30 Sep, 2019

Cloud-Native Insights from Kubecon 2017

by nVisium

Kubecon and CloudNativeCon 2017 took place last week in Austin, Texas, and it gave a glimpse into what the future holds for the Kubernetes and cloud-native landscapes. As Kubernetes grows from a single container orchestration engine into an ecosystem of tools and at the core of many cloud platforms, it’s important to understand where the project is headed and how the many members of the Cloud Native Computing Foundation (CNCF) factor in. Will Kubernetes turn into a bunch of forks, like Linux? Or will it remain pure at its core as it’s adopted by many different software players in many different forms? There is an overwhelming number of interesting projects and there are novel approaches to making automation and deploying software better than ever. Let’s take a look at where Kubernetes and cloud-native are going in 2018.

Kubernetes is Getting Easier & More Flexible

While I’d still rather run a Kubernetes cluster than a bunch of virtual machines, I’d also rather let AWS, Google Cloud Platform (GCP) or Azure manage my Kubernetes cluster and help me focus on my applications. With initiatives by all of the major players in the cloud and software ecosystem, including AWS’ Elastic Kubernetes Service (EKS) and Azure’s Kubernetes Container Service (AKS), it’s increasingly obvious that Kubernetes is winning the container orchestration war. Projects, such as Virtual Kubelets and Open Container Initiative (OCI), aim to provide flexibility and portability between platforms, making it easier to integrate with a multitude of interfaces. Containers such as Kata Containers and containerd take advantage of the flexibility of OCI runtime support in Kubernetes.

Security is Gradually Improving

Earlier versions of Kubernetes were missing many important security controls and defenses that teams desire in a high-security production environment. Over time, Kubernetes has continuously improved the core security features it provides, and the 1.10 announcements at Kubecon continued to follow this trend. Kubernetes continues to enhance security features around Role-Based Access Control (RBAC) and data encryption at rest. Tools, like Istio, provide patterns for implementing security across services and at trust boundaries.

Deeper Integration & Visibility

Building microservices and managing them present many challenges with respect to visibility and debugging problems as they propagate across services. Tools, such as Lyft’s Envoy service mesh, provide distributed tracing out of the box, making it easier to debug and visualize problems within a few service hops. Tools, such as Istio, use Envoy at its core, leveraging the analytical capabilities of Envoy to make sense of different events.

Envoy Metrics

Brigade moves your CI/CD pipeline inside of Kubernetes and provides a scripted event-based approach to managing your pipeline. Providing these hooks encourages automation and tighter integration with Kubernetes and your development pipeline.

These Are a Few of my Favorite Things

In addition to the presentations discussing Kubernetes core, there were plenty of new projects and major updates on display at Kubecon. As the Kubernetes ecosystem grows, we’re seeing more open source and commercial projects enter the picture to solve the needs of the community. We are currently using several of these projects in our own environment, like Brigade, Prometheus and Envoy, and it’s been interesting to see additional tooling and projects created around those projects at the core.


Kashti is a dashboard to visualize your Brigade pipelines. Brigade provides event-based scripting for Kubernetes that allows you to build declarative CI/CD pipelines and interactions between containers and other systems. We’ve been fans of Brigade, and have been using it since its initial release and we’ve previously blogged about it. With Kashti, we can visualize our pipelines and events as they are triggered, making Brigade an increasingly attractive option for running your CI/CD pipeline on Kubernetes.

Kashti Interface

Virtual Kubelets

Virtual Kubelets allow you to connect Kubernetes to other APIs. Originally built as a connector for Azure Container Instances (ACI), Virtual Kubelets facilitate a pluggable architecture for supporting different runtimes using familiar Kubernetes primitives.


Metaparticle is a standard library for distributed systems development and cloud-native applications with Kubernetes. The goal of Metaparticle is to reduce the barrier to entry for cloud native development by standardizing routine operations and workflows. Metaparticle provides interfaces and patterns to streamline the development and deployment of containerized applications. It aims to be the libc of cloud native development. This can be used for tasks such as deploying and replicating containers, distributed synchronization, and implementing sharding.

For example, the following code deploys a service and creates four replicas:

const http = require('http');
const os = require('os');
const mp = require('@metaparticle/package');

const port = 8080;

const server = http.createServer((request, response) => {
response.end(`Hello World: hostname: ${os.hostname()}n`);

ports: [8080],
replicas: 4,
runner: 'metaparticle',
repository: 'docker.io/docker-user-goes-here',
publish: true,
public: true
() => {
server.listen(port, (err) => {
if (err) {
return console.log('server startup error: ', err);
console.log(`server up on ${port}`);

The Roadmap for Kubernetes

The roadmap ahead for Kubernetes is promising and growing in size and scope every day. The trend at Kubecon this year seemed to indicate that Kubernetes is continuing to offer flexibility and increased integrations across cloud platforms and container runtimes, and a broader set of available tooling. As we continue the shift towards cloud-native applications, these new features and tools will help enable teams to ship new services faster and more efficiently. Get ready for big things to come in 2018 and more excuses to automate even more of our deployments!


You might also like:

Get Security Assessment Tips Delivered to your inbox