Do developers need to interact with the Kubernetes open source container orchestration engine at all? That was one of the many intriguing questions we got from the audience during our second pancake podcast, held Thursday, at the Cloud Native Computing Foundation’s Kubecon 2017. We caught it all here on this latest edition of The New Stack Analysts podcast.
Sponsored by Alcide and Chef, this panel discussion set out to explore the “Evolving Patterns in Kubernetes.” Leading the discussion, moderated by TNS founder Alex Williams, were the following panelists:
- Erica von Buelow, CoreOS software engineer
- Tasha Drew, Chef product manager for Habitat
- Jeyappragash “JJ” Jeyakeerthi, technologist
- Gadi Naor, Alcide co-founder and chief technology officer
As application development appears to be slowly reconfiguring around microservice-based architectures, questions from the audience naturally centered on how to adopt this new paradigm within existing enterprise IT management. While working together to form an application, each of the microservices must be unit-tested individually, to ensure the whole system will operate, noted Jeyakeerthi, who was with Twitter when that company delved into microservices. He noted that isolation testing must be done across three dimensions: security, failure and performance.

Security, naturally, was a big area of concern. Service meshes proved to be popular at this year’s event, and one of the reasons for this was that they provide a greater level of observability, Naor noted. You still need to dig into the microservices once a breach happens, he noted. When something goes wrong, developers want to ssh into their microservices, the way they have always done, von Buelow added, noting that this, in itself, is a bad security practice (as is having an ssh client in a container at all).
Kubernetes has the reputation of being difficult to manage. The question of whether system administrators should allow access to production K8s instances at all was one also mulled by the panel. After all, Chef’s Habitat provides a fully-automated pipeline that allows devs to package their applications along with their dependencies and deliver them to a Kubernetes environment, Drew noted. (Chef just released a connector to make this transition even more smooth).

In This Edition:
3:25: Some of the themes at KubeCon in context with the idea of evolving patterns and service mesh.
6:55: How Chef Habitat fits into the evolving patterns we are starting to see emerge around an application-oriented development.
16:07: What Habitat does for developers when using Kubernetes.
27:16: Holistically dealing with building infrastructure, service mesh, and policy between microservices.
31:11: Security and observability in a service mesh infrastructure.
35:44: How Kubernetes is going to evolve from a developer perspective as technology shifts.
Twitter was one of the first companies to delve into #microservices — Jeyappragash “JJ” Jeyakeerthi #KubeCon #PancakePodcast pic.twitter.com/IRDSOCAO5o
— The New Stack (@thenewstack) December 7, 2017
.@Chef’s #Habitat can automate the development pipeline for shipping apps to a #Kubernetes environ — @tashadrew about the new Habitat Kubernetes operator, on today’s #PancakePodcast #Kubecon pic.twitter.com/6S8tARkLYB
— The New Stack (@thenewstack) December 7, 2017
Admittedly, it can be a bit scary for developers and operators to no longer be able to SSH into an container to fix something — @evonbuelow, from @CoreOS, on the new #microservices dev pipeline #Kubecon #PancakePodcast pic.twitter.com/oG6TCd20lG
— The New Stack (@thenewstack) December 7, 2017
Security debt is something that can end up as a breach — Gadi Naor, @alcide_io #Kubecon #PancakePodcast pic.twitter.com/5fiPFD9a5X
— The New Stack (@thenewstack) December 7, 2017
A #ServiceMesh is great for security observability but you also need to be able to dig into a set of #microservices when a breach happens — Gadi Naor, @alcide_io #Kubecon #PancakePodcast pic.twitter.com/S6xnTw16d2
— The New Stack (@thenewstack) December 7, 2017
3 types of isolation testing for microservices: security, failure, performance — Jeyappragash “JJ” Jeyakeerthi, #PancakePodcast #Kubecon pic.twitter.com/NW0JLrmmmV
— The New Stack (@thenewstack) December 7, 2017
Alcide, Chef, The Cloud Native Computing Foundation, and CoreOS are sponsors of The New Stack.