Hoon Jo
CNCF Ambassador, AI & Cloud-Native Engineer
Actions
Hoon Jo is a CNCF Ambassador and Kubestronaut who has spoken at KubeCon North America, Europe, China, and India across multiple years. He is the author of multiple books on Kubernetes and AI-assisted operations, and serves as a program committee reviewer for CNCF regional conferences.
Find your own personal tutor for the study of Kubernetes
Kubernetes novice users ask questions to stackoverflow or community or friends :) when they encounter the problem.
However it needs to explain my environment and the background information.
Even though it is not a guaranteed answer from someone.
Thus I suggest to use K8sGPT with ollama to leverage the lack of knowledge at this moment.
Furthermore, k8sGPT provides interactive mode that is able to ask continuing questions until I receive enough answers.
Plus it could be helpful to ask other language who is not familiar with English.
(Mostly it is big concern from the beginning of the stage)
I highly recommend using K8sGPT to study who is a newcomer for soft landing in Kubernetes world.
Policy as Code: Past, Present and Future for Novice
When you're new to Kubernetes, Policy as Code (PaC) can be a very unfamiliar topic. But as you get more familiar with Kubernetes, you'll probably be interested in how you can use it securely, especially since Kubernetes is essentially a declarative system via YAML, so having security also be done in code will help with usability and reducing human error.
In order to make PaC easier to understand, I'll demonstrate the Admission Control part directly in Kubernetes. Until recently, this part was based on webhooks, but since v1.23, the decision to actively embrace the Common Expression Language (CEL) has made it possible to apply it as code directly inside Kubernetes. Validating Admission Policy became GA in v1.30, and Mutating Admission Policy is in Alpha in v1.32.
Based on this outline, I'll talk about how PaC has been applied to Kubernetes in the past, how it works today, and finally, how we can expect it to be integrated into Kubernetes in the future.
See you at the session! 🙂
k8s in wonderland: Why many of unknown code in my workload?
When you look at the YAML after you've deployed in kubernetes, surprisingly (from a novice perspective), there's a bunch of unknown code in addition.
In fact, it is essential to work properly, and moreover, it almost matches in best practice way to work for highly compatible purpose.
For example, the service has a key value called "sessionAffinity". This value is set to "None" by default.
We could replace it with a value called "ClientIP" instead of None, but this needs to be carefully considered to avoid side effects.
So in this session it is important to understand the implications of having such a default value in there, and being able to do so will help us when we study each of these objects in more detail in the future.
I'm sure you'll find it useful and thought provoking! :)
Enhance Kubernetes Security with the Common Expression Language (CEL)
Among the 4C (Cloud, Cluster, Container, Code) security in Kubernetes, there are various techniques to enhance the security of the cluster surface. In particular, Admission Control (webhook) is one of the most flexible and powerful methods. As this trend, there is movement to apply it to various forms of Kubernetes(e.g. GKE, Openshift and so on).
In my opinion, one of the easiest and most efficient ways to apply it is to improve security through CEL (Common Expression Language).
I believe that the Validating Admission Policy becoming `stable` in v1.30 is part of this proof.
So I will show you the CEL DEMO provided by Google Cloud to get a quick and easy understanding of how to improve the security of GKE.
Through this exercise, you will learn the basic structure of CEL and the freedom of scope that can be applied, and you will be able to apply it to any other platform with minimal effort.
KubeCon + CloudNativeCon Europe 2025 Sessionize Event
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top