Kubernetes has become 'boring' and that's good, Google tells devs

Thrill-seeking infrastructure devs accept end of caffeine-fueled ops frenzy with murmur


Kubernetes "is now very, very boring," declared Janet Kuo, software engineer at Google, at KubeCon + CloudNativeCon North America 2018 in Seattle, Washington, on Wednesday.

Kuo, co-chair of the conference, was providing an update on the state of the open source container orchestration project. "Boring is good," she elaborated. "It means lots of companies are already using it and it just works. It's good for mainstream market users who want to focus on delivering business value instead spending their energy upgrading Kubernetes."

It wasn't always thus. When the first Kubernetes event was held back in 2015, only a few hundred people attended. The Cloud Native Computing Foundation, part of the Linux Foundation, adopted Kubernetes in 2016 and interest surged. The event this year in Seattle brought in more than 8,000 attendees.

Growing interest in the software shows up elsewhere too. According to a CNCF survey earlier this year, 58 per cent of companies are running Kubernetes in production. Among enterprises, that figure is 40 per cent.

On Tuesday, Aparna Sinha, group product manager for Kubernetes at Google, observed that Kubernetes job postings between September 2017 and September 2018 grew 230 per cent – presumably a reference to recent Indeed.com data.

Move fast and code breaks

In the early days, said Kuo, the focus among Kubernetes contributors was on moving fast and adding new features. At the time, the software was only adopted "by a few risk-oriented innovators," she said. "Thanks to their feedback and contributions, Kubernetes has been improved a lot."

Since then, the focus has shifted to scalability and user experience, she said, noting that Kubernetes 1.13.0 was released last week.

"We keep hearing more success stories from end users in how they use Kubernetes to reduce operating costs and be able to deploy and run their applications more efficiently," Kuo observed, pointing to Chick-fil-A as an example. The fast food chain has written about its use of Kubernetes in its 2000 restaurants.

Kuo credited Kubernetes adoption to the project's commitment to open standards and extensibility. "With open standards, you can be confident that you can run your workloads across different Kubernetes environments and you will have consistent behavior," she said, adding that extensibility ensures further growth can be accommodated.

Kubernetes, she said, provides both infrastructure extensibility – so you can control how the software deals with underlying systems – and API extensibility – so you can interact with and manage services in a consistent way.

Herd mentality

Like Kubernetes, people are predictable, though often not in a good way. Later in the keynote, Liz Rice, technology evangelist at Aqua Security and conference co-chair, said, "Hands up if you've ever copied some YAML from the internet and run it in a cluster."

Predictably, hands went up, proving that people can be counted on to make bad security decisions. Rice then demonstrated how to safeguard Kubernetes clusters against insecure configuration code. Orchestration software may have become boring, but it remains complicated.

Melanie Cebula, software engineer at AirBnB, made that point when she took a turn on stage.

"What are the challenges with Kubernetes?" she mused. "The configuration and tooling are complex. ...But what I want to stress today is that these are all solvable problems."

About a year ago, she said, she helped migrate AirBnB's first critical production service to Kubernetes. Today, almost 40 per cent of them run Kubernetes.

"Our engineering team is constantly creating new products and businesses, and they need to be able to be able to spin up new services quickly and reliably," she said.

AirBnB has been transitioning from a monolithic to a microservices architecture. "We needed to scale continuous delivery horizontally," she explained. The goal was to make continuous delivery available to the company's 1000 or so engineers to they could add new services.

In Kubernetes, the configuration is declarative, she said, making it more resilient, with less maintenance burden. And efficient job scheduling, she said, helps the company save money.

Cebula offered a set of 10 takeaways for those implementing Kubernetes.

  1. Reduce Kubernetes boilerplate
  2. Standardize on environments and namespaces
  3. Everything about a service should be in one place in git
  4. Make best practices the default by generating configuration
  5. Create a wrapper for kubectl commands
  6. Automate common K8s workflows
  7. CI/CD should run the same commands that engineers run locally, in a container
  8. Validate configuration as part of CI/CD
  9. Code and configuration should be deployed with the same process
  10. Use custom resources and custom controller to integrate with your infrastructure

After the keynote concluded, Fernando Montenegro, a security analyst with 451 Research, observed, "The way [Cebula] showed how AirBnB builds best practices into their defaults... if we can apply the same thing to our security, we will be more secure."

Imagine how boring that would be. ®

Similar topics


Other stories you might like

  • I was fired for blowing the whistle on cult's status in Google unit, says contractor
    The internet giant, a doomsday religious sect, and a lawsuit in Silicon Valley

    A former Google video producer has sued the internet giant alleging he was unfairly fired for blowing the whistle on a religious sect that had all but taken over his business unit. 

    The lawsuit demands a jury trial and financial restitution for "religious discrimination, wrongful termination, retaliation and related causes of action." It alleges Peter Lubbers, director of the Google Developer Studio (GDS) film group in which 34-year-old plaintiff Kevin Lloyd worked, is not only a member of The Fellowship of Friends, the exec was influential in growing the studio into a team that, in essence, funneled money back to the fellowship.

