Kubernetes is not the point
bettyjunod.comI read the whole thing and I'm not sure I understand what IS the point except that things are too complex? A whole lot of words for not a lot of content.
Fear of complexity is the number one reason why many "simple" homebrew solutions were born to solve simple problems at time, from what I observed in recent years across a few companies I worked for. The hard truth is, fewer simple things can stay simple while continue being useful in the long run.
The value I get from Kubernetes, is the API platform that allows my system to organically become more complex overtime, but hopefully in an organized way.
Yeah, the way I read it, it boils down to "I worked on Docker. Kubernetes is great but too complex for developers to actually use." Which yes, is something that everyone who isn't fooling themselves has been saying since its inception. I've been managing on prem kubernetes clusters for the better part of a decade, a lot of it makes sense to me now, but was absolutely painful to learn. In my opinion the article would be better if it had a clear goal for the future, but I couldn't find one.
Disclosure I work for a company, Noop [1], which is the picture of the steak.
As someone working on the marketing side of the endeavor, I see the shift the author describes. there are a handful of PaaS companies picking up where Heroku left off and in the enterprise world devops is evolving toward "platform engineering". Platform engineering suffers from being poorly defined, but there appears to be growing demand within large enterprises for something like internal-heroku. But there's still a problem.
To me, the problem is not kubernetes. The problem is that tooling has become so specialized that the focus of work has become integration between tools. And that cumulative integration work complicates the operational responsibilities of software developers. Even if you have a dedicated devops team, the complexity of those integrations flows down to developers in the form of different systems for logging, monitoring, firewall, cdn, ci/cd, secrets, etc.
My take is DevOps and SRE didn't take off how big companies thought they would and the outcome is platform engineering which used to be more a combination of infrastructure engineering and sysadmin roles
Noop actually looks cool, I’ll give it a spin sometime. I’m using Fly.io for all my stuff at the moment but recognize at some point my infra my outgrow it…
Kubernetes is a generalized solution to the problem - hence the complexity. Tools such as Docker Swarm were tailor fit to solve a particular application deployment and scaling problem - hence the simplicity.
I haven't looked in a while, but I recall at one time there being a utility that could take a Docker Swarm yaml and convert it to Kubernetes - Kompose? Has that matured into something useful?
On the subject of Kompose, frankly, I think a person looking to get into Kubernetes either knows how to convert what is essentially a docker-compose file to kubernetes manifests themselves, or they're going to struggle working with kubernetes to the point that no amount of "this is how you convert to this" tooling will save them. At the end of the day, you're working on kubernetes, so you need to know how to work with kubernetes. That might come off as gatekeeping to some, but it is an honest estimation of how much effort goes into productionizing workloads for kubernetes.
That's fair. It's usually worthwhile to suck it up and learn the basics of what it is you need to do.
Exactly. And I did a poor job of mentioning this in my previous message. But that perspective comes from trying to rely on Kompose to migrate my apps over to Kubernetes for me, and then falling utterly short in every aspect that makes Kubernetes inherently more powerful but also more complex than Swarm, such as in the domains of networking and storage. I ended up having to circle back to Kubernetes learning courses on Udemy, setting up a playground, making tons of mistakes, and accidentally becoming more proficient in Kubernetes than I had anticipated, just to get decent at deploying things to Kubernetes. And to be quite honest, I'm still learning about 6 years later. Lately less about storage and networking, and more with securing my workloads using securityContexts, runtime image scanners, etc etc. I'm at a point where I've written my own and helped contribute to Kubernetes operators, but I'm still learning how to effectively use all the tools Kubernetes gives you. So this took a bit of a tangent from the topic of Kompose, but it's all to basically say, "you'd be doing yourself a disservice to blindly rely on Kompose to get you into Kubernetes." In my opinion, of course.
Yeah exactly.
There is no good solution here as in order to have a SIMPLE platform, you need to really reduce the amount of use-case you support to a couple options only. The reality is that every single company I have worked for has a ton of different services with different requirements. Those choices end up being reflected on the platform that now needs to be able to run all of them. If you have a single simple use-case then you should just run that simple use-case on a boring EC2 instance with a boring dockerd and a boring NLB in front (as an example) but the reality is that this is almost never the case.
