title | slideNumber | controls | backgroundTransition | transition | progress | |
---|---|---|---|---|---|---|
Kubernetes and Open Source in the cloud |
kubernetes-open-source.pdf |
false |
false |
fade |
fade |
false |
Gerald Schmidt
.--------------------------------------------------------------.
|[c] |
| Fleet |
| Docker Swarm |
| OpenShift (1-2) |
| Kubernetes |
| Apache Mesos |
| Elastic Container Service |
| Heroku |
| Cloud Foundry |
| Panamax |
| Shipyard |
| Portainer |
| |
'--------------------------------------------------------------'
[c]: {"a2s:type": "cloud", "a2s:delref": true, "fill": "#fff", "fillStyle": "solid"}
The 'orchestration wars' saw a large variety of proprietary and open source offerings.
Test note.--------------------------------------------------------------.
|[c] |
| |
| |
| |
| Kubernetes |
| |
| |
| |
| |
| |
| |
| |
| |
'--------------------------------------------------------------'
[c]: {"a2s:type": "cloud", "a2s:delref": true, "fill": "#fff", "fillStyle": "solid"}
When the dust settled, only one of them was left standing.
{
"$schema": "https://vega.github.io/schema/vega-lite/v2.0.json",
"data": {
"values": [
{"regions": 1, "date": "2006", "symbol": "AMZN" },
{"regions": 1, "date": "2007", "symbol": "AMZN" },
{"regions": 2, "date": "2008", "symbol": "AMZN" },
{"regions": 3, "date": "2009", "symbol": "AMZN" },
{"regions": 4, "date": "2010", "symbol": "AMZN" },
{"regions": 8, "date": "2011", "symbol": "AMZN" },
{"regions": 9, "date": "2012", "symbol": "AMZN" },
{"regions": 10, "date": "2013", "symbol": "AMZN" },
{"regions": 11, "date": "2014", "symbol": "AMZN" },
{"regions": 11, "date": "2015", "symbol": "AMZN" },
{"regions": 16, "date": "2016", "symbol": "AMZN" },
{"regions": 16, "date": "2017", "symbol": "AMZN" },
{"regions": 17, "date": "2018", "symbol": "AMZN" },
{"regions": 20, "date": "2019", "symbol": "AMZN" },
{"regions": 24, "date": "2020", "symbol": "AMZN" },
{"regions": 0, "date": "2006", "symbol": "GOOG" },
{"regions": 0, "date": "2007", "symbol": "GOOG" },
{"regions": 0, "date": "2008", "symbol": "GOOG" },
{"regions": 0, "date": "2009", "symbol": "GOOG" },
{"regions": 0, "date": "2010", "symbol": "GOOG" },
{"regions": 4, "date": "2011", "symbol": "GOOG" },
{"regions": 6, "date": "2012", "symbol": "GOOG" },
{"regions": 8, "date": "2013", "symbol": "GOOG" },
{"regions": 10, "date": "2014", "symbol": "GOOG" },
{"regions": 12, "date": "2015", "symbol": "GOOG" },
{"regions": 14, "date": "2016", "symbol": "GOOG" },
{"regions": 16, "date": "2017", "symbol": "GOOG" },
{"regions": 18, "date": "2018", "symbol": "GOOG" },
{"regions": 21, "date": "2019", "symbol": "GOOG" },
{"regions": 24, "date": "2020", "symbol": "GOOG" },
{"regions": 0, "date": "2006", "symbol": "MSFT" },
{"regions": 0, "date": "2007", "symbol": "MSFT" },
{"regions": 0, "date": "2008", "symbol": "MSFT" },
{"regions": 0, "date": "2009", "symbol": "MSFT" },
{"regions": 2, "date": "2010", "symbol": "MSFT" },
{"regions": 8, "date": "2011", "symbol": "MSFT" },
{"regions": 14, "date": "2012", "symbol": "MSFT" },
{"regions": 20, "date": "2013", "symbol": "MSFT" },
{"regions": 26, "date": "2014", "symbol": "MSFT" },
{"regions": 32, "date": "2015", "symbol": "MSFT" },
