Radio Cloud Native - Week of July 13, 2022
Every Wednesday, Nick Chase and Eric Gregory from Mirantis go over the week’s cloud native and industry news.
This week, John Jainschigg filled in for Nick, and we discussed:
And much more on the podcast
You can download the podcast from Apple Podcasts, Spotify, or wherever you get your podcasts. If you'd like to tune into the next show live, follow Mirantis on LinkedIn to receive our announcement of the next broadcast.
New (and now patched) vulnerabilities in NGINX Ingress Controller
Eric: Last week saw a report from security firm Lightspin on a newly discovered vulnerability in the NGINX Ingress Controller. The vulnerability enables attackers to change the NGINX configuration file and ultimately escalate their privileges across the cluster.
If you’ve been following Kubernetes security closely, there may be a sense of deja vu here. Security researchers have been poking holes in the NGINX Ingress Controller for almost a year now; this isn’t the first vulnerability they’ve found, nor even the first reported by Lightspin. As Lightspin writer Gafnit Amiga writes in her blog on the finding, researchers are sort of picking on the NGINX Ingress Controller because it makes a particularly attractive target — it’s used in over 50% of clusters, it has high-level cluster permissions that are ripe to be exploited, and it’s open source code is available to study.
Moving forward, Lightspin recommends that the NGINX web proxy component be redesigned so that it doesn’t have access to Ingress Controller resources. In the meantime, they note that overall the NGINX Ingress Controller has seen a number of swift and important security upgrades to address CVEs as they have emerged, including this one, as of version 1.2.1 of the NGINX Ingress Controller. If you’re wondering what YOU need to do, the big takeaway is that you want to make sure you know whether your cluster is using the NGINX Ingress Controller, and if so, you want to make sure it’s up to date.
FedEx puts a number on savings from cloud native transformation
John: FedEx has announced that in the next two years it will retire all of its remaining mainframe and data centers and move completely to a public cloud infrastructure. FedEx CIO Rob Carter said on the company's latest investor call that "We've been working across this decade to simplify and streamline our technology and systems to create value all along the way by improving productivity, security and reliability."
According to Carter, the company has been gradually breaking down its monolithic applications, and it's finally ready to take that last leap. Currently Fedex uses Microsoft Azure and Oracle cloud. There's no word on whether they will keep this hybrid design, add other vendors to the architecture, or try to centralize on a single public cloud vendor.
What we do know is that FedEx has some serious expectations. They expect this change to save them $400 million dollars every year.
UK Government Digital Service sunsets Gov.UK PaaS in favor of public clouds and Kubernetes
Eric: Here’s another organization rethinking their approach in light of cloud advancements. The UK Government Digital Service (or GDS) announced on their blog that they will be sunsetting their Gov.UK Platform-as-a-Service. The UK government created this bespoke, in-house Platform-as-a-Service in 2015 to give its agencies a quick and easy way to host digital services. Among other things, the PaaS served through the onset of COVID-19, enabling the UK government to quickly standup digital services responding to the pandemic.
According to the GDS, the PaaS is being put to pasture not so much for any shortcomings on the part of the software, but on account of the cloud environment around it. In their words:
The big cloud providers (AWS, Azure, GCP and others) have upped their game and reduced the barriers to entry for digital teams. Over the same period departments have built better and more expert in-house cloud engineering capability, and are (broadly) clustering around a Kubernetes based architecture.
So in the thinking of GDS, accessible public cloud and the flexibility of Kubernetes mean that it no longer makes sense to focus time and money on a bespoke infrastructure platform. As they say in their blog post, they’re not a private entity and their goal isn’t making a profit, but they do need to make sure they’re optimizing their resources. Really, the story is pretty similar to FedEx – they’re getting away from managing infrastructure so they can allocate resources to other projects like government-sponsored payment and notification services.
Azure overtakes AWS for largest share of global cloud services revenue
John: In public cloud, the big news this week is that the 800 lb gorilla has finally fallen. Or at least it's being held at bay by an 850 lb gorilla. This week we got the news that Amazon Web Service is no longer the largest public cloud provider, being beat out by Microsoft Azure. We did report a few weeks ago that Azure had beat out AWS for enterprise business, now SDXCentral reports that Azure has "beat out cloud rival Amazon Web Services (AWS) in capturing the largest share of global public cloud services revenue last year, according to IDC. The research firm reported that Microsoft accumulated 14.4% of the market’s $408.6 billion in revenues last year, just a whisker ahead of the 13.7% that AWS snared. Microsoft has offerings in all four sections of the public cloud services market lumped by IDC into its report, including infrastructure as a service (IaaS), platform as a service (PaaS), system infrastructure SaaS, and application SaaS."
Interestingly, while AWS started out providing Infrastructure as a Service, or basically virtual machines for rent, the environment has changed significantly in the intervening years. The largest category last year was actually Software as a Service applications, which brought in $177.8 billion, up 23.5% from last year, followed by IaaS at $91.3 billion.
In addition, the fastest growing category was Platform as a Service at $68.2 billion, up 39.1%. IDC VP Rick Villars said, “Organizations continued their strong adoption of shared public cloud services in 2021 to align IT investments more closely with business outcomes and ensure rapid access to the innovations required to be a digital-first business.”
Check out the podcast for more of this week's stories.