If you have a lot of different workloads to run at scale there is no better tool than Kubernetes. The complexity comes from its power to run almost anything you want
1. Developers want to deploy their apps easily, 2. The default is to use containers, but that's only a part, 3. Because of containers, k8s got very popular, 4. But for developers, it doesn't really matter what the underlying tehc is, it could be k8s, it could be k8s, it could be anything as long as it works smoothly, 5. that's called IDP or PE now, but it's similar to what Heroku offered years ago
The point was that too many firms focus on Kubernetes as a thing in and of itself instead of focusing on app development.
From a business perspective it can, and most of the time does, benefit an organization to outsource app deployment.
I’ve seen first-hand organizations that have gigantic teams of DevOps working endlessly on perfecting these systems, all the while taking teeth pulled for an app developer to get a new container deployed.
It's possible that those platform engineers did a poor job exposing kubernetes to the developers, in the anecdotes you've mentioned. But there is a LOT more being instrumented in an effective deployment platform than just deploying an app somewhere. Centralized logging and metric aggregation and then visualization of those is an important aspect to any platform for app deployments that get overlooked by many naive developers. Deploying a service to some PaaS site is great until you need to extract any runtime information out of it, if it doesn't also instrument those features, which I've been a consumer of many of them that don't really do that at all. And then performant and reliable shared cluster storage is another animal altogether in on premise kubernetes clusters in particular. So far my best experience in that area has been with Ceph, which is like learning a completely different distributed system with its own complexities.
The app developer doesn't see it, but behind every decent app deployment in kubernetes, there are millions of hours of expertise in running distributed applications reliably. And the simpler deployment platforms do a good job of abstracting some of this, but from what I've seen nobody does all of that exceptionally well, and if they did, they could probably be able to charge whatever they wanted to people wanting to use it.
When webmail (Gmail, Hotmail, etc) first came out, one objection I remember is that it was a bad idea, because it meant you couldn't get at your email if the service went down. How foolish of you to rely on someone else to keep their website up 100% of the time. That thinking passed as expertise in keeping systems up became its own branch of software engineering. So we forget that it's very possible to do a bad job of keeping a website up. some of the platform engineering work isn't just for show, it turns out.
You need about 10% of that functionality to reliably and profitably sell screen real estate to advertisers.
Kubernetes isn't the platform. It's an extremely complex platform that enables better (meaning "more purpose built and friendlier to use") platforms to be built on top of it. Kubernetes is a big box of tools. You can either hire people that know how to use the tools for you, or use a solution where someone else picked out all the tools in the box you needed and made simpler and more opinionated interfaces for them.
Of course, in the latter case, you might end up in the predicament where the solution's creators had different opinions than you. And then you either live with the disagreement, or circle back to hiring people that know how to use the complex big box of tools.
Kubernetes is a very capable and versatile system to build a platform on top of it.
Other articles have zeroed in on the missing piece: that unusual intersection of a product mindset with infrastructure expertise.
Without that product mindset, "platform" is just another word for "kubernetes". It's there because it is the popular thing to do or because no one gets fired for implementing it
The major problem is the lack of individual domain knowledge on the underlying server techs that run simple to complex workloads. We have abstracted away a lot of that with APIs and YAMLs so developers don't need to know the inner-workings of Linux, Networking, and Storage. This is a huge negative when things go wrong and there are hundreds of tools that we have access to which makes things insanely complicated if not used correctly.
A lot of developers will throw compute resources at problems rather than solving within their code. I get it, that is the faster route in almost every case. They won't get hired or promoted if they don't use the current "new hottness" in our industry. This leads to insane cloud spend and super complex deployment setups.
Businesses and VC have been trying to obsolete the sysadmin role on the team for over 15 years now. They shove this responsibility onto developers and expect them to get paid to effectively two jobs for the price of one. We are simply overloaded with work and not having to deal with getting your code into production is something that some developers don't want to own and want an easy button to press to do this job. This is what is driving the want for a "Platform Experience". All of us in the tech community are paying the price with more work responsibilities and higher expectations from the C suite to deliver features faster.
I am all for making Ops more easier for everyone on the engineering team to consume but, not at the complexity price we are currently paying.
I don't agree exactly. The standardization in Kubernetes has brought calm to the chaos. Having controllers which act as the public interfaces for additional capability in ways that can integrate with other controllers cleanly is transformational. I have vendors supporting the interfaces that Kubernetes has defined which commoditizes the vendor, which is exactly what I want in a platform. I am not locked into a vendor because they are using these generic, interchangeable interfaces.
> I am not locked into a vendor because
I see this often mentioned in the context of k8s and find it baffling that it gets repeated. K8s is simply swapping a form of lock in, to the abstract layer.