{"regions": 39, "date": "2016", "symbol": "MSFT" },
{"regions": 46, "date": "2017", "symbol": "MSFT" },
{"regions": 54, "date": "2018", "symbol": "MSFT" },
{"regions": 58, "date": "2019", "symbol": "MSFT" },
{"regions": 62, "date": "2020", "symbol": "MSFT" },
{"regions": 0, "date": "2008", "symbol": "BABA" },
{"regions": 3, "date": "2009", "symbol": "BABA" },
{"regions": 3, "date": "2010", "symbol": "BABA" },
{"regions": 3, "date": "2011", "symbol": "BABA" },
{"regions": 3, "date": "2012", "symbol": "BABA" },
{"regions": 3, "date": "2013", "symbol": "BABA" },
{"regions": 4, "date": "2014", "symbol": "BABA" },
{"regions": 5, "date": "2015", "symbol": "BABA" },
{"regions": 9, "date": "2016", "symbol": "BABA" },
{"regions": 12, "date": "2017", "symbol": "BABA" },
{"regions": 20, "date": "2018", "symbol": "BABA" },
{"regions": 21, "date": "2019", "symbol": "BABA" },
{"regions": 22, "date": "2020", "symbol": "BABA" }
]
},
"width": 600,
"height": 300,
"mark": "bar",
"background": "transparent",
"encoding": {
"x": {
"timeUnit": "year", "field": "date", "type": "temporal"
},
"y": {
"field": "regions", "type": "quantitative", "scale": {"domain": [0, 130]}
},
"color": { "field": "symbol", "type": "nominal", "scale": {
"domain": [ "AMZN", "GOOG", "MSFT", "BABA" ],
"range": [ "#fe17bf", "#3364c0", "#27bdce", "#00aa5b" ]
} }
},
"config": {
"axis": {
"labelFont": "sans-serif",
"labelFontSize": 18,
"titleFont": "sans-serif",
"titleFontSize": 18
},
"axisX": {
"labelAngle": 0
},
"bar": {
"binSpacing": 20
}
}
}
.-----------------------------------------------------------.
|[t] |
| #-------------------------# #-------------------------# |
| |[p] | |[b] | |
| | | | IBM | |
| | Microsoft | | Red Hat | |
| | | | CoreOS | |
| | | | | |
| #-------------------------# #-------------------------# |
| |
| #----------------------------------# |
| |[c] | |
| | | |
| | Google | |
| | | |
| | | |
| #----------------------------------# |
| |
| #-------------------------# #-------------------------# |
| |[d] | |[e] | |
| | | | | |
| | VMware | | Alibaba | |
| | | | | |
| | | | | |
| #-------------------------# #-------------------------# |
| |
| Cloud Native Computing Foundation (CNCF) |
| |
'-----------------------------------------------------------'
[c]: {"a2s:delref": true, "fill": "#fff", "fillStyle": "solid"}
[p]: {"a2s:delref": true, "fill": "#ef5ba1", "fillStyle": "solid", "strokeStyle": "#000"}
[b]: {"a2s:delref": true, "fill": "#f99c41", "fillStyle": "solid", "strokeStyle": "#000"}
[d]: {"a2s:delref": true, "fill": "#27bdce", "fillStyle": "solid", "strokeStyle": "#000"}
[e]: {"a2s:delref": true, "fill": "#00aa5b", "fillStyle": "solid", "strokeStyle": "#000"}
[t]: {"a2s:delref": true, "fill": "transparent", "fillStyle": "solid", "strokeStyle": "#000"}
.---------------------------------------------------#
|[w] |
| open source |
| |
#---------------------------------------------------#
|[w] |
| neutral IP ownership |
| |
#---------------------------------------------------#
|[w] |
| extensibility |
| |
#---------------------------------------------------'
[w]: {"a2s:delref": true, "fill": "#fff", "fillStyle": "solid"}
[p]: {"a2s:delref": true, "fill": "#ef5ba1", "fillStyle": "solid", "strokeStyle": "#000"}
