Logo Header Menu

Five DevOps lessons: Kubernetes to scale secure access control

Jeff Klink, vice-president, engineering and cloud at Sera4, discusses the lessons learned when switching to Kubernetes and containers Five DevOps lessons: Kubernetes to scale secure access control image

The rise of Kubernetes from an overly complicated open source project into the industry standard for next-generation applications is nothing short of astonishing. Last year, as it became clear that Kubernetes would become the cloud-native and large enterprise workload orchestrator of choice, Sera4 chose it to expand its secure access and control services and solutions into new industries. The reward for making the switch was remarkable: the rollout of an entire data centre now takes between two to four hours, instead of our previous six-week best.

The road to a containerised future is full of potholes, so here are five lessons that can help you reboot your infrastructure with a container/microservice-based architecture.

Lesson one: scalability

Any time you get a group of developers together for Kubernetes design and development, you’ll get multiple solutions, but only one will scale well. Scaling is a very real concern, especially for businesses with large enterprise customers that don’t have the luxury of canary testing solutions that might work. Projects need to be rolled out rapidly, so you need to find a way to scale and manage Kubernetes workloads much faster than you did previously.

Developing a scaling strategy for IoT

With Internet of Things (IoT) networks continuing to add more devices, we explore how to go about developing an effective scaling strategy for IoT. Read here

Failure is a very real factor when trying to transform from a virtual and bare metal server farm to a distributed cluster, so determine how your services can scale and communicate if you’re geographically separating your data and customers. Clusters operate differently at scale than your traditional server farms, and containers have a completely different security paradigm than your average virtualised application stack.

Be prepared to tweak your cluster layouts and namespaces as you begin your designs and trials. Become agile with Infrastructure as Code (IAC), and be willing to make multiple proof-of-concepts when deploying. Tests can take hours and teardown and standup can be painful when making micro-tweaks along the way. If you do this, you will remove larger scaling considerations with a good base for faster and larger scale. My advice is to keep your core components close and design for relay points or services when attempting to port into containers, or into multi-cluster designs.

Lesson two: transitioning skills

Reskilling is all about adaptability. If your team doesn’t have container DevOps expertise, their experiences using the tooling to manage VMs may help. Lean on the tooling and toolsets inherent in Kubernetes management platforms as well as support from the Kubernetes community.

Starting strong when building your microservices team

Suraj Kumar, general manager for integration & API at Software AG, discusses how to go about building a microservices team. Read here

Our thought process for this is simple. If a mechanic knows how to work on a sedan, give them a pickup truck, and they’ll quickly figure out how to transfer their experience. DevOps is similar. Once you dissect what the components are and where to find them, the “how” will fall into place with equivalent tooling. You’d be surprised at what your team can do with containers in a short time, without formal retraining. We looked immediately to Rancher for Kubernetes management, Helm, Terraform, GitOps and others as our foundational tooling.

Lesson three: affinities, reservations, taints and tolerances

The notions of affinity/anti-affinity, resource reservations, taints and tolerances are Day 0 critical requirements in a Kubernetes deployment. Don’t let containers act like spoiled children that get away with demanding too much CPU or memory — and they will if you let them. Use these guards to protect your workloads and prevent them from negatively impacting other containers and applications.

Lesson four: sidecars

Sidecar design patterns, although wonderful conceptually, can either go incredibly right or horribly wrong. Kubernetes sidecars provide non-intrusive capabilities, such as reacting to Kubernetes API calls, setting up config files, or filtering data from the main containers. Sidecars can be deployed together, scaled together and useful when reusing resources, all of which are key to scaling and maximising resources.

Understanding your core services requirements allows you to apply sidecars to complement the functionality each service needs and keep containers true to their core jobs. Scaling microservices takes dedication when applying responsibilities to containers, and sidecars are a great mitigating factor for this.

Lesson five: container security

Securing containers can be a hard and time-consuming lesson. With open source containers, you can find almost any type of application in a small container. And while you can get started quickly, design basic prototypes in hours and launch them – you’ll find the container breaks almost every fundamental security rule of a basic Linux machine.

What to know about open source security

Many companies have a preference towards open source technology, so what should be kept in mind in regards to ensuring its security? Read here

When you finish prototyping, harden your image and deploy your pod security policies – these are the best hours you’ll ever invest in security. Analysing what users are running during the initial process, understanding how credentials are set up or injected, and ensuring a container is only exposed to what it needs to be are three basic steps to take before moving any container into production. Also, be willing to cut your own production images down to barebones and think how to compliment your images with repeatable configurations and secrets, network namespaces and options, security constraints and liveness and readiness checks that make sense.

In summary, while container technology was developed and initially deployed by cloud providers and cloud-native startups, it has matured to the point that it’s within the reach of any technically competent IT organisation. Available software, cloud products and support services allow your teams to “fail fast” and tweak your stack accordingly. The quicker you fail, the faster you can rebuild.

Written by Jeff Klink, vice-president, engineering and cloud at Sera4

This article is tagged with: Container Technology, DevOps, Kubernetes

Sign up for Information Age Newsletters

Latest news

divider
Business Continuity
Overcoming the pandemic era with a solid business continuity plan

Overcoming the pandemic era with a solid business continuity plan

27 November 2020 / We’re experiencing a tectonic shift in working practices witnessed by any living generation, with all [...]

divider
Automation
Why RPA is a game changer in the post-Covid era

Why RPA is a game changer in the post-Covid era

26 November 2020 / The Covid-19 pandemic has caused waves of disruption for the vast majority of companies in [...]

divider
People Moves
Colt DCS hires Scott Balloch as new director of energy and sustainability

Colt DCS hires Scott Balloch as new director of energy and sustainability

26 November 2020 / As part of his role as energy and sustainability director, new Colt DCS hire Balloch [...]

divider
Business Skills
Moxtra CTO: ‘The number 1 IT leadership skill I look for in a team hire’

Moxtra CTO: ‘The number 1 IT leadership skill I look for in a team hire’

26 November 2020 / Over the years, I’ve learned that the most important IT leadership skill is to have [...]

divider
Cybersecurity
Proofpoint GM discusses insider threats in a “work-from-anywhere” reality

Proofpoint GM discusses insider threats in a “work-from-anywhere” reality

25 November 2020 / The recently released 2020 Cost of Insider Threats Global Report, collated by Proofpoint and Ponemon, [...]

divider
Automation
Two-thirds of business leaders used automation for Covid-19 response — Deloitte

Two-thirds of business leaders used automation for Covid-19 response — Deloitte

25 November 2020 / According to the research from Deloitte, 73% of organisations worldwide are now using automation technologies, [...]

divider
Research
A quarter of London tech companies may not survive a no-deal Brexit

A quarter of London tech companies may not survive a no-deal Brexit

25 November 2020 / Following economic disruption caused by Covid-19, 75% of London tech leaders have warned that the [...]

divider
Government & Public Sector
Is graph technology the fuel that’s missing for data-based government?

Is graph technology the fuel that’s missing for data-based government?

24 November 2020 / Today, graphs are used in a wide variety of government contexts. Graph databases have been [...]

divider
Cloud & Edge Computing
Q&A: Cloudreach cloud strategist discusses deployment during Covid-19

Q&A: Cloudreach cloud strategist discusses deployment during Covid-19

24 November 2020 / Ahead of AWS Re:Invent, Information Age spoke to Jeremy Ward, cloud strategist at Cloudreach, about [...]

Do NOT follow this link or you will be banned from the site!

Pin It on Pinterest