The container incubator

The container incubator

A look at the role of the Cloud Native Computing foundation in shaping containers’ ever-accelerating evolution.
Part of
Issue 17 May 2021

Containers

Priyanka Sharma could be excused for feeling daunted when she became general manager of the Cloud Native Computing Foundation (CNCF) in June 2020. She’d been involved with the organization for years, but her assumption of the top role came at an unexpectedly difficult moment. The COVID-19 pandemic posed an existential threat to the CNCF’s popular KubeCon, an annual Kubernetes conference typically attended by tens of thousands of people. And that July, Google, a founding member of the CNCF, raised eyebrows when it decided not to transfer control of a state-of-the-art piece of open-source container technology called Istio to the foundation. 

Since Google’s 2015 decision to donate the container orchestration technology Kubernetes to the newly formed CNCF was a central moment in the organization’s founding, observers of the container landscape immediately wondered: Did Google’s move suggest the company was unhappy about its inability to capitalize on its contributions to the expanding world of cloud software infrastructure? Did the software giant intend to go its own way in the future? 

2020, Sharma says, was “very challenging.”

But even as the pandemic ravaged the global economy, the ensuing shift to remote work and online-everything proved a boon for the tech industry. This was generally true for the cloud, as evinced by surging revenue for cloud providers and cloud tool vendors, and for the CNCF in particular. The organization is in the (nonprofit) business of shepherding the evolution of Kubernetes—the “Linux of the cloud,” as CTO Chris Aniszczyk, who is also a founder of the Open Container Initiative, puts it—as well as a host of complementary container-related applications that comprise the essential plumbing of cloud software infrastructure. The pandemic’s acceleration of remote work and e-commerce meant that 2020 was the year “everyone went cloud native,” says Sharma. The CNCF finished the year with significantly more members, more projects, and more contributors. 

In hindsight, the CNCF’s resilience is perfectly logical. If Kubernetes is a “glue” technology that enables fluid interoperability between multiple platforms, cloud providers, and proliferating microservices, then the CNCF is a “glue” organization that ensures interoperability between fierce corporate competitors, hungry startups, a near-infinite universe of end users, and an international community of open-source developers. Making it easy to interconnect is a central feature of both containers and the CNCF, and has the added advantage of ensuring that in a multi-cloud world, no single party can dominate. 

The importance of the CNCF’s role is therefore hard to overstate: It’s a nonprofit, nonpartisan broker at the center of an industry that generates hundreds of billions of dollars in revenue annually and is critical to the future of the global economy. If one of the chief selling points of Kubernetes is that it made possible a world where no single company could monopolize cloud infrastructure, then the same is true of the CNCF. It’s an institution dedicated to ensuring technological diversity continues to thrive in the cloud native ecosystem. 

But does the CNCF’s influence over container technology’s evolution also make it a potent power behind the throne? Such a concern may have helped fuel the Istio controversy in July 2020. According to media chatter, Google, a distant third in the cloud provider business behind Amazon and Microsoft, was rumored to be feeling some remorse over giving up control of Kubernetes, and didn’t want to repeat the mistake. 

Chris DiBona, a Google executive who leads the company’s open-source efforts, has consistently downplayed the significance of the Istio decision. But every move Google, Amazon, or any other key player in the cloud ecosystem makes with respect to the future of containers merits scrutiny; their prevalence in the market means the stakes are high. The CNCF’s rapid growth over the past five years appears to be a prelude to a coming surge in container use—eventually, everything online, from the heart of the cloud to the exploding edge, may be containerized to some degree. The telcos, gaming companies, and internet of things are all poised to be engulfed by Kubernetes and its orbiting satellites. 

As Sharma notes, “There are a lot of dollars involved.” 


The CNCF bills itself as the fastest growing open-source foundation in history. In five years, according to Aniszczyk, it has achieved a level of industry influence that its parent organization, the Linux Foundation, required nearly 20 years to reach. Aniszczyk measures success by metrics that include membership, project, and contributor growth—but, more importantly, he notes, the CNCF is the only nonprofit organization that includes all the top global cloud providers, all of which currently offer Kubernetes as a service. At the same time, it’s responsive to the needs and desires of startups, end users, and the roiling world of open-source software developers. All the players in an industry raking in hundreds of billions of dollars a year are collaborating in a single organization. 