[b]: {"a2s:delref": true, "fill": "#f99c41", "fillStyle": "solid", "strokeStyle": "#000"}
[d]: {"a2s:delref": true, "fill": "#27bdce", "fillStyle": "solid", "strokeStyle": "#000"}
[e]: {"a2s:delref": true, "fill": "#00aa5b", "fillStyle": "solid", "strokeStyle": "#000"}
.---------------------------------------------------#
|[p] |
| open source - Apache |
| |
#---------------------------------------------------#
|[w] |
| neutral IP ownership |
| |
#---------------------------------------------------#
|[w] |
| extensibility |
| |
#---------------------------------------------------'
[w]: {"a2s:delref": true, "fill": "#fff", "fillStyle": "solid"}
[p]: {"a2s:delref": true, "fill": "#ef5ba1", "fillStyle": "solid", "strokeStyle": "#000"}
[b]: {"a2s:delref": true, "fill": "#f99c41", "fillStyle": "solid", "strokeStyle": "#000"}
[d]: {"a2s:delref": true, "fill": "#27bdce", "fillStyle": "solid", "strokeStyle": "#000"}
[e]: {"a2s:delref": true, "fill": "#00aa5b", "fillStyle": "solid", "strokeStyle": "#000"}
A suitably permissive license is a necessary but not sufficient precondition.
.---------------------------------------------------#
|[p] |
| open source - Apache |
| |
#---------------------------------------------------#
|[b] |
| neutral IP ownership - CNCF |
| |
#---------------------------------------------------#
|[w] |
| extensibility |
| |
#---------------------------------------------------'
#---------------------------------------------------#
|[q] |
| |
| |
| |
| K8s would *not* be what it is today without |
| |
| neutral IP ownership... K8s has spawned an entire |
| |
| ecosystem *because* it can be used by consuming |
| |
| projects/products without fear. |
| |
| - Matt Klein |
| |
| |
| |
| |
#---------------------------------------------------#
[q]: {"a2s:type": "quote-sw", "a2s:delref": true, "fill": "#f99c41", "fillStyle": "solid"}
[w]: {"a2s:delref": true, "fill": "#fff", "fillStyle": "solid"}
[p]: {"a2s:delref": true, "fill": "#ef5ba1", "fillStyle": "solid", "strokeStyle": "#000"}
[b]: {"a2s:delref": true, "fill": "#f99c41", "fillStyle": "solid", "strokeStyle": "#000"}
[d]: {"a2s:delref": true, "fill": "#27bdce", "fillStyle": "solid", "strokeStyle": "#000"}
[e]: {"a2s:delref": true, "fill": "#00aa5b", "fillStyle": "solid", "strokeStyle": "#000"}
.---------------------------------------------------#
|[p] |
| open source - Apache |
| |
#---------------------------------------------------#
|[b] |
| neutral IP ownership - CNCF |
| |
#---------------------------------------------------#
|[d] |
| extensibility - controllers and operators |
| |
#---------------------------------------------------'
[w]: {"a2s:delref": true, "fill": "#fff", "fillStyle": "solid"}
[p]: {"a2s:delref": true, "fill": "#ef5ba1", "fillStyle": "solid", "strokeStyle": "#000"}
[b]: {"a2s:delref": true, "fill": "#f99c41", "fillStyle": "solid", "strokeStyle": "#000"}
[d]: {"a2s:delref": true, "fill": "#27bdce", "fillStyle": "solid", "strokeStyle": "#000"}
[e]: {"a2s:delref": true, "fill": "#00aa5b", "fillStyle": "solid", "strokeStyle": "#000"}
Controllers add custom processing to the core reconciliation loop.
When paired with custom resource definitions, they are known as operators.
