At KubeCon/CloudNativeCon North America 2023 this past week in Chicago, discussion turned from the ubiquity of the software container orchestrator Kubernetes as the heart of cloud-native development to addressing a vast ecosystem of projects and vendors, which in turn are enabling applications and data to become more distributed and independent from any particular underlying cloud or on-premises infrastructure.

With open-source cloud native projects driving more than $4.4 billion in economic impact, according to McKinsey, Priyanka Sharma, chair of the event host Cloud Native Computing Foundation. kicked off the event noting that Kubernetes has likely “realized its Linux moment,” with trillions of downloads and more than 220,000 development contributors involved.

Platform engineering and developer experience were the big stories of KubeCon NA 2022 in my coverage. This year, the real action is focused on the edges of the cloud-native ecosystem: security, portability, data management and specialized forms of observability and measurement.

“KubeCon used to be about how to run Kubernetes, but now it’s everything around it — more of a de facto event for back-end development in general,” said Emre Baran, founder and chief executive of Cerbos.dev. “How do all of these projects help developers build software better and faster without having to think about all the abstract concepts of infrastructure, identity and scale?”

As expected, generative artificial intelligence now enters the cloud-native conversation in a big way, as vendors seek to support massive machine learning data sets and inference models, even if it is early days for showing developer uptake and commercial outcomes.

Developer independence

Every year, we see new takes on infrastructure-as-code automation for configuration, build and deployment. This year, community and vendor innovation focused on compact form factors of Kubernetes such as k3s, k0s and MicroShift, and highly portable WebAssembly binaries, which will allow developers to easily create applications that are independent of the concerns of underlying architecture.

A newly announced Red Hat Device Edge offering turns its MicroShift platform into a product to deploy compact Kubernetes-compliant nodes with enough sophistication to support local application logic and even some applied AI cases on the likes of drones, autonomous cars and mobile devices.

In order to ease conflicts within hybrid cloud environments across different vendors and projects, Replicated Inc. now sends a Helm chart along with any packaged application, so end users can deploy even third-party vendor software in a familiar cloud-native form factor. Further, operators can pre-validate a package during installation against the compatibility concerns of their specific deployment environments, such as OpenShift, EKS and GKS.

Acorn Labs Inc. is helping to overcome Kubernetes configuration headaches by offering a WebAssembly-based sandbox service that lets developers run simple Docker-style containers within complex temporary test environments that have publicly shareable endpoints. These ephemeral images can then be reconstituted as Kubernetes-backed environments for production-ready application workloads.

Chkk Inc. offers a configuration and dependency research product that scours an ever-changing sea of open-source projects, repositories and artifact inventories to produce an updated set of “CVEs for Availability.” It can highlight unknown service dependencies, unexpected upgrades and risky relationships prior to each release that could possibly create availability issues.

“I see the release of the GA Kubernetes Gateway API as the most important thing coming out of this show,” said Devin Davis, vice president of marketing and communications at Tetrate Inc., referring to Kubernetes application programming interfaces. “We’re finally going to have a standard cloud-native, open-source API built by the community, for Kubernetes, which will improve security, positively impact users and advance the industry as well.”

With so many new ways for developers to roll their own infrastructure and connect to external services, observability and system resiliency continue to be major concerns for developers, who will eventually get alerted to the downstream effects of any interruption in service.

“Developers want to make cloud infrastructure boring and predictable, where the exciting stuff would be their own new feature development,” said Ian Smith, field chief technology officer of Chronosphere Inc. “They would rather not worry about the continued functioning of the network, or a deployment infrastructure that only promises three nines of availability, or the fact that their cloud bills have just unexpectedly increased by 300%.” 

Freedom of data

In cloud-native development, signal data and analytics from the extended application estate are becoming as voluminous and hard to manage as the application data of users and transactions. 

