Open serverless project Fn adds support for broader serverless standardization with CNCF CloudEvents, serverless framework support, and OpenCensus for tracing and metrics.
Oracle Container Engine for Kubernetes tackles toughest real-world governance, scale, and management challenges facing K8s users today
Today at Kubecon + CloudNativeCon Europe 2018, Oracle announced new support for several open serverless standards on its open Fn Project and a set of critical new Oracle Container Engine for Kubernetes features addressing key real-world Kubernetes issues including governance, security, networking, storage, scale, and manageability.
Both the serverless and Kubernetes communities are at an important crossroads in their evolution, and to further its commitment to open serverless standards, Oracle announced that the Fn Project now supports standards-based projects CloudEvents and the Serverless Framework. Both projects are intended to create interoperable and community-driven alternatives to today’s proprietary serverless options.
Solving Real World Kubernetes Challenges
The New Stack, in partnership with the Cloud Native Computing Foundation (CNCF) recently published a report analyzing top challenges facing Kubernetes users today. The report found that infrastructure-related issues – specifically security, storage, and networking – had risen to the top, impacting larger companies the most.
Source: The New Stack
In addition, when evaluating container orchestration, classic non-functional requirements came into play: scaling, manageability, agility, and security. Solving these types of issues will help the Kubernetes project move through the Gartner Hype Cycle “Trough of Disillusionment”, up the “Slope of Enlightenment” and onto the promised land of the “Plateau of Productivity.”
Source: The New Stack
Addressing Real-World Kubernetes Challenges
To address these top challenges facing Kubernetes users today, Oracle Container Engine for Kubernetes has integrated tightly with the best-in-class governance, security, networking, and scale of Oracle Cloud Infrastructure (OCI). These are summarized below:
Governance, compliance, & auditing: Identity and Access Management (IAM) for Kubernetes enables DevOps teams to control who has access to Kubernetes resources, but also set policies describing what type of access they have and to which specific resources. This is a crucial element to managing complex organizations and rules applied to logical groups of users and resources, making it really simple to define and administer policies.
Governance: DevOps teams can set which users have access to which resources, compartments, tenancies, users, and groups for their Kubernetes clusters. Since different teams typically manage different resources through different stages of the development cycle – from development, test, staging, through production – role-based access control (RBAC) is crucial. Two levels of RBAC are provided: (1) at the OCI IaaS infrastructure resource level defining who can for example spin up a cluster, scale it, and/or use it, and (2) at a Kubernetes application level where fine-grained Kubernetes resource controls are provided.
Compliance: Container Engine for Kubernetes will support The Payment Card Industry Data Security Standard (PCI DSS), the globally applicable security standard that customers use for a wide range of sensitive workloads, including the storage, processing and transmission of cardholder data. DevOps teams will be able to run Kubernetes applications on Oracle’s PCI-compliant Cloud Infrastructure Services.
Auditing (logging, monitoring): Cluster management auditing events have also been integrated into the OCI Audit Service for consistent and unified collection and visibility.
Scale: Oracle Container Engine is a highly available managed Kubernetes service. The Kubernetes masters are highly available (cross availability domains), managed, and secured. Worker clusters are self-healing, can span availability domains, and can be composed of node pools consisting of compute shapes from VMs to bare metal to GPUs.
GPUs, Bare Metal, VMs: Oracle Container Engine offers the industry’s first and broadest family of Kubernetes compute nodes, supporting small and virtualized environments, to very large and dedicated configurations. Users can scale up from basic web apps up to high performance compute models, with network block storage and local NVMe storage options.
Predictable, High IOPS: The Kubernetes node pools can use either VMs or Bare Metal compute with predictable IOPS block storage and dense I/O VMs. Local NVMe storage provides a range of compute and capacities with high IOPS.
Kubernetes on NVIDIA Tesla GPUs: Running Kubernetes clusters on bare Metal GPUs gives container applications access to the highest performance possible. With no hypervisor overhead, DevOps teams should be delighted to have access to bare metal compute instances on Oracle Cloud Infrastructure with two NVIDIA Tesla P100 GPUs to run CUDA based workloads allowing for over 21 TFLOPS of single-precision performance per instance.
