Looking to land a new IT job? Move your resume to the top of the list by avoiding these three common pitfalls
Kubernetes architecture for beginners
Getting started with Kubernetes? Check out this quick primer on Kubernetes architecture basics and key facts to know at the outset
Size up important platform and security choices
With that in mind, there are some key design choices you’ll need to make. A basic one: Will you run a separate cluster for each of your applications in Kubernetes, or manage multiple apps in the same cluster? Both are possible; Jerbi from Aqua Security notes that this is one of the key architectural considerations, and as usual it comes with some pros and cons.
“The multi-tenant model is slightly more complex and usually uses K8s Namespaces to create administrative separation between applications, but it is more efficient in terms of resource utilization,” Jerbi says. “On the other hand, if your applications are large-scale on their own and don’t have much in common, it’s simpler – especially for beginners – to set up separate clusters.”
The latter can be particularly true if you’re using a commercial or managed Kubernetes service, Jerbi adds, and also can enable you to better tailor resource and security needs to specific applications.
[ Read also: OpenShift and Kubernetes: What’s the difference? ]
Manville from Kasten points out that even if you opt for a commercial platform running on top of the open source Kubernetes project to reduce day-to-day administrative effort, it still behooves you to be knowledgeable about the underlying system.
“Taking that approach does not let them off the hook for understanding Kubernetes and its capabilities,” Manville says.
Security is another area where you’ll need to make some critical decisions.
“Security itself presents an interesting learning curve for Kubernetes,” Manville says. “The platform supports a lot of native controls, but they’re not necessarily enabled securely by default, and they’re not easy to get right.”
[ Related read: 6 Kubernetes security questions, answered. ]
As you get up to speed and scale, remember that Kubernetes is “extensible” and “pluggable.” This gets back to that array of choices: This is not a one-size-fits-all tool.
“When I was starting out, it took me a while to realize that Kubernetes is very pluggable,” says Lachhman from Harness. “If you disagree with an opinion or implementation inside the Kubernetes platform, most items can be replaced. For example, not liking how Kubernetes handles Ingress? You can swap out to another provider [such as] Istio or Traefik.”
A comparison point: Kubernetes vs. cloud computing
Manville offers an interesting point of reference for thinking about Kubernetes in the abstract: the cloud itself. The short version: It’s both similar and different.
“In terms of what it’s similar to and different from, the cloud provides an interesting comparison,” Manville says. “Kubernetes is like the cloud in providing abstractions and primitives for programmatically provisioning infrastructure functions, but Kubernetes is different from the cloud in that it goes beyond just infrastructure and has an extensible object/resource model for workloads – these are standardized objects like Deployments and Pods that also specify how applications interface with each other.”
This is yet another layer of that dizzying menu of choices. It’s a good thing in the big picture, including for improved security, but potentially daunting at first.
“This difference allows developers to be very prescriptive about that workload functionality, which in turn enables significant controls and security policies to be instrumented,” Manville says. “Developers can use those capabilities to ensure greater workload security earlier in the lifecycle, but they also need to be aware that the configurations required to secure an environment are not always obvious.”
Related Kubernetes resources
Want more on all things Kubernetes? Get The Enterprisers Project’s deep dive into everything you need to know. Then check out these eBooks, articles, and webinars for even more learning on Kubernetes, and share them with your team:
eBook: O'Reilly: Kubernetes patterns for designing cloud-native apps
Kubernetes glossary cheat sheet: 10 key concepts in plain English
Containers primer: Learn the lingo of Linux containers
- Kubernetes Documentation (Official Kubernetes site)
- Kubernetes Architecture 101 (Aqua Security)
- Kubernetes Design and Architecture (Kubernetes Github)