanka reflects on the KubeCon and shared how it had been a success despite the recovery from the pandemic
- Priyanka shares some of the highlights and major news announcements that were made during the show
- Security has become a major top within the cloud native world, we hear a lot about security first, but how much of it is actually in practice.
- The CNCF landscape is already a very busy and complex space and we are seeing adoption of cloud native technologies in more places. What impact will this adoption have on the complexity of the cloud native world?
- Diversity and inclusion has been a major focus area for the Linux Foundation and CNCF, Sharma touched upon the work that is undergoing to make this community even more diverse and inclusive.
Swapnill Bhartiya: Hi, this is your host Swapnill Bhartiya and welcome to our special series of Let’s Talk Kubernetes for KubeCon. And my next guest is once again, Priyanka Sharma, General Manager of Cloud Native Computing Foundation. Our CNCF Priyanka it’s great to see you again on the show.
Priyanka Sharma: So nice to see you too Swapnil.
Swapnil Bhartiya: It has been an exciting show, despite COVID all this precautions, the Linux foundation and CNCF took to ensure that everybody is safe and healthy. The turnout has been great, but I want to hear from you because you have been part of this community for so long and KubeCon is where we met as well. So how has been the show so far from your point of view, from your perspective?
Priyanka Sharma: Well. You know for me, this show is you know, I say this in my keynote. I say this in the theme, it’s our resilience realized. And what I mean is that all of us went through a topsy-turvy world for the last year and a half. And, but we were resilient through it. We worked through it and our hope, dream was to be able to meet back in person someday, to enjoy a KubeCon someday, and we did it. And so it’s a joyous time here, people are super excited. It’s also very, it’s a time that really demonstrates how awesome we are as a community, because I’m proud to tell you, people are following the rules, people are doing the right thing. I’m not seeing people taking masks off. I’m seeing folks respect people’s boundaries.
We have this traffic light system. I actually can’t find my racer just now, but it’s basically red, yellow, green. And if someone’s green, you can come closer. If they’re yellow or red, you best to make, give them lots of space. And people are doing that. People are working very hard to make sure all of us are safe and comfortable.
Swapnil Bhartiya: And if you look at CNCF of our quality community, I mean, open source communities are very warm, very welcoming, but you know, the work you folks have done is also, you have created an environment people feel comfortable. They can be themselves because most of us are also introvert, right? So we cannot feel very comfortable. So you do create that everybody can be there irrespective of where they are from what their cultural background or so, so thanks for doing that. Now let’s talk about some technical aspect, which is like, it was a big event I’m so happy that you folks did it in person. A lot of announcements were there, so I cannot even go through all of them. So I want to hear from you, one of the key was of course you have to pick a favorite baby, but even if I put you in a tight spot that well, some major news or highlights that you want to share today.
Priyanka Sharma: Yes, Absolutely. So, as you said, there is a lot of music, KubeCon CloudNativeCon, every day Chad and his team, they send me the list of media coverage and I’m just like, “Whoa, that’s more than most companies receive in a year”. So it’s really good stuff in terms of cool latest information. I would say from the technical perspective I’m really happy that Cilium has joined CNCF as an incubating project. Cilium has its own community, really cool people, and they are joining us to be part of the larger Cloud Native Ecosystem. So that was awesome from my perspective. I think we also had a survey that we did recently, we call it a Micro Survey where we looked in the Cloud Native community about how things are around security, software security, and what we found is that 90% or something of folks said that security is a major concern.
There are lots of issues showing up and everybody’s talking about it. But ironically, only 9% of folks said that their organizations are prepared with the set of processes and practices that you need to follow to be a security first company. And that was a very eye opening moment, I think. Just because, just simply because of the attention that has gone into security in the past few years, I would say, and I mean, of course now things are in different level with the executive order from the United States president, of course. So those are some two big things. There’s a sister foundation of CNCF and Linux foundation called Open Source Security Foundation. And they had been, they were in existence for the last year, but now they are coming out in full force. They have raised $10 million and are inviting people to come talk about SBOM in their ecosystems.
So those are some key announcements. Of course, on the community front, I would like to add that we have announced the Cloud Native Credits program. This is inspired by, is the very generous donations done by Equinix metal, Google GitHub, Amazon web services, to support CNCF projects with meaningful donations of infrastructure and CI credits. We literally need those for the projects to run on a daily basis. And so we are very grateful and we want to open the doors for other companies to be able to do the same.
And the cloud native credits program is soliciting interest from folks who want to do that. I was so impressed by how much paying it forward is a part of this ecosystem. When I shared this program with a few folks, one of them was one of our new members, Cox Communications, and they were so great. They immediately were like, “Oh, we’re interested. We want to support the projects. By the way, we have a brand new Edge Lab coming out and we’ll give credits from that as much as products projects need in the 500 plus 500,000 plus tier”. And so they’re just starting off and others are coming in, so it’s pretty cool.