Networking: Oracle Container Engine is built on a state-of-the-art, non-blocking Clos network that is not over-subscribed and provides customers with a predictable, high-bandwidth, low latency network.
Load balancing: Load balancing is often one of the hardest features to configure and manage – Oracle has integrated seamlessly with OCI load balancing to allow container-level load balancing. Kubernetes load balancing checks for incoming traffic on the load balancer's IP address and distributes incoming traffic to a list of backend servers based on a load balancing policy and a health check policy. DevOps teams can define Load Balancing Policies that tell the load balancer how to distribute incoming traffic to the backend servers.
Virtual Cloud Network: Kubernetes user (worker) nodes are deployed inside a customer’s own VCN (virtual cloud network), allowing for secure management of IP addresses, subnets, route tables and gateways using the VCN.
Storage: Cracking the code on a simple way to manage Kubernetes storage continues to be a major concern for DevOps teams. There are two new IaaS Kubernetes storage integrations designed for Oracle Cloud Infrastructure that can help, unlocking OCI’s industry leading block storage performance (highest IOPS per GB of any standard cloud provider offering), cost, and predictability:
OCI Volume Provisioner: Provided as a Kubernetes deployment, the OCI Volume provisioner enables dynamic provisioning of Block Volume storage resources for running Kubernetes on OCI. It leverages the OCI Flexvolume driver (see below) to bind storage resources to Kubernetes nodes.
Simplified, Unified Management:
Bundled in Management: By bundling in commonly used Kubernetes utilities, Oracle Container Engine for Kubernetes makes for a familiar and seamless developer experience. This includes built-in support for Helm and Tiller (providing standard Kubernetes package management), the Kubernetes dashboard, and kube-dns.
Running Existing Applications with Kubernetes: Kubernetes supports an ever-growing set of workloads that are not necessarily net new greenfield apps. A Kubernetes Operator is “an application-specific controller that extends the Kubernetes API to create, configure and manage instances of complex stateful applications on behalf of a Kubernetes user.” Oracle has open-sourced and will soon generally release an Oracle WebLogic Server Kubernetes Operator which allows WebLogic users to manage WebLogic domains in a Kubernetes environment without forcing application rewrites, retesting and additional process and cost. WebLogic 126.96.36.199 has also been certified on Kubernetes, and the WebLogic Monitoring Exporter, which exposes WebLogic Server metrics that can be read and collected by monitoring tools such as Prometheus, and displayed in Grafana, has been released and open sourced.
Fn Project: Open serverless initiatives are progressing within the CNCF and the Fn Project is actively engaged and supporting these emerging standards:
CloudEvents: The Fn Project has announced support for the Cloud Event standard effort. CloudEvents seeks to standardize event data and simplify event declaration and delivery among different applications, platforms, and providers. Until now, developers have lacked a common way of describing serverless events. This not only severely affects the portability of serverless apps but is also a significant drain on developer productivity.
Serverless Framework: Fn Project, an open source functions as a service and workflow framework, has contributed a FaaS provider to the Serverless Framework to further its mission of multi-cloud and on-premise serverless computing. The new provider allows users of the Serverless Framework to easily build and deploy container-native functions to any Fn Cluster while getting the unified developer experience they’re accustomed to. For Fn’s growing community, the integration provides an additional option for managing functions in a multi-cloud and multi-provider world.
"With a rapidly growing community around Fn, offering a first-class integration with the Serverless Framework will help bring our two great communities closer together, providing a “no lock-in” model of serverless computing to companies of all sizes from startups to the largest enterprises,” says Chad Arimura, VP Software Development, Oracle.
OpenCensus: Fn is now using OpenCensus stats, trace, and view APIs across all Fn code. OpenCensus is a single distribution of libraries that automatically collects traces and metrics from your app, displays them locally, and sends them to any analysis tool. OpenCensus has made good decisions in defining their own data formats that allow developers to use any backends (explicitly not having to create their own data structures simply for collection). This allows Fn to easily stay up to date in the ops world without continuously having to make extensive code changes.
For more information, join Chad Arimura and Matt Stephenson Friday, May 4 for their talk at KubeCon on Operating a Global Scale FaaS on top of Kubernetes.
In the April release of Oracle Developer Cloud Service we started supporting Docker and HashiCorp Terraform builds as...