I’m often asked from people outside the cloud-native space how the market is progressing and if Kubernetes is taking off or not. My answer is always the same: Kubernetes is absolutely the de facto approach to managing containerized applications, and, because of that, the market is expanding exponentially. We’re almost two-thirds of the way through 2020, and in the cloud-native space, it’s so far been the year of Kubernetes.
Kubernetes is an open-source system for automating deployment, scaling and management of containerized applications. Kubernetes allows organizations to scale containerized applications and their resources at a faster rate than ever before.
Looking back to even just a little over a year ago, a high percentage of companies were still experimenting with Kubernetes to manage their containerized applications and, at Styra, we had just announced our control plane, Styra Declarative Authorization Service (DAS), for our Open Policy Agent (OPA) project to eliminate operational, security and compliance risk for these new app environments. Today, companies are no longer just experimenting with Kuberentes—they’ve now moved into production. And, generally, when an app goes into production, security and compliance become big concerns.
As a result of this, we’ve seen a lot of great traction around both OPA and Styra DAS. In fact, our traction in the market is proof that Kubernetes has taken off—and below are five trends that show just that.
Increased interest in Kubernetes Pod Security Policies
Pod Security Policies (PSPs) are native to Kubernetes and at the risk of oversimplifying, they enable developers to configure a few basic rules to control what container workloads can and cannot do. Like all security policies, PSPs can be incredibly valuable for managing security risk, but only if they are configured correctly. Like the rest of the platform, PSPs are extremely flexible and highly configurable—and PSPs don’t “just work” out of the box. Teams typically need time and expertise to research, identify and manually implement the appropriate PSPs on each Kubernetes cluster, based on their particular use case, risk tolerance, etc. When left to late stages of deployment, we have seen this research result in significant delays.
This is where we are helping a lot of customers with Styra DAS—Styra was designed to express authorization policies (including PSPs), as well as provide a complete toolkit for testing, dry-running, auditing, profiling and integrating those policies. Thanks to our large community of users, we are able to provide a library of customizable best practices around PSPs, general Kubernetes cluster security and even things like PCI, to eliminate research time and trial and error, and instead move quickly with proven policy guardrails.
Growth in OPA adopters
To me, the increase in OPA adopters is the biggest indicator that Kubernetes has taken off. OPA downloads surpassed the 17 million mark as of this week, and the numbers show no signs of slowing. A few public adopters (and their use cases) can be found on Github, and when folks across sizes and verticals (like Intuit, Goldman Sachs, TripAdvisor, T-Mobile and Capital One) are all using OPA for Kubernetes, it’s pretty clear that Kubernetes has officially “arrived.”
As mentioned above, OPA adoption (while thrilling to us on it’s own!) is well correlated to the overall trend in Kubernetes deployments. But as you can see from the adopters list—OPA is used not only at the platform level, but also at the service/in-app levels of the cloud-native stack as well. We help with authorization wherever APIs exist, so we see app development and deployment from a lot of varied angles. The use cases, goals and implementations are varied, but one trend is clear—containerized apps are being developed everywhere.
You can get a good feel for how enterprises are using OPA across the stack by checking out our 2019 OPA Summit recordings. You’ll find presentations from TripAdvisor, Pinterest, Atlassian, Capital One and Chef Automate—and use cases from Kubernetes admission control, to microservices authorization and CICD access control.
Vendors are adopting Open Policy Agent
We’ve seen a number of Kubernetes platform vendors adopt OPA to help mitigate risk at the infrastructure level. For example, Rancher, Palo Alto Networks and D2iQ have announced integrations with OPA. These integrations, plus the dozens of presentations from end users and vendors at shows like KubeCon over the last few years show that a) Kubernetes deployments are indeed everywhere b) those deployments need policy-based guardrails to limit security and operational risk, and c) OPA is well on it’s way to becoming the de facto standard for authorization for all types of Kubernetes deployments (managed, unmanaged, turnkey, DIY, etc.).
The conversation around OPA is increasing
As you can imagine, with an increase in adopters and vendors using OPA, the conversation has also grown, both within the community and outside of it. OPA website traffic grew 500% in two years, and there have been over 35 talks, webinars, podcasts, Meetups, etc. from the community so far this year. Earlier this year, Michael Hausenblas from AWS Cloud hosted a podcast with Tyler Auerbeck from Red Hat and Steve Wade from Mettle. And, in May, there was a virtual Meetup hosted by Leonardo Gonçalves in Brazil and another with a presentation by Rajesh Jain of Palo Alto Networks. We were also excited to hear Kelsey Hightower talk about why he thinks OPA is one of the most exciting projects in the Kubernetes ecosystem on The New Stack podcast in July!
What’s more, OPA was featured prominently in the agenda for KubeCon + CloudNativeCon Europe, with 10 sessions featuring OPA from users at Google, VMware, Microsoft, Ada Health and more. And the OPA conversation didn’t stop there! I was blown away by how many times OPA was mentioned during other sessions and on the Slack channel.
And, just last week, we launched the Styra Academy, a new online portal that provides exclusive OPA, Rego and Styra DAS training from the founders and maintainers of OPA! OPA is also now included in the Cloud Native Computing Foundation’s K8s Certification program.
It’s also been exciting to see analysts reach out to us asking for briefings and mentioning OPA in their papers. For example, both OPA and Styra were mentioned in various Gartner papers, including:
Styra also received the EMA Research Top 3 award in the “Automation – Policy-as-Code category” of the “EMA Top 3 Enterprise Decision Guide 2020” earlier this year.
All of this enthusiasm—from users, vendors, analysts, press and more—makes up the collective voice of our OPA/Styra community, and frankly we couldn’t be prouder, or more overwhelmed with the love we’ve seen!
Styra is expanding
Because Kubernetes has taken off, and OPA along with it, we’ve started growing at Styra to keep pace with the momentum. Since the beginning of 2020, our headcount has increased by 40%, and we’re adding key roles like customer success, developer advocates and of course core engineers.
It’s been a really exciting journey, especially when I look back to the first half of 2019—we had just announced our intent to create a product, and now just over a year later, we have Styra DAS running across countless thousands of production clusters in some of the largest Kubernetes deployments on the planet. We’re so proud to have earned the right to help our customers keep their apps performant and secure every day, and we’re learning so much from these cutting edge teams, and can’t wait to show you what’s coming over the rest of the year as a result!
Kubernetes is here, but don’t forget to add guardrails
When I was asked about the Kubernetes market 18 months ago, I knew it was taking off—but the rate at which the growth has skyrocketed has exceeded all expectations. Today, it is obvious that Kubernetes is here to stay, and if you haven’t yet started learning and testing it out, you absolutely should, no matter what industry you are in.
Kubernetes has become the de facto standard for container orchestration and management, making it a core component of the cloud-native environment. OPA lives at every layer of containers, providing policy and authorization guardrails for the cloud-native environment. No one wants to adopt a new production without policy and security measures also. And, after all, authorization is a foundation of security.