One of the marks of a successful open source project is a vibrant upstream. In the case of Kubernetes, even successful efforts to produce commercial distributions have not displaced upstream as the main point of reference for the platform.@startuml
skinparam BoxPadding 10
skinparam defaultFontSize 18
Kubernetes->OpenShift : attribute-based access control (ABAC)
OpenShift->Kubernetes : roles and cluster-roles
Kubernetes->OpenShift : role-based access control (RBAC)
@enduml
@startuml
skinparam BoxPadding 10
skinparam defaultFontSize 18
Kubernetes->OpenShift : Pod and ReplicaSet objects
OpenShift->Kubernetes : DeploymentConfig objects
Kubernetes->OpenShift : Deployment objects
@enduml
@startuml
skinparam BoxPadding 10
skinparam defaultFontSize 18
Kubernetes->OpenShift : flat network
OpenShift->Kubernetes : multitenant plugin
OpenShift->Kubernetes : prototype network policies
Kubernetes->OpenShift : network policies
@enduml
@startuml
skinparam BoxPadding 10
skinparam defaultFontSize 18
Kubernetes->"Red Hat OpenShift" : beware stateful applications
"Red Hat OpenShift"->Kubernetes : application templates (2015)
Kubernetes->"CoreOS Tectonic" : stateful applications still hard
"CoreOS Tectonic"->Kubernetes : etcd operator with third-party resources (2016)
Kubernetes->"CoreOS Tectonic" : Custom Resource Definitions
"CoreOS Tectonic"->Kubernetes : Operator Framework and SDK (2018)
"CoreOS Tectonic"->"Red Hat OpenShift" : merges with (2019)
@enduml
#--------------------------# #-------------------------#
|[p] | |[b] |
| | | |
| | | |
|Custom Resource Definition+<-+->+ Controller |
| | | | |
| (e.g. "VaultService") | | | (backup, upgrade, etc.) |
| | | | |
| | | | |
#--------------------------# | #-------------------------#
|
|
v
#------------+-------------#
|[s] |
| |
| |
| |
| |
| Cluster state (etcd) |
| |
| PersistentVolumes |
| |
| ConfigMaps |
| |
| Secrets |
#--------------------------#
[p]: {"a2s:delref": true, "fill": "#ef5ba1", "fillStyle": "solid", "strokeStyle": "#000"}
[b]: {"a2s:delref": true, "fill": "#f99c41", "fillStyle": "solid", "strokeStyle": "#000"}
[s]: {"a2s:type":"storage", "a2s:delref": true, "fillStyle": "solid", "fill": "#ffffff"}
#------------------------------------------------------------------#
|[q] |
| |
| |
| |
| Stateless is Easy, Stateful is Hard. |
| |
| - Brandon Philips (2016) |
| |
| |
| |
#------------------------------------------------------------------#
[q]: {"a2s:type": "quote-sw", "a2s:delref": true, "fill": "#ef5ba1", "fillStyle": "solid"}
#-----------------------------------------------------------#
|[w] |
| #-------------------------# #-------------------------# |
| |[p] | |[b] | |
| | Secrets Manager | | RDS | |
| | | | | |
| #-------------------------# #-------------------------# |
| #----------------------------------# |
| |[w] | |
| | EKS | |
| | | |
| #----------------------------------# |
| #-------------------------# #-------------------------# |
| |[d] | |[e] | |
| | CodeDeploy | | SQS | |
| | | | | |
| #-------------------------# #-------------------------# |
| AWS |
#-----------------------------#-----------------------------#
[w]: {"a2s:delref": true, "fill": "#fff", "fillStyle": "solid"}
[p]: {"a2s:delref": true, "fill": "#ef5ba1", "fillStyle": "solid", "strokeStyle": "#000"}
[b]: {"a2s:delref": true, "fill": "#f99c41", "fillStyle": "solid", "strokeStyle": "#000"}
[d]: {"a2s:delref": true, "fill": "#27bdce", "fillStyle": "solid", "strokeStyle": "#000"}
[e]: {"a2s:delref": true, "fill": "#00aa5b", "fillStyle": "solid", "strokeStyle": "#000"}
AWS perfected the use of proprietary services based on open source products, putting commercial vendors creating and supporting those products on notice.
In 2016 MongoDB Inc. responded with the Server Side Public License.
In a way AWS itself can be seen as "Linux as a service". RDS is a particularly egregious example. The risk to open source vendors like MongoDB, Redis Labs, and so on is real, no matter what the Software Engineering Daily says. You cannot out-innovate an unregulated monopoly on which you depend for oxygen.As we are on the subject of splitting souls, this is as close as we have come to splitting the soul of open source.
