I’m excited that Oracle Cloud Infrastructure (OCI) is sponsoring and participating in this year’s Kubecon + CloudNativeCon EU in Valencia, Spain. There, the OCI team can answer any questions that you have about modernizing your applications and demo how customers can use cloud services to build and manage modern applications in the most cost-performant way.
Oracle is a platinum member of the Cloud Native Computing Foundation (CNCF) with commitment to the open source community and simplifying cloud native application development. OCI Cloud Native services are built on CNCF open source standards, including 100% upstream compatible Kubernetes, CloudEvents, and more.
Oracle continues to innovate and deliver other features to make it easier for customers to build and operate mission-critical modern apps at scale. We have the following recent launches:
OCI Service Mesh
OCI Service Mesh is a free, managed service that provides security, observability, and network traffic management for your microservices without requiring any changes to the applications. This fully managed service makes implementing these capabilities simple for any organization, regardless of size. OCI Service Mesh provides a highly resilient central management layer and a proxy component that enables communication between the microservices and the management layer.
The proxy is based on Envoy, the widely used open source proxy component. When you add a mesh to your application, it automatically injects the proxy in front of each microservice to manage the traffic. Customers using OCI Service Mesh benefit from improved developer productivity, operational efficiency, end-to-end visibility, secure workloads, and dynamic connection of their microservices.
Kubernetes Cluster API provider for OCI
Cluster API is a Kubernetes subproject focused on providing declarative APIs and tooling to simplify provisioning, upgrading, and operating multiple Kubernetes clusters. OCI support for Cluster API enables cluster administrators to get more control of configuration and software installed in clusters and standardize the approach to managing clusters across multiple clouds and on-premises. Cluster API is integrated with OCI services, offering broad Compute shape support and integration with networking and security services. It also offers an integration point for third-party Kubernetes management tools.
Enhanced security features for Kubernetes
OCI offers a managed Kubernetes service, Oracle Container Engine for Kubernetes (OKE). OKE is built with security, flexibility, and high performance in mind. OKE makes it easier to achieve end-to-end security for your infrastructure and applications, while remaining compliant with the security technical implementation guides (STIGs) and regulatory compliance.
Customers can use OKE with fully private clusters restricting the Kubernetes API endpoint to an on- premises network or a bastion host. They can also harden network access using network security rules and control access to the clusters using role-based access control (RBAC) integrated with OCI Identity and Access Management (IAM) service.
Workloads on OKE benefit from continuous security assessment and problem remediation, container image vulnerability scanning, image signing and verification to ensure the integrity of application images, and audit logs to detect anomalous activity. OKE workloads and attached storage volumes are always encrypted by default. OKE added support to use customer-managed keys for encrypting boot volumes and persistent volumes at rest and in transit.
Customize Kubernetes worker node startup
OKE provides greater control over configuring worker node hosts that run Kubernetes workloads by customizing the cloud-init scripts. This control enables customers to configure security-enhanced Linux policies for security and compliance, configure corporate proxies, install mandated antivirus software and security tools, or configure custom yum proxies. Customers can also pass kubelet-extra-args to configure taints to control pod scheduling, assign IP addresses, or run the OKE Node Doctor to confirm that worker nodes are behaving as expected.
Provisioned concurrency for Functions
OCI customers can create, run, and scale applications without managing any infrastructure using Oracle Functions. Functions offers a secure execution environment for your applications, with code isolation, secure authentication, fine-grained access control, and image scanning and signature verification. Customers invoke Functions directly, expose them as APIs using API Gateway, or trigger them based on CloudEvents, Notifications, Logging, or Streaming services.
Customers building applications that require immediate responses can now avoid the initial startup time for Functions by configuring Provisioned Concurrency. This feature enables you to get consistent subsecond latencies by warming-up functions and provisioning infrastructure ahead of time.
To learn more about these features or how you can modernize your applications with OCI, visit the Oracle booth in person at Solution Showcase Level 2 booth #P2 or virtually.
You can also create your Always Free account on OCI to try these services. Also, check out our Reference Architecture Center for some modern application use cases and how to deploy them on Oracle Cloud Infrastructure.
Director of Product
Devika Nair is the Director of Product for Cloud Native Technologies (Containers, Serverless and API) at OCI, focusing on helping customers modernize their applications.