There is good reason for this. Operators can be incredibly useful. Operators enable the codification of operations business logic into an application that can oversee an application. What is often in a Runbook for an operations person to perform when an incident or event occurs can now happen automatically.

Then there are tools like Crossplane that make it possible to use services, like MySQL, in a cross cloud compatible manner as a SaaS. In fact, operators have made it much easier to run a SaaS within a Kubernetes cluster in general.

There are some who tell me that everything needs an operator. That it's a requirement for every application running in a cluster, a panacea, or a silver bullet. This isn't the case either. I've seen cases where focus and work on an operator has lead to an application and overall experiences that failed to meet any form of user needs.

If operators are useful but should not be applied to every situation it's worth asking, when should we use operators?

Usefulness

A test I like to apply is to look for usefulness. There are lots of shiny things we can chase. How are they useful and to what degree?

For example, a common type of application to deploy is a stateless service. These are often in the form of a twelve-factor application. Historically, they may have been easily deployed to Heroku or Cloud Foundry where they would run for long periods without any issue. In Kubernetes they would typically be deployed as a deployment.

Should you create an operator that manages this application?

To make it a little practical you might ask:

1. Are there Runbook tasks that can be automated?
2. Is there some task that needs to be performed based on an event? Can that be easily codified in an operator? Is there an easier method to codify this task than an operator?

For this second question I find it's really important to ask if there is a low-fi way to implement the feature. For example, if you want regular backups of data it can be fairly easy to implement that as a CronJob. Does the low-fi solution work well enough to meet the need?

Another way to look at this is to have an engineering problem. One that is well defined. Then look for the simplest way to solve that. Sometimes an operator will be the right choice. Other times something else will be simpler.

Common Operator Situations

Operators do have a place where they are currently the best choice for solving problems. The following are a couple of the places I have personally seen their usefulness. It's not all inclusive. I'm sharing more as inspiration.

A SaaS In Your Cluster

There are times where you or your organization may want to offer something up as a SaaS. A common example is a database like MySQL or PostgreSQL. There are a few ways to handle bringing a common technology like a database to a cluster.

First, everyone who needs it can manage the database themselves. This isn't really the case for a SaaS. Suggesting an operator here may be putting the cart before the horse. A decision needs to be made based on the merits of the problem that a SaaS is needed. Once a SaaS is decided on based on it's own merits then we can look at an operator. For example, if one team is going to run PostgreSQL it may be much simpler for them to manage it using a Helm chart or collection of Kubernetes manifests.

Second, if you have decided on a SaaS then there are options. For example, there is the Kubernetes service catalog which uses the Open Service Broker API. This is an option and it's been designed to be similar to what works in Cloud Foundry. Cloud Foundry has successfully used this for years.

But, the Kubernetes service catalog still does not have a stable release while it has been in development for more than three years. Since the start of 2019 the level of development has shrunk and numerous people moved to other methods and projects. This may be unpopular and I do not mean to hurt anyone's feelings but the service catalog does not appear to be the path forward for this.

Operators using CRDs and custom resources appear to be the path forward. A cluster scoped operator can be installed that enables people to use CRs to request a service. That service can be something running in a public cloud, like RDS, or it can be something running in the cluster.

Complex Applications

There are some very complex applications running in Kubernetes. For example, there are people who run OpenStack within Kubernetes. Dealing with the complexity (e.g., ordering of installed services) has led to the development of new tools.

There is no one way to manage complex applications and determining the best method is something for your organization.

One way to manage complex applications is to use an operator. Essentially, this is a piece of software to manage other software. This makes it possible to use CRDs and CRs to declare the applications details and then the controller can handle the actual management and imperative elements within the system.

Automating Runbooks

Runbooks are an essential part of the process to operate things you care about. Many organizations successfully use them. They also provide an opportunity for automation.

Runbooks are documented tasks of what to do when an event happens. These are ideal for automation. After all, if you can describe to a person how to handle an event we can, often, describe how to do that to a machine via code. What is the thing called that looks for events in Kubernetes and acts on them? And, it's got application specific business logic? An operator would be a fit.

An operator is only one type of application that can handle events on another application. An operator is a controller with application specific business logic. The original post announcing operators says,

An Operator is an application-specific controller that extends the Kubernetes API to create, configure, and manage instances of complex stateful applications on behalf of a Kubernetes user.

You may run into a situation where you are building runbook automation that does not need to extend the Kubernetes API. Maybe it just needs to leverage the API and not extend it. There are cases for non-operator applications to manage applications. There are also times to use operators for this and they fit quite well.

Should You Use Operators?

If they fit your business or technical need then yes. They are like any pattern. There are places they are a good fit and other places where there are other patterns that are a better fit.

Just don't give into the hype that you always need them. Look for a problem to present itself that they are a good solution for.

If you're not familiar with these elections, there are 3 different bodies who elect members to the TOC. The Governing Board, the End User group, and the project maintainers. If you want to know which group appointed a member, it is listed on the TOC GitHub page.

Disclaimer: In full disclosure, I am running for the TOC. I was curious about the information and am providing references for you to look for yourself. Hopefully the information and references is useful. Any bias is unintentional.

Candidates

The candidates are broken down into two groups. One for those being elected by the Governing Board and End Users and one for those being elected by the graduated and incubating projects. From there they are in alphabetical order by last name. They are broken into groups like this because of the information I have directly available.

Liz Rice, the incumbant running, has more information available due to the work she has performed on the TOC. This can be found in public meetings (though details on all of them may not have been captured) and participation in votes who details is available on the TOC mailing list.

The TOC is expanding from 9 to 11 members. The two additional people are being selected by the End User members and the non-sandbox project maintainers.

In each section the number of people nominated and the number of people deemed qualified are listed. This is because the CNCF charter provides for a qualification process in 6(e)ii.

The location where the nominees is based is listed to help us consider geographic diversity. The members of the TOC who are not up for election and will continue on the TOC are in Silicon Valley (3 members), Greater Seattle Area (2 members), and Atlanta Georgia (1 member).

Interesting Tidbit: 9 of those who are running are in Silicon Valley. London has 3 people running and Seattle has 2.

Note, if there are any errors in the candidate information please let me know and I'll correct it. Also, if there is additional information for a candidate I'm happy to add it.

Update: upon request the company people work for has been added to their section.

Governing Board and End User Members

In this election the Governing Board is electing 3 people and the End User community is electing 1 person.. The Governing Board initially nominated 17 people and the End Users 4 people for a total of 21. Of these 19 were deemed qualified by the Governing Board and TOC.

Saad Ali

You can find him online at: Twitter | GitHub | LinkedIn
Location: San Francisco Bay Area (Silicon Valley)
Works at: Google

Erin Boyd

You can find her online at: Twitter | GitHub | LinkedIn
Location: Montana
Works at: Red Hat

Lee Calcote

You can find him online at: Talks | Blog | Twitter | GitHub | LinkedIn
Location: Austin, Texas
Works at: SolarWinds

Alex Chircop

You can find him online at: Twitter | GitHub | LinkedIn
Location: London, United Kingdom
Works at: StorageOS

Katie Gamanji

You can find her online at: Twitter | GitHub | LinkedIn
Location: London, United Kingdom
Works at: Condé Nast International

Michael Hausenblas

You can find him online at: Website | Twitter | GitHub | LinkedIn
Location: Ireland
Works at: Amazon Web Services

Zhengyu He

You can find him online at: LinkedIn
Location: Hangzhou, China
Works at: Ant Financial

Quinton Hoole

Quinton is a former member of the TOC. The TOC elects two of their own members and Quinton previously served in one of those positions.