Sharma believes one of the key reasons for the CNCF’s success is that its transparent, collaborative approach reflects the basic principles of open-source software development. “What they say [in the open-source world] is, ‘When you build together in the open, you build better,’” she says. “Because we care about so many different people’s points of view, we end up building better.” 

Crucially, says Aniszczyk, the CNCF “separates business and technical governance.” Paying members get a say in how the overall budget is spent, but technical decisions—such as who gets accepted into the CNCF’s “sandbox” tier and then moves into the “incubating” and “graduation” levels—are made by an elected technical oversight committee, structured so no corporation can exert undue influence. The CNCF’s criteria for moving between different levels requires satisfying a sequence of checkpoints; broadly speaking, entry into the sandbox tier is a sign that the CNCF regards a specific project as promising, incubation indicates the project is gaining traction in the wider cloud ecosystem, and graduation indicates the technology is ready for the production environment.

The most basic criteria for projects the CNCF will bring into the fold are simple, says Aniszczyk: “If you’re a CNCF project, there are some minimum guarantees. You’re going to have an openly governed community with fair rules for trademark usage, very clear intellectual property (IP) policy rules, and no single company can dictate what happens.”

The CNCF’s collaborative, multi-stakeholder philosophy is reflected in the operational reality of container technology. Aniszczyk says Amazon’s historical dominance of the cloud encouraged customers to look for technological solutions that fostered “cloud portability,” or the ability to plug a particular service into multiple different cloud infrastructures. That’s exactly what containers purport to do. 

“When Google made the decision to open source Kubernetes and donate it to the CNCF, they created a massive change in how things were done traditionally,” Sharma says. “Suddenly, here was a key technology that was really good at container orchestration on different platforms. It made multi-platform possible. Kubernetes became the backbone of what we call multi-cloud.”

By 2017, only two years after the CNCF’s founding, Kubernetes was widely perceived as a core technology of the container universe, achieving a level of popularity equal to—if not surpassing—Docker, the breakthrough software credited with setting off the container boom. Ever since, the race has been on to move up the container tech stack. On the CNCF’s website, an interactive map of cloud native products offers evidence of the myriad elements in the CNCF’s “recommended path through the cloud native landscape.” It includes nearly 900 interconnecting and overlapping container technologies that, together, according to CNCF, boast a market capitalization of $15 trillion. 

The CNCF cites the multiple competing projects in each technology niche as proof that the organization doesn’t play favorites. For example, the service mesh category that includes Google’s Istio is represented by four different CNCF member projects at different stages of maturity: Linkerd, Kuma, Open Service Mesh, and Service Mesh Interface. There seems to be little debate that projects that advance to the incubation stage or are considered fully graduated enjoy a higher profile in the cloud native world. The wide variety of members contributing to the organization, from the physics laboratory CERN to the investment bank Goldman Sachs, suggests the organization is perceived as a crucial part of the larger container ecosystem. 

“There’s definitely a halo effect associated with inclusion in the CNCF,” says Brian Gracely, senior director of product strategy for Red Hat’s cloud native suite of tools, OpenShift. In 2017, Adrian Cockcroft, AWS’s VP of cloud architecture strategy, published a blog post explaining why Amazon was joining the CNCF, highlighting the importance of the “brand endorsement” conveyed by CNCF adoption. 

The organization’s charter forbids it from acting as a kingmaker by labeling any single technology superior to its competitors, and explicitly notes that the organization is “not promoting a single, monolithic stack of technologies.” Both Aniszczyk and Sharma pushed back at the suggestion that the CNCF could be accused of picking winners. “We’re in the market-making business,” Sharma says. “We provide a space for lots of people to come together and [for companies to] compete with each other.”

But, Sharma adds, she’s been on calls “where people have been really upset that their project didn’t fit in [with the CNCF’s] vision,” noting that vendors have told her that “their customers say if the project is open source but not in the CNCF, it doesn’t have the same level of credibility.” 

If that’s the case, then why did Google decide not to donate Istio to the CNCF? Sharma wouldn’t speculate, but the move was clearly unexpected by the wider community. In a blog post, IBM, a major contributor to Istio, professed the choice “disappointing.” Aniszczyk tweeted that he was “perplexed.” Observers wondered whether the decision was an implicit admission that giving up control of Kubernetes had worked to Google’s long-term financial disadvantage.

