Attending KubeCon + CloudNativeCon North America is an opportunity to look beyond the “hey, we just launched an AI tool” hype and really find out what’s driving cloud-native software application development. If we had to say it in just a handful of words (and we can skip the term open source, obviously) cloud-native progression is now driven by the combined forces of agentic AI orchestration, security administration, patent troll eradication, developer certification and platform engineering elevation. But even that’s too much for a t-shirt slogan, so please allow us to weave through a selection of major happenings and updates now manifesting themselves at platform, network and toolset levels.
Utah’s snowbound capital city of Salt Lake City played host to this year’s conference and the drive to gain “share of voice” above the other 800 or so partner organisations logged as members of the Cloud Native Computing Foundation (CNCF) and the Linux Foundation (LF) is a big ask, even for the big guns. Let’s start at the core and listen to what the CNCF & LF are most focused on.
As always, the CNCF & LF want to champion project involvement (at any level, including non-technical domain-specialist involvement from people in the business function) and of course, the need to champion the erstwhile project maintainers who help promote systems of meritocracy for all users. More specifically, there’s a renewed focus on cloud-native security because organisations must now integrate zero-trust architectures and supply chain security practices across their entire tech stack. As Kubernetes now celebrates its 10-year anniversary (they call it KuberTENes, cute right?), there is also a key focus drilling into platform engineering & AI development at every level.
“Over the last 10 years, Kubernetes has become the backbone of modern application deployment and has changed the course of innovation. Kubernetes was the first project accepted into the CNCF Incubator in March 2016 and remains the top project in terms of contributor velocity. It is the bedrock of the cloud native movement and is quickly becoming the go-to architecture to automate the orchestration of high-performance AI workloads. The next 10 years of Kubernetes will power the AI revolution,” stated the CNCF, at its central press conference presentation this year.
The CNCF and Linux Foundation both went big on the fight against patent trolls this year. They launched a series of crowdsourced “prior art” contests in which cloud-native developers can earn prizes by helping the technology industry to defeat patent trolls. Software application developers and associated parties are being asked by the CNCF whether they are aware of any publicly available materials and prior art related to a patent filing of an invention detailed here at this link.
The CNCF remind us that prior art is a legal term that refers to technical know-how that predated the patent application. Prior art can be used to invalidate or weaken a troll’s patent by demonstrating that the patented invention already existed and wasn’t “new” when the application for a patent was filed.
What are patent trolls?
A patent troll as an organization or group that obtains the rights to one or more patents in order to profit by means of licensing or litigation, rather than by producing its own goods or services. They typically never actually make the product, they just sit on the patent and the organization (in the case of the ones the CNCF and Linux Foundation combats) would generally never have used Kubernetes or any of the leading open source technology platforms and tools.
According to Investopdeia, “While the practice of patent trolling is not illegal, a company that acts as a patent troll files patent claims without any intention of ever developing a product or service. The end result is bad faith infringement threats and licensing demands that require companies to spend a significant amount of money to settle these claims without any addition to the public good. A patent troll may also be called a patent shark, dealer, marketer, or pirate. A patent troll operation may be called a patent assertion company, entity, or a non-manufacturing patentee.
OpenTelemetry Certified Associate (OTCA)
The CNCF and Linux Foundation also announced the launch of the OpenTelemetry Certified Associate (OTCA) certification to try to help application engineers, DevOps engineers, system reliability engineers, platform engineers build skills in OpenTelemetry.
For those asking: what is OpenTelemetry? This is a technology that has been engineered to allow software application development professionals (typically those in cloud-native and observability roles) to monitor and evaluate the performance and health of cloud-native applications across distributed complex infrastructures.
The certification here is all about validating essential skills in setting up and using OpenTelemetry to monitor distributed systems, covering trace, metric and log collection, which (so says the CNCF) helps when teams are troubleshooting and optimising performance. It is also argued that certification helps tech practitioners to progress in DevOps, SRE and cloud engineering roles by demonstrating expertise in this observability tool.
“Modern cloud native systems can be complex to manage if an organisation lacks the necessary telemetry data and visibility into their varied layers,” says Chris Aniszczyk, CTO, CNCF. “OpenTelemetry has come a long way to mature open source telemetry technology and specifications to benefit all. Our new OpenTelemetry certification supports our goal of educating and promoting best practices for cloud-native observability.”
Dapper Dapr
Other significant news from this years show was related to Dapr, (Distributed Application Runtime) a technology used as a portable runtime for developers to build distributed applications that run across cloud and edge computing environments. Dapr now celebrates its graduation to full-blown CNCF project status and in terms of working functionality, it provides integrated APIs for communication, state and workflow for building production-ready applications. Dapr makes use of best practice security techniques and also offers resiliency and observability.
