The cloud report conducted five short interviews with five people from the cloud and container technology environment and asked five questions. The second interview was with Hendrik Land, Solutions Architect at NetApp.
Why using container technology?
Container technology makes us independet from the underlying infrastructure, including the operating system. That is the base for a true hybrid cloud world, where I can consistently deploy my app in just any environment. The less time we have to spend on details of the specific environment we currently deploy to, the more time we can spend on making the app better. And if we ever need or want to move to another environment, such as from one cloud to another or between cloud and on-premises, that becomes a relatively simple task. But beyond that obvious benefit, the immutable nature of containers forces us to adopt radically new lifecycle concepts for apps and supporting infrastructure. We no longer maintain what is often called snowflakes – deployments that are supposed to be identical but differ in small details. These are typically due to manual (and therefore error-prone) setups or configuration drift that occurs over the long lifetime of a deployment. The container approach of replacing instead of patching ensures that everything always is in a well-defined state. That concept is now also commonly applied outside of the container itself, for example when Kubernetes nodes are not updated but replaced with new ones. From Infrastucture as Code to Gitops, container technology is really driving and enabling these new approaches.
What is the best invention of the last 12 month?
Since I’m mostly concerned with stateful apps and their persistence and data management needs in Kubernetes, my vote goes to the release of the Container Storage Interface (CSI). It is an open standard from the Cloud Native Computing Foundation (CNCF) that is adopted by Kubernetes as well as other platforms such as CloudFoundry. While you can usually recovery from a loss of any piece of infrastructure that supports your app, loosing data can threaten the existence of your project or business. So the persistence layer is crucial, as is the availability of an open standard for it, so we don’t loose the infrastructure independece that Kubernetes has just given us. With CSI, developers and Kubernetes users can dynamically provision storage resources in the same declarative way as they already do for compute, memory or networking. The CSI standard is rapidly evolving. Beyond provisioning storage resources, it now also allows for data management operations such as point-in-time snapshots or clones of a dataset. And that paves the way for robust backup and recovery solutions. They are still in an early stage in the world of Kubernetes, but very much needed with more and more stateful apps deployed.
What is your security approach?
Security needs to be a constant process and it has to be integrated from the ground up rather than being an afterthought. Security is often unpopular as it adds complexity and cost – not necessarily in hard dollars but in terms of time, usability and other important aspects. But as painful as it might be, we can no longer afford to have insecure defaults or add security later. We can also no longer have apps that rely on perimeter security, e.g. expect that some external system will protect them. Hence the popularity of DevSecOps, where security practises are directly embedded in the DevOps process. And DevOps also helps us in other ways, from consistency in setups to automation that allows to introduce “no admin on machine” policies.
What is your favorite product in regards of container technology?
In the broader sense, that definitely has to be Kubernetes. It is amazing how it has taken the world by storm and quickly became the de-facto standard for everyone running containers at scale. The pace of innovation delivered by Kubernetes is mind-boggling (and often challenging to keep up with). As the saying goes, Kubernetes is the operating system of cloud-native. It is THE common platform available to us in any cloud or our own data center. One open standard, upon which everyone can deliver his own innovation. Speaking of innovation, in a more selfish sense my absolute favorite product is our Trident solution. It provides a common persistence layer to container environments in any cloud and on-premises. This complements the application mobility enabled through Kubernetes by providing a data fabric that makes the data available to the app wherever and whenever it is needed. We really have to think about app and data together, one is of little use without the other. The initial focus of container technology and Kubernetes on stateless apps was a mistake. While an individual microservice might be stateless, an application stack almost always has a need for state and persistence. And Kubernetes is definitely ready for that. With Trident, we provided the very first dynamic storage provisioner in Kubernetes, back in 2016. And we have been leading that space ever since. Trident is our contribution to evolving Kubernetes beyond the stateless mantra of the early days.
Caas vs Paas: which solution are you using/providing and why?
Our integration typically is at the CaaS layer. Which then enables PaaS, Serverless and everything else that builds on that foundation. While app developers benefit from our solutions, they might not always recognize them if they use PaaS. Persistence and data management should be easy for developers, so in a sense we achieved our goal if they don’t even see our solutions and it automagically just works. At the same time we have to educate and support developers. While the ease of use in PaaS solutions is a big benefit, it also brings a risk of “easily” making a bad design decision. When it comes to data, this can be very hard to adjust later, especially if lots of data has already been generated. It cannot be easily moved around due to the sheer amount of it. And often data is your most valuable asset so you don’t want to take any risk either. So developing a good data strategy is important, no matter if it is CaaS, PaaS, SaaS or any other model.
As a Solution Architect for DevOps, I cover a broad set of topics, from container technology to automation and configuration management – always with a healthy appetite for learning new technologies. Whenever time permits I look into solutions for application mobility, delivered by infrastructure agnostic platforms such as Kubernetes and automated by Infrastructure as Code and GitOps principles.