Spring Cloud Gateway for VMware Tanzu was released January 2020 as a service on Tanzu Application Service (TAS) and was quickly deployed into production by many of our customers. Our focus is to offer the most developer-friendly API gateway experience while still providing the operational configuration, security and governance needed for successful enterprise management.

Spring Cloud Data Flow (SCDF) for Kubernetes 1.1 is now generally available, building on the open source SCDF version 2.6 released in August. The Kubernetes-based commercial offering leverages Tanzu Observability by Wavefront for dashboarding and observability, and enables developers to take their data pipelines to the next level with the introduction of Multi I/O for event-streaming applications.

The “as a service” business model continues to grow rapidly, largely thanks to the rise of cloud computing. “As a service” offerings deliver IT products and technologies such as software, hardware, and data storage to consumers via the Internet, rather than having to install or manage them themselves. Serverless and containers are two such “as a service” technologies that have seen increasing adoption in recent years.

Kubernetes provides the freedom to rapidly build and ship applications while dramatically minimizing deployment and service update cycles. However, the velocity of application deployment requires a new approach that involves integrating tools as early as possible in the deployment pipeline and inspecting the code and configuration against Kubernetes security best practices. Kubernetes has many security knobs that address various aspects required to harden the cluster and applications running inside.

Kubernetes is a container orchestration tool, but its functionality extends far beyond just orchestrating containers in a narrow sense. It offers a range of additional features that—to a limited extent—address needs such as load balancing, access control, security policy enforcement, and even logging and monitoring. Indeed, Kubernetes’s broad functionality has led some folks to call it an “operating system” in its own right.

Kubernetes gives organizations the ability to run Kubernetes clusters at scale across different cloud infrastructures and distributions. Unfortunately, this is where many of the challenges begin. As the number of clusters and workloads grow, they are being managed independently with very little consistency.

Compromising a pod in a Kubernetes cluster can have disastrous consequences on resources in an AWS Elastic Kubernetes Service (EKS) account if access to the Instance Metadata service is not explicitly blocked. The Instance Metadata service is an AWS API listening on a link-local IP address. Only accessible from EC2 instances, it enables the retrieval of metadata that is used to configure or manage an instance.

Amazon’s Bottlerocket is a new Linux-based open-source operating system that’s designed with containers in mind. Bottlerocket is optimized and stripped down to only the essential software needed to run containers. You can apply updates to Bottlerocket in a single step, and roll them back instantly if necessary. And, because it’s open-source, you can customize the operating system to fit your specific needs.

We are excited to partner with AWS in launching AWS Bottlerocket, a container optimized operating system. Bottlerocket gives DevOps teams speed, efficiency and security in containerized environments.