The software program reliability firm Gremlin introduced three main platform updates on the Digital KubeCon North American 2020 convention this week to make sure customers can safely and securely put together options for failure whatever the Kubernetes platform. The brand new options are: the flexibility to isolate its useful resource assaults right into a single container, assist for containerd and CRI-O container runtimes, and fine-grained namespace entry management.
“Kubernetes is turning into the default technique to construct and function purposes at many enterprises, however together with the benefit of abstraction comes uncertainty,” mentioned Lorne Kligerman, senior director of product at Gremlin. “We’re offering DevOps groups with higher tooling to grasp how their Kubernetes purposes will behave below numerous stresses, resembling when a neighboring container is spiking with site visitors.”
In keeping with Kligerman, as a result of Kubernetes allows the next tenant density on a number and will increase infrastructure utilization, it can lead to a “noisy neighbor” downside for DevOps groups. As an example, scaling or problematic providers can influence each other if they’re in the identical cluster. “If purposes aren’t examined for HPA and useful resource limits, it’s troublesome to find out in case your software is decoupled sufficient to scale out pods independently and to know if noisy neighbors can nonetheless break providers sharing the identical node,” Kligerman wrote in a post.
By isolating its useful resource assaults right into a single container, customers can take a look at particular person pod scaling and useful resource limits, and stop “noisy neighbors.”
The noisy neighbor downside can even end in safety and entry management issues. The brand new fine-grained namespace entry management goals to handle this by making certain solely crew members with right permissions have entry to particular Kubernetes objects. “That is essential to making sure the Chaos Engineering work an engineer is doing isn’t negatively impacting neighboring providers,” the corporate said in its announcement.
Lastly, assist for the container runtimes containerd and CRI-O is making chaos engineering obtainable on extra platforms. The corporate additionally helps earlier variations of Amazon EKS and OpenShift, and added assist for brand new container runtimes to have the ability to assist the most recent variations.
“By supporting these further runtimes, prospects can now run assaults throughout their atmosphere, even when it’s combined, utilizing a single UI and API. This makes testing heterogeneous environments even simpler,” Kligerman defined.