1.Thinking That Kubernetes In The Cloud Can Be Started And Forgotten
In the cloud, you can deploy a cluster in 10 minutes. K8s aaS providers strive to implement most of the add-ons needed for Kubernetes itself and its applications: automation of updates and scaling, balancing, networking, monitoring. The Service format removes some of the headaches of configuring and managing clusters. But this does not mean that a cloud cluster is enough to start and forget.
No K8s aaS provider offers a 100% guarantee of service availability. SLA 99.95% means no more than 5 hours of downtime per year – and these 5 hours of rest per year the provider can tolerate. If you need high availability, you need to provide it through load balancing and replication. And if the provider allows you to run a cluster across multiple Availability Zones, you should use it.
In addition, the provider is only responsible for its part of the K8s aaS infrastructure. He is responsible for the availability of the services provided, which depends on the operation of the equipment, virtualization platform, IaaS and PaaS components. It is always the customer’s responsibility to analyze workload, traffic, and performance.
Employees of the company are responsible for setting up requests, planning capacity utilization and setting up auto scaling logic, disaster recovery – if not using a disaster recovery service from a provider, setting up security and user access, working with databases, and configuring the network.
Start The Cluster In K8s aaS, But Do Not Use Other Services Of The Selected Platform
We have already talked about obtaining DBaaS services, objects and other Stateful storage above. Now I want to highlight the synergy of Kubernetes with other platform services in the context of machine learning and big data processing. With it, you can get the power for training neural networks, efficiently use resources and carry out all calculations within the cluster. Kubernetes, in general, is great for Data Science and working with big data; it is easier for analysts to build pipelines for working with Big Data to use data to automate decision-making and other tasks.
Kubernetes allows you to quickly get as much machine learning infrastructure as you need it. Autoscaling enables the cluster to respond rapidly to increased load. Machine learning sometimes requires a lot of power – autoscaling makes it possible to get them when you need them immediately and turn them off as soon as they become unnecessary.
In addition, there are a vast number of machine learning solutions sharpened for Kubernetes, for example, Kubeflow – they can also be used with K8s aaS, launching it yourself.
Thinking Kubernetes Is Secure Out Of The Box
You cannot think that the cluster, applications and data are automatically protected if the default settings are left.
They are faced with the fact that the client’s security service is not guided by Kubernetes and does not consider that this is the same part of the infrastructure as everything else. Administrators do not think about security, and information security is sure that antivirus is enough. Kubernetes, in its default configuration, creates a security hole. So, due to unpatched vulnerabilities, a miner once entered the cluster of developers of the video player JW Player and used it to extract cryptocurrency.
The problem is solved through the implementation of DevOps when all company departments begin to use the same tools to achieve common goals. It is necessary to include an information security service in the DevOps process, organize DevSecOps processes, and automated security control when security personnel implement information security control tools in pipelines.
Basic security practices:
- Pod Security Policy,
- network policies,
- user authorization,
- limitation of privileges.
Implement Kubernetes At Any Cost, Even When You Don’t Need It
Not every large development company needs Kubernetes. It is shown when development is ongoing; it is planned to support new releases, you need to fulfill the requirements dictated by HighLoad.
If the development project is small, the introduction of Kubernetes will only lead to the need to deploy a cumbersome architecture just for the sake of making simple code work. If you are implementing Kubernetes, evaluate which projects the company needs and will benefit from.