Cloud Native Weekly #10: Cloud Governance
Discover more from Cloud Native Weekly
Cloud Native Weekly #10: Cloud Governance
Let's look into Cloud Cost optimisation and Governance in this post.
In this issue, we will look into the latest updates in the industry and some interesting articles and tools that can be helpful to you.
The market for the past few weeks are really been down and this has impacted various organizations in some way or other. Many of them have laid off folks :( and organizations are optimizing their spending. Those who are laid off — please reach out to your network and you could also get assistance from the Mentoring club.
🏛 Governance and 💰 Cost Optimization in Cloud Native Infrastructure
In every organization, this is typically a day 3 activity and it is required sooner or later, depending on the priorities. In my experience, I have seen small to medium size companies first trying to focus more on innovation cycles and speed using the Cloud and later realizing the unnecessary budget overruns or messy environments. Cloud governance is a niche area with less structured knowledge or tooling around it. Ideally, the cloud provider should have all these techniques built-in and should be provided as a service. Nevertheless, this has been picked up by some of them by providing recommendations. For example, in GCP, you can enable the recommender API to get insights on how you can bring down costs. These insights do not understand your organization’s requirement and thus, you need additional tooling to achieve it.
In context to this, I would like to focus on the governance tools and techniques built for Kubernetes and the cloud.
OpenCost — Kubecost and other industry-leading companies have open-sourced the cost model for multi-cloud and Kubernetes. This can give you granular details of your Kubernetes workload, and how you are spending, and then put necessary controls. This also integrates with public clouds and can be used in an on-premise environment. I found it quite useful to see which resources are overallocated and the bin packing of the workload on the cluster. Kubecost also introduced a controller which can apply the recommendations directly in your cluster. Please take it with a grain of salt because putting very less resources may introduce CPU throttling or OOM errors.
Steampipe or Cloudquery or Resoto - These tools help in consolidating your infrastructure and allow you to query (Some use SQL interface and some have their own DSL) to search through the cloud inventory and allow you to take actions. These products are also used for security auditing, finding garbage in your infrastructure that can be cleaned, etc. In many cases, the plugins and ready-to-consume pre-built modules are available and also can be extended for your use case.
Example of search in resoto and taking action to clean them.search is(aws_ec2_instance) and name =~ "^jenkins-worker-.*" and age > 24h | clean "instance older than 24h"Cloud Custodian — c7n in short, is a CNCF sandbox project to provide governance, management, and compliance for the cloud environment. It supports major cloud providers and comes with various tools to provide a complete package. You can automate the operations and govern them effectively using custodian policies.
kube-downscaler — a nice utility by Henning Jacobs to downscale the Kubernetes resources during off-peak hours. This is immensely useful in bringing down costs in development environments. Read his experience in saving costs at Zalando.
View on eBPF and Sidecar Service Mesh future?
Earlier this year, Cilium introduced a sidecar-less model for service mesh using ebpf technology to reduce the number of proxies and improve the overall efficiency. William M from Linkerd has shared his view on why the sidecar-less model is not successful and what’s the limitations of eBPF in the service mesh. To some extent, I agree with the limitations but eBPF technology is going to improve over time and will provide more coverage.
Cloud-Native Security Whitepaper V2
CNCF has updated its security whitepaper that covers all the layers of cloud native security including the CI/CD. Look at the landscape in the CNCF security space to get further guidance.
5 Technologies to see for Platform Engineers
HTTP3
HTTP3 was standardized as RFC 9114, which is going to improve the performance of the overall Web that you use every day. Robin Marx — one of the core contributors has shared a detailed overview of HTTP3 in this multipart series.
Mentoring
If you are looking for any help with career development or jobs in the cloud native industry, I am available to share my experience with you. Feel free to book a slot and let me try to help you.