Swapnil Bhartiya: In today’s world its pretty cloudy, everybody wants security. We also talk about, in Cloud Native security is no longer enough thought, but it’s still a big challenge for people to put that in practice. That’s where technological challenges happen and more than technological people or cultural challenges happen. Because if you look at CNCF landscape, you have all the technologies there. So what are you, you did mention about some trends, but I want to understand from you because you have talked to some many people. What trends are you seeing where people, it’s easy to talk about security, but the challenging part is simply implemented, deployed and bring it in practice. What are you seeing there?
Priyanka Sharma: So you absolutely write Swapnill that everybody wants to talk about security. And it seems like no one really knows how to go actually be a secure company. And this is not a dig on the companies. I 100% see how this is a moving target at all times. I think Brian from Open Source Security Foundation shared that attacks are up 650%. And folks who look for vulnerabilities, folks who look for weaknesses in systems and processes, they are all so evolving and growing, right? So they are developing their skill set. And so they’re more sophisticated as time goes on. And so that’s why this security is such a big challenge for companies, it’s a moving target. It’s a very tough situation we find ourselves in. And I think that there are various ways companies are trying to approach it. So the first thing that I think is good is that at the highest levels of every company, people are talking about the security issue from the CISO to the CEO, to the engineering managers, to the rank and file developers. Everyone cares.
That’s a huge win already because often in technology you’re stuck in situations where some segment of the company does not find that of a meaningful discussion. So that’s number one, that’s good. Second, is I think the executive order in the United States has definitely raised awareness, but it’s also put the onus on companies to kind of figure this out, right? And so that’s part, that’s a tough spot. I think what folks are doing right now, there is a mad dash to find projects and vendors that can maybe support the security story. And so I think that’s also why you see the fundraising in the security based startup spaces completely wild right now and good for them. Of course, it’s great, but we see all of is happening. I think the piece that must happen, which maybe is a little bit more work of work in progress than other but other things people are doing is understanding that security is not just about buying a tool or finding a throat to choke, but rather changing the people process tools here. You need to have a security first mindset in your DevOps life cycle.
You know how we talk about shifting, it’s shifting left. Everything unfortunately is falling on developers, now it shifts left to the developer. So for them, I think over time we were able to successfully help more and more developers be operationally minded at the very least. And now that shift is happening to be security minded. And I think there are definitely tools out there that help with code scanning as you’re going that have the DAST, SAST, all of that things are getting more in incorporated into the developer tool chains and all that’s excellent. But I would say the number one thing that people need to do is the leadership of all these companies needs to do is understand that they will not get to the outcome they want with, by just buying something. They need to work with their talent to get the right processes in place.
Swapnil Bhartiya: If you look at the whole Cloud Native or Kubernetes landscape, things have moved to production, things are being deployed. It’s going to seeing new used cases. Also, just like Linux, Kubernetes is being used in so many used cases. Edge is also becoming exciting used case. 5G is also used case. If I ask you, if you look at 2020, what are the challenges that you see this adoption will bring? Or where do you see the community and the projects will go? Because CNCF landscape is massive today.
Priyanka Sharma: Yes. I mean, we say CNCF landscape is massive, but remember two years ago we said CNCF landscape was massive. We’ve survived just fine. But you have a very valid question that a lot of growth, a lot of changes, where are we going? And actually that’s something that’s been extensively discussed at this KubeCon CloudNativeCon and various steps of settings that I’ve been in. And I think that’s a good sign because it means everyone’s invested in the strategic direction. What I am seeing happening is that we are verticalizing and that’s by type of companies, they have different workloads, they have different needs, they have different challenges. And also by specific types of tech that need to be worked on. Edge Computing is a great example where, when Edge first became a thing it felt like the antithesis of Cloud Native.
However, if you look at what’s happening now, it’s the Cloud Native Developers who are building out Edge Solutions who are thinking through how do operations happen on the Edge? And we now have a tool, sorry, projects, as you know, in CNCF like K3S, overcapitalizing and so many more that are about Edge Computing. And this is just an example. This is a cool, like you know, Edge is cool. So I’m telling you this example, but this is happening in a lot of other things. This is happening in MilOps, this is happening in, when you even look at different types of run times such as like wasm based stuff, rust based stuff. So ultimately what I’m seeing is that Cloud Native has become the scaffolding of all new innovation. And it’s the Cloud Native professionals who are like these change makers. I think we are so lucky because we ended up building this community of people who just like to create awesome stuff and who think, end to end about software issues.
