By Dr.
Jens-Henrik Soeldner
This year, Kubernetes celebrates its 10th anniversary,
having been introduced by Google in 2014 as an open-source project. Its success
story and impact on the cloud computing market are as impressive as the success
of the associated conference. This year's European edition of the conference,
"KubeCon + CloudNativeCon", held from March 19 to 22 in Paris, set a new
visitor record with over 12,500 participants.
Even before the official start, the conference was in full
swing during the "Cloud_Native Rejekts" pre-event on March 17 and 18,
allowing those who didn't make it into the official conference program to
present their talks. Tickets for this pre-conference event were offered for
free, thanks to generous sponsorship from Cisco, Microsoft Azure, and Rancher
by SUSE, in line with the spirit of the open source community.
Priyanka Sharma, the CEO of the organizing Cloud Native
Computing Foundation (CNCF), introduced the latest developments in the
Kubernetes and cloud-native ecosystem in her keynote. In her keynote, she
focussed strongly on the pervasive role of artificial intelligence (AI). Many
AI workloads are now running in containers managed by Kubernetes. Companies can
use NVIDIA's AI Enterprise as a curated platform and run AI applications in
their own data center environments on commercial Kubernetes distributions like Red Hat OpenShift, VMware Tanzu,
Canonical Kubernetes, Mirantis Kubernetes Engine, or directly in the public
cloud with AWS, Azure, or Google Cloud. GPU support in Kubernetes is
continually expanding, with GPUs from AMD, Intel, and NVIDIA dynamically assignable
to clusters since Kubernetes 1.26. However, there is still much development
work to be done, especially in terms of scaling and high availability. The CNCF
is contributing significantly to making the operation of AI workloads in the
cloud more uniform and user-friendly with their AI-focused projects like
Kubeflow, Ray, and KubeRay. At the conference, the CNCF's AI working group
introduced a white paper on "Cloud Native Artificial Intelligence,"
offering decision-makers, developers, and administrators a comprehensive overview
of AI with cloud-native technologies. The working paper can be downloaded
directly from the CNCF announcement: https://www.cncf.io/blog/2024/03/19/announcing-the-ai-working-groups-new-cloud-native-artificial-intelligence-whitepaper/
The extensive exhibition area was particularly spectacular,
easily surpassing other conferences with over 200 vendors showcasing their
products and services related to Kubernetes and many other CNCF projects. VMblog
took the opportunity to speak with selected exhibitors on-site to get an
overview of the news and trends.
As expected, providers of commercially supported Kubernetes
distributions were very present on the show floor of the conference. Canonical,
the open-source veteran behind Ubuntu, introduced the new generation of its
Kubernetes distribution, MicroK8s (pronounced "micro kates"). Until
now, it has been available in two editions to address different customer needs:
"Canonical Charmed Kubernetes" for large environments requiring
customization and integration with legacy systems, and "Canonical
MicroK8s," focused on ease of use and scalability. Canonical plans to
evolve MicroK8s into a single-edition Kubernetes distribution that meets all
customer needs. Cédric Gégout, VP of Product Management at Canonical,
emphasized in a discussion with VMblog that "the new version of MicroK8s,
offered under the name Canonical Kubernetes, will serve the needs of both
developers and administrators. We have focused on three key points: first,
enabling developers to build applications based on an ultra-small and extremely
secure containerization that runs on all infrastructures. Second, serving all
systems from a single developer laptop to large environments in data centers
and the cloud with the same edition. And third, supporting developers'
innovation by taking care of reliable patching for security and support."
The next version is scheduled for release in May. Those interested in testing
it as a beta can find more information at
https://ubuntu.com/blog/try-canonical-kubernetes-beta.
Mirantis, a specialist in Kubernetes and OpenStack and the
company that acquired Docker's enterprise business in 2019, also introduced the
new version of its popular Kubernetes IDE, "Lens Desktop," during the
conference. The manufacturer aims to make working in the IDE more efficient and
productive with simplified processes, a sleeker interface with a new UI/UX
concept, a unified navigator for all Kubernetes clusters and resources, and a
new API for extensions. The 2024 version of Lens is now available as an Early
Access version. Mirantis also offers the IDE with additional security and
management features as a Lens Enterprise subscription for the needs of large
customers.
