The technological forays that I often get into while resolving a variety of business challenges faced by our customers led me to Kubernetes1 recently. I realized the huge potential of Kubernetes as I learnt more about it.
As a Cloud leader, I get to work with some of the largest enterprises in various capacities. My team is responsible for the design, implementation, management and operational aspects of cloud for some of the largest customers running the most critical workloads in the Cloud— be it hyper scale providers or private or hybrid.
Clearly, the needs of the enterprises are quite diverse compared to what individuals or purists like developers look for. The demand for various requirements such as the security, management, monitoring and other operational aspects are usually non-negotiable for enterprises. In addition, all the enterprise parameters must be on track at all times to ensure high adoption and leverage with Kubernetes.
Based on my direct understanding of our customers, I outline some of the key gaps which I believe Kubernetes has as it is still maturing as of date. However, I am quite confident that technology providers, platform providers, and service providers will be sure to fill these gaps in due course. In fact, I am rushing to fill a few of them as a service provider myself.
Most enterprises want to reduce their risk at the outset. Though they may not always choose the latest and the greatest technology, they will most certainly be concerned about the security and compliance of any new technology that they are considering. Hence, when it comes to Kubernetes, they are no different. They want to know how secure is Kubernetes; for example, who and how are they running Kubernetes in production? What breaches, if any, have been noticed? What is their potential exposure by adopting such a technology? What policies are established to better secure it? What remediation or mitigation opportunities exist? These are not trivial questions, especially, when the technology is new and is being primed for large-scale adoption.
Secure infrastructure design based on Kubernetes is the need of the hour. It is what most enterprises are asking for, but I fail to find enterprise-ready solutions that fully address the need.
A few options that I have uncovered are Aqua Security, Dome9, and Twistlock, but most of them fail to address enterprise security with compliance and auditing capabilities.
Most enterprises require all the management aspects such as monitoring, alerting, and troubleshooting to be fully available. However, the reality is that most technologies tend to have management as a bolt-on feature. Kubernetes on the other hand, has been embedding management as an integrated part of the technology implementation itself. For example cAdvisor along with kube-proxy are great add-ons built effectively into the technology to give the required outputs and the instrumentation metrics as needed.
I find that a variety of choices for ongoing management is available. There is early interest from commercial and big players like Splunk, Datadog, Loggly and the CNCF-sponsored open source players like Prometheus, or even Graylog. The commercial options are good steps in the right direction, but the open source version needs a bit more work.
Most enterprises need an operational framework which facilitates updates, upgrades to deal with the new features and potential security vulnerabilities in the future. Ideally, a self-healing and self-addressed operational framework works best in a hands-off environment thus reducing manual labor and human error.
The update and upgrade are the best features available in Kubernetes for zero downtime deployment in the form of blue/green deployments and/or canary deployments. A rolling update feature along with patch management is natively provided by the technology. For instance, a standard policy can be set up to ensure a certain percentage of resources is available for it based on various heuristics or other metrics.
As most of the binaries, both on server and client, are connected and tested extensively together, it is also incumbent on the operation team to ensure that the binaries are updated as and when an update happens either on server or on client.Kops is an example of an operation framework that is currently available.
Most enterprises would prefer an easy installation process using either a step-by-step wizard or an automated installation process that requires only a few options to be selected before infrastructure can be quickly configured. Although this certainly is their wish list, the enterprises realize that there is no silver bullet and no one size fits all. Each enterprise has different business criticality and availability requirements. More options would necessarily mean more flexibility but can be at the expense of a longer learning curve and a possibility for more errors to happen.
I have yet to find any UI-based Kubernetes distribution or platform which would either setup or install a Kubernetes cluster automatically as per the best practices or based on certain step-by-step guidance.
I will let you decide if Kubernetes is ready for enterprises or if you, as an enterprise are ready for Kubernetes. But, as a powerful and flexible platform for handling large-scale container development for cloud-based applications, Kubernetes is an enticing choice to consider for extracting the maximum value from your Cloud investment.
(1) Kubernetes is an open source platform designed by Google for automating, deploying, scaling and operating containers for application development.