Arts and Crafts of Designing a Container Platform — Part 3: Framing Your Painting

Written by Hasibe Göçülü and Sergio Vicente Ruiz

Image for post
Image for post
The Arts and Crafts of … by Tom Rourke

As we outlined in Part 1: Sharpen the Pencil of this blog series, choosing the right container platform could be a challenging duty.

Following, in Part 2: Get Out Your Colors we introduced the main Kubernetes offerings provided by Cloud Service Providers (CSPs) and Software Vendors, which will setup the base for designing the right solution for the company needs.

In this post we will explain which are some of the available Kubernetes management tools and services and their coverage for the CSPs and Software Vendors offerings, that could help to manage the multiple Kubernetes-based environments deployed across public clouds and traditional data centers.

To understand better the information provided in this post, below is shown the colors and shapes legend relevant to the tables and figures hereunder.

Image for post
Image for post
Colors and Shapes Legend

The main CSPs and Software Vendors have developed tools and services to help manage the multiple Kubernetes-based environments deployed across public clouds and traditional data centers.

Some of the CSPs integrate the management of the supported Kubernetes services, distributions and bundles under their cloud portals, like AWS and IBM Cloud, while others have developed specific management tools for this purpose, that can also manage the other providers’ Kubernetes offerings,, like Google Anthos and Azure Arc.

Image for post
Image for post
Kubernetes Management Tools and Services from CSPs and Kubernetes Offerings Coverage

Equivalently, the main Software Vendors have developed specific management tools to support various Kubernetes services, distributions and bundles.

Image for post
Image for post
Kubernetes Management Tools and Services from Software Vendors and Kubernetes Offerings Coverage

The main management activities related to any container platform can be grouped in 5 categories:

1. Multi-cluster lifecycle management, to create, upgrade, update and delete Kubernetes clusters.
2. Configuration management, of namespaces, roles, quotas, secrets and other important Kubernetes objects.
3. Policy-based governance, to audit and enforce clusters (and workloads) compliance with security and regulations.
4. Logging and monitoring, to store, search, analyze, monitor, and alert on logging data, metrics and events of Kubernetes clusters and workloads.
5. Application lifecycle management, to deploy workloads to clusters based on placement rule definitions.

The table below summarizes how the management tools and services under analysis cover these 5 categories for each of the supported Kubernetes services, distributions and bundles.

Image for post
Image for post
Kubernetes Management Activities per Kubernetes Offering

¹ Table legend: Dark Grey = Full coverage; Light Grey = Limited coverage
²Azure Arc enabled Kubernetes is in preview
³Red Hat Advanced Cluster Management only present the overall health status of the managed clusters in the Web console
⁴VMWare Tanzu Mission Control can only manage configuration for role bindings, image registries and network policies
⁵VMWare Tanzu Mission Control cluster inspections provide a point-in-time report of the condition of the cluster, but does not enforce compliance policies to clusters neither to workloads using a Kubernetes admission controller neither Open Policy Agent (OPA)
⁶VMWare Tanzu Mission Control only present the overall health status of the managed clusters in the Web console, although detailed observability can be achieved using Tanzu Observability by Wavefront
⁷Rancher documentation does not provide information regarding the cluster lifecycle features for AWS Outpost, AKS engine on Azure Stack Hub, Anthos GKE on prem or Anthos GKE on AWS
⁸Rancher can only run security scans and configure pod security policies on RKE clusters, OPA Gatekeeper to enforce compliance policies to clusters and workloads is an experimental feature the v2.4 release
⁹Rancher does not implement any log repository, but can integrate with external logging services and collectors based on Elasticsearch, Splunk, Kafka, Syslog and Fluentd

As a simple conclusion and main take away of this post, we will remark that understanding the details of what the Kubernetes management tools and services provided by Cloud Service Providers (CSPs) and Software Vendors will offer, is key to understand how the multiple Kubernetes-based environments deployed across the company public clouds and traditional data centers could be managed efficiently.

In Part 4: Exhibit Your Artwork and closing post of the blog series, we will share the typical set of questions that could help to understand better the company needs, to serve as the lighthouse to approach the design of the container platform once more concrete requirements are uncovered.

Stay tuned and follow us on Twitter for news and updates on this series!

Hasibe Goculu

Sergio Vicente Ruiz

Disclaimer:

Every reasonable effort has been made to ensure that the information provided is reasonably comprehensive, accurate, clear and up to date at the time of writing this document.
However, the information provided on or via this document may not necessarily be completely comprehensive or accurate, and, for this reason, links to the official CSPs and Software Vendors documentation sites have been included.

References Links:

AWS Management Console
AWS CloudWatch Container Insights
IBM Cloud Portal
IBM Log Analysis with LogDNA
IBM Cloud Monitoring with Sysdig
Google Cloud Console
Google Cloud Connect
Google Cloud Logging
Google Cloud Monitoring
Azure Resource Manager
Azure Arc
Azure Policy
Azure Monitor
Red Hat Advanced Cluster Management
Tanzu Mission Control
Tanzu Observability by Wavefront
Rancher

Written by

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store