By Chris Aniszczyk (also on LinkedIn)
I hope everyone had enjoyed the holidays with loved ones! The CNCF recently released its annual report on all the work we accomplished last year. I recommend everyone take an opportunity to go through the report as we spent a lot of time cataloging all the amazing work that the community does. Also, it’s been a couple years since I posted my annual predictions so I apologize for the delay and hopefully you enjoy the list this year!
Cloud [Native] IDEs Become Normalized
Recently, GitHub Codespaces came out of beta and while we don’t have a lot of public usage data from GitHub, there seems to be a lot of positive sentiment on Twitter. Also, GitPod completed their Series A round along with other companies in the space that have been raising impressive rounds.
I’m 100% convinced that ephemeral dev workspaces along with the time that developers save in setting up workspaces will propel this technology to an industry norm. There is a reason you see companies like Uber, Shopify, Slack, Stripe and more use this form of development, these best practices will spread to the rest of the industry with offerings like Codespace and Gitpod becoming normalized.
Finally, Gitpod has put together an excellent set of principles of “Cloud Develompent Environments” (CDEs) that I recommend you take a look at. Also the fine folks at Redmonk share my sentiments here with their excellent post on “The Year of the Cloud Develompent Environment” which I recommend reading for an analyst’s perspective.
FinOps Becomes Mainstream and Shifts Left
A couple of years ago the Linux Foundation helped establish the “FinOps Foundation” to cultivate innovation in this space. The FinOps Foundation is off to a great start, from hosting its first conference FinOpsX to launching the State of FinOps survey and even putting together some great introductory materials.
Why will this be a big year for FinOps? Cloud spend has increased significantly over the last few years and is becoming a big cost within organizations, sometimes even rivaling salaries:
Furthermore, you can look at FinOps job trends mixed with Google trends for indicators that things have reached an inflection point in growth.
Another bonus to all this market pressure will be more standardization and open source options like OpenCost. Traditionally deciphering a cloud bill was a hard problem and is even more complicated if you use multiple clouds (there is no open standard for cloud pricing and cost management that covers all major clouds).
These market pressures combined with a global recession will increase FinOps practices in most organizations, not just the high tech bay area companies. FinOps will become more of an engineering problem than it was in the past where engineering teams had fairly free reign on cloud consumption. You will see FinOps information shift closer to the developer and end up part of pull request infrastructure down the line.
Finally, cost management and FinOps will become part of observability solutions by default (e.g., Datadog announcing a cost management product). I expect a lot of consolidation in this space too where larger traditional companies buy their way into their space.
Open Source SBOMs Everywhere
The US government over the last couple of years has produced policies and laws about improving the security of software, from the Executive Order in 2021 to the recent “The United States Securing Open Source Software Act” that covers a myriad of security improvements. The Open Source Security Foundation (OpenSSF) has a great summary of the act along with their mobilization plan on how to address security issues in open source. Furthermore,
Just recently the US Government passed a law that has mandated that medical device manufacturers must produce an SBOM:
It’s inevitable that this trend will continue and affect open source software, with leading critical projects like Kubernetes already producing SBOMs for consumption. There may be some bumps in the road to mandating SBOMs across all industries, but I personally think this is inevitable through regulation or the industry just maturing.
There will also be a lot of new open source innovation, startups and projects in this space that work to aggregate a lot of this security information (see https://deps.dev as a simple example). I’m personally watching projects like GUAC, Scorecards, Sigstore, Witness and much more.
GreenOps rolls into FinOps
Sustainability is a hot topic and folks involved in the ESG space are aware how complicated it can be calculating the carbon footprint of cloud based workloads. PwC recent research from “Fortune 1000 companies that 60% of business leaders are using or plan to use cloud to enhance ESG reporting and 59% use or plan to use cloud to improve their ESG strategies.”