You can find him online at: Twitter | GitHub | LinkedIn
Location: San Francisco Bay Area (Silicon Valley)
Works at: Facebook

Metrics of his time on the TOC:

• Elected: March 2018 (1 year term)
• Meetings attended in term: 9 (of 9 with records) times
• TOC mailing list history: here

Frederick Kautz

You can find him online at: Twitter | GitHub | LinkedIn
Location: Palo Alto, California (Silicon Valley)
Works at: doc.ai

Wei Lai

You can find him online at: Website | GitHub | LinkedIn
Location: Beijing, China
Works at: DiDi

Vallery Lancey

You can find her online at: Website | Twitter | GitHub | LinkedIn
Location: San Francisco Bay Area (Silicon Valley)
Works at: Lyft

Sheng Liang

You can find him online at: Wikipedia | Twitter | LinkedIn
Location: San Francisco Bay Area (Silicon Valley)
Works at: Rancher Labs

Bryan Liles

You can find him online at: Website | Twitter | GitHub | LinkedIn
Location: Baltimore, Maryland
Works at: VMware

Haifeng Liu

You can find him online at: LinkedIn
Location: Beijing, China
Works at: JD.com

Kris Nova

Update: Kris shared a writeup (found here) with the Governing Board.

You can find her online at: Website | Twitter | GitHub | LinkedIn
Location: San Francisco Bay Area (Silicon Valley)
Works at: Sysdig

Alena Prokharchyk

You can find her online at: Twitter | GitHub | LinkedIn
Location: Mountain View, California (Silicon Valley)
Works at: Apple

Liz Rice

Liz is the current chair of the TOC and did not join the TOC until last March. She currently works at Aqua Security. She has had a shorter set of meetings, by 2 months, from the other incumbents. Prior to her time on the TOC she served as a co-chair of KubeCon & CloudNativeCon. She was selected by the Governing Board.

You can find her online at: Website | Twitter | GitHub | LinkedIn
Location: Enfield, Greater London, United Kingdom
Works at: Aqua Security

Metrics of her past year on the TOC:

• Elected: March 2019
• Meetings attended in past year: 13 (of 15 with records) times / 3 times in the past quarter
• TOC mailing list history: here
• Votes participated in past year: 16 (only missed 1 vote during her time on the TOC and gave a non-binding vote for the one more opportunity the others had in the term)
• Sandbox projects sponsored in past year: 4

Brian Scott

You can find him online at: Twitter | GitHub | LinkedIn
Location: Los Angeles, California
Works at: The Walt Disney Company

Ed Warnicke

You can find him online at: Twitter | GitHub | LinkedIn
Location: Austin, Texas
Works at: Cisco Systems

Project Maintainers

This is the first election where the project maintainers can elect one of their own as a TOC member. This is limited to the stable and incubating projects and the process is documented in the CNCF Foundation GitHub repository. The maintainers are electing 1 person. The maintainers initially nominated 8 people of which all 8 were voted as qualified.

John Belamaric

He is a maintainer of the CoreDNS project.

You can find him online at: Twitter | GitHub | LinkedIn
Location: Sunnyvale (Silicon Valley)
Works at: Google

Justin Cormack

He is a maintainer of the Notary project.

You can find him online at: Website | Twitter | GitHub | LinkedIn
Location: Cambridge, United Kingdom
Works at: Docker

Matt Farina

He is a maintainer of the Helm project.

You can find him online at: Website | Twitter | GitHub | LinkedIn
Location: Metro Detroit, Michigan
Works at: Samsung SDS

Richard Hartmann

He is a maintainer of the Prometheus project.

You can find him online at: Twitter | GitHub | LinkedIn
Location: Munich, Bavaria, Germany
Works at: Grafana

Torin Sandall

He is a maintainer of the Open Policy Agent (OPA) project.

You can find him online at: Twitter | GitHub | LinkedIn
Location: New York
Works at: Styra

Eduardo Silva

He is a maintainer of the Fluentd project.

You can find him online at: Website | Twitter | GitHub | LinkedIn
Location: Costa Rica
Works at: Arm

Sugu Sougoumarane

He is a maintainer of the Vitess project.

You can find him online at: Website | Twitter | GitHub | LinkedIn
Location: San Francisco Bay Area (Silicon Valley)
Works at: PlanetScale

Liu Tang

He is a maintainer of the TiKV project. In the election listing he's listed as Liu Tang while on the TiKV website he's listed with the name Siddon Tang.

You can find him online at: GitHub
Works at: PingCAP

Note, I was not able to locate more references. If there is more information I can add please let me know.

Below is a screenshot of the CloudDevelop conference. The domain recently lapsed as the conference is no longer around. The site as captured by the Internet Archive doesn't have details on speakers or sessions.

CloudDevelop isn't the only website with this type of problem. Another conference example is the schedule for KubeCon + CloudNativeCon North America 2019. There are numerous non-conference sites suffering from the same problem. For example, my profile page on DZone does not list any of my content.

This all has to do with the way the sites are being built. It's a how problem. It's baked into the patterns and technologies we are using.

Please Make Them Archivable

Building sites that aren't being archived isn't good for us in the future. So often we need to refer back to data from the past. To find something we don't clearly remember. To search through the history of something. For nostalgia. For news reporting. For research. And much much more.

With that in mind... when you're building sites, please do so in a manner that's archivable.

When I was reading the 2019 editon of the Stack Overflow survey I noticed that Drupal is now the least loved and most dreaded of the "web frameworks". Yikes!

Drupal sites can, also, report their version usage back to the Drupal project. The image below is a snapshot in time from the usage.

Drupal 7, which was superseded by Drupal 8 more than 4 years ago, still has 2.5 times the number of sites reporting in. And, Drupal usage has hit a plateau. Double Yikes!

As someone who works on other open source projects these days (ones that are currently fairly popular), I wanted to take some time to see what had changed with Drupal over time. What lead so many people to dislike it.

The Massive Rewrite

Drupal 8 was a massive re-write. Some projects do this, from time to time, and this is one of those cases. The programming language didn't change and many of the terms, especially user facing ones were the same. The patterns used within the codebase changed massively.

This is important for a few reasons:

1. Those who developed modules (Drupal extensions) had to learn a whole new way to do things. This was different from the past where the patterns were usually the same but there were new features, new APIs, and some API changes.
2. Instead of upgrading modules for the new version of Drupal they needed to be re-written to fit within the new system.
3. The way Drupal sites were styled was changed. "Themers" was a group of people who styled Drupal sites. Someone could learn the basics in a weekend and there are professionals who do this full time. This group had to learn a whole new way to style Drupal sites.

This is a lot of change for the groups that dealt with Drupal sites day in and day out.

