Think You Know Kubernetes? A Checklist for Enterprise-Grade Kubernetes-as-a-Service
February 16, 2021 / Anil Kumar Veeramalli
Many clients have shifted app development and deployment to Kubernetes-based containers to further strengthen their competitive advantage. In fact, containers are the fastest-growing segment of cloud computing.1 Here are some of the driving forces for the continued increase in container adoption:
Less overhead as containers use fewer resources than bare metal servers or VM, enabling organizations to get more cloud for their money.
Better app consistency as developers can write once and deploy in containers on any other operating system/hardware. App portability gives organizations greater flexibility in hosting and support for multi cloud.
Faster app development using agile and DevOps for quicker iterations, patches, testing, and scaling. Organizations can more quickly refine and optimize applications to address their customers and markets.
Recognizing these and other container advantages for their hosted customers, all major cloud vendors now offer Kubernetes services. Using core Kubernetes services on cloud, developers can construct clusters, nodes, and PODs to realize container benefits, yet bare-bones vendor tools fall short of true enterprise-level services that are essential in hybrid and multi cloud environments. Enterprise-grade Kubernetes-as-a-Service (KaaS) adds significant strategic advantages to organizations that want to fully exploit the power of cloud containers, including the following:
Self-service – allows your developers to launch their own Kubernetes clusters, which eliminates the dependency on IT teams. Developers should be able to launch their own clusters in a few minutes.
Automation – provides the automation framework and platform to provision and manage Kubernetes clusters, including provisioning, cluster management, deprovisioning, and orchestration using Terraform and cloud native templates.
Security – security needs to be integrated at all possible/applicable components, which includes cluster endpoints, node level, POD Level, and network segmentation using approved network policies.
Continuous Integration/ Continuous Delivery (CI/CD) – A robust CI / CD pipeline is critical to ensure agile development and rapid delivery of new software releases to customers. The DevOps team should be able to build the code environment in a few minutes, run test cases, and deploy to the right environment such as Dev, testing, and production.
Monitoring – Monitoring needs to be enabled at both the Infrastructure and application levels. Clusters, nodes, and PODs need to be monitored and be able to generate alerts. Incidents and incident descriptions, when detectable, should then initiate auto-healing actions. Centralized logging needs to be enabled provide a single view of all logs produced by various components. The Kubernetes cluster health graph with dependency mapping is very important; if any component of a Kubernetes cluster is not available, the dependency graph should provide the availability of the resource, impact of the lack of availability, and the SLA attached to the services. Prometheus software, for example, supports event monitoring and alerting. It captures real-time metrics in a time series database with flexible queries.
Service catalogs – Service catalogs provide reusability. Build the catalogs once and reuse it for all the applicable developers. For example, Mongo DB, Tomcat App, and Kafka certified containerized applications should be deployable with just a few clicks.
Serverless – These environments allow developers to code serverless functions in any vendor supported language and run them on your Kubernetes cluster. The users build the logic using functions and need not be worried about which platform they will be running on.
Configuration management database – CMDB is single source of truth. All resources need to be discovered and updated regularly on CMDB, which should capture all the changes including clusters, nodes, PODs, ClusterIP, network resource, containers, and applications running on containers. Since the lifetime of many containers is very short, CMDB helps in terms of auditing and troubleshooting.
Cloud Management – Provides a single pane of glass to view and manage clusters on-prem, on cloud, and within a hypervisor. It will provide operation statistics, full visibility on the Kubernetes clusters, and resources managed by the platform.
Upgrade Strategy – A seamless and non-distributive approach needs to be followed to upgrade applications and their underlying infrastructure. Rollout upgrades, Canary, and red/blue deployments are most popular upgrade strategies to deploy the application with new versions of code with zero or very few minutes of down time.
Multi cloud support – Organizations should be able to select upstream Kubernetes distribution so that it is easy to move the application from one public cloud to other public clouds, or on-perm, and vice versa. This allows you to move when needed and avoid vendor lock-in.
Governance – The governance process includes the RBAC, allows you to configure groups, provide permissions at the group level, and quotas to control the usage across your resources.
Compliance – Compliance needs to be integrated so that it assesses and provides security and compliance risk factors with real-time monitoring of Kubernetes clusters.
Auditing and compliance need to focus on the following:
- Host security
- Kubernetes security
- Docker daemon security
- Container security
- Properly configured RBACs
- Securing data at rest and in transit
Multi-tenancy – Increasingly, multiple tenants can share the same infrastructure; KaaS should support multi-tenancy so that one tenant cannot access the resource of other tenant resources. This is achieved using network virtualization products like NXS-T, Kubernetes constructs like namespace isolation, node selector, service mesh, and network policies.
Cloud Insights – For greater insight into cloud usage, you should be able to easily access billing, system dashboards, chargebacks, cloud optimizations, and right sizing-recommendations on each Kubernetes cluster so that resources can be modified to optimize usage and cost.
This is an extensive checklist of the advantages of a true KaaS environment and the tools and processes necessary to fully exploit the power of containers.
What are your greatest challenges in deploying enterprise-grade Kubernetes?
In Part II, we look at solutions for overcoming many of the barriers clients see in hybrid and multi-cloud Kubernetes.
1 451 Research. Application Containers Market.