I believe there’s a Jevon’s paradox situation going on here as we improve the efficiency of clouds… on top of interesting research showing that “future energy required to run just the computers on a global fleet of autonomous vehicles could generate as much greenhouse gas emissions as all the data centers in the world today.”
In my opinion, GreenOps is a form of FinOps that is focused on the carbon footprint of cloud workloads. I expect these communities to consolidate into one and collaborate on open specifications and standards in the space, possibly extending OpenCost to include carbon footprint information across clouds. There’s a lot of opportunity here for open source collaboration across companies and industries.
GitOps Matures and Enters Plateau of Productivity
Since Alexis Richardson first coined the word GitOps in 2017, things have evolved dramatically in this space when it comes to the maturity of GitOps tooling. In CNCF, the Argo and Flux projects have recently graduated, demonstrating project stability and mature governance and a rapid level of adoption. Also, they are also some of the highest open source velocity projects in the CNCF ecosystem.
If this space interests you, I recommend getting involved in the open source projects above and get involved in the CNCF Open GitOps Working Group: https://opengitops.dev
If you look at the latest open source project velocity data from CNCF, OpenTelemetry comes in second, right behind Kubernetes which is incredibly impressive for such a young project.
In the last couple of years, almost every major modern observability vendor has worked to integrate OTel. The OTel collector framework frees vendors from needing to implement this functionality and makes the lives of end users better. In 2023, you will see not only the many tech forward companies adopt OTel, but you will see traditional enterprise end users taking advantage of this technology.
Backstage Developer Portal Maturity
Developer experience has always been a concern for organizations that hit a certain scale as a way to improve engineering throughput. As more organizations are on their cloud native journey these days, this becomes important for the majority of the industry. In my last set of predictions, I mentioned “Service Catalogs” becoming a necessity but it’s going to be more than that.
In the CNCF community, Backstage is one of the few projects I’ve seen deployed in traditional enterprises first before even Kubernetes lands there. It’s a bit unique in that regard but it is truly being used by traditional enterprises like a bank or airline along with cutting edge tech companies like Spotify. You can see some of the crazy adoption in the project from their ADOPTERS.md file and BackstageCon videos.
To get to the next level, Backstage needs to firm up its API and continue to cultivate its plug-in ecosystem so it essentially becomes the “Jenkins” of this space.
Another funny thing about Backstage and modern Developer Portals is that Gartner has even noticed and started to produce research in this space, which is always a sign of later maturity.
WebAssembly Innovation + Slope of Enlightenment
I strongly believe that Web Assembly (Wasm) will be a dominant form of computing in the near future as it explores use cases outside the browser, from edge to server workloads. I found this article by Sapphire Ventures on the promise of Wasm to be one of the better ones on this topic. From personal experience I keep seeing Wasm popping up in more areas in the future forward cloud native ecosystem, from restructuring plug-in systems like in Envoy or in projects such as WasmCloud and WasmEdge. Hell, even Docker is supporting Wasm in a recent technical preview: https://www.docker.com/blog/docker-wasm-technical-preview/
However, there is going to be some growing pains as Wasm use cases get discovered, runtimes mature and just the general evolution of the technology. In hype cycle parlance, Wasm will be somewhere between the trough of disillusionment and the slope of enlightenment. While there is a lot of positive press out there on the potential around Wasm, there is the reality of implementing things when there is a lot of moving pieces like WASI and tail calls not fully supported:
Furthermore, I think you will see the boutique cloud providers like Cloudflare and smaller startups pave the way in maturing this technology and hyperscalers will start offering their first Wasm related products this year.
Finally, I want to be clear that I see a world where containers, Wasm and even VMs will live side by side… even our friends at Docker say so: https://www.docker.com/blog/why-containers-and-webassembly-work-well-together/
Cost Cutting Benefits Boutique Clouds (or whatever is a Supercloud)
To continue this year’s theme of cost management, I believe that boutique cloud providers (or whatever a supercloud is) will stand to benefit from this trend as organizations step back and evaluate their cloud usage. For an example of this trend in 2023, see this recent announcement from Cloudflare… “Palantir Announces Strategic Partnership with Cloudflare Focused on Cloud Cost Optimization” along with how they position their R2 product compared to S3.
