Open-source tools you should use on an on-prem Kubernetes cluster
Kubernetes has dramatically shifted the trade-offs of on-prem versus SaaS deployments. Thanks to the rich abstractions Kubernetes provides, deploying software on-premises can be significantly easier than it used to be. Because Kubernetes has achieved such high market penetration (and still growing), it is now a viable target environment for many software products. Nevertheless, Kubernetes requires external tools to be production ready, especially on an on-prem deployment.
The purpose of this article is to list tools that everyone should be aware of when it’s time to move an on-prem Kubernetes cluster to production and by on-prem we mean not in a cloud environment. In the cloud, it is obviously better to rely on cloud services offered by the provider.
Use the right container engine
First, forget about Docker Engine, it’s overkill for what Kubernetes needs. Today, there are multiple tools that better manage the container network interface (CNI) and the container storage interface (CSI). Focus on simpler container runtime interface (CRI) like Containerd. It will be probably the new standard as it has already proven its efficiency and maturity.
Distribute your data
Storage is probably one of the most critical parts. Without storage, the purpose of a container is limited to serverless or cron jobs. In the cloud, the best option is usually to use the default storage engine proposed by the cloud provider. On prem, a distributed storage engine is required to dynamically create volumes based on local disks.
Many applications exist today to easily manage volumes on Kubernetes. Rook is probably the most used to deploy a distributed Ceph cluster. Ceph has many advantages as it is able to manage blocks, files and object storage. The installation of Ceph can be complicated to understand, but Rook makes it easy to do on a Kubernetes cluster. This is definitely a solution to consider while evaluating how to distribute storage on a Kubernetes cluster.
Externalize sensitive data
Everyone knows that the internal management of secrets on Kubernetes is not the most secure way to manage sensitive data. Data…