The document discusses the key challenges of managing multiple Kubernetes clusters across hybrid multi-cloud environments, including the need for unified operations management, visibility, compliance, policy management, application management, cost efficiencies, collaboration, and self-service capabilities. It introduces Red Hat Advanced Cluster Management as a solution that addresses these challenges through robust multi-cluster lifecycle management, policy-driven governance and compliance, and advanced application lifecycle management.
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
Addressing the 8 Key Pain Points of Kubernetes Cluster Management
1. IT & DATA MANAGEMENT RESEARCH,
INDUSTRY ANALYSIS & CONSULTING
Torsten Volk
Managing Research Director
Enterprise Management Associates
Addressing the
8 Key Pain Points of
Kubernetes Cluster Management
Pete Cruz
Manager, Product and Technical Marketing
Red Hat
3. IT & DATA MANAGEMENT RESEARCH,
INDUSTRY ANALYSIS & CONSULTING
Logistics
An archived version of the event recording will be available
at www.enterprisemanagement.com
• Log questions in the Q+A panel
• Questions will be addressed during the Q+A session of the
event
QUESTIONS
EVENT RECORDING
A PDF of the speaker slides will be distributed
to all attendees
PDF SLIDES
3
4. Addressing the 8 Key Pain
Points of Kubernetes
Cluster Management
5. Agenda
Addressing the 8 Key Pain Points of Kubernetes Cluster Management
5
1
2
3
4
Hybrid Multi-Cloud
Building blocks for
developers Kubernetes
Matches workload
and infrastructure 8 Challenges
Multi cluster
management
challenges and
solutions
EMA Top 3: Red Hat ACM
How ACM addresses
the 8 challenges
Slide #
6. Core Challenge
Multi-Cloud Choice
Chart categorizes 50,000
Kubernetes implementation
challenges from the past 3 months
(data source: StackOverflow.com).
Key Takeaways:
1. Many different perspectives:
a. Cloud Centric
b. Language
7. Hybrid Multi Cloud: Rapid Growth in Complexity
80% complexity
increase
between 2018 (Q2) and
2020 (Q2) based on the
average number of
technologies that are part
of an application stack.
Slide # 7
Data source: stackoverflow.com
9. Hybrid Multi Cloud: The 25 Favorite
Items on the Multi-Cloud Menu Today
Observations
1. Object storage, databases,
and serverless are hot.
2. Azure is hot in DevOps and
AD integration.
3. Google leads the field with
object storage and a mobile
app development framework.
4. The AWS Amplify app
development framework is
the newcomer of the year.
10. Consolidated view
of the previous
slide.
Observations
1. Azure is Windows-
centric
2. Google dominates
machine learning
and analytics
Hybrid Multi Cloud: Different Services Are Popular on Different Clouds
12. Original Vision
One Master to Rule all Nodes
Simple Principle
• Users bring their containerized
applications
• Kubernetes matches applications to
the most suitable nodes.
• There is one central set of
placement and management
policies
Slide # 12
13. In 2014 Kubernetes Was Invented for Unified Control of Distributed Apps
Clippings from the original presentation from Google I/O
Slide # 13
16. Initially we Thought: A Few Clusters Are Fine
But then we found…
Different clouds come with
different APIs and tooling.
Regulatory compliance requires
separate clusters.
Stretching one cluster across
regions is difficult.
Satisfying specific application
requirements is easier by use
separate clusters.
Development and test teams like
to stand up their own clusters.
Slide # 16
17. Reasons for deploying clusters
Red Hat Advanced Cluster Management for Kubernetes
Application
availability
Reduced
latency
Address industry
standards
Geopolitical data
residency guidelines
Disaster
recovery
Edge
deployments
CapEx
cost reduction
Avoid vendor
lock-in
17
18. Azure AWSGoogle
The Harsh Multi Cluster Reality
There is much more to Kubernetes
than container scheduling.
19. Provisioning
Observability & Analytics
Runtime
Orchestration & Management
App Definition & Development
Automation &
Configuration
Key
Management
Security &
Compliance
Container
Registry
App Definition
& Image Build
CI/CD
Streaming &
Messaging
Database
Monitoring Logging Tracing
Chaos
Management
Service Proxy
Remote
Procedure Call
Service Mesh
Scheduling &
Orchestration
Coordination & Service
Discovery
API Gateway
Cloud Native
Storage
Container
Runtime
Cloud Native
Networking
1. Operations Management
Unified management
tools, processes and
staff are the precondition
for operational efficiency.
20. CONFIDENTIAL designator
Managementrequirements
▸ Consistent cluster provisioning
▸ Policy enforcement and governance
across development, test, and
production clusters
▸ Finding/modifying resources
across clusters
▸ Single pane of glass visibility
▸ Deploying and distributing
applications at scale
▸ Auditing and compliance
DevOps Hybrid multicloud
▸ Easy cluster provisioning
▸ Controlling cluster configuration drift
▸ Ensuring app deployment from
development to production
Developer
Build and deploy a container app Develop, test, and produce clusters Clusters deployed across public, private
clouds, edge, in different geographies
Distributed multiclusterMulticluster growthSingle cluster
How do I normalize and centralize key functions across environments?