These boutique cloud providers will position themselves strongly as caring about cost optimization and customer service in this particular area. They will announce new acquisitions and products in this space that compete with the larger clouds.
Kubernetes Has Its Linux Style Maturity Moment
I can’t do cloud native predictions without mentioning Kubernetes, right!? Just recently I posted a blog post around open source project velocity in 2022 both within and outside the cloud native ecosystem. As part of the open source project velocity history, Kubernetes has always been neck and neck with Linux. Kubernetes is here to stay and has cemented itself in the enterprise and across the industry. It’s not only Bay Area companies and high tech forward organizations that adopt Kubernetes, it’s the traditional businesses of the world like Walmart. Hell, Kubernetes is running on in every Chick-Fil-A restaurant even, there is some edge based computing for you! There are even people running Kubernetes in orbit… IN SPACE!
When I say that Kubenetes is having its Linux style maturity moment, I mean there was a time that Linux was originally built for a specific hobbyist use case and then finally the wider ecosystem stretched to run on phones, automobiles, real time systems and much more. The Kubernetes project is going under a similar evolution where organizations are stretching Kubernetes to run in new types of environments that the project wasn’t originally designed for, like embedded devices. These new use cases which drive innovation back into the Kubernetes project and wider ecosystem, just like what happened in Linux. The open source innovation pump is primed and will continue.
- Generative AI is going to be legislated and cause friction in open source communities. The interesting questions around attribution, copyright and compliance with open source foundation and corporate policies are going to be fun to watch unfold (e.g., some corporations already ban using code generated from CoPilot). We are also seeing lawsuits in this space against CoPilot and even art copyright and Stable Diffusion, this is only going to accelerate and will probably result in some copyright law changes. Heather Meeker has a great blog post around that copyright eating AI that I highly recommend as a read.
- VSCode will continue to grow and dominate the IDE space, it’s an incredibly active project and Microsoft has done a good job stewarding the community so far. If you look at surveys from Stackoverflow or data from Top IDE index, the writing is on the wall for VSCode to take over as the dominant IDE for almost every major programming language (not even counting its embedded usage in Codespaces and Gitpod).
- RISC-V is going to mature as an open source community and see usage skyrocket across embedded and mobile. Just recently Google announced that Android plans to support RISC-V as a “Tier 1” architecture which means you will see RISC-V where Android is in the near future. There are also geopolitical headwinds across the world that benefit RISC-V adoption in certain geographies.
- Open source innovation in the gaming engine industry takes flight. The gaming industry is a bit different from the cloud native world… where the majority of AAA style development still happens on Windows machines, gigantic monorepos and proprietary gaming engines like Unity and Unreal. As a16z stated in 2016… we need more open source in gaming and that is finally coming to fruition with open source gaming engines like Bevy, Godot, O3DE.
- OSPOs grow across industry and government due to regulation and rise of security concerns. I’m one of the co-founders of the TODO Group which is the home of a network of Open Source Program Offices (OSPOs) and have witnessed OSPOs evolve in formation in the high tech industry. As more software we depend on is based on open source, organizations will need a strategic approach in managing the innovation and security risk with that adoption. Furthermore, governments are starting to regulate the formation of OSPOs in the EU which will be copied by other countries.
Finally, Happy 2023 and Good Luck This Year!
I always have a few more predictions and trends to share especially around end user driven open source, eBPF, service mesh cannibalization and securing the software supply chain but I’ll save that for more detailed posts later in the year, a couple handful of predictions are enough to kick off the new year! Anyways, thanks for reading and I hope to see everyone at CloudNativeSecurityCon in a week and of course our big conference in Amsterdam KubeCon + CloudNativeCon EU in April 2023, registration is open!