Kubernetes vendors target container security, operations and management
- 14 December, 2018 22:00
If you were kicking the tires on Kubernetes and other cloud/container services you found may have found nirvana at this week’s KubeCon + CloudNativeCon 2018 where all manner of new operational software and support from VMware, Arista and others were on display.
To access the growing popularity of cloud, Kubernetes and containers, the Cloud Foundry Foundation released the results of a new survey that found among other things that 45 percent of companies are doing at least some cloud-native app development, and 40 percent are doing some re-architecting/refactoring of their legacy apps.
“In August 2016, 51 percent of respondents were deploying between 0 and 100 containers, and only 37 percent were deploying over 100; today, the numbers have practically flipped, with 47 percent deploying more than 100 containers and only 42 percent deploying less than 100,” the foundation study stated. “IT decision makers describe their application development environments as much more cloud-based than in our last wave of research in March of 2018. As of September, over 50 percent of IT decision makers report developing 60 percent or more of their applications in the cloud—an increase of 13 points.”
Gartner recently said that cloud software will grow at more than 22 percent in 2019 compared to 6 percent growth for all other forms of software.
Gartner also wrote about Kubernetes in particular: “As Kubernetes becomes the de facto standard in container orchestration, application development teams at enterprises are beginning to demand production Kubernetes environments. There are various deployment models of Kubernetes, from do-it-yourself open source to commercially supported software solutions and cloud services each with significant implications on costs, risks and skills required.”
With all of that as a backdrop, a number of vendors at KubeCon looked to enhance Kubernetes with a variety of key new services and support.
For example, VMware revised its NSX networking platform to include support for microservice management and security by using open platform Istio software. Istio software helps set up and manage a network of microservices or service mesh.
Called VMware NSX Service Mesh, the system, which is in beta for now, will secure, monitor, manage and load balance communications between microservices running on-premises or off, VMware said.
VMware said that with the rise of cloud-native architectures built on distributed microservices, developers are encountering challenges with visibility, management and control of these new applications. The microservices that these apps are comprised of are developed on cloud-native platforms like Kubernetes or Cloud Foundry, using a variety of programming languages, and often across multiple cloud environments.
“NSX Service Mesh builds on the foundation of Istio, addressing problems we’re finding in cloud-native environments. For one, NSX Service Mesh will simplify the onboarding of Kubernetes clusters and federate across multiple clouds and Kubernetes clusters. This will enable the service mesh to plug into the broader NSX portfolio and platform, creating a unified and intelligent set of policies, network services and visibility tools,” VMware wrote in a blog describing the service.
“NSX Service Mesh will also extend the discovery of services – a capability found in other service meshes – to include the data that they access, as well as the users initiating the microservice transactions. It will enable service and API visibility and remediation to help ensure consistent application service level objective policies and support progressive rollouts,” VMware stated.
Looking to address networking and security challenges in Kubernetes environments, Arista teamed with Red Hat and Tigera to demonstrate an integrated service that will be available in 2019.
Specifically, the integrated service will make use of Arista’s containerized Extensible Operating System (cEOS) and CloudVision software in combination with Red Hat’s OpenShift Container Platform and Tigera’s Secure Enterprise Edition software to offer customers Kubernetes container networking, network segmentation and security support.
Introduced in 2017, cEOS is containerized version of the company’s network operating system that can run on Arista’s own merchant-silicon-based platforms, bare metal switches and industry standard virtual machines or containers. Red Hat’s OpenShift Container Platform handles cloud-native and traditional applications on a single platform.
Tigera’s Secure Enterprise Edition brings a zero-trust security model to Kubernetes containers. Among its features is the ability to monitor data-flow logs for security-policy violations as well as other anomalies. It can be configured to automatically quarantine anomalous workloads and send an alert for further inspection.
“The system addresses some of the key pain points in setting up a Kubernetes environment – that is networking multiple containers and services on- and off-premises, as well as securing and managing the workloads in that environment,” said Fred Hsu, Technical Marketing Engineer at Arista. Arista said cEOS with support for Tigera Secure Enterprise Edition is available now for selected technology preview customers, with a planned general availability in 2019.
A few of the many other key happenings at Kubecon:
- Google talked about container security improvements. Maya Kaczorowski, Product Manager, Security & Privacy wrote an informative blog on Kubernetes security issues here and said: "Earlier this year at KubeCon in Copenhagen, the message from the community was resoundingly clear: 'this year, it’s about security.' If Kubernetes was to move into the enterprise, there were real security challenges that needed to be addressed. Six months later, at this week’s KubeCon in Seattle, we’re happy to report that the community has largely answered that call. In general, Kubernetes has made huge security strides this year, and giant strides on Google Cloud."
- Oracle introduced the Oracle Cloud Native Framework which promises to help developers build applications and services for on premises, hybrid and public cloud deployments. The Oracle Cloud Native Framework is composed of the recently announced Oracle Linux Cloud Native Environment and a rich set of new Oracle Cloud Infrastructure cloud native services including Oracle Functions, its open, serverless package available as a managed cloud service based on the open source Fn Project, wrote Bob Quillin, Oracle vice president of Oracle developer relations.
- Microsoft said its Azure Monitor for containers is now generally available. Azure Monitor for containers monitors the health and performance of Kubernetes clusters or individual nodes hosted on Azure Kubernetes Service (AKS).