Software

Busting 3 Myths About Containers, Kubernetes and App Platforms

Here is why federal IT leaders need to embrace modern application and delivery.

Twitter

Adam Clater is the chief architect of Red Hat’s public sector organization. He works internationally with federal agencies, integrators and Red Hat partners and communities to promote and define the use of enterprise open source solutions.

Modern application development is a key component of business transformation. A few myths about it have made their way through the industry, ending up on the whiteboards of many a CIO and CTO.

In the never-ending pursuit of DevSecOps nirvana, we’ll try to bust some of these myths for federal IT leaders and officials.

Myth 1: Containers Are Enough for Agencies

This is probably the easiest myth to bust. The reality is that containers are simply a Linux operating system tool that package and isolate an application within the operating system.

Containers are incredibly useful, and we find that they are key to both modern application development as well as application migration to new, modern platforms. But the reality is that simply implementing containers will neither guarantee 100 percent application portability nor improve the application within the container.

Containers are a foundational technology upon which modern, hybrid cloud applications are built, and they provide a paradigm for moving legacy applications into these modern constructs. Containerization also serves to clearly delineate the roles of developers, security and operations staff, helping to separate concerns and help developers to deliver applications quickly, on infrastructure that is optimized for stability.

In and of itself, a containerized application is not of much use. In the context of modern application development paradigms, applications are likely broken into services, which can scale horizontally across multiple containers and multiple functions — possibly even going as far as to include microservices. That’s where things become difficult. The atomic nature of containers mandates that their management and orchestration be automated, and that’s why Kubernetes has become so valuable.

Myth 2: Kubernetes Is Enough for Management and Orchestration

In a relatively short time, Kubernetes has quickly become the de facto standard for container management and orchestration, and was the most-discussed repository on GitHub in 2017. Top contributors to the Kubernetes project include Google, Red Hat, Microsoft and IBM. But an orchestration engine alone is not sufficient to solve your modern application development needs, nor was it intended to be.

Kubernetes is an infrastructure layer that was intended to be a component of a larger, more productive application platform. Building and running your own Kubernetes implementation would be akin to compiling your own Linux kernel and then writing applications to run directly on that kernel.

It may show some short-term benefits, but the long-term supportability (and scalability) of such a strategy would be questionable. Kubernetes is designed to be part of a much larger system: an application platform.

Myth 3: Application Platforms Are Enough

An application platform abstracts the complexities of containers and Kubernetes away from the development and operations folks, letting them focus on what they do best — building applications and running infrastructure.

Let's face it, containers are hard to manage at scale, and raw Kubernetes can be even more difficult. Whether it be net-new application development or application modernization efforts, moving to a more scalable and highly available service-focused architecture will necessitate additional management and integration of applications with infrastructure. If your development, security and operations folks are focusing their time on managing containers and Kubernetes, then they aren’t adding the business value for which you hired them.

Application platforms integrate with your continuous integration/continuous delivery (CI/CD) pipeline to bridge the worlds of development and operations, while also managing the day-to-day care and feeding of your production applications. By enabling developers to do their best work in their code — and enabling operators to horizontally scale those applications in well-defined and isolated containers — application platforms bridge the worlds of Dev, Sec and Ops.

What an application platform won’t do is modernize your application development practices or solve your other IT challenges. Many organizations view application platforms as a field of dreams, thinking “if you build it, they will come.” The stark reality is that without a prescriptive approach and a well-defined plan to bring apps to your application platform, that field of dreams will stay empty.

Feds Need Modern App Development and Delivery

With all that being said, there are two key concepts that will define the ability to find success. They are the practices of modern application development and modern application delivery. I’ll focus on each of these quickly.

Modern app development combines domain-driven design, trusted design patterns and architectures, as well as modern development languages and frameworks with test-driven development, static code analysis, and strict pipeline enforcement. These concepts work in concert to deliver reliable, scalable, high-quality code. When we talk about continuous integration, this is what we’re talking about. This is what helps development and operations teams build the trust that is so critical for implementing DevSecOps.

Modern application delivery, on the other hand, makes use of containerized packaging, centralized configuration management and automated provenance, along with modern deployment strategy enforcement, runtime analysis and automated/self-healing operations to bring forth a reliable and scalable infrastructure upon which to deliver modern applications.

This is the continuous deployment upon which CI/CD implementations are built. Without these two core methods, there is no process for taking great software from build to deploy in the time required to meet the demands of modern business requirements. This automated integration testing, functional testing and security scanning are the keys to fast deployment of those services and applications to fulfill your mission needs.

In the end, DevSecOps is bigger than any singular technology, whether that be containers, Kubernetes or even the application platforms workloads run on. The reality is that DevSecOps focuses on delivering results quickly and embracing cross-team communication. A big part of that equation is building trust through the organization by using tools in the CI/CD pipeline to validate the suitability of code for production environments.

It’s a change of behaviors and culture — a change that many in the government are undertaking and welcoming — delivering real results to some of the most critical missions.

wutwhanfoto/Getty Images