Guest post originally published on the GlobalData blog by Charlotte Dunlap, Principal Analyst, Cloud and DevOps Services, GlobalData Technology

Summary Bullets:

  • The Open Source Security Foundation (OpenSSF), a new group focused on software security supply chain problems, added $10 million in vendor funding.
  • Google Cloud recently joined the FinOps Foundation, representing the first major cloud provider to commit.

The recent KubeCon 2021 conference garnered much attention not only for its hybrid format (virtual/in-person), but also for its critical role in helping facilitate interaction between customers (primarily developer and IT operations teams) and vendors as enterprises navigate the unchartered waters of digital and business transformations.  A number of important topics and themes raised during the conference were highly relevant to DevOps teams tasked with overseeing an increasingly diverse and distributed IT portfolio.

Key takeaways included: the need to improve security throughout the app modernization lifecycle, illustrated via newer OSS efforts such as the OpenSSF; the increased need for structure around cloud cost containment among enterprises with efforts by FinOps Foundation and its partners; the continued importance of easing developer CICD scripting pipelines through efforts such as GitOps; and growing buzz around emerging observability technologies and disruptors, helped by important OSS technologies such as OpenTelemetry.

More on these trends:

  • Security can no longer be an afterthought in the app modernization process; rather, it must serve as a key component of the entire application lifecycle management (ALM). Solving security through OSS represents the best way to approach the daunting task due to the massive number of vendors involved in Kubernetes security, most approaching the issue of security from various perspectives.  CNCF outlined updates for its OpenSSF program established a year ago, including an additional $10 million in annual vendor participant funding.  The group focus is on software security supply chain problems.  A number of startups are approaching Kubernetes security via comprehensive solutions which provide modern backup, storage capabilities, and in some cases data protection.  Vendors include Kasten by Veeam, Trilio, Catalogic Software, Tigera, and Mattermost.
  • FinOps is growing in importance, prompting companies to examine how to take advantage of the cloud in the best possible economic way. The FinOps foundation defines this topic as having three pillars: visibility for understanding what’s being spent on cloud; optimization for spending less via innovative methods such as serverless; and operations for executing in an iterative way between software engineering and financial teams.  As such, the group aims to promote better collaboration among finance and DevOps teams.  The CNCF partners with the FinOps Foundation, which has recently released a new FinOps Certification Practitioner program.  Vendors and cloud providers are taking note of the important cost containment trend.  Google Cloud recently joined the FinOps Foundation as its first major cloud provider, indicating its commitment to help the group and companies in general create better definitions and methodologies for establishing visibility and monitoring which helps to optimize cloud spending.
  • GitOps empowers developers to perform more tasks typically associated with IT operations, specifically code-based infrastructure and operational procedures. Developers depend on GitOps pipelines as a way to ease current complexities around encoded scripting of modern applications necessary to move them across various systems and into production within the CICD model.  GitOps is largely defined by CNCF via the popular projects Flux and Argo, which are Kubernetes-based continuous delivery programs.  Argo, especially popular, is considered a real utilitarian set of developer tools because it’s an end-user project with the OSS organization.  As such, a number of vendors are contributing to these CNCF OSS efforts including Amazon, GitHub, and Weaveworks.  During KubeCon, Codefresh announced its Argo Platform which automates CD and Kubernetes workflow tooling, creating a scripted pipeline for how app deployments will happen within a structure based on policies.
  • Observability is demonstrating a natural fit alongside automation and Kubernetes security whose overarching agenda has been helped along by the CNCF’s efforts around the now prominent OpenTelemetry project, prompting broader industry acceptance of the interoperability OSS technology. Benefits include improved insights into microservices performance issues, guiding broader DevOps teams via sets of metrics reporting on application performance in various deployment environments.  Several observability providers attended the conference with various announcements, including: Splunk’s announcement of the donation of its extended Berkeley packet filter (eBPF) collector to OpenTelemetry and Chronosphere announcing a new round of investor funding during the conference, along with a new tracing solution as part of its comprehensive observability offering.

For more on these trends and Kubernetes ecosystems, please see “KubeCon 2021: Themes Included GitOps, FinOps, Security, and Observability” (October 21, 2021).