By Michael Gasch, Application Platform Architect, SME Cloud-Native Applications at VMware
Containers took over Hamburg, Germany for a few short days in late June as the second annual ContainerDays conference transpired. Nicknamed “Tor zur Welt,” meaning gateway to the world, Hamburg served as an ideal locale for the conference as a gateway into the future of containers.
German software company Loodse organized ContainerDays 2017 in an effort to bring the European container community together and create a united group of innovators who will nurture the next frontier of the IT container field. This year, ContainerDays 2017 boasted 450 attendees, growing a massive 200 percent from last year’s inaugural conference. The atmosphere was very positive and Loodse and the community did a great job finding a nice location for this year´s conference.
The event held workshops, presentations and seminars over two days. Some of the brightest minds and most innovative companies shared what they have learned and recently achieved in the IT container field. For those unable to attend this year’s conference, here is a quick recap of some noteworthy seminars:
Kubernetes on AWS
E-commerce company Zalando discussed their use of Kubernetes on Amazon Web Services in one of the conference’s busiest and most interactive talks. The major takeaway: the popularity of Kubernetes on Amazon Web Services (AWS) is growing rapidly, and attention is being shifted towards developing an out-of-band solution from AWS.
Zalando praised Kubernetes for its extensibility and resource efficiency, by using cluster auto scaling and intelligent scheduling. Still, there are improvements to be made. For instance, it’s tricky getting started with Kubernetes on AWS because of its steep learning curve (for both, operators and developers) and the many options to deploy and operate Kubernetes on AWS. To improve the developer onboarding process, Zalando developed a 101 training path, and regularly holds “ask me anything” sessions. For beginners, a major issue will be default rate limits of the AWS platform, which was the cause for many production issues (persistent volumes, ingress controllers, to name a few areas). User experience could be better (juggling with YAML files), while Docker stability at scale remains an issue (e.g. recent bind mount bug).
Kubernetes v1.7 on the Horizon
Highlighting what’s new with Kubernetes v1.7, this seminar touted upgrades and new features while previewing v1.8. On the security front, v1.7 encrypts secrets in etcd, the key-value store for Kubernetes, and allows for a stable network policy left up to the chosen networking solution.
Running stateful workloads through v1.7 grants local storage management (alpha) and supports storage requirements for all workloads supported by Kubernetes. v1.7. This also includes several StatefulSet updates (beta) which allow for updating resource limits, container images and environmental variables. Enhancements to runtimes (CRI-containerd alpha) and cluster federation, e.g. placement policies, are also included. Since v1.7 is out now, please read the changelog for all details available here.
Containers at Scale
1&1, the largest hosting provider in Europe, used their time to reflect on today’s container tech while looking ahead to future advancements. They talked about their current stack evolution and how switching to Docker and Kubernetes for ease of provisioning of LAMP stacks (currently a beta service). As a service provider, they´ve been running containers for a long time, mainly to drive utilization of the platform and increase efficiency. Each Kubernetes environment a customer spins up is isolated by virtual machines, in a multi-tenant fashion.
They’ve also been leveraging chip features (AMD real-time memory encryption) to increase security for containers. As for what’s next, 1&1 is looking to spin up containers directly from GitHub, as well as operating containers on real multi-tenant environments isolated by encryption and CPU features. This is a joint research project with Intel, where they try to move parts of the container platform runtime (Kubernetes) closer to / in the hardware. Finally, Standardizing and exposing more of their own APIs to customers is an important business goal.
Integrating the Istio Service Mesh into Kubernetes
This presentation demonstrated the deployment of Kubernetes with kubeadm and Istio, hitting on the networking concepts of services, policies, service mesh, ingress and CNI. Service mesh into Kubernetes offloads networking functions from an app to the fabric/platform. This helps with traffic management, resilience, load balancing, increased security and encryption, fleet-wide policy enforcement and telemetry, in a language-agnostic way. A very interesting field to keep an eye on, since this is the challenge container adopters will face when scaling the production environment.
If there’s one major takeaway from ContainerDays 2017, it’s the shift of enterprises moving towards off-the-shelf Kubernetes with basic CI/CD mentality versus building their own when going into production. The average presentation feedback around containers was overwhelmingly positive, alluding to a welcome embrace from enterprises and developers of products like vSphere Integrated Containers and Project Harbor.