Top Five - Open Source Kubernetes Best Practices for effective workload management
Amit Sengupta
Portfolio Lead (Associate Director) - Cloud and Open Source Capability Unit at CAPGEMINI AMERICA, INC
While provisioning a Kubernetes cluster is relatively easy, each new cluster is the beginning of a very long journey, and every cluster we add to our Kubernetes fleet increases management complexity. In addition, many enterprises struggle to keep up with a rapidly growing number of Kubernetes clusters spread across on-Prem, cloud, and edge locations — often with diverse Kubernetes configs and using different tools in different environments.
Fortunately, there are several K8s best practices that will help rein in the chaos, increase Operational?success, and prepare to cope with fast-growing and dynamic Kubernetes requirements. The five strategic Kubernetes best practices that will put us on the path to effectively manage a well-orchestrated enterprise would be -
Best Practice 1: Think Hybrid and Multi-Cloud
The pandemic has been a reality check for organizations of all sizes, establishing the value of cloud computing and cloud-native development and accelerating their adoption.
Because Kubernetes workloads can be highly portable, we have the option to deploy workloads in any cloud to deliver an optimal experience for end users, where optimal may mean the best performance with the lowest network latency or the ability to leverage a differentiated service native to a particular cloud.
While Hybrid and Multi Cloud?Kubernetes cluster deployments provide advantages to the business and have become a best practice, they increase the operational complexity of our Kubernetes clusters. However, the right SaaS tools offer significant advantages in hybrid and multi-cloud environments, enabling us to operate across multiple public clouds and data center environments with less friction while allowing a greater level of standardization.
Best Practice 2: Emphasize Automation
Managing Kubernetes with kubectl commands and a few scripts is not too difficult when we only have a few clusters, but it simply doesn’t scale. Automating and standardizing common cluster and application operations allows us to manage more clusters with less effort while avoiding misconfigurations due to human errors. For this reason, automation is considered a best practice for gaining control of our Kubernetes fleet.
Adoption of GitOps is the probably the recommended way to move forward, bringing the familiar capabilities of Git tools to infrastructure management and continuous deployment (CD). In last year’s?AWS Container Security Survey, 64.5% of the respondents indicated they were using GitOps already. With GitOps, when changes are made to a Git repository, code is pushed to (or rolled back from) the production infrastructure, thus automating deployments quickly and reliably.
Relevant Enterprises also leverage Open Policy Agent?(OPA) as their Kubernetes management tool of choice, a general-purpose policy engine used to enforce policies in microservices, Kubernetes, CI/CD pipelines, API gateways, etc. OPA has the capability to scale and enable policy-based management across a mid to large scale enterprise wide K8s clusters.
Best Practice 3: Apply “Zero-Trust” security principles.
Security for Kubernetes clusters should never be an afterthought. Mission-critical clusters and applications running in production require the highest level of security and control. In addition, as our footprint grows, enterprise may be exposed to new security risks.
Applying zero-trust principles?with below listed necessary hooks would augment the best practice for securing our K8s environment.
API Server
领英推荐
Authentication
Authorization
Auditing
Best Practice 4: Maximize Monitoring
There are a variety of open-source solutions for Kubernetes monitoring. However, just like with everything else, monitoring and observability becomes more challenging as the number of clusters and different cloud environments increase.
The best practice is to provide centralized logging with a base level of monitoring, alerting, and visualization across the Kubernetes enterprise. Many organizations implement this on their own using open source tools such as Prometheus and Grafana.
However, in keeping with the previous best practice, there are SaaS services that will do the heavy lifting, providing everything needed in one place with uniform tools across diverse hybrid environments.
Best Practice 5: Opt for Software as a Service
A complete Kubernetes environment has a lot of moving parts. Once we add developer tools, management tools, monitoring, security services, etc., it’s a significant and ongoing investment in time and energy. Substantial skill may be needed to keep all the tools up-to-date and operating as expected. Therefore, as our environment scales, it’s best to let services take the place of software’s and manage ourselves only wherever necessary.
Managed Kubernetes - Most enterprises make use of managed Kubernetes services from public cloud providers such as AWS (EKS), Azure (AKS), and Google Cloud (GKE) to simplify cluster deployment, position applications closer to customers, and provide the ability to dynamically scale up to address peak loads without requiring a lot of CapEx.?A recently released study from the CNCF?found that 79% of respondents use public cloud Kubernetes services. Most public clouds also offer various related services that are easy to consume, complement our Kubernetes operational efforts thereby accelerating development and speed to market.
SaaS Solution - There is an increasing number of software-as-a-service (SaaS) and hosted solutions that provide Kubernetes management, monitoring, security, and other capabilities. The SaaS model, in particular, provides fast time to value, robustness and reliability, flexible pricing and ease of use.
Choosing SaaS tools to address business and operational needs can also help reduce reliance on hard-to-find technical experts.?