Tag Archives: orchestration

Kubernetes tools vendors vie for developer mindshare

SAN DIEGO — The notion that Kubernetes solves many problems as a container orchestration technology belies the complexity it adds in other areas, namely for developers who need Kubernetes tools.

Developers at the KubeCon + CloudNativeCon North America 2019 event here this week noted that although native tooling for development on Kubernetes continues to improve, there’s still room for more.

“I think the tooling thus far is impressive, but there is a long way to go,” said a software engineer and Kubernetes committer who works for a major electronics manufacturer and requested anonymity.

Moreover, “Kubernetes is extremely elegant, but there are multiple concepts for developers to consider,” he said. “For instance, I think the burden of the onboarding process for new developers and even users sometimes can be too high. I think we need to build more tooling, as we flush out the different use cases that communities bring out.”

Developer-oriented approach

Enter Red Hat, which introduced an update of its Kubernetes-native CodeReady Workspaces tool at event.

Red Hat CodeReady Workspaces 2 enables developers to build applications and services on their laptops that mirror the environment they will run in production. And onboarding is but one of the target use cases for the technology, said Brad Micklea, vice president of developer tools, developer programs and advocacy at Red Hat.

The technology is especially useful in situations where security is an issue, such as bringing in new contracting teams or using offshore development teams where developers need to get up and running with the right tools quickly.

I think the tooling thus far is impressive, but there is a long way to go.
Anonymous Kubernetes committer

CodeReady Workspaces runs on the Red Hat OpenShift Kubernetes platform.

Initially, new enterprise-focused developer technologies are generally used in experimental, proof-of-concept projects, said Charles King, an analyst at Pund-IT in Hayward, Calif. Yet over time those that succeed, like Kubernetes, evolve from the proof-of-concept phase to being deployed in production environments.

“With CodeReady Workspaces 2, Red Hat has created a tool that mirrors production environments, thus enabling developers to create and build applications and services more effectively,” King said. “Overall, Red Hat’s CodeReady Workspaces 2 should make life easier for developers.”

In addition to popular features from the first version, such as an in-browser IDE, Lightweight Directory Access Protocol support, Active Directory and OpenAuth support as well as one-click developer workspaces, CodeReady Workspaces 2 adds support for Visual Studio Code extensions, a new user interface, air-gapped installs and a shareable workspace configuration known as Devfile.

“Workspaces is just generally kind of a way to package up a developer’s working workspace,” Red Hat’s Micklea said.

Overall, the Kubernetes community is primarily “ops-focused,” he said. However, tools like CodeReady Workspaces help to empower both developers and operations.

For instance, at KubeCon, Amr Abdelhalem, head of the cloud platform at Fidelity Investments, said the way he gets teams initiated with Kubernetes is to have them deliver on small projects and move on from there. CodeReady Workspaces is ideal for situations like that because it simplifies developer adoption of Kubernetes, Micklea said.

Such a tool could be important for enterprises that are banking on Kubernetes to move them into a DevOps model to achieve business transformation, said Charlotte Dunlap, an analyst with GlobalData.

“Vendors like Red Hat are enhancing Kubernetes tools and CLI [Command Line Interface] UIs to bring developers with more access and visibility into the ALM [Application Lifecycle Management] of their applications,” Dunlap said. “Red Hat CodeReady Workspaces is ultimately about providing enterprises with unified management across endpoints and environments.”

Competition for Kubernetes developer mindshare

Other companies that focus on the application development platform, such as IBM and Pivotal, have also joined the Kubernetes developer enablement game.

Earlier this week, IBM introduced a set of new open-source tools to help ease developers’ Kubernetes woes. Meanwhile, at KubeCon this week, Pivotal made its Pivotal Application Service (PAS) on Kubernetes generally available and also delivered a new release of the alpha version of its Pivotal Build Service. The PAS on Kubernetes tool enables developers to focus on coding while the platform automatically handles software deployment, networking, monitoring, and logging.

