The Kubernetes 1.10 release becomes generally available next week, as the container orchestration platform's audience...
shifts from the bleeding edge to the mainstream.
All changes to Kubernetes will be incremental from now on. The days of breaking changes to the platform's critical APIs officially ended when Kubernetes became the first Cloud Native Computing Foundation project to graduate from the incubation stage earlier this month. Kubernetes 1.10 will be rolled out to a mature market of enterprises that expect trusted vendors' new features are stable, rather than to a crowd of early adopters who jump on every critical open source update.
"Putting together your own installer and messing around with upstream code isn't work that pays off for enterprises," IDC analyst Gary Chen said. "For most people, common distributions are enough to do what they want."
In fact, an IDC survey of 301 enterprise IT shops, conducted in December 2017 and January 2018, found that about 80% prefer to use a third-party distribution of Kubernetes or a hosted cloud service over a custom or self-supported deployment.
Brian Gracelydirector of product strategy, Red Hat
Red Hat's OpenShift Container Platform is the most popular of these third-party tools, in use among 26% of respondents to the IDC survey, and the way it traces upstream Kubernetes release cycles reflects enterprise customers' desire for third-party feature vetting and testing. Rather than Kubernetes 1.10, OpenShift version 3.9 also out this week supports Kubernetes 1.9, which was released in January. Red Hat customers can kick the tires on Kubernetes 1.10 features with OpenShift Origin, an upstream version of OpenShift's Kubernetes integration developers can use to experiment, but each Kubernetes release must be tested with more than 100 integrations and there are usually 50 or more bugs to fix before it makes it into the mainstream OpenShift product, said Brian Gracely, director of product strategy at Red Hat.
"A majority of our customers don't trust the latest Kubernetes release for production," Gracely said.
Enterprises seek higher-level value from Kubernetes integrations
Container orchestration had a watershed year in 2017. Both of the main rivals to Kubernetes, Docker and Mesosphere, pledged to integrate Kubernetes and cemented its place as the container orchestration standard. Mesosphere's DC/OS 1.11, released this month, made good on that pledge with its first generally available Kubernetes integrations, as well as a number of user interface and management changes to make the product easier to use.
Now that enterprises expect Kubernetes support in most container management products, their evaluations will focus on how those products extend Kubernetes features for enterprise use and integrate container orchestration with business applications.
German'sDeutsche Telekom (DT), a Mesosphere DC/OS user since 2016, first chose the product for its enterprise security features and integration with big data applications such as Apache Spark. Kubernetes' autoscaling features, which can expand clusters and pods based on observed CPU demand, are intriguing, but only as they're naturally integrated into DC/OS.
"DC/OS gave us the enterprise functions we required, such as a secrets vault, enterprise authentication and a secure container repository," said Oliver Goldich, technical product manager at DT. While DT primarily runs DC/OS on Microsoft Azure's public cloud infrastructure, it also wanted an independent container orchestration product to avoid cloud vendor lock-in.
DT's Connect app, which optimizes mobile connectivity for end users, runs on containers managed with DC/OS. Spark analytics on user data collected in the DC/OS cluster validate DT's optimization approach. It was tricky to get Spark to work with DC/OS' restrictive security mode setting, but the combination of Spark integration and enterprise security features was crucial for DT to put containers into production, Goldich said.
DT will expand its use of DC/OS in 2018 and will explore using Kubernetes for container orchestration where appropriate, but only after Mesosphere checks off other wish list items, such as a unified management interface for both the Marathon container scheduler and Kubernetes, and support for secure multi-tenancy within DC/OS clusters so that multiple DT teams and departments can share resources more efficiently.
Kubernetes 1.10 release improves extensibility, stability
It will take time for enterprises to put Kubernetes 1.10 features into production use, but all upstream and third-party distro users should digest the highlights of the new release. Kubernetes 1.10 offers a stable version of a feature called API Aggregation, which will allow third-party extensions to core Kubernetes functions to run alongside critical cluster operations. Another newly stable feature will allow users to add new Nodes to Kubernetes clusters that use Transport Layer Security for authentication between Nodes without manual intervention.* The 1.10 release also brings Microsoft Windows nodes into fuller parity with their Linux counterparts with FlexVolume support for custom storage driver plug-ins. An audit API was also graduated to stable, which will support plug-ins from various back-end databases and governance monitoring tools.
Third-party products and services will incorporate these features in widely varying ways. For example, Platform9 Systems' managed Kubernetes service will focus on the TLS authentication features with the OpenStack Keystone authentication API.
"To us, it's an integrated stack, and we focus on how Kubernetes interoperates with Docker, as well as OpenStack storage and networking plug-ins," said Bich Le, Platform9's chief architect. "It all needs to be tested together, and we're typically one or two minor Kubernetes versions behind for stability."
*Editor's note: CNCF officials said after this story's publication that the TLS feature, originally planned for release 1.10 according to a preview blog post this month, is now on the docket for the next quarterly release, version 1.11, due out in late May.
Update 10/1/2018: The TLS bootstrap feature reached stable with Kubernetes 1.12, released in late September.