I want to break free! Kubernetes has a life beyond containers

Imagine a world without high-performance servers

The move to containerisation has been built on a simple formula: containers mean Docker and container management means Kubernetes. Let's disregard the first part of that formula and concentrate on the second half – the rise of Kubernetes as the container management software of choice, running on servers.

But although this is how it's commonly regarded, Kubernetes has a much richer part to play, one that can offer companies so much more. According to Sebastien Goasguen, director of cloud technologies at Bitnami and author of the Kubernetes Cookbook, it's a mistake to think of Kubernetes as software to manage containers. "Extending Kubernetes has always been the aim: it should be seen as a platform you can build on," he says.

"There's a clear mechanism to develop the API within Kubernetes," Goasguen continues, pointing out there's a need to identify what is the core API first. From there, there's a process of extension. "By using third-party resources, you can extend Kubernetes and build your own API. For example, if you can use Kubernetes to manage a database, you can define that database as an object; the API gets extended and recognises the database."

That makes for a powerful and flexible tool, and it offers enterprises another way of working. It's hardly surprising then to see the way that British supermarket Ocado has turned to Kubernetes to make its customers' shopping experience more efficient. There's lot of competition in the online retailing market and any time saved loading the shopping cart, processing payment and organising delivery is going to be beneficial to retailers.

Ocado is looking to build larger, state-of-the-art warehouses using technology that would offer a faster, more fault-tolerant environment. The idea of using Kubernetes as the base for such technology emerged from, of all things, a video game – never let it be said that gamesters contribute nothing to the commercial environment.

Kubernetes was being deployed for the Code for Life project, a multiplayer gaming initiative run for the benefit of school kids. Ocado was already using Google products – it's a heavy user of Google's Cloud Platform. Within Code for Life, Kubernetes was used to manage large datasets running continuously but Mike Bryant, Ocado's network systems team leader, thought that the system could be deployed to streamline the company's warehouses.

The result of this process was Kubermesh, an enhanced version of Kubernetes sitting underneath the server platform. "It provides a mesh network for our warehouses," said Bryant. "It's more focused on the underlying infrastructure.

"Kubermesh emerged as an idea from our 10X initiative – where we look at ways to improve things 10 times. What we saw in Kubernetes was a way in which we could orchestrate different components to build a resilient, fault-tolerant infrastructure."

It's the perfect example of the type of thing that Goasguen was talking about: Kubernetes has been adapted to remove the need for data centres to run the warehouses. Although the system hasn't obviated the need for servers, what it has done is offer the potential to considerably cut costs.

"Most people run Kubernetes on high-performance servers, we run it on PCs – it's a very dramatic cost saving," said Bryant. "And it's not just the servers, we don't need enterprise network cabling, we don't need high-end networking kit, we save on cooling – we're really cutting costs."

And the economics makes sense. "In our newest warehouses, we're looking to save a £1m per deployment. It's a saving that will stack up given the number of Ocado warehouses that the company has to administer," Bryant told The Reg.

But the Kubermesh system isn't just about saving money; it's about providing resilience in an industry where speed of delivery is essential. What Kubermesh does provide is a distributed mesh network that ensures continuous service.

The underlying IPv6 network uses OSPF3 for streamlining configuration to negate having to configure point-to-point connections. The mesh network means that servers can be randomly dotted around the warehouse, and it's so designed that all the components work individually. This means that if a server is taken offline, the whole system will still work. It's not just one server either: the Ocado set-up has been designed to keep on running if as much as a third of the servers were cut off.

At the moment, the Kubermesh project is still at pilot stage. Ocado Technology has run proof-of-concept trials to show that the system works but is not planning to rip out existing infrastructure in order to implement the new technology. "There's no financial advantage in replacing existing systems, but when we next build a new warehouse, we will be rolling out Kubermesh," said Bryant. "However, there’s no timescale when this will be."

Ocado is striking out on its own with this virtual data centre for the warehouse. "We're not aware of any other competitor that has done anything like this," said Bryant. The company, however, has put the code for Kubermesh on Github, so there is the possibility that it could be deployed elsewhere.

We're only beginning to touch the surface of what's available with Kubernetes. Containers are only beginning to make their way into the enterprise, so it's hardly surprising that organisations are being slow to consider Kubernetes as a tool in the way that Ocado has.

It's going to change, however. Goasguen points out that Kubernetes will offer an extremely powerful mechanism to companies who don't want to spend their time writing their own API server.

It's an interesting possible future for a technology that made its debut on containers and has become synonymous with clouds and super-server-side computing. ®

Other stories you might like

  • Oracle shrinks on-prem cloud offering in both size and cost
    Now we can squeeze required boxes into a smaller datacenter footprint, says Big Red

    Oracle has slimmed down its on-prem fully managed cloud offer to a smaller datacenter footprint for a sixth of the budget.

    Snappily dubbed OCI Dedicated Region Cloud@Customer, the service was launched in 2020 and promised to run a private cloud inside a customer's datacenter, or one run by a third party. Paid for "as-a-service," the concept promised customers the flexibility of moving workloads seamlessly between the on-prem system and Oracle's public cloud for a $6 million annual fee and a minimum commitment of three years.

    Big Red has now slashed the fee for a scaled-down version of its on-prem cloud to $1 million a year for a minimum period of four years.

    Continue reading
  • Mega's unbreakable encryption proves to be anything but
    Boffins devise five attacks to expose private files

    Mega, the New Zealand-based file-sharing biz co-founded a decade ago by Kim Dotcom, promotes its "privacy by design" and user-controlled encryption keys to claim that data stored on Mega's servers can only be accessed by customers, even if its main system is taken over by law enforcement or others.

    The design of the service, however, falls short of that promise thanks to poorly implemented encryption. Cryptography experts at ETH Zurich in Switzerland on Tuesday published a paper describing five possible attacks that can compromise the confidentiality of users' files.

    The paper [PDF], titled "Mega: Malleable Encryption Goes Awry," by ETH cryptography researchers Matilda Backendal and Miro Haller, and computer science professor Kenneth Paterson, identifies "significant shortcomings in Mega’s cryptographic architecture" that allow Mega, or those able to mount a TLS MITM attack on Mega's client software, to access user files.

    Continue reading
  • HashiCorp tool sniffs out configuration drift
    OK, which of those engineers tweaked the settings? When infrastructure shifts away from state defined by original code

    HashiConf HashiCorp has kicked off its Amsterdam conference with a raft of product announcements, including a worthwhile look into infrastructure drift and a private beta for HCP Waypoint.

    The first, currently in public beta, is called Drift Detection for Terraform Cloud, and is designed to keep an eye on the state of an organization's infrastructure and notify when changes occur.

    Drift Detection is a useful thing, although an organization would be forgiven for thinking that buying into the infrastructure-as-code world of Terraform should mean everything should remain in the state it was when defined.

    Continue reading

Biting the hand that feeds IT © 1998–2022