Kubernetes is definitely the darling of the cloud when it comes to orchestration. Hundreds of companies are looking to take a page from the books of Google and enhance their performance with the use of microservice architecture and containers. In a recent interview with Geekwire, Bob Wise, Samsung’s CTO, outlined how companies have become high performance organizations, and specifically mentioned that Kubernetes was the way to go as far as that technology was concerned. According to Octoverse, a website that tracks the popular projects on Github, Kubernetes ranks as the number 2 open source project in the number of users actively review code.
The Alpha males
A software is only limited by the people who write its code and Kubernetes has an unlimited number of contributors, to say the least — right from independent coders to multi-billion dollar corporations like Google and Microsoft. Even companies like Oracle that live and die by the sword seem to have changed their ways after joining the Kubernetes movement. In a recent announcement, Oracle launched three open source tools for containers. It’s probably worth mentioning that the origins of Kubernetes predate the rush to containers and microservices that we are witnessing today and a lot of work has gone into making it the powerful orchestrating tool that it is today. In other words, if someone does come up with a replacement, it’s going to have a lot of catching up to do.
Version 1.7 is here, and with it come a lot of new features and a lot more security and “extensibility.” The last version saw a lot of features move to beta like etcd 3, RBAC and Kubeadm, while this version comes with a lot of new features that are in the alpha stage. Two major alpha features are External admission controllers that provide options for adding custom business logic to the API server, and Policy-based Federated Resource Placement that provides placement policies for federated clusters. Just to refresh our memories a bit, Kubernetes Cluster Federation enables users to federate multiple clusters across different regions, cloud providers, or on-premises installations into a single logical compute federation.
Secret encryption
One of the recent Docker announcements was that Docker datacenter can now keep secrets in containers. This is a configuration object for swarm mode that allows users to securely pass along configuration information that no one else can see. Applications often need to keep “secrets,” which are basically pieces of data that need to stay encrypted, like passwords, for example.
Kubernetes 1.7 lets us know that it plans to keep secrets too though this same functionality which is now in alpha. This version actually takes secret encryption a bit further and can also control which pods can keep what secrets with the help of new node “authorizer”. Node authorizers are a new addition that restrict a Kubelet’s access to secrets, pods, and other objects based on its node.
If it’s a choice between who you think would keep your secrets safest, probably neither since they are constantly being built to complement each other and are not really exclusive. In fact, Kubernetes plans future integration with third-party vault products like Hashicorp Vault and Cyberark for secrets storage. Everyone wants to work with everyone else and that’s what microservice architecture is all about.
Stateful storage
Local Storage is another alpha feature to launch and it has taken its time. Storage has been a bane of containers for a while now and the fact that users can now access local storage volumes through the standard PVC/PV interface is major progress. With regards to storage in general, a lot of people feel like containers are only for stateless applications and find it challenging to move things like bank databases to containers.
Containers were always designed to be ephemeral, so we have to use workarounds like StatefulSets, which is a new feature of Kubernetes that can run workloads that depend on persistent storage. StatefulSets also has a new updates feature called StatefulSet Updates, which is now in beta. StatefulSetUpdates allows automated updates of stateful applications such as Kafka and etcd.
Additionally, a new feature called StorageOS Volume plugin provides highly available, persistent volumes from local or attached storage. Kubernetes 1.7 also comes with the added ability to map a local storage devices though the use of local storage may not be the answer people are looking for. It will probably be used “serverless” to do single functions or to store simple instances like a backup function, for instance.
The Enforcer
With regards to more beta releases, in Kubernetes 1.7, the Network Policy API that allows for rules that control how pods can communicate with each other is now stable. The Network Policy API is implemented through a network plugin that allows users to set and enforce rules with regards to which pods can communicate with each other and which can’t. Security is one of the key themes of Kubernetes 1.7 and this feature enables service providers to host Kubernetes in a multi-tenant mode with additional isolation and security capabilities.
There’s always so much talk about storage and security with containers that it looks like version 1.7 is leaving no stone unturned. In addition, Kubelet TLS bootstrapping now supports client and server certificate rotation and audit logs stored by the API server which are now more customizable and “extensible” with added support for event filtering and webhooks.
Extensible
Version 1.7 is unique in the sense that we’re really seeing Kubernetes branch out and bloom and just show us the variety of things it can do. The fact that Kubernetes is trying to be more and more useful in a broader range of scenarios just proves what a versatile tool it is from the ground up and the kind of community it has behind it. A lot of focus is being given to stateful apps and storage which is great news since that’s probably the only place Kubernetes is at a disadvantage. All in all, if you want to take the step into microservice architecture, start working with Kubernetes.
While the previous Kubernetes 1.6 release focused on scale and automation, this latest release is driving home the message with the constant use of the word “extensible.” Extensibility is a software engineering and systems design principle where the implementation takes future growth into consideration. We get it, it’s scalable, and worth mentioning that though 1.7 has a lot of alpha features, its core functionality remains unchanged.
Easy = Automated
The commercial Google Cloud Platform (GCP) Container Engine (GKE) offers the latest release of Kubernetes 1.7 and continue their support for their child project. With people calling Kubernetes the Linux of the cloud, a parent couldn’t be prouder. The term extensibility can also be seen as a systemic measure of the ability to extend a system and the level of effort required to implement the extension, so it’s not only about how scalable, but how easily scalable. With an army of new features, Kubernetes is making sure that there’s no doubt in anyone’s mind just how easy it is to scale.
Image sources: Flickr.com, Wikimedia.org
