Kubernetes architecture for beginners

Kubernetes architecture for beginners

Getting started with Kubernetes? Check out this quick primer on Kubernetes architecture basics and key facts to know at the outset

up
89 readers like this
Kubernetes architecture for beginners

Size up important platform and security choices

Will you run a separate cluster for each of your applications in Kubernetes, or manage multiple apps in the same cluster?

With that in mind, there are some key design choices you’ll need to make. A basic one: Will you run a separate cluster for each of your applications in Kubernetes, or manage multiple apps in the same cluster? Both are possible; Jerbi from Aqua Security notes that this is one of the key architectural considerations, and as usual it comes with some pros and cons.

“The multi-tenant model is slightly more complex and usually uses K8s Namespaces to create administrative separation between applications, but it is more efficient in terms of resource utilization,” Jerbi says. “On the other hand, if your applications are large-scale on their own and don’t have much in common, it’s simpler – especially for beginners – to set up separate clusters.”

The latter can be particularly true if you’re using a commercial or managed Kubernetes service, Jerbi adds, and also can enable you to better tailor resource and security needs to specific applications.

[ Read also: OpenShift and Kubernetes: What’s the difference? ]

Manville from Kasten points out that even if you opt for a commercial platform running on top of the open source Kubernetes project to reduce day-to-day administrative effort, it still behooves you to be knowledgeable about the underlying system.

“Taking that approach does not let them off the hook for understanding Kubernetes and its capabilities,” Manville says.

Security is another area where you’ll need to make some critical decisions.

“Security itself presents an interesting learning curve for Kubernetes,” Manville says. “The platform supports a lot of native controls, but they’re not necessarily enabled securely by default, and they’re not easy to get right.”

[ Related read: 6 Kubernetes security questions, answered. ]

As you get up to speed and scale, remember that Kubernetes is “extensible” and “pluggable.” This gets back to that array of choices: This is not a one-size-fits-all tool.

As you get up to speed and scale, remember that Kubernetes is "extensible" and "pluggable." 

“When I was starting out, it took me a while to realize that Kubernetes is very pluggable,” says Lachhman from Harness. “If you disagree with an opinion or implementation inside the Kubernetes platform, most items can be replaced. For example, not liking how Kubernetes handles Ingress? You can swap out to another provider [such as] Istio or Traefik.”

A comparison point: Kubernetes vs. cloud computing

Manville offers an interesting point of reference for thinking about Kubernetes in the abstract: the cloud itself. The short version: It’s both similar and different. 

“In terms of what it’s similar to and different from, the cloud provides an interesting comparison,” Manville says. “Kubernetes is like the cloud in providing abstractions and primitives for programmatically provisioning infrastructure functions, but Kubernetes is different from the cloud in that it goes beyond just infrastructure and has an extensible object/resource model for workloads – these are standardized objects like Deployments and Pods that also specify how applications interface with each other.”

This is yet another layer of that dizzying menu of choices. It’s a good thing in the big picture, including for improved security, but potentially daunting at first.

“This difference allows developers to be very prescriptive about that workload functionality, which in turn enables significant controls and security policies to be instrumented,” Manville says. “Developers can use those capabilities to ensure greater workload security earlier in the lifecycle, but they also need to be aware that the configurations required to secure an environment are not always obvious.”

Related Kubernetes resources

Want more on all things Kubernetes? Get The Enterprisers Project’s deep dive into everything you need to know. Then check out these eBooks, articles, and webinars for even more learning on Kubernetes, and share them with your team:

Webinar: Kubernetes 101: An introduction to containers, Kubernetes and OpenShift

eBook: Getting Started with Kubernetes

eBook: O'Reilly: Kubernetes Operators: Automating the Container Orchestration Platform

eBook: O'Reilly: Kubernetes patterns for designing cloud-native apps

Kubernetes glossary cheat sheet:  10 key concepts in plain English

Containers primer: Learn the lingo of Linux containers 

Pages

I love your articles, but why

I love your articles, but why do you split your articles apart like this? It makes no sense. You don't appear to serve ads, so what good is this doing you? It's a bad experience for me as a reader.

Pages

7 New CIO Rules of Road

CIOs: We welcome you to join the conversation

Related Topics

Submitted By Kassie Rangel
September 25, 2020

Looking to land a new IT job? Move your resume to the top of the list by avoiding these three common pitfalls

Submitted By Kevin Casey
September 24, 2020

Many organizations are moving security as close to the start of the software development lifecycle or CI/CD pipeline as possible. Containerization and orchestration can help with security and compliance as you make that shift.

Submitted By Stephanie Overby
September 24, 2020

Are you considering whether to make a career move – or well on your way to exploring new job options? These TED Talks offer career shifting advice from a diverse group of experts.

x

Email Capture

Keep up with the latest thoughts, strategies, and insights from CIOs & IT leaders.