Tigera Aims to Ease Connectivity Pain with Kubernetes

Networking startup Tigera’s recently released Essentials for Kubernetes, the company’s first commercial launch, is the first of planned monthly releases of tools to help developers of cloud-native applications work out their connectivity challenges.
It’s aimed as a way to bridge the gap between proof-of-concept and production-level Kubernetes, an open source container orchestration engine.
Cloud-native architectures bring a whole host of connectivity problems — issues such as setting up containers dynamically, assigning IP addresses, setting up the networking, figuring out how each microservice talks to the others, the latency, the retries, according to Ratan Tipirneni, Tigera president and CEO.
“All these problems are now falling into the lap of developers,” he said. “We’ve had these problems in the past, but at the system software level. Now with this type of architecture, developers have to deal with that.”
Tigera’s core technology, Project Calico, has a large base of users that are moving to production Kubernetes. Large deployments with billions of API calls per second are bringing a new class of connectivity challenges, Tipirneni said.
“Users are bewildered by the combination of options at different levels in the stack when considering the options for load balancing, cloud networking, security policies, cluster ingress, address translating, or steering traffic for balancing multiple versions (e.g. for blue-green deployments, rolling upgrades, or canary releases),” the company asserted in announcing Tigera Essentials.
The three features in San Francisco-based company’s first toolkit:
- A policy query utility (installed as a new command-line tool, ‘calicoq’) to explore which policies apply to which workloads, and identify all policies that apply to a given pod. It can confirm that security policies are applied as intended, and diagnose policy misconfigurations.
- A policy audit mode to do a dry run before rolling out into production. It ensures policies work as expected and can help users analyze traffic patterns to refine policies without breaking applications.
- Policy violation alerting, for early detection of anomalous application behavior or intruder activity.
Tigera’s staff also offers technical support for the toolkit and supported technologies, as well as guaranteed response times from production deployment issues. It supports Calico 2.4, Flannel 0.8, Container Network Interface (CNI) 0.5.2 and Istio 0.1.
Project Calico is a Layer 3 approach to virtual networking that grew out of and was open-sourced by Metaswitch. Flannel, from CoreOS, is a network fabric for containers that relies on the distributed system information-storage daemon etcd, the underpinning for Kubernetes. CNI, also originally from CoreOS, is now a networking project of the Cloud Native Computing Foundation (which is also the sponsor for Kubernetes).
Istio is a traffic monitoring and control network designed to work with Kubernetes. Tigera supports it in non-production environments only, but Tipirneni predicts it’s going to be big.
“We are embracing Istio. We believe it’s going to be a very powerful, very impactful piece of the solution for connectivity,” he said.
The monthly Tigera toolkits will be based on customer needs; Tipirneni said the company has a backlog of requests already in hand.
Tigera’s founders — Andrew Randall, Christopher Liljenstolpe and Alex Pollitt — came from Metaswitch and announced their new company, founded last year, would become the sponsor company for the open source project Calico. In June 2016, Tigera announced a partnership with CoreOS to integrate Calico and Flannel in a new project called Canal. Tigera’s Tom Denham recently provided an update on how that work’s coming along.
In a post about container networking from The New Stack’s ebook on Docker and the container ecosystem, Lee Calcote delves into two proposed standards for configuring network interfaces for Linux containers: the container network model (CNM) proposed by Docker and CNI.
In yet-to-be-published results from The New Stack’s 2017 Kubernetes User Experience Survey, Flannel was the top networking choice, with 45 percent of respondents using it.
Calico came in second at 28 percent, with Google Compute Engine close behind at 25 percent, with users citing GCE’s native software-defined networking (SDN) tools.
Flannel was more likely to be used by those with broad implementations of Kubernetes (52 percent of respondents) as opposed to those with initial implementations (39 percent).
However, 46 percent of those who cited Calico also cited Flannel, as the two are being integrated. Meanwhile, of the cluster operators who said their Kubernetes implementation are in the initial states, some 40 percent say they are using Project Calico.
“Whether Tigera can retain these users through their journey to broader adoption, is an open question,” said analyst Lawrence Hecht, author of the TNS survey results report.
Tipirneni, however, says Calico is being widely used in production Kubernetes environments.
Hecht also noted that application developers have varying needs, so it’s not surprising that their choices for SDN approaches were all over the map.
The Cloud Native Computing Foundation and CoreOS are sponsors of The New Stack.
Feature image from Tigera.