By Twain Taylor (@twaintaylor)
Kubernetes has set new benchmarks and standards for transforming the entire application development and deployment process, across on-prem as well as cloud-based infrastructure. It enables new levels of portability and scalability, and high availability. The adoption of Kubernetes and its ecosystem has been in rapid growth for several years.
Stats about container adoption vary widely from as low as 38% to as high as 87%. Yet, across the board, there is consensus that container adoption – and along with it, the adoption of Kubernetes – is accelerating every year. What’s interesting is that many organizations choose to run more than one cloud platform. Gartner comments that large organizations will pursue a multicloud strategy “to avoid vendor lock-in or to take advantage of best-of-breed solutions.”
Organizations that find themselves in this new world of multiple-container platforms face new challenges because of the inherent complexity of multicloud. Going the multicloud way requires a deliberate implementation strategy.
Paradox of choice
As a governing body, the CNCF (Cloud-Native Computing Foundation) has managed to encourage growth and maturity across the Kubernetes ecosystem.
A large number of open-source frameworks, as well as commercial platforms, support Kubernetes and are doing their best to follow common protocols for interoperability. However, because of the varied options and overlapping functionality, it is a challenge to select the right set of tools and ensure a good fit for your existing stack.
Even once selected, it is a laborious process to ensure these tools are regularly updated and remain secure and compatible on every cloud platform in use. Ops and SRE teams have valid concerns about what gets rolled out with every update.
Factors to consider
Ops teams are responsible for the creation and provisioning of environments for teams across multiple cloud platforms. Dev, staging, and production environments need to be created quickly to encourage developer productivity, and at the same time, not compromise security. Building in automation is key to enabling faster and more consistent creation and management of environments across clouds. Tools like Weave Kubernetes Platform can help with consistent environments across datacenters and clouds.
CI/CD pipelines and GitOps
Every major cloud vendor offers its version of a CI/CD pipeline – whether it’s a proprietary one like Code Pipeline, or an open source one like Spinnaker or Helm. What this points to is that pipelines especially GitOps-enabled pipelines that provide an abstraction layer on top of the cluster are the way to go if you want to automate and scale cloud operations. This is especially true in the case of multicloud scenarios.
Monitoring & security
Monitoring tools are essential for deep visibility into the performance of apps that are deployed across multiple cloud environments. Though running on distributed clusters, reporting needs to be unified. Powerful open source tools like Prometheus have risen to the occasion and become the de facto standard for Kubernetes monitoring.
The ELK stack can also be used to proactively monitor log data. On top of reporting tools, there is a need for tools with mature alerting capabilities that can route alerts to specific people, at the right time, and in the right way.
Along with visibility, security should equally be consistent across cloud platforms. If security depends on the manual review of a person, it is bound to fail. Security that scales should be abstracted from individual cloud platforms in terms of goals and policies, and yet it should take into account the nuances of each platform to secure day-to-day operations.
The DevOps balance
Developers look for fast operations, short time to deployments, and little overhead from Ops teams. They want the freedom to choose their favorite development tools even if they’re different from the rest of the team.
Developers hope and wish the code they write will work consistently across staging and production environments. However, they would rather spend time writing more code than troubleshooting code quality issues downstream. While developers would enjoy the flexibility and power of having multiple cloud platforms to run their code on, they’d much rather leave the ‘running’ part of it to Ops.
Ops teams, on the other hand, have a completely different set of priorities. The top concern being security, Ops teams want every deployment to be free of vulnerabilities and fully compliant with established security policies.
Ops teams want to have control over what gets rolled out to production and have the power to rollback faulty changes. Coming from the world of proprietary hardware and software licensing, Ops teams know full well the dangers of vendor lock-in, and they look to avoid it at all costs using a multi-cloud strategy.
Finally, with ever-increasing demands to reduce IT expenses, Ops teams see the cloud as a way to meet the organization’s needs while staying within budget.
GitOps for Kubernetes automation
GitOps, first described by Weaveworks as ‘Operations by pull request,’ puts Git repositories at center stage. It takes a declarative approach to application development. GitOps is about using Git repositories not just for code versioning, but also for configuration, peer reviews, and deployments with built-in rollbacks and auditing. The benefits of GitOps are many.
Familiar Git environment
GitOps allows developers to make pull requests to spin up new clusters or make changes to an application running on a cluster. This is as simple as committing code, and doesn’t require any new learning on the part of developers. Yet, once committed, the code can be deployed to multiple cloud targets.
Reliable and verifiable changes
A centralized Git-based repository acts as the source of truth. In case of a container meltdown, you get stable and reproducible rollbacks, while drastically reducing the overall Mean Time To Recover (MTTR). This is quite a feat when it involves multiple cloud-based clusters. An audit trail of commits helps identify what changes were made by each user at each phase of the application’s evolution.
Standardization that leads to productivity
GitOps helps build automated CI/CD pipelines that begin with a code commit, proceed to automated build and testing, and end with automated deployment of code that passes all checks. Environments in the form of repositories are created and destroyed with consistency and predictability. The continuous feedback loops bring better quality control across the pipeline. This is vital to manage the complexity of a multi-cloud setup.
Stronger security guarantees
GitOps based deployment pipelines are more secure than the traditional CI/CD pipelines. Traditional CI/CD tools require that the API credentials of the Kubernetes cluster be shared with the tool. With GitOps, a reconciliation operator placed in the cluster takes care of reconciling state between manifest files and the cluster. This approach doesn’t require credentials to leave the cluster.
The risk of no strategy
As it becomes more complex to run and operate applications on multiple cloud platforms, having a deliberate multi-cloud implementation strategy is necessary. Expanding to multi-cloud without a strategy would lead to infrastructure sprawl. While avoiding vendor lock-in is the primary reason to go the multicloud way, lack of planning can lead to insecurity and instability.
GitOps is the way to enjoy the best of breed services that cloud vendors offer. It streamlines and automates processes across multiple cloud platforms. Yet, it does this with a familiarity that is unparalleled. It’s clear that GitOps is the way to realize the promise of multicloud.
Have questions on how to create a cloud native platform?
The Weaveworks team can help you navigate the vast landscape of cloud native technologies – OSS and paid. Together we can create a cloud native reference architecture that fits your business needs. You can benefit from a Weaveworks’ validated design or you can design, review and select technology options with our expertise.