Expanding your horizons

Six Essential Kubernetes Extensions to Add to Your Toolkit

Oleg Chunikhin
© Shutterstock / klenger

Kubernetes plugins or extensions are an essential part of any Kubernetes stack that help address various needs and augment your experience. Here are six extension categories to consider as you embark on your Kubernetes journey.

Kubernetes is not an island. To support production-grade deployments, many moving pieces are required, including logging and monitoring capabilities, governance, and so on. To address these needs, there are several extensions or plugins that augment your Kubernetes experience – some are “nice to have” while others are essential.

Here are six extension categories to consider as you embark on your Kubernetes journey.

SEE ALSO: JVMs in Containers, Towards a Perfect Symbiosis!

Overlay network plugins

Containers must communicate somehow, which is why overlay network plugins should be top of your essentials list. While your cluster can work independently of an overlay network (using a physical network instead); once you use this extension, you’ll realize the full value of flexible container management.

Examples of overlay network plugins include Calico, Weave, Flannel, Canal (Calico + Flannel), and Kube Router. Each can be installed manually and separately for each cluster. However, this can be time-consuming and limits scaling. Since the overlay network is a critical part of the Kubernetes cluster, make sure that it is automated and part of your Kubernetes management platform.

Cloud native storage extensions

Most people begin their Kubernetes journey with stateless apps but soon venture into the world of stateful apps. At this point, you’ll need a way to manage cloud native storage using specific extensions. Kubernetes provides basic native storage capabilities; however, they can fall short in areas such as storage provisioning, access management, or SLAs for different storage types. While these can be tackled in a semi-manual way, this places a burden on operations teams and creates scalability issues.

To support scalable Kubernetes clusters with stateful apps, you need to automate cloud native storage management, operations, and governance. For this you have several options including Portworx, Storage OS, and Robin. Open source projects, such as Ceph and Rook, are also popular but require more attention to procuring support services.

This leaves you with three options. Either build your own cloud native storage, leverage a commercial product (or open-source product with commercial support), or use cloud native storage capabilities included with Kubernetes.

The first approach typically isn’t feasible since the work and resources needed to build your own is cost-prohibitive to most organizations. Instead, consider an existing cloud native storage framework from a vendor or using the “raw” storage capabilities built into Kubernetes.

CI/CD pipeline plugins

You have a variety of continuous integration and continuous delivery (CI/CD) extensions to choose from. Some are cloud native specific while others are more general purpose and work with Kubernetes or other deployment tools. Each of these tools has varying degrees of customizability. Some come packaged with pre-configured pipelines, which limit customization, while others are less restrictive but require more effort setting up.

As you review your options, consider the tools your development team is using and their comfort levels. It may be possible to integrate your CI/CD pipeline with Kubernetes and the cloud native stack via plugins. If not, consider open source tools such as Jenkins, Spinnaker, or a combination of both.

Security management and governance frameworks

These frameworks are critical to any enterprise. Unfortunately, governance presents challenges. Different governance rules are implemented through different frameworks and these extensions may overlap with your existing security frameworks. Without a single comprehensive tool that addresses all your governance needs, you will need to mix and match to maximize coverage without going overboard with the number of governance frameworks and overwhelming your operations team.

Security plugins present similar challenges since different organizations have unique security requirements. First, define your requirements and identify the right extensions – again, minimizing the needed frameworks while maximizing coverage.

Some security frameworks will integrate with your overlay network extensions or you can leverage certain Kubernetes security capabilities, including network policies, pod security policies, etc. For automation, solutions, like NeuVector, can apply generic policies across clusters, environments, and applications.

Ingress management extensions

Ingress management allows you to make your Kubernetes cluster services available to external users. To achieve this you can leverage an ingress controller within the cluster. However, more complex scenarios may call for multiple ingress controllers and integration with an API management system such as NGINX or Kong. Both tools integrate with Kubernetes, cloud native tools, and different API management systems.

Application runtime frameworks

There are many application runtime extensions to choose from. Serverless frameworks and service meshes are commonly used with Kubernetes and the ability to deploy these frameworks automatically with each cluster is useful – particularly for development and quality assurance. When using these tools, it’s important to note that they collect additional metric dimensions from your applications and should integrate with your Kubernetes log collection and monitoring. Service meshes, for example, can provide valuable tracing information for monitoring and troubleshooting a wide variety of issues.

Image registry is another essential Kubernetes extension. Image management or artifact management goes well beyond hosting artifact binaries, Helm packages, or Docker images. It supports application recovery and Kubernetes’ ability to restart pods, making it both a deployment time and a runtime dependency. You must also consider governance rules as they relate to these artifacts, such as who can publish in each repository, and integrate these rules with your security framework.

SEE ALSO: Containers and security – What are the five biggest myths?

Making the right choice

Kubernetes plugins or extensions are an essential part of any Kubernetes stack. For certain functionality, such as overlay networks, cloud native storage, or your CI/CD framework, your choice is straightforward. However, security and governance introduce complex issues. The lack of a single comprehensive tool requires deep thought and consideration of your security requirements as you patch together a variety of tools – not an easy task. As an alternative to this pick and mix approach, you may want to consider an enterprise-grade Kubernetes platform like Kublr that addresses Kubernetes’ security and governance challenges by setting up key extensions by default. Such platforms also integrate with identity management systems and RBAC. You may still need to add extensions specific to other needs, but this approach ensures you have the most important frameworks in place to deploy Kubernetes at enterprise scale.


Oleg Chunikhin

With 20 years of software architecture and development experience, Kublr CTO Oleg Chunikhin is responsible for defining Kublr’s technology strategy and standards. He has championed the standardization of DevOps in all Kublr does and is committed to driving adoption of container technologies and automation.

Oleg holds a Bachelor of Mathematics and a Master of Applied Mathematics and Computer Science from Novosibirsk State University, and is an AWS Certified Software Architect.

Leave a Reply