I recently attended the KubeCon + CloudNativeCon 2017 conference in Austin, Texas, which gathers leading technologists from multiple open source cloud-native communities to further the education and advancement of cloud-native computing. This was my first time attending this conference, so it was quite enlightening for me. My goal was to get a pulse on the cloud-native technologies that the industry is focused on and where we stand today and where we are going tomorrow. Although I am not a developer by trade, I make it a point to learn as much as I can about specific areas of technology that I find interesting.
Kubernetes is boring
If there was ever a question as to which container orchestrator would prevail, that question has been answered. Kubernetes is the clear winner. Why? Because Kubernetes has become boring. This means the technology is stable and it just works. Kelsey Hightower wrote a book, Kubernetes the Hard Way,
that talks about the complexities in deploying a cluster. No longer do we need to worry about this as those complexities have been abstracted away. The process has been simplified and, to be honest, it has become boring. This simplification has now allowed vendors to focus on developing tools, plugins, add-ons, and extensions that bring value to the platform. The announcement by Docker to support running Kubernetes on Docker Enterprise Edition is a testament of the adoption of Kubernetes and what customers are asking for.
From a container runtime perspective, the jury is still out. OK, but do we really care what runtime is being used? That is debatable depending on whom you talk to. From the sound of it, at least from the perspective of the top five major public cloud providers, they are still using the Docker runtime today. However, there seems to be a big interest in Containerd, Cri-o, and even Kata containers. Containerd is basically a slimmed-down version of the Docker runtime. Why would you want to use this? One reason may be stricter requirements around security and compliance. Another may be for performance. The Cri-o runtime brings the capabilities to be able to switch to whatever runtime you desire without having to rebuild. The newly announced Kata containers are trying to solve the problem of speed or security with speed and security. With that said, I’ll leave this topic as to be determined.
Adoption is on the rise
With the sharp rise in the adoption of Kubernetes, the public cloud providers have realized they need to get on this train that Google developed. Providers such as AWS, Azure, IBM, Alibaba, and Oracle are now offering and supporting Kubernetes with integrations into their native cloud services. The recent announcement of new services such as Amazon’s Elastic Container Service for Kubernetes (EKS) and Microsoft’s Azure Container Service (AKS) brought about managed Kubernetes offerings. AWS Fargate and Azure Container Instance (ACI) introduce a serverless container concept that will be something to keep an eye on.
Choose your tools wisely
Based on the number of tools that have emerged around the cloud-native landscape, developers have more choices than ever. These are tools with a focus around persistent storage, monitoring, security, intelligent routing, and load balancing of containers. How do you decide on which tools are the right tools to invest in? This is quite a challenge today with so many vendors in this space. However, just as we’ve experienced with orchestration tools, developers and the community will define which tools will prevail and which ones get swallowed up. Do your due diligence when testing these tools.
Over the last couple of years most concerns were focused around handling persistent storage and security from a container standpoint. Have these concerns been resolved? Are there new concerns that we should be focused on? I posed these questions to several Cloud Native Computing Foundation (CNCF) project contributors and speakers. The consensus was that these concerns have not been solved completely but there has been significant progress in these areas. There are solutions like StorageOS and Rook from a persistent storage perspective and Twistlock and Aqua around container security that are making big strides.
Looking forward: faster innovation
As the number of projects adopted by the CNCF continue to grow, so too will the number of contributors and members. This brings about additional challenges. Some have concerns around how the community will scale and continue to support the efforts efficiently. As projects continue to evolve, new challenges surface. One of the challenges that is a hot topic now is how to provide secure identity to workloads. SPIFFE (Secure Production Identity Framework for Everyone) is in early implementation stages trying to solve for application-level authentication and authorization. This is one that will probably see a lot of attention throughout 2018. In addition, we will see more focus around improved service mesh architecture from the likes of Istio, Envoy, and Conduit for managing distributed applications in the cloud safely and reliably.
Today, customers want to run cloud-native applications on any platform, in any location and at scale. As the adoption of Kubernetes continues to grow, developers are being empowered with the tools to innovate faster than ever.