|
|
|
|
“It’s not about where you rank on the contribution list, how big your sponsorship is. Do not run yourself into the ground, you will burn out. It’s OK to step aside for a moment and make room for the next person to push the thing forward.”
___
Kelsey Hightower, KubeCon+CloudNativeCon North America 2019
|
|
|
Unless your organization uses containers extensively and at scale, Kubernetes is not a fait accompli for container orchestration.
Yes, Kubernetes outpaces generic container adoption, but it “only” grew 29% in the last year (35% in October 2018 to 45% in October 2019) among Datadog’s container-using customer base. According to the monitoring company’s updated report about the changing containers landscape, Amazon Web Services’ Fargate adoption rose about 170%, so that it is now used by 19% of AWS customers that utilize containers.
Fargate’s compute engine allows users of Amazon Elastic Container Service (Amazon ECS) to run containers without managing servers or clusters. This easy-to-use, low maintenance option can be appealing, especially to companies with small operations teams that are concerned about Kubernetes’ complexity.
Administrator/operator experience continues to be a Kubernetes pain point. Partly in response to this problem, managed Kubernetes services, of which such as Amazon Elastic Kubernetes Service (Amazon EKS) have arisen. In fact, there are 125 certified Kubernetes platform related offerings listed in the Cloud Native Computing Foundation’s interactive landscape. The Datadog study finds that about 40% of Kubernetes-using AWS customers have opted for EKS. Based on The New Stack’s calculations, that means 17% of container-using AWS customers opt for its Kubernetes managed service as opposed to its own Fargate offering.
|
|
|
Many IT teams begin moving their applications to containers and Kubernetes after their managers mandate the switch. Then in the rush to deploy they may forget, or simply delay, some fundamentals. Only six to 12 months later does integrating security into their CI/CD pipeline becomes a priority.
This gradual evolution toward cloud native security best practices is worrisome, but it’s the norm among organizations adopting Kubernetes today. This is what we learned from a panel of cloud native security experts at The New Stack’s pancake and podcast from KubeCon+CloudNativeCon North America this week sponsored by Prisma by Palo Alto Networks.
There are, however, several ways that open source projects, vendors and IT teams themselves can improve security practices in the software development life cycle so that teams no longer need to compromise between going fast and being secure.
|
|
KubeCon+CloudNativeCon North America 2019
My, how KubeCon (now “KubeCon+CloudNativeCon”) has grown! We remember three years ago, when the conference was held in the second floor of a Seattle hotel, you could take a tour of all the booths within a few minutes. This year, more than 12,000 attendees packed the San Diego Convention Center, dozens of vendor booths span three gigantic rooms. You needed a map just to find one you were looking for. A good number of the companies we met with back in 2016 have grown into full-fledged businesses. Thanks to a sponsorship of Portworx, we were able to dispatch a team of crack reporters (B. Cameron Gain, Emily Omier, Jennifer Riggins, Joab Jackson, Mary Branscombe, Mike Melanson and Susan Hall) to capture many of the product updates that debuted at the show. Here are a few:
These were a plethora of commercial Kubernetes distributions on display this year, as companies polish up the container orchestrator for commercial usage. Diamanti showed off Spektrum, a Kubernetes appliance that combines the simplicity of a full, turnkey Kubernetes stack with significant performance advantages from hardware acceleration. Rancher Labs has released two new packages for creating an end-to-end Kubernetes solution for all compute environments: It has unveiled a beta of Rio for DevOps automation, as well as the general availability of K3s, a distribution of Kubernetes for small footprint workloads.
At the show, Nirmata debuted the next major release of its own K8s distro, which enables advanced multi-cluster workflows as well as the ability to support multiple developer experiences. You’ll need a place to store all these containers: JFrog has launched a free edition of its JFrog Container Registry, touting the release as “the most comprehensive and advanced Docker container registry available in the market.” This free container registry boasts many of the same features of the company’s premium product Artifactory, but with some limitations for capacity.
A step along the development chain, Codefresh, which offers a Kubernetes-based continuous deployment and continuous integration (CI/CD) platform, has released what it calls the first live pipeline debugger for CI/CD systems. It is set to reduce time to find and fix issues in complicated CI/CD pipelines by sixfold.
Security continues to grow as a concern for cloud native computing. Octarine has launched Guardrails and Runtime, a pair of technologies designed to keep Kubernetes workloads secure during the development, testing and deployment phase as well as in runtime.
Within the realm of security, identity management were major topics of concern: The Cloud Native Computing Foundation’s SPIFFE and SPIRE projects showcased their expanded capabilities to offer OpenID Connect (OIDC) federated identity, enabling microservices to employ this security not only between themselves on a single SPIRE instance, but also between shared services, such as databases, service meshes, and public cloud providers, without necessarily using secrets and/or network security controls. Also in the realm of ID management Portshift demonstrated its identity-based workload protection platform for containers and microservices. The system, Portshift says, offers more complete mesh-enabled security for Istio thanks to its container workload-identity and other features.
Speaking of service mesh, we are seeing some second-generation service mesh technology development here as well. A new project from service mesh provider Solo.io demonstrated the possibilities of automating service mesh operations, using the telemetry created by the service mesh itself. The project, Autopilot is a framework creating an automated series of operations that can be triggered by conditions set by the administrator.