On the flip side there were benefits. For example:

• Drupal 8 follows modern PHP and software conventions. Drupal had long used many of its own design patterns. While some were still there, more typical computer science patterns are now used.
• Instead of re-inventing the wheel with Drupal modules, people could more easily use existing PHP libraries. There are a lot of open source PHP libraries.

The re-write highlights more than the style of PHP code. It gets into who is writing the code. Is it those who are used to low-code setups or is it professional programmers? What was it for Drupal 7 and earlier compared to Drupal 8 and beyond?

Despite the hurdles, I was left wondering why people didn't transition to Drupal 8. In Badass: Making Users Awesome by Kathy Sierra there's a whole chapter on removing blocks. It comes from the idea that people are motivated, even a little bit. And, there are benefits to Drupal sites and Drupal professionals to switch. Kathy noted that,

Working on what stops people matters more than working on what entices them.

After working a little with Drupal 8 and talking with others who tried to make the leap I found that Kathy made a great general observation that applies to people making the Drupal 8 jump,

A gap between what they wanted and what's actually happening

People making the jump were having a hard time. For example, Drupal is known for doing a fair amount of magic. This is usually documented well. It's designed to help people. When I worked on a Drupal 8 module I found it difficult to figure out the new magic which wasn't documented. In my case I used a debugged to walk through Drupal to figure it out. Not something everyone is going to do.

Badass highlights two big derailers:

• The Gap of Stuck - where users are motivated but get stuck learning the new thing
• The Gap of Disconnect - where the focus before you pickup the thing is context but after you pick it up it's tool

Both of these are things, I think, affected Drupal. For example, people who try to learn Drupal 8 can easily get stuck as I did. I have talked to numerous people who fell into this bucket. It was difficult to learn. Or, there is the context of Drupal. Drupal was useful to quickly build websites. Even for those who wanted a low-code environment. This is the context. But, Drupal 8 was all about the tooling before the context of achieving the "quickly build websites" goal or people.

I don't mean to pick on the decision making here. Only in retrospect did I see some of these problems or understand them. The lessons on users that can be seen in Drupal are ones that can be applied to any project.

VC Money

In 2007 when Dries (the founder and BDFL of Drupal) graduated with his PhD he co-founded Acquia around Drupal. Acquia was a Venture Capital funded startup. This provided a shift that many of us didn't see coming at the time.

Prior to Acquia Drupal was lead by the needs of the people using it and contributing to it. This could have been small non-profits, hobbyists, and processionals building sites for the Fortune 500. Dries appeared to be focusing on the growth and usefulness of Drupal.

Once Acquia was founded the goals of venture capitalists were also in the mix. That included Drupal enabling Acquia to have a great return on its investment. To get a return on the investment, Drupal needed to be the kind of platform high paying customers would want to use and pay Acquia for some service.

What do those users want and how does it compare with the existing users of Drupal? For one, many of the developers at enterprise companies have computer science degrees. This is different from hobbyists who might right a small local web shop. The types of users are, in many ways, different.

Now, I don't mean to say that VC funding is bad. Just that it had an influence on direction. One that had a massive, even cultural, directional impact.

To counter this, we can take a look at projects run by a foundation. For example, we can take a look at Linux. Linus, the founder and BDFL, of Linux doesn't work for a single company with a single interest. Nor do the people who work closely with him. They work for a foundation and many companies - including large enterprises, bootstrapped small companies, and VC funded ones - belong to the foundation. No single company has an outsized influence which brings a certain amount of stability and knowledge of expectations to everyone.

This can lead to an interesting thought exercise and choice for our projects? What would Drupal have looked like if all the little companies had invested in a foundation where Dries was employed and he was looking out for all their interests? And, should your next big open source project be coupled to a single company or to some vendor-neutral home?

This is one of the reasons I appreciate the CNCF being around for the cloud native projects I use and why I'm more interested in those with a truly vendor-neutral home than one of a company whose whims can change.

For me, when I evaluate my use of projects and what I do with my own projects I'm going to keep these lessons in mind.

Today, the Helm Maintainers are proud to announce that we have successfully completed a 3rd party security audit for Helm 3. Helm has been recommended for public deployment.

Helm, the package manager for Kubernetes, just completed its first security audit. This is one of the benefits of being a CNCF project.

As with every security audit I've been involved with, I learned something new. I was also reminded of some things I've forgotten. Reading the results of the security audit were a benefit to me, personally. They helped with my growth.

While many security audits are kept private within organizations, audits by organizations like the CNCF are made publicly available.

Cure53 performed the Helm security audit, has performed audits for other CNCF projects, and has performed audits for others. When they can, the audits are made publicly available. If you enjoy reading white papers or long articles to learn something, these papers are a great place to start.

go.mod Module Name

Once you hit v2 of a module, which is often the code in a repository, the go.mod file needs some changes. For example, the first line of the semver package for v1 would have been:

module github.com/Masterminds/semver

When it moved beyond v1 it had to change. For example, here is the change for v3:

module github.com/Masterminds/semver/v3

The version is in the module path.

Changes Using go get

Using go get to retrieve a version changes as well. With version 1 the command could look like:

$ go get github.com/Masterminds/semver@v1.5.0

But, if you tried to change the version to v3.0.1, the latest v3 release at the time of this writing, you'd get an error. The major version needs to be part of the path. You would need to use:

$ go get github.com/Masterminds/semver/v3@v3.0.1

Requiring modules

Requiring modules follows this same paradigm. This is for both the require statements within the .go files and the go.mod require statement.

For example, to require v3 the go.mod file pulling in semver would need to have a line like:

require github.com/Masterminds/semver/v3@v3.0.1

and the require statements in the code would need to import github.com/Masterminds/semver/v3. The calls to functions in the package don't need to change unless you're working with multiple versions of the same package. For example, when importing v3 a call to semver.NewVersion would still work as expected.

If the changes to the import statements aren't made Go will try get the latest v1 release, update the go.mod file to include the v1 release, and use that. This happens when running commands like go build. If you didn't know, go build can modify your go.mod file.

This is just a quick primer. There are more details in the Go wiki and docs if you need more details.

Let's take a look at what's new in v3.

What Happened To v2?

You might be wondering, what happened to v2? Why jump from v1 to v3? When work on what would become dep started there was a desire to make changes to the way semver worked. On a 2.x branch, Sam Boyer began work on a major overhaul and we'd hoped this would be the future of semver. But, a couple things happened that changed course.

First, dep is now being replaced by Go modules. The semver package isn't needed by it long term as dep is going to be archived, according to the Go team. The primary driver for it is gone and development stalled.

Second, many tools still use go get in their installation instructions and many people aren't using Go modules. That means changing the API can cause breakages in tools that depend on semver. This happens even when those tools use a dependency manager to set versions because some people are routing around that. This problem even came up in the development of v3 where a breaking change caused people to come to issue queues, file issues, and create PRs to route around the problem. This is extra support work.

Until the Go community is generally using tools that support versions as a group it is a bit of extra support work to break public APIs.

v2 is not ready for any tagged releases even though it has some use. For example, the documentation needs some large updates.

So, we skipped a version to avoid confusion. It's kind of like PHP 6 that way.

