Kubernetes at Optimal Value

Kubernetes At Optimal Value

On Thursday November 10th I was fortunate to be able to join the “Kubernetes at Optimal Value” event hosted by our dear friends at Fullstaq. The venue for this fully staq’ed day with Kubernetes ins-and-outs was Landgoed De Horst in Driebergen-Rijsenburg, which is as gorgeous as the name, but definitely a challenge to reach on the busy Dutch Thursdays. The travel was well worth it though: all of us, from techies to big decision makers, were heartily welcomed at the location and the overall vibe was excellent. Not too crowded, just right.

For myself it was some time ago I visited an offline event like this, so I was excited to meet and connect with people in a live setting for a change. A bonus was the opportunity to get a professional headshot taken by a photographer on-site, which a lot of people did.

The welcome and kick-off were done by Gerrit Tamboer from Fullstaq and after a high-level introduction on containers and K8S for the noobs it was time to dive into the fun stuff. The overall goal of the event was to provide a basic understanding of elements which can bring your K8S implementation into a state in which can drive business value. Several experienced vendors were present to enlighten us on topics like observability, security, backup & restore solutions, CI/CD and K8S manageability.

First off was Neil Pearson from LogicMonitor. His company provides a cloud based monitor platform which focusses on unified observability and addresses challenges around limited visibility, too many data & noise and performance. The SaaS solution provides a single pane of glass in K8S environments and targets anomalies instead of ALL logs and events. This off course only works if all logs, traces, metrics etc. are in one place for aggregation and analysis and things are automated, and guess what, this is exactly what the platform does. It allows you to ask questions about the state of apps and systems and address the cause of issues, that’s what observability is all about right. Great start of the day, more information on the LogicMonitor platform can be found here.

After the first coffee break it was time for some eBPF-based networking, security, and observability with Batu Uslu from Isovalent. This presentation was full of energy and fast paced and addressed many of challenges enterprises have with respect to observability in hyperscaled K8S environments. Isovalent uses the open source based product Cilium for enterprise-grade eBPF-powered networking, observability, and security. General insights were provided and I was impressed by the fact that Cilium uses its own CNI and replaces the kube proxy. Wonder how this would work with e.g. OpenStack though. Lot’s of information to digest, more information can be found here.

Next up was Steven de Boer from Palo Alto with a presentation around Prisma Cloud, a cloud native security solution for multicloud and hybrid environments.

The common thread in Steven’s story was code to cloud security and the challenges and risks every stage in application development and deployment brings throughout the Development and Build phase: usage of insecure IaC, exposed secrets and misconfigs in public cloud environments. During deployment: malicious images, image poisoning and insecure CI/CD pipelines and during Run, malware, crypto jacking, data exfiltration, malicious web attacks and overly permissive access… Public cloud is a scary place indeed. You can bet that if you expose your API’s publicly, they will be under attack.

Protecting yourself can no longer be done with point solutions because of the huge amount of resources it would require, alert fatigue kicks in and correlations are missing. This is where Prisma Cloud comes into play, which provides a cloud native application protection platform, integrating with various development tools, providing immediate feedback and continuous real-time visibility in any cloud, any service, any workload. Security at scale, as Prisma Cloud currently protects around 1.5 billion assets and millions of workloads in the cloud. Very impressive stuff, more information can be found here. The takeaway from this excellent presentation was: “Are you ready for the next Log4J?”.

After a well-deserved lunch break it was time for further K8S management with Raymon Epping from Kasten by Veeam. Kasten provides a full cloud native data management solution with complete application capture functionality within K8S clusters using snapshots. Their K10 products is positioned as a rich featured K8S backup product which integrates with all well-known K8S distributions and supports various storage infrastructure and (security) tools. Installation should be simple and as the focus is really on applications an excellent use case for this solution is off course application mobility. More information can be found here.

Next up were Jeroen Overmaat and Kevin Reeuwijk from Spectro Cloud with an excellent presentation on how to manage the full Kubernetes stack across multi-cloud and beyond.

Spectro Cloud addresses the challenges large enterprises have with hyperscale K8S environments with their product “Palette”. Palette provides a single platform for managing all your K8S clusters, from single- to multi-cluster and multi-distro environments. Palette is non-descriptive and uses desired state and cluster profiles for deploying K8S clusters. From a deployment and management perspective, this product looked impressive and promising. Also, it was nice to see and actual live demo, nicely presented by Kevin. For more information check out Spectro Cloud’s website here.

After another coffee break it was time for the last presentation of the day by no other than Fabian Met from Fullstaq. This was an excellent energizer at the end of the day as Fabian is a lot of fun to listen to. Fabian provided a high level overview of software delivery options with K8S and covered most of the yaml-producing products out there: from manually typing flat yaml using kubectl to tools like Helm and the template-free Kostomize.io. The evolution is clearly moving from manual and pipelines to a more GitOps approach using e.g. Argo CD.

After a quick summary of the day by Gerrit Tamboer, it was time for me to wrap-up, gather thoughts and mingle with the people present while enjoying some drinks and food.
I can look back at an excellent event packed with relevant information for small to large enterprises which are staring, or have already started, their K8S journey. With environments reaching hyperscale, observability and manageability solutions which do not just introduce new complexity and problems are key. From what I have seen today I am impressed about the state of things and am greatly looking forward to the next Fullstaq event to learn even more. A warm thanks to all the people involved in organizing this great event, and all presenters who were willing to share their knowledge and insights. Hope to see you next time!