Microsoft Highlights Emerging Kubernetes Scalability and Governance Efforts
Microsoft this week highlighted some emerging efforts to improve both the scalability and governance of the open source Kubernetes container orchestration service.
Containers are an operating system virtualization approach championed by Docker that typically get used with hosted applications, with the main benefit being that app version conflicts are avoided. Google's Kubernetes service can be used to manage those containers on clusters of servers. Microsoft, for its part, has gotten behind both of those efforts with its commercial Azure public cloud services, backing various open source efforts along the way.
Project Osiris for Scalability
One emerging open source effort highlighted by Microsoft regarding Kubernetes' scalability aspects is Project Osiris. It's an experimental project that promises to scale Kubernetes workloads to zero when there's no inbound requests to use a containerized application, potentially saving on hosted resource-use costs. At present, scaling Kubernetes workloads to zero can result in services not being available, but Project Osiris adds an endpoints controller to address that situation.
Project Osiris is designed to work with the native Horizontal Pod Autoscaler in Kubernetes. It isn't conceived as a replacement for Autoscaler. However, one big limitation of Project Osiris right now is that it doesn't work with a couple of technologies Microsoft has been championing for it. Here's the GitHub project's explanation in that regard:
It is a specific goal of Osiris to enable greater resource efficiency within Kubernetes clusters, in general, but especially with respect to "nodeless" Kubernetes options such as Virtual Kubelet or Azure Kubernetes Service Virtual Nodes preview, however, due to known issues with those technologies, Osiris remains incompatible with them for the near term.
The Virtual Kubelet adds support for serverless container platforms, and it's key to enabling these auto-scaling capabilities in Kubernetes-managed clusters, according to Microsoft's announcement.
The other capability that doesn't yet work with Project Osiris is the Virtual Nodes capability of Microsoft's Azure Kubernetes Service (AKS), which Microsoft introduced last week as a preview. The Virtual Nodes capability is designed to let users "elastically provision additional pods" using Microsoft's Azure Container Instances serverless runtime solution. This flexibility permits organizations to better control the execution-time costs of running the pods. A pod is a group of one or more containers that are deployed on the same host.
Kubernetes Policy Controller
Another technology Microsoft highlighted is aimed at adding governance controls to Kubernetes. The new Kubernetes Policy Controller is currently at the "alpha" release level and works with the Cloud Native Computing Foundation's Open Policy Agent to add compliance policies via webhooks.
The Kubernetes Policy Controller permits "operators to easily enable and enforce policies for their clusters," Microsoft's announcement contended. It's important to add these governance policies to Kubernetes at the "create time," which is what the Kubernetes Policy Controller does. The policies also need to be automated, Microsoft added.
Other Kubernetes Bits
Microsoft had a few other announcements coming out of the Linux Foundation's KubeCon North America event, which took place in Seattle this week. Brendan Burns, a Microsoft Distinguished Engineer for Azure, offered this review.
Burns described Microsoft's AKS as "the fastest growing service in the history of Azure Compute." Organizations using Java application stacks are able to move them to AKS "with little or no changes," he claimed.
The Microsoft efforts highlighted by Burns included:
Burns also pointed the baffled (and the young) to read the "Children's Illustrated Guide to Kubernetes" for easy explanations of Kubernetes concepts. The guide tells the story of "Phippy," a giraffe character, who finds a home on Captain Kube's ship, which carries containers. The story is aimed at children, but it's also perhaps useful for adults. There's also a sequel, "Phippy Goes to the Zoo," another story that's sure to be a hit at bedtime.
Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.