Guest post originally published on the Fairwinds blog by Kendall Miller
Kubernetes as a technology gives organizations the ability to run containerized applications at scale across different cloud infrastructures and distributions. What it can’t do (yet) is centrally manage a wide expanse of clusters out of the box in a compliant and reliable manner. This reality makes it difficult to deliver governance and standardization across different clusters, not to mention it stifles innovation. But as the expanse of new clusters continues to grow, finding new ways to streamline multi-cluster management will become the gold ring of cloud success.
Effective multi-cluster management means reducing two things—redundant efforts and operational overhead. It also involves establishing the right framework to evolve your existing governance model to reduce overhead and redundant efforts in cross-cluster life cycle management. But if you’re operating in an enterprise environment with a growing number of clusters, all being managed independently with little uniformity, the complexity of streamlining this management process can become a huge barrier to business success.
As the number of Kubernetes clusters grows, practitioners are forced to spend more and more time with management and less time being productive. What they need is a way to centrally view, manage and consolidate disparate clusters as they are discovered so resources can be properly optimized and issues handled without losing valuable time.
Steps to Streamlining Clusters
If teams at your organization are struggling with multi-cluster Kubernetes, don’t panic—you’re not alone. Here are three basic steps you can take right now to reduce the time and resources spent on managing many clusters at once.
1. Adopt zero-trust methods. This security model assumes all systems, services and users in and between networks are not automatically trusted and granted access. Kubernetes includes all the hooks needed to implement this level of control access to each cluster in your fleet, drawing on technologies such as authentication, authorization, encryption and configuration validation. Applying zero-trust principles to your Kubernetes environment means controlling access to the API server, the core of the Kubernetes control plane for each cluster. Because API calls are used to query objects like namespaces, pods and configuration maps, controlling access to API use is key to securing your workloads—and achieving Kubernetes zero trust.
Zero trust best practices allow organizations to create a secure environment, one where all individual elements are correctly configured and aligned. When this security model is enforced across a multi-cluster environment, it is possible to operate many clusters at scale—and with less risk.
2. Enable multi-cluster deployment. In multi-cloud, multi-cluster Kubernetes environments, frequent application and infrastructure updates are the norm. Teams often need to deploy to multiple Kubernetes clusters at the same time, making it nearly impossible to avoid drift, which are inconsistencies between clusters and misconfigurations that usually result in downtime or worse.
Because GitOps can help solve these challenges by bringing familiar tools to infrastructure management and continuous deployment (CD), it is often used by organizations looking for better overall standardization, security and productivity. When changes are made to the repository, code is rolled back from your cluster to automate deployments quickly and reliably. Even though GitOps workflows can be implemented using standard Git tools, additional tooling will be necessary to enjoy the full benefits, including the ability to confirm maintenance of the desired state.
Reactive or short term adjustments can get lost in a sea of clusters. Here are some tools that help spot unintended deviations in your fleet.
- Fairwinds Polaris provides a dashboard view of in-cluster workloads and how they relate to best practices.
- Fairwinds Goldilocks helps get your Pod resource requests and limits “just right” by using vertical-pod-autoscaler in recommendation mode, visualized in a dashboard.
- Fairwinds RBAC Lookup is a command-line tool that eases finding the roles attached to users, groups, or ServiceAccounts that authenticate to Kubernetes.
3. Simplify life cycle management. As we know, Kubernetes environments grow over time, with many cloud services, such as Amazon EKS and Azure AKS, providing helpful coverage. Although similar at the core, all these types of Kubernetes have different management tools, which means deploying and updating clusters in each environment can look quite different.
The best solution here is to standardize the organization around a single type of Kubernetes, one that can perform life cycle management for the whole fleet. That said, this goal is hard to meet because there are so few existing tools that cover both the popular Kubernetes distributions and cloud services. The best practice to simplify life cycle management is to find a SaaS service provider that allows users to deploy, manage and upgrade all clusters from a single pane of glass, a dashboard that improves visibility, reliability and consistency.
Organizations today need multiple tools installed and configured across clusters to ensure security, resource optimization and reliability checks. Without central visibility into what’s happening, time and resources are wasted. This is why we created Fairwinds Insights, our Kubernetes governance platform. Insights aggregates the results of great open source tools, including the ones described here, into a single view, which allows you to assess and enforce your standards across multiple clusters. Insights uses Polaris and Open Policy Agent to provide central policy management for some or all of your clusters.