Back to Blog

Kubecon CloudNativeCon 2021: five key takeaways and reflections

strategy, software, cloud, cloud-native, kubernetes

Kubernetes, and cloud native is without a doubt the single most important community project today. It’s driving not not the speed of digital transformation across industries, but also disrupting multiple technology markets from platforms and DevOps, to services and tooling. It’s central to technology, product and investment strategies for investors, technology companies and enterprises.

The recently concluded Kubecon/CloudNativeCon 2021 shines lights on the multiple trends impacting cloud native and the challenges and opportunities these trends are creating.

The five key takeaways

Takeaway 1: Kubernetes has reached critical mass adoption, not just in tech but also in the enterprise

One of the big themes coming out of the conference was the broad based adoption of Kubernetes — not just in technology companies, but also in the Enterprise. There were tons of really interesting sessions — Shell’s ML architecture on Kubeflow, and Rakuten’s use of cloud-native network functions in their 5G networks are two great examples of cloud native adoption across industries and use-cases.

Interestingly, the pandemic has only accelerated the adoption of Kubernetes across the enterprise. A survey by Pure Storage suggests ~70% of surveyed companies increased their adoption of Kubernetes because of the pandemic, to accelerate innovation.

Pure Storage Kubernetes Adoption Survey 2021

One big driver of such adoption are fully managed services on all clouds like GKE, as well as commercial private cloud platforms like RedHat, Rancher and VMWare Tanzu.

Takeaway 2: Security and software supply chain are, and continue to be top of mind concerns

Managing a tight security posture with Kubernetes is a big challenge. With recent breaches like Solarwinds, software supply chain and software BOM came up as a topic in multiple sessions.

There is a ton of open source and commercial tooling that is making this easier. Just to name a few:

  • Identification and zero-trust: Cryptographic service identification using SPIFFE and SPIRE, secrets management, identity and access etc.
  • Runtime security: Alternative runtimes like GVisor and Kata containers, Open Policy Agent (OPA) gatekeeper
  • Network security: service mTLS and encryption e.g. LinkerD and Istio, cloud-native firewalls e.g. Cilium
  • Vulnerability scanning: source code e.g. Snyk, container e.g. DockerBench
  • Observability, and threat detection e.g. Falco, Prometheus

The landscape is fragmented, and there continue be challenges with getting a holistic handle on container security, and creating an integrated posture along with traditional security stack — application, data , SIEM and SOAR etc.

We are seeing emergence of integrated container security platforms like StackRox (acquired by RedHat) and Twistlock (acquired by Palo Alto Networks and rebranded as Prisma Cloud Compute Edition), but these are still early days and container security will continue to be a big customer pain point, and strategic opportunity for cybersecurity vendors.

Takeaway 3: Kubernetes is complex and there is even more complexity in managing complexity

The Kubernetes and cloud native landscape is fragmented, with about a thousand different projects and members listed on the CNCF landscape page. Let’s face it — basic Kubernetes primitives of Pods, Services, Volumes etc. are not enough and using Kubernetes effectively, and at scale, means the surface area of technology you have to touch is massive. Outside of security, you have to worry about storage and resilience, networking and ingress, managing environments, CI/CD pipelines, observability, logging and tracing, and running your choice(s) application and platform frameworks.

CNCF landscape Oct’21–983 cards with a total of 2,843,005 stars, market cap of $15.8T and funding of $27.7B

The learning curve for Kubernetes is steep. When you add the CRDs (custom resource definitions), multiple deployment descriptors and other configuration files — its like living in a spiderweb of YAML, reminds me of the XML and DLL-hell. Ironically, this defeats the very reason teams started using Kubernetes in the first place — to accelerate the speed of innovation. Complexity was rated as the number one challenge from teams adopting Kubernetes in the CNCF survey from 2021.

CNCF Survey 2021

This explosion of complexity is not atypical — we have seen this with other open source ecosystems like Java, Linux and Javascript. Ultimately we do expect the stack and tooling to mature, as the adoption curve goes up. Cutting through the open source noise and integrating opinionated cloud native stacks that “just work” is a big opportunity for public/private cloud and platform vendors. At this time however, there is no stopping it.

Takeaway 4: The community continues to innovate by improving scalability and providing “higher level” application frameworks

[Note: It’s impossible to cover everything — listing a subset of notable projects]

Outside the usual themes of security and observability there were a couple of big big themes in core infrastructure this year. First, multiple projects supporting more complex multi-cluster and multi-cloud deployments. Second, growing maturity of open source and commercial tooling for storage and networking.

