Cloud Native Club

There’s a cost to all this choice: it delays decision making, causes distress, and it leads to post-decision regret.

> Thus we've seen a bunch of Kubernetes services spring up, run by the same people who brought you all the other Infrastructures-as-a-Service. Google (from whence Kubernetes emerged originally) has Google Kubernetes Engine (GKE), Amazon has Elastic Container Service for Kubernetes (EKS), Microsoft has Azure Container Service (AKS), VMware has VMware Kubernetes Engine (VKE), you get the idea. Pivotal has Pivotal Container Service (PKS) that can run on AWS, Google Cloud Platform, VMware, and (as of its recent PKS 1.3 launch) also Azure.

Checklists of things to check before deploying.

The list of pains: One cluster is not enough Developers want clusters close to them, for low latency Data storage Day two operations - upgrading, scaling, capacity management Managing heterogeneous infrastructure underneath the platform Backup & restore, disaster recovery

Microservices for .Net.

> As a scheduler of containers, Kubernetes does a pretty good job. If you keep it focused on that key task, it can take you miles. As a manager of a large scale distributed infrastructure, it’s not so good.

It either means not having to worry about managing your middleware stack and/or a trigger-driven event system.

Multi-tenancy ain’t easy: > The Kubernetes cluster itself becomes the line of “Hard Tenanacy”. This leads to the emerging pattern of “many clusters” rather than “one big shared” cluster. Its not uncommon to see customers of Google’s GKE Service have dozens of Kubernetes clusters deployed for multiple teams. Often each developer gets their own cluster. This kind of behavior leads to a shocking amount of Kubesprawl.

> The reason that Kubernetes is successful is because people look at it and they don’t understand why they need it until they see it do stuff. Then they say “Oh my God, I need that!”I can’t say how many talks and presentations I’ve done in front of skeptical audiences where they don’t understand what it’s for. Just by showing short and simple features like “let’s do a rolling update” I watch what happens. I stop it halfway through and then roll it back and they’re like ”that’s what I do by hand. It takes me a ton more energy than what you just did.” So I think it captures things that people really wanted. On DevOps-oriented app teams vs. SREs: > I’m a little bit sad how complex Kubernetes is right now. In some sense Kubernetes is not for end users, it’s for people who set up clusters and clusters are for end users. At Google, we’ve always separated the roles that were involved in cluster management into two very specific ones: the cluster operators and the application operators. > > The cluster operators know everything about Borg and they know a little bit about each application that runs on Borg in a profile they understand, but not the details. They’re able to keep the Borg clusters up and running and they have SLAs around that and so forth. The application teams (like Google search or Gmail) come in and they say “I know how to use Borg but I don’t know how Borg runs and I don’t need to.” They come in and they run their applications on top of Borg and that split gives people a really nice ability to focus. Kubernetes is really aimed at those cluster operators.

> Cloud Foundry Foundation reported that more than 50 percent of companies it surveyed are developing at least 60 percent of their applications on cloud platform. That total is up sharply—13 percent—from the group’s last survey released in March. Demographics: > ClearPath Strategies conducted this wave of quantitative research as part of the Global Perception Study on behalf of Cloud Foundry Foundation from September 2 to 17, 2018. The survey consisted of 600 interviews of IT professionals and execs, covering 11 geographies (Canada, China, Germany, Hong Kong (SAR), Ireland, India, Japan, Singapore, South Korea, UK, US) and was offered in five languages corresponding to those geographies.

> Despite attempts to educate the market, we still believe the word “serverless” connotes many different things, especially for the 79 percent of organizations that plan to adopt serverless architecture but have not planned to use FaaS in the next 18 months. Oh boy.

A laundry list of new feature and services in the software I market around. There’s a lot of .Net expansion, adding some standard platform services (like a task scheduler), and Morlock stuff like multi-install (would you say “zone”?) OpenStack, and Kubernetes and embedded OS update:

“The developer shouldn’t have to know how to program NSX, or know what the security isolation boundaries are,” continued Fazzone. “But they should know that their organization has taken steps to unify the networking approach between the containerized applications and the traditional applications running in VMs, and take advantage of that ‘service’ offered by IT to extend the NSX-T support up into their container platform, versus just defaulting to the Layer 2 default that’s available in the open source community — so that their organization can realize that complete connectivity model in a consistent way.”

“Harbor is a privately hosted registry, which allows running either on-premises or in any of the major cloud vendors, making it a possibility for organizations that cannot use a public container registry or want to implement a multi-cloud strategy. Harbor started as an internal VMware project and became open source in 2016. Multiple partners, including companies like Pivotal and Rancher, either use Harbor for their container-based environment or work together with Harbor to give the possibility of running the project on their infrastructure. For instance, the Pivotal Container Service includes Harbor as its built-in container registry. For Rancher, Harbor is one of the packages you can deploy to provide a container registry. Moreover, Harbor gives the option to set up multiple instances of these registries on several of these platforms simultaneously and allows replication between them. Through the signing and vulnerability scanning capabilities provided by the project, it turns these into trusted resources.”