Modal Title
Culture / Kubernetes / Security

How (and Why!) to Get Involved with Kubernetes SIGs

Special interest groups are critical to the growth and health of Kubernetes, and joining one is a great way to develop skills and engage with a thriving community.
Oct 18th, 2022 6:49am by
Featued image for: How (and Why!) to Get Involved with Kubernetes SIGs

As a Kube Newb and first-time Kubecon participant, I’m inspired by the vitality of the special interest groups (or SIGs) and working groups within the Kubernetes community in the Cloud Native Computing Foundation. In the Kubernetes world, these SIGs are how the community organizes its activities. There are currently 24 SIGs and several working groups, and anyone can suggest creating a new SIG by following these guidelines. For me, this signals a thriving and engaged community.

Earlier this year, I started to get curious about infrastructure security, having worked in application security a few years back. So, I hopped into a SIG Security meeting, where I was met with a warm welcome and was encouraged to get involved.

For those unfamiliar with SIG Security, we’re a process-oriented SIG that focuses on process documentation and other non-code deliverables. Our collective goal is to improve the security of Kubernetes across all its components. Our subprojects represent tools, frameworks and processes that are excellent tactics for federating scarce security knowledge across the community.

At that initial meeting, I found an immediate opportunity to head a subproject within SIG Security: Assessments. To highlight this new subproject, my fellow SIG Security leads and co-leads are giving a talk in the Maintainer Track at KubeCon North America later this month. During our talk, called “Empowerment Through Autonomy,” I’ll walk through the assessment process at a high level. We will also highlight updates in each of our other subprojects: Docs, Tooling and External Audit.

Most recently on the assessments side, Pushkar Joglekar and others completed the CAPI Self Assessment, which is the first assessment done in Kubernetes. Our goal for the coming year is to carry the torch on to our next assessment, which will be for the vSphere CSI driver and to document the process for use by others. And, by the way, we’re starting to build a group of people who want to participate in the vSphere CSI Driver assessment. If you love building threat models, know the project well or are eager to learn about either of those two topics, find me on Kubernetes Slack! We’ll have some fun and make Kubernetes more secure while doing it.

While the Security SIG is always looking for participants with security expertise, we believe that anyone can make a difference in your security posture, especially with the right tools. This is one of our goals with the Assessments subproject: to help anyone contribute to their team’s or project’s security posture.

A great place to start is with a self-driven assessment of your project, like the one completed for CAPI. The goal with this tool is to pave the way for other projects and subprojects to assess their security postures by making the most of the security expertise at hand and sharing it with the community at large.

As much as KubeCon is a conference about computers and software, underneath it all, the magic of what we can accomplish at scale comes from our human ability to collaborate and foment change. Fostering a culture that is less about restriction and more about collaboration is as critical as technology. If you’re interested in learning more about implementing a collaborative, knowledge-sharing culture, join me at the Tanzu Theater for a talk about hacking behavior, which will discuss how organizational change management principles apply to DevOps.

In addition to those events, there are so many learning opportunities to be had and connections to be made. The sessions I’ve flagged to attend are mostly having to do with security (surprise!) and edge. I’m keen on “Securing a Kubernetes Cluster from Top to Bottom,” “KubeEdge: From Fixed Location to Moveable Edge” and “Securing Edge Workloads With Cert-Manager and SPIFFE” to name a few. I’m also looking forward to the SIG Multitenancy talk outlining tips, tricks, tools and tests, which will be given in part by my amazing boss, Tasha Drew!

If you’d like to say hi and welcome a first-time KubeCon-er, I’ll be hanging out at the VMware booth and stage, as well as at the sessions above.

Group Created with Sketch.
THE NEW STACK UPDATE A newsletter digest of the week’s most important stories & analyses.