December 13th, 2018 by Adam Armstrong
KubeCon 2018 Bits
This week KubeCon took place in Seattle, offering over 8,000 attendees (2,000 on the waiting list didn’t make it) an updated vision on Kubernetes as well as the projects under development and consideration. Thus far three projects have graduated (Kubernetes, Prometheus and Envoy) a dozen or so are incubating and many more are hopeful within the Sandbox. Over 125 event sponsors wanted to be sure the attendees understood their view and involvement in these projects, most of them going way beyond simply offering Kubernetes distributions. Security was a hot topic as well as management and deployment of these projects.
From the traditional enterprise perspective though, much of this talk is still viewed with a wary eye as the world of containers often falls outside standard IT processes. Meanwhile, those leading the way in dev/ops and other emerging IT segments extol the values of being a container-forward organization when it comes to efficiency and agile development processes. All of that said, the following is a highlight of news from the event selected from a perspective somewhat in between as we try to highlight the most mature and impactful news from KubeCon 2018.
DigitalOcean Releases Kubernetes as a Service
DigitalOcean announced that is manage Kubernetes service is now available in limited release with worldwide general release planned for early next year. New features include:
- Guided configuration experiences, to assist users as they provision, configure and deploy clusters;
- Open APIs, to enable easy integrations with developer tools, and include the ability to programmatically create and update cluster and nodes settings;
- Expanded version support, including Kubernetes version 1.12.1 and support for 1.13.1 coming soon.
Mirantis Launces Latest Mirantis Cloud Platform
Mirantis launched the latest version of its Mirantis Cloud Platform (MCP) with the new ability to deploy Kubernetes on premises. Other highlights include OpenStack Queens, Kubernetes 1.11 and OpenContrail 4.0.
Red Hat Contributes To etcd
Red Hat announced it is contributing etcd, an open source project that is a key component of Kubernetes. The etcd project’s focus is safely storing critical data of a distributed system and it proved its quality early on. Red Hat also announced that etcd has been accepted into Cloud Native Computing Foundation (CNCF).
Pivotal Announces Pivotal Functions Service (PFS)
Pivotal announces its multi-cloud function-as-a-service product for both private and public clouds, Pivotal Functions Service (PFS). Pivotal states that PFS is the first commercial packaging of the Knative project. Highlights include:
- An environment for running, scaling, and updating functions. PFS takes function source code and deploys it. If a previous version of the function exists, the new version supersedes it, while PFS keeps the previous version available in case of rollback. The software-defined-networking layer handles all the route adjustments with no disruption. Functions scale down to zero instances when inactive, and scale up based on traffic. None of these activities require manual intervention, so this feels truly serverless to the developer.
- Native eventing components that enable composable, reactive systems. Functions respond to events. Those events may come from outside in the form of HTTP(S) requests. Or, the completed work of one function may be the event that triggers another function. Consider the case when one function cleans up a customer’s submitted mailing address by fixing the postal code. Another function that stores the mailing address in your database waits for an event telling it that the address is properly formatted. These sorts of loosely coupled relationships are the hallmark of a dynamic architecture.
- Easy installation on any Kubernetes environment. Install with a single pfs system install command. We’ve got installation docs today for PKS, GKE, and even a local Minikube. Even more Kubernetes targets (such as Azure Kubernetes Service and PKS Cloud) are on the way!
- Buildpacks that consistently and securely package functions. Developers just want to write their business logic, and not get stuck with a complex function packaging routine. With PFS, we’ve baked in Cloud Native Buildpacks which detect dependencies and automatically build your functions into runnable artifacts. The developers never interact with buildpacks; they simply issue a pfs function create command that points at their source code. But buildpacks are a game-changer for security-conscious operators. Because of the layered approach applied by buildpacks, you can transparently patch images without impacting the function itself.
Twistlock Releases Version 18.11
Twistlock released its latest version, Twistlock 18.11. the updates introduces security virtualization for Kubernetes, security configuration checks for Istio, and enables customers to easily discover cloud native services to protect against threats across hybrid environments. Additional improvements in Twistlock 18.11 include:
- New Monitoring and Alert Providers: Customers can build high-level, dashboard-like stats based on Twistlock data using Prometheus for monitoring. New alert providers include PagerDuty, generic webhooks, AWS Security Hub, IBM Security Advisor, and logging to stdout.
- Expanded Support for Pivotal: Pivotal customers can now protect applications against threats with the Pivotal Application Service on Pivotal Cloud Foundry (PCF) via a single click from a tile in the Pivotal Network.
- Dashboard UX Improvements: Twistlock's automatically generated Radar view is now the main interface for the product. This central view provides at a glance insight into the application topology, risk and compliance status of customers' entire cloud native environments
- Kubernetes Service Token Monitoring: Integrated into Radar, every service account associated with every resource in a cluster can be easily viewed. For each account, Twistlock shows detailed metadata describing the resources it has access to and the level of access it has to each of them.
- Enhancements to CaaS and Serverless Defenders: AWS Fargate Defender v2 is the first WAF for Fargate with CNAF support and common data stream alerts. Serverless Defender v2 now blocks outgoing connections. Both now integrate with Incident Explorer
- Improved Credential Manager A central, product wide credential manager makes it easy to securely store and reuse accounts and keys for external services.
Instana Enhances Its Kubernetes Monitoring Solution
Instana announced that it has further enhanced its application monitoring solution for containerized applications. New features allow users to analyze all performance metrics and traces form specific application components. The solution automates every step of application monitoring lifecycle helping to assure Kubernetes performance.
New Relic Introduces Kubernetes Cluster Explorer
New Relic Inc. announced a solution for DevOps teams to understand the health and performance of their complex Kubernetes environments, Kubernetes Cluster Explorer. Key features include:
- Unified view to understand the full picture - The Cluster Explorer provides a unified view into infrastructure, applications and services across Kubernetes clusters, so customers can inspect a single container, or scale up to explore a deployment of the whole cluster.
- Advanced filtering to quickly find root cause - DevOps teams can easily drill down to the objects they care about- containers, pods, nodes, deployments, namespaces, and labels- and access their application and infrastructure metrics to connect the dots between their complex, distributed systems.
- Delivers immediate value - New Relic’s SaaS platform delivers value as soon as the Kubernetes agent is deployed. There is no infrastructure to provision, secure, or run. DevOps teams can focus on delivering software for their customers, not instrumenting and building their monitoring solution.
- Easy to get started on any cloud or on-prem - New Relic Kubernetes monitoring is compatible with all major cloud platforms as well as on-premise environments so teams can observe their Kubernetes workloads, regardless of where their containers are deployed.
Rook Announces v0.9.0
Rook has released v0.9.0 with stable Ceph support and support for additional storage solutions including Cassandra, NFS, and Nexenta EdgeFS. With Ceph being stable, benefits include:
- New Ceph focused CSI plugin that provides dynamically provisioned storage.
- New Ceph versions can be deployed by the Rook operator (Mimic and Nautilus), and there is initial support for automatic upgrades between the versions.
- More robust coverage of diverse storage types by leveraging the ceph-volume tool