The Pivotal Build Service enables developers to build containers from source code for Kubernetes, said James Watters, senior vice president of strategy at Pivotal. The service automates container creation, management and governance at enterprise scale, he said.

The build service brings technologies such as Pivotal’s kpack and Cloud Native Buildpacks to the enterprise. Cloud Native Buildpacks address dependencies in the middleware layer, such as language-specific frameworks. Kpack is a set of resource controllers for Kubernetes. The Build Service defines the container image, its contents and where it should be kept, Watters said.

Indeed, Watters said he believes it just might be game over in the Kubernetes tools space because Pivotal owns the Spring Framework and Spring Boot, which appeal to a wide swath of Java developers, which is “one of the most popular ways enterprises build applications today,” he said.

“There is something to be said for the appeal of Java in that my team would not need to make wholesale changes to our build processes,” said a Java software developer for a financial services institution who requested anonymity because he was not cleared to speak for the organization.

Yet, in today’s polyglot programming world, programming language is less of an issue as teams have the capability to switch languages at will. For instance, Fidelity’s Abdelhalem said his teams find it easier to move beyond a focus strictly on tools and more on overall technology and strategy to determine what fits in their environment.

Go to Original Article
Author:

D3 Security’s Attackbot integrates Mitre ATT&CK in SOAR 2.0

D3 Security has released Attackbot, a proactive response matrix that combines security orchestration automation response technology and the Mitre ATT&CK framework to identify the entire kill chain of complex cyberattacks.

Building on existing SOAR capabilities to predict attacker behavior, Attackbot enables security teams to monitor attack progress in real time, correlate incidents with known adversary behaviors and take action with the aid of decision tree-based playbooks. Attackbot’s capabilities give security teams the ability to focus remediation efforts for a more conclusive incident response.

The Mitre Adversarial Tactics, Techniques and Common Knowledge (ATT&CK) framework, developed by Mitre Corp., is a document of threat tactics and techniques observed from millions of attacks on enterprise networks. Used by security vendors and consultants, ATT&CK classifies attacks for researchers to identify common patterns, see who authored campaigns and track malware development.

Embedding the Mitre ATT&CK framework into its SOAR 2.0 platform, D3’s Attackbot brings the following capabilities:

  • automatically identify and map security events against the Mitre ATT&CK matrix to focus incident response;
  • visualize and predict the kill chain, including searching backward across events in addition to focusing analysts on next steps; and
  • automated response triggering a D3 kill chain playbook to remediate the threat.

According to a Verizon Data Breach Investigations Report, phishing is involved in 32% of all data breaches and 78% of all cyberespionage incidents. D3 claims that Attackbot actively searches for steps that an adversary might take after a phishing attempt — such as credential dumping — in an effort to augment phishing investigations.

Additionally, Attackbot automatically searches and correlates relevant events, narrows a list of compromised computers, analyzes logs for evidence of compromise and identifies an adversary’s techniques through the Mitre ATT&CK framework and the D3 database. Typically, an analyst would have to sort through those hundreds of events manually to find the compromised computer.

D3’s Attackbot supports over 200 out-of-the-box integrations across threat intelligence, IT service management and network security software.

Go to Original Article
Author:

IT pros debate upstream vs. packaged Kubernetes implementations

Packaged versions of Kubernetes promise ease of use for the finicky container orchestration platform, but some enterprises will stick with a DIY approach to Kubernetes implementation.

Red Hat, Docker, Heptio, Mesosphere, Rancher, Platform9, Pivotal, Google, Microsoft, IBM and Cisco are among the many enterprise vendors seeking to cash in on the container craze with prepackaged Kubernetes implementations for private and hybrid clouds. Some of these products — such Red Hat’s OpenShift Container Platform, Docker Enterprise Edition and Rancher’s eponymous platform — offer their own distribution of the container orchestration software, and most add their own enterprise security and management features on top of upstream Kubernetes code.

However, some enterprise IT shops still prefer to download Kubernetes source code from GitHub and leave out IT vendor middlemen.