Also new from Mirantis is the expansion of its existing
training program with the "Mirantis Academy." The manufacturer aims
to help IT specialists further develop their expertise in key technologies of
the cloud-native computing spectrum with a 30-day training program. Combining
live interaction with trainers and recorded content, the manufacturer wants to
provide a personalized learning experience tailored to the participants' needs.
Within the academy, there are currently three primary modules that participants
can complete with a recognized certification: Kubernetes Operations, Docker
Containerization Essentials, and OpenStack Operations. More information about
the Mirantis Academy is available at
https://training.mirantis.com/mirantis-academy/.
VMware by Broadcom presented its comprehensive offering in
the field of cloud-native technologies under its Tanzu product line, focusing
on knowledge transfer presentations in the exhibitor area. Timo Salm, Senior
Lead Solution Engineer for Tanzu and developer topics at VMware by Broadcom,
informed participants about the value proposition of the Tanzu Developer
Portal, a commercial implementation of the currently very popular Backstage
project, which was originally made available to the open-source community by
Spotify.
Red Hat took advantage of the conference to simultaneously
introduce the new version 4.15 of its commercial Kubernetes distribution
"Red Hat OpenShift," now generally available. OpenShift 4.15 is based
on Kubernetes 1.28 and the Container Runtime Interface CRI-O 1.28. In a
conversation with VMblog, Chuck Dubuque, responsible for Product Marketing of
OpenShift at Red Hat, emphasized: "The new version introduces additional
features to accelerate the development and deployment of cloud-native
applications also in the hybrid cloud. We support almost all platforms
customers have in use: besides our own technology stack, of course, VMware,
Microsoft Azure, Google Cloud, and AWS. New in Red Hat OpenShift 4.15 is the
support for AWS Outpost and AWS Wavelength Zones, allowing us to manage Mobile
Edge Computing applications directly via OpenShift."
Cloud Foundry, the open-source platform for developing and
deploying cloud applications, remains an important part of the cloud-native
landscape even after VMware's acquisition by Broadcom. Broadcom plans to invest
more in the platform, and Cloud Foundry continues to contribute significantly
to the revenue of VMware Tanzu. Powerful tools like Buildpacks and the
CNCF-native project Korifi enable customizable workflows and simplified use of
Kubernetes. "With continuous investments, strong partnerships, and innovative
projects, Cloud Foundry is well-positioned to play a significant role in
application development and deployment in the future," representatives of
the organization said in a conversation with VMblog.
Observability specialist Dynatrace presented its solutions
for observability and security in Kubernetes environments at KubeCon 2024. The
focus was on AI-based optimization, data observability, and open-source
engagement. Highlights included reducing costs and complexity through
intelligent analysis of cloud environments, ensuring data quality for better
decisions and AI models, and an enterprise-focused OpenTelemetry distribution
with security hardening and support. Dynatrace also announced at the end of January
that it had acquired Runecast, a company specializing in AI-supported
compliance and security reviews in the VMware and cloud environment, and has
successfully completed the acquisition.
Logz.io, also active in the observability field, claims to
be currently the only provider fully committed to the OpenTelemetry standard,
offering simple and cost-efficient solutions for capturing logs, metrics, and
traces. The company announced a new AI solution based on Large Language Models
(LLM) and Generative AI. The vision is to enable interaction with the data on a
chat basis in the coming months, integrating the first functions into
ObservabilityIQ. Logz.io intends to integrate AI features into all products,
including App360, an APM solution known for its simplicity, as well as
introducing enhancements for K8s 360 and launching a new Explorer in
ObservabilityIQ.
JFrog, known as a provider of DevOps solutions and Binary
Repository Manager, is increasingly focusing on artificial intelligence and
machine learning. With the introduction of FrogML, the company offers
standardized packaging of training data to support the developer community.
JFrog aims to automate security and use machines instead of humans to detect
and block malicious models. By integrating AI-powered features into its
platform, JFrog seeks to improve security and compliance around machine
learning.
Sysdig has evolved from an observability provider to a
leading company in cloud-native security. With Sysdig Monitor and Sysdig
Secure, the company offers a unified security platform (CNAPP). A core product
of Sysdig is Falco, a "security camera" for cloud-native
infrastructures that monitors kernel syscalls to detect malicious behavior in
VMs and Kubernetes. Initially developed 8 years ago, Falco has been part of the
Cloud Native Computing Foundation (CNCF) for 6 years and recently achieved
Graduated status. Sysdig uses streaming and runtime technologies to monitor
events in clusters and detect anomalies using AI, analyzing not only the kernel
but also logs and events to identify compromised credentials or crypto mining,
for example. Currently in beta, Sysdig Sage is a solution that integrates Large
Language Models (LLMs) into Sysdig software to help users better understand and
fix exploits.
