Kubernetes Solving Usecases in Industries

What is Kubernetes?

“Kubernetes, or k8s, is an open source platform that automates Linux container operations. ... “In other words, you can cluster together groups of hosts running Linux containers, and Kubernetes helps you easily and efficiently manage those clusters.”

Kubernetes is also known as K8's which was developed and designed by engineer at Google. Google was one of the early contributor to Linux container technology.

It is an open source container orchestration platform that automates the manual process of deploying, managing and scaling the containerized application.

The Kubernetes is designed in such a way that a Kubernetes cluster should :

• Extendable- It shouldn’t favor one provider and should be customizable from a configuration file.
• Secure- It should follow the latest security for pods and network.
• Easy to use- It should be used by the user friendly webUI or by using some simple commands.

Features of Kubernetes:

• Automates various manual processes [deploy manage scale containerized application]
• Interacts with several groups of containers
• Kubernetes offers security, networking and storage services
• Self-monitoring-[Kubernetes checks constantly the health of nodes and containers]
• Horizontal and Vertical resource scaling
• Storage orchestration[Mounts and add storage system of your choice to run apps]
•  Automates rollouts and rollbacks
•  Run everywhere

Introduction to Kubernetes Architecture

Kubernetes architecture comprises the following components.

Cluster

• A collection of servers that combines available resources 
• Includes RAM, CPU, disk, and devices

Master

• A collection of components that make up the control panel of Kubernetes
• Consists of both scheduling and cluster events

Node

• A single host capable of running on a virtual machine
• Runs both Kube-proxy and Kubelet, which are a part of the cluster

After going through the introduction to Kubernetes architecture, let us next understand the need for the containers.

Need for Containers

With the ever-expanding presence of technology in our lives, downtime on the internet is becoming unacceptable. Hence, developers need to find solutions to maintain and update the infrastructure of the applications we depend on without interrupting other services people depend on. 

The solution is container deployment. Containers work in isolated environments, making it easy for developers to build and deploy apps.

Nodes

A node is a worker machine on Kubernetes. It is a Virtual Machine or a physical machine based on the cluster. The master maintains the code, and each node contains the necessary components required to run the Kubernetes cluster. 

Persistent Volumes

Kubernetes persistent volumes are administrator provisioned volumes with the following characteristics.

Kubernetes Architecture

Kubernetes has two nodes—Master Node and Server Node.

How is Kubernetes Being Used in the Enterprise?

Some companies merge Kubernetes with their existing systems for better performance. For example, let's take a look at the company Black Rock. Black Rock needed better dynamic access to their resources because managing complex Python installations on users' desktops were extremely difficult. Their existing systems worked, but they wanted to make it work better and scale seamlessly. The core components of Kubernetes were hooked into their existing systems, which gave the support team better, more granular control of clusters.

While Kubernetes gives enterprise IT administrators better control over their infrastructure and, ultimately, application performance, there is a lot to learn to be able to get the most out of the technology.

CASE STUDY

IBM :

Challenge

IBM Cloud offers public, private, and hybrid cloud functionality across a diverse set of runtimes from its OpenWhisk-based function as a service (FaaS) offering, managed Kubernetes and containers, to Cloud Foundry platform as a service (PaaS). These runtimes are combined with the power of the company's enterprise technologies, such as MQ and DB2, its modern artificial intelligence (AI) Watson, and data analytics services. Users of IBM Cloud can exploit capabilities from more than 170 different cloud native services in its catalog, including capabilities such as IBM's Weather Company API and data services. In the later part of 2017, the IBM Cloud Container Registry team wanted to build out an image trust service.

Solution

The work on this new service culminated with its public availability in the IBM Cloud in February 2018. The image trust service, called Portieris, is fully based on the Cloud Native Computing Foundation (CNCF) open source project Notary, according to Michael Hough, a software developer with the IBM Cloud Container Registry team. Portieris is a Kubernetes admission controller for enforcing content trust. Users can create image security policies for each Kubernetes namespace, or at the cluster level, and enforce different levels of trust for different images. Portieris is a key part of IBM's trust story, since it makes it possible for users to consume the company's Notary offering from within their IKS clusters. The offering is that Notary server runs in IBM's cloud, and then Portieris runs inside the IKS cluster. This enables users to be able to have their IKS cluster verify that the image they're loading containers from contains exactly what they expect it to, and Portieris is what allows an IKS cluster to apply that verification.

Impact

IBM's intention in offering a managed Kubernetes container service and image registry is to provide a fully secure end-to-end platform for its enterprise customers. "Image signing is one key part of that offering, and our container registry team saw Notary as the de facto way to implement that capability in the current Docker and container ecosystem," Hough says. The company had not been offering image signing before, and Notary is the tool it used to implement that capability. "We had a multi-tenant Docker Registry with private image hosting," Hough says. "The Docker Registry uses hashes to ensure that image content is correct, and data is encrypted both in flight and at rest. But it does not provide any guarantees of who pushed an image. We used Notary to enable users to sign images in their private registry namespaces if they so choose."

"We see CNCF as a safe haven for cloud native open source, providing stability, longevity, and expected maintenance for member projects—no matter the originating vendor or project."

— Michael Hough, a software developer with the IBM Container Registry team

THANK YOU FOR READING !