By Haseeb Budhani Co-founder and CEO, Rafay Systems
According to Gartner, by 2022, more than 75% of
organizations will run containerized applications in production, up from less
than 30% in 2020. As cloud-native and application modernization strategies continue
to gain adoption -- across increasingly complex hybrid and multi-cloud
environments -- many enterprises see operational cost, complexity and the
resources required to manage it all increase at an alarming rate.
With a clear understanding that Kubernetes is one of the top
enablers for application modernization strategies, it, however, leaves
enterprises with the complexity of the very technology designed to streamline
the management of modern applications. The first generation of Kubernetes solutions
did an excellent job of tackling Kubernetes cluster provisioning. Still, many
enterprises moving forward on an application modernization journey have to
build production-level capabilities for automation, security, visibility and
governance on their own. These additional capabilities are typically either
cluster aware or application aware, but not both, thus limiting their ability
to reduce complexity and streamline operations.
Connecting these tools to manage the lifecycle of Kubernetes
infrastructure and modern applications forced many enterprises with platform
teams to reinvent the operational wheel. As a result, operating
production-level Kubernetes environments continues to require a massive
investment of time, money and resources. In fact, there are numerous different
system and toolset requirements that must be met in order to make Kubernetes
truly operational. For example:
- Cluster
Provisioning: the process of creating clusters in one or more environments.
Investing in automation for provisioning clusters is critical so each cluster
can then be (re)provisioned easily by anyone in the operations team.
- Cluster Blueprinting & Workload Templates: standardized cluster and application configurations with
tools that the enterprise can reuse to deploy and support applications.
- Continuous Deployment (CD): deploying containerized apps frequently and automatically
to one or more clusters. A well-thought-through CD strategy is a key to
ensuring your developers are moving as fast as possible.
- Cluster & App RBAC and SSO: these solutions govern access and authorization to all
your clusters - deployed across clouds and data centers - by systems and users.
- Secrets Management: securely
handle the credentials and other sensitive data applications need to deliver
value.
- Cluster
& App Log Collection: collect application and system logs from across the
cluster fleet. Review strategies for centrally
collecting records from clusters in a consistent, repeatable way.
- Ingress and Service Mesh: manage application traffic to/from clusters and manage application
services such as transport security and tracing. It's essential to think
through a multi-cluster strategy to ensure
that the same application security rigor is applied to all clusters,
everywhere.
- Cluster Upgrading: upgrading, not just the Kubernetes distribution running on
your clusters, but also the core components that help Kubernetes function. New
K8s versions are available 3-4 times per year to deliver new capabilities to
the community.
- Storage Management: this
is a common problem for enterprises running Kubernetes clusters on-premises.
Many teams invest time and effort in building in-house solutions, but
commercial solutions also address this requirement.
- Cluster
& Workload Backup & Restore: is critical
to ensure continuous operations for production applications if/when disaster
strikes. Open source tools and commercial
tools are used by companies to address this requirement.
- Kubernetes API Endpoint Security: arguably the most crucial requirement for enterprise-grade
Kubernetes management, a cluster's API endpoint should only be available
in a private subnet.
- Enterprise-Wide
Dashboards: provide a single, organization-wide view of resources consumed,
user and access activity, critical alerts, and the overall health of every
Kubernetes cluster deployed across all internal teams and business units.
As you can see, operational best practices for Kubernetes
don't stop at cluster provisioning and management. Enterprise Platform/SRE
teams must also consider the critical operational strategies for the entire
lifecycle management of Kubernetes infrastructure and modern applications --
together.
The requirements listed above, which account for only some
of the systems and tooling involved in deploying and operating an
enterprise-grade Kubernetes environment, will impact the ways developers, SREs,
DevOps teams and security teams interact. Keeping pace with emerging
requirements requires a Kubernetes operations mindset to bring teams and tools
together to develop processes for how the enterprise can deploy modern
applications and resolve issues faster.
##
To hear more
about cloud native topics, join the Cloud Native Computing Foundation and cloud native community at KubeCon+CloudNativeCon North America 2021 - October 11-15, 2021
ABOUT THE AUTHOR
Haseeb Budhani Co-founder and CEO, Rafay Systems
Haseeb Budhani is co-founder and CEO of Rafay Systems (https://rafay.co/). His passion is solving hard
networking problems with elegant, cost-effective solutions. Prior to
co-founding Rafay, Haseeb founded and was the CEO of Soha Systems, which was
acquired by Akamai Technologies and previously held positions at Infineta
Systems, NET and Citrix Systems.