Cloud Native Computing Foundation’s (CNCF) Kubecon is an exclusive platform for the entire cloud-native community to come together and for announcements of new projects, products, and features. Kubecon + Cloud-NativeCon’s North American leg took place over the course of four days in November. Like every other major event this year, Kubecon 2020 was entirely virtual. Despite the virtual setting, there were over 25,000 attendees in Kubecon 2020 North America.
In 2015, when Google and Linux joined forces to form the CNCF, there were only 18 members. Fast forward to 2020, and there are over 600 members in the CNCF. This is a testament to the pace at which the Kubernetes ecosystem has been growing over the last five years. Kubernetes is the fastest growing open source project and has the most developers, second only to Linux. The Kubernetes ecosystem is growing rapidly, and the cloud-native community is constantly working on tools that can help elevate the K8 ecosystem to the next level.
Let’s take a look at some key highlights from the Kubecon + CloudNativeCon North America 2020.
Certified Kubernetes security specialist certification announcement
A new certification was announced by Cheryl Hung, the vice president of ecosystem for the CNCF. This new certification will join the previously available Certified K8 Admin (CKA) and Certified K8 Application Developer (CKAD) certifications. Like CKA and CKAD, Kubernetes security specialist certification (CKS) will be an online, proctored, and performance-based certification to test the ability of the developers to solve K8 security tasks from the command line. This certification will focus on K8 functionalities, and features like RBAC (role-based access control) and various network policies meant for securing clusters. To be eligible for the certification, the users will have to pass the CKA. The CKS exam will be two hours long with about 15-20 questions. A minimum score of 67 percent is required to pass the exam. The certification will be valid for around two years. The test will cost around $300 with a free retake. Since security has been the theme for this year’s Kubecon, CKS is expected to be one of the most sought-after certifications for K8 developers and security analysts.
Widening horizons of DevSecOps
Kubernetes is an amazing platform and has changed application development drastically in the last five years. However, K8 ecosystems are bound to become complex. And, the security of large clusters can become tricky if the right tools aren’t leveraged. A couple of years ago, the security of K8 clusters wasn’t considered important. However, with an ever-increasing number of organizations using K8s in production, security holds the utmost importance. With the rise of DevSecOps over the last couple of years, security is important at every step of the application development.
This year, over 12 sessions singled out security considerations for K8 workloads. Traditional security tools cannot be used to secure your K8 workloads effectively. Observability is key to implementing security to complex workloads. With both developers and security analysts getting constant insights into the applications, the breaches can be caught early. Projects like OpenTelemetery are becoming increasingly popular among vendors and contributors looking to have common instrumentation set between the dev and ops teams. OpenTelemetery is a CNCF framework that uses APIs and SDKs to generate and export telemetry data (metrics, logs, and traces), which can then be used for analysis and alerting. Jetstack announced that it would be donating its cert-manager project to the CNCF. Cert-manager is a K8s native certificate management tool that gives security analysts the confidence to let developers self-serve certificates.
Other important Kubecon 2020 announcements
Various vendors announced new features and projects at Kubecon + CloudNativeCon NA 2020. Let’s take a look at some of these announcements.
Commvault announces Metallic BaaS for Kubernetes
Commvault, a leader in data management for cloud and on-premises workloads, has announced a new offering that provides enterprise-grade data protection for K8s. Commvault’s Metallic BaaS for K8s protects containers while fully integrating with Kubernetes via Container Storage Interface (CSI). Metallic BaaS Kubernetes backup protects Kubernetes workloads irrespective of the platform they are hosted on. Commvault understands that hybrid works for most organizations and helps implement container protection on platforms such as Microsoft Azure VMware Solution (AVS), VMware Cloud on AWS, Azure Kubernetes Service, Amazon on EKS, Red Hat OpenShift, and VMware Tanzu. For customers who purchase the Metallic BaaS solution for 10 VMs in six months, Commvault will provide free and unlimited K8s support for the entirety of the subscription.
Red Hat and NetApp’s collaboration on K8s backup
Red Hat and NetApp have announced a new collaboration to provide application data management for OpenShift and Project Astra customers. Application data management has become really critical for many organizations that want to store their application data for migration and disaster recovery without getting tied to a single vendor or platform. With this offering, customers will manage applications with data and perform secure and seamless restoration of applications and data. This solution also provides automatic K8s cluster failover to ensure high availability. Always on data protection between two different OpenShift clusters will help ensure application and data restoration across sites.
Dynatrace unveils PurePath 4
Dynatrace has unveiled the fourth edition of its end-to-end K8s monitoring tool, PurePath. PurePath technology provides a comprehensive view of K8s applications based on business outcomes. PurePath provides end-to-end, code-level visibility in organizations’ workloads. You can enable PurePath with a single line command. Dynatrace automatically and continuously maps and visualizes applications and provides detailed diagnostics without any manual intervention. PurePath can also detect interdependencies between different application components with zero overhead. With this new update, PurePath will support OpenTelemetery along with K8s offering by various cloud vendors like Microsoft Azure, AWS, and Google Cloud Platform.
TrilioVault for Kubernetes version 2.0
The new version of TrilioVault for K8s will now offer namespace backups, which will allow users to backup and migrate all the applications and components in a single namespace, which will be convenient for organizations that don’t want to keep several backups based on different applications and components. With TrilioVault, users can take foolproof, application-consistent backups by running operations against the database before and after backup or restore. TrilioVault 2.0 will support Cassandra, MongoDB, and MySQL. TrilioVault for K8s 2.0 will now come with improved backup management. Users will be able to search and view relevant backups and restore the applications using them. No source luster is required to access backups anymore. Restore plan will now be available for selective backups and to rectify application behaviors to avoid issues during migration.
Kubecon 2020: Wrapping up
The pace at which the cloud-native market is growing and evolving is nothing less than extraordinary. Kubernetes announced that they would be slowing the tempo of the Kubernetes release cycles. So far this year, Kubernetes had only three minor releases. A similar pace will be followed by K8s in 2021, allowing vendors to catch up to the constantly changing cloud-native landscape.
Vendors and contributors are constantly developing new features that make Kubernetes even more accessible and easy to implement in pre-existing workloads. Security is the biggest concern when it comes to K8s. Going forward, we’ll witness various vendors releasing K8s security solutions to capitalize on K8s’ shortcomings when it comes to security. It’s going to be exciting to witness what vendors come up with next.
Featured image: Designed by Macrovector / Freepik