KubeCon 2022: 3 Product Highlights
There was something different about KubeCon 2022 in Detroit. The conference had replaced part of its ‘nerd factor’ with a brand new ‘enterprise vibe’. Approximately half of the about 8,000 attendees belonged to operational roles, many of them submersing themselves in the cloud native universe for the first time. This turned the conference into a melting pot where developers and operators were both able to learn more about the other group’s pain points, perspectives, and priorities.
Top 3 Topics: Security, Reliability, and App Delivery
Security, reliability, and app delivery were at the top of the agenda at KubeCon 2022. These three topics already illustrate the enterprise-character of the event. ‘Playing around with Kubernetes clusters was yesterday, today we move to production’ (fictional quote).
Sessions on machine learning and multi-tenancy on Kubernetes clusters further emphasize the fact that organizations are ready to onboard the more and more challenging application workloads.
The new enterprise character of KubeCon was clearly reflected when looking at the massive list of 301 sponsors, with a colorful mix of enterprise software vendors pushing into the cloud native realm and cloud native-type vendors seeking to demonstrate their increasing maturity and understanding of enterprise-grade requirements. With 301 sponsors this might have been the most ‘complete’ show-floor of any software conference.
But now let us take a look at three disruptive products of KubeCon 2022 in Detroit.
Category: Developer Productivity — Code to Cloud
The code to cloud-category is all about maximizing developer productivity by eliminating as many non-coding tasks as possible. The easier we make it for developers to write, build, and push their code into production, the more value these developers can bring in the form of awesome new product capabilities and features.
And the winner is…
Fermyon
Fermyon delivers a serverless application environment that enables developers to build their code directly to the Fermyon Cloud. This is disruptive as developers do not need to create and manage Helm charts or learn the ins and outs of Kubernetes. Fermyon is based on Web Assembly (Wasm, #Wasm and #Webassembly were two of the trending Twitter hashtags during #KubeCon 2022: EMA Dashboard) and therefore comes with the ability to start new microservices or entire apps in less than a millisecond. This enables organizations to dramatically increase application density per host, as there is no need to continuously pre-warm microservices in order to avoid the introduction of significant application latency. As Fermyon is based on Wasm, developers can rely on complete consistency between application environments, independently of target cloud, underlying Linux operating system, or data services available on specific cloud infrastructure. Fermyon consistently exposes the same data services, authentication APIs, and all other dependencies to an application, while at the same time taking care of core capabilities such as certificate management and autoscaling.
Business Impact
“Fermyon puts the micro in microservices,” said Matt Butcher, CEO of Fermyon. Building and running one of Fermyon’s application templates on the Fermyon Cloud can happen in under a minute (see demo). This is possible because Fermyon does away with ‘distractions’ such as infrastructure code, handling security certificates, connecting to data services, or provisioning server infrastructure. In a nutshell, Fermyon is one of these rare unicorns that has set out to fundamentally simplify software development and therefore was one of the stars of KubeCon 2022. The fact that the company’s Fermyon/Spin GitHub repository collected 1,950 stars in its first 8 months underlines this fact.
Category: Developer Productivity — Speed and Quality
Resource constraints during the development lifecycle can significantly hamper developer speed, motivation, and software quality. But there are tools and platforms that help alleviate these bottlenecks.
And the winner is…
AtomicJar Testcontainers Cloud
“We are here to make integration testing so attractive that devs will want to put it into every build,” says Sergei Egorov, CEO at AtomicJar. In the light of a recent research project where I collected a vast range of quotes from developers and DevOps engineers explaining why “complete integration testing is just not realistic” and that developers “just don’t have the time or resources to get integration testing done on time and budget”, the AtomicJar Testcontainers Cloud immediately caught my eye.
Spinning up real databases, message brokers, cloud services, and other components often brings developer machines to a screeching halt, as these applications come with significant hardware requirements. This involuntarily results in less frequent integration testing and in testing at later stages of the development lifecycle. AtomicJar Testcontainers Cloud enables integration testing on any machine, even on a raspberry pi (see photo, middle).
