Kubernetes This Month – CNCF State of The Union

Kubernetes This Month – CNCF State of The Union


Hello Cloud Gurus! I’m Nigel Poulton
and welcome to Kubernetes This Month. Here’s what we’ve got on the agenda. We’ll do our usual round up of the major
Kubernetes events from the last month. We’ll pick a couple of
those and dive deeper. Then we’ll finish up with your chance to
win a goody bag through our Guru of the Month quiz. So sit back
and get ready to enjoy! First on the list in our news
and catch-up section this month, the CNCF has released
its 2019 annual report. Now the highlights are growth, growth,
growth, and Kubernetes is the future. But we’ll take a closer look
in the Deeper Dive section. On a more technical note, the Kubernetes
blog has an article about KubeInvaders, and yes, this is as cool as it sounds. So KubeInvaders is a cool little project
from Euginio Marzo aimed at making testing the resiliency of
your Kubernetes clusters fun. So basically, it’s gamified
chaos engineering… Space invaders style! Dell’s EMC Isilon scale-out NAS
platform now has a CSI plugin. Now this shows the maturity of
the container storage interface, the CSI and a healthy buy-in
from the vendor community. VMware announced that the first previews
of project Nautilus are available in the latest Fusion Pro Tech Preview. This is an early preview
that runs containers on a
Mac with the goal being that a future edition will run full
Kubernetes clusters on your desktop. So creating a world right, where containers run side-by-side
as equals with VMs on your desktop. Google announced Config Connector. This runs as a Kubernetes operator and
makes GCP resources look and feel like Kubernetes resources that can
be managed in a declarative way. The aim being to make Kubernetes more
and more the standard tool of choice. Plus, saving developers from learning
a million and one tools and systems. Sticking with Google for a second. GKE, the Google Kubernetes Engine has been
benchmarked against the CIS Kubernetes benchmark and we’ll talk more about
that later in our deeper dive section. Rancher Labs has released K3C and I’m
not aware of any pronunciation guide on this one, but it is a super-lightweight Docker
replacement for Kubernetes environments. So, Kubernetes orchestrates containers and
behind the scenes it leans on a container runtime to do things like starting and
stopping containers. For the most part, it’s still uses Docker for this, but K3C is one of an
increasing number of smaller, more focused runtimes that are looking
to replace Docker in the Kubernetes world. Now if you follow me on this
show, yes it should fit nicely with K3S. The folks at Grafana, I
guess they don’t like YAML, cause they’ve just released Tanka as a
tool to overcome some of the pains and shortcomings of YAML.
So if you know ksonnet, this is basically a re-write of that
and it’s probably a good project to take for a spin, especially if
you’re not a fan of YAML. Calico 3.11 was released with
support for dual stack Pod IPs. So that’s a Pod with an IPv4
and an IPv6 networking stack. And last but not least, the CKAD certification has been brought
in line with other Linux foundation and CNCF certifications. So it is now
valid for 3 years. And good news, this applies to existing certs, so if you’ve already
passed your CKAD, great! It now lasts an additional 12 months! And that rounds up our news and
announcements for this month. Okay, in this month’s Deeper Dive section we’ll
look a little bit closer at the CNCF annual report and the GKE CIS Benchmark. So the CNCF released its annual 2019
report and I’ve got to say it’s a pretty easy and a moderately decent read. Plus,
there’s lots of pictures and diagrams. The gist of the report though
is that everything is growing, so paid up members is growing, end
user community, number of conferences, number of meetups, adopted
projects, everything’s on the up. I would say right, explosive growth
would not be an overstatement. Now, embedded within the report is a link
to the KubeCon and CloudNativeCon North America 2019 transparency report, which again is more of
the same massive growth. But there are interesting stats on
attendee demographics and the likes. So, we now know that 65% of
attendees were first timers yeah. 39% were Developers,
with 22% in operations. We’re talking about KubeCon
in San Diego here. Well, 45% of people work in the software
industry with 51% of attendees working for larger companies with over
3,000 employees. Kubernetes, unsurprisingly right, was the project that most people were
interested in with Prometheus and Envoy in second and third places. There’s also data comparing to previous
events and some financials relating to diversity scholarships. Though I found it interesting that there
weren’t more financials considering it’s called a transparency report, but
overall it was an interesting read. Now then, with rapid growth usually
comes growing pains. It’s to be expected, nobody’s perfect and the
CNCF don’t claim to be. But, below the surface as you’d expect, there are challenges and there’s things
that aren’t always as rosy as the marketing PDF suggests. That’s life right, and the CNCF marches on. We’re going to wrap up this months Deeper
Dive section with a quick look at the GKE specific CIS Kubernetes Benchmark. So, at a super high level, the CIS is
the Center for Internet Security, and they publish benchmarks relating
to obviously security but also best practices. And they’ve
got one for Kubernetes. This works against any cluster based
on the open-source upstream Kubernetes. And if you’re serious about the
security of your Kubernetes clusters, you should definitely
take a look. However, a bunch of us are using hosted
Kubernetes on platforms like GKE and in situations like this, the CIS
benchmark doesn’t quite hit the mark. I mean there’s only so much that’s your
responsibility on a hosted platform, right? And a bunch of the stuff is already
taken care of by the platform itself. So the GKE folks have worked together
with the CIS to bring a GKE specific benchmark that makes it super clear which
bits you need to look at and secure, including GCP specific things, while leaving out the bits
that GKE takes care of. So, if you’re on GKE and you take
security seriously, you’re in luck. There’s a CIS GKE benchmark
tool for you. Now, this is obviously another example of
Google being out there at the front and leading the way, but I’m sure
or at least I hope right, in the future we’ll have the same kind
of tools for other hosted platforms. And that Cloud Gurus, wraps up our
Deeper Dive section for this month. Okay, Guru of the Month. Last month we asked what was one of the
motivations behind the creation of the container storage interface for
Kubernetes and the correct answer was B: “Storage drivers were previously tied
to the release-cycle of Kubernetes”. And our winner this month is Salva Piera. Salva is a Tech Support Engineer for
a storage vendor in Dublin, Ireland, which I think is kind of appropriate
if you think that the question, well, it was about storage,
wasn’t it? Anyway look, Salva – you’ll be getting a
goody bag from us. And Tom Yates, the style of your answer did make
me smile, nicely done. Anyway, thanks to everyone for getting involved! This month’s question is in the
forum link below, and as always, I’ll see you again next month…
Same Kube time, same Kube place!

Leave a Reply

Your email address will not be published. Required fields are marked *