Taking the concept of snapshotting from virtualization, a new tool from Gravitational called Gravity allows users to create thousands of identical clusters to ease the pain of setting up and managing Kubernetes.
“The problem is that Kubernetes management is as complex as server administration used to be 15 or 20 years ago,” said Ev Kontsevoy, Gravitational CEO.
“Gravity allows you to take a snapshot of the cluster and create thousands of other clusters… It allows you to create clusters and destroy them and recreate them, and every time a cluster comes up, security is already configured, it already has your company’s compliance enforcement… and all the clusters are self-healing, so the cost of managing one cluster equals the cost of managing a thousand clusters.”
Gravity allows users to take a snapshot of their Kubernetes cluster, including all applications and dependencies, and package it all into a single file that can be easily installed into any environment. Gravity also includes the popular, open source privileged access-management solution, Teleport, which incorporates security best practices for accessing and logging activity throughout the cluster to satisfy enterprise compliance requirements.
“You can put it on Amazon, on Google, in your private data center, in your basement in your top-secret lab. You can put it in a server room that’s not even connected to the Internet, called air-gapped,” Kontsevoy said.
“We have users running Gravity who need to run Kubernetes in environments that are extremely restricted, extremely locked down, highly compliant, highly secure.”
Companies tend to have in-house, cobbled-together solutions to solve the very complex issue of running many Kubernetes clusters across different environments, which time consuming and often insecure, he said.
Gravity creates consistency across deployments and allows teams to remotely manage many instances of a cluster, even if located behind a firewall.
Gravity is open source and comes in community and enterprise versions. The community version can be downloaded from the Gravitational website. Enterprise version allows you to integrate Gravity with your enterprise security, including role-based access controls and synchronization of security across many clusters. It gives you an aggregation for access management across many clusters.
In the snapshotting process, it:
- Provides full application introspection.
- Finds all containers and de-duplicates their layers.
- Packages all required binaries.
- Adds cluster metadata with infrastructure requirements.
- Adds an embedded Docker registry to the output.
- Re-writes all images to be hosted out of the embedded registry.
- The output includes the SSH bastion and Kubernetes gateway for remote management.
The output is a self-contained image as a tarball that can be loaded onto on a USB drive and taken to an air-gapped server room to recreate the full replica of the original cluster.
It also automates upgrades with application-specific hooks and offers the ability to roll back, with fully automatic, step-by-step or manual modes.
While some shops use the SSH security protocol and other rely solely on the Kubernetes protocol, Gravity allows you to use both, synchronizing them.
Gravitational’s approach to providing simplicity for even inexperienced Kubernetes users might not be to every company’s taste, Kontsevoy said.
“When we deliver a snapshot of a cluster, it delivers it in a very opinionated way — the type of networking we use with Kubernetes, the kind of security. These are what we believe are best practices. We do not allow users to tweak every single configuration setting that’s available.
“We’re saying, ‘If you trust our technology, out of the box, use it as is.’ But deep configuration changes, they are simply not allowed. …What you get is a fully autonomous configuration. Clusters are self-running, self-healing, self-managing. That will work for some companies, but ultimately, it might not work for others,” he said.
“There are some different network topologies, different ways to deploy things. … We deliver simplicity at the expense of flexibility.”
The New Stack is a wholly owned subsidiary of Insight Partners, an investor in the following companies mentioned in this article: Candy, Docker.