For the many organizations who uttered the fatal words ‘it’s Kubernetes, how hard can it be?’. This blog is for you. Because, as it turns out, doing Kubernetes properly is both complicated and time consuming. The sooner we stop trying to work against Kube and start working with it, the better off we will all be.
Before we get into the nuts and bolts, it’s worth taking a step back and remembering why we’re all doing this... the goal of anyone deploying Kubernetes is to create a technically and economically sustainable process for users to deliver highly reliable and responsive cloud native applications. The focus should be on creating a service framework for users, not on Kubernetes itself, which is where it’s going wrong.
If you’re jumping on the Kubernetes bandwagon, you’ve got to think about 4 things:
- Where are you going to host?
- How are you going to manage the Kube environment?
- How are you going to secure, protect and govern your environment?
- How are your end users going to consume it?
And there are lots of options - for example
From a hosting perspective, you can host on prem or use a cloud IaaS provider like Google or AWS.
From a Kubernetes management perspective, you can manage it yourself, outsource to an MSP or use a third-party vendor.
Kubernetes Security and Governance
From a security and governance perspective, you’ve got to figure out whether you’re going to try and configure Kubernetes RBAC, authentication etc manually or use a third-party platform to help solve the problem.
And, from a consumption perspective, you’ve got to decide if a Kubernetes UI is right for your team, or in fact whether you’re going to give them any tools at all (and instead integrate Kubernetes directly with a CI/CD environment).
There’s a lot to think about. But come back to the beginning for a moment. The goal here is not to build a monster for the sake of it, the goal is to build a long-term sustainable service framework for end users and staying focused on that.
The whole DIY strategy (self-host, self-manage) is the domain of the early adopter, or the incredibly well funded, and there are a few organizations that have done it successfully, but it’s typically taken them years to get it right and cost millions. It demands the brightest minds and very deep pockets and it’s definitely not the preferred mainstream option.
At the other end of the continuum you’ve got the cloud provider ‘Kubernetes as a Service’ offerings from cloud providers, which makes sense as it eliminates the need for deep on-staff expertise and allows you to focus on what matters.
And then there’s a bunch of hybrid options in between whereby the cloud providers will manage your on-prem environment for you or you can employ a third-party vendor to provide a complete end to end managed solution for you.
It’s worth noting that although third-party vendors purport to sell you an a-la-carte solution, in reality they only really offer a fully managed service, which might be ok–if you’ve got deep pockets and don’t mind being locked-in to a single vendor solution.
But.... and there is a big but in the middle of all this. At the end of the day, regardless of which option(s) you choose, do you actually get a sustainable service framework, or are you still left with gaps?
Our experience is that even when you buy Kubernetes as a service from one of the cloud providers you still don’t get ‘containers as a service’. There’s still a gap in terms of governance and interaction, which is exactly where Portainer plays.
Portainer is the difference between having Kubernetes running somewhere/anywhere and having a sustainable containers-as-a-service delivery framework. The need for Portainer exists in all 4 quadrants
The role it plays in each quadrant is essentially the same. It provides:
- The security and governance framework that ensures users can only do what they’re permitted to do (via Kubernetes RBAC)
- It provides a super-simple Kubernetes GUI for end users to use and deploy their apps without having to worry about the underlying platform
- It provides an API (Kube or Docker API Proxy) to allow third party tools (including CI/CD tools to connect through).
Overall, we see a shakedown happening where, as the industry matures, the move to Kubernetes as a service will probably win out. But, remember, unless you’ve got Portainer running in your cloud environment, you still don’t have containers as a service, which is what this game is ultimately all about.
See for yourself, with a demo or free trial
Let us introduce you to a world of fast and easy app deployment, governance, and management in Docker/Swarm, Kubernetes or Nomad. Book a live demo to see how Portainer Business helps to make Engineering and DevOps teams more accurate and efficient in container management.