“We’re seeing a lot of companies go with [upstream] Kubernetes over Docker [Enterprise Edition] and [Red Hat] OpenShift,” said Damith Karunaratne, director of client solutions for Indellient Inc., an IT consulting firm in Oakville, Ont. “Those platforms may help with management out of the gate, but software license costs are always a consideration, and companies are confident in their technical teams’ expertise.”

The case for pure upstream Kubernetes

One such company is Rosetta Stone, which has used Docker containers in its DevOps process for years, but has yet to put a container orchestration tool into production. In August 2017, the company considered Kubernetes overkill for its applications and evaluated Docker swarm mode as a simpler approach to container orchestration.

Fast-forward a year, however, and the global education software company plans to introduce upstream Kubernetes into production due to its popularity and ubiquity as the container orchestration standard in the industry.

Concerns about Kubernetes management complexity are outdated, given how the latest versions of the tool smooth out management kinks and require less customization for enterprise security features, said Kevin Burnett, DevOps lead for Rosetta Stone in Arlington, Va.

“We’re a late adopter, but we have the benefit of more maturity in the platform,” Burnett said. “We also wanted to avoid [licensing] costs, and we already have servers. Eventually, we may embrace a cloud service like Google Kubernetes Engine more fully, but not yet.”

Burnett said his team prefers to hand-roll its own configurations of open source tools, and it doesn’t want to use features from a third-party vendor’s Kubernetes implementation that may hinder cloud portability in the future.

Other enterprise IT shops are concerned that third-party Kubernetes implementations — particularly those that rely on a vendor’s own distribution of Kubernetes, such as Red Hat’s OpenShift — will be easier to install initially, but could worsen management complexity in the long run.

“Container sprawl combined with a forked Kubernetes runtime in the hands of traditional IT ops is a management nightmare,” said a DevOps transformation leader at an insurance company who spoke on condition of anonymity, because he’s not authorized to publicly discuss the company’s product evaluation process.

His company is considering OpenShift because of an existing relationship with the vendor, but adding a new layer of orchestration and managing multiple control planes for VMs and containers would also be difficult, the DevOps leader predicted, particularly when it comes to IT ops processes such as security patching.

“Why invite that mess when you already have your hands full with a number of packaged containers that you’re going to have to develop security patching processes for?” he said.

Vendors’ Kubernetes implementations offer stability, support

Fork is a fighting word in the open source world, and most vendors say their Kubernetes implementations don’t diverge from pure Kubernetes code. And early adopters of vendors’ Kubernetes implementations said enterprise support and security features are the top priorities as they roll out container orchestration tools, rather than conformance with upstream code, per se.

Amadeus, a global travel technology company, is an early adopter of Red Hat OpenShift. As such, Dietmar Fauser, vice president of core platforms and middleware at Amadeus, said he doesn’t worry about security patching or forked Kubernetes from Red Hat. While Red Hat could theoretically choose to deviate from, or fork, upstream Kubernetes, it hasn’t done so, and Fauser said he doubts the vendor ever will.

Meanwhile, Amadeus is on the cusp of multi-cloud container portability, with instances of OpenShift on Microsoft Azure, Google and AWS public clouds in addition to its on-premises data centers. Fauser said he expects the multi-cloud deployment process will go smoothly under OpenShift.

Multi-tenancy support and a DevOps platform on top of Kubernetes were what made us want to go with third-party vendors.
Surya Suravarapuassistant vice president of product development, Change Healthcare

“Red Hat is very good at maintaining open source software distributions, patching is consistent and easy to maintain, and I trust them to maintain a portable version of Kubernetes,” Fauser said. “Some upstream Kubernetes APIs come and go, but Red Hat’s approach offers stability.”

Docker containers and Kubernetes are de facto standards that span container environments and provide portability, regardless of which vendor’s Kubernetes implementation is in place, said Surya Suravarapu, assistant vice president of product development for Change Healthcare, a healthcare information technology company in Nashville, Tenn., that spun out of McKesson in March 2017.

