 Hello, good morning. Yeah, good morning. Welcome to day two of coupon cloud native con Keynote sessions, that's right So today we are going to start out with our Kubernetes project updates and our fellow co-chair Emily will kick things off Alright as many of you know Kubernetes has been a graduated project since 2018 and these past four and a half years The project has continued to mature and develop to meet adopters needs Kubernetes development is sustained by thousands of contributors in special interest groups whose dedication and focus To their domain areas make Kubernetes one of the most pivotal infrastructure components of our time and today We've got quite a few updates from these special interest groups So to kick things off sick security is focused on all things Kubernetes security This includes evolving community collaboration and partnerships across SIGs and working groups to improve the security of Kubernetes And they've been very busy They've developed a new method for self-assessing Kubernetes sub projects and completed the cluster API self-assessment as a pilot of this They plan to make this process more accessible for future projects and sub projects And they've also released the CVE feed so that everyone can stay up-to-date and verify the most recent security fixes for Kubernetes it's available in JSON which allows adopters to integrate the feed into their own workflows and The 2022 security audit allows organizations to continue to remain confident in the security of Kubernetes You can find this in their repo SIG security's documentation sub project has also helped make numerous improvements to the Kubernetes documentation in Ways that support good security for all end users and more recently and with input from community experts The security checklist provides a starting point for end users who want to secure their Kubernetes clusters Especially for those that may be overwhelmed by the complexity of container security. This is an amazing resource I encourage everyone to check it out on top of all of this SIG security continues to focus on inclusion Consent and mutual support so that everyone can participate in improving the security of Kubernetes together Please join SIG security on the Kubernetes Slack channel or come to one of their regular meetings You could be the next person that helps make Kubernetes safer for everyone SIG docs is focused on providing documentation that continues to benefit users and communities with each new feature enhancement and best practice through inclusivity and cross SIG partnerships SIG docs is especially proud to announce the localization of Kubernetes.io into Hindi It is their first use of the Dave and Agri script and they are working on localization for Bengali They are closely partnered with SIG security on the development and publication of both the CDE feed and the security checklist I talked about previously and as the scope and use of Kubernetes has continued to grow Multitenancy has become more than just namespaces after collaborating with multi-tenancy working group SIG docs is pleased to announce the new Kubernetes multi-tenancy overview and best practices which describes use cases terminology access controls data plane isolation and so much more Please join SIG docs on the Kubernetes Slack channel SIG Kubernetes Infrastructure has been focused on implementing cost-cutting measures for the cloud infrastructure bill as they are Responsible for managing the build and test infrastructure of the Kubernetes project The most pressing of these was with their storage and bandwidth costs for container images that the project produces To address this they built a proxy service that can route download requests to the cloud of origin This new proxy is expected to save the project $900,000 a year once it has reached adoption and everyone here can help They request the community start downloading immediately their images from registry.kates.io Instead of the previously used kates.gcr.io Please spread the word through your company and your community This will allow Kubernetes infrastructure to put resources towards other initiatives from this immense cost savings and SIG storage works in all areas of storage from file and block store to generic operations on storage They are thrilled at the inclusion of several long-term efforts become generally available features in Kubernetes 125 The local ephemeral storage capacity isolation feature provides support for capacity isolation of local ephemeral storage between pods So that a pod can be hard-limited in its consumption of shared resources By evicting pods if the consumption of local ephemeral storage exceeds that limit The CSI ephemeral volume feature allows CSI volumes to be specified directly in the pod Specification for ephemeral use cases they can be used to inject arbitrary states such as configuration or secrets directly inside pods Using amounted volume the features used by some CSI drivers such as the secret store CSI driver The CSI migration is an ongoing effort that SIG storage has been working on for a few releases now The goal is to move entry volume plugins to out of tree CSI drivers and eventually move the entry volume plugins with less Entry code the risks of a mistake are reduced and cluster operators can select only storage drivers that their cluster requires Now on alpha and 125 the container object storage interface or COSI Enables provisioning and access to object storage in Kubernetes alongside file and block storage Similar to CSI it introduces GRPC interfaces for object storage providers To write drivers to provision object storage check out the latest blog posts on CSI migration on the Kubernetes site and join The SIG storage Slack channel to help out Emily