Security and identity management specialist Venafi offers a
solution for cryptographically verifiable and attestable identities, similar to
a Certification Authority (CA), enabling communication between workloads. By
encrypting connections between workloads, security is enhanced. Venafi
automates the issuance of time-limited identities according to the SPIFFE
standard. With the announcement of "first-class integrity" and the
Firefly WCI-Issuer, Venafi provides a scalable workflow that supports SPIFFE.
The process involves generating certificates for workload components, which are
then signed by the WCL Identity Issuer. These signed identities are
short-lived, as they are used in Kubernetes, and are based on the
organization's CA. Renewal or revocation of the identities is of course
possible.
Storage specialist NetApp used KubeCon to present updates
for its Kubernetes storage platform Astra. NetApp has been active in the
Kubernetes environment since 2017 with "Astra Trident," its
implementation of the Container Storage Interface (CSI) Driver, and has offered
a data backup service with Astra Control since 2021. New improvements in the
architecture of Astra Control, which NetApp plans to roll out in the first half
of 2024, are now available. According to the company, NetApp offers the first
managed service for data backup and disaster recovery for containerized
applications and Kubernetes in the three major public clouds. In a conversation
with VMblog, Hendrik Land, Solution Architect DevOps at NetApp, emphasized the
importance of architectural innovations: "A focus of further development
is the improved integration with current tools from platform engineering. This
includes Infrastructure-as-Code tools and allows extensive automation via CI/CD
pipelines, GitOps, and other tools for policy-based management. Furthermore, we
have addressed scalability, now being able to manage thousands of Kubernetes
clusters from a single data management layer thanks to efficient asynchronous
communication."
A similar picture emerged in a conversation between VMblog
and Murli Thirumale, Vice President and General Manager at Pure Storage
subsidiary Portworx. Thirumale confirmed: "Kubernetes has now established
itself as the de facto standard for developing modern applications. This
naturally includes not only Kubernetes-based applications but also AI/ML
workloads, databases, and CI/CD pipelines. With PortWorx by PureStorage, users
can rely on a solution fully integrated with Kubernetes for the permanent
storage of their application data, data security, and also migrations of data
between the various public clouds and on-premises environments."
German companies also took advantage of KubeCon to present
their solutions and news. On-site, the VMblog spoke with confidential computing
provider Edgeless Systems and data center operator Hetzner, which has been
offering a self-developed public cloud environment with high data protection
promises and attractive pricing conditions for several years.
Edgeless Systems, a spin-off from the Ruhr University
Bochum, renowned for its teaching and research in the IT security field,
presented its confidential computing offerings. Confidential computing refers
to protecting the confidentiality of data through continuous encryption not
only "in transit" and "at rest" but also during processing
within the CPU ("in use"). The latter is essential for
confidentiality when processing takes place within a public cloud, where the
infrastructure is managed by another party, the cloud provider. Technical
foundations for confidential computing are features in current CPUs and GPUs
such as AMD's SEV ("Secure Encrypted Virtualization") or Intel's TDX
("Trust Domain Extension"). NVIDIA's GPUs, with the NVIDIA Hopper and
Blackwell architectures, extend confidential computing to AI and LLM workloads.
The young company from Bochum provides open-source software to apply the
confidential computing capabilities of current CPUs and GPUs to relevant
workloads, ensuring that data remains encrypted even during processing. For
this purpose, Edgeless has developed its Kubernetes distribution,
"Constellation," ensuring that cloud providers cannot access the
data. According to the provider, legal requirements such as the Digital Operational
Resilience Act (DORA) and the GDPR can be fully met. The company has also
released Continuum AI, a new solution that encrypts data in AI applications
like LLMs so that the input data ("prompts") remain completely
confidential and are not visible to infrastructure or AI providers.
In a conversation with VMblog, Thomas Strottner, Vice
President of Business Development, emphasized: "At Edgeless Systems, we
are developing the future of trustworthy data processing in Germany. Our
solutions are used, for example, in electronic patient records and by major US banks.
