I just finished a week in beautiful rainy Seattle, where I had the opportunity to attend my 3rd KubeCon + CloudNativeCon. What I am always amazed at when attending these events, is how strong the Open Source software domain is. If there is an idea on how to do something better, you can bet there are a few teams who have created projects to tackle it. With 8,000 users in attendance, 70+ vendors, and just as many incubating projects to discuss, there was a flood of ideas, information and community.
One of the big topics this year seemed to be “observability”. Whether through service-mesh, transaction tracing, metrics collection, security scanning or log monitoring, the ability to unravel the chaos is paramount. Acknowledging the fact that as we abstract the applications further away from the infrastructure on which they are deployed, we lose the visibility into the inner workings and impacts of said infrastructure. The complexities that are introduced by Kubernetes are not purely technological challenges. Organizations that have begun to embrace such projects may not have embraced the necessary methodologies around using them at enterprise scale. In either case, the challenges are real and require a level of maturity not yet seen in the open source projects, though the efforts have been impressive.
Competition in the community is just as vibrant as in the free market. While LinkerD and Conduit fight their sibling rivalry for parental favoritism, only one is an accepted CNCF project. The real star this year appears to not be a CNCF project at all, yet is a fundamental component powering the Envoy fabric. Istio has been embraced by a number of the larger Kubernetes distributions including Google and Red Hat to provide service mesh control as well as distributed tracing through the use of Jaeger.
What makes the community interesting is that none of these projects are conceding victory as opinions and a lack of economic boundaries enable each project to sink or swim on its own merits. While this is great for innovation and egos, it creates confusion in the marketplace. Which group of projects are right for my organization? Will they continue to be supported by the community? Lucky for you, the open source community allows for free choice and all the risk associated with your decision. If you are still uncomfortable, as many enterprises are, vendors can help make these decisions for you and there were plenty to talk to at this show.
As of this latest KubeCon, 3 projects have graduated to sustainable maturity with another 30+ waiting in the wings to gain enough momentum to join the likes of Kubernetes, Envoy and Prometheus. Just because these are mature “projects” does not mean they are enterprise class “products” and Open Source is only free if you don’t value the time of your engineers. Each still requires significant configuration and expertise to utilize efficiently, effectively and securely. In light of this, organizations like Red Hat, Google, and even small players like Containership, offer curated versions of the Kubenetes project and associated toolsets. In total, there are 78 Certified distributions and platforms of Kubernetes. The maturity as it happens is not only measured in the code base acceptance of the community but also in the ecosystem of vendors that can continue to provide support and guidance.
So where does observability sit in this mashup of open source projects, infrastructure abstractions and vendors? Service meshes provide visibility and control over the service-to-service communication layers using sidecar proxies like Envoy but also distributed tracing through one of the two accepted projects in the CNCF: OpenTracing and Jaeger. This is only a small view of the microservice application data which can be expanded further with manual configuration and customization.
In addition to service meshes, there are a number of other CNCF projects aimed at exposing data about your platforms and applications. With so many options to choose from, one could imagine that these are each individual world views with little cross-domain integration. In some cases, Kubernetes platform vendors provide them fully packaged into their offerings such as Red Hat OpenShift which includes Istio, Prometheus, Grafana and Alert Manager. This makes it a bit easier to troubleshoot in a homogenous environment. With other providers, such as Google, it is a free-for-all model utilizing Prometheus for a metrics collection framework, Istio for tracing and Stackdriver for logging. There are a number of ways to implement these various frameworks individually on your own but beware, many have found it challenging at scale to make sense of all the data. Just because you are collecting it doesn’t mean it is actionable.
Very few Enterprises are cloud-first and therefore unable to integrate a service mesh such as Istio into their existing landscape leaving them with fractures in their visibility. Looking deeper into applications and monitoring, many eager open-sourcers believe that code instrumentation, a service mesh with distributed tracing, a collection of Grafana charts, Logstash, and Prometheus metrics will have them covered in any circumstance. I am sure they will be busy sifting through data and silencing alerts, but unlikely to be successful supporting their applications dynamically at scale.
There is a place for Open Source and I commend the CNCF for running yet another excellent conference where projects can showcase their niche. The rest of us have to return to our enterprises and enterprise customers and figure out how to operationalize all of these great ideas into actionable and reliable solutions to empower success. When it comes to Obeservability, the easier it is to get actionable information in such complex and multi-faceted architectures the more likely we are to succeed.
I look forward to observing next year’s crop of ideas.