Upgrade Path From v1

Since the Go API didn't change the upgrade path is fairly simple. In your dependency management tool request v3. If you want to opt into the one change you can opt into see below. Before using the new version see the changes in the v3 announcement.

Changes

If the API didn't have breaking changes then what did? Let's take a look.

A Change To ^

One of the biggest changes is to the ^ operator in comparisons. The way it evaluates ranges is different when the major version is 0. In that case it treats the minor version as the compatibility point unless the patch is specified. The docs share examples:

• ^1.2.3 is equivalent to >= 1.2.3, < 2.0.0
• ^1.2.x is equivalent to >= 1.2.0, < 2.0.0
• ^2.3 is equivalent to >= 2.3, < 3
• ^2.x is equivalent to >= 2.0.0, < 3
• ^0.2.3 is equivalent to >=0.2.3 <0.3.0
• ^0.2 is equivalent to >=0.2.0 <0.3.0
• ^0.0.3 is equivalent to >=0.0.3 <0.0.4
• ^0.0 is equivalent to >=0.0.0 <0.1.0
• ^0 is equivalent to >=0.0.0 <1.0.0

This change is similar to the pattern in npm/js and Rust/Cargo. The difference from npm/js is the way prereleases are handled which you can read about in the semver documentation.

Spaces and Commas

And comparisons used to require a command between them (e.g., >=1.2.3, <2). The comma is now optional. It is still supported but not required. Like other tools >=1.2.3 <2 is now supported for ANDing conditions.

StrictNewVersion

One feature that can be opted into for creating Version instances is the StrictNewVersion function. While parsing it will validate the version passed in was strictly speaking a semantic version. The NewVersion function in v1 and v3 has performed coercion to try and turn a version into a semantic version. For example, v1.2 is not a valid semantic version. StrictNewVersion will return an error while NewVersion will return an object whose version is 1.2.0.

Take It For A Spin and Provide Feedback

The release is out the door. There are more tests, including fuzzing. Please try it out and let us know how this works for you.

With Go modules came the inclusion of the ability to use a proxy when fetching dependencies in the form of modules. jFrog quickly launched GoCenter to provide a high performance cache. Typically, pulling modules from GoCenter was much faster than getting them from someplace like GitHub. GoCenter was optimized for performance for this use case.

Google By Default

With the release of Go 1.13 the GOPROXY defaults to https://proxy.golang.org,direct. This means that commands like go get and go build will attempt fetch modules from the Go Proxy, which is operated by Google and governed by the Google Privacy Policy. If the module is not present there, Go will try to fetch it from the source.

To Google's credit, the very first link you'll find when you visit https://proxy.golang.org/ is to the privacy policy where the information captured and the privacy policy is documented. I am happy they are sharing this information and being up front about it.

Potential Leakage

This could provide problems for proprietary software. Especially those developing competitive solutions to Google and aren't paying attention.

Consider the case where packages are private to a company. Maybe they are hosted on an internal Gitlab or GitHub Enterprise. These are for internal applications or proprietary software. Details about these packages will be sent to a proxy, by default the one operated by Google.

Just imagine the details one could piece together with this sort of information. You know one or a set of IPs is pulling a certain set of modules. Some public where you have the details and some private but the names leak a little about them. What could one surmise from this information? Especially if they have other data from other data sources to merge with this.

Being mindful of this sort of leakage is the kind of thing management at companies often try to pay attention to.

Changing Your Configuration

The Go team realized this problem which is why there are environment variables such as GOPRIVATE and GONOPROXY that can be used alongside GOPROXY to control the proxy configuration and information leakage.

If you work on a proprietary piece of code in Go you should learn about these environment variables.

These variables will let you control what is sent to the proxy and even have glob patterns matching. This is useful to have more fine grained control.

Defaults Are A Big Deal

A big concern is defaults. Most people operate using default settings most of the time. Many people aren't even aware of the settings that can be changed or their options. In the case of Go, I wouldn't be surprised if most developers using Go aren't aware this change is happening and it will silently take effect for them.

The impact of default settings isn't a new idea. Back in 2005 Jakob Nielsen wrote about the power of defaults. While the article starts out talking about search engines it does get into other interfaces. At that point it notes:

Users rely on defaults in many other areas of user interface design. For example, they rarely utilize fancy customization features, making it important to optimize the default user experience, since that's what most users stick to.

In this case, Google optimized the default user experience to send dependency information to them.

This is all made more complex when packages that aren't applications could or should leverage logging. These packages are essentially libraries. Sometimes they do a lot. I find need to be especially true when packages could benefit from debug level logging. As someone pulling packages in that depend on different logging packages it can be a bit of an inelegant mess. Next thing you know, applications have multiple dependencies on packages that do the same thing. Like Kubernetes which depends on 5 logging packages.

Logging is just one example of this problem. There are many others. Most recently I was looking at metrics.

We can do better.

Going Where Others Have Gone Before

PHP, the extremely popular and often decried language, used to have a similar problem. There were frameworks and "platforms" that were mostly separate from each other. Zend, Symphony, and Drupal are just a few examples. If you wanted a package that did something you needed to look for a package in that ecosystem to make sure there was API compatibility. Functionality wasn't portable due to API differences.

To try and solve this problem the PHP Framework Interoperability Group (FIG) was created. People with a vested interest from different projects came together and created a set of PHP Standards Recommendations (PSR).

Often the PSRs are interfaces, like the Logging Interface. When this happens there is a package that can be imported with the interface (like the log one).

Their message is pretty clear:

Welcome to the PHP Framework Interop Group! We're a group of established PHP projects whose goal is to talk about commonalities between our projects and find ways we can work better together.

Go Could Use The Same Thing

Go could use something similar. What would working in Go look like if there was a set of Go Standards Recommendations (GSR) for Go APIs to functionality like logging, metrics, tracing, and other things? There are some obvious benefits:

• You could have one package implementing a piece of functionality and inject to other packages that need it
• If a package is no longer maintained it's straight forward to swap it out for another package
• When someone wants to start a new project in a common area it can be easily used
• Smaller dependency trees in applications and less repeating
• Testing and mocking becomes less work and easier

Is it time for a Go Package Interoperability Group? I believe it would be a benefit to those building packages and applications in Go.

By this time I expected people to be migrating from Dep to Go Modules. What I didn't expect was the number of people still using Glide.

Glide Usage

There were some blocking bugs in Glide that pushed me to release v0.13.3 with bug fixes. When I did that I took some time to look at Glide usage. I was surprised at the amount of usage.

Here are a couple data points:

• Via brew, the macOS package manager, there were over 70,000 downloads in the past year. In that time period there was only one release. Over that time the downloads were at a consistent rate and did not go down.
• On weekdays there are more than 900 unique clones on average.

While data points like these don't provide a comprehensive picture, they provide some insight into continued use.

Note, I do wish GitHub provided download numbers for attachments to releases.

The Future of Glide

Go Modules are planning on exiting being an experiment (a.k.a. going generally available) with Go 1.13 and Dep will be archived shortly after.

Glide hasn't been actively worked on since Deps early days. The Glide maintainers are busy on other things.

You can see where this is going.

Unless major issues arise in modules that necessitate more tooling I would expect Glide to stay in the same state it's in.

