One of the biggest points of tech is the ability to use what we already know to find solutions, develop products and, ultimately, create something better. But one topic that seems to be reoccurring in DevOps is that when it comes to implementing the newest trends, controversially, people don’t really seem to know what they are doing. Two big areas where this issues seems to be occurring are in Shift Left and Kubernetes.
Shift left for example, is the practice of testing early and often. This is to prevent problems from occurring later down the line. However, those that practice this form of Test Driven Development will probably have come across issues that start to arise.
Problems with Shift Left
Rhys Arkins, Director of Product at open source security platform, WhiteSource, notes that when it comes to Shift Left practices, there is not enough quality control and not enough visibility, especially in open source, and this is when problems arise. In his field, these complications are largely security based.
Arkins believes that part of the difficulty is a time issue. He says, “By most estimates, the typical software project today is comprised of 90% or more Open Source components. It would be a rare company that could claim to have full visibility over these open source dependencies – let alone confidence in the security of them – because nobody has the time to review the millions of lines of code involved.”
“This challenge is not helped if company risk management of such open source components is assigned to only dedicated “security” teams whose job is to try to catch things before it’s too late. The “shift left” approach in the Software Composition Analysis industry is about getting as much information as possible (policy violations, security warnings, etc) to developers so they can address problems as early as possible in the software development lifecycle. Developers are usually better placed to remediate dependency problems (e.g. upgrade to a safe version, or replace the dependency with another) and catching problems earlier results in lower overall costs, than if problems are only caught once products have reached the market.” Adds the Director of Product.
Similar issues with Kubernetes
It isn’t just raw shift left practices that are seeing problems in DevOps teams. Originally designed by Google, the open-source container-orchestration system of Kubernetes is also seeing its fair share of criticism. However, it seems this is not due to flaws in the product, but with the developers that are using it.
Similar to shift left, Kubernetes is really having its day at the moment. Although, once again, despite being created as a way to help developers, it has been suggested people are using it without the full knowledge of how.
Will Hall, A DevOps Consultant at HeleCloud a cloud transformation company, believes that there is a lot of focus on Kubernetes. However, he suggests people need to realise that using it is part of an interface solution and is not an answer to problems. He also implies that people make choices, but don’t know why they are doing them.
“Kubernetes exists for a purpose. At its nature is should be able to deliver dual value of resource optimization, wherein you can more easily shift available resources to where they are required and therefore scale and also deliver the seamless experience with operating a container orchestration platform.” Says Hall.
He continues to discuss that Docker tends to dominate the containers market to become the “defacto container runtime.”
Hall adds: “Nowadays, when you say containers, you probably mean Docker. However, the orchestrations market has been more fragmented. The main challenge of this is that developers, DevOps and operations teams have wanted to use containers to develop and support applications, but to do that require a stable, and more importantly, generic solution to orchestrate, providing healing, scaling and optimizing. Kubernetes offers that.”
“However, and this is a big however, recently it has appeared that Kubernetes has been suggested as the answer to a whole range of application issues. Yet, it does not offer a panacea to deliver applications, nor is adopting Kubernetes without significant operational, cultural and tooling changes. My general opinion is that at the moment Kubernetes deals with thousands and millions, of which is it thousands of containers, or millions of dollars of infrastructure.” Hall suggests.
What is the solution?
With these points in mind, it doesn’t all have to be bad. Using these practices are genuinely designed to help people in their work and when used in the right way, are extremely beneficial. According to dzone.com, to optimise Shift Left, teams should come together to create a shared vision and essentially “think” about the best approaches. It also recommends building test cases and using automation.
Writing for hackernoon.com, Fahim ul Haq says that the best way to optimise Kubernetes is to integrate and orchestrate modular parts as well as deploying and updating applications, amongst other suggestions.