From the Nordic country of Denmark, the hottest conference in the cloud community was held. Boasting an attendance of more than 4, 300, it is one of the biggest conferences in the open source community this year.
The main story for this year is the massive adoption of Kubernetes and the growth of the Cloud Native Computing Foundation (CNCF).
The growth of CNCF was clearly indicated both by the doubling of the number of attendees and the number of projects advancing from 8 to 20 projects. The breadth of the projects and the different problems solved by these makes Kubernetes a force multiplier causing support to be a major criteria when picking solutions to business problems.
The New Multi Cloud?
The big three cloud providers AWS, Google Cloud and Microsoft Azure now provides full managed offering for Kubernetes. Other companies who are now Kubernetes converts include Rancher (2.0), Mesosphere, IBM, Redhat Openshift. From the growth of adoption and the number of offerings from these companies, it seems like Kubernetes is the solution to the unsolved problem of multi-cloud.
According to Cloud Foundry’s keynote, 50 out of the Fortune 100 companies are already using Kubernetes or are running trials. JD.com, one of the biggest e-commerce company in China, are running 20,000 servers on their clusters — the biggest cluster running a staggering 5,000 server cluster.
End-user presenters also include FT.com (a popular journalism company focusing on finance), Monzo (a startup bank in the UK) and CERN who are running their large hadron collider calculations using Kubernetes for federation and high throughput batch computing.
On the technical point of view, Google’s foci this year are Security, Experience and Application.
For the past few months, news of Kubernetes security hacks are quickly becoming a concern. One of the most prominent is that of tesla. This year, Kubernetes focuses on Security and secure defaults. Due to the complexities of creating a kubernetes cluster and running it, there is a lack of secure defaults. Adding secure defaults which adds more complexities when trying to initial break through the technical wall of creating a kubernetes cluster.
Security as defined on the Kubernetes is being divided into three layers. The first is Infrastructure security which focuses on both the control plane and the worker node security. This is especially important when adding multi-tenancy in the same Kubernetes cluster. This means setting up secure defaults when running pods, (using podSecurityPolicies), network policy. node communication using mTLS authentication authorization, Node and RBAC modes.
The second is Container security which focuses more on the security of images stored in the container registry. This security layer are usually handled by the security registry themselves or can be done using a security scanning application.
The last and newest layer is the Runtime security which focuses on the application runtime making sure that exploits or backdoors on a running application is prevented. This layer is usually the entry point for external hackers and is therefore the most important to get right. This can be achieved by checking container behaviour and setting policies when a container does some it is not supposed to do on the duration of its runtime.
Experience or Developer Experience is increasingly important for the Kubernetes community in order to promote adoption within the open source community. As more features are developed within Kubernetes, it becomes a multiplier for developers to write applications within Kubernetes.
One of the projects aiming to improve developer experience is Google Skaffold Application which is becoming more and more cloud native and therefore tied to the kubernetes ecosystem.
In terms of applications, Kube Native Applications are becoming popular using Operators and CRD (Custom Resource Definitions) these kinds of applications promotes intelligent clusters aware of the business logic of an individual company. The two main reason provided to go down this path of Kube Native Apps instead of using Helm Charts is easier logic management of RBAC (Role Based Access Control) and easier lifecycling of an application.
For example, CERN is using Kube Native Application to run their distributed workload across multiple federated cluster for easier lifecycling and to aggregate the results using a hybrid type of kubernetes job. The end result of this is easier management of these jobs which are then aggregated ready to be analyzed by Physicists.
There were also presentations about running deep-learning, machine learning and high throughput computing (HTC) done by Booking.com.
Areas of development this year are Service Mesh using Istio and Tracing, DNS Management using CoreDNS and Identity Management and Trust Management for distributed workloads using SPIFIFFE and SPIRE, Networking using CNI (Container Network Interface) and its plugins. GitOps is becoming a trending concept as well.
The new CNCF project stages are sandbox, incubation and graduated with Kubernetes the only graduated project yet.