What will the Kubernetes agenda be in 2023?
The past year saw significant discussion around security, growing use of open-source tools to run enterprise systems, and how an expanding developer ecosystem may reduce Kubernetes complexity. Within these key topics can be found another important dynamic. There is a great deal of innovation in the container space, and this will set much of the cloud-native agenda during the coming year.
“Containers have gone supernova with Kubernetes, with a complete ecosystem of opportunity to create the next operating system in software development,” said John Furrier, industry analyst for SiliconANGLE Media, during a discussion at KubeCon + CloudNativeCon NA 2022. “To me, KubeCon is at the center of Software 2.0 or 3.0. It’s not where the old school is; it’s where the new school is.”
Software as differentiator
The “new school” impact of containers highlights the continued influence of open source as a change agent for many industries. Red Hat Inc. executive Stu Miniman participated in a Kubernetes-related event last year called OpenShift Commons, which featured presentations from several notable organizations.
“We had Ford, Lockheed Martin, University of Michigan, ING Bank all speaking there,” said Miniman, during an interview with theCUBE, SiliconANGLE Media’s livestreaming studio. “There is not an industry that is not touched by this, and the general wave of software adoption is the reason why. The creation of new software is one of the differentiators for many companies.”
Open-source tools have provided much of the momentum behind Kubernetes growth and container adoption, and the cloud-native community is beginning to see a rise in ancillary tools for specific developer needs. One of these is Finch, an open-source macOS client for building and running container images. Another is Lima, a command line utility for running containerd on macOS. Amazon Web Services Inc. has been an active contributor to both projects, driven by customer interest in adding new functionality for the container space.
“Our customers are going to make their own business decisions,” said Deepak Singh, vice president of compute services at AWS, in an exclusive interview with SiliconANGLE during re:Invent 2022. “That’s why AWS is involved in so many open-source projects because our customers asked us to build them.”
Customer interest in expanding the base of open-source tools has also resulted in growth of the cloud-native developer ecosystem. The Cloud Native Computing Foundation has reported that the cloud-native developer population grew 51% over the past two years, reaching 7.1 million developers worldwide.
Accompanying this growth has been an expansion of containerized applications in production. The number of global organizations running containerized apps will rise to 90% by 2026, a jump from 40% in 2021, according to Gartner.
Another measurement of growth can be found in the number of open-source projects under the CNCF umbrella. There were 14 at the end of 2017. As the foundation starts 2023, there are 141 listed projects.
“This cloud-native ecosystem is still in that Cambrian explosion of new projects and new opportunities,” said Red Hat’s Miniman. “We’re always looking for what the next thing is. And what’s great about this ecosystem is most of it tends to be additive and plug into the pieces that span beyond what can happen in the container world.”
Push for simplification
Despite the robust growth of Kubernetes and the cloud-native world in general, there are obstacles that could slow future adoption. One of these involves complexity or, as one developer recently described it, “the brutal learning curve of a new Kubernetes cluster.”
One of the original developers of Kubernetes, Joe Beda, has freely admitted that the technology is complex. This led Beda and his co-developer, Craig McLuckie, to found Heptio Inc. in 2017 to reduce container complexity.
Container platform complexity has fostered development of new tools that automate cloud-native functions. StormForge Inc., a startup focused on building AI-powered software products, has developed capabilities for the automatic scaling of Kubernetes.
“We started out running our machine learning workloads and moving them into Kubernetes,” said Patrick Bergstrom, chief technology officer of StormForge, in an interview with theCUBE. “And then we weren’t quite sure how to correctly adjust and size our containers. So our machine learning team got together and wrote an algorithm, and then we said, ‘Well, holy cow, that’s actually really useful. I wonder if other people would like that?’ And that’s where we got started.”
There is also a move toward internal developer platforms, or IDPs, to facilitate an easier way for managing Kubernetes resources. Google LLC’s cloud business recently debuted new features designed to streamline the use of IDPs that enable self-service functions for developers.
Another nettlesome issue surrounding the cloud-native community is security. Cyberattackers have demonstrated a growing interest in container exploits and new flaws are being uncovered.
Researchers at Armo Ltd. disclosed in a December blog post that a security vulnerability in the Kyverno admission controller for container images could result in the injection of unsigned code into a Kubernetes cluster. Kyverno is a policy engine for validating configurations in Kubernetes. In early January, Armo announced that CNCF had accepted its open-source security platform Kubescape as a sandbox project.
At the start of the year, a Microsoft researcher discovered that cryptojacking threat actors have been exploiting misconfigured PostgreSQL servers to access Kubernetes environments. These two most recent incidents highlight the need for security standards that can comprehensively address vulnerabilities in container and open-source platforms.
“Despite delivering billions of applications with advanced ease and manageability, a major concern of Kubernetes is its ability to maintain security standards across the board,” said Taylor Ellis, customer threat analyst at Horizon3 AI Inc., in an interview with SiliconANGLE. “The mantra of ‘with greater scale comes greater responsibility’ should be called upon by security professionals to ensure that the open-source software does not provide free exposure to external parties — attackers or researchers alike.”
The Kubernetes community has responded by releasing new security features, with the latest update in December. These include a keyless signing protocol that makes it more difficult to disguise malware as a Kubernetes update.
This enhancement leverages Sigstore cosign, which supports container verification and storage in an OCI registry. By strengthening the signing and verification for container applications, cloud-native users hope to limit vulnerabilities in the software supply chain.
Recent developments in the container space have reinforced a trend that has been building in the cloud-native community. Users are gravitating toward platform-centric operations. One example of this can be found in Carvel, a project that originated with VMware Inc. as a set of composable tools for application building, configuration and deployment to Kubernetes.
Carvel became a CNCF Sandbox project in October. VMware demonstrated Carvel’s capabilities for automating the installation and management of software on the container orchestration tool during a presentation last fall. As the new year gets rolling, 2023 could mark a significant step forward for the platform age of Kubernetes.
“I believe Kubernetes and serverless are the new runtime platform,” said Ajay Patel, senior vice president and general manager of the modern apps application platform business at VMware, during a conversation with theCUBE in November. “It’s about marrying that around the application patterns. Let me just run the application, let the infrastructure manage the operation of it. I shouldn’t worry about it.”