Suravarapu declined to specify which vendor’s container orchestration tools the company uses, but said Change Healthcare uses multiple third-party Kubernetes tools and plans to put containers into production this quarter.

“Multi-tenancy support and a DevOps platform on top of Kubernetes were what made us want to go with third-party vendors,” Suravarapu said. “The focus is on productivity improvements for our IT teams, where built-in tooling converts code to container images with the click of a button or one CLI [command-line interface] line, and compliance and security policies are available to all product teams.”

A standard way to manage containers in Kubernetes offers enough consistency between environments to improve operational efficiency, while portability between on-premises, public cloud and customer environments is a longer-term goal, Suravarapu said.

“We’re a healthcare IT company,” he added. “We can’t just go with a raw tool without 24/7 enterprise-level support.”

Still, Amadeus’s Fauser acknowledged there’s risk to trust one vendor’s Kubernetes implementation, especially when that implementation is one of the more popular market options.

“Red Hat wants to own the whole ecosystem, so there’s the danger that they could limit other companies’ access to providing plug-ins for their platform,” he said.

That hasn’t happened, but the risk exists, Fauser said.

Ribbon Communications boosts UCaaS portfolio with Edgewater buy

Ribbon Communications said it will acquire network edge orchestration provider Edgewater Networks for $110 million to expand its unified communications portfolio and enter the software-defined WAN market.

The acquisition offers Ribbon Communications, based in Westford, Mass., the opportunity to expand its service offerings, especially for its UC-as-a-service (UCaaS) provider partners, according to Irwin Lazar, analyst at Nemertes Research, based in Mokena, Ill.

“The Edgewater portfolio brings in a wide range of edge devices that enables UCaaS providers to monitor performance quality for voice and video services,” he said. Edgewater Networks, based in San Jose, Calif., has more than 635,000 actively deployed edge devices and more than 20 million connected endpoints, according to Ribbon.

Edgewater Networks provides service assurance, security and analytics tools for unified communications and software-defined WAN (SD-WAN) through a hybrid cloud or edge model. Its customers include communications service providers, managed services providers, and small and midsize enterprises.

Managing UC performance at remote offices

With the acquisition, Ribbon Communications will expand its UC portfolio with end-to-end service assurance and analytics for its Kandy UCaaS offering, as well as voice and data intelligence capabilities in its Ribbon Protect UC security offering.

Ribbon’s UCaaS offering is based on its Kandy embedded communications platform, and it uses Kandy’s APIs to provide voice, video and contact center capabilities. Ribbon Protect UC provides end-to-end security of the communications network to mitigate threats, such as toll fraud and telephony denial-of-service attacks.

The combined portfolio of Ribbon and Edgewater will expand Ribbon’s Skype for Business and Microsoft Teams offerings. Edgewater Networks’ services have been used in a number of Skype of Business deployments as remote survivable gateways, Lazar said.

“Blending the two companies provides a broader range of devices for both enterprises and service providers to manage UC performance at remote offices,” he said.

The combined portfolio helps Ribbon Communications toward its goal of expanding its global reach and entering new markets. Acquiring Edgewater Networks gives Ribbon entry to the SD-WAN market, Patrick Joggerst, chief marketing officer and executive vice president of business development at Ribbon, wrote in a blog post. Edgewater’s SD-WAN offering targets small and midsize organizations, but the acquisition will allow Edgewater to target larger enterprises and expand outside North America, he said.

The acquisition comes nearly eight months after real-time communications provider Genband and session border controller and UC security provider Sonus merged and rebranded under the Ribbon Communications name. The Edgewater acquisition is expected to close in the third quarter and highlights the ongoing vendor consolidation swirling around the UC market.

Container orchestration systems at risk by being web-accessible

Researchers found more than 21,000 container orchestration systems are at risk simply because they are accessible via the web.

Security researchers from Lacework, a cloud security vendor based in Mountain View, Calif., searched for popular container orchestration systems, like Kubernetes, Docker Swarm, Mesosphere and OpenShift, and they found tens of thousands of administrator dashboards were accessible on the internet. According to Lacework’s report, this exposure alone could leave organizations at risk because of the “potential for attack points caused by poorly configured resources, lack of credentials and the use of nonsecure protocols.”

