What to know about container management tools

lassedesignen - Fotolia

Kubernetes roadmap looks to smooth container management bumps

Items coming on the Kubernetes roadmap zoom onto enterprise IT pros' radar, such as practical management for multiple Kubernetes clusters and improved container security.

AUSTIN, Texas -- "This job is too hard."

It wasn't a message the DevOps faithful at KubeCon 2017 last week might have expected from a Microsoft distinguished engineer and Kubernetes co-creator.

Brendan Burns, Microsoft Azure's director of engineering, a personal project called Metaparticle at the annual gathering Kubernetes users and contributors. With Metaparticle, which translates complex distributed systems concepts into snippets Java and JavaScript code, Burns aims to make distributed systems a Computer Science 101-level exercise.

In that same vein, Kubernetes project leaders know the container management platform will only get rapid acceptance if it is accessible to more people. The Cloud Native Computing Foundation (CNCF) revealed features on the Kubernetes roadmap and a Kubernetes mentoring program for administrators to make it easier to manage clusters across multiple clouds.

Third-party integrations, such as Pivotal Cloud Foundry 2.0, which is now available, will also improve on-premises Kubernetes management and, eventually, hybrid cloud management for enterprises, said Larry Carvalho, an analyst at IDC.

Traditional enterprise IT vendors run hands-on training programs -- Pivotal Labs, Red Hat Open Innovation Labs, IBM Cloud Garage -- to impart distributed systems skills to enterprise IT staff, Carvalho said. "[These programs] not only lead a horse to water, but force it down his throat," he said.

"Startups are going gangbusters, but more than half enterprises still don't have a production workload in containers," Carvalho said. "There's an opportunity, but for them to start adopting it really requires a culture shift."

Kubernetes users want secure multicluster management

Enterprises with some Kubernetes experience echoed Burns' desire for simplicity, particularly to manage multiple container orchestration clusters, as all got their look at the Kubernetes roadmap for 2018.

Production-ready, federated Kubernetes clusters topped the wish list for Rick Moss, infrastructure operations engineer for MailChannels, an email service provider in Vancouver, B.C..

"We want to be able to set up and tear down Kubernetes in different clouds, and federation is the only way to do that securely," Moss said.

One can use multiple separate clusters for multi-cloud Kubernetes deployments, but rather than stand up and debug a new cluster, Moss said he wants the ability to just roll out part the same system. However, Kubernetes federation last saw a major update in Kubernetes release 1.5 last year, and it's been difficult to operate in real-world environments. Kubernetes is at release 1.9 at the time publication.

It's not easy to do hybrid [cloud deployments] today, but Cluster API will be the great equalizer for deploying Kubernetes on different systems.
Aparna SinhaKubernetes project management lead, Google

Bloomberg LP engineers said they're not interested in the nascent federated clusters, but will track their progress in 2018. In the meantime, engineers at the financial services company headquartered in New York must occasionally restart specific hosts in on-premises Kubernetes clusters, and they want instance addressability within Kubernetes to help with that. The ability to dynamically provision local persistent storage volumes would help move stateful apps closer to production on Kubernetes, said Steven Bower, search and data science infrastructure lead at Bloomberg.

Enterprise IT shops also look forward to the Kubernetes roadmap's security features disclosed by Kubernetes project managers at KubeCon. Pluggable ID, for example, will allow Kubernetes identity management and role-based access control to plug into existing identity management systems, such as the Lightweight Directory Access Protocol (LDAP).

"It's nice they have identity management support for Amazon [Web Services] and Google Cloud [Platform], but on-premises LDAP is where they need to focus," Bower said.

A special-interest group within the CNCF will integrate with SPIFFE, which stands for Secure Production Identity Framework for Everyone, an open source project that defines a set standards to identify and secure communications between web-based services. It's still too early to tell if it will succeed, Bower said.

Brendan Burns, distinguished engineer at Microsoft Azure
Microsoft's Brendan Burns presents the Metaparticle distributed systems management project at KubeCon 2017.

Cluster API project aspires to be 'the great equalizer'

KubeCon attendees also saw Cluster API, a by the SIG-Cluster-Lifecycle group to create a set standards to install Kubernetes clusters in multiple infrastructures.

"It's a declarative way deploying and upgrading clusters that abstracts the infrastructure behind Kubernetes," said Aparna Sinha, project management lead for Kubernetes at Google. "It's not easy to do hybrid [cloud deployments] today, but Cluster API will be the great equalizer for deploying Kubernetes on different systems."

Also in the works is a declarative application management project that builds on the open source ksonnet configuration tools to define applications on Kubernetes in a nonrestrictive way, Sinha said. Though it's still in its early stages, there is a working group.

Another trend expected in 2018 is increased attention to serverless technologies and how they compete with and integrate with containers. Several open source function-as-a-service projects are currently in process, but the CNCF has yet to align itself with any them. CNCF officials think the community should remain neutral, but KubeCon observers said they think one will naturally emerge and eventually earn support from the CNCF next year.

Beth Pariseau is senior news writer for TechTarget's Data Center and Virtualization Media Group. Write to her at [email protected] or follow @PariseauTT on Twitter.

Dig Deeper on Managing Virtual Containers