Some 12,000 people descended on San Diego today for KubeCon/CloudNativeCon. It’s fair to say this is more than a conference – it’s a movement of sorts.
And it’s about much more than Kubernetes. The keynote especially was about many CNCF projects, including CoreDNS, Vitess, LinkerD, Jaeger, Open Policy Agent, and Etcd. It’s not clear to me how widely used each of those other projects is, but many of them have corporate backing. What I notice is that every piece of infrastructure – messaging systems, databases, and DNS for example – are being rewritten for the Cloud Native world.
Many of the speakers described microservices, but I rarely heard the word. It seems to be assumed that services communicate with each other inside modern application systems. The biggest challenges have to do with authentication and authorization – it’s Zero Trust to an extreme, where services don’t assume that other services have the right to use them. They connect to each other with encrypted connections and rely on central identity providers to ensure privileges.
The most important word, though, is “Isolation” – Network Isolation, Permissions Isolation, Service Isolation, Storage Isolation, etc. At Cloud Native scale, you can’t necessarily prevent failure, but you can limit its blast radius, and that is the real skill. Speaker after speaker told horror stories about entire clusters going down because of one mistake, bug or service crash. Kubernetes makes deploying at scale easier, but also makes it more dangerous. Kubernetes only provides partial isolation.
That’s not the only way in which Cloud Native technology seems young and immature. A couple of the talks touched on problems with K8S itself – places where they had to patch it, or its behavior simply doesn’t make sense, or it’s broken. The whole Cloud Native ecosystem is going to evolve over the coming years, as it has to date. But there’s no doubt that it’s here to stay.