Kubernetes Adoption: Are You Ready?

Enterprises are rapidly embracing a cloud-first strategy and microservices play a pivotal role in this journey. But enterprises are achieving various levels of success, measured by many factors includingmaturity of DevOps in the enterprise, ability to identify the right candidates for microservices, selecting the appropriate container management platform, adequate tooling and, finally, cultural shift in design thinking.

As there is plenty of material around microservices adoption and strategy, this article focuses on the container management ecosystem, which plays a critical role in the success of microservices adoption. Today, Kubernetes has become the de facto platform for container orchestration. Most public cloud providers offer Kubernetes as a service in some form to abstract the complexities of managing Kubernetes as a platform.

Currently, we see three broad patterns of how enterprises are adopting Kubernetes within their organizations.

Pattern 1: Kubernetes as a Managed Service

While Kubernetes makes container management somewhat simple, it is still a complex beast to understand and manage as a platform. Enterprises that have already embarked on a cloud strategy find it easy to test the unchartered waters of Kubernetes by leveraging Kubernetes-as-a-service provided by their cloud providers. It enables them to understand the impact of Kubernetes on their respective application architecture strategy and identify the gaps in their systems (such as the maturity of DevOps management, security management and release management) as well as their monitoring capabilities.

Pattern 2: Kubernetes as a Turnkey Solution

Certain enterprises driven by industry regulations and are technology-focused (with considerable experience in other container technology solutions), have shown interest in setting up Kubernetes as part of a private cloud or on–premises with a view to avoid vendor lock-in and limited control associated with managed Kubernetes. There are many such turnkey solutions out there to choose from.

Pattern 3: Self-hosted Kubernetes Platform

This category is small compared to the other two categories. However, there are a few enterprises that fully embrace the open source software development model and contribute to Kubernetes community. There are tools and frameworks that can enable the enterprises to setup and manage Kubernetes on their own.

There are advantages and constraints in adopting any of the above approaches. The decision regarding which strategy to choose depends on the maturity of the enterprise and their business strategy.

Challenges in Adoption

Some of the key challenges to be considered, irrespective of the adoption pattern selected, include:

  1. Namespace management: Namespaces play a key role in managing the isolation across application domains and environments, providing controlled management of resources and user management. Bounded contexts can be linked with namespace definitions and standards. It is important to define proper naming guidelines to drive namespace management across clusters.
  2. Resource management: It is necessary to define resource utilization (resource quota) guidelines to ensure the containerized applications co-exist without being eliminated due to resource violations at runtime.
  3. Policy management: It is critical to define appropriate policies including cluster access controls, service access controls, resource utilization controls and secret access controls.
  4. Audit and compliance: It is important to audit the platform for patch levels, secret stores, compliance against the security vulnerabilities, encryption of secret stores, storage volumes, cluster policies, role binding policies and user management controls.
  5. Chaos testing your platform: It is necessary to subject the platform to chaos testing to ensure the robustness of the cluster. It also helps to test the stability of the containerized applications and the impact of crashing these containers. It will also provide vital information about how the platform behaves during high loads or when resources are unavailable for the platform.
  6. Managing the deployment manifests: Kubernetes follows declaration-based management, which means that every object or resource instruction is described through declarative manifests. This leads to versioning complexities, prone to human errors and data corruptions. It is necessary to leverage tools or create custom utilities to manage these manifests.
  7. Observability of the platform: While Kubernetes provides various mechanisms to monitor its own internal components, it does not recommend a standard monitoring approach. It is necessary to introduce well-defined health management standards while designing the microservices. Include appropriate probes for liveness and readiness probes in every containerized application deployed on Kubernetes cluster. Integrate the probe-generated metrics and platform-generated metrics with an external monitoring platform to have comprehensive observability of the cluster.
  8. Continuous deployment of services: It is not recommended to use kubectl-based deployments in a large-scale production setup. Instead, use some of the established open source frameworks specifically built for Kubernetes (such as Helm or JenkinsX) to manage seamless deployments.
  9. Archiving and backup: Kubernetes uses etcd as its internal metadata management store to manage the objects across clusters. It is necessary to define a backup strategy for etcd and any other dependent persistent stores used within the Kubernetes clusters.
  10. Container security management: Kubernetes deploys the applications by downloading the respective images from a pre-defined image repository. It is the responsibility of the repository ecosystem to ensure the image provenance of the images being deployed. Continuous security must be included as part of DevOps pipeline to ensure containers are well-managed.
  11. Service mesh support: Service mesh plays a critical role in streamlining the service to service communication. It abstracts the service level access controls and security management between services through externalized policies. It also provides routing and load balancing features. It is necessary to choose an appropriate service mesh that is compatible with the Kubernetes cluster as well as the underlying infrastructure.

Conclusion

Kubernetes makes the container operational aspects simpler, but it requires a methodical approach and best practices to ensure smooth maintainability, as well as seamless developer interaction. For any enterprise which are in a transition journey toward adopting Kubernetes, it is imperative to have a strategy for Kubernetes adoption to ensure success.

Sreekanth Nyamars

Sreekanth Nyamars is a lead consultant with the enterprise business integration practice at Wipro. He has almost 19 years of experience in platform integration with tools such as TIBCO, IBM and open source middleware technologies. Nyamars currently focuses on open source container and PaaS technologies. He is a passionate Kubernetes professional and also a CNCF certified Kubernetes administrator.

Share
Published by

Recent Posts

Contrast Security Launches Next Generation Open Source Software Security Platform for DevOps

Fortune 100 Financial Services Company Immediately Adopts Contrast OSS to Reduce Open Source Risk Contrast Security, the pioneer in enabling…

8 hours ago

HPE Extends Hybrid Cloud Computing Strategy

Hewlett-Packard Enterprise (HPE) today advanced its hybrid cloud computing strategy by announcing at its HPE Discover 2019 conference an alliance…

8 hours ago

Appery.io Adds Ionic 4 Integration to Help Developers Build High-Performing Hybrid and Mobile Web Apps

Exadel’s low code application development platform, Appery.io, now integrates with popular Ionic 4 framework WALNUT CREEK, Calif., June 18, 2019…

15 hours ago

Applitools Launches Free Open Source Software Licensing, Partners with Open Source Apprentice Program

The company supports diversity in tech initiative, makes automated visual testing available for all open source libraries SAN MATEO, Calif.,…

15 hours ago

Datical Adds Support for AWS Database Platforms, Enabling Enterprise Cloud Application Development and Migration

Leader in Database Release Automation Announces Expanded Platform Coverage for Amazon RDS for Oracle, Amazon Aurora PostgreSQL, Amazon RDS for…

16 hours ago

Aqua Security Announces Vulnerability Shield™, Industry-first Solution for Detecting and Blocking Attempts to Exploit Container Vulnerabilities

Latest Aqua release also introduces advanced runtime protection for serverless applications Boston, MA and Tel Aviv, Israel – 18 June…

17 hours ago