Kubecon 2017 Pancake Podcast: Should Developers Be Allowed Anywhere Near Kubernetes?

Do developers need to interact with the Kubernetes open source container orchestration engine at all? That was one of the many intriguing questions we got from the audience during our second pancake podcast, held Thursday, at the Cloud Native Computing Foundation’s Kubecon 2017. We caught it all here on this latest edition of The New Stack Analysts podcast.

Sponsored by Alcide and Chef, this panel discussion set out to explore the “Evolving Patterns in Kubernetes.” Leading the discussion, moderated by TNS founder Alex Williams, were the following panelists:

• Erica von Buelow, CoreOS software engineer
• Tasha Drew, Chef product manager for Habitat
• Jeyappragash “JJ” Jeyakeerthi, technologist
• Gadi Naor, Alcide co-founder and chief technology officer

As application development appears to be slowly reconfiguring around microservice-based architectures, questions from the audience naturally centered on how to adopt this new paradigm within existing enterprise IT management. While working together to form an application, each of the microservices must be unit-tested individually, to ensure the whole system will operate, noted Jeyakeerthi, who was with Twitter when that company delved into microservices. He noted that isolation testing must be done across three dimensions: security, failure and performance.

Sponsor Note

Alcide delivers a network security platform designed for any combination of container, VM and bare metal data centers operated by multiple orchestration systems. Alcide empowers DevOps, Security and Engineering teams with simplified and autonomous control to manage and secure the evolving data center and hybrid cloud, at any scale.

Security, naturally, was a big area of concern. Service meshes proved to be popular at this year’s event, and one of the reasons for this was that they provide a greater level of observability, Naor noted. You still need to dig into the microservices once a breach happens, he noted. When something goes wrong, developers want to ssh into their microservices, the way they have always done, von Buelow added, noting that this, in itself, is a bad security practice (as is having an ssh client in a container at all).

Kubernetes has the reputation of being difficult to manage. The question of whether system administrators should allow access to production K8s instances at all was one also mulled by the panel. After all, Chef’s Habitat provides a fully-automated pipeline that allows devs to package their applications along with their dependencies and deliver them to a Kubernetes environment, Drew noted. (Chef just released a connector to make this transition even more smooth).

Sponsor Note

Chef’s comprehensive suite of automation products can manage it all–infrastructure, run-time environments, applications and even the DevOps workflow itself. The most enduring and transformative companies use Chef to become fast, efficient, and innovative software-driven organizations.

In This Edition:

3:25: Some of the themes at KubeCon in context with the idea of evolving patterns and service mesh.
6:55: How Chef Habitat fits into the evolving patterns we are starting to see emerge around an application-oriented development.
16:07: What Habitat does for developers when using Kubernetes.
27:16: Holistically dealing with building infrastructure, service mesh, and policy between microservices.
31:11: Security and observability in a service mesh infrastructure.
35:44: How Kubernetes is going to evolve from a developer perspective as technology shifts.

Alcide, Chef, The Cloud Native Computing Foundation, and CoreOS are sponsors of The New Stack.