Cloud native is becoming a critical piece of the digital transformation journey. Modern companies need a very strategic cloud-native strategy. However, as companies embark on their cloud-native journey, they faces many challenges.
As expected, some challenges are cultural, others are technical. Containerization brings exciting possibilities as well as scary possibilities depending upon the organization. It brings opportunities to break down functional silos, and/or reinforce them.
“An honest assessment of current cultural norms, baked into process mechanisms, and why they are in place. Can this new technology change who does what? If CI/CD practices aren’t current, does it make sense to modernize? And if so, what does that mean for the organizations involved?” said Carmine Rimi, Product Manager for AI at Canonical.
According to a recent survey conducted by CIO.com, 68% of IT Managers flag that significant improvements are needed to run stateful workloads on Kubernetes.
“The top three challenges cited in the survey were automated application deployment, performance isolation and managing environment/application data consistency across production, dev, and test,” said Radhesh Menon, CMO of Robin Systems.
Security is often an afterthought
There are more hurdles beyond these. Security remains one of the biggest challenges that is often overlooked. Typically, when a new technology arrives, security is often an afterthought. Developers like to create and build new things and not look into every hole it might create, security is someone else’s problem.
It becomes really critical for companies to secure their applications across different domains. “The majority of network breaches originate from within the network, and a zero-trust approach is the recommended way to lock down your application,” said Wendy Cartee, senior director, Cloud-Native Apps Advocacy, VMware.
In fact, Kubernetes itself poses some unique challenges. Anytime an app is scaled up, one or more pods are created. Each pod requires an IP and can reside on any Kubernetes node within the cluster. “While this model is perfect for application availability, it completely breaks the traditional security model where resources are assumed to be static,” she said.
Despite customer’s push for cloud nativity, not all applications are purely cloud-native. Majority of the apps will consist of workloads that leverage a mixture of VM and containers. Defining the right security boundary and securing communication across different hybrid domains are critical. “In an environment that is continuously changing, having granular visibility over how Kubernetes pods are communicating are also essential,” said Cartee.
In situations like these, enterprise customers often feel stretched finding themselves stuck between adapting to the container technology paradigm vs. the traditional (VM or Bare Metal) ways of dealing with stateful apps, “specifically when they are dealing with HA and DR for stateful apps in a container world,” said Jonathan M. Reeve, PhD., Senior Director Product Management and Bob Quillin, Vice President of Developer Relations, Oracle Cloud Infrastructure.
Storage management is also one big challenge for stateful applications, unlike stateless applications. Customers want to take advantage of existing storage investments for their stateful apps. There is a need for greater flexibility and control for a storage array to support a diverse mix of traditional and cloud-native apps.
The storage array must offer users the flexibility to define policies on demand, and offer storage services such as snapshot, cloning, encryption, deduplication and compression at the container volume level of granularity. “Also, the storage array must be able to able to support seamless application failover and rapid recovery,” Cartee said.
In terms of data recovery, enterprise customers need the ability to take regular backups of a stateful app using snapshot feature native to their storage array and store the backup anywhere on/off premise.
In case of a data loss, they should be able to restore the stateful app from their backup quickly and efficiently, against the same or different Kubernetes cluster.
As critical data recovery is for stateful containerize, apps, Sheng Liang, CEO and co-founder of Rancher Labs, said that there is a lack of complete toolchain support, especially in backup/restore of persistent state. There is a cultural aspect to it as well. DevOps teams lack container storage experience, so they are not equipped to handle such issues. “Relative immaturity and continuing rapid development of some of the underlying stateful container technologies, such as CSI, also create challenges in stateful container adoption,” he said.
Education and awareness is also one big challenge. There is a lack of general education within the application and operations teams about how containers and Kubernetes work, as it can be different than previous proprietary technologies.
Brian Gracely, director, Product Strategy, OpenShift at Red Hat said that companies need to make a platform-level decision about the architecture to support both types of applications. “They have to work with application vendors (if not building the applications internally) and getting them to be distributed as containers,” he said.
In a nutshell, there are some serious challenges companies face when they look at stateful containerized applications. The good news is that the industry is aware of these challenges and working on solving them. In the upcoming article, we will discuss some of those solutions.