First released as a Microsoft project in 2019, Dapr was accepted into the CNCF Incubator in November 2021 and has now grown to over 3,700 individual contributors from more than 400 organistions.
“Dapr has a single mission: to meet the emerging needs of developers and solve the most complex problems in distributed computing,” said Yaron Schneider, Dapr maintainer and steering committee member and CTO, co-founder of Diagrid. “The project has done very well in helping application developers navigate the complexities of cloud-native architectures, and the engagement with the CNCF community proved to be an amazing catalyst for the project’s growth and maturity.”
CNCF CTO Chris Aniszczyk says that Dapr provides a “comprehensive solution” for developing edge and cloud-native applications, saving developers time and freeing them to focus on innovating. The Dapr control plane, which, among other capabilities, deploys Dapr sidecars for each application, is hosted on Kubernetes and is deployed with Helm charts.
The age of platform engineering
Not always an organisation known to save the best for last, day 3 of KubeCon + CloudNativeCon America 2024 saw the CNCF table what was (arguably) the biggest news of the show if we take it as a wider trend that has the potential to impact all enterprise software application development in the immediate future. The CNCF has now announced momentum around cloud-native training and certifications for platform engineering roles.
As the tech community is now increasingly aware, platform engineering is on the rise, but what is it?
“Platform engineering is the discipline of designing and building toolchains and workflows that enable self-service capabilities for software engineering organisations in the cloud-native era. Platform engineers provide an integrated product most often referred to as an Internal Developer Platform (IDP) covering the operational necessities of the entire lifecycle of an application. An IDP encompasses a variety of technologies and tools, integrated in a manner that reduces the cognitive load on developers while retaining essential context and underlying technologies,” explains Luca Galante on platformengineering.com recently.
Platform engineering teams are able to use groups and sets of software application development assets and capabilities such as developer starter kits, regulatory guidance and other specialised services relating to DevOps, DevSecOps and AIOps. It’s all about the creation of a platform for developers to build and host applications and business processes. The discipline itself has emerged in response to the increasing complexity of systems designed according to the criteria of cloud-native architectures. As noted above, an IDP is an internal corporate tool that acts as an abstraction layer between developers and the systems they interface with.
“Platform engineering teams are no different from a normal product team in the DevOps era. The figures usually present a series of SREs (Site Reliability Engineers), DevOps Engineers and product managers. They all work together to select and integrate suites of products and technologies, they define technological and methodological approaches to solve a range of problems that are part of the day-to-day life of their company’s developers and architects, and they create workflows and logic that suit their organisation. Like any product team, a platform engineering team and its engineers conduct market research, solicit feedback from their users and work on getting the IDP they created adopted internally to maximise the impact and productivity gains throughout the organisation,” says the CNCF, in its blog.
New platform engineering-specific certifications from the CNCF now include: Certified Cloud Native Platform Associate (multiple choice exam) and Certified Cloud Native Platform Engineer (hands-on exam).
The Certified Cloud Native Platform Engineer series will cover many areas within the cloud-native landscape including CI/CD, observability, developer experience, automation and orchestration etc. The three new project-specific certifications: are Certified Backstage Associate (CBA), OpenTelemetry Certified Associate (OTCA) and Kyverno Certified Associate (KCA). The CBA is available immediately. OTCA and KCA will be available by the end of 2024.
Data dilemma, or developer opportunity?
In summary, there is much going on at the Cloud Native Computing Foundation and the Linux Foundation with all its subset sister foundation functions spanning education to regulation to certification and so on. With some 203 projects currently running that originate from 193 countries, it takes a body (or bodies) of considerable girth to be able to act as the “janitors, roadies, advocates and cleaners” (as Linux Foundation executive director Jim Zemlin puts it) of open source.
Doesn’t that all sound like a lot to swallow?
In some senses, it might sound like an insurmountable challenge. If a given software development project has to decide between the use of open source vs. proprietary large language models, then decide where and when to put data guardrails in, then have to form a concoction between all the data engineering management functions that will be needed from memory requirements to data ingestion controls to compute requirements to observability and so on… and then decide whether all those elements of the software stack need to be performant in an on-premises environment, in the public cloud or out on the edge (or some combination of all of the above), then that’s a lot of system architecture that needs to be decided upon. To play devil’s advocate, let’s also imagine that this team of essentially open source software engineering professionals also have to think about how they might have to jettison and retire the use of some projects that will always inevitably be about to be officially archived, then that’s a lot to deal with.
With all that to take on board (and obviously we could have listed a whole load more components and considerations), wouldn’t that start to sound like a solid justification and validation for the use of platform engineering with all the developer starter kits, automations, pre-engineered regulatory controls and so-called “golden paths” that lean on proven and tested development practices for these complex cloud-native systems?
Well, spoiler alert then, umm, yes, it probably does.