Today, The New Stack is publishing the second ebook in our Kubernetes ecosystem series, “Kubernetes Deployment & Security Patterns.” In this book, our focus has been on informing the operations teams that deploy and manage the clusters needed for containerized applications. As more and more workloads move to Kubernetes-based container deployments, IT operations teams need a lens for understanding this vast and complex technology.
“Kubernetes Deployment & Security Patterns” has three comprehensive chapters that will help ops teams evaluate Kubernetes by focusing on the value your organization puts on factors such as security, storage, logging and load balancing. These factors help define how companies manage workloads whether on cloud services, on-premises or through a multi-cloud approach. Highlights from the book include:
1) In-Depth Data Analysis on How Organization and Deployment Size Dictate K8s Challenges.
The size of an organization and where they run their container workloads in many ways dictate how likely they are to deploy Kubernetes and the challenges they will face with that deployment. As we see in the results from two surveys, one conducted by the Cloud Native Computing Foundation and the other by The New Stack, large organizations are running more containers in production and thus are more likely to deploy Kubernetes. (You can access the raw dataset for this analysis in a Google spreadsheet.) Operations teams responsible for running container clusters at large organizations with 1,000 or more employees are most concerned about security, networking and complexity, while small to midsize organizations are more concerned with storage and monitoring.
2) Comparison of Deployment Environments.
After an overview of the key building blocks in any Kubernetes production deployment, Chapter 2 discusses how user responsibility varies across self-hosted environments, managed providers and public clouds. Again, the best lens for assessing this information is the specific needs of your organization. A handy table compares and contrasts the various options and shows that self-hosted Kubernetes deployments provide the most flexibility, but at a very high cost. When the deployments are outsourced to a managed provider, the flexibility to customize goes down. This loss of control offers a corresponding lower total cost of ownership (TCO). Various tools for managed Kubernetes, CaaS and PaaS, can make deployment easier as well. Chapter 2 covers these, in addition to emerging deployment patterns such as serverless.
3) Security Patterns That Apply Across All K8s Deployments.
One commonality across all Kubernetes deployments is the need to understand and integrate new, Kubernetes-specific security patterns. Chapter 3 discusses the threat model applicable to Kubernetes deployments and the various security considerations for Kubernetes including container security, deployment security and network security. These considerations span the underlying nodes, container images and registry. It is important to pay particular attention to handling the critical vulnerabilities on container images and to conduct a vulnerability assessment across the entire DevOps pipeline. Managing the registry is another key area to focus on to ensure the appropriate controls so that only approved images are allowed for deployment. It is the responsibility of the IT team to ensure that images are not downloaded from the internet for use inside the organization.
Next Up in the Ebook Series: CI/CD with Kubernetes
The next, and final, part in our Kubernetes ebook series will cover application patterns for Kubernetes and delivery best practices for developers and DevOps professionals. Taken as a whole, this three-part series will give you a firm foundation to prepare your own Kubernetes deployments and understand this complex project and ecosystem. But reading and planning can only get you so far — the next, and best, way to learn what works for your organization is to go out there and try it. Best of luck with your Kubernetes deployments and Godspeed!
The Cloud Native Computing Foundation is a sponsor of The New Stack.