The Kubernetes ecosystem reaches its inflection point
With the Cloud Native Computing Foundation KubeCon CloudNativeCon Europe 2022 last week in València, Spain, the Kubernetes world came back to life after a lackluster conference in Los Angeles last fall — despite a rigorous conference-wide mask mandate.
The general feeling at the conference was that the Kubernetes ecosystem was reaching an inflection point. Work on the Kubernetes Core Platform itself is slowing down as it reaches a level of maturity, while rapid innovation continues unabated across the Kubernetes landscape.
This year is all about getting to work, where the Kubernetes business is running dynamic applications at scale. Many companies are touting massive Kubernetes deployments, while many others are somewhere on their cloud-native roadmap.
I felt a bit of deja vu remembering a Linux conference I attended a decade ago. The speaker trumpeted the fact that against all odds, Linux had conquered the company. Kubernetes is well on its way to a similar victory.
Native Cloud Access Points at KubeCon
I spent my time at the conference interviewing the most interesting vendors exhibiting at the show, looking for the most innovative and exciting offerings. Here is my top nine.
CloudCasa from Catalogic Software Inc. provides Kubernetes and cloud database backup and recovery as a service. CloudCasa can span multiple clusters across EKS accounts in Amazon Web Services, aggregating security information across clusters and accounts, as well as protecting against accidentally or maliciously deleted clusters.
What makes Catalogic special: CloudCasa adds cyber resilience to the mix with tamper-proof backups that protect customer data against ransomware attacks. CloudCasa can then verify that the backups are secure with vulnerability assessments.
Fairwinds Ops Inc. manages security, compliance, and costs across the entire Kubernetes landscape by automating security and compliance configurations, even when the organization requires multiple different Kubernetes configurations in different environments.
What makes Fairwinds special: The company automates security hygiene and regulatory compliance for Kubernetes so that DevOps engineers don’t have to serve as a help desk for developers. With Fairwinds, companies avoid both over-provisioning and under-provisioning and are able to generate automated security and compliance audits.
Lightlytics Ltd. offers a “digital twin” model of the production Kubernetes environment that its customers can use to identify vulnerabilities and misconfigurations before they are deployed. This digital twin can also provide impact analysis of any potential changes before deployment.
What makes Lightlytics special: Lightlytics collects its information from Git repositories as well as through production environment configuration discovery. While AIOps tools use machine learning to discern anomaly patterns to infer the causes of issues, Lightlytics works the other way around, calculating the impact of potential issues deterministically, without the need for AI.
The Kubernetes architecture supports multiple clusters, with each cluster supporting multiple ephemeral pods which in turn contain multiple ephemeral containers.
Clusters themselves, however, do not have the same ephemerality as Pods and Containers. They can take several minutes to start, so rapidly scaling up and down the number of clusters can be a difficult challenge.
Loft Labs Inc. solves this problem by introducing virtual clusters in Kubernetes clusters. From the perspective of the pods they contain, virtual clusters operate like regular clusters, but Kubernetes can scale them in a minute or two.
What makes Loft special: Organizations with multiple development teams working in parallel can create virtual clusters for any purpose with their own namespaces, avoiding interference with other teams. Virtual clusters become idle when not in use, consuming minimal resources.
The ephemeral nature of containers and pods in Kubernetes favors stateless workloads. Properly maintaining state information in Kubernetes therefore requires an abstraction layer that supports stateful resources.
Officially StorageOS Inc., Ondat provides this abstraction. The company offers a software-defined storage layer that runs in Kubernetes. Ondat can provide stateful services such as databases, caches, etc., which stateless Kubernetes workloads can access if needed.
What makes Ondat special: The company handles availability, replication across nodes, data recovery, and in-flight encryption, all under the hood, so developers don’t have to worry about such complicated details.
The application security market is an alphabetical soup of offerings, including SAST, DAST, IAST, and SCA. These tools offer a combination of discovering security vulnerabilities directly in source code or testing vulnerabilities in running code through its behavior.
Oxeye Security Ltd. goes even further: it provides static and dynamic analysis of the running code by decompiling it, even when the source code is not available.
Oxeye is thus able to discern application vulnerabilities in the execution context of these applications – necessary to detect problems such as the Log4j vulnerability and other software supply chain vulnerabilities, even for complex microservices applications. and dynamics running on Kubernetes.
What makes Oxeye special: Decompiling JVM-based languages such as Java and Scala means dealing with Java bytecode, which is barely human-readable at best. Discerning vulnerabilities at this level is impressive enough – but Oxeye can also uncover issues for compiled languages such as Golang, where decompilation must deal with raw object code.
Portainer.io Ltd. offers a multi-cluster, multi-cloud container management platform that runs on all orchestrators and environments, including on-premises, cloud, and edge.
What makes Portainer special: ISVs are increasingly shipping their products in containers to run on Kubernetes. Their customers, however, may not yet be aware of the platform. Portainer provides a simple, intuitive interface that these Kubernetes newbies can use to manage their application environments — so simple, in fact, that ISVs are integrating it into their offerings.
Section.io Inc. enables its customers to implement Kubernetes on distributed edge locations as virtual Kubernetes clusters. Section’s adaptive edge compute network is dynamic, heterogeneous, and multicloud.
What makes Section special: From the platform engineer’s perspective, the Kubernetes Edge deployment is fully configurable, supporting configurable latency, data sovereignty, and other options. From the application developer’s perspective, however, Section’s Kubernetes Adaptive Edge looks and functions like a regular Kubernetes deployment.
Tetrate.io Inc. leverages its expertise with the Istio Service Mesh and Envoy Proxy to deliver the Envoy Gateway, an application programming interface gateway and ingress controller that works in conjunction with Istio.
The result is a powerful and scalable abstraction of dynamic endpoints in Kubernetes, enabling massively scalable connectivity with cloud-native zero-trust security for dynamic microservices endpoints as well as more traditional software endpoints.
What makes Tetrate special: Conventional wisdom would have you believe that service meshes provide secure connectivity for east-west interactions (inside Kubernetes), while API gateways offer the same benefits for north-south interactions (between endpoints). endpoint Kubernetes and non-Kubernetes). Tetrate brings these capabilities together in a single management platform that also extends the connectivity and zero-trust benefits of its service mesh to API interactions.
The common thread: the applications
The change is subtle, but noticeable: less concern about the software infrastructure and more focus on the applications that run on that infrastructure – deploying them, managing them, and securing them.
Kubernetes may not quite be part of the IT noise floor like Linux and TCP/IP once were, but it’s on its way. There are still a few missing pieces, and other projects are still rough around the edges, but Kubernetes – and cloud-native computing in general – is here to stay.
Jason Bloomberg is founder and president of Intellix, which advises business leaders and technology providers on their digital transformation strategies. He wrote this article for SiliconANGLE. (* Disclosure: Tetrate is an Intellyx client. None of the other companies mentioned in this article are Intellix customers. The CNCF covered the author’s travel expenses to KubeCon, a common industry practice.)