Kubernetes 1.9 includes powerful admission extension abilities that are part of the golden principles Kubernetes is being built on – you want to look for those principals in other solutions you are considering.
What is Admission?
Admission is the phase of handling an API server request that happens before a resource is persisted, but after authorization. Admission gets access to the same information as authorization (user, URL, etc) and the complete body of an API request (for most requests).
What are they good for?
Webhook admission plugins allow for mutation and validation of any resource on any API server, so the possible applications are vast. Some common use-cases include:
Mutation of resources like pods. Istio has talked about doing this to inject side-car containers into pods. You could also write a plugin which forcefully resolves image tags into image SHAs.
Name restrictions. On multi-tenant systems, reserving namespaces has emerged as a use-case.
Complex CustomResource validation. Because the entire object is visible, a clever admission plugin can perform complex validation on dependent fields (A requires B) and even external resources (compare to LimitRanges).
Security response. If you forced image tags into image SHAs, you could write an admission plugin that prevents certain SHAs from running.
Here are my VMWorld 2014 notes about the conference’s top new solutions.
Bottom line, I expect most of those features and solutions become popular and although it starts to feel like there is “too much”, that’s our role as IT Professionals, to pick the right tools for use in the right time and place.
EVO: Rail – “Data Center in a Box” – allows hardware and software ISVs to package their multi-suite software appliances into a single kit that includes shrink-wrapped manageability options (no need for vCenter and similar management tools, but they can be used if you have them). All deployed within 15 minutes!
EVO: Rack – “vHardware v2.0“. Yes, “vHardware” is my term to describe the offering of integrated, data center scale hardware to support quick deployment of VMware at mass scale. In the past years it featured products such as Cisco UCS, EMC vBlock, NetAPP FlexPod). I’d say EVO: Rack is the second “vHardware” major effort, now fueled by the new “SDDC” (Software Defined Data Center) standard, including extensible racks including servers, storage, networking (from various hardware vendors) and the complete suite of VMware’s data center management products, all deployable within 2 hours and aimed to allow launching multiple Virtual Data Centers, within a single physical Data Center.
vCloud Air – Allows for easy transparent secure migration of VMs into and from the cloud, or across the world into and from other data centers. The policies, including network and security rules of a VM will migrate with it, and be enforced, no matter where it is migrated to. All based on the new vSphere 6.0 (Beta) engine.
vCloud Realize – Management and monitoring of Operations, Automation, Business, provided on internal external or Hybrid Cloud via vCloud Air.
Contributing to and integrating with Dockercontainers as well as with Google Kubernetes Docker management software, both are becoming a strong standard for agile development, testing, packaging and deploying software. Essentially you can deploy and maintain Docker containers within the well-known VMware management tools, such as VMware vCenter.
vSphere 6 Beta now allows migration of live VMs from one GEO location to another one across the world, providing transparent network access to the VMs without any adjustment of their IP network details independently of the actual local network details for each GEO location, all based on VMware NSX technology)
Policy based deployment and enforcement of SDDC: network, storage, availability, etc. Those policies automate the setup and maintenance of our VMs, and reduces the need to create and monitor operation and monitoring related scripts.
Virtual Volumes (Beta): Using the Sphere APIs for Storage Awareness (VASA), it allows for the offloading of VM operations to the most common storage solutions. For example, creating a VM snapshot can be done by the storage system (EMC, NETAPP, etc), using its own means to do what until now, the VMware ESX server had to do. This complements past offering of VMware’s Virtual SAN, which aimed to replace the need for expensive physical storage solutions, by offering many of the SAN storage features through software on top of economic commodity hardware.
Rapid mobile deployment of apps (temporary desktop) streamed from VMware cloud assisted by the Air-Watch technology. As an example, allows one to send a document that requires a specific APP, to another person. If the receiving party is entitled to use the relevant app, it will be available for him as soon as he tries to open that document.
Federated App / Desktop Delivery via VMware AirWatch. As an example this allows a doctor to securely send a patient health test result to another expert’s mobile device, even though the expert works in another hospital. Only the doctor and the expert can collaborate on this document. All done seamlessly. App delivery and usage is streamed through VMware cloud data centers in the background so it seems delivery is instant.
That’s it for now.
Do let me know what you found out so far (I am still going through the VMWorld Brown Bag sessions).