While Kubernetes has an impressive lineage, a large growing ecosystem and many enthusiastic supporters, it is not a turnkey solution. Kubernetes provides incredible functionality and flexibility but puts the onus on platform teams to make it, and its orbit of technologies, easily consumable by the rest of the company.
Implementing Containerized ALM
Containerized Application Lifecycle Management (ALM) platforms come into play after the underlying infrastructure has been configured properly AND Kubernetes is operational.
ALM-related tasks can broadly be divided into two buckets:
- Cluster Customization
- Application Configuration
ALM-related tasks that fall into the Cluster Customization bucket include:
- Container Networking Interface: Facilitates Kubernetes pod-to-pod communications.
- Storage Provisioning: Enable persistent storage that is then available to containers.
- Namespace Management: Namespaces divide cluster resources between multiple users providing isolation between those users such that one group cannot see the resources of the other group.
- Ingress Controller: Ingress exposes HTTP, HTTPS, UDP, TCP routes outside the cluster to services within the cluster. In order for an ingress resource to work, the cluster must have an ingress controller running.
- Log Aggregation Infrastructure: Enables you to gather and consolidate logs data across clusters, locations, environments and clouds.
- Multi-Cluster Admin: Enabled administration via console or homegrown tools to manage clusters.
- Service Mesh: A dedicated infrastructure layer that controls service-to-service communication. Kubernetes service meshes are capable of load balancing, fine-grained traffic policies, service discovery, service monitoring, tracing, routing, secure service to service communication and more.
ALM-related tasks that fall into the Application Configuration bucket include:
- Application Templating: Configuration of app elements, definitions, and policies such that they can be successfully operated on a reusable and repeatable basis.
- Private Registry Integration: Clusters need to pull container images from a combination of public and private container registries. Access to private container registries requires the provisioning of cluster authentication credentials.
- Secrets Distribution and Updates: Kubernetes objects store sensitive data such as username and passwords using encryption. There are multiple ways of creating secrets in Kubernetes.
- App Health Checks: Determine the health of individual apps on a container-by-container basis.
- Horizontal Pod Autoscaling: Ensures consistent application service levels during higher or lower usage periods by automatically spinning up or down additional application container replicas.
- Global Load Balancing: Direct user traffic to clusters deployed across multiple clusters.
- App Ingress Configuration: Defines how to route inbound requests to backend resources in a Kubernetes cluster.
- Container upgrades: There are several options for performing software application upgrade including attempting to perform a successful upgrade on a single “canary” cluster before upgrading the remaining clusters.
- Troubleshooting and Diagnostics: Centralize Tools and alerts in one secure location for triage and analysis.
- Data Distribution and Synchronization: Applications running across multi regions, locations or clouds require reliable, multi-purpose pipelines to distribute data in a timely fashion.