Kubernetes and Cloud Native tools have awesome potential and an exciting future. But what exactly can we expect from this technology? Praqma’s cloud experts, including Sami Alajrami, went to KubeCon 2018 to report back all the latest.
KubeCon+CloudNativeCon is the biggest event in Europe for Kubernetes and the Cloud Native ecosystem. Three full days of announcements from all the major cloud providers, customer use cases, experience reports, and CNCF projects updates meant there was a lot of cloud news to digest. In this post, I try to make sense of it all with my list of key takeaways.
1/ GitOps is coming!
In one of the keynotes, CNCF COO, Alexis Richardson, presented the CNCF 2020 vision. While the current focus is on Security, Storage and Interfaces, the next couple of years will see a rise of “GitOps” as a new way of working that abstracts all infrastructure/cluster plumbing from the developers point of view to a “Git Push” command.
2/ Make your apps Kube Native
Deploying and managing your applications in Kubernetes has been made easy with the concept of Operators. Operators are installed as pods in your cluster and define and use Custom Resource Definitions (CRDs) to implement application management logic. This makes your applications Kube Native To make building operators easier, CoreOS introduced the “Operator Framework” which brings a SDK for developers and Kubernetes runtime tools to accelerate operators development.
3/ Security: better safe than sorry!
Security is one of the areas that has had lots of CNCF attention in the past year. This resulted in projects like: SPIFFE/SPIRE, Notary/TUF and Open Policy Agent joining the CNCF. Several talks at this year’s KubeCon focused on securing Kubernetes clusters and the applications running in them. Some of the top ones included: controlling user privileges inside containers, container images scanning, making sure the cluster defaults are secure/changed to be secure, and following the best security practice recommended by the Center for Internet Security (CIS) Kubernetes guide.
- Recommended talks to watch:
4/ Improve Service-to-Service communication with a service mesh
The emergence of Kubernetes has led to an acceleration in the transition from monolithic applications to microservices. This trend has also witnessed increased granularity and decoupling of services which make up modern, cloud native applications. For an application comprising of hundreds or thousands of services, and can scale on demand or under load, service-to-service communication is a notable challenge. The logic for how services should communicate is typically baked into application code.
A service mesh provides a dedicated layer for service-to-service communication which is decoupled from the application code. Linkerd (an incubating level CNCF project) and Istio (an open-source Google project) are two promising implementations that were presented at KubeCon 2018.
- Recommended talks to watch:
- From eval to prod: How a Service Mesh Helped Us Build Production Cloud-Native Services - Israel Sotomayor, Moltin (Beginner Skill Level)
- Linkerd Deep Dive – George Miranda & Thomas Rampelberg (Intermediate Skill Level)
- From Kubelet to Istio: Kubernetes Network Security Demystified - Andrew Martin, ControlPlane
- Istio Multi-Cluster Mesh Expansion BOF - Sven Mawson, Google (Any Skill Level)
5/ Multi-Clusters without a federation API is a real thing
As the number of Kubernetes clusters grows, multicluster becomes a requirement for many organizations. One approach is to have a federation API federating all other clusters’ API servers. But this API becomes a single point of failure. As a result, “Cluster Registry” emerged to maintain a list of clusters and associated metadata. CoreOS built on top of this project to offer “Tectonic Multi-cluster Registry” which syncs the cluster registry in each cluster and supports operating on applications across clusters. It’s also worth noting that Federation V2 is in the works by the Kubernetes Multicluster Special Interest Group.
- Recommended talk to watch:
- Kubernetes Multi-Cluster Operations without Federation by Rob Szumski
6/ Functions everywhere
Serverless has been a hot trend for the past couple of years and now apps are being architected as functions. Austen Collins from Serverless predicts) that the future will have functions everywhere. Functions will work across clouds and even on premise. To enable interoperability across multiple clouds, events (which trigger functions) need to be standardized. “CloudEvents” is a specification for describing events in a standard way.
7/ Plan for Day 2
Adopting Kubernetes requires many changes to your culture and engineering approaches. Craig Tracey, who works as a Solutions Engineer at Heptio, shared his experiences on managing Kubernetes Day 2 and beyond. This is a great talk for anyone thinking of deploying Kubernetes in any form of environment. There’s a lot of takeaways and hard-won experiences about tackling availability, authentication, authorization, and much more. Be sure to take notes!
If you have missed the conference, you can watch all the talks on Youtube.
The Praqma team at KubeCon’s social event in Tivoli