Trends to Follow at KubeCon 2017

Dec 4th, 2017 9:30am by Gadi Naor

KubeCon is this week, and 2018 is just around the corner. After a year that saw a massive evolution of the data center and the technologies connected to it now is the time to reflect on where this industry is headed, and the challenges that we will need to confront. With that in mind, here’s what we are looking forward to hearing more about at KubeCon.

Kubernetes

Gadi Naor, CTO and Co-Founder of Alcide

Gadi Naor brings 15 years of experience in leading the development of cybersecurity products to his role as CTO and Co-Founder of Alcide. Gadi has blended his management and technological background in various positions. Gadi worked at CheckPoint where he served as Business Development Manager and Senior Developer, leading the development of CheckPoint’s Firewall core security engine and VPN software. He then served as a Senior Software Engineer at Altor Networks, a pioneer in virtualized data center security that was later acquired by Juniper Networks, where he continued to serve as a Senior Software Engineer. Prior to co-founding Alcide, Gadi was the Co-Founder and CTO of Fitfully, a microservice-based system. He holds a B.A in Computer Science from the Technion Institute of Technology.

Kubernetes has become the go-to container orchestration platform for many good reasons and may very become the ideal system for building and operating cloud-native applications. While Kubernetes may be the Promised Land, it will need to address existing challenges, such as building, running, operating and securing the deployed services — which is where the largest gaps exist.

We are going to see how applications developed with Kubernetes or migrated into Kubernetes will evolve into fully self-managed applications, also known as operators.

Think of operators as your Site Reliability Engineer (SRE) operating the application, but structured as autonomous software components that take care of auto-scaling, updating and upgrading, and ensure that everything is aligned with the desired state.

Another significant challenge for Kubernetes lies in security. Whether running on bare metal or public cloud, Kubernetes makes you the happy owner of the infrastructure with which your applications are provisioned, but a clear pitfall is that operations needs to control where they want their eyes and ears to be when it comes to infrastructure security.

To take Kubernetes to the next level, from a security perspective, enterprises will need to focus on security at all levels, including relevant integrations, authentication, authorization and monitoring. Kubernetes out-of-the-box features, combined with powerful extensibility that vendors can leverage, will drive properly secured deployments.

Microservices

We all agree that microservices works hand in hand with CI/CD, and this truly opens the door to accelerate the business evolution cycle — but, not all microservices are created equally. For example, some microservices are customer facing, while other internal microservices may be less demanding in terms of scale and performance. And though Kubernetes does make the migration and operation of microservices more natural, what we really need to be thinking about in the future is how Kubernetes can optimize more dynamically to the running applications.

So, with that in mind, are you going to build one cluster to run different microservices, knowing that not all microservices are created equally? I believe this is a must from a security standpoint and from a scale standpoint.

At KubeCon, my must-attend talks will be those that answer questions like this one, focusing on multi-clusters, custom-metric based auto scalers and how security fits into that equation.

The Infrastructure, the Service Mesh, and What Stands in Between

Now that we’ve attained the powerful Kubernetes infrastructure that caters to the applications and services deployed on top of it, the task of monitoring and securing microservices becomes painful and challenging, but also mission critical.

Service Mesh frameworks such as Istio, though still in their early stages, are attempting to come to the rescue for this dilemma by simplifying the process of monitoring and securing microservices. It’s not a complete solution, because message queues are not part of that mesh party. And it may be challenging from the perspective of performance and production readiness. But it will be interesting to hear about the progress that’s been made and and where this technology is going. This would be the next group of KubeCon sessions on my must-attend list.

Containers

Containers are definitely here to stay, and as a software packaging and deployment mechanism, their rising popularity makes perfect sense, especially with the easy-to-use toolchain that Docker introduced. At KubeCon, I anticipate learning more about the new Container Runtime Interface (CRI), and how and when it will replace the existing Docker engine.

For all of us in this space, an interesting few days lie ahead with the many thought leaders we will get to meet at KubeCon. I hope we can all come away with some deep insights into what 2018 has in store for all things Kubernetes.

Alcide is a sponsor of The New Stack.

Feature image via Pixabay.

Gadi Naor brings 15 years of experience in leading the development of cybersecurity products to his role as CTO and Co-Founder of Alcide. Gadi has blended his management and technological background in various positions. Gadi worked at CheckPoint where he...