Multicluster management challenges
20
Red Hat Advanced Cluster Management for Kubernetes
21. 9 Categories, 38 Sub Categories, and 1,450 Cloud Native Products
2. Visibility
End-to-end
visibility
across all
technology
categories
and
subcategories
is crucial.
22. 22
How do I get a simplified understanding of my cluster health and the
impact it may have on my application availability ?
How do I automate provisioning and deprovisioning of my clusters?
How can I manage the life cycle of multiple clusters regardless of
where they reside (on-prem, across public clouds) using a single
control plane?
DevOps/SRE
IT Operations
Multi-Cluster Lifecycle Management
23. 234
• Centrally create, update and
delete Kubernetes clusters
across multiple private and
public clouds
• Search, find and modify any
kubernetes resource across the
entire domain.
• Quickly troubleshoot and
resolve issues across your
federated domain
Unified Multi-Cluster Management
Single Pane for all your Kubernetes Clusters
24. 3. Compliance
Lots of Room for
Inconsistencies
• Event type
• Level of detail
• User type
• Human versus machine processes
• Namespace
• Stages
• Where should logs and policy files be stored
(disk or webhook)?
• Retention policy
• Retry upon failure
• Batch or real time processing
• Log frequency based on API server resource
availability
• Truncating of large logs
• Processing instructions
Unified
audit trail
needs
centralized
cluster
management.
Slide # 24
# Check if request include cost center label.
not input.request.object.metadata.labels.costcenter
msg := "Every resource must have a costcenter label"
}
# Check for appropriate format of cost center name
deny[msg] {
value := input.request.object.metadata.labels.costcenter
not startswith(value, "cccode-")
msg := sprintf("Costcenter code must start with `cccode-`; found
`%v`", [value])
}
# Check for images that are not from the hooli.com registry
some i
input.request.kind.kind == "Pod"
image := input.request.object.spec.containers[i].image
not startswith(image, "hooli.com/")
msg := sprintf("Image '%v' comes from untrusted registry", [image])
}
Source of these samples: openpolicyagent.org
# Only owner can update the pet's information
default allow = false
allow {
input.method == "PUT"
some petid
input.path = ["pets", petid]
input.user == input.owner
}
Policies at the Kubernetes Level
•
Policies at the Application Level
25. 4. Policy Management
Consistency between Dev, Test, Staging, and
Production needs end-to-end automation and
declarative management.
26. 26
● How do I ensure all my clusters are compliant with standard and
custom policies?
● How do I set consistent security policies across diverse
environments and ensure enforcement?
● How do I get alerted on any configuration drift and remediate it?
● How do I ensure 99.9 % Uptime?
● How do I drive more innovation at scale?
Policy Driven Governance Risk and Compliance
IT Operations
Security OPS
27. 276
Policy based Governance, Risk and Compliance
• Centrally set & enforce policies
for security, applications, &
infrastructure
• Quickly visualize detailed
auditing on configuration of
apps and clusters
• Built-in compliance policies and
audit checks
• Immediate visibility into your
compliance posture based on
your defined standards
Don’t wait for your security team to tap you on the shoulder
29. 29
● I want to quickly investigate application relationships with real
time status, so that I can see where problems are.
● With the Application Topology view, I can visually inspect
application status labels and pod logs to understand if a part of
the application is running or not, without having to connect to a
cluster and gather any info.
● I want new clusters to be deployed with a set of known
configurations and required applications.
● With the assignment of a label at cluster deploy time, the
necessary configurations and applications will be automatically
deployed and running without any additional manual effort.IT Operations
DevOps/SRE
Advanced Application Lifecycle Management
30. 308
Advanced Application Lifecycle Management
• Easily Deploy Applications at
Scale
• Deploy Applications from
Multiple Sources
• Quickly visualize application
relationships across clusters
and those that span clusters
Simplify your Application Lifecycle
31. 6. Cost Inefficiencies
Current Cost Challenges
•Assigning billing items to projects
•Selecting the appropriate contract
duration and instances types
•Taking advantage of already paid for
infrastructure
•Optimally stacking applications
Kubernetes makes application environments more
dynamic and complex
•Which application puts how much load on a specific micro
service?
•What infrastructure did the micro service consume on
behalf of a specific application?
•Should the same micro service run on different Kubernetes
clusters to optimize cost, compliance, or performance?
•Does the micro service depend on specific storage, GPUs,
Linux libraries, etc. or can we easily move it.
•How should I match the requirements of my application
services with the various Kubernetes offerings on different
clouds.
Slide # 31
U
nified and automated
cost management is
critical.
32. 7. Collaboration
Move to a “start
left” approach
where all stakeholders
continuously
collaborate.
33. 8. Self Service
Self service
deployment
Git: Desired State
Namespace
Load
Balancing
DNS Host Infrastructure
Storage and
Backup
Cluster
control plane
Operating
Systems
Instrumentation
System
components
Add ons
Observed State
Adjustments
& updates
Define clusters as code
for self-service
deployment, continuous
observability, and rapid
adjustments in case of
configuration drift.
36. CONFIDENTIAL designator
Visit Us on the Web
www.redhat.com/clustermanagement
Where Can I Learn More?
36
Try it out free for 60 days!
https://www.redhat.com/en/technologies/
management/advanced-cluster-
management/try-it