DevOps Institute

How to Approach Kubernetes Infrastructure With Container Sprawl in Mind

Container Orchestration, Enterprise Kubernetes

Large container cargo ship in the ocean
Image source: teeraphonphooma

By Asim Rahal, Freelance IT Consultant and Security Writer

Kubernetes is now practically everywhere, with 96% of tech companies either using or evaluating it worldwide. Today, virtually every organization is adopting for some type of containerized DevOps approach for their services because as it is relatively inexpensive, reliable, and much easier to manage and deploy than older methods.

Kubernetes provides a uniform platform for deploying numerous types of applications, both traditional on-prem and modern cloud-based while presenting a centralized view of all environments. This separation of applications from the underlying infrastructure allows for the freedom to operate services on multiple clouds, in-house, and even at the edge.

Granular control is one of the key advantages of the Kubernetes approach, but when every coding environment has its own container and with 43% of all production workloads living in Kubernetes, it doesn’t take long in many organizations for sprawl to rear its head. In a 2019 article, the engineering team from the Tinder dating app reported that they were running a Kubernetes cluster with 1,000 nodes, 15,000 pods and 48,000 containers. 

Not every organization operates at such a large scale, but having hundreds of containers in circulation is extremely common. The last thing you want is for your team to get burnt out managing it all. Therefore, it’s important to keep a few key factors in mind in order to ensure a stable, efficient, and scalable system.

To minimize the maintenance required as your Kubernetes infrastructure grows in complexity, here are five key elements to make sure you have on your checklist while creating your containerized infrastructure and deploying services in it.

You might be interested in SKILup Day: Enterprise Kubernetes. Register for free >

1. Resource Management

One of the biggest challenges associated with managing a large number of microservices is ensuring that each one has the resources it needs to operate efficiently. 

In a Kubernetes cluster, this means paying attention to CPU and memory usage for each microservice, as well as setting appropriate resource requests and limits.

It’s also important to monitor resource usage over time and make adjustments as needed to ensure that no single microservice monopolizes the cluster’s resources.

2.  Logging and Monitoring

In a large microservices architecture, logging and monitoring are critical for identifying and resolving issues. It’s important to have a centralized logging solution in place, as well as a monitoring system that can alert you to potential problems. 

Kubernetes makes it easy to collect logs from all of your microservices and send them to a centralized logging system like Elasticsearch, and a monitoring solution like Prometheus can help you keep an eye on key metrics and set alerts based on specific thresholds.

Another recommended approach is a combined Prometheus-Grafana Loki setup for log aggregation, where your whole monitoring and logging system can be established in a single place. 

3. Scalability

One of the biggest benefits of microservices is the ability to scale individual components as needed, in order to handle increased loads. In a Kubernetes cluster, this is achieved by adjusting the number of replicas for a given microservice/deployment container. 

The service attached to a given deployment container can load-balance the traffic with all the pods/replicas attached to it.

It is also essential to have horizontal pod autoscaling as well as vertical pod autoscaling configured in a production environment. To make this configuration and setup easier, you can create a Google Autopilot cluster that can manage everything from pod scaling to node scaling for you. 

However, it’s important to ensure that you have a solid scalability strategy in place so that you can quickly and efficiently scale your microservices as needed, while also avoiding over-provisioning and waste.

4. Security

Security is a critical concern when managing multiple containers in a single cluster. This means taking steps to secure communication between containers, as well as ensuring that sensitive data is properly protected. Kubernetes provides a number of security features, including network policies, encryption at rest, and the use of secure secrets.

But using Kubernetes’s native Secrets feature does not help much, because they are only base64 encoded, and once you’re working with dozens or hundreds of containers, it becomes difficult to maintain so many manifested files of a secret. Instead, you can use third-party tools like Akeyless, which offers a dedicated Kubernetes solution, through which you can inject variables easily via a simple webhook.

It really helps to keep all secrets safe at a centralized place, and Akeyless also provides their own encryption technology called DFT (Distributed Fragments Cryptography) that ensures the security of your secrets and safe decryption on infrastructure.

In addition, you can easily rotate credentials and secrets, which becomes a little bit more costlier and complex with other third-party tools like Hashicorp’s Vault, or cloud providers’ tools like Google Secret Manager or AWS Secret Manager. 

5. Networking

With many containers running in a single cluster, networking can quickly become a bottleneck. It’s important to ensure that communication between containers is as fast and efficient as possible, while also ensuring that traffic is properly secured.

Kubernetes provides a number of networking options, including the use of services, ingress controllers, and network policies, and it’s important to choose the right approach for your specific use case. 

Network policies are likewise potent when it comes to controlling network traffic in a Kubernetes cluster. They allow you to specify the types of traffic that are allowed between microservices and the types of traffic that are blocked. 

This helps to reduce the risk of unauthorized access and prevent potential security breaches. Network monitoring and observability are also important, and you can use tools like Istio Service Mesh, Cilium Service Mesh, or Hashicorp Consul to trace and monitor network requests taking place in the cluster. 

Containerization at Scale with Minimal Mess

Container sprawl correlates with technical debt and plenty of infrastructure maintenance to keep up with. By taking care of the elements listed above, your team will be able to manage, secure and maintain Kubernetes clusters with wide arrays of containers.

What’s Next?

March 2023 is Kubernetes month at DevOps Institute! There are many events, webinars, and opportunities for you to meet leading experts and practitioners and hear how they’ve used Kubernetes to overcome complex challenges and win at delivering better software, sooner and more safely. Stay up to date with the DevOps Institute event calendar: devopsinstitute.com/view-upcoming-events

Get Certified

DevOps Institute empowers DevOps humans to advance career development and upskill for enterprise transformation by providing the resources, guidance, experts, and encouragement to learn. We’ve put together suggested Developer and DevOps Engineer Certification Paths and offer essential core competencies and various certifications to help advance your DevOps career and grow professionally. 

Get started at devopsinstitute.com/certifications

An incurable evangelist of cloud security, data protection and cyber risk awareness, Asim Rahal is a Detroit-based independent IT service provider. You can reach Asim via Twitter: https://twitter.com/asimrahal
Upskilling IT 2023 Report

Community at DevOps Institute

related posts

[EP112] Why an AIOps Certification is Something You Should Think About

[EP112] Why an AIOps Certification is Something You Should Think About

Join Eveline Oehrlich and Suresh GP for a discussion on Why an AIOps Certification is Something You Should Think About Transcript 00:00:02,939 → 00:00:05,819 Narrator: You're listening to the Humans of DevOps podcast, a 00:00:05,819 → 00:00:09,449 podcast focused on...

[Ep110] Open Source, Brew and Tea!

[Ep110] Open Source, Brew and Tea!

Join Eveline Oehrlich and Max Howell, CEO of tea.xyz and creator of Homebrew, to discuss open source including "the Nebraska problem," challenges, and more. Max Howell is the CEO of tea.xyz and creator of Homebrew. Brew was one of the largest open source projects of...