The Kubernetes ecosystem is reaching its tipping point
With the Cloud Native Computing Foundation KubeCon CloudNativeCon Europe 2022 Last week in Valencia, Spain, the Kubernetes world revived after a lackluster conference in Los Angeles last fall — despite a strict conference-wide mask requirement.
The overall feeling at the conference was that the Kubernetes ecosystem is reaching an inflection point. Work on the core Kubernetes platform itself is slowing as it has reached a level of maturity – while rapid innovation across the Kubernetes landscape continues unabated.
This year is all about getting down to business, where the business of Kubernetes is running dynamic applications at scale. Many companies are promoting massive Kubernetes deployments, while many others are somewhere on their cloud-native roadmap.
I had a bit of déjà vu remembering a Linux conference I attended about a decade ago. The keynote speaker trumpeted the fact that Linux had won the company against all odds. Kubernetes is on track for a similar victory.
Cloud-native hotspots at KubeCon
I spent my time at the conference interviewing the most interesting vendors exhibiting at the show to look for the most innovative and interesting offerings. Here are my top 9.
CloudCasa out of Catalogic Software Inc. provides backup and recovery of Kubernetes and cloud databases as a service. CloudCasa can span multiple clusters across EKS accounts in Amazon Web Services, aggregate security information across clusters and accounts, and protect against accidentally or maliciously deleted clusters.
The special thing about Catalogic: CloudCasa adds cyber resiliency to the mix with tamper-proof backups that protect customers’ data from ransomware attacks. CloudCasa can then use vulnerability assessments to verify that backups are secure.
Fairwinds Ops Inc. manages security, compliance, and costs across the Kubernetes landscape by automating security and compliance configurations, even when the organization needs multiple different Kubernetes configurations in different environments.
What makes Fairwinds special: The company automates security hygiene and regulatory compliance for Kubernetes, eliminating the need for DevOps engineers to act as a developer helpdesk. With Fairwinds, organizations avoid both over- and under-provisioning and are able to generate automated security and compliance audits.
Lightlytics Ltd. offers a “digital twin” model of the Kubernetes production environment that its customers can use to identify vulnerabilities and misconfigurations prior to deployment. This digital twin can also provide an impact analysis of potential changes prior to deployment.
What makes Lightlytics special: Lightlytics collects its information from Git repos as well as via detection of production environment configuration. While AIOps tools use machine learning to detect anomaly patterns to infer the root causes of problems, Lightlytics works in the opposite direction, calculating the impact of potential problems deterministically without the need for AI.
The Kubernetes architecture supports multiple clusters, with each cluster supporting multiple ephemeral pods, which in turn contain multiple ephemeral containers.
However, the clusters themselves don’t have the same transience as pods and containers. They can take many minutes to spin up, so scaling the number of clusters up and down quickly can be a difficult challenge.
Loft Labs Inc. solves this problem by introducing virtual clusters within Kubernetes clusters. From the perspective of the pods they contain, virtual clusters work just like regular clusters—but Kubernetes can scale them up and down in a minute or two.
The special thing about Loft: Organizations with several development teams working in parallel can set up virtual clusters for any purpose with their own namespaces and thus avoid interference with other teams. Virtual clusters become idle when not in use, consuming minimal resources.
The ephemeral nature of containers and pods in Kubernetes favors stateless workloads. Proper management of state information in Kubernetes therefore requires an abstraction layer that supports stateful resources.
Officially StorageOS Inc., on date provides this abstraction. The company offers a software-defined storage layer that runs on Kubernetes. Ondat can provide stateful services such as databases, caches and the like that stateless Kubernetes workloads can access on demand.
What makes Ondat special: The company covertly handles uptime, cross-node replication, data recovery, and encryption on-the-fly, so developers don’t have to worry about such complicated details.
The Application Security Marketplace is an alphabet soup of offerings, including SAST, DAST, IAST, and SCA. These tools offer a combination of uncovering vulnerabilities directly in source code or attempting to identify vulnerabilities in running code based on its behavior.
Oxeye Security Ltd. goes one step further: it offers static and dynamic analysis of the running code through decompilation, even if the source code is not available.
Oxeye is thus able to detect application vulnerabilities within the runtime context for those applications – which is necessary to detect issues like the Log4j vulnerability and other vulnerabilities in the software supply chain, even for complex, dynamic microservices applications running on Kubernetes will.
What makes Oxeye so special: Decompiling JVM-based languages like Java and Scala means dealing with Java bytecode that is barely human-readable at best. Detecting vulnerabilities at this level is impressive enough – but Oxeye can also uncover problems for compiled languages like Golang, where decompilation needs to process raw object code.
Portainer.io Ltd. offers a multicluster, multicloud container management platform that runs across all orchestrators and environments including on-premises, cloud and edge.
The special thing about Portainer: Independent software vendors are increasingly delivering their goods in containers designed to run on Kubernetes. However, your customers may not be up to speed with the platform yet. Portainer provides a simple, intuitive user interface for those Kubernetes newbies to manage their app environments—so easy that ISVs include it in their offerings.
Section.io Inc. enables its customers to deploy Kubernetes across distributed edge locations as virtual Kubernetes clusters. Section’s adaptive edge computing network is dynamic, heterogeneous, and multicloud-ready.
What is special about Section: From the platform engineer’s perspective, the Kubernetes Edge deployment is fully configurable, supporting configurable latency, data sovereignty, and other options. However, from the app developer’s perspective, the Adaptive Kubernetes Edge section looks and works like an ordinary Kubernetes deployment.
Tetrate.io Inc. uses its expertise with the Istio service mesh and the Envoy proxy to provide the Envoy gateway, an application programming interface gateway and ingress controller that works in conjunction with Istio.
The result is a powerful, scalable abstraction of dynamic endpoints in Kubernetes, enabling massively scalable connectivity with cloud-native, zero-trust security for dynamic microservices endpoints as well as more traditional software endpoints.
The special thing about Tetrate: Conventional wisdom would have you believe that service meshes provide secure connectivity for east-west interactions (within Kubernetes), while API gateways provide the same benefits for north-south interactions (between Kubernetes and non-Kubernetes endpoints). . Tetrate brings these capabilities together in a single management platform that extends the connectivity and zero-trust benefits of its service mesh to API interactions as well.
The common thread: applications
The shift is subtle but noticeable: less attention is paid to the software infrastructure and more focus on the applications that run on that infrastructure – how to deploy, manage, and secure them.
Kubernetes may not be quite as part of the information technology buzz as Linux and TCP/IP are, but it’s well on the way. There are still a few pieces missing and other projects are still rough, but Kubernetes — and cloud-native computing in general — is here to stay.
Jason Bloomberg is Founder and President of Intellyx, which advises executives and technology providers on their digital transformation strategies. He wrote this article for SiliconANGLE. (* Disclosure: Tetrate is an Intellyx customer. None of the other companies mentioned in this article are Intellyx customers. The CNCF covered the author’s travel expenses to KubeCon, an industry standard practice.)