Join us
@gpetrousov ・ Oct 24,2022 ・ 6 min read ・ 1137 views
Here’s what I learned
loki
: OSS logging toolmizu
:(https://getmizu.io) API traffic viewer for Kubernetesk8sGitOps
: FluxCD and ArgoCD are the two major onesTekton
: CI toolk9s
: CLI tool for accessing and managing k8s resourceskaniko
: a tool to build docker images on k8s clusterkustomize
: a configuration management tool which allows you to dynamically generate k8s manifestsbat
: cat with syntax highlightkns
: a quick k8s Namespase switcher
At the conference, I interfaced with several people to gather their opinion on multi-cluster kubernetes
management and federation tools. They all seemed to agree that the choice on whether to use such a tool or not boils down to the requirements of your business. For example, you might choose to have multiple “self-managed” clusters per team or product or departments. However, you might also might want to manage all these clusters centrally from a management cluster, this is where federation and provisioning tools come into play.
There are various tools that fall into the k8s
management domain. Some management tools come as SaaS
, like in the case of Rancher
or Spectro Cloud
, while others are self-hosted like Crossplane
from Upbound
. In the end all of these tools achieve the same thing. One tool that stood out the most in my conversations was Crossplane
which on top of trying to create and manage k8s
clusters, also tries also to abstract hyperscaler infrastructure provisioning, such as AWS RDS, somewhat overlapping with IaC
tools such as Terraform
.
At CD2022, I had the opportunity to learn about Kubernetes Operators
, what they are, how to implement them and how to share them or find the ones that already exist.
What are Kubernetes operators?
Operators allow an engineer to extend the functionality of the base Kubernetes
platform with custom functionality. That functionality can be anything you can think of that can be implemented in code. When you create an operator, you define its API (CRD
) and acceptable values for that APIs’ parameters. Once created and installed on your k8s
cluster, you can create a resource for your operator using the kubectl
utility. Your resource will trigger your Operator’s code which in turn implements a functionality.
How to find existing operators?
The place to share and find Kubernetes
operators is https://operatorhub.io. There you can find existing operators, which other people, or companies, share, or add the one you created. Some popular operators include the ones that abstract the creation of Elasticsearch
, Keycloak
or Grafana
. Think of them as your Terraform
modules for your Kubernetes
cluster.
CDK
allows you to define AWS
infrastructure using commonly used programming languages, such as Python
or Javascript
. On top of that, it provides you the ability to transpile
code from one language to another, which can bridge the communication between people with different opinions. However, it’s important to note that AWS CDK
does not invoke the AWS API
directly, like Terraform
does. Instead, it creates CloudFormation
templates which in turn create the defined infrastructure. Essentially, one could think of CDK
as a generator.
Managing storage or DBs on Kubernetes clusters has always been a challenge. Portworx
has created a product which abstracts the management of storage on Kubernetes
. At CD2022 I had the opportunity to get a walkthrough on what Portworx
is at it’s core. Essentially, Portworx provides a Kubernetes
operator which extends the platform with Custom Resource Definitions
(CRDs). These CRD
allow the developer to define the type and size of storage they require. In turn the operator creates the necessary PVs and PVCs to satisfy the requirements. On top of that, portworx
provides the ability to take snapshots and backups.
Launch Darkly
is a SaaS
which allows you to implement feature toggles which allow you to enable or disable some functionality. At CD2022 I had the opportunity to talk with one of the engineers and found out how LD works with a high overview. In essence, LD provides the developer with a library to include in their code. This library talks with LD’s feature toggle panel and gets the state (toggles) of the features. When a feature is toggled, the code from the library returns a string which tells the app that the feature has been turned on. It is then up to the app to interpret the feature toggle with additional functionality.
I joined a talk from Nicolas Vermande who showed us that Kubernetes operators
extract a lot of the responsibility of managing and maintaining the availability of a database from the engineer. Simply put, if you plan on running a database or a stateful workload on kuberntes
make sure there’s an operator for it which can handle all the responsibility of maintaining and upgrading that application.
An interesting concept was presented at CD22 where the authors claim that operators
and CRD
are a glue logic between our k8s
clusters and SaaS
providers. Apart from not being scalable on multiple clusters, they’re hard to trust and add unnecessary complexity. Instead of using operators
the authors presented a possible future implementation (in Kubernetes
) in which the only thing an engineer has to manage is an API resource. The resource will create and provide a URL for the SaaS
service which will be exposed and consumed by the apps running on k8s
. Essentially, the authors propose the operator logic/code to be deployed, executed and managed on the SaaS
provider and the only thing that the engineer will have to manage is the API connection resource thus simplifying the scalability of operators
and CRD
on multiple clusters.
More than often organizations, especially large enterprises, have difficulty trusting the underlying infrastructure on top of which workloads are executed. Thus adoption of public clouds stagnates. In this case, the author presented 3 possible solutions which can alleviate that anti-trust. The solutions includes the usage MarbleRun
, a tool which leverages Intels’ SGX
technology to execute the k8s ControlPlane
in a trusted environment. Not only that, the author introduced Constellation
, a tool which allows you to secure not only the Control Plane
but also the workloads which run on top of k8s
. The aforementioned tools can be used with a lift-and-shift strategy.
Takeaways
Contaner Days 2022
is a decent international conference and I feel that I did get in touch with current and some future developments in the space on containerized workloads.
Hamburg
is the 2nd largest city (by population) in Germany and has a great public transport with lots of options for car, bike and step sharing. There are plenty of things to do during the day and night. Check out the U-boat museum, a real 1970 Russian submarine, if you’re around.
Crossplane
from Upbound
was a highly praised tool which attempts to abstract infrastructure provisioning from the engineer and make things as seamless as possible. It’s probably the tool I’m going to be exploring next.
Thanks for reading!
Join other developers and claim your FAUN account now!
PetrouSoft - a Hacker's mindset company
@gpetrousovInfluence
Total Hits
Posts
Only registered users can post comments. Please, login or signup.