Choosing the right Kubernetes Hosting Solution
Blog: Capgemini CTO Blog
Things to consider while selecting a Kubernetes platform
The container war is over, and Kubernetes is the clear winner! When it is about running your containers, the clear choice is Kubernetes, and there are no second thoughts about it. But what people don’t know is that Kubernetes is a complex beast that needs taming.
Therefore, before you make that decision to install, run, and manage Kubernetes on your own, think twice. Installing Kubernetes for playing around or as your Dev environment is one thing, but when it comes to running it on production, you need to consider a lot of aspects that might create more problems in your life than Kubernetes solves.
It’s not that Kubernetes is not the right solution. It is revolutionary and has changed the way we look at IT infrastructure and applications. However, because of its flexibility, you would not want to fine-tune it all by yourself.
Best practices are only guidelines, and things change according to your specific use case. Still, I would say that more from-the-scratch installations, including using tools such as kubeadm, need a lot more configuration than merely running a few commands.
The problem with the way people market Kubernetes to the organization leadership is that it all seems like we can get a cluster running within a few hours, and most management agree that it would be a piece of cake to manage – but that is not the case.
Let’s look at what aspects you would need to take care if you run a self-hosted Kubernetes solution:
- High availability – Running a single control-plane Kubernetes cluster seems to be easy to boot, but things start to get complicated when you must ensure high availability. Apart from multiple worker nodes, you also need to have redundant control plane nodes running in multiple data centres just in case you lose a DC that hosts your control plane node. Similarly, you also need to ensure high availability of your etcd cluster.
- Security – The default installation is a more general setup, and you would need to harden your Kubernetes cluster if you want to use it in production. Although there are tools available in the market that can run conformance tests on your cluster, not all recommendations would be easy to implement if you lack experienced Kubernetes admins.
- Management - You will also have to back up the cluster, patch it, and upgrade it regularly. You will have to ensure that you install all security patches on time. If you don’t automate these, you will put yourself into a significant risk.
- Integration with core services – You need to integrate your custom installation with your cloud or virtual machine APIs using Kubernetes controllers that interact with these providers to provide infrastructure for you, such as load balancers and persistent volumes. What that means is that you store the configuration and details, such as API keys and secrets within your Kubernetes control plane nodes, and therefore need to ensure appropriate security to prevent misuse.
In the end, you need to balance between what you spend, and what you save by using Kubernetes. The cost might not be a factor, but if you spend a lot of your budget paying expensive Kubernetes professionals, you might want to consider some other options.
A Kubernetes solution depends on your situation and your positioning but let’s try to understand a few scenarios that would help select the right platform for you.
Are you already running in the cloud?
If the answer is yes, then you should consider a hosted solution for your needs. It is not only quick to create a cluster and deploy your containers on it, but they manage it for you. That means that the cloud provider takes care of most of the admin activities such as high availability, security, upgrading, and OS patching for your cluster, all without you not even noticing it.
It is better to use a hosted solution on the cloud, rather than running your own IaaS – based solution even if it gives you the same result. You will not only benefit from a financial point of view but will also save yourself the pain of managing everything by yourself.
Some of the most popular hosted cloud Kubernetes solutions include:
- Google Kubernetes Engine – This product from Google is one of the most robust managed Kubernetes clusters available in the market. You pay for the worker nodes and a $0.10/cluster/hour management charge. The best part is that with Google Anthos, you can also run GKE on premises. I will come to that later.
- Azure Kubernetes Service – AKS is Azure’s managed Kubernetes offering. The best part of AKS is that Microsoft charges no cluster management charge for running your cluster. You only pay for the worker nodes and network resources you use. They are also cheap in the long run if you want to use committed use discounts or already are a Microsoft partner.
- Amazon Elastic Kubernetes Service – AWS had its Elastic Container Service for a while, but they have now placed their bet on Kubernetes and EKS is evolving quite a bit. It is priced competitively and charges a $0.10/cluster/hour management charge, plus the worker node and other infra costs similar to Google.
There are other Kubernetes solutions available from different clouds, but I will not cover all of them as we need to look into other scenarios.
Are you running on premises?
On-premises infra is a second-class citizen in the Kubernetes landscape. It’s not that Kubernetes does not run on premises, but it does not provide out-of-the-box features that it allows for typically when it runs on the cloud. For example, it cannot spin Load Balancer services for you or claim dynamic, persistent volumes in the default setup. If you have a virtualized infrastructure on premises, there are controllers available for VMware and VSphere that can help you achieve that capability. However, as they aren’t widely used, they require skilled resources to maintain.
Though I would recommend moving to the cloud if possible, if regulatory or security reasons constrain you, there are a lot of turnkey solutions available for the on-premises market:
- Google Kubernetes Engine on Anthos – Anthos is an application management platform provided by Google that you can install on your on-premises infrastructure to convert it into an environment consistent with the cloud. Once you have Anthos installed, you can run GKE over it just as you would run on the cloud.
- OpenShift – Red Hat’s OpenShift is one of the most popular on-premises Kubernetes installations in the market that allows you to secure your containerized applications out of the box. OpenShift is built for the enterprise, and they have high regard for security – but at the expense of flexibility. They are a bit on the expensive side and mainly targeted for enterprises.
- Rancher – Rancher is a management solution over Kubernetes that helps you manage Kubernetes applications on premises and on the cloud through a single control plane. While you can use Rancher to manage your cloud setups, on the on-premises sites, you can use Rancher’s Kubernetes Engine (RKE), which is a Rancher- managed Kubernetes cluster created via the Rancher UI rather than more complicated methods. You can pick and choose standard features and toggle them on and off with just a click of a button.
If you still choose to DIY, make sure that you use tools such as kubeadm, kops, or kubespray for that. They ensure that you run a standard setup. You should also look at various aspects for ensuring production readiness and run conformance and security testing for your cluster as most issues would be covered in them.
Happy to connect!