Thanks For All The Use

I want to take a moment to thank everyone who used Glide. It had more use than I imagined it would. It delights me that it was useful enough so many used it and continue to use it. Thanks for picking up Glide and putting it to good use.

When it comes to cloud providers with multiple regions and availability zones in each region it can be easy to think that leveraging those with distributed applications is enough. But, as recent events have highlighted this is often not enough. To illustrate this let's look at two examples.

Digital Ocean Locks Service

To improve performance in their service, Raisup has a script that ran every 2-3 months. It was a sudden increase in resource usage. Digital Ocean (DO) has automation in place to try and catch malicious actions (e.g., someone hacking an account and using it to mine crypto currency with someone else paying). DO locked the Raisup account. It took their service down.

I've seen numerous reasons for cloud provider accounts to be locked. Sometimes it's accidental, sometimes it's a hack, and it can hurt an organization every time.

In a good multicloud setup the system can detect when the service in one cloud goes offline and direct traffic to the service in the other provider. The customers still have the service.

Google Cloud Outage

Google is known for their reliability. They tend to do an amazing job with keeping their services online. But, on June 6, 2019 there was a major network outage. This took down Google services and those running in Google Cloud in a variety of regions. Yikes.

This didn't just impact watching cat videos on YouTube. There were examples of IoT locks on homes not working because they relied on a web service. That may be inconvenient for adults but can be a real problem when kids or the elderly are involved.

This is just an example. Amazon Web Services and Microsoft Azure have had outages, too.

No service provider, no matter how large they are, is impervious to outages.

Multicloud Is More Fault Tolerant

There is some added complexity with setting up a multicloud environment and there may be some additional costs. But, a good multicloud setup can avoid these outages. Multi-AZ applications are resilient to AZ failures. Multi-region apps are resilient to region failures. Multicloud applications are resilient to whole cloud provider problems.

They don't have to be that hard, either. For example, you can install Kubernetes in each location and run your application there. The install into Kubernetes is portable from one Kubernetes instance to another.

These labels names are not a Helm-ism. Rather they are called out in the Kubernetes documentation. This is a Kubernetes-ism. One that has a lot of valuable information in the context and reasoning.

Where Did They Come From

For a long time there was no documentation or standard practice on these sorts of labels. That meant that different people used different conventions. This was terrible for interoperability between tools.

One of the goals of the now completed Application Definition Working Group (App Def WG) was to make interoperability better. This would help people who wanted to deploy with Helm and view the app in a dashboard. Or, it would help people if they wanted to migrate between tools. Or any number of other actions. If multiple tools speak the same labels it's good for interoperability and end-users.

We'll come back to end-users in a moment because they are really important.

In the labels the app.kubernetes.io is a prefix. The prefixes need to follow DNS rules and the long standing pattern is to spell out Kubernetes rather than use the shorter k8s.

In the documentation on labels it also says:

If the prefix is omitted, the label Key is presumed to be private to the user. Automated system components (e.g. kube-scheduler, kube-controller-manager, kube-apiserver, kubectl, or other third-party automation) which add labels to end-user objects must specify a prefix.

Whether to prefix or not was heavily discussed. It wasn't just a matter of policy. It was about actions that cannot be undone and UX.

When something takes over an item in the global space, without using a prefix, it cannot be easily changed later. That name is in use, has meaning, needs to follow a deprecation policy, and users have expectations on it staying around. This was noticed and talked about.

After performing some research which looked at what metadata tool developers used or wanted to use, a list of names was created and discussed. The list was filtered down, discussed, analyzed, and picked at. Eventually, the final output was turned into the Recommended Labels documentation.

The recommended labels is what Helm moved to. It was a move designed to make Helm more interoperable with other tools.

User Experience (UX)

If you use these longer label names with kubectl you know the experience isn't great. It was a step back. The App Def WG knew that. So, why would they make some UX worse?

Kelsey Hightower, over in a Twitter thread made an interesting comment:

most people can only relate to kubectl, which has its own way of doing things.

A lot of people who have been around Kubernetes are kubectl users. I would argue for Kubernetes to really grow this is going to change. This is something I started to consider when members of the App Def WG brought it up (I wish I could remember who that was).

At the Kubernetes Contributor Summit in Seattle 2018, Brian Grant gave a talk on a Technical Vision for Kubernetes.

In the talk he called out where he believed Kubernetes was in the technology adoption life cycle. After reflecting on this, I think Brian is about right on the location of Kubernetes. We can debate about a little to the right or left but the general area is about right, in my opinion.

For people who use Kubernetes regularly this can be a hard location to consider. Especially for people who pour a lot of their weekly time or have been around the project a long time.

When Kubernetes is adopted by the majority, especially if it gets to the late majority phase, the interactions with the API and the metadata it stores will be different. The App Def WG was not designing for the tools we have today but for the tools that will come. The tools we need to come for the majority.

These tools may be other command line clients, more graphical user interface (GUIs), interactions with other systems, and much more.

This doesn't mean that kubectl will be used less. It should grow in use but be a smaller percentage of the overall API use.

If you're not sure why people would use other tools than those we have today, I would challenge you to learn about the needs of the majority.

As better tools show up for many of the people we hope will come join the Kubernetes party they will need to inter-operate. These labels will hopefully help them do that.

To understand why Helm doesn't break things up, which is a lesson for other projects as well, let's look at an analogy...

Crossing A River

Imagine a group of people needing to cross a river. Some people will just want a bridge to go over the river. Others will want the wood, nails, saw, and hammer to build the bridge themselves. This second group will use the tools to build their own bridge. In addition to the bridge they may build buildings, art, or numerous other things.

Different groups of people will want different things. The first group, that just wants a bridge, may have other things they need to do and there can be many of these people. If they put in the time to each build their own bridge there will be a lot of different bridges. If they had something else to do, such as go to a neighboring village, their time to do that will be less because they put in a bunch of time to build a bridge.

The second group, that wants the parts, will be able to experiment, try new things, and build some amazing things. For them, having the tools to build different things is empowering and their primary effort can often be to create these new things.

Relating To Software and Helm

This analogy showcases different types of people whose goals and needs are different. When developing software it is important to know who the end users are. One thing can't be built to solve all problems for all people.

One of the lessons I've learned is that most organizations are focused on their particular problem space and want the supporting parts to just work. The rise of Software as a Service and Functions as a Service illustrate this. People want to spend more time on their particular problem and not on supporting elements to building a solution.

When it comes to Helm we have identified who our users are. From the analogy, it is people who want to cross the river and not people who want to build things like bridges.

Applying This To Your Projects

If you are building a software project I would suggest figuring out who your users are and what their needs are. This may be very different from your own. I would suggest putting these in writing and taking some time to collect data on these folks.

Knowing what end users need is a great way to apply focus to what needs to be delivered and what would be useful.

With that in mind, let's take a look at the business case for Kubernetes including being a little honest on the rough spots that could have a negative impact.

The Benefits

There are benefits to using Kubernetes that can shift the TCO in a businesses favor. These are guidelines and anyone considering the switch should look at how their workloads and case maps to these guides. Let's take a look at a few of these benefits.

