Arts and Crafts of Designing a Container Platform — Part 3: Framing Your Painting
As we outlined in Part 1: Sharpen the Pencil of this blog series, choosing the right container platform could be a challenging duty.
Following, in Part 2: Get Out Your Colors we introduced the main Kubernetes offerings provided by Cloud Service Providers (CSPs) and Software Vendors, which will setup the base for designing the right solution for the company needs.
In this post we will explain which are some of the available Kubernetes management tools and services and their coverage for the CSPs and Software Vendors offerings, that could help to manage the multiple Kubernetes-based environments deployed across public clouds and traditional data centers.
To understand better the information provided in this post, below is shown the colors and shapes legend relevant to the tables and figures hereunder.
The main CSPs and Software Vendors have developed tools and services to help manage the multiple Kubernetes-based environments deployed across public clouds and traditional data centers.
Some of the CSPs integrate the management of the supported Kubernetes services, distributions and bundles under their cloud portals, like AWS and IBM Cloud, while others have developed specific management tools for this purpose, that can also manage the other providers’ Kubernetes offerings,, like Google Anthos and Azure Arc.
Equivalently, the main Software Vendors have developed specific management tools to support various Kubernetes services, distributions and bundles.
The main management activities related to any container platform can be grouped in 5 categories:
1. Multi-cluster lifecycle management, to create, upgrade, update and delete Kubernetes clusters.
2. Configuration management, of namespaces, roles, quotas, secrets and other important Kubernetes objects.
3. Policy-based governance, to audit and enforce clusters (and workloads) compliance with security and regulations.
4. Logging and monitoring, to store, search, analyze, monitor, and alert on logging data, metrics and events of Kubernetes clusters and workloads.
5. Application lifecycle management, to deploy workloads to clusters based on placement rule definitions.
The table below summarizes how the management tools and services under analysis cover these 5 categories for each of the supported Kubernetes services, distributions and bundles.
¹ Table legend: Dark Grey = Full coverage; Light Grey = Limited coverage
²Azure Arc enabled Kubernetes is in preview
³Red Hat Advanced Cluster Management only present the overall health status of the managed clusters in the Web console
⁴VMWare Tanzu Mission Control can only manage configuration for role bindings, image registries and network policies
⁵VMWare Tanzu Mission Control cluster inspections provide a point-in-time report of the condition of the cluster, but does not enforce compliance policies to clusters neither to workloads using a Kubernetes admission controller neither Open Policy Agent (OPA)
⁶VMWare Tanzu Mission Control only present the overall health status of the managed clusters in the Web console, although detailed observability can be achieved using Tanzu Observability by Wavefront
⁷Rancher documentation does not provide information regarding the cluster lifecycle features for AWS Outpost, AKS engine on Azure Stack Hub, Anthos GKE on prem or Anthos GKE on AWS
⁸Rancher can only run security scans and configure pod security policies on RKE clusters, OPA Gatekeeper to enforce compliance policies to clusters and workloads is an experimental feature the v2.4 release
⁹Rancher does not implement any log repository, but can integrate with external logging services and collectors based on Elasticsearch, Splunk, Kafka, Syslog and Fluentd
As a simple conclusion and main take away of this post, we will remark that understanding the details of what the Kubernetes management tools and services provided by Cloud Service Providers (CSPs) and Software Vendors will offer, is key to understand how the multiple Kubernetes-based environments deployed across the company public clouds and traditional data centers could be managed efficiently.
In Part 4: Exhibit Your Artwork and closing post of the blog series, we will share the typical set of questions that could help to understand better the company needs, to serve as the lighthouse to approach the design of the container platform once more concrete requirements are uncovered.
Stay tuned and follow us on Twitter for news and updates on this series!
Every reasonable effort has been made to ensure that the information provided is reasonably comprehensive, accurate, clear and up to date at the time of writing this document.
However, the information provided on or via this document may not necessarily be completely comprehensive or accurate, and, for this reason, links to the official CSPs and Software Vendors documentation sites have been included.
AWS Management Console
AWS CloudWatch Container Insights
IBM Cloud Portal
IBM Log Analysis with LogDNA
IBM Cloud Monitoring with Sysdig
Google Cloud Console
Google Cloud Connect
Google Cloud Logging
Google Cloud Monitoring
Azure Resource Manager
Red Hat Advanced Cluster Management
Tanzu Mission Control
Tanzu Observability by Wavefront