Picking Cloud Native Winners

Cloud Native Kool-Aid

The CNCF has a rather complicated origin story, put together by a bunch of competing vendors with a deliberately ambiguous name to avoid obvious favorites, but it quickly became primarily an extension of the Kubernetes community. CNCF first picked Kubernetes, and Kubernetes is now the leading container orchestrator, leaving competitors like Docker and Mesos in the dust. Now, CNCF is doing it again with Prometheus and Envoy, the latest CNCF graduated projects.

Newly Graduated Projects

Prometheus has huge traction in the Kubernetes community, despite it’s less friendly UX compared to polished SaaS like DataDog and New Relic. Using Prometheus basically requires using Grafana for visualization, and together they have become the de facto open source metrics stack, integrated with most of the Cloud Native Landscape.

Envoy is an interesting pick for the CNCF. Unlike Prometheus, Envoy doesn’t natively integrate with Kubernetes out of the box. However, multiple popular projects manage Envoy as an ingress or service mesh on top of Kubernetes (e.g. Istio, Heptio Contour, Envoy Operator, etc). Additionally, unlike Prometheus, Envoy has been integrated by multiple CNCF member vendors, including Pivotal Cloud Foundry, AWS App Mesh, and now Google GKE.

Service Mesh & Serverless

Predictably, Google has a huge amount of sway in the direction the CNCF moves, being the originator of the first graduated CNCF project. What Google backs is likely to eventually be what the CNCF backs. It’s not quite that simple, but it’s a pretty strong leading indicator, and Google is now backing Istio and Knative. Kubernetes, Istio, and Knative is what Google calls “The New Open Cloud Stack”. Istio and Knative are now available in GKE in beta and alpha respectively. This not only lowers the barrier to entry but also makes it less likely that customers will bother using competing service mesh (e.g. Linkerd) and serverless (e.g. OpenWhisk) projects on GKE.

Given that Istio is now 1.0 and integrates with both GKE and CloudFoundry, it seems like Istio is a shoe in to be a CNCF project, but apparently it hasn’t been submitted. It’s not clear why that is, but it seems to be political. And because Istio isn’t CNCF, it’s unclear if Knative, which heavily depends on Istio, will be CNCF. Meanwhile Linkerd, the primary service mesh competition, IS a CNCF project, but Linkerd doesn’t have a big cloud vendor backing in, nor does it have an exclusive killer app on top like Knative.

Istio — Ingress & Sidecar Proxy

In case you haven’t drunk the cool-aid already, Istio is a mesh of Envoy proxies deployed as sidecars and edge routers. The mesh of proxies means that Istio is put in change of almost all traffic into and out of your system of microservices. Given that control, a service mesh can provide introspection, service discovery, load balancing, failure recovery, metrics, and monitoring. It can also provide advance functionality, like A/B testing, canary releases, rate limiting, access control, as well as end-to-end encryption and authentication through mTLS. This kind of tooling can be invaluable not only for debugging distributed systems, but also as a platform of basic functionality that developers don’t need to write into their microservices.

Knative — The Killer App

Knative is getting strong backing this year, largely by the same players backing Istio. GKE has Knative support in alpha, and Pivotal announced Pivotal Function Service (PFS) which includes Istio and Knative on Pivotal Container Service (PKS), their Kubernetes on BOSH offering.

Unlike Istio, Knative is actually a collection of small, somewhat independent components. One of the more interesting components is Knative Build, a CRD-based container image building operator. Knative Build uses parameterized templating and a builders to assemble image artifacts, similar to how Heroku and CloudFoundry build packs work. The other primary components are Knative Serving, the routing layer that handles auto-scaling by request load, and Knative Eventing, which handles the transparent mapping of triggers to handlers.

CNCF Disrupted

Together, Envy, Istio, and Knative add a lot more functionality on top of Kubernetes. They also seem to align with CNCF’s stated goal “to create a full stack of the components that end users need to run their cloud native applications”. It will be interesting to see if they end up joining the CNCF or whether the politics and strategizing of competing vendors ends up disrupting the CNCF, turning it into the next Apache or OpenStack foundation, too big and slow to keep up with the forefront of computing.

Cloud Guy. Anthos Solutions Architect at Google (opinions my own). X-Cruise, X-Mesosphere, & X-Pivotal.