Kubernetes Second Day Operations: Ensuring Smooth Sailing

 
 

Kubernetes – also known as k8s or “kube” – is often associated with container-based workloads and cloud-native software development. Fittingly, the name Kubernetes derives from the Greek word for the helmsman of a ship.

Kubernetes is currently dominating the container orchestration market, and the hype shows no signs of cooling down.

Is your organization also considering Kubernetes? If you’re wondering whether Kubernetes is the right fit for you, check out this earlier Polar Squad blog post.

If you are sure that Kubernetes is what you want, keep on reading. This post is a quick primer to ensure your organization’s production readiness with Azure Kubernetes Service – Microsoft’s managed offering for Kubernetes.

With AKS, Microsoft takes care of the underlying infrastructure, providing you with the servers hosting all the workloads, as well as offering you security updates, networking, and support.

Day-0, Day-1, and Day-2

All software cycles follow three chronological steps. They are called Day-0, Day-1, and Day 2 – but none of these steps last just one day.

Day-0 is the time period when you decide on requirements, architecture, and design.

Day-1 means all the time you spend on determining installation setup and configuration.

Day-2 – also called Second Day Operations – refers to absolutely everything that comes after Days 0 and 1. In short, Day-2 means running your software and ensuring that it operates and delivers the outcomes you want.

If you wish to ensure smooth sailing during Kubernetes Second Day Operations, don’t rush into it. It is very easy to leave things undone on Day-0 and Day-1. But if you do, you’ll regret it later.

Before advancing to Day-2, you need to meticulously consider architecture, network traffic and information security, as well as visibility and monitoring. And once you reach Second Day Operations, you’ll need a solid strategy for conducting regular updates and maintenance. What does all this entail? Keep on reading and we’ll explain.

Architecture - leave yourself room to grow

Kubernetes is first and foremost an orchestrator. It is not a service. It is not a ready platform either, but you can make it into one.

Take time to design and test your architecture. You need to make sure your architectural decisions do not limit your abilities to scale up and scale out as the user loads increase.

In all likelihood, you won't have the need to go hyperscale from day one. But hey, you never know how much you might grow, so it might be a good idea to leave a few loose ends on your architecture so you can scale whenever you need.

You’ll also want to keep things cost-optimized. AKS offers multiple approaches for managing scale while staying cost-effective; node pools are very efficient in managing workloads and making sure they have the resources available. Spot nodes are a low-cost way of managing background workloads such as batch processing, that can tolerate termination.

Network traffic and information security – make sure you know what you’ll need

How much network traffic are you expecting? What will the portion of customer-facing traffic be? We recommend you do your capacity calculations diligently at an early stage. Trust us, it will save you a lot of work later – it’s always easier to research and plan first than it is to backtrack your steps to fix things.

Security should never be an afterthought. It’s critical to build and develop your application to remain secure throughout the software development lifecycle. Once your services hit the “Day 2” mark, serving the application to users often means that you face completely new dimensions, challenges, and considerations to remaining secure.

A lot goes into network traffic and information. One of the key things that you need to ensure is setting network policies that explicitly state which traffic is permitted. Protect your Kubernetes environment by placing guardrails such as security policies to secure the network, applications, cloud infrastructure, and container images.

Visibility and monitoring – focus on the metrics that matter

When you have services that are live and being consumed by users, you need to make sure you have enough telemetry and metrics at your disposal to guide you when your systems fail. Because make no mistake, issues will come up sooner or later – and that’s when you’ll need visibility to identify problems.

Azure Monitor has a great feature set for gathering insights and metrics from your AKS clusters. Focus on the metrics that matter. Business case metrics are superior to the CPU load of an individual Kubernetes node.

Updates and maintenance – you’ll need staff and skills

A common myth relating to Kubernetes is that it will leave your support staff jobless. In reality, the demand for support skills only increases once you reach Day 2.

As an open-source technology, Kubernetes releases monthly updates, and you’ll need to regularly apply them into production clusters. You need to have a solid strategy for upgrading Kubernetes features and patching security vulnerabilities securely and frequently. Needless to say, it’s best to conduct updates often and in small increments.

One of the key benefits of using a managed offering for Kubernetes – such as AKS – is the fact that Microsoft provides security updates to your cluster on a daily basis. However, it is up to the customer (read: you) to schedule the updates and make sure your workloads can tolerate the update process.

Don’t underestimate the skills required to maintain Kubernetes infrastructure. Identify your current competence level realistically and keep an open mind to patching gaps in your knowledge.

Conclusion – make smart decisions early on, don’t underestimate the workload

Kubernetes is not rocket science, but you shouldn’t underestimate the amount of work needed during the design and deployment phases, and even after you reach Day-2.

With Kubernetes, Second Day Operations are hugely influenced by the choices you make during Day 0 and Day 1. Take the time to make good decisions.

Want some expert insights or help with Kubernetes and AKS?
We’d love to hear from you – contact us at hello@polarsquad.com or +358 40 177 1719.

Polar Squad