You're likely to encounter some of these characters on your digital transformation journey. Here's who to be on the look out for, and how to work more productively with them.
Kubernetes: 6 secrets of successful teams
Kubernetes will manage container and application complexity for you, but do you know how to play your part? Here are six significant things that high-performing teams do when successfully running Kubernetes in production
4. They focus on resilience and ferret out weak spots
Successful teams running Kubernetes in production don’t wait for failure and downtime; they plan for it. In fact, some teams actively seek it out. As a starting point, though, consider testing as one of the crucial areas for automation.
“Successful teams automate and test everything using declarative code and dynamically generated configuration specifications,” Dresden says. “Aside from necessary human approvals to authorize a change, all actions should be managed by test-driven, semantically versioned code in source control.”
To take it to the next level, you actually need to instigate failure rather than wait for it to occur. Some call this chaos engineering, a testing discipline made famous in IT circles by Netflix.
“Smart teams also constantly test their environment for resiliency using chaos-engineering techniques,” Dresden says. “Build unexpected downtime into all aspects of your service’s availability, budget for it, and practice it often. Site reliability engineers (SREs) have tools to randomize failures throughout the cluster, network, and cloud availability zones."
5. They don’t treat Kubernetes as a tool for every job
Given Kubernetes’ ascendant popularity, it might be easy to assume successful teams use it everywhere and for everything. Not so. Instead, they ask: Do we need it here? When the answer is “not really,” they act accordingly. Application fit matters. You’ll find some expert advice on evaluating that fit here.
“Kubernetes is, of course, a powerful platform – providing a system for deploying, managing, and scaling microservices. But while Kubernetes is powerful, it’s also overkill for many workloads,” says Jonathan LaCour, CTO at Mission. “Before diving headlong into Kubernetes, consider your requirements carefully to ensure that you are adopting Kubernetes for the right reasons. If you have a simple workload, choose a simpler path.”
Jana from AllCloud notes one example in an application fit context: While you can containerize a monolith, that isn’t necessarily the best idea.
“To fully utilize Kubernetes’ capabilities, you need to refactor in most cases your monolith or semi-microservice to become a real microservice, [guided by] the 12-factor [methodology],” Jana says. “This will make sure your application is running as smoothly as it can on Kubernetes and you can scale quickly and avoid bad practices.”
6. They take security seriously
The Kubernetes community has shown a strong commitment to security, and that’s a great thing. There are also a wealth of resources and tools already available that focus on Kubernetes and cloud-native security needs.
That said, Kubernetes does bring with it new risks. These can be mitigated, but only if you’re paying attention and implementing best practices – another characteristic of successful teams.
“Security is of utmost importance,” says Deo from CloudBolt. He points to native Kubernetes features such as role-based access control (RBAC) and the general security practice of identity and access management (IAM) as key examples. Check out the 4 strategic tips for Kubernetes security we’ve shared previously, as well as 5 mistakes to avoid.
Benjy Portnoy, director, DevSecOps at Aqua Security, says that successful Kubernetes work depends on a team that embraces the importance of security regardless of role or job title. You might have guessed it from the job title, but Portnoy is a proponent of DevSecOps culture too.
“DevSecOps can help foster collaboration so that security becomes an essential part of both the application lifecycle as well as the infrastructure security,” Portnoy says. “The complexity of Kubernetes deployments and potentially insecure default settings can have an adverse impact on security management and visibility, while traditional security tools, processes, and procedures can be perceived as a hindrance when not automated and embedded into the application lifecycle early on.”
Portnoy recommends the Center of Internet Security’s (CIS) Kubernetes Benchmark as a resource for ensuring your cluster is securely configured. Aqua also offers an open source tool, kube-bench, to check your cluster against CIS’s best practices. No matter the tools and tactics you choose, security vigilance is a key ingredient to Kubernetes and cloud-native success.
“Organizations should continuously monitor Kubernetes deployments for vulnerabilities and security risks while pursuing a shared responsibility model between security and DevOps teams,” Portnoy says.
[ Want to learn more about building and deploying Operators? Get the free eBook: O'Reilly: Kubernetes Operators: Automating the Container Orchestration Platform. ]