1. Higher Infrastructure Utilization

The way Kubernetes schedules containers can end up with a higher infrastructure utilization than typical virtual machines packaged workloads running under virtualization in VMware or a public cloud.

This is not to say that public clouds or VMware are bad. It has to do with the model. Kubernetes treats a cluster of servers as a single computer where Kubernetes is the operating system. Google, with borg – the precursor to Kubernetes, runs warehouses as computers. The containers are a small unit of work that is intelligently scheduled. Virtual machines are a larger unit of work and the way they handle space and spare cycles is different.

The difference in the model opens the door for scheduling more work on infrastructure leading to greater density. This leads to lower infrastructure needs.

Now, this is a general rule. It's not perfect. There are exceptions due to how workloads run and their needs.

2. Workload Portability

Once you've started using a public cloud you quickly get locked in with the vendor APIs. Using AWS? You might be using cloud formation, AMIs, and scripts in your favorite automation system targeting their APIs. The same holds true if you're in Azure or Google Cloud.

We could look at this the way we looked at Platforms of the past like Windows and Linux. It was a decision to pick one. But, wouldn't it be great to be able to easily migrate workloads from one cloud to another? Wouldn't it be great to be able to negotiate price with a public cloud and run workloads where it's the most cost effective? And, to have a low cost to migrate from one place to another?

If you spend millions per year on cloud hosting, which many do, there is an opportunity to save plenty of money here. Money to re-invest back into the business. Money for profits. Money to fund new ideas. Money for some employee benefits.

A workload in Kubernetes can be run in clusters from varying providers. It's not uncommon for me to run a workload in Kubernetes running in Google's Cloud and then run the exact same workload in Kubernetes running in Azure. I do this today.

Now, there are times where you may want to tweak things in the config per provider. Tools like Helm and the logic it affords in templates let you do just that.

3. Fault Tolerant By Default

In traditional situations applications run on their set of hardware or virtual machines. If something happens to some hardware the workloads running on that infrastructure has issues. That's because application workloads are assigned to infrastructure.

Kubernetes treats infrastructure, including numerous servers, a computer with hot swappable parts. For example, if a virtual machine running some workloads as containers fails then Kubernetes will schedule the work elsewhere.

As long as you run a multi-node cluster you get this fault tolerance out of the box.

The Risks

As with any system there are risks everyone should be aware of. These are the state of Kubernetes as of the writing of this post and they are being actively worked on.

1. Software Services

When we run applications we often will use a Software as a Service for things we need but are not our core competency. A common example is using a database such as MySQL. Why operate it yourself when you can get it via an API request where someone else makes sure it's running?

There are many common services that all of the major public clouds offer. Yet, each of them does so with a different API. That means to get to that service you need to speak the API of the cloud provider before that common API, such as the MySQL one, is available.

This is a pain point for portability.

Kubernetes sought to solve that with the Service Catalog built on the Open Service Broker. This work does provide some portability. But, it lacks good support for all the major cloud providers, it's development pace has slowed, and there are some cross cloud issues still open.

It does provide a means for some portable services use between providers.

Unfortunately, the current path – driving largely by the cloud vendors who have focused on their APIs – has not moved quickly enough for the users. Due to that it's still an open risk and one we are working on new plans to mitigate. If you want to be involved please feel free to let me know.

2. Developer Tools and Documentation

Kubernetes is hard. If you're used to Cloud Foundry, where you can have a few lines of YAML to describe an application, the hundreds you'll need in Kubernetes can seem hard to grasp.

The Kubernetes project is not trying to directly address these. Instead, this is a space for the ecosystem of projects around Kubernetes. Developers have their own styles. That's why we have Ansible, Chef, and Puppet. That's why there are famous debates on Vim vs Emacs. The Kubernetes project can provide a kernel but it cannot make everyone happy.

This is a space where there are many ecosystem projects such as Helm, Telepresence, Draft, Kubeless, and many many others. You can learn about many of them in the CNCF Landscape.

This is a risk because the space is not mature. Many of the technologies still have a long way to go and the documentation around them is not all that great.

To mitigate this risk we need more tools by application developers for application developers and more documentation and books teaching people and making it easier. This is going to take more time.

Conclusion

This is where you need to draw your own conclusions. Will it be cost effective and useful to adopt Kubernetes? If you want to change people's minds a good place to start is with a business case that highlights the value for your organization. Hopefully these points help you with that.

Support!

When a company is spending millions – an all too common number – on a cloud service provider they typically want to have good support. If something breaks you might need to make a phone call. If you find a bug you might need a path to report it and find out the status on it. You may even want to have people to lobby for features.

Consider this, if a consumers cable Internet goes out they have someone to call. There they can find out status on things being resolved. They may even talk with a real person to help them with a problem. This is a consumer grade support.

Shouldn't a business grade service at least offer this level of support? It may come in different ways. For example, a status website with updates or someone online documentation explaining how things work. This isn't enough for business grade. There are still cases where someone has an issue with their account that's not common or they find a bug where they found an edge case. I've personally run into both of these situations across multiple major public clouds. For these cases there needs to be business grade support for those businesses.

This is a request because not every major public cloud does this well enough.

Standard APIs

Public clouds are more like operating systems than utilities in the way people interact with them. Consider this, in the US I get electricity at a standard voltage at a relatively standard frequency coming to my home. It doesn't matter who the electricity provider is. To work with that power I can buy appliances from many companies, switches and outlets from still others, and everything works interchangeably. I can even take pieces from one place and hook them up in another. The interfaces and interactions are all in common specs.

This common spec scenario serves customers.

Public clouds have their own APIs. Building applications for them can be as different as building a Windows and Mac application. They are different platforms. This helps enable vendor lock-in. It serves the vendors.

But, many companies have a policy of no single source providers. This isn't an IT policy but a company policy. Any major item in their logistics pipeline can't be sole sourced. That means many IT departments needs to work with more than one cloud provider.

This is, in many ways, a good thing for consumers. But, that's a story for another time.

Here's a common annoyance to prove my point. How annoying is it to write object storage integration for each major public cloud into apps? It's incredibly annoying. There are now at least 3 different APIs, and some would argue more, that need to be supported by numerous apps. Why can't we have standard APIs?

When Helm moved to a Developers Certificate of Origin it meant those little changes made in the GitHub UI now needed a DCO signoff to pass. Remembering to add that and what exactly to type is a bit of a pain.

So, Scott Rigby who is one of the charts maintainers went and made a browser extension for that. It runs in Chrome and Firefox. Once installed you go to the preference to add you name and email address. After that the GitHub UI commit screens will have the DCO signoff pre-filled for you.

If you deal with DCO signoffs and the GitHub UI there is now an extension for that. Thanks Scott.

To make it easier I created an alias so I can use git cs and it will commit with signoff.

To create the alias I ran the command:

$ git config --global alias.cs 'commit --signoff'

After that, I had an alias I could use when using a signoff.

On the Helm project, especially on Charts, we have a lot of this work. Reinhard Nägele (a.k.a. unguiculus) is far and away the one who has done the most to chop wood and carry water.

Contributions to open source can be seen in ways beyond those measured by GitHub. To help us see those contributions the CNCF has developed DevStats.

