Analysis Container orchestration software Kubernetes reached version 1.4 this week, an act of "user empathy" as described by Google developer advocate Kelsey Hightower, because ease of use has been something of an afterthought.
"Over the past few releases we've been working hard on easing the complexity of getting a well-maintained, secure Kubernetes cluster installed," Brandon Philips, CTO of CoreOS, told The Register in a phone interview.
CoreOS makes a Linux distribution tuned for containers, contributes to the development of Kubernetes, and participates in the Open Container Initiative, the group attempting to set industry standards for containers. It also developed Rocket, an alternative to Docker, arguably the pacesetter in the container market.
The Kubernetes 1.4 release introduces some security improvements, Philips explained, noting that the software can now scan container images, look for software with vulnerabilities, and get metadata about images. The ability to have Kubernetes talk to another authority before running an image has also been added, a feature that supports policy-based controls that can be used, for example, to prevent unsafe containers from running.
Philips said the people working on Kubernetes are trying to address the perception – reality, to you and me – that the software is complicated to install. And the next release, he expects, will address the challenge of upgrading.
The addition of ScheduledJobs in version 1.4, Philips observed, has turned out to be a surprise hit. "People get really excited about this," he said, with nothing in his voice indicating any surprise at such a low thrill threshold.
Keeping up with the Dockerians
Google bestowed Kubernetes upon the world as open-source software last year. It arrived as the basic unit of computing among large organizations is shifting from virtual machines to containers like Docker and Rocket. If only the various vendors in the market could agree on how containers and the software that manages them should be defined.
Given Docker's Facebookian insistence on moving fast and breaking things – to the point where Docker founder Solomon Hykes has acknowledged that products claiming to support Docker couldn't possibly do so as a consequence of the shifting spec – and in light of differences in opinion between the Kubernetes community and the Docker community about technical decisions, Kubernetes finds itself moving in its own direction.
"The points of view in the Docker community and the Kubernetes community on how containers should be run have been diverging," said Philips.
Earlier this year, Docker added its own orchestration tool, Swarm, to its 1.12 release, obviating the need for Kubernetes. Kubernetes meanwhile has introduced cri-o (briefly known as OCID), software that will allow Kubernetes to launch and manage Open Container Initiative (OCI) containers, whether they come from Docker or elsewhere.
Jay Lyman, an analyst with IT consultancy 451 Research, said told The Register that while Docker's container format doesn't really compete with Kubernetes, a distributed management layer overseeing containers, that's not the case with Docker Swarm. "Docker Swarm orchestration, which was recently integrated with the Docker container engine, is involved in intense competition with Kubernetes," he said.
Docker, said Lyman, has emerged as the de facto standard in containers and while container management has yet to find a similar center of gravity, Kubernetes comes close. But the number of container and orchestration projects at the moment (Amazon ECS, CoreOS Tectonic, Mesos and Mesosphere DCOS, and Rancher, among others) has left the enterprise container market unsettled.
Lyman expects some market consolidation along the lines of Apprenda's acquisition of Kubernetes-backer Kismatic and Cisco's acquisition of ContainerX. Meanwhile, he sees enterprise IT operations teams moving cautiously. Most containers deployed in enterprise companies today "sit on top of VMs," he said. This provides companies with some of the speed and manageability benefits of containers while retaining tooling, management, and security available through VMs.
"Over time, we'll see more containers replacing VMs by running on bare-metal, but for now and the next few years, it's likely to be a case of co-existence," said Lyman.
Don't expect Kubernetes and Docker to manage such equanimity. ®