And, finally, data streaming continues to be a growing concern for cloud native operations. Lightbend, the company that created the Scala programming language and Akka middleware, has launched Cloudflow, an open source framework to make it easier to develop and deploy streaming data pipelines on Kubernetes. Oracle is expanding its users’ abilities to develop cloud native software on Oracle Cloud by filling out the pieces of its software development and management stack, launching Kafka Compatibility for Oracle Streaming, Oracle API Gateway and Oracle Logging.
And this is only the first batch of releases. Continue to check back into thenewstack.io in the days to come for more technologies we saw at KubeCon+CloudNativeCon North America 2019.
|
|
|
Container-native storage company Portworx launched PX-Backup, software that allow companies to back up — and relaunch if necessary — Kubernetes applications’ data and configuration in a couple clicks. Users have control over how often individual applications should be backed up.
|
|
|
Cloud native security company Snyk has launched a container- and Kubernetes-focused security platform Snyk Container to find and fix vulnerabilities in third-party application dependencies across the whole software development lifecycle. The company’s recent open source security report highlights the need for container scanning services, in general. The research suggests that “containers often introduce hundreds of vulnerabilities from open source dependencies, and there is no native safeguard in place to find and fix them.”
|
|
|
Kubernetes has rapidly become a key ingredient in edge computing. With Kubernetes, companies can run containers at the edge in a way that maximizes resources, makes testing easier and allows DevOps teams to move faster and more effectively as these organizations consume and analyze more data in the field.
|
|
|
|
Puppy palooza. Attendees got to love on dogs as a stress reliever. Also, the dogs are up for adoption. So it gives them a chance to get out and get some human interaction. Liz Rice, Aqua Security, and Michelle Noorali, Microsoft, pose with some good doggies at KubeCon + CloudNativeCon North America 2019.
|
|
|
(L to R) Kristine Scott and Claire Laurence, both with Pivotal Software, are at KubeCon + CloudNativeCon North America 2019.
|
|
|
|
The crew from Portworx at KubeCon + CloudNativeCon in San Diego: (L to R) April Bacarro, Kateryna Ivashchenko, Andrew Hatfield, Grant Griffiths, Luis Pabon, and Ryan Wallner.
|
|
|
The gang from CloudBees at Kubecon + CloudNativeCon: (L to R) Casey Vega, Matt Elgin, Logan Donley, Kurt Madel, Brent Seth.
|
|
|
|
SaltStack's principal consultant Rob Hilberding and wife Vickie Hilberding, always appreciate a new take on what makes networks run better, together at SaltConf19.
|
|
|
Mark Sunday, CIO emeritus for Oracle, relaxing during SaltConf19, said organizations can deploy a "100 miles an hour," without leveraging automation so their infrastructure capability "keeps pace."
|
|
|
|
While at SaltConf19, SaltStack's Alyssa Rock, technical writer, and Tyler Johnson, of the core team, said SaltStack's user guides will only get better.
|
|
|
The EMEA team's power breakfast during SaltConf19: SaltStack is in growth mode in the region, they say. (L to R) Sean Brown, area sales director; David Fidler, lead solution architect and Ken Crowell, production support engineer.
|
|
|
|
Prisma's crew at KubeCon + CloudNativeCon in San Diego: (L to R) Rick Murray, Paul Fox, Eliane Bader and Berret Terry, all of Palo Alto Networks.
|
|
|
DEC. 04-05, 2019 // LAS VEGAS, NV @ THE CORNER OF 8TH STREET BETWEEN CARSON AND FREMONT
IFX
IFX2019 is a gathering in the best sense of the word: an exclusive oasis just a short Uber ride from the over-crowded Strip, featuring high-level networking, diverse programming, excellent WiFi, local craft food, and room for social connections and quiet meetings alike. Attending the event is free. Registration is required. Register now!
|
|
|
DECEMBER 11, 2019 // PORTLAND, OR @ MICROSOFT PEARL OFFICE, 1414 NW NORTHRUP ST, PORTLAND, OR 97209
Portland Tech Leader’s Event
In this exclusive panel discussion you will learn how software teams at Nike, Oracle, Microsoft, and The Standard prioritize user experience and performance in their product development workflow, by closing the feedback loop and monitoring what matters. This will be an interactive session, so please bring your thoughts and questions for discussion. Lunch will be provided. Spaces are limited so an RSVP is essential. Register now!
|
|
|
|
The New Stack Makers podcast is available on:
|
|
How should developers connect cloud native workloads to storage? The New Stack’s ebook on cloud native storage takes this question to industry experts who are approaching the problem from three different perspectives: cloud native storage vendors, traditional storage vendors and the big-three cloud providers.
In this 48-page ebook, developers and DevOps professionals will learn:
- Best practices and patterns for handling state in cloud native applications.
- The storage attributes and data needs you should consider up front.
- Storage options for containerized applications running in a microservices architecture on Kubernetes.
- How operations roles change as developers gain the ability to provision storage.
- And more.
|
|
|
We are grateful for the support of our exclusive ebook sponsor:
 |
|
|
|
|
|
|
|
|