“For the last five years, KubeCon was more about how to make Kubernetes work and operationalize it, but now a lot of those issues are solved and we’re moving on to the data layer,” said Matt LeRay, co-founder and CTO of Speedscale Inc. “We are answering more complicated questions about how to manage multiple streams of data and AI workloads, and it’s a sign of cloud native maturity in the enterprise.”

Mezmo Inc. was onsite with an announcement about new responsive telemetry pipelines, along with a free profiling service, allowing development teams to optimize the input and flow of telemetry data, in order to do a better job of plucking only business-relevant signals from the flood of logs, metrics and traces and reduce costs and incident recognition times.

Network observability vendor Kentik Inc. demonstrated its new Kentik Kube solution that opens up the “black box” of exploring connections and container routings within Kubernetes clusters and namespaces, utilizing eBPF and telemetry data to spot traffic, performance and latency issues. From there, engineers can compare Kubernetes network usage in relation to external API calls and connections to other services and sources of traffic on the global internet.

MinIO Inc. offers a lean “bring your own bucket” open-source object storage capability that is easy to install and scale up within most known public or private cloud infrastructures, making it a popular but largely unsung underpinning of many other delivery platforms, data management and data lake tools.

“Hybrid cloud has really caused customers to push for change in where data is located,” said Tom Manville, vice president of engineering at Kasten by Veeam. “Kubernetes is really well-suited to answer this challenge with its abstraction layer that enables an application to be deployed identically in a public cloud or on-prem. Now we’re seeing a big uptick in the data mobility side of applications, whether for cost concerns, or for things like backups and disaster recovery.”

Security on the cloud-native frontier

With ransomware attacks and tales of costly data breaches still on the rise, special interest groups and vendors at KubeCon were talking about making the supply chain security of cloud native applications less of a black box for developers who have neither the time nor the inclination to manage security while building new differentiated features.

Open-source stalwart Aqua Security Software Ltd. was there with its widely adopted Trivy scanner for vulnerability and configuration scanning of workloads, with new SBOM and KBOM generation for creating a component inventory of Kubernetes clusters in pre-release and deployment.

 Apiiro demonstrated a application security posture management or ASPM solution that builds a comprehensive risk graph of an extended application. An attrition-style view helps developers correlate the noisy alerts a static or dynamic application security testing scanning tool would generate, against runtime production signals and observed “toxic combinations” in the software supply chain. DevSec teams can prioritize and remediate the most dangerous vulnerabilities from there based on a service level agreement “time to impact” recommendation.

Chainguard Inc. provides users with a combination of application images and base images of community validated stacks that replace off-the-shelf components with trusted components in the software supply chain, aiming to deliver a “zero inbox for CVEs,” or common vulnerabilities and exposures. Developers can understand the provenance and vulnerabilities of each image and component based on contributions to the open-source Wolfi project.

The Intellyx take

At this KubeCon, the customer stories of improved delivery speed, application scalability and system resiliency, even in the face of once-insurmountable failures, were hard to overlook.

However, I was most impressed by the personal connections that drive innovation in this ever-expanding space. There’s a deep sense of involvement and genuine warmth among contributors and end users in the CNCF community, which is borne out of a culture of knowledge sharing and acceptance one wouldn’t expect from an engineering-focused trade organization. 

“If anything, at this KubeCon, it’s the year of open source,” said Anurag Gupta, co-founder of Calyptia Inc. “Yes, everyone’s trying to cut costs. But I have never seen as much excitement from enterprises that traditionally stayed away, contributing and building their entire strategies atop open-source projects, than I am seeing right now.”

Jason English is a partner and principal analyst at Intellyx B.V., an analyst firm that advises enterprises on their digital transformation initiatives. He wrote this article for SiliconANGLE. At the time of writing, Chronosphere, Kasten by Veeam and Mezmo are current Intellyx clients, Replicated and Tetrate are former clients, and the author is an adviser to Speedscale. None of the other vendors or projects mentioned here is an Intellyx customer. The writer’s attendance costs were covered by the event hosts, a common industry analyst practice.

 Image: Intellyx