Our experiences with Kubernetes in the Open Telekom Cloud
How we migrated from root-servers to Kubernetes with OTC
Overview
I’ll first sum up, who we are, what we do and how we came to Open Telekom Cloud (OTC). A second part will describe, how our migration to OTC worked out. Afterwards, I’ll picture our daily business with T-Systems and Huawei and how the platform evolved during the last months.
Where we are coming from
Ambient Innovation has been developing a sales platform in the energy business for several years. This application is built with Django and had been hosted on old-school root-servers for some time. These root-servers were maintained by our customer in terms of availability, backups and “keeping the machines running”. Since we were developing the software and knew best, how to run it, we were responsible to do that on machines, we were not completely in charge of. This wasn’t perfect and additionally, external circumstances forced us to move away from this setup.
So we took the chance and realised our plans (or dreams) to migrate our application into a modern container infrastructure instead of just moving it to new root-servers. We put everything in Docker and S3-compatible buckets and were prepared to run it on basically every container platform.
At the same time, we evaluated our options to host the application: We decided to run it in a modern Kubernetes-setup because it felt (and still feels) like this is the most professional and widely used orchestration tool. It was no option to use one of the big cloud providers, since we and — more importantly — our customer is based in Germany and has the requirement of not using US-providers. We were quite limited in our choices, but Open Telekom Cloud fulfills all conditions of GDPR and provides all required services in a solution which is based on OpenStack. T-Systems and Huawei formed a partnership and provide a setup that is quite close to plain OpenStack. So we don’t have to worry about a vendor lock-in, which was also important to our customer.
First trials and conception in OTC
After we decided to go for OTC, we got a lot of support to get everything up and running. We did a workshop with a technician of Huawei and developed a concept of how we want to structure our virtual machines, storages, networks, firewalls and Kubernetes-services – all free of charge and really helpful.
To be honest: When we first started evaluating and testing CCE (Cloud Container Engine) in the OTC after this conceptional phase, some things felt like no real customer had ever used this managed Kubernetes-service in a bigger scale before. But the good impression about the support was kept alive: Sure, we had to try and error a lot, but we were no cloud experts (yet) and benefitted heavily from the OTC-support.
Special support process
Their process seems a little unusual, but it works: There’s a mail address for support questions, which answers your questions as long as these questions are not that technical. Since our setup is quite advanced and uses Kubernetes-features that are not supported by OTC’s web interface, my questions often need further investigation by technicians. And that’s the point where it feels a little inefficient: The support team translates my (sometimes) German questions to English and creates a ticket at Huawei. Huawei answers the ticket and the support team sends their answer to me, possibly after translating it again. During that process, I get mails by Huawei’s ticketing-system to inform me about status changes, but without any comments.
One should believe that people who work with Kubernetes might be used to English ticketing systems instead of a collection of mails …
Running Kubernetes/CCE in daily business
We created a robust and reliable setup during that time, which we are running since mid 2018 and didn’t experience any downtimes related to Open Telekom Cloud. (But I have to admit that T-Systems killed their complete network-connections for 2.5 hours in June 2019.)
As long as we don’t change anything on purpose, it just runs without attracting attention, which is a good thing for a cloud provider. In everyday life, meaning decisions on technical solutions during regular development process, the support still works well. I like the web interface better than those of the big players because it’s clearer and I don’t have to google where to find what I need. So all in all I’m really happy with OTC.
CCE2 and ongoing improvements
This satisfaction has increased a lot when T-Systems/Huawei introduced version 2 of their Cloud Container Engine (CCE), which is a major improvement in comparison to version 1: Kubernetes version first raised to 1.9 and is at 1.11 now, instead of 1.7 in CCEv1. Most limitations of the web interface and unnecessarily complicated solutions in CCEv1 have been solved, so this feeling of “I am the only one ever using this” has completely vanished. I’m able to change stuff directly in the web interface (e.g. for testing purposes) or in our (version-controlled and automatically applied) yaml-files. It’s awesome.
I’m still dreaming of some things. For example, there’s only a possibility of automatically scaling my k8s-cluster up when load increases and none to scale down again when the load decreases again, which makes this whole autoscaling useless for us. Fortunately our customer does not do TV-advertising. 😎
Another drawback is the lack of Let’s Encrypt in the Elastic Load Balancer. They introduced an “enhanced” Load Balancer which seems to do exactly the same as NGINX Ingress Controller for Kubernetes we installed manually, but it cannot be used with cert-manager which we also installed manually by using OTC’s helm-support. Obviously, we’d prefer using an existing setup in OTC, but this only works for static certificates that have been uploaded manually.
Are we happy or what?
To sum it all up: It was a hard way to get our application up and running in Kubernetes in OTC, but this was absolutely not related to the platform. Not alone. 😉
We had to understand how to do Kubernetes properly and we got loads of support from T-Systems and Huawei on this way. As a result, we do have a setup that does not need to hide behind the big players in cloud business (we also use them for other customers at AI). There’s also some marketing-driven information from our company’s CEO on OTC-website.