Business Impact
The AtomicJar Testcontainers Cloud simplifies testing by automatically providing complete, cloud hosted, and disposable application stacks that can be specified in standard test platforms such as Selenium. Testcontainers Cloud provides a local user experience while running entire application stacks in the cloud and therefore without taxing developer laptops. Enabling developers to test their code within its application context simply by spinning up entire disposable application stacks is a big deal. Making testing easily available to all developers makes ‘shifting left’ testing processes easy and allows for frequent testing by the touch of a button. This accelerates the DevOps process by eliminating issues earlier while unburdening developers from the need of having to create and continuously update test environments. Placing test environments at the fingertips of developers, instead of letting them struggle to manually create test environments, will automatically lead to enhanced product reliability.
Category: Developer Productivity — Continuous Governance
In today’s race for the fastest and best application releases, organizations are reluctant to bog down developers by flooding them with compliance rules. Taking care of compliance at the end of the development lifecycle is a (bad) habit that is responsible for general release anxiety and often leads to significant additional work, as fixing compliance issues at the end is more difficult than continuously integrating compliance into the development lifecycle. Everyone who has been through a PCI-DSS, HIPAA, or GDPR audit knows that the stress factor of this, always tense, experience directly depends on how well prepared you are. Therefore, what we need is a governance platform that continuously ‘injects’ compliance into all development workflows in a declarative and automated manner.
And the winner is…
Stacklet
AWS, Azure, and GCP in combination with Kubernetes offer a combined (approximately) 1,500 API resources for developers to draw from in their quest to deliver optimal solutions on time. Stacklet is based on the open source Cloud Custodian rules engine and DSL (domain specific language) and allows for the simple declarative definition, monitoring, and auto-remediation of compliance problems across public clouds and Kubernetes.
While Stacklet dramatically simplifies injecting continuous governance across all of an organization’s cloud resources, the platform also offers compliance-as-a-service in the form of a stream of continuously updated governance templates that help customers implement compliance rules for specific regulatory frameworks such as HIPAA, GDPR, Fedramp or CIS. Receiving these compliance guardrails in the form of a subscription service helps organizations address many severe but common issues including provisioning publicly accessible AWS S3 storage buckets, using overprivileged accounts, oversizing resources and forgetting to decommission or at least shut down resources that are no longer in use, or creating numerous copies of database tables that contain sensitive information. The list goes on, but these examples demonstrate the importance of a simple declarative framework that not only reigns in entropy in existing cloud environments, but also provides automatically enforced guardrails for future code.
The above code samples (from the Cloud Custodian website) nicely illustrate the value of a declarative governance framework over having to write python code to implement these same policies. Each one of these examples implements a search for all VMs (or Kubernetes clusters in the example on the right) owned by a user called “Sam.” Note the simplicity of the policy-based approach at the top, where we simply need to specify what we are looking for but do not have to worry about how to find it. The Python examples at the bottom demonstrate how we would need to write cloud-specific code to retrieve the same information in an imperative manner. In a next step we could declare and action to be applied to all VMs owned by Sam. We could request configuration changes, move them to another location, or apply a specific set of policy controls.
FinOps Included
Stacklet provides customizable policy templates that go beyond security and regulatory compliance. For example business, procurement and engineering can jointly implement best practices related to the optimization of cloud cost, performance, and quality (FinOps) across AWS, Azure, and GCP. Applied throughout the entire organization, these FinOps policies can accelerate developer productivity through rapid automated decision making and ensure consistent cloud adoption in line with corporate priorities.
Business Impact
Stacklet offers organizations so-called policy packs as a service. Policy packs consist of a number of customizable policies that can be consistently applied across Azure, AWS, GCP, and Kubernetes. Making these policies part of the organization’s infrastructure-as-code platform (e.g. Terraform) and managing them as part of the corporate GitOps strategy enables a ‘shift left’ approach where governance starts with the first line of project code and spans across the entire enterprise. This is a big deal.