    In his complaint [PDF], filed in a California Superior Court in Silicon Valley, Lloyd lays down a case that he was fired for expressing concerns over the fellowship's influence at Google, specifically in the GDS. When these concerns were reported to a manager, Lloyd was told to drop the issue or risk losing his job, it is claimed. 

    Continue reading
  • End of the road for biz living off free G Suite legacy edition
    Firms accustomed to freebies miffed that web giant's largess doesn't last

    After offering free G Suite apps for more than a decade, Google next week plans to discontinue its legacy service – which hasn't been offered to new customers since 2012 – and force business users to transition to a paid subscription for the service's successor, Google Workspace.

    "For businesses, the G Suite legacy free edition will no longer be available after June 27, 2022," Google explains in its support document. "Your account will be automatically transitioned to a paid Google Workspace subscription where we continue to deliver new capabilities to help businesses transform the way they work."

    Small business owners who have relied on the G Suite legacy free edition aren't thrilled that they will have to pay for Workspace or migrate to a rival like Microsoft, which happens to be actively encouraging defectors. As noted by The New York Times on Monday, the approaching deadline has elicited complaints from small firms that bet on Google's cloud productivity apps in the 2006-2012 period and have enjoyed the lack of billing since then.

    Continue reading
  • Google recasts Anthos with hitch to AWS Outposts
    If at first you don't succeed, change names and try again

    Google Cloud's Anthos on-prem platform is getting a new home under the search giant’s recently announced Google Distributed Cloud (GDC) portfolio, where it will live on as a software-based competitor to AWS Outposts and Microsoft Azure Stack.

    Introduced last fall, GDC enables customers to deploy managed servers and software in private datacenters and at communication service provider or on the edge.

    Its latest update sees Google reposition Anthos on-prem, introduced back in 2020, as the bring-your-own-server edition of GDC. Using the service, customers can extend Google Cloud-style management and services to applications running on-prem.

    Continue reading
  • FTC urged to probe Apple, Google for enabling ‘intense system of surveillance’
    Ad tracking poses a privacy and security risk in post-Roe America, lawmakers warn

    Democrat lawmakers want the FTC to investigate Apple and Google's online ad trackers, which they say amount to unfair and deceptive business practices and pose a privacy and security risk to people using the tech giants' mobile devices.

    US Senators Ron Wyden (D-OR), Elizabeth Warren (D-MA), and Cory Booker (D-NJ) and House Representative Sara Jacobs (D-CA) requested on Friday that the watchdog launch a probe into Apple and Google, hours before the US Supreme Court overturned Roe v. Wade, clearing the way for individual states to ban access to abortions. 

    In the days leading up to the court's action, some of these same lawmakers had also introduced data privacy bills, including a proposal that would make it illegal for data brokers to sell sensitive location and health information of individuals' medical treatment.

    Continue reading
  • Google: How we tackled this iPhone, Android spyware
    Watching people's every move and collecting their info – not on our watch, says web ads giant

    Spyware developed by Italian firm RCS Labs was used to target cellphones in Italy and Kazakhstan — in some cases with an assist from the victims' cellular network providers, according to Google's Threat Analysis Group (TAG).

    RCS Labs customers include law-enforcement agencies worldwide, according to the vendor's website. It's one of more than 30 outfits Google researchers are tracking that sell exploits or surveillance capabilities to government-backed groups. And we're told this particular spyware runs on both iOS and Android phones.

    We understand this particular campaign of espionage involving RCS's spyware was documented last week by Lookout, which dubbed the toolkit "Hermit." We're told it is potentially capable of spying on the victims' chat apps, camera and microphone, contacts book and calendars, browser, and clipboard, and beam that info back to base. It's said that Italian authorities have used this tool in tackling corruption cases, and the Kazakh government has had its hands on it, too.

    Continue reading
  • Makers of ad blockers and browser privacy extensions fear the end is near
    Overhaul of Chrome add-ons set for January, Google says it's for all our own good

    Special report Seven months from now, assuming all goes as planned, Google Chrome will drop support for its legacy extension platform, known as Manifest v2 (Mv2). This is significant if you use a browser extension to, for instance, filter out certain kinds of content and safeguard your privacy.

    Google's Chrome Web Store is supposed to stop accepting Mv2 extension submissions sometime this month. As of January 2023, Chrome will stop running extensions created using Mv2, with limited exceptions for enterprise versions of Chrome operating under corporate policy. And by June 2023, even enterprise versions of Chrome will prevent Mv2 extensions from running.

    The anticipated result will be fewer extensions and less innovation, according to several extension developers.

    Continue reading
  • Brave Search leaves beta, offers Goggles for filtering, personalizing results
    Freedom or echo chamber?

    Brave Software, maker of a privacy-oriented browser, on Wednesday said its surging search service has exited beta testing while its Goggles search personalization system has entered beta testing.

    Brave Search, which debuted a year ago, has received 2.5 billion search queries since then, apparently, and based on current monthly totals is expected to handle twice as many over the next year. The search service is available in the Brave browser and in other browsers by visiting search.brave.com.

    "Since launching one year ago, Brave Search has prioritized independence and innovation in order to give users the privacy they deserve," wrote Josep Pujol, chief of search at Brave. "The web is changing, and our incredible growth shows that there is demand for a new player that puts users first."

    Continue reading

Biting the hand that feeds IT © 1998–2022