IBM AND ITS USE CASES SOLVED BY KUBERNETES
Kubernetes, also known as K8s, is an open-source system for automating deployment, scaling, and management of containerized applications.
It is a portable, extensible, open-source platform for managing containerized workloads and services, that facilitates both declarative configuration and automation. It has a large, rapidly growing ecosystem. Kubernetes services, support, and tools are widely available.
TIMELINE OF DEPLOYMENT:
TRADITIONAL DEPLOYMENT: Early on, organizations ran applications on physical servers. There was no way to define resource boundaries for applications in a physical server, and this caused resource allocation issues. For example, if multiple applications run on a physical server, there can be instances where one application would take up most of the resources, and as a result, the other applications would underperform. A solution for this would be to run each application on a different physical server. But this did not scale as resources were underutilized, and it was expensive for organizations to maintain many physical servers.
VIRTUALIZED DEPLOYMENT: As a solution, virtualization was introduced. It allows you to run multiple Virtual Machines (VMs) on a single physical server's CPU. Virtualization allows applications to be isolated between VMs and provides a level of security as the information of one application cannot be freely accessed by another application.
CONTAINER DEPLOYMENT: Containers are similar to VMs, but they have relaxed isolation properties to share the Operating System (OS) among the applications. Therefore, containers are considered lightweight. Similar to a VM, a container has its own filesystem, share of CPU, memory, process space, and more. As they are decoupled from the underlying infrastructure, they are portable across clouds and OS distributions.
Use cases of Kubernetes:
- Service discovery and load balancing
- Storage orchestration
- Automated rollouts and rollbacks
- Automatic bin packing
- Self-healing
- Secret and configuration management
To begin understanding how to use K8S, we must understand the objects in the API. Basic K8S objects and several higher-level abstractions are known as controllers. These are the building block of your application lifecycle.
- POD: A pod holds one or more container(s). Pods are the simplest unit that exists within Kubernetes (this is why containers technically aren’t a part of Kubernetes – as even a single container is called a pod).
- NODE: A node is likely to be a virtual machine hosted by a cloud provider or a physical machine in a data centre. But, it can simpler to think of nodes as the CPU/RAM resources to be used by your Kubernetes cluster, rather than just as unique machines. There are two types of node – worker and master.
- CLUSTER: Clusters actually run the containerised applications being managed by Kubernetes. A cluster is a series of nodes connected together. A cluster contains multiple worker nodes and at least one master node.
- SERVICES: A service is an API object that exposes an application, it essentially describes how network traffic should access a set of pods. Services are found on every node.
- DEPLOYMENT: Deployments are an API object, they essentially manage pod replication.
Let's start with its industry use case with IBM:
IBM, in full International Business Machines Corporation, leading American computer manufacturer, with a major share of the market both in the United States and abroad. Its headquarters are in Armonk, New York.
Challenges faced by IBM before using K8s:
- CHALLENGE 1: SCALABILITY
- CHALLENGE 2: IMPROVEMENTS
- CHALLENGE 3: AUTO SCALING
- CHALLENGE 4: EVENT AUTO SCALING
- CHALLENGE 5: ASYNC REQUESTS
- CHALLENGE 6: EVENT SOURCES
- CHALLENGE 7: EXTENSIONS
- CHALLENGE 8: UPGRADE AND ROLLBACK SUPPORT IN THE KNATIVE OPERATOR
IBM Cloud offers public, private, and hybrid cloud functionality across a diverse set of runtimes from its OpenWhisk-based function as a service (FaaS) offering, managed Kubernetes and containers, to Cloud Foundary platform as a service (PaaS).
These runtimes are combined with the power of the company's enterprise technologies, such as MQ and DB2, its modern artificial intelligence (AI) Watson, and data analytics services.
Users of IBM Cloud can exploit capabilities from more than 170 different cloud native services in its catalog, including capabilities such as IBM's Weather Company API and data services. In the later part of 2017, the IBM Cloud Container Registry team wanted to build out an image trust service.
SOLUTION:
The work on this new service culminated with its public availability in the IBM Cloud in February 2018. The image trust service, called Portieris, is fully based on the Cloud Native Computing Foundation (CNCF) open source project Notary, according to Michael Hough, a software developer with the IBM Cloud Container Registry team.
Portieris is a Kubernetes admission controller for enforcing content trust. Users can create image security policies for each Kubernetes namespace, or at the cluster level, and enforce different levels of trust for different images. Portieris is a key part of IBM's trust story, since it makes it possible for users to consume the company's Notary offering from within their IKS clusters.
The offering is that Notary server runs in IBM's cloud, and then Portieris runs inside the IKS cluster. This enables users to be able to have their IKS cluster verify that the image they're loading containers from contains exactly what they expect it to, and Portieris is what allows an IKS cluster to apply that verification.
ITS IMPACT:
IBM's intention in offering a managed Kubernetes container service and image registry is to provide a fully secure end-to-end platform for its enterprise customers.
"Image signing is one key part of that offering, and our container registry team saw Notary as the de facto way to implement that capability in the current Docker and container ecosystem," Hough says.
The company had not been offering image signing before, and Notary is the tool it used to implement that capability.
"We had a multi-tenant Docker Registry with private image hosting," Hough says. "The Docker Registry uses hashes to ensure that image content is correct, and data is encrypted both in flight and at rest. But it does not provide any guarantees of who pushed an image. We used Notary to enable users to sign images in their private registry namespaces if they so choose."
"With our IBM Cloud Kubernetes as-a-service offering and the admission controller we have made available, it allows both IBM services as well as customers of the IBM public cloud to use security policies to control service deployment."
— MICHAEL HOUGH, A SOFTWARE DEVELOPER WITH THE IBM CLOUD CONTAINER REGISTRY TEAM
This is how the IBM cloud made use of Kubernetes and solved its problem regarding their challenges.
There are lot more companies who are solving their challenges like Spotify, Babylon, Adidas, AppDirect,etc. using Kubernetes.
Thank you for reading this article till here!!!!!!
Keep Learning and Keep Sharing!!!!