Google’s Chris DiBona wouldn’t address why the company changed direction on Istio. He notes, however, that Google rarely takes the step of donating a codebase wholesale, trademark and all, to an outside party. 

“The vast majority of Google’s open-source releases are done very simply, without transferring ownership of copyright or marks, typically released under the Apache open-source license directly,” he says. “We’re not talking about a small number of projects, as we have literally thousands of 30-day active projects on GitHub alone.”

DiBona stresses that Google continues to be a major supporter of the CNCF, contributing more financial aid to the organization and more code to individual projects than any other member. He says Google was responsible for 21 percent of all code contributions to the CNCF, including “roughly one-third in Kubernetes.” And, as recently as December 2020, the company committed to renewing an annual $3 million contribution to the foundation. He also dismisses the notion that the company has any regrets for giving up control of Kubernetes. “It worked out pretty well for Kubernetes, the cloud in general, and for Google. Wouldn’t change a thing.” 

Sharma, for her part, says Google has every right to act as it pleases with Istio. “As a company that owns the IP of a certain project, they’re totally welcome and free to do whatever it is they want to do.”

But if there’s a halo effect to membership in the CNCF, one might wonder whether Google’s reluctance to donate Istio implies that in the future, service mesh projects with the CNCF seal of approval might have a leg up in terms of gaining market traction. 

“We shall see, I guess,” says Sharma.


So where does the CNCF, and container technology, go from here?

While Kubernetes gets high marks for its technical capabilities, there’s less rapture for what Aniszczyk tactfully calls the “developer experience.” Developers frequently complain that Kubernetes is complex, with too many moving parts and a forbidding user interface. Docker has been praised for its ease of use; Kubernetes, not so much. There are clear market opportunities for vendors who can simplify the process. 

Aniszczyk and Sharma also cite the domains of security, tracing, and observability as ripe for innovation. There’s a rather ironic contradiction at the heart of container technology: Containers make it simple for a developer to move a newly coded service from their laptop to the cloud, or to connect multiple services together in a multi-cloud environment, but that proliferation of services has resulted in tough-to-troubleshoot complexity. The service mesh niche, for example, is specifically focused on creating a new layer of container infrastructure that brings visibility to how different services communicate with each other. 

Looking further out, Aniszczyk predicts we’ll see the Kubernetes-fueled cloud follow the same trail blazed by Linux. “Linux, back in the day, was a very hobbyist OS, but eventually it ate the data center, the mobile industry, the embedded industry,” he says. “I think Kubernetes is going through a similar transition. People who work in the telecommunications industry or in what we call ‘edge-based’ vendors are like, ‘If I’m already using Kubernetes to run data center workloads, why can’t I use the same thing for edge-based workloads?’”

Aniszczyk’s reference to the edge highlights one of the most intriguing aspects of the cloud’s evolution: Physical location is still important. Latency and bandwidth considerations associated with gaming and streaming, as well as the vast amounts of data produced by embedded sensors and the internet of things, make it increasingly advantageous to have some level of data storage and processing occur near where these services are consumed, a somewhat nebulous region defined as the edge. The search is on to figure out how to containerize what’s happening there—to bring the defining plug-and-play interoperability of the cloud native ecosystem to everywhere it needs to be, from cloud-connected thermostats to self-driving cars to streaming video. 

The CNCF is poised to support it all. Sharma says she’s preparing for an “explosion” of edge-related projects, along with a whole new job category for the “cloud native edge developer.” 

“Kubernetes shook the system up,” she says. “In the past, people assumed you had to be locked in [to a specific cloud provider]. But once you’ve discovered that’s not necessary, you’re not going to go back to old ways. And I think that’s what’s happening at the edge.”

Whether the CNCF acts as a mighty kingmaker or impartial facilitator on this new frontier remains to be seen. But one thing’s for sure, says Aniszczyk. “Open collaboration among peers and competitors in cloud infrastructure technology is here to stay. And it’s only going to continue to grow.” 

About the author

Andrew Leonard has been a technology reporter for 25 years. He also writes a newsletter about Sichuan food and globalization.

@koxinga21

Artwork by

Cornelia Li

corneliali.com

Buy the print edition

Visit the Increment Store to purchase print issues.

Store

Continue Reading

Explore Topics

All Issues