“There are typically two critical pieces to managing these systems. First is a web UI and associated APIs. Secondly, an administrator dashboard and API are popular because they allow users to essentially run all aspects of a container cluster from a single interface,” Lacework’s researchers wrote in its report. “Access to the dashboard gives you top-level access to all aspects of administration for the cluster it is assigned to manage, [including] managing applications, containers, starting workloads, adding and modifying applications, and setting key security controls.”

Dan Hubbard, chief security architect at Lacework, said these cloud container orchestration systems represent a significant change from traditional security.

“In the old data center days, it was easy to set policy around who could access admin consoles, as you would simply limit it to your corporate network and trusted areas. The cloud, combined with our need to work from anywhere, changes this dramatically, and there are certainly use cases to allow remote administration over the internet,” Hubbard said via email. “That said, it should be done in a secure way. Extra security measures like multifactor authentication, enforced SSL, [role-based access controls], a proxy in front of the server to limit access or a ‘jump server’ are all ways to do this. This is something that security needs to be aware of.”

Lacework reported that more than 300 of the exposed container orchestration systems’ dashboards did not have credentials implemented to limit access, and “38 servers running healthz [web application health and security checker] live on the Internet with no authentication whatsoever were discovered.”

Hubbard added that “these sites had security weaknesses that could have enabled hackers to either attack directly these nodes or provide hackers with information that would allow them to attack more easily the company owning these nodes.” 

However, despite warning of potential risks to these container orchestration systems, Hubbard and Lacework could not expand on specific threats facing any of the nearly 22,000 accessible dashboards described in the report.

“Technically, they are all connected to the internet and their ports are open, so attackers can gain privileged access or discover information about the target,” Hubbard said. “With respect to flaws, we did not perform any password cracking or dictionary attacks against the machines or vulnerability scans. However, we did notice that a lot of the machines had other services open besides the container orchestration, and that certainly increases the attack surface.”

Docker with Kubernetes forges new container standard

The comingling of the two main competitors in container orchestration should bring IT shops a greater stability and consistency in container infrastructures over time.

Docker with Kubernetes will appear in the next versions of Docker Enterprise Edition and Community Edition, expected to be generally available in 1Q18, according to the company. This comes on the heels of support for Kubernetes in recent products from Mesosphere, Rancher and Cloud Foundry — an industry embrace that affirms Kubernetes as the standard for container orchestration, and expands choices available to enterprise IT organizations as containers go into production.

Kubernetes and Docker rose to popularity simultaneously and were always closely associated. However, they emerged independently, and changes to one would sometimes break the other. With Docker and Kubernetes formally aligned under the Cloud Native Computing Foundation, developers can more closely coordinate alterations and therefore likely eliminate such hitches.

“It has not always been a given that Kubernetes was going to work with Docker,” said Gary Chen, an analyst at IDC. “People who want Docker from the source and Kubernetes along with that can now get that integration from a single vendor.”

Docker with Kubernetes is a declaration of victory for Kubernetes, but it’s also a big change for the IT industry with a standard for orchestration in addition to the standard OCI runtime and format.

Gary Chen, analyst, IDCGary Chen

“It’s not something we ever had with servers or virtual machines,” Chen said. “This brings industry standardization to a whole new level.”

Container management vendors will seek new differentiations outside of raw orchestration, and enterprise IT users can evaluate new tools and consider new possibilities for multicloud interoperability.

Docker brings support for modernizing traditional enterprise apps, while Kubernetes is still favored for newer, stateless distributed applications. Their convergence will strengthen orchestration that spans enterprise IT operating systems and different types of cloud infrastructure, said E.T. Cook, chief advocate at Dallas-based consulting firm Etc.io.

“Unified tooling that can orchestrate across all of the different platforms offers enterprises a massive advantage,” he said.

