nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

Massive scale, tight security – what's not to love about Kubernetes 1.6? Well...

Cult status is not enough for Mr Money Pants

By Maxwell Cooter, 31 Mar 2017

There aren't too many software frameworks that lend their name to industry events but Kubernetes, the open-source container manager, is one.

The clumsily named Cloud Native + KubeCon in Berlin this week, however, is no ordinary conference. There are not too many conferences where visitors cramthe stands from 8am to 7pm, nor where every keynote speaker receives a standing ovation. Cloud Native + KubeCon is more akin to a cult gathering than a technology show.

So it's not hard to understand why the release of the latest version of Kubernetes – 1.6 – would gather wild applause. To put this into perspective, it's not a long-awaited upgrade but merely the latest version – and just three months after the last one.

This release, however, is certainly a step closer to ensuring Kubernetes becomes a serious player in the enterprise. The new version supports 5,000 node (150,000 pod) clusters, a hefty 150 per cent increase in total cluster size. This makes it more attractive to larger enterprises and – in addition – the new version offers the ability to scale beyond 5,000 nodes and deploy in multiple regions by using the kubefed command to reach federated clusters.

Security has been stepped up. The introduction of the Role-based access control means much more authentication handling. Demonstrating the power of RBAC at the conference, Google's Arpana Sinha pointed out the momentous nature of the change. "RBAC marks a huge shift in Kubernetes. It's like going from DOS to Unix; with the move to user specific permissions."

She explained that the new version offered the ability to give granular permissions by using a new feature called taints and tolerations. This means that it's possible to dedicate specific set of nodes to particular users or, for example, keep nodes that have special hardware always available by excluding pods that don't need it. She demonstrated this feature by setting up green and blue teams where access to each team was kept separate from each other.

One of the most significant aspects of change is that version 1.6 was led by someone who is not a Googler, but by Dan Gillespie, formally of Redspeed but since late last year's acquisition with CoreOS. It's a significant move, as there's always been an underlying feeling that a project so heavily dominated by Google could not be truly open source – those whisperings have now been firmly silenced.

Gillespie goes along with the line that the newest version is all about speed and stability. He's conscious of the need to bring along major enterprise users but says that it's starting to happen.

"We are seeing more cloud-native people – that is happening. We're seeing more people in the process and we're starting to get the big enterprises like Ticketmaster," he said.

Gillespie speaks optimistically, but if you look beyond the rousing applause and the plethora of new features, there's a feeling that there's still some way to go for the Kubernetes adherents. Michelle Noorali, software engineer with DEIS, neatly set out some of Kubernetes' limitations – restrictions that make it hard for the software to be more readily adopted.

"We need a 12-factor approach and xCode for Kubernetes, making it easier to build and we need a version of Rails for Kubernetes," she said. This was a theme picked up at the event by Joe Beda, founder and chief technology officer of Heptio. Beda deplored the sampling bias in Kubernetes deployment.

"The problems is that Kubernetes is systems software built by systems engineers for systems engineers. But other users don't see the world in the same way that we do. We have to look beyond our immediate peers and beyond the people in this room," Beda said.

Among the cloud-native crowd, Kubernetes is an excellent framework for managing containers. The new version focuses in all the right areas: it offers greater security, greater scalability, more stability and better granularity – each of these moves is a move closer to enterprise acceptance. But, as Joe Beda said, "Adding all these great features is fine but they don't necessarily move Kubernetes to a wider audience."

In other words, there's still a long way to go – there are voices in the community that know Kubernetes still has to break some barriers. There are a relatively small number of members driving this technology forward – the 1,500 people at the event probably represent the majority of Europeans who really get this stuff – and that circle of people needs to become much wider.

Kubernetes 1.6 will be eagerly taken up by fans but it must break out beyond that. To its credit, many in the Kubernetes base understand that fact, but there's still a hell of a leap to make. ®

The Register - Independent news and views for the tech community. Part of Situation Publishing