GC #06 - Swarmalicious

Show notes

Our KubeCon survey results

Results of the 412 survey participants (THAT's 3.4% of attendees): KubeCon Survey

The biggest challenges companies face are hiring the right people, dealing with too many different tools, and lacking time for automation, which leads to operational overload. Interestingly, only 12% of companies couldn't think of any challenges at all.

When it comes to platform teams, every second one named increasing stability and reliability of the platform as their biggest challenge, followed by extending the platform's functionality.

Surprisingly, while we expected platform teams to be understaffed, the majority are actually overstaffed compared to what we consider a good ratio. Yet, there never seem to be enough people to tackle all the topics. This is where Giant Swarm comes in, offering a smarter approach to platform engineering.

NOTE: In the Podcast, Tommy mentions a ratio Platform Team size to Number of Software Developers. We calculate this ratio as 5/100 or 5%). With the caveat that with over 1,000 devs, you can go 3/100 (being 3%)

---

News from KubeCon (the behind-the-scenes notes our Swarmies jotted down at the conference)

Customization was a hot topic. First up, we have to mention the kubecolor tool, which adds a splash of color to your kubectl output. It's a small thing, but it makes working with Kubernetes just a little more fun.

In addition, Marian from Giant Swarm highlighted the importance of branded dev portals for enterprises. It's not just about the technology; it's about creating a cohesive experience that aligns with a company's culture.

There was a lot of buzz around the kcp project and its potential to simplify multi-cluster deployments. The API export-import capabilities across namespaces could be a game-changer.

We also heard about some exciting emerging technologies, like Kratix and its process-oriented approach to platform building, and Keptn, which offers application lifecycle management with promotions, metrics, and traces. Definitely worth keeping an eye on those.

On the security front, there was a growing interest in supply chain security tools and standards.

---

Swarmalicious News

• KubeCon presentations available on YouTube If you've missed any talks at KubeCon, you can catch up on YouTube. STAFF PICKS:
• Beyond Platform Thinking at Ritchie Brothers - Build Things No One Expects, in a Place No One Expect
• Boosting Developer Platform Teams with Product Thinking - Spotify
• Securing 900 Kubernetes Clusters Without PSP
• Teleport announced a licensing change for their product Starting in June, the community edition will no longer be published under the Apache 2.0 license. Instead, “Companies may use Teleport Community Edition on the condition they have less than 100 employees and less than $10MM in annual recurring revenue” and “Companies cannot resell or embed Teleport Community Edition in their products or services” and “We will stop distributing compiled binaries, container images, and Amazon Machine Images (AMIs) under Apache 2.0”
• Mirantis Doubles Down on Open Source At KubeCon Europe in Paris, Mirantis CTO S revealed that the cloud native company is putting more effort into its open source programs than ever while shifting its business plans.
• Vercel is bad at comms, again The CEO took time to reply to the tweet clarifying their position.
• Cloud Native Night Munich Meet-up A hybrid meet-up about GitOps on Kubernetes. 2 x Presentations: Efficient Kubernetes Fleet Management with Cluster API and GitOps & Extending Flux for Fun and Profit. Date: Tuesday, April 18.
• Our CTO Timo spoke about Sustainable Cloud Native Infrastructure in Cologne.
• The most detailed timeline of the xz backdoor I've seen so far In a multi-year social engineering attack, a malicious contributor gained maintainer access to the xz compression library and hid a backdoor enabling remote code execution attacks on many Linux systems. The attack was discovered on March 28, 2024 and marks a watershed moment in open source software supply chain security.
• Vultr, a cloud server provider, hastily removed a controversial clause from its terms of service that had granted the company broad rights to user content, following an outcry from concerned customers who feared the biz was giving itself too much control over their data in an era of AI models being trained on such information.