Kubernetes installation and deployment: Key capabilities checklist
As more and more enterprises are using Kubernetes in production, there are some key features and capabilities that are needed so that a Kubernetes solution is enterprise and production ready. Here, Bich Le provides a checklist of these key capabilities for Kubernetes installation and deployment. Take notes!
Enterprise production readiness with Kubernetes installations means that you have the ability to securely and repeatedly deploy, manage and maintain multiple clusters over long periods of intensive usage. What do you need to achieve this?
Key capabilities required for Kubernetes deployment
As more enterprises plan to deploy Kubernetes on production, here is a checklist explaining what it means for a Kubernetes solution to be enterprise and production ready. These are the key features and capabilities that are needed:
- Flexible deployment options – Although many enterprises like the simplicity of cloud deployments, ultimately in production they may want to have their clusters hosted on-premises on their own hardware. A solution that allows them to have this flexibility and deploy clusters anywhere they want is very important, with a unified management pane that allows them to manage clusters running both on-premises and in the cloud.
- Highly available control plane – To ensure that Kubernetes APIs are available and functional all the time, it is necessary that there be a high availability of the control plane, as that is where the API runs. It is important for the Kubernetes solution to be resilient to issues like node failures so that if a master node goes down, the API stays up. True production readiness requires that this control plane can be upgraded without disruptions to applications and production schedules. This also means that the solution should provide a disaster recovery mechanism in case the entire control plane goes down and be able to recover it from a backup if a disaster does strike.
- Selective data plane upgrades – The data plane is also very important because that is where worker nodes and the actual applications are running. The Kubernetes solution should be able to perform a rolling upgrade of the data plane in such a way that nodes are taken down from maintenance one at a time. This allows applications to continue to run and pause to be re-scheduled on the fly and maintain application high availability.
- Policy-driven security – Another important focus for most enterprises is security, which can be divided into three key areas:
- Secure container images – The security of the docker images that are used to run the containers is important and you want to make sure that those images are free of malware. There are several technologies and tools out there that can perform that kind of check.
- Multi-tenant access: You want these clusters to be accessible by multiple groups, teams, and users, so it is very important for the solution to enable Kubernetes Role Based Access Control (RBAC) on the cluster.
- Network security – Support for Kubernetes network policies is critical. Network policies allow you to specify rules describing what kinds of connections are allowed or not allowed between namespaces or applications. This is one way to isolate different tenants running on the cluster.
- Support of key Kubernetes features – There are key Kubernetes features that every production grade deployment needs to support:
- Resilient storage – The Kubernetes solution must supply a resilient storage layer that can be used to support data volumes for pods, as data volumes are critical for stateful applications like databases.
- Application load balancers – In many cases, you want to be able to expose an application running on the cluster to the external world. It is important to be able to rely on a load balancing technology that can take all that incoming traffic and route it to the appropriate pods.
- Monitoring and Visibility – It is vitally important to monitor and have visibility into what happens in the cluster:
- Log collection, aggregation, analysis – The solution must be able to collect logs, aggregate them, and make them available for analysis. This allows you to catch various types of problems by performing searches or seeing patterns in those logs.
- Network performance – It is vital to have visibility into the network traffic to troubleshoot bottlenecks or see patterns of network traffic. You can see what applications or what services are being bombarded with requests and be able to respond to those issues.
- Application performance monitoring – This ensures that apps are functioning as planned and identifies any abnormalities for correction.
In-house Kubernetes installations are challenging
The Kubernetes ecosystem is increasingly becoming vast and there is a wealth of open source tools, technologies, and plug-ins that allow users to cobble together their own Kubernetes solution. However, this is fairly complex, especially configuring it for optimal performance.
It can be challenging for enterprises to carry out these activities employing DIY Kubernetes installations when trying to establish production readiness:
- Stand-up clusters – Numerous Kubernetes deployment tools exist, including these well-known, open source means: kops, kubespray, kubicorn, Rancher Kubernetes Engine (RKE)
- Monitoring – Applications use Prometheus, Sysdig or Datadog, while networks employ Istio
- Logging – Utilizes Fluentd and ELK Stack
- Ensuring HA – This is a complex topic. For the control plane, kops is good for installing Kubernetes on AWS
- Multi-Tenancy – Kubernetes provides multi-tenancy in the form of namespaces and RBAC. Using technologies like Network Policy and Layer-2 based SDN (e.g., Contrail) there is also MT isolation at the network layer. Plus, projects like Kata Containers help improve tenant isolation at the container/VM level.
Platform9 managed Kubernetes helps avoid the challenges with Kubernetes installation
Use of managed services from specialized vendors like Platform9 – bringing the expertise and automation tools for carrying out the activities noted above – helps enterprises achieve production ready Kubernetes installation. Platform9 offers a managed Kubernetes solution that works out of the box, supports multiple types of deployments on cloud or on-premises, and addresses the criteria for enterprise and production ready Kubernetes.
If you’re ready to get started, you can deploy a free sandbox with Kubernetes installed. The sandbox includes a guided walkthrough for SaaS-managed Kubernetes, which allows you to get your environment up and running in just minutes. You can also contact us to schedule a free consultation or to register for a free 15-day trial.
This post was originally published on Platform9.