KubeCon is a Kubernetes focused conference hosted by CNCF (Cloud Native Computing Foundation), taking place in Europe each year and is the-place-to-be if you are interested in cloud-native, container and kubernetes technology. Nearly 13.000 attendees gathered to watch talks, attend workshops and socialize with other likeminded people in the industry, making this event the biggest KubeCon ever.
The event featured more than a dozen keynotes, alongside numerous workshops, various other events, and a large number of vendors showcasing container technology for both on-premises and cloud environments.
Beyond the technical discussions, it was hard to ignore the fact that the political climate in the United States was a background concern for many people at the conference. Despite the US remaining a top market for European companies, we overheard several attendees mentioning that their clients were talking about potentially moving their cloud infrastructure to Europe. This seemed to be driven by a desire to lessen the impact of the changing risks involved in operating within the US.
As an example the Linux Foundation, the organization behind the CNCF, recently launched the NeoNephos Foundation. This new foundation is all about getting European organizations to work together and innovate in areas like digital sovereignty and cloud-native technologies in Europe.
With so much happening in this space right now, we hope to see more EU-based vendors participate in this area, and it will be interesting to follow their progress in the years to come.
All in all, we met some amazing folks, picked up a few new ideas, and left feeling inspired.
Here are some of the key highlights we wanted to share from this year's event:
Vendors:
- A lot of vendors focused on the complexity of Kubernetes and the overwhelming amount of tooling available.
- Observability was a hot topic:
- OpenTelemetry
- Datadog
- Auth0
- Many tools target overlapping problem spaces.
- Managed Kubernetes was another big theme, with plenty of vendors trying to simplify the operational side.
- And of course: AI, AI, LLMs, more AI, and yes—AI again.
Interesting talks and events:
Does your containers even lift? - Cailyn Edwards & Daniel Murphy, Okta
In this talk, Cailyn Edwards and Daniel Murphy from Okta guided the audience through common security issues in Kubernetes clusters, showing how insecure base images and misconfigurations can arise, and demonstrating quick fixes and tools to strengthen cluster security.
Key take-aways:
Big base images bring baggage
Study in 2021 found nearly half of Docker Hub official base-images studied contained at least one vulnerability with PoC exploit."Latest" doesn't always match expectations
Data from 2020 showed 11.4% of images studied have a latest tag that does not actually point to the latest version of the image.Secrets show up everywhere
Of ~340k images studied in 2023 harvested from Docker Hub and unsecured private registries, ~28k had 1 or more valid secrets.
55k valid secrets found: ~50k HTTPS & SSH private keys, ~3k cloud API keys.~7.5k compromised certificates issued by private CAs and ~1k from public CA’s.
A Practical Guide to Kubernetes Policy as Code
This session offered a clear and practical look at how to approach Policy as Code in Kubernetes. Led by maintainers from projects like Kyverno and Gatekeeper, it laid out how to combine built-in features with CNCF tools to create a consistent policy lifecycle.
The talk focused on real-world strategies for managing security, compliance, and governance across clusters—especially in complex, multi-tenant environments. It was a solid walkthrough of how to align policy enforcement with the realities of operating Kubernetes at scale.
Falco Workshop
We tried to get as much “hands on” experience as possible during this KubeCon, and this workshop was a good introduction to using Falco rules on a Kubernetes cluster.
The session started with an overview of how Falco utilizes eBPF monitoring to detect anomalous behavior inside containers. We then moved into practical labs where we learned how to deploy Falco, tune rules to reduce noise, and trigger alerts for suspicious activity—like shells being spawned in containers or access to sensitive files.
Very practical and relevant in todays security landscape.
Sidero Omni with Portainer Workshop
This workshop walked us through setting up a secure and production-ready Kubernetes environment using Sidero Omni and Portainer. We started by configuring external authentication for our management setup, then moved on to preparing a Kubernetes cluster for real-world use.
The session also covered how to enforce security policies with OPA Gatekeeper, manage user roles and access to the cluster, and finally, how to deploy applications using a GitOps workflow.
Capture The Flag
The official CTF was really good. We sat down for nearly five hours and still didn’t manage to find all the flags. But we learned a ton and walked away with new tools for our security toolbox.
The challenges were well-designed and covered a wide range of real-world Kubernetes security scenarios. From exploiting misconfigured Flux Kustomizations in a GitOps pipeline, to using eBPF-based tooling to analyze runtime behavior, and even bypassing network policies to move laterally in the cluster—each task felt like it had a real-world equivalent.
A writeup for the CTF can be found here.
And to wrap it all up, here are a few predictions we’re making for the next year:
- More focus on European data sovereignty and privacy-first infrastructure
- Even more consolidation in the Kubernetes vendor space
- Managed Kubernetes Platforms will continue to grow
- CNAPPs will be even more mature, with contenders like Wiz, Sysdig, Tenable and Palo Alto Cortex
- And maybe, just maybe: better lunches