And so they are now applying that to a very rapidly moving world where there is, the needs are changing at a skyrocketing pace. I think this has happened as I mean everybody knows because of the pandemic digital transformation just skyrocketed across companies. Everybody is now a technology company. I mentioned this in my keynote Swapnill, but I went to Europe a month and a half ago, and I did a road show and I met with a bunch of end users. And I met with Deutche Telekom, which is a Telecom. And the end users were like Audi Daimler, Spotify. And it was amazing just how big of a footprint Cloud Native had in all these very diverse companies. They all have large scale Kubernetes Cloud Native teams that help, that create the developer experience for the rest of the rank and file developers. And while leadership or high at the highest levels, people are like, “Oh, end users are behind da, da, da”. compared to two years ago, I am seeing 10 years worth of change here.
So this is happening in all kinds of companies, embedded systems automotive, for example, Edge AIML, all that kind of stuff, all kinds of different innovations are happening. And so as we go forward, our landscape, I have news. It’s going to get more complex. The good news I think is that we won’t even notice because it’s so complicated now, but just so you know there is a working group in CNCF, the business value committee, and they are working on demystifying the landscape. And they actually just merged a PR, which when you go to the landscape, you see, “I”, the info signs in across various pieces parts, and you click them and you get a little bit more description of whether it’s a project or where you can get more information. So on tactical level, we’re working on it on a strategic level, we’re making it worse.
Swapnil Bhartiya: Before we wrap this up. One thing that I want to talk about is this is something close to your heart as well, which is diversity and inclusion. And the next foundation is doing a lot of work, you are driving a lot of initiatives there. When you look at diversity, there are two kinds. One is that you have to do it only for the sake of doing it, so people can see everything in PR and marketing and something is that it comes from within. I feel that from in the case of Linux foundation, it comes from within because the folks there are driven by that. But if I ask you, what are the initiative that you are involved with? If there is anything specific to either Kubernetes community, Cloud community, or KubeCon, share those.
Priyanka Sharma: Diversity equity and inclusion is one of the fundamental pillars of how we operate in CNCF and Linux foundation. So you’re absolutely right, that this is a place where DEI is serious. Every KubeCon I’m happy to tell you. I always, we do KubeCon driven development. And so every KubeCon we are able to push through a little bit further and do something more. This time round, I’ll share a couple of things with you. First of all, I’m proud to tell you that we have done close to a 100 mentorships of students and learners already in CNCF through our LFX mentoring program, that is a really awesome thing because a 100 people’s lives have already been changed. And by the way, when we do this diversity DEI is a top priority and selection factor. All the people who get in get a stipend so that they are able to actually work on this without having financial concerns.
And we intend to keep growing this program and actually finding new flavors of doing it. That’s one. Second is that I am involved with the inclusive naming initiative, which you may have heard of. It is a sister organization to CNCF, but it originated here. And the whole focus for us was last year when we started to remove master slave whitelist, blacklist. Racially charge exclusionary problematic terms like this from code and most people really want to do that. The challenge is how to do that without making, breaking changes. So I and I has been working on that and one of the biggest outputs that we, is the two ways we’ve made progress lately. One is that we’ve created a Fund a Course with the Linux Foundation training, which is around how to build inclusive communities. And that’s been released and that’s including language recommendations.
Second is that we initially were just making a list of things to change in code. Now, we have graduated to having a three tier list where the top level is most egregious must be changed in code, and here are the ways to do it. The second tier list is really, really bad over time, find ways to phase this out. And then the third is, this is something you should not use in content and speech when you are speaking, because it is exclusionary, but it is at a point where breaking changes may not be necessary at this point. And we did this because we noticed that even though we started with this very scoped type mission of changing specific terms and code, we got further along in this. And then people started saying, “Oh, I and I has that list. I’ll tell my event organizer that that’s the list to use for terms, speaker student use as an example”.
And I was like, “Oh, well this is a very small list, and it doesn’t cover the full scope of what would be not okay from a content perspective”. And so there was basically a lot of user demand and we answered it and that’s how I and I has evolved. And then final, last but not least as you know Dan Kahn, the late Dan Kahn was a relentless champion of diversity, equity and inclusion in CNCF and in everything he touched. And so we have decided to rename the KubeCon scholarship, which helps folks from DEI backgrounds and need based who have need based asks to attend KubeCon on scholarship. So now we are announcing the Dan Kahn scholarship fund.
Swapnil Bhartiya: That was great. He was a visionary there and he did a lot of work. So we all miss him. Priyanka, thank you so much for taking time today, from your busy schedule and share not only some of the insight that you saw, but also the things that you folks are working on. And I would love to have you back on the show and maybe we’ll do it next time in person. Thank you for your time today.
Priyanka Sharma: Absolutely. Thank you so much Swapnil, hope to see you again very, very soon.