App Modernization devops kubernetes Product Development products Tanzu Application Catalog VMware Application Catalog

For the Kubernetes Value Line, Look to Open Source Innovation

Kubernetes has emerged as a transformative force, reshaping the way organizations develop, deploy, and manage applications. Adoption of containers and Kubernetes has ballooned in the past years, as heralded by everyone from the Cloud Native Computing Foundation (CNCF) itself, to the vendors offering their Kubernetes wares, to the research firms that track trends in enterprise technology adoption.

So at KubeCon North America this year, VMware is sharing the latest of its contributions to open source and cloud native technologies that help infrastructure and operations (I&O) leaders, platform engineers, and developers get the most out of their Kubernetes deployments, regardless of where they are running. We’ll also be showcasing the many maintainers and contributors who are working on projects and technologies covering everything from Backstage and Gen AI, Cloud Native Buildpacks, and everyone’s favorite: security! If you’re coming out, stop by and connect with us! Just follow this link for more info.

The value of Kubernetes is in how you measure it 

Earlier this year I wrote about the need for a Kubernetes value line, and in the months since, this necessity has become even clearer. As Kubernetes implementations coalesce around use cases and disciplines related to application development and deployment, it’s apparent that use cases that deliver a smooth and secure path to production, enable a good developer experience, and deliver both technical and financial value are of the highest priority.

DevEx itself is positioned as both an innovation and business accelerator. The faster you can get your apps in production, the sooner you meet your business objectives.

But, it’s not just about going fast.

Measuring the impact of a good developer experience is less illusive than it was even a few years ago. In the cloud native landscape, molded in part by the DevOps movement, DevOps Research and Assessment (DORA) metrics are the rubric for linking the value of a DevEx-centric culture to business outcomes like customer loyalty, profitability, and market share, to name a few.

With software firmly positioned as a business asset, measuring how often your teams release software into production (deployment frequency) and how quickly it’s released (lead time for changes) are good indicators of developer velocity. For enterprise customers using VMware Tanzu Application Platform 1.7, tracking these outcomes is now easier with the DORA plug-in. This latest version of the VMware flagship application development platform also includes more Tanzu Developer Portal functionality, enhanced Spring integration, and the alpha release of preconfigured developer environments.

Open source is an innovation model

Kubernetes has a thriving ecosystem of tools, extensions, and community support; and this vast ecosystem makes it easier for practitioners and enterprise IT leaders to find the right technology and expertise that best meet their objectives. This is where the innovation and community building value of open source truly shines.

When an open source community is establishing its ecosystem, the “let a thousand flowers bloom at once” approach is necessary. As the field starts to coalesce around specific types of flowers—or in the cloud native landscape, use cases—standardization becomes a requisite. In the case of standardizing DevEx, Backstage is at the forefront.

Launched and donated to the CNCF by Spotify, Backstage is an open source framework for building internal developer portals. Tanzu Application Platform—one of the earliest commercial products to adopt Backstage—recently launched the Tanzu Developer Portal feature based on backstage.

Internal developer portals are an important tool for platform engineers to provide application development platforms with standardized tools and libraries that deliver a curated developer experience customized for specific development teams. Often termed golden paths, these curated developer experiences can help balance innovation, security, and efficiency.

Download the Gartner report on Innovation Insight for Internal Developer Portals for more about the value of internal developer portals.

Security and innovation need a curated open source experience 

Cloud native security is the result of understanding that security must be an integrated and continuous part of the app development and delivery process. It shifts security from a concern primarily of security teams who work in a silo, to it being part of every workload and every team’s responsibility—as discussed in this webinar with guest speaker Sandy Carielli, principal analyst at Forrester Research.

DevSecOps principles are frequently implied when we talk about cloud native security and are a relatively well-understood concept. As discussed earlier, changing behavior and tools together yield exponentially faster time to value than either alone. This is why today’s applications increasingly consist of open source software combined with custom business logic. And to make the most of open source innovation, developers need open source software that is both easy-to-use and compliant with enterprise IT and security policies.

Developers prefer to consume pre-packaged open source software because this allows them to assemble application capabilities such as databases, caches, or message queues for their apps without having to maintain the open source software packages themselves. Using prepackaged containers in enterprise environments can be challenging when they don’t comply with IT and security requirements. Unfortunately, containers often lack transparency about how they were built and which binaries, libraries, and packages are included.

Bitnami is a popular free catalog of prepackaged open source software stewarded by VMware. Widely used by developers around the world for over 15 years, Bitnami-packaged software is known for being up to date with the latest base OS and software components. Because they are tested in many target environments before every release, platform engineers can feel safe that their Bitnami apps will work regardless of which environment they’re deployed to.

VMware Tanzu Application Catalog is the enterprise version of Bitnami. It privately delivers customized Bitnami software packages (e.g., containers, Helm charts, or virtual machines) that are compliant with IT and security requirements, such as approved Linux distributions, cryptographic signing, and software bill of material (SBoM). The latest version of Tanzu Application Catalog also includes vulnerability exploitability exchange (VEX) documentation for photon-based packages.

Customers who need to customize Tanzu Application Catalog containers for app-specific requirements can now do so within the Tanzu Application Catalog build pipeline with a new feature called user-defined application customization. With user-defined app customization, pre- and post-build scripts are added to the Tanzu Application Catalog container build pipeline. Finished containers are deposited into a private registry along with metadata and signatures. Developers receive the Tanzu Application Catalog software packages in a finished, production-ready state with requirements baked in. For more detail read about this latest release.

Supporting novel disciplines 

The Pivotal Labs heritage continues in VMware Tanzu Labs as we continue helping enterprise organizations and federal agencies alike adopt modern development paradigms and transform their app dev and delivery culture. It’s safe to say that having worked with hundreds of teams spanning the public and private sector, the Tanzu Labs team can help accelerate adoption of new techniques and processes. We’ve also observed the impact of platform adoption in changing behaviors. Kubernetes is a powerful enabler in this case.

Either cultural change or technology adoption alone is a massive undertaking that alone could take years. It’s no wonder the CNCF Annual Survey published earlier this year found that “container adoption outpace[d] the maturity of cloud native techniques” [Source: CNCF 2022 Annual Survey]. Combined with quickening business cycles and shorter tech adoption timelines, we can see how daunting this is.

One of the more recent disciplines with the potential to be career-changing is platform engineering. According to Gartner Research, Inc., “By 2026, 80 percent of large software engineering organizations will establish platform engineering teams as internal providers of reusable services, components and tools for application delivery, up from 45 percent in 2022." [Source: Gartner Research – Top Strategic Technology Trends for 2024: Platform Engineering; October 2023; By Bill Blosen, Paul Delory.]

Platform engineers design and maintain the infrastructure that supports app dev and delivery. With Kubernetes, platform engineers can create seamless, repeatable workflows that reduce friction in the development and delivery process (e.g., friction caused by code handoffs or policy enforcement, to name a few). 

A DevEx-centered platform engineering team that enables innovation is a successful one. Platform engineers can build and nurture customizable environments that are secure, foster innovation, and scale gracefully no matter where they are running.

GitOps, one of the most promising off-springs of the DevOps movement, has had a tremendous impact on platform engineering. With an embrace of hyper-automation, GitOps streamlines the deployment and management of applications, leaving I&O and platform teams able to focus on high-level abstractions that deliver value. When combined with the declarative nature of Kubernetes, capabilities such as declarative configuration and infrastructure as code produce higher quality code, as well as a smoother path to production, improved collaboration, reliability, and security in the deployment and management of containerized applications.