Being able to bridge private data centers, public clouds, and Docker Swarm and Kubernetes orchestrators will make deploying the software that runs on those things easier.
Peter Nealonsolutions architect, Runkeeper

Container portability will also take on new flexibility and depth with increased compatibility between Docker and Kubernetes, said Peter Nealon, a solutions architect at Runkeeper, a mobile running app owned by ASICS, the Japanese athletic equipment retailer.

“Being able to bridge private data centers, public clouds, and Docker Swarm and Kubernetes orchestrators will make deploying the software that runs on those things easier,” Nealon said. “It will also be easier to provide the security and performance that apps need.”

The rich get richer with Docker and Kubernetes

Docker remains committed to its Swarm container orchestrator. But with heavy momentum on the Kubernetes side, some IT pros are concerned whether the market will sustain a healthy, long-term competition.

“I’m sure some folks will not like to see Kubernetes get another win, wanting choices,” said Michael Bishop, CTO at Alpha Vertex, a New York-based fintech startup, which uses Kubernetes. “But I’ll be happy to see even more developers [from Docker] working away at making it even more powerful.”

Meanwhile, enterprise IT consultants said their clients at large companies rarely mention Swarm.

“I personally have never seen anyone run Swarm in a production cluster,” said Enrico Bartz, system engineer at SVA in Hamburg, Germany.

Some SVA clients will consider Docker Enterprise Edition support for Kubernetes as it may offer a more streamlined and familiar developer interface and be easier to install and configure than Kubernetes alone, Bartz said. But Docker still faces stiff competition from other products, such as Red Hat OpenShift, which already makes Kubernetes easier to use for enterprise IT.

Some industry watchers also wonder if Docker with Kubernetes might be too late to preserve Docker Inc., and Swarm with it, in the long run.

“Two years ago or even a year ago there was more differentiation for Docker in terms of the security and networking features it could offer beyond Kubernetes,” said Chris Riley, director of solutions architecture at cPrime Inc., a consulting firm in Foster City, Calif., that focuses on Agile software development. “But the recent releases of Kubernetes have made up those gaps, and it’s closing the gaps in stateful application management.”

Amazon also waits in the wings with its own forthcoming Kubernetes as a service alternative, which users hope to see unveiled at the AWS Re:Invent conference next month. Some enterprise shops won’t evaluate Docker with Kubernetes until they see what Amazon can offer as a managed public cloud service.

“If there’s no AWS announcement that hugely expands the feature set around [the EC2 Container Service], it will open up a whole set of discussions around whether we deploy Kubernetes or Docker Swarm in the cloud, or consider other cloud providers,” Runkeeper’s Nealon said. “Our discussion has been focused on what container orchestration platform we will consume as a cloud service.”

Beth Pariseau is senior news writer for TechTarget’s Data Center and Virtualization Media Group. Write to her at [email protected] or follow @PariseauTT on Twitter.

Rancher’s Kubernetes strategy relieves container complexity

Rancher Kubernetes support will be its default approach to container orchestration for customers, and it’s another sign that enterprises have picked a winner in this emerging field.

As of Rancher 2.0, released this week, all of its customers will be Kubernetes users from the moment they install the company’s container management software. Rancher has previously supported other container orchestration tools, including its own Cattle product, but will prioritize Kubernetes in the future.

“Kubernetes will be a fundamental part of the enterprise IT infrastructure, and companies like us have to keep adapting to stay in the game,” said Sheng Liang, the company’s co-founder and CEO. “It could bring vendors together to define a standard infrastructure platform for the industry.”

Rancher’s Kubernetes decision was made possible by features added in Kubernetes 1.6, such as more flexible role-based access control, Liang said. Kubernetes 1.6 allows for impersonation, which means Rancher can smooth the way for hybrid cloud deployments of Kubernetes with Active Directory support for Google’s Container Engine (GKE). Previously, hybrid cloud environments that used GKE would require every user to have a Google credential in addition to whatever user authentication program the company uses on premises, such as Active Directory or LDAP.