The image below is a snapshot from the DevStats developer contributions for Helm. Reinhard Nägele, seen here by his GitHub handle of unguiculus, is in the top spot by a wide margin. He got there by chopping a lot of wood and carrying a lot of water.

Reinhard, if you're reading this, I hope you know how much we appreciate all that you've done and continue to do.

The Short Answer

Simon Wardley recently posted a short explanation to Twitter. He's an analyst who has been following and mapping these technology trends.

X : Can you explain what is serverless?

Me : The definition I use? Serverless is an event driven, utility based, stateless, code execution environment.

While this is the gist, there are still many more relevant questions.

The Server In Serverless

Software runs on a computer. When we use a cloud provider the code is running on a server. So, why is it called serverless?

The short answer is that the developer, the person who deals with the business logic, does not need to be concerned with the server. The service provider handles it. This is about a contract and defined communication (API) between two parties who handle separate concerns.

The developer working on the business logic can focus on their business logic. The provider, who has to operate serverless instances across many people and for many reasons, can focus on running the workloads.

Does it run in a virtual machine, in a container, inside a custom V8 setup, or something else? That's an implementation detail the provider is concerned with. It could change over time. They could even run them in different ways in different environments. It's a detail the provider can choose, change, and iterate on.

This could cause concerns over stability. What if an environment change caused a bug? For example, moving a JavaScript function from a virtual machine running node.js to a worker in V8. This would be on providers to ensure any change was handled well or loose customers and business. This is where service-level agreements (SLAs) can provide some level of trust, enticement, and safety net.

There are known advantages. For example, when a system security issue is found the provider can patch it everywhere for everyone rather quickly. No need to wait on all the service users.

Events

Another aspect of serverless is that the application does not have a server. For example, that means the application logic does not have a web server waiting for requests. Instead, a unit of work executes when an event occurs.

Many things can trigger an event. Here are some examples:

• A web request to an API gateway (e.g., the Amazon API Gateway). They run this so everyone else does not have to
• A time of day or regular interval (Cron)
• A cloud provider internal event (e.g., a file uploaded to object storage)
• A log entry (e.g., 12 Factor treats logs as event streams)

With no application server it become the job of the provider to execute the code when the event comes in. The provides an opportunity for service providers to optimize how this happens and change it over time.

For example, if an event only happens once per day the code may sit in storage and not in memory except when it's needed. Here no RAM or CPU is used unnecessarily. The provider can optimize around how it's loaded and run.

If the event is triggering regularly the provider can optimize for that. For example, the machine running the code can keep it ready to execute. Or, if the application is seeing a lot of scale the provider can scale machines handling this function horizontally.

These forms of optimizations are something providers can focus on. They may even boast about their capabilities like Cloudflare recently did.

CloudEvents

Because so many providers are jumping on the serverless bandwagon and they have been doing so with differences in their APIs, the Cloud Native Computing Foundation (CNCF) has stepped in to come up with a common event specification knows as CloudEvents. The idea is to have a common open specification rather than many different proprietary ones.

At KubeCon/CloudNativeCon EU 2018, Kelsey Hightower gave a demo using CloudEvents that had a file uploaded to AWS S3 cause an event that ran in Google Cloud that translated the text of a file and uploaded the translation to S3. All while handling authentication. The demo uses a fair amount of demo code but highlights the possibilities.

FaaS and Containers

The most common form of serverless is Functions as a Service (FaaS). AWS, Azure, and Google Cloud offer these out of the box. AWS calls these functions lambda.

Functions can run in a variety of places. For example, hey can run in general computing environments and can run on edge nodes. It all depends on what the provider offers. Both AWS and Cloudflare provide a means of running functions at the edge.

One of the current drawbacks to FaaS is the functions need to be uniquely crafted for each provider. This creates a form of vendor lock-in.

As an alternative to pure functions, containers are starting to show up on the serverless scene. A container image can hold what is needed to execute on an event. When an event occurs, a container can be started, receive the event, and perform the action before being shot down when completed.

There are both advantages and disadvantages to using a container instead of a pure function. For example, a container image can more easily encapsulate dependencies but limits the providers ability to innovate around the running of the workload.

Brigade, especially when paired with Azure ACI to handle billing per use, is one example of a platform that provides container based serverless.

Why Not PaaS?

This sounds similar to a Platform as a Service (PaaS). There are some definite similarities. For example, the application code is handed to a PaaS and it figures out how to run it. Does Heroku use Docker or LXC? It doesn't matter because that's an implementation detail. The interface is around the application code.

There is one important difference. Applications in a PaaS present a server and are expected to be running in a way to accept connections. In serverless there is no need to run that server. Things happen based on events. The system to accept the event (e.g., HTTP request) is outside the code the application needs to supply.

Developer Benefit and Experience

There are some practical elements to the developers experience worth highlighting.

• Applications are written in a way that can scale horizontally really well
• When the service goes down it's the responsibility of the provider to handle getting it back up. There's less work DevOps folks handling the business logic are going to be paged for
• Payment is often based around when business logic runs. That time where a server is sitting idle isn't billed for because it's being used for something else. This has lead to some services being able to drastically lower their recurring bill
• Most of the serverless providers have their own APIs. This leads to vendor lock-in. The serverless project is attempting to make the experience better but there is only so much they've been able to do
• Some applications, like high performance databases, are not appropriate for serverless. It's not a silver bullet

Conclusion

Serverless provides a different paradigm from the way many applications are written. This can, sometimes, be useful. It's worth having in any developers tool belt.

Kubernetes Is Complex

Before we talk about managing complexity we need to look at the complexity itself.

Earlier this year there were a number of posts and conversions on social media about Kubernetes complexity. There was an article in The New Stack that briefly covered it. There is a nice section in the article that hits home with the situation:

“Kubernetes was designed by systems engineers, for systems engineers,” stated Kate Kuchin, an engineer with Heptio, during the last KubeCon. “Which is great, if you’re a systems engineer. For the rest of us, Kubernetes is really, really intimidating.

Not everyone is a systems engineer. Not everyone needs to think about systems engineering problems. Julia Evans, on the Stripe blog, did an excellent job highlighting this thinking in her blog post titled "Learning to operate Kubernetes reliably". In the section Making cron jobs easy to use she notes:

Our original goal was to design a system for running cron jobs that our team was confident operating and maintaining. Once we had established our confidence in Kubernetes, we needed to make it easy for our fellow engineers to configure and add new cron jobs. We developed a simple YAML configuration format so that our users didn’t need to understand anything about Kubernetes’ internals to use the system.

The engineers working on business logic who needed cron jobs didn't need to know anything about Kubernetes to run them. Their scope isn't systems engineering. Stripe came up with a solution that hid Kubernetes knowledge away to make it simpler for those engineers. They managed who had to deal with which parts of the complexity. Application engineers didn't have to deal with systems engineer tasks or the knowledge to do them.

Everyone Is Trying To Manage Complexity

DHH, the creator of Ruby on Rails, recently gave a keynote at RailsConf. His tweet, with a link to the video on it, highlights what the talk was about:

My RailsConf 2018 keynote about conceptual compression, liberating the best ideas from the grasp of complexity, the beauty of leaky abstractions, how our industry is backsliding, and facing alienation from the product of our labor. – DHH

The keynote directly targets managing complexity. Managing complexity is a common problem that's not unique to Kubernetes.