K8s does have a lot of open interfaces like CRI, CNI, CSI that can & are used in other solutions like Hashicorp Nomad.
The core/control plane components aren't interchangeable but a lot of the "userland" can be swapped around (I have cri-o, Calico, and a homemade CSI on libvirt VMs at home and it runs workloads the same as containerd, AWS VPC CNI, EBS CSI at work)
However, it's not open in the way there's a drop in replacement
Serious question: If everyone ultimately wants the usability of Heroku - which I can believe - why didn't Cloud Foundry take off?
Am I (and Betty Junod, and Seth Vargo) wrong about the desirability of Heroku's interface? Was Cloud Foundry far worse than Kubernetes, or did it just not get traction?
I admit that's a pretty loaded question, so I should give context: I dealt with Cloud Foundry from the user side, not the admin side. This was around 2016, and I had very little exposure to what else was going on with it. But I was impressed that they some key elements of Heroku-style PaaS seemingly working fine.
So if it was far harder to get going than Kubernetes, that's a good explanation. But I'm guessing there's much more to it than that.
Afaik cluster administration is pretty complicated. They had a pretty big internal deploy at JP Morgan Chase and I was under the impression other Fortune 50s had internal deployments but it takes a dedicated team to run.
I think nowadays building on top of Kubernetes has completely eclipsed the CF stack. There's a buildpacks CNCF incubator and you can get k8s pretty close with different tools/abstractions.
Google App Engine was ahead of its time, but it's still quite a successful product. I think it didn't get traction back then because it was too different from the status quo for developers to want to invest in it. The other thing is vendor lock-in and costs. If you're all in on Heroku (or AWS or GCP or...) you have no recourse if they decide to raise prices on you. Even though that's never really happened other than the ipv4 AWS thing for developers, (ie DocuSign doesn't count) the mere possibility that you could get hosed by your vendor scared enough people off that it failed to get the traction it deserved, imo.
> If everyone ultimately wants the usability of Heroku - which I can believe - why didn't Cloud Foundry take off?
Cloud Foundry isn't like Heroku, it's more like "build your own AWS" or maybe "build against this shim layer so you can make a credible threat to migrate when your cloud provider jacks up their prices".
The target audience isn't application developers, it's CTOs and CFOs.
I mean.. from the user side (aka the developers deploying applications within the org) Cloud Foundry was a lot like Heroku. I think the Buildpack concept (incepted at Heroku) was picked up by the Cloud Foundry Foundation and developed in lockstep with Heroku. For a while there was a lot of pollination between both projects.
The reason IMO that Cloud Foundry didn't catch on is that from the admin side, deployment of vanilla CF was a nightmare, and maintenance could be challenging.
You could pay for an Cloud Foundry distribution with guardrails, but that ended up being $$$ and still required having employees with systems/ops knowledge if you weren't just deploying to the cloud provider du jour anyway.
I think CF had its golden years before k8s really started to catch on. Then there was a push by a lot of companies to bring CF to k8s (I was working at one such company as it went from the Cloud Foundry Distribution -> Cloud Foundry Distribution on K8s journey). I think these could have caught on if someone could have made it work in a truly seamless way, but unfortunately all the abstractions for bridging CF concepts to a K8s world developed in pursuit of this goal ended up being leaky, and requiring your customers to have CF domain knowledge atop K8s domain knowledge to successfully deploy and maintain their in-house CF, which proved to be too tall an order.
Unfortunately, CF seems to have fallen by the wayside now (though I'm sure there will still be companies running it for 20 years if their needs don't outgrow the capabilities of their mostly-working deployments) and AFAIK nothing has really taken its place.
I haven't had the opportunity to try this yet, but Kubevela (https://www.cncf.io/projects/kubevela/) looks like it could be the closest thing to a modernized CF-like experience on top of K8s that should (hopefully) be more sensible to deploy and manage. Would really love to hear thoughts from people who have used both though.
Not sure if "Kubernetes is too complicated" is much of a constructive statement. The last paragraph was the main takeaway: product should justify the platform rather than the other way around. PaaS tools like Heroku and Render are simply a nice facade for the underlying K8S infra. Developers SHOULD make infra a part of their job if they are building anything that will reach eyes other than their own.
Kubernetes is a nightmare. What's the IaaC version of a Turing Tarpit?
I wish Hashicorp would release Nomad under a better license. It's a superior system in every way except mindshare.