Rancher 2.0 can also centralize management for multiple container clusters that use different versions and distributions of Kubernetes. IT administrators can import clusters into Rancher without the need to rebuild them or pool them through Kubernetes Cluster Federation, Liang said.

Rancher’s Kubernetes choice wins customer approval

Rancher users support the company’s new direction, and in their eyes Kubernetes has captured the lead in container orchestration.

At Sling TV, a subsidiary of Dish Network, Rancher with Kubernetes support won a bake-off in May 2016 against Pivotal Cloud Foundry, Docker Datacenter and Mesosphere DC/OS. At the time, Kubernetes was the most mature and affordable of the container orchestration platforms, said Brad Linder, DevOps and big data evangelist at Dish Technologies, the IT arm of Dish Networks in Englewood, Colo.

“Each of the other systems had a deficiency of some sort: Pivotal Cloud Foundry was pricey, and at the time Docker Datacenter had issues with routing traffic to containers before they became available,” Linder said. “DC/OS seemed better suited to larger clusters with thousands of nodes, not the kind of deployments we were looking for.”

Docker has since shored up traffic routing in clusters with the swarm mode routing mesh it added to Docker Datacenter with version 1.12 in November 2016, but Linder’s team was also drawn to Kubernetes by the tools that had already been built around it, including Rancher. Even then, he said, it was clear Kubernetes would be broadly supported, and that could pay portability dividends down the road.

“I’m trying not to hitch my wagon to any one vendor as we build out our approach to cloud services,” Linder said. “I don’t want to have to commit to any of them.”

With vanilla Kubernetes under the hood on his selected tools, Linder won’t be bound to one cloud computing vendor.

Rancher has been essential for Dish to roll out container clusters, Linder said. The company plans to launch its first production cluster — a new push notification app deployment for Sling TV — by the end of the year, and Rancher will support the whole stack.

“There have been times they’ve helped us troubleshoot network and VM issues, and helped us come up to speed with containers generally,” he said.

Kubernetes installation is actually the easy part. We’ve had some head-scratching moments with logging distributed microservices and solving the complexity of container networking.
Brad LinderDevOps and big data evangelist, Dish Technologies

Rancher makes Kubernetes setup easier with a UI that helps admins interpret the “YAML files everywhere” that are a part of upstream Kubernetes installations, Linder said. Rancher has also helped with connected tools, such as the open source Prometheus monitoring utility and virtual network overlays.

“Kubernetes installation is actually the easy part,” Linder said. “We’ve had some head-scratching moments with logging distributed microservices and solving the complexity of container networking.”

Rancher 2.0 adds further refinements that will help with container management, such as a new integration with continuous integration and continuous deployment tool Jenkins that smooths the connection between CI/CD pipelines and Kubernetes, Linder said.

Kubernetes integration strategy reflects growing trend

Rancher’s Kubernetes alliance continues a year of momentum growth for the Google-backed container orchestration platform. Big IT vendors, including Amazon Web Services, Microsoft and Oracle, joined the Cloud Native Computing Foundation in the summer of 2017 to help govern Kubernetes development. Erstwhile Kubernetes rival Mesosphere rolled out Kubernetes support in version 1.10 of its DC/OS software earlier this month, and mid-September configuration management player Puppet acquired Distelli, which bases its container management software product on Kubernetes as well.

These changes indicate Kubernetes has become “the clear and outright leader” in container management and orchestration platforms, said Jay Lyman, an analyst at 451 Research in New York. Several dozen vendors support Kubernetes for container orchestration, while only about a dozen each back Docker swarm mode and Apache Mesos, he said.

“IT organizations almost have to have Kubernetes on their radar and a strategy around it,” Lyman said. “Apprehension about its complexity had been an impediment to its growth, but the excitement is greater than that apprehension at this point.”

Rancher and Kubernetes show that while upstream Kubernetes remains complex, there’s no shortage of partners willing to offer management features to mitigate that issue, Lyman said.

Beth Pariseau is senior news writer for TechTarget’s Data Center and Virtualization Media Group. Write to her at [email protected] or follow @PariseauTT on Twitter.