I like to think of it in terms of a separation of concerns. Who needs to be concerned with what? Chip designers aren't concerned with with app business logic and vice versa. There are different concerns that all apply to making the same thing work. Some concerns are far enough away we may not even think of them.

In the cloud space there are some more practical example separations that reduce complexity:

1. If you use an IaaS to manage your infrastructure you don't have to be concerned with racking and stacking of hardware. There is no need to think about network cables, switches, cooling, or those other concerns. The complexity and knowledge to handle it has been cleanly separated into layers that communication over an API
2. Functions as a Services, a subset of serverless, also push on this separation. Serverless isn't really server less because the code has to run somewhere. But, for business logic developers it is a case of I don't need to be concerned with servers. A separation of concerns has been clearly defined and an API put in place to manage communication

In both of these cases complexity is managed by separating concerns and defining channels of communication. Those on each side of the separation can focus on their part of the problem.

Application Complexity

On the Helm website under the section "What is Helm?" we have our basis for the conversation on complexity.

Helm helps you manage Kubernetes applications

The basis for a discussion on complexity management with Helm and Kustomize needs to start with applications. Managing the complexity for operating Kubernetes itself is an entirely different issue.

When it comes to managing complexing we should look at who needs to manage it. Here are a few roles:

• Application developers - the people who write the business logic for an application. The applications they write could be run in Kubernetes, on a VM, or somewhere else. Their focus is on the business logic
• Application operators - those who need to operate an application in an environment
• Environment developers and operators - the systems engineers who build and operate an environment like Kubernetes, Mesos, or even a public cloud

How much complexity do different people need to know. Do application developers need to know much, if anything, about Kubernetes? Do systems engineering handling the environment need to know how to write a modern we app? If we manage the complexity well we can separate the concerns.

MySQL Complexity Example

Examples help this to hit home and a common example is the long standing MySQL. MySQL is a great example because it is in wide use, can run in a container, VM, or on bare metal, and fits nicely with our next example.

To operate MySQL in Kubernetes is the job of the application operator role. This person needs to know both business logic for the application and how the environment (Kubernetes) works.

When it comes to the business logic they don't need to know everything. But, they do need to know how to configure it including handling things like replication, backups, and performance tuning.

To operate MySQL in Kubernetes they don't need to know everything about Kubernetes. Rather, they need to know about a handful of features around running workloads, using storage, and exposing services. They may also need to know how to handle running the application in different types of environments. You can't easily run MySQL the exact same in minikube as you can in an HA environment.

Their expertise is where the two things come together. A bit of the layers above and below them in the stack.

Complexity Of Operating WordPress

WordPress is a common example people are familiar with. It also depends on a database allowing us to look at the next level of complexity.

Like MySQL, an application operator needs to know the business logic of WordPress and the workload features of Kubernetes to make it run. But, WordPress depends on a database. That means someone needs to know the business logic of running the database and how to run it in Kubernetes. Is that the same application operator that's handling WordPress? Is there a way to encapsulate the complexity for a database, like MySQL, so the WordPress application operator doesn't need to be a MySQL operator as well?

With something simple, like WordPress, it can be easy to put it all on one person. But, what if the system has 10, 20, or more moving parts? The explosion of microservices means this is not uncommon.

Helm, Kustomize, and Complexity

Managing knowledge and complexity are a bit different between Kustomize and Helm. With all of this background we can now talk a little about them.

Helm

Helm encapsulates the components needed to operate an application into a package called a chart. The interface to the chart is a set of properties that can be passed into the chart at the command line or in a file. Helm charts are semantically versioned based around the API change to this values file.

In a chart, the business logic for the application and operational knowledge for Kuberentes are bundled so that the consumer of the chart does not need to know those details.

Helm charts can have dependencies on other charts. For example, a WordPress chart can depend on a MySQL chart. It does so using version ranges. The parent can capture properties and pass them to the dependency. Dependency handling logic, such as a decision to use a SaaS database or a dependent chart, can be handled through this interface as well.

Helm charts provide a means of handling complexity by separating the concerns into packages with an API. The flexibility is there to handle situations such as running WordPress in a public cloud while using a SaaS in production and letting a developer in minikube use a locally run MySQL server via a dependent chart.

Helm intentionally focuses on application operation, separation of concerns, and managing complexity.

Kustomize

Kustomize takes an entirely different approach. Since Kustomize is not a direct competitor to Helm this isn't the case of one should win out over the other. It's a matter of knowing how a tool does things to know when to use it.

The tag like for kustomize on GitHub hints at the purpose:

Customization of kubernetes YAML configurations

The introduction to the Readme continues this idea where it says:

kustomize lets you customize raw, template-free YAML files for multiple purposes, leaving the original YAML untouched and usable as is.

kustomize targets kubernetes; it understands and can patch kubernetes style API objects.

With the focus on Kubernetes and Kubernetes style API objects it's worth asking who that is for? Helm noted it starts with application management while kustomize starts with an API object style. Not telling us who the user is means we have to try to work that out.

In our earlier list there are two obvious roles who are concerned with these types of file. They are the application operators and Kubernetes operators. Since we are focused on application operation here I'm going to focus on that.

If an application operator has to manage their application they have to work with Kubernetes API objects and kustomize is a powerful tool to do that. But, this is about managing complexity and not about the direct ability to work on YAML.

To manage complexity we can look at a couple cases.

Dependency Handling

If we look at the WordPress example and have a dependency on a database how would that be handled? Kustomize works on Kubernetes API objects so you have those for the dependency in raw long form. That means a database dependency has one directly working with the raw configuration for a dependency.

To make changes to a dependency you need to understand the business logic for it and to change the YAML accordingly. Kustomize provides the tools to patch the YAML files and to patch them differently for different environments.

The way kustomize works exposes you to all the raw complexity of the dependency tree. Instead of encapsulating the complexity it puts it all on display and enables you to make changes to any of it.

For some, this is an exciting capability. If we're looking to manage complexity it doesn't so much help us. For some people in some situations this is ok. That's an organizational decision.

Handling Situational Logic

We already noted the case of using a database as a service when running in production and running a local database for local development. Doing this requires different configuration. In one case your application needs a URI for a database and in other situation we need the Kubernetes API objects.

Handling these differences with kustomize is currently an exercise for the application operator to work out with other tools and processes. Encapsulating these situations is not handled.

This, again, highlights that kustomize isn't providing a means to encapsulate complexity but rather puts it all on display and looks for other elements to manage that.

This also highlights how Helm and Kustomize are not direct competitors. They do different things and do them in different ways.

Summary

I believe it's worth an organization looking at how it manages complexity. A goal should be to make things simpler both in terms of daily working complexity and in terms of how much complexity is being worked on at a given time.

There may come a time where we work out how to have kustomize and Helm work together. This is a possibility.

Personally, when it comes to managing application operation I would use Helm charts. It provides a nice way to encapsulate complexity and enable it to work with other parts with higher level applications. Though, I am biased as I am a Helm maintainer. So, take it with a grain of salt.