Enterprise production readiness with Kubernetes installations indicates the ability to securely and repeatedly deploy, manage and maintain multiple clusters over long periods of intensive usage.
The key features and capabilities that are needed to enable production-ready Kubernetes
1. Flexibility to deploy applications at any location or infrastructure
2. Highly Available Control Plane
3. Data plane upgrades with low/no downtime
4. Policy driven security including Multi-tenant access and networking
5. Resilient storage
6. Application load-balancing
7. Monitoring and visibility
Transcript of video:
Bich Le: [00:18] As more and more enterprises are planning to deploy applications and production on Kubernetes I thought it would be good today to review a checklist of what it means for a Kubernetes solution to be Enterprise and production ready. Now, one of the first things that comes to mind is flexibility in deployment options. Many enterprises, even though they like the simplicity of cloud deployments ultimately in production they may want to have their clusters hosted on premises on their own hardware. Bich Le: [00:54] So, solutions that allows them to have this flexibility and deploy clusters anywhere they want is very important, along with a unified management pane that allows them to manage clusters running both on premises and in the cloud.
Bich Le: [01:11] A second feature that I think is very important is high availability of the control plane. The control plane is where the API runs, and it should be very important for the solution to be able to be resilient to things like node failures. So, if a master node goes down the API stays up. This also means that the solution should provide a disaster recovery mechanism in case the entire control plane goes down, and should be able to recover it from a backup, for example, if a disaster does strike.
Bich Le: [01:50] Those are very important things, but then moving on the data plane is also very important because that's where worker nodes and the actual applications are running. For example, the solution should be able to perform a rolling upgrade of the data plane in such a way that nodes are taken down for maintenance one at a time, and thereby allowing applications to continue to run and pods to be rescheduled on the fly and maintain application high availability.
Bich Le: [02:23] One area that is very important for most enterprises is security. Now, let me divide it up into three different areas. One is the security of the doc or images that are used to run the containers. We want to make sure that those images are free of malware ad there are several technologies and tools out there that can perform that kind of a check. Secondly, we want these clusters to be able to be accessed by multiple groups and teams and users, so it's very important for the solution to enable Kubernetes RBAC, which is role-based access control on the cluster. Third, network security is also very important. This is one way to isolate different tenants running on the cluster, and so support for something like Kubernetes network policy is critical. Network policies all you to specify rules describing what kinds of connections are allowed or not allowed between names, bases or applications.
Bich Le: [03:28] There are also key Kubernetes features that every production grade deployment really needs to support. The first one that comes to mind are data volumes. This is critical for stateful applications like databases. The Kubernetes solution must supply a resilient storage layer that can be used to support data volumes for pods. Another thing that also comes to mind a lot is load balancers. In many cases you want to be able to expose an application running on the cluster to the external world. It's very important to be able to rely on a load balancing technology that can take all that incoming traffic and then route it to the appropriate pods.
Bich Le: [04:18] Last, but not least is monitoring invisibility into what happens in the cluster. For example, it is vitally important for the solution to be able to collect logs and aggregate them, and make them available for analysis so that you can catch various types of problems by performing searches or see patterns in those logs. It's also very important to be be able to have visibility into the network traffic to troubleshoot bottlenecks or see patterns of network traffic and perhaps see what applications or what services are being bombarded with requests and be able to respond to that. Finally, it would also be very nice for the solution to enable some kind of application performance monitoring.
Bich Le: [05:11] There's a wealth of open source tools and technologies and plugins that allow users to cobble together their own Kubernetes solution, however this is fairly complex and especially configuring it for optimal performance. On the other hand, Platform 9 offers a managed Kubernetes solution that just works out of the box, supports multiple types of deployments on cloud or on premises and addresses all of the issues that we previously discussed, these criteria for Enterprise and production-ready Kubernetes.