#-----------------------------#-----------------------------#
|[w] |
| #-------------------------# #-------------------------# |
| |[p] | |[b] | |
| | Vault operator | | PostgreSQL operator | |
| | | | | |
| #-------------------------# #-------------------------# |
| |
| #-------------------------# #-------------------------# |
| |[d] | |[e] | |
| | Jenkins X | | Kafka operator | |
| | | | | |
| #-------------------------# #-------------------------# |
| Any managed Kubernetes service |
#-----------------------------------------------------------#
[w]: {"a2s:delref": true, "fill": "#fff", "fillStyle": "solid"}
[p]: {"a2s:delref": true, "fill": "#ef5ba1", "fillStyle": "solid", "strokeStyle": "#000"}
[b]: {"a2s:delref": true, "fill": "#f99c41", "fillStyle": "solid", "strokeStyle": "#000"}
[d]: {"a2s:delref": true, "fill": "#27bdce", "fillStyle": "solid", "strokeStyle": "#000"}
[e]: {"a2s:delref": true, "fill": "#00aa5b", "fillStyle": "solid", "strokeStyle": "#000"}
#-----------------------------------------------------------------#
|[q] |
| |
| |
| |
| Declarative configuration is about treating infrastructure as |
| |
| data, which is more portable than code, and enables workflows |
| |
| that manipulate desired state based on policy. |
| |
| - Kelsey Hightower (2019) |
| |
| |
| |
#-----------------------------------------------------------------#
[q]: {"a2s:type": "quote-sw", "a2s:delref": true, "fill": "#ef5ba1", "fillStyle": "solid"}
#-----------------------------------------------------------# -#
|[w] | |
| #-------------------------# #-------------------------# | |
| |[p] | |[b] | | #----------.
| | Secrets Manager | | RDS | | | |
| | | | | | | |
| #-------------------------# #-------------------------# | -# |
| #----------------------------------# | -# |
| |[w] | | | plan, |
| | EKS | | reconciliation| apply, |
| | | | loop | save state |
| #----------------------------------# | -# |
| #-------------------------# #-------------------------# | -# |
| |[d] | |[e] | | | |
| | CodeDeploy | | SQS | | | |
| | | | | | #----------'
| #-------------------------# #-------------------------# | |
| AWS | |
#-----------------------------#-----------------------------# -#
Infrastructure as CODE |
|
|
|
v Infrastructure as DATA -#
#-----------------------------#-----------------------------# #---------.
|[w] | -# |
| #-------------------------# #-------------------------# | -# |
| |[p] | |[b] | | | |
| | Vault operator | | PostgreSQL operator | | | |
| | | | | | | |
| #-------------------------# #-------------------------# | | plan, |
| | reconciliation| apply, |
| #-------------------------# #-------------------------# | loop | save state |
| |[d] | |[e] | | | |
| | Jenkins X | | Kafka operator | | | |
| | | | | | | |
| #-------------------------# #-------------------------# | -# |
| Any managed Kubernetes service | -# |
#-----------------------------------------------------------# #---------'
-#
[w]: {"a2s:delref": true, "fill": "#fff", "fillStyle": "solid"}
[p]: {"a2s:delref": true, "fill": "#ef5ba1", "fillStyle": "solid", "strokeStyle": "#000"}
[b]: {"a2s:delref": true, "fill": "#f99c41", "fillStyle": "solid", "strokeStyle": "#000"}
[d]: {"a2s:delref": true, "fill": "#27bdce", "fillStyle": "solid", "strokeStyle": "#000"}
[e]: {"a2s:delref": true, "fill": "#00aa5b", "fillStyle": "solid", "strokeStyle": "#000"}
#-----------------------------------------------------------# -#
|[w] | -# |
| #-------------------------# #-------------------------# | | |
| |[p] | |[b] | | | |
| | Secrets Manager | | RDS | | | |
| | | | | | | |
| #-------------------------# #-------------------------# | -# | |
| #----------------------------------# | | | |
| |[w] | | RBAC | IAM | |
| | EKS | | CNI | SGs & NACLs | Terraform |
| | | | CSI | S3/EBS/EFS | (1000+ lines)|
| #----------------------------------# | | | |
