Technology / Contributed

What Enterprise RFPs Require from Kubernetes and Container Management Software

16 Nov 2020 1:04pm, by

Mohan Atreya
Mohan Atreya is the vice president, product and solutions at Rafay Systems. He is a seasoned product professional with over 20 years of experience. Prior to Rafay, he led senior Product Management positions at Okta, Neustar, McAfee and RSA. He earned his Masters in Engineering from National University of Singapore. In his spare time, Mohan enjoys spending time with his family and tinkering with his telescope.

Kubernetes (K8s) has emerged as the prominent container orchestration platform for building cloud native applications. It represents a massive opportunity to accelerate digital transformation, leverage cloud-based technologies, and differentiate an enterprise’s products and services through innovation. However, the irony is not lost on me, that a technology created to help ease the management of modern, cloud applications is, itself, difficult to manage. As a result, and as companies grow from just a few clusters to fleets of clusters, the ability to efficiently and effectively manage K8s and containers has risen as a key project within many enterprises over the past 12 months.

But what are the most popular software requirements seen by vendors and why are they important to enterprises as they embark on a Kubernetes and container management (KCM) infrastructure implementation? This article will attempt to answer those questions by analyzing the most popular requirements anonymized from a random sample of a dozen real enterprise requests for proposals (RFPs) received over the past six months (RFPs are a set of requirements issued by an organization competitively outsource a particular service, project, or solution to an interested bidder). Note that I define an enterprise to be a medium- to large-sized business to business (B2B) or business-to-consumer (B2C) company with revenue over $100 million last year and more than 500 employees. For those interested in reviewing all the requirements or would like to leverage a sample RFP for their own purposes we’ve made a sample RFP freely available on GitHub in Microsoft Word form.

After analyzing the sample of enterprise RFPs it was clear that several patterns emerged, some of which are not often shared publicly given the private nature of enterprises. The goal of this article is that by shedding light on popular requirements their peers are looking to meet, DevOps professionals can learn about critical K8s management functionality and requirements — across implementation and operations — to consider as they embark on their own K8s journey.

Top Requirement #1: Support for Hybrid Environments

Appearing in 100% of enterprise RFPs we’ve received is support for hybrid environments (i.e., both cloud and on-premises):

The KCM solution must have the ability to configure and manage clusters in the following infrastructures and in combination: on-premises (on virtualized environments such as VMWare and Openstack as well as bare metal configurations) and within our strategic public cloud vendor’s environment (e.g., Amazon Web Service (AWS), Microsoft Azure, etc.)

Why is this an important requirement?

According to a report published by Rightscale, Hybrid cloud (defined as leveraging a mix of on-premise infrastructure/private cloud and public clouds) adoption among enterprises is 58%. Why so high? Because modern application requirements — and the cutting-edge technologies that support it — are rapidly changing and thus not every application belongs in either a private or public cloud. This allows enterprises to be agile to the needs of their business and customers. Multicloud is also a growing trend, in fact, according to Gartner, 81% of enterprises now use “two or more cloud providers” because certain public clouds have specific features or advantages that some applications utilize. Another reason is that enterprises want to keep their infrastructure options open and avoid being locked-in to any one particular cloud and/or K8s distribution. To support the ever-evolving nature of business and for IT to remain open and agile, it is crucial for a KCM solution to support any combination of infrastructures — private or public — without the potential of future limitations of a proprietary approach.

Top Requirement #2: Integration with DevOps Automation Workflows and Kubernetes Ecosystem Technologies

Appearing in 100% of enterprise RFPs we’ve received is the requirement to integrate with popular DevOps toolsets for workflow automation and Kubernetes technologies:

The KCM solution must provide certified integrations with the following technologies in the Kubernetes ecosystem to support our current DevOps workflows (some of which are automated) including our CI/CD pipelines and registry vendors of choice as well as integration with Kubernetes storage, secrets management, networking, monitoring, logging and security technologies.

Why is this an important requirement?

By itself, Kubernetes doesn’t provide a full, production-ready container management solution. It requires a number of supporting technologies both to streamline application deployment and to operate effectively within a variety of development and production environments. Thus, it is essential that a KCM solution provide turnkey, certified integrations with Kubernetes ecosystem technologies as well as seamlessly integrate with existing pipelines for deploying applications. If these integrations require a large amount of manual labor, specialized expertise and custom coding, it can take a lot of time (and specialized resources) to deploy applications, develop integrations and keep said integrations up-to-date with each upgrade that is released.

