BOSTON -- The roadmaps for Cloud Foundry and Kubernetes will be intertwined, but their communities haven't agreed...
on the ideal blend of the PaaS and container orchestration platforms.
The long-term coexistence of Cloud Foundry and Kubernetes was a hot topic at Cloud Foundry Summit here last week. Multiple sessions explored consolidation of infrastructure automation approaches to ease IT management for enterprise users.
Cloud Foundry PaaS shops are interested in swapping out the vendor's Diego container orchestration tool for Kubernetes, in part because Kubernetes has dominated the ecosystem for container management tools over the past year. Kubernetes is a more flexible and customizable general-purpose container orchestration platform, while Diego is meant for use only in Cloud Foundry environments, and has a limited set of container management features by comparison.
"Cloud Foundry companies have announced support for Kubernetes for the same reason Docker has added support for Kubernetes -- because they must," said Tom Petrocelli, analyst at Amalgam Insights. "The Cloud Foundry community has begun to realize that Kubernetes has eaten the container world, and there's incentive for them to use it, too, just because everybody else is."
Kubernetes' popularity creates its own momentum, as vendors modify their products and applications to run on and support the container orchestration tool, and a critical mass of enterprise users bolsters community support for those who now consider jumping on the bandwagon.
"A technology doesn't have to be superior to be more popular," Petrocelli pointed out. "It only has to be good enough that enough people want to use it."
Container images have also become the standard form of distribution for packaged software. Kubernetes can more easily run images unchanged than the opinionated Cloud Foundry PaaS platform can.
"Kubernetes storage options may be more flexible for commercial off-the-shelf applications, especially stateful applications that require global storage access," said Kyle Campos, DevOps transformation and cloud operations leader at CSAA Insurance Group in Phoenix, Ariz. "From an ops standpoint, we'd love single pane of glass management to get commercial apps that are currently manually deployed managed under [Cloud Foundry]."
CSAA hasn't decided whether to combine the two in production, but in theory there is some benefit to consolidate management for the two platforms and applications for which they're suited, Campos said. However, some points of integration between the two platforms aren't yet production ready, such as shared logging, telemetry and identity management.
Cloud Foundry distributors disagree on integration methods
As further integration projects kick off, top Cloud Foundry distributors and code contributors disagree on how to stack the two platforms. Representatives from major Cloud Foundry distributors -- Pivotal, SUSE, Google, SAP, Microsoft and IBM -- showed in a lively Cloud Foundry Summit panel discussion that there's still plenty of negotiation about integration choices behind the scenes.
Cloud Foundry has already proved itself a solid way to ensure a good developer experience, argued Cornelia Davis, senior director of technology at Pivotal. Whether Kubernetes or Cloud Foundry's Diego container management tool runs under the covers, it makes no difference to that developer experience, she added, and in some ways Kubernetes simply repeats the principles of declarative infrastructure, abstraction and automation that Pivotal has championed for years.
A Microsoft rep disagreed with Davis about the impact of Kubernetes under Cloud Foundry.
"The abstractions and guard rails of PaaS are great, until they're not, and then the question is, when you hit their limitations, how far are you going to fall as a developer into infrastructure management [to work around them]? " said Gabe Monroy, lead container program manager for Microsoft Azure. "PaaS on Kubernetes makes that fall a lot easier to tolerate, with service discovery, service mesh and other abstractions."
The fact that swapping Diego for Kubernetes under the hood doesn't fundamentally change the developer experience is actually a selling point, added Jeff Hobbs, director of engineering at SUSE.
"It helps with operator experience and resource utilization without disrupting the developer experience," Hobbs said.
Cloud Foundry and Kubernetes debate muddies the waters for IT pros
The extent to which Cloud Foundry and Kubernetes integrations favor each platform's tools varies from one distribution to another. Fully automated container management typically requires a scheduler for each layer of infrastructure, one for the containers themselves and one for the underlying clusters of VMs. Pivotal Cloud Foundry's integration between Cloud Foundry and Kubernetes ties in Cloud Foundry's VM automation tool, BOSH, and Cloud Provider Interface (CPI), to add VM automation to Kubernetes' container scheduler.
Tom Petrocellianalyst, Amalgam Insights
However, SUSE's approach to a blend between Cloud Foundry and Kubernetes bypasses BOSH. This makes a lighter-weight, wholly container-based infrastructure, and users don't have to learn both BOSH and Kubernetes to run Cloud Foundry apps in containers, SUSE officials said this week.
How users view these approaches depends on which platform they discovered first. SUSE's approach might appeal to users who don't already use Cloud Foundry, but without CPI, Cloud Foundry shops lose an important, familiar abstraction layer, said one solutions architect at an IT services company on the West Coast.
"At first blush, [SUSE's approach] seems a bit of a science project," the solutions architect said. "Most ops folks I have encountered have enough trouble running a container environment or Cloud Foundry, so to add this complexity seems like it won't work."
The various approaches jockeying for position and attention from Cloud Foundry users creates a muddled message overall about how the two platforms will come together, said Petrocelli from Amalgam Insights.
"What is so hard about this?" Petrocelli wondered. "Kubernetes containers aren't for everybody and everything, and coexistence and integration makes sense. There's no reason not to send the message to IT managers, who are already confused enough, that these are ultimately complementary technologies."