  • Crossplane — One of my favorite projects. Enables teams to abstract infrastructure from multiple clouds and expose them on Kubernetes. Definitely worth a look if you are looking to build multi-cloud apps, using native services.
  • Multi-tenancy on Kubernetes is a frequently raised issue. It seems unlikely that any major changes to APIs will be made to support multi-tenancy. But there are some interesting projects and clever approaches — there was a really well delivered session on VCluster, which I highly recommend.
  • Multi-cluster support for services and networking has ben a big challenge with Kubernetes. SIG Multi-cluster provided some good insights into how cluster related APIs will evolve e.g. the notion of ClusterSet and Cluster ID, multi-cluster services API and multi-cluster DNS and Kubefed etc. I am excited to see how multi-cluster support will change going forward.
  • Storage management in Kubernetes is complex and there are a an array of useful tools available. Longhorn from Rancher, OpenEBS, Ceph and Rook, as well as multiple commercial tools like Portworx and NetApp Astra. There is a useful benchmark of various storage providers here.

The bigger vector of community innovation has been building wrappers and platforms to make building microservices easier, help with GitOps, and specialize for domain use-cases like AI and IoT. Some projects worth exploring:

  • KubeEdge and Sedna — Edge and IoT are very important use cases for Kubernetes. What interested me most was Sedna that is attempting to provide a framework around cloud-native federated AI
  • Kubeflow — MLOps is a big challenge in the enterprise, and Kubeflow provides the answer to build portable and scalable ML workflows
  • KNative — Serverless will continue to be a critical architectural paradigm, both for scalability and cloud economics. KNative provides serverless primitives and and framework to help stitch applications together.
  • Dapr (or distributed application runtime) — pluggable framework to build environment agnostic, event driven applications. The remote debug demo was impressive.
  • There are a dizzying array of CI/CD and GitOps tools including CircleCI, JenkinsX, Argo, GitLab, Spinnaker for CD etc., its worth exploring a few of them — if you are on Github, I suggest Github Actions for smaller projects and Tekton for larger more complex deployments

Takeaway 5: There are structural gaps in talent, creating demand for certifications and growth of Kubernetes managed services

Another recurring theme with Kuberenetes is the skills gap. Lack of in-house skills is cited as the biggest challenge when migrating to Kubernetes. In our experience this is a bigger problem for enterprises vs. technology companies in the valley, which have better access to talent.

Cannonical cloud native survey 2021

We are also seeing a huge surge in up-skilling. Cloud native overtook Linux as the most in demand skill and the foundation also saw a 455% increase in certifications in the last two years.

Linux Foundation Open Source Jobs Report 2021
The growth in demand for cloud-native skills aligns with what the Linux Foundation Training & Certification program has experienced. Four times as many individuals sat for Kubernetes certification exams in the first half of 2020 compared to 2019. In addition, in the first half of 2021 that number increased another 43%, meaning from the first half of 2019 to 2021 there was a 455% increase in demand for Kubernetes certification.
- Linux Foundation Open Source Job Report 2021

Talent will continue to be a strategic imperative and companies will need to think about up-skilling their workforce, as they scale their cloud native adoption. These talent glut also creates big opportunities for training companies, cloud native advisory, K8s consulting and managed services. There are also implications for platform and tooling vendors — customers prefer cloud delivered, fully managed, services that work out of the box. This, in part, will also drive a lot of the cloud workloads to hyperscalers.

Opportunities for technology vendors

This is no doubt an exciting time for the industry.

The complexity and growth is creating multiple opportunities for technology vendors. Software and platform companies should seek to simplify complexity by creating more integrated, opinionated and domain specialized development stacks, bringing compliance and security tools to market, as well as strategically address the talent gap e.g. by activating the MSP channel. IT services and consulting vendors should double down on cloud native, invest in building out cloud practices or acquire smaller consulting firms to capitalize on the cloud native opportunity. Investors in this space should take the time to understand the structural fragmentation, and inherent technology risk of Kubernetes to avoid overpaying. Entrepreneurs and investors should explore alternative, lower risk business models like training and managed services to capitalize on this theme.

Multi-cloud and hybrid cloud enterprise architectures are more accessible today, than they ever were in the past. The Kubernetes ecosystem is continuing to abstract the underlying infrastructure platforms, enabling enterprises to move faster and leverage modern development platforms, irrespective of where they are in their cloud journey.

In the end, though, I am struck by the power of community driven and open source innovation. Kubernetes has, and is continuing to disrupt infrastructure software, and is poised to become one of the most influential open source projects of all time, perhaps only second to Linux.