Kubernetes is here to stay. But without changing the way teams work, organizations won’t see much value from new platforms. Here’s how to start finding real business value from Kubernetes.
Guest post by Rita Manachi, VMware
In the five years that the State of Kubernetes report has been published, we’ve witnessed hundreds of open source projects and commercial endeavors bloom into a robust and active cloud native ecosystem! As this thriving ecosystem matures, the pursuit of innovation yields to the pursuit of value in the same way that farmers and gardeners do, it’s time to harvest the fruits of our labor and, for Kubernetes practitioners, that means operating above the value line.
As referenced by my colleague Michael Coté in an article published in The New Stack, “the value line concept is a tool to guide where you should own and customize layers of the IT stack versus ‘outsourcing’ those layers to a vendor or cloud service.” Last year we established that Kubernetes is here to stay. With a majority of respondents to the latest State of Kubernetes survey agreeing that Kubernetes’ value goes beyond IT, this year, we’re defining the Kubernetes value line, and it’s all about how you treat your most strategic asset: your software.
[SOURCE: The State of Kubernetes 2023 by VMware]
Embrace new operating models
There’s a reason the saying “culture eats tech for breakfast” has become a favorite in today’s IT lexicon. What this pithy saying doesn’t get into is that technology can change behavior over time. Organizations can speed up a tech-driven cultural evolution by adopting new operating models and disciplines like platform engineering, shifting security left, software supply chains, and a product management mindset. Without changing the way teams work and treat the platform, organizations will be disappointed as the value they expected falls short.
Some of Kubernetes’ most familiar benefits include operational efficiency largely resulting from automation, portability, and scale. The declarative nature of Kubernetes supports hyper-automation. Embracing automation throughout the app dev and delivery process requires a mindset shift. It requires confidence that automating the right things at the right time will not only yield significant efficiencies, it will allow your teams to work on higher-value initiatives that impact the bottom line.
When treated as a constantly evolving product, a Kubernetes-based platform can offer a frictionless developer experience so developers can focus on writing code. With the ability to automate the deployment, scaling, and management of containerized applications, platform teams can significantly speed up software delivery and ultimately their ability to compete.–Maciej Lelusz, CEO at evoila Poland
Go ticketless for flexibility and policy enforcement
The epitome of an effective IT model is one that balances developer velocity and innovation with policy enforcement and governance. This often elusive endeavor is the ambition of everyone from enterprise architects and platform engineers to application developers and security teams. Part of the reason this can be difficult is that, when many of the systems and operations that run today’s application estates were established, ticket-based systems were the modern paradigm of the time. But the proliferation of distributed systems and cloud native computing, coupled with movements like DevOps, fundamentally changed how developers work and access the tools, services, and infrastructure they need. Suddenly, those old paradigms seemed burdensome and oppressive, if not entirely obsolete.
From my perspective, Kubernetes lets us move faster by providing an easy way to automate the entire CI/CD pipeline and following microservices-based architecture. Therefore, small releases can be pushed to test, QA, and finally prod without waiting for other teams. My role is more on the infrastructure side, therefore my key interest is to get Kubernetes clusters up and running for developers as well as lifecycle management of those clusters following the same way we do with applications—rolling updates blue/green, etc.–Pawel Piotrowski, Solutions Architect at S&T Poland
A Kubernetes-based platform requires thoughtful consideration for the developer experience, including processes, tools, and good documentation. Internal developer portals like those built using Backstage, have gained lots of attention as a way for platform engineers to foster innovation while enforcing policies. Meanwhile, the concept of golden paths—opinionated, well-defined, task-specific, and supported paths for building and delivering software—has made its way into our vernacular.
Kubernetes supports golden paths, which not only allows for tighter control of every stage of the application delivery process, it allows developers to focus on writing code and smooths the path to production. Enabling a shift-left model lets us introduce appropriate standards at the application design stage and throughout the app dev and delivery process. This not only speeds up application development, it makes it easier to make changes and updates continuously. We find this leads to better-quality software and enhances our ability to react to changing market dynamics.–Lukasz Zasko, Principal Engineer at Dell
Security is developer experience
Perhaps one way to measure whether an ecosystem’s pervasiveness is by how many related security tools, capabilities, and features there are around it. Indeed the Cloud Native Computing Foundation tracks 94 security and compliance projects and products (with a combined market cap of $1.9T and funding of $4.1B if you’re into that kind of thing) in the cloud native landscape. [SOURCE: CNCF Cloud Native Interactive Landscape]. Not to mention there is a whole day dedicated to security at KubeCon and a standalone cloud native security conference.
While it seems that security is IT’s perennial white whale, we need to rethink security as a whole and recognize that it’s not a single outcome but rather that security is a continuous pursuit. This is why measuring the value of security can be nebulous. One way to think about it is as part of the app dev and delivery process. That’s certainly evident in the conversation in this Voices of the Vanguards piece about measuring software delivery.
For security to be effective, it must be integrated and ingrained in your processes and workflows. It’s what we mean when we talk about shifting security left, using SBoMs, and securing software supply chains. Using golden paths, internal developer portals, and platform engineering disciplines, and recognizing that security is part of the developer experience all help make it easier to do security right. As Redmonk Analyst Rachel Stephens put it in her blog post “Developer Experience Is Security”:
DevOps (and DevSecOps) is a culture change, and the change must be bi-directional. Security teams need to have a stake at the table earlier. They cannot merely be a review process before production, and they need to be able to have input at the design phase of an application. Similarly, this culture change cannot exist without supportive tools for developers. An organization cannot ask developers to address an increasingly large part of the SDLC without also providing the tools to support them.
And this means: developer experience is a security issue.
So it’s no surprise that meeting security and compliance requirements was the No. 2 challenge for both deploying and managing Kubernetes among the State of Kuberbetes survey respondents. Perhaps what is surprising or less known is that Kubernetes actually helps with implementing and enabling continuous security from the software development process to production.
Security is baked into software delivery. Kubernetes architecture allows us to implement preventive controls for both an API layer that can be adopted inline with company security needs and an application (serving) layer that allows us to leverage security policies, RBAC, etc.–Jaroslaw Gajewski, Cloud Lead Architect at Eviden
For more about this, you can download a free copy of Adib Saikali’s book “Securing Cloud Applications,” which includes examples using Kubernetes and Spring. You can also check out his recent talk, Securing the Service-to-Service Call Chain Patterns and Protocols.
Witnessing the maturing of the Kubernetes and the cloud native ecosystem has been interesting, to say the least, if for no reason other than how quickly it has erupted. Now that Kubernetes has become embedded in the enterprise IT landscape, it’s time for us to prove its business benefits, and that requires operating above the value line.
About the Author: Rita Manachi has been working in the technology industry for 25 years. In that time, she’s covered multiple open source technologies and projects spanning everything from Linux high-performance computing (HPC) to Java IDEs and lots of stuff in between! These days she’s helping create and share content on the VMware Tanzu team.
Twitter Handle: @Ritam
Maciej Lelusz, Pawel Piotrowski, Lukasz Zasko, and Jaroslaw Gajewski are members of the VMware Tanzu Vanguards a select group of active power users, customers, and practitioners who share their passion for and knowledge of technology with the community. Learn more here.