| #-------------------------# #-------------------------# | -# | |
| |[d] | |[e] | | | |
| | CodeDeploy | | SQS | | | |
| | | | | | | |
| #-------------------------# #-------------------------# | | |
| AWS | -# |
#-----------------------------#-----------------------------# -#
Infrastructure as CODE |
|
|
|
v Infrastructure as DATA
#-----------------------------#-----------------------------# -#
|[w] | -# |
| #-------------------------# #-------------------------# | | |
| |[p] | |[b] | | | |
| | Vault operator | | PostgreSQL operator | | | |
| | | | | | | |
| #-------------------------# #-------------------------# | RBAC | |
| | CNI | Terraform |
| #-------------------------# #-------------------------# | CSI | (100+ lines)|
| |[d] | |[e] | | | |
| | Jenkins X | | Kafka operator | | | |
| | | | | | | |
| #-------------------------# #-------------------------# | | |
| Any managed Kubernetes service | -# |
#-----------------------------------------------------------# -#
[w]: {"a2s:delref": true, "fill": "#fff", "fillStyle": "solid"}
[p]: {"a2s:delref": true, "fill": "#ef5ba1", "fillStyle": "solid", "strokeStyle": "#000"}
[b]: {"a2s:delref": true, "fill": "#f99c41", "fillStyle": "solid", "strokeStyle": "#000"}
[d]: {"a2s:delref": true, "fill": "#27bdce", "fillStyle": "solid", "strokeStyle": "#000"}
[e]: {"a2s:delref": true, "fill": "#00aa5b", "fillStyle": "solid", "strokeStyle": "#000"}
This is arguably far more valuable than the reduction in cloud stickiness and lock-in, which is often the main or even sole argument put forward - after all, many companies are happy to commit to a single cloud vendor for now.
#---------------------------------------------------------------------#
|[q] |
| |
| |
| Can I trust custom resources to create and manage the lifecycle |
| |
| of objects native to the platform? |
| |
| |
| |
#---------------------------------------------------------------------#
#---------------------------------------------------------------------#
|[a] |
| |
| |
| Yes, this is something resources like PersistentVolumeClaim and |
| |
| Service have done for a long time, dynamically creating storage |
| |
| volumes and load balancers respectively. |
| |
| |
| |
#---------------------------------------------------------------------#
[q]: {"a2s:type": "quote-sw", "a2s:delref": true, "fill": "#ef5ba1", "fillStyle": "solid"}
[a]: {"a2s:type": "quote-se", "a2s:delref": true, "fill": "#6a2469", "fillStyle": "solid"}
#---------------------------------------------------------------------#
|[q] |
| |
| |
| Can the PostgreSQL operator match the availability and durability |
| |
| guarantees of RDS? |
| |
| |
| |
#---------------------------------------------------------------------#
#---------------------------------------------------------------------#
|[a] |
| |
| |
| Not today, no. It is worth considering, though, that: |
| |
| * RDS and the operator use the same AWS storage primitives |
| |
| * Until this improves, the operator could manage RDS on AWS |
| |
| |
| |
#---------------------------------------------------------------------#
[q]: {"a2s:type": "quote-sw", "a2s:delref": true, "fill": "#ef5ba1", "fillStyle": "solid"}
[a]: {"a2s:type": "quote-se", "a2s:delref": true, "fill": "#6a2469", "fillStyle": "solid"}
Remember these?
Imagine not having to compete with this wall of products, offering a catalog of managed open source products with first-party support instead.
Doubling down on their managed Kubernetes offerings promises huge benefits for Amazon's competitors. The competitive edge of the full roster of proprietary services is at least blunted if there is a vibrant ecosystem of open source middleware known to run reliably on all public clouds.Slides built with Markdeck
GitHub gerald1248/kubernetes-open-source-slides
Twitter @03spirit
LinkedIn gerald1248