The Kubernetes ecosystem hits its inflection point
With the Cloud Native Computing Foundation’s KubeCon CloudNativeCon Europe 2022 last week in València, Spain, the Kubernetes world came roaring back to life after a lackluster conference in Los Angeles last fall – in spite of a rigorous conference-wide mask mandate.
The general feeling at the conference was that the Kubernetes ecosystem is reaching an inflection point. Work on the core Kubernetes platform itself is slowing, as it has reached a level of maturity – while rapid innovation continues unabated across the broader Kubernetes landscape.
This year it’s all about getting down to business, where the business of Kubernetes is running dynamic applications at scale. Many enterprises are touting massive Kubernetes deployments, while many others are somewhere on their cloud-native roadmap.
I experienced a bit of déjà vu, recalling a Linux conference I had attended a decade or so ago. The keynoter trumpeted the fact that against all odds, Linux had won over the enterprise. Kubernetes is well on its way to a similar victory.
Cloud-native hotspots at KubeCon
I spent my time at the conference interviewing the most interesting vendors exhibiting at the show, looking for the most innovative, interesting offerings. Here are my top nine.
CloudCasa from Catalogic Software Inc. provides Kubernetes and cloud database backup and restore as-a-service. CloudCasa can span multiple clusters across EKS accounts in Amazon Web Services, aggregating security information across clusters and accounts as well as protecting against accidentally or maliciously deleted clusters.
What makes Catalogic special: CloudCasa adds cyberresilience to the mix with tamperproof backups that protect customers’ data from ransomware attacks. CloudCasa can then verify backups are secure with vulnerability assessments.
Fairwinds Ops Inc. manages security, compliance, and cost across the Kubernetes landscape by automating security and compliance configurations, even when the organization requires multiple different Kubernetes configurations across different environments.
What makes Fairwinds special: The company automates security hygiene and regulatory compliance for Kubernetes so that DevOps engineers don’t have to serve as the help desk for developers. With Fairwinds, companies avoid both overprovisioning and underprovisioning and are able to generate automated security and compliance audits.
Lightlytics Ltd. offers a “digital twin” model of the Kubernetes production environment that its customers can use to identify vulnerabilities and misconfigurations before they deploy. This digital twin can also provide an impact analysis of any potential change ahead of deployment.
What makes Lightlytics special: Lightlytics garners its information from Git repos as well as via discovery of the production environment configuration. Whereas AIOps tools use machine learning to discern anomaly patterns in order to infer the causes of issues, Lightlytics works in the reverse direction, calculating the impact of potential issues deterministically, without the need for AI.
The Kubernetes architecture supports multiple clusters, where each cluster supports multiple ephemeral pods that in turn contain multiple ephemeral containers.
The clusters themselves, however, don’t have the same ephemerality as pods and containers do. They can take many minutes to spin up, and thus scaling the number of clusters up and down quickly can be a difficult challenge.
Loft Labs Inc. solves this problem by introducing virtual clusters within Kubernetes clusters. From the perspective of the pods inside them, virtual clusters work just like ordinary clusters – but Kubernetes can scale them up and down in a minute or two.
What makes Loft special: Organizations with multiple development teams working in parallel can spin up virtual clusters for any purpose with their own namespaces, thus avoiding interference with other teams. Virtual clusters become idle when out of use, thus consuming minimal resources.
The ephemeral nature of containers and pods in Kubernetes favors stateless workloads. Maintaining state information properly in Kubernetes thus requires an abstraction layer that supports stateful resources.
Officially StorageOS Inc., Ondat provides that abstraction. The company offers a software-defined storage layer that runs in Kubernetes. Ondat can provide stateful services like databases, caches, and the like that stateless Kubernetes workloads can access as necessary.
What makes Ondat special: The company handles availability, replication across nodes, data recovery, and encryption in flight all under the covers, so that developers don’t have to worry about such complicated details.
The application security marketplace is an alphabet soup of offerings, including SAST, DAST, IAST, and SCA. These tools offer some combination of uncovering security vulnerabilities directly in source code or trying to identify vulnerabilities in running code by its behavior.
Oxeye Security Ltd. goes one step further: It provides static and dynamic analysis of running code by decompiling it, even when the source code is unavailable.
Oxeye is thus able to discern application vulnerabilities within the runtime context for those applications – necessary for catching issues such as the Log4j vulnerability and other software supply chain vulnerabilities, even for complex, dynamic microservices applications running on Kubernetes.
What makes Oxeye special: Decompiling JVM-based languages such as Java and Scala means dealing with Java bytecode, which is barely human readable at best. Discerning vulnerabilities at this level is impressive enough – but Oxeye can also uncover problems for compiled languages such as Golang, where the decompilation must process raw object code.
Portainer.io Ltd. offers a multicluster, multicloud container management platform that runs across all orchestrators and environments, including on-premises, cloud and edge.
What makes Portainer special: Independent software vendors are increasingly delivering their wares in containers for running on Kubernetes. Their customers, however, may not yet be up to speed with the platform. Portainer provides a simple, intuitive interface that such Kubernetes newbies can use to manage their app environments – so simple, in fact, that ISVs are bundling it in with their offerings.
Section.io Inc. empowers its customers to implement Kubernetes across distributed edge locations as virtual Kubernetes clusters. The Section adaptive edge compute network is dynamic, heterogeneous and multicloud.
What makes Section special: From the platform engineer’s perspective, the Kubernetes edge deployment is fully configurable, supporting configurable latency, data sovereignty and other options. From the app developer’s perspective, however, the Section adaptive Kubernetes edge looks and works like an ordinary Kubernetes deployment.
Tetrate.io Inc. is leveraging its expertise with the Istio service mesh and Envoy proxy to deliver the Envoy Gateway, an application programming interface gateway and ingress controller that works in conjunction with Istio.
The result is powerful, scalable abstraction of dynamic endpoints in Kubernetes, enabling massively scalable connectivity with cloud-native zero-trust security for dynamic microservices endpoints as well as more traditional software endpoints.
What makes Tetrate special: Conventional wisdom would have you believe that service meshes provide secure connectivity for east-west interactions (inside Kubernetes), while API gateways offer the same benefits for north-south interactions (between Kubernetes and non-Kubernetes endpoints). Tetrate is bringing these capabilities together into a single management platform that extends the connectivity and zero-trust benefits of its service mesh to API interactions as well.
The common thread: applications
The shift is subtle, but noticeable: There is less of a concern for the software infrastructure and a greater focus on the applications that run on that infrastructure – deploying, managing and securing them.
Kubernetes may not quite be part of the background noise of information technology the way Linux and TCP/IP before it have become, but it’s well on its way. There remain a few missing pieces, and other projects are still rough around the edges, but Kubernetes – and cloud-native computing in general – are here to stay.
Jason Bloomberg is founder and president of Intellyx, which advises business leaders and technology vendors on their digital transformation strategies. He wrote this article for SiliconANGLE. (* Disclosure: Tetrate is an Intellyx customer. None of the other companies mentioned in this article is an Intellyx customer. The CNCF covered the author’s travel expenses to KubeCon, a standard industry practice.)
A message from John Furrier, co-founder of SiliconANGLE:
Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.
We really want to hear from you, and we’re looking forward to seeing you at the event and in theCUBE Club.