We also have strong implementation partners like Capgemini."
The German hosting-focused company Hetzner, based in the
Middle Franconian town of Gunzenhausen, was also an exhibitor at KubeCon and
impressively demonstrated that building and operating a public cloud is not
solely the domain of US companies. Known for its hosting offers with tightly
calculated prices, Hetzner has also been active for several years with its
Munich-based subsidiary Hetzner Cloud GmbH and their self-developed cloud
offering, where the provisioning of Kubernetes application clusters naturally
plays a significant role. Hetzner has been expanding vigorously in recent years
and has established presences not only at its classic locations in Nuremberg
and Falkenstein but also in Finland and the USA. In addition to offering a
comprehensive range of services, the focus is on GDPR-compliant operation of
the cloud and an attractive price-performance ratio
(https://www.hetzner.com/de/cloud/).
CNCF's official training programme, part of the larger Linux Foundation
Training & Certification programme, was also met with great interest by the
attendees - they hosted a large stand in the exhibitor area. VMblog took the
opportunity to find out what was on offer on site.
With the vendor-neutral, hands-on, performance-based Kubernetes
certifications CKA (Certified
Kubernetes Administrator), CKAD (Certified
Kubernetes Application Developer) and CKS (Certified
Kubernetes Security Specialist), which are considered extremely
demanding exams, the CNCF certifications have set the industry standard for
knowledge and skills for several years. Many commercial Kubernetes providers
such as VMware require CNCF Kubernetes certifications as a prerequisite for
vendor-specific specialisations.
"As a foundation, we are focused on providing vendor-neutral training
and certification that helps assure employers that job candidates possess the
needed knowledge and skills," said Clyde Seepersad, SVP, General Manager,
Training & Certification, Linux Foundation. "And we provide IT
professionals with the learning and certification opportunities they need to
advance their careers."
Linux Foundation Training and Certification used the conference to
present four new advanced courses for the Kubernetes environment: DevOps and Workflow
Management with Argo (LFS256), Mastering Kubernetes
Security with Kyverno (LFS255), Mastering Kubernetes
Event-Driven Autoscaling with KEDA (LFS257), and a free entry-level course on AI
with Kubeflow: Introduction to
AI/ML Toolkits with Kubeflow (LFS147x).
"Keeping track of fast-paced open
source technology can be a challenge, which is why we continue to release new
courses on technology such as Kubeflow, and constantly update our existing
materials," said Tim Serewicz, Vice President, Education, Linux Foundation. "We
like to be the one-stop-shop for those keeping up with production level
technology."
To recognise the expertise of Kubernetes specialists who are fit in
several aspects (administration, development and security) and hold five
current certificates (CKA, CKAD, CKS and the entry-level "Associate"
exams KCNA and KCSA) at the same time, the CNCF introduced the new
"Kubestronaut" programme as a special goodie during the conference:
these highly qualified experts will receive the title "Kubestronaut"
as well as a correspondingly branded jacket and further discounts on CNCF
conferences and certifications. In addition to training and certification for
the Kubernetes ecosystem, the CNCF offers a wide range of training and
certification in Linux administration, GitOps, and programming, many of which
range from free eLearning for beginners to in-depth online and classroom
training offered through partners worldwide: Training & Certification |
CNCF.
Recordings of the conference presentations are available on
the CNCF's YouTube channel (https://www.youtube.com/c/cloudnativefdn). The next
European KubeCon will take place from April 1 to 4, 2025, in London.
##
ABOUT THE AUTHOR
Dr. Jens-Henrik Soeldner is professor for IT Security and
Information Systems as Ansbach University of Applied Sciences, a German public
university located in Ansbach, Bavaria. In addition, he has been serving as
managing director of Soeldner Consult GmbH, a consultancy and training services
provider focussed on cloud computing, automation, and security since 2010. Dr.
Jens-Henrik Soeldner obtained his MSc. degree (German Diploma) in computer
science at Friedrich-Alexander-University in 2003 and his PhD at the
information systems department of the same university in 2017. Dr. Jens-Henrik
Soeldner's current research interests include automation and security in
cloud-computing environments, especially paradigm shifts towards platform
engineering and DevSecOps principles. In the past he has also worked on social
network systems focussed on research collaboration.