KubeCon North America 2020 is a wrap and with the current global pandemic has shifted to a virtual conference instead of Boston this year. If you are unfamiliar with KubeCon, this is the signature event put on by the Cloud Native Computing Foundation, which is the home for Kubernetes and a myriad of other cloud-native projects. KubeCon is an event where project maintainers and end-users come together under one virtual roof.
Comparing to KubeCon North America 2019, the ecosystem continues to mature and paradigm-shifting trends in technology such as the service mesh rush do not seem as novel as many cloud-native technologies are hitting mainstream adoption in 2020. A good gauge on the marketplace is the CNCF’s Cloud Native Landscape which towards the end of 2019 had 1300 listings/cards. Compared to today where that number is around 1500, the number of new projects and players is starting to slow which is a sign of maturity.
Raking over the vast number of sessions in KubeCon North America 2020, we can start to see some trends. Where there is new or increasing number of talks can be a telltale sign of where the market is headed and for decreasing number of talks is an indication of maturity in the technology. Interestingly the talks that are increasing in nature are also signs of ecosystem maturity with lots of non-functional requirements such as security coming to the forefront.
Several topics have been increasing with the number of talks that they represent. From security, pipelines, managing complexity, and state all represent areas that are popular topics at KubeCon North America 2020.
What immediately jumped out at me was the number of talks around Falco [not to be confused with Calico]. With the budding popularity of Linux kernel level tracing with eBPF, the Falco project which was donated by Sysdig leverages eBPF and creates the ability to create a policy from kernel events. Taking a look at the Falco examples, monitoring for things such as unauthorized namespace changes are simple to catch and hard to bypass the kernel level event tracing.
Carrying on momentum from last year are two other security-related projects, OPA and Spiffe/Spire. Open Policy Agent [OPA] is a centralized service agnostic authorization policy agent. Condensing that down basically, authorization is what you have rights/entitlements to. By being able to intercept several different protocols like HTTP, OPA can be service agnostic. Spiffe and it’s subproject Spire are the authentication piece in the authentication and authorization duality. Authentication is validating who you. Spire provides a runtime for Spiffe services to run.
Gone are the days of 2015 when the word state automatically disqualified workloads from being placed on Kubernetes. Thanks to a lot of work from the CNCF Storage Special Interest Group [SIG] state is approaching mainstream for most cloud-native workloads. The SIG has published a whitepaper describing the storage landscape in 2020 and has a talk at KubeCon around such. The first storage CNCF project, Rook, has attained graduated status inside the CNCF last month.
As workloads become more specific and granular to run on Kubernetes, the instruments of getting these workloads on the clusters have to evolve also. There were a handful of talks around pipelines for specific workloads e.g Machine Learning pipelines.
HPE had an interesting talk about the challenges with deploying Machine Learning workloads both functional and non-functional. Certain workloads require an order of operations which boils down to orchestration and the ability to wait on steps. On the programmatic side Kubernetes has introduced Operators once up and running but getting the initial workload deployed or updated still requires multiple steps.
The piece in the HPE talk that was an “ah-ha” moment for me was not to forget about the non-functional requirements. If we were building a very specific application whose sole purpose was to get changes in for our Machine Learning packages we would bake in non-functional requirements like security and audit. Though the authors of Machine Learning packages are still subject to the same CI/CD platforms that the rest of the application teams are and have to bake in those requirements somehow. Harness takes in those non-functional requirements from day one.
Any fast-moving technology movement will inherently introduce complexity. As you design for the future you are learning as you go along and one thing that is true with the cloud-native landscape that approaches that were taken only a few years ago can now seem dated.
In the Kubernetes ecosystem, there can seem to be an endless amount of YAML [configuration] and potentially CRDs [custom resources] that you need to create and manage. Intuit had an interesting talk about how they manage around 2.5 million lines of YAML. Like any other language or application, configuration and package management are key. They stressed the need for tools like Helm and Kustomize in their journey.
There are certain trends and observations occurring that as the ecosystem continues to mature and in 2020 is certainly mainstream for your organization to be leveraging at some capacity cloud-native technologies.
The cloud-native ecosystem is a pretty competitive space. Because of the popularity, there have been lots of investments by multiple projects and vendors to lay claim on their slice of the ecosystem. With any technology, there are ebbs and flows and the paradigms continue to shift as codification into traditional infrastructure continues to occur. There are fewer certified Kubernetes distributions than last year and Service Mesh technologies are not at the forefront of KubeCon this year.
Compared to 2019 where there were 99 certified Kubernetes distributions, that number is down to 68 today. Being a Kubernetes infrastructure provider is a pretty competitive business to be in. As the conformance tests get more stringent and the level of resources to maintain conformance and certification can be a lot especially with supporting multiple Kubernetes versions.
Service Mesh technology is certainly hitting more adoption inside the Kubernetes ecosystems. At KubeCon 2019, there were 19 talks on Service Mesh technologies. Compared to 2020 where there are only four talks. Hard to speculate why there was a sharp decrease in the number of talks. Ironically, Istio is not a member project of the CNCF which made several of the 2019 talks. From an application development perspective, Service Meshes are on the more complex side as they include several networking concepts that your typical application developer would not be exposed to on a daily basis.
In technology, the only constant is change. With the ebbs and flows in the cloud-native ecosystem, Harness is here to allow you to adopt new technology at your pace.
No matter where you are in your cloud-native journey, Harness is here to partner. The cloud-native journey can be a winding one with having to maintain existing applications and designing/migrating for the future. Harness has you covered. Feel free to sign up for a trial today!
Catch you at KubeCon 2021,
-Ravi