Top Requirement #3: Secure Kubectl Access and Governance

Appearing in 83% of enterprise RFPs we’ve received is the requirement to provide a level of security controls and auditing to kubectl:

The KCM solution must enable seamless and secure access to k8s clusters via Kubectl and maintain a centralized audit trail of all activities, governed by RBAC. The solution should help security teams prevent operations performed by “rogue kubectl admins” and provide a way to review/audit all kubectl operations performed for internal policy, compliance and regulatory reasons.

Why is this an important requirement?

Kubctl is, of course, the command-line interface (CLI) used to access and manage K8s clusters and it’s incredibly powerful. However, with great power comes great responsibility. With sometimes direct access to production systems, kubectl has unfettered power to make wide-sweeping (and sometimes disastrous) changes to clusters and applications, drawing ire from the support/SRE organization. Actions conducted by shadow or “rogue” admins via the kubectl CLI is a critical security concern, especially for reliability reasons. And controlling access over time, especially given either a large number of clusters or admins can be difficult. Thus, access to kubectl — and the right to perform certain actions — should be governed by RBAC. Further, by default, logged kubectl events are not tagged by user account which makes it extremely difficult to audit who did what and when. This is a big problem for most enterprises but particularly those in regulated industries. So, in order to comply with both internal policies and external regulations all actions performed across all clusters under management via kubectl should be logged by user account.

Top Requirement #4: Fleet Management Features

Appearing in 75% of enterprise RFPs we’ve received a set of requirements with the goal of making the management of K8s fleets easier:

What features, if any, does the KCM solution provide that make the ongoing deployment and lifecycle management of a fleet of clusters (defined as 5+ clusters) efficient? Please describe each feature, its use case(s) and how it benefits users.

Why is this an important requirement?

In the past, fleet management has been an afterthought. But that’s not the case today. The average number of clusters under management per enterprise is growing and thus yesterday’s “few clusters” are quickly becoming today’s fleets. The New Stack reports that almost 40% of companies surveyed are now running more than five clusters.

Managing a handful of clusters is relatively straightforward, but managing more than that is quite another story. Thus, any KCM solution should provide numerous features and functionality to help standardize workflows and automate the management of fleets. Some considerations include:

  • Administration: Ability to have multiple levels of administration to create entirely distinct Kubernetes management spaces for the purposes of tracking usage (useful for internal/external billing) and governing access control and operations.
  • Flexible Cluster Group Management: Ability to create and customize logical groupings of applications or clusters by any technical or business need (for example by department, application-type, operating environment, customer target, geography).
  • SSO and RBAC Integration: Ability to seamlessly integrate and thus leverage the organization’s  SSO and RBAC strategy for access management
  • Cluster Standardization: Ability to create and manage custom cluster blueprints to ensure clusters are compliant to enterprise policies and have a repeatable baseline set of software components as required for approved application and security profiles.

Top Requirement #5: Consulting, Implementation Services and 24×7 Support

Appearing in 100% of enterprise RFPs we’ve received is the need for both professional services experts and a support organization that is available 24×7 to handle urgent issues:

The KCM solution vendor must be able to supply professional services personnel with certified Kubernetes administrators (CKAs) accreditation as well as operational support available 24×7 with guaranteed service level agreement (SLAs).

Why is this an important requirement?

Kubernetes is a complex technology, with many dependencies, that can be difficult to implement and operate. The question isn’t if issues will occur, but when, especially when also running the various Kubernetes ecosystem technologies (e.g., secrets management or logging). For enterprises managing mission-critical applications it’s imperative to have access to experts to count on — both to start projects on the right foot and for speedy issue resolution. As a result, any KCM solution vendor needs to provide personnel with expert knowledge of core Kubernetes technology as well as the complex k8s ecosystem. The KCM solution vendor needs to be ultra-responsive to support an enterprise’s applications or Kubernetes infrastructure when an incident occurs.

Key Take-Aways

What can we take away from these requirements? There are a number of key trends worth noting from this small sample of RFPs:

  1. Infrastructure is increasingly complex: Once only on-premises, companies are now looking to leverage one — and increasingly more than one — public cloud
  2. Automation drives efficiency: Companies are looking to automate deployment and infrastructure management wherever possible
  3. Security and governance: K8s is no longer just for the lab. Given its use for production-level applications, it requires an enterprise-level of security and governance
  4. The number of clusters under management is increasing: Companies are using a multicluster strategy to manage apps across dev, test and production environments, across geographies, across business units and across hybrid infrastructure
  5. K8s expertise is hard to find: K8s is still new and evolving and companies continue to need assistance as they embark on building a successful K8s and container management infrastructure

As a resource for the DevOps community, we’ve consolidated the most popular requirements in a sample RFP (in Microsoft Word form) that can be freely downloaded from GitHub and used in the creation of new RFIs and RFPs for Kubernetes and Container Management solutions.

A newsletter digest of the week’s most important stories & analyses.