Kubernetes is a container orchestrator and thus needs containers to begin with. It's a paradigm shift to more traditional software development, where components are developed, and then deployed to bare metal machines or VMs.
Kubernetes vs Serverless offerings
Why would you need Kubernetes when there are offerings like Vercel, Netlify, or AWS Lambda/Amplify that basically manage everything for you and offer even more?
Well, let's try to look at both approaches and draw our own conclusions!
🧵⏬
Kubernetes is a container orchestrator and thus needs containers to begin with. It's a paradigm shift to more traditional software development, where components are developed, and then deployed to bare metal machines or VMs.
⏬
The offer is pretty simple: You write the code, the platform handles everything else for you. It's basically leaning far to the NoOps side. There is not much to manage anymore.
Take your Next.js / Nuxt.js app, point the ...
Or take Amplify for example. It offers an integrated full-stack experience.
⏬
Before we're going into a comparison, I want you to understand my perspective. As objective as I try to be, I have my own experience which may differ vastly from yours.
So always keep this in mind when reading on!
The workloads I dealt with were more often suited to a Kubernetes deployment, with traditional micro services, handling infrastructure ...
I used serverless especially when we were building the surrounding systems of mobile or web apps, integrating with existing systems which did the heavy lifting.
⏬
There is of course more to serverless than only Vercel, Netlify, AWS Amplify/Lambda/CDK, Azure Functions or whatever the offer is.
You can have serverless databases, serverless message brokers, and much more.
The developer experience is great, because using those offerings is relatively simple. Sometimes there's a good UI or a CLI which helps a lot.
A Next.js / Nuxt.js app without any backend functionality besides SSR can be deployed in 5 minutes and scales and scales and scales.
You can either decide to pick wildly through the whole catalogue and have your database hosted here, while your app is hosted there, and your messaging service is somewhere completely different.
Already on AWS?
Need a database? DynamoDB!
Need a message queue? SQS!
Need backend functionality? Lambda!
Need storage? S3!
And now you have branded code. You won't be able to move from AWS to let's say Azure easily.
Well, that's a whole migration project then which may, depending on the size of your system, take quite some time.
If you ever considered the management of 50 micro services to be difficult, what about 360 lambda functions? You'll need good documentation to be able to recall all of them and what each and every one does.
⏬
Kubernetes itself is a container orchestrator, as we already learned. It works with all sorts of containers. Every application that can be containerized can be run on K8s.
View Kubernetes as a blank sheet of papers. You can write nearly everything on it, or remove it again if you don't want it anymore. And this offers a lot more flexibility.
Need messaging? Deploy your own RabbitMQ or Kafka or, again, use something offered by your cloud provider.
Need...? I think you see where this is going.
And if traditional micro services aren't for you, you can even deploy your own serverless function infrastructure (https://t.co/ynaXXliREv)!
Simply put: You need people doing this for you and it's complex.
So you'll need DevOps / Site Reliability Engineers that handle at least CI/CD and all those infrastructure components for you. And optimally, they'll take care of everything related to the cluster.
- Monitoring
- Automating
- Deployments
- Disaster recovery
- Alerting
- Upgrading components
- And a lot more
⏬
You hate those answers, I know, but it is how it is.
Neither does Kubernetes win, nor does serverless.
They each fill a specific niche in which they are good at.
And it's especially a good choice to use serverless when you're developing a mobile or web app.
It's also great for backend-heavy systems, with a lot of APIs that do not only exist to fulfill the needs of mobile and a web app.
⏬
More from Software
As the year wrap's up, let's run through some of the worst public security mistakes and delays in fixes by AWS in 2020. A thread.
First, that time when an AWS employee posted confidential AWS customer information including including AWS access keys for those customer accounts to
Discovery by @SpenGietz that you can disable CloudTrail without triggering GuardDuty by using cloudtrail:PutEventSelectors to filter all events.
Amazon launched their bug bounty, but specifically excluded AWS, which has no bug bounty.
Repeated, over and over again examples of AWS having no change control over their Managed IAM policies, including the mistaken release of CheesepuffsServiceRolePolicy, AWSServiceRoleForThorInternalDevPolicy, AWSCodeArtifactReadOnlyAccess.json, AmazonCirrusGammaRoleForInstaller.
First, that time when an AWS employee posted confidential AWS customer information including including AWS access keys for those customer accounts to
Fresh data breach news-
— Chris Vickery (@VickerySec) January 23, 2020
Amazon AWS engineer exposes work-related keys, passwords, and documents marked "Amazon Confidential" via public Github repository: https://t.co/7gkIegnslx
Discovered within 30 minutes of exposure by my team at @UpGuard.
Discovery by @SpenGietz that you can disable CloudTrail without triggering GuardDuty by using cloudtrail:PutEventSelectors to filter all events.
"Disable" most #AWS #CloudTrail logging without triggering #GuardDuty:https://t.co/zVe4uSHog9
— Rhino Security Labs (@RhinoSecurity) April 23, 2020
Reported to AWS Security and it is not a bug.
Amazon launched their bug bounty, but specifically excluded AWS, which has no bug bounty.
Amazon Vulnerability Research Program - Doesn't include AWS D:https://t.co/stJHDG68pj#BugBounty #AWS
— Spencer Gietzen (@SpenGietz) April 22, 2020
Repeated, over and over again examples of AWS having no change control over their Managed IAM policies, including the mistaken release of CheesepuffsServiceRolePolicy, AWSServiceRoleForThorInternalDevPolicy, AWSCodeArtifactReadOnlyAccess.json, AmazonCirrusGammaRoleForInstaller.
🚨 🦮 Seven ways to test for accessibility using only what is already in browser developer tools of Chromium browsers https://t.co/C7kdbigHGE
@MSEdgeDev @EdgeDevTools @ChromiumDev
#tools #accessibility #browsers
Also, a thread: 👇🏼
Issues pane, powered by @webhintio, listing accessibility issues with explanations why these are problems, links to more info and direct links to the tools where to fix the problem. https://t.co/4K5RynHhbg
The inspect element overlay showing accessibility relevant information of the element, including contrast information, ARIA name, role and if it can be focused via keyboard.
Colour picker with contrast information offering colours that are AA/AAA compliant. You can also see compliant colours indicated by a line on the colour patch.
Note: the current algorithm fails to take font weight into consideration, that's why there will be a new one.
Vision deficit ("colour blindness") emulation. You can see what your product looks like for different visitors.
https://t.co/bxj1vySCAb
@MSEdgeDev @EdgeDevTools @ChromiumDev
#tools #accessibility #browsers
Also, a thread: 👇🏼
Issues pane, powered by @webhintio, listing accessibility issues with explanations why these are problems, links to more info and direct links to the tools where to fix the problem. https://t.co/4K5RynHhbg
The inspect element overlay showing accessibility relevant information of the element, including contrast information, ARIA name, role and if it can be focused via keyboard.
Colour picker with contrast information offering colours that are AA/AAA compliant. You can also see compliant colours indicated by a line on the colour patch.
Note: the current algorithm fails to take font weight into consideration, that's why there will be a new one.
Vision deficit ("colour blindness") emulation. You can see what your product looks like for different visitors.
https://t.co/bxj1vySCAb
