Overcoming the complexity of Kubernetes
Well, it's not just Kubernetes. It's cloud-native and everything else.
There’s the thing you want to do. You want to ship better software faster. So, we adopt X86 and create distributed computing. It grows to become too heavy, so we adopt the public cloud control plane. That thing doesn’t meet all of our needs so we adopt cloud-native. We look back, and the cloud-native thing has to talk to the public cloud thing that speaks to the X86 thing. What a security mess!
We implement certs for each of thing. The only problem, when we scale to the thousands of things, it becomes unmanageable.
You know what will solve the problem? How about a service mesh. Something that issues security certificates to each thing allowing centralized access control, except that thing isn't so simple to administer. At least, according to the random conversation I overheard during KubeCon. An EU government agency employee described the journey to the agency’s 3rd service mesh project.
The moral of the story? All of this is complex. Focus on the things that add differentiated value and outsource everything else. William Morgan of Buoyant talks about the simplicity of relying on a 3rd party.