Containers, such as Docker, are IT's future. The program that will manage these containers is still an open question. The way things are developing, Google's open-source Kubernetes has to be considered the front runner. It's being adopted by more and more Linux distributions, container technology's primary platform. Canonical, Red Hat, and SUSE are all betting Kubernetes will be containers' DevOps future.
Why? Well, the new features and improvements in the Kubernetes 1.4 release go a long way to explaining its popularity.
For starters, this version of Kubernetes is much easier to install and use. For example, the new Kubernetes Dashboard UI comes with 90 percent of command line interface functionality with at-a-glance management. There's more to this update, however, than just making Kubernetes more approachable.
You can also now create clusters easily with kubeadm. This reduces bootstrapping to two commands, with no complex scripts involved. Once Kubernetes is installed, kubeadm init starts the master, while kubeadm join the nodes to the cluster.
Installation has also been streamlined by packaging Kubernetes with its dependencies, for most major Linux distributions including Red Hat Enterprise Linux (RHEL) and Ubuntu 16.04. This means users can now install Kubernetes using familiar tools such as apt-get and yum.
Beyond top line installation and management, Kubernetes now includes the following valuable features.
Expanded stateful application support - While cloud-native applications are built to run in containers, many existing applications need additional features to run in containers. Most commonly, stateful applications such as batch processing, databases and key-value stores don't come container-ready. To make it easier to run such programs, Kubernetes now includes:
- ScheduledJob is introduced as Alpha so users can run batch jobs at regular intervals.
- Init-containers, a beta feature, runs one or more containers before starting the main application. This can be used, for example, to sequence dependencies when starting a database or multi-tier app.
- Dynamic PVC Provisionin moved to beta. This feature now enables cluster administrators to expose multiple storage provisioners and allows users to select them using a new Storage Class API object.
- Curated and pre-tested Helm charts for common stateful applications such as MariaDB, MySQL, and Jenkins will be available for one-command launches. This uses the Helm Package Manager, version 2.
Cluster federation API additions - With this update you can now build applications with clusters that span regions and clouds. This works using the following beta functions:
- Federated Replica Sets - Replicas can now span some or all clusters enabling cross region or cross cloud replication. The total federated replica count and relative cluster weights/replica counts are continually reconciled by a federated replica-set controller to ensure you have the pods you need in each region/cloud
- Federated Ingress - Finally starting with Google Cloud Platform (GCP), users can create a single Layer 7 globally load-balanced virtual IP address (VIP). This enables users to span services deployed across a GCP federation of clusters. With Federated Ingress in GCP, external clients point to a single IP address and are sent to the closest cluster with usable capacity in any region or zone of the federation in GCP.
Container security support has also been improved. As major Kubernetes supporter CoreOS's technical program manager Caleb Miles wrote, "Convincing users to enable enhanced security features begins with a seamless user experience. Experience has shown that advanced security is often disabled if it impedes other goals." The new Kubernetes does that.
In addition, multi-tenant clusters administrators can now provide varying sets of permissions among tenants, infrastructure components, and system end-users. These new security features include:
- Pod Security Policy is a new object that enables cluster administrators to control the creation and validation of security contexts for pods/containers. Admins can associate service accounts, groups, and users with a set of constraints to define a security context.
- AppArmor support has been added. This enables admins to run a more secure deployment, and provide better auditing and monitoring of their systems. Users can configure a container to run in an AppArmor profile by setting a single field.
The list goes on, but the bottom line is clear: Kubernetes is answering the corporate need for a complete, soup-to-nuts container management system.
I hope its rivals, such as Docker Swarm and Mesosphere DC/OS, rise to its challenge. That way, no matter which system eventually becomes the dominant container DevOps system, we'll all be the better for it.