Kubernetes is a powerful platform for deploying and managing containerized applications at scale, and it has become increasingly popular in Switzerland in recent years.

One way to approach it is outsourcing. This can be a strategic and cost-effective option for organizations that do not have the in-house DevOps expertise, know-how, or resources to manage their infrastructure and application operations efficiently.

Not every tech company is in the business of building platforms and operating Kubernetes clusters. Thus by partnering with an experienced partner, companies can tap into a wealth of knowledge and expertise to help them run their applications.

Some companies adopt Kubernetes and look to leverage its capabilities themselves. It’s essential to consider time, effort, and possible implications while utilizing the latest developments and continually adding value to the core business.

In all cases, it will be helpful to align with fundamentals. For this reason, I have compiled a quick guide to Kubernetes in 2023 and best practices in Switzerland.

1. Understand the basics: Before diving into Kubernetes, have a solid understanding of the reasoning and concepts. This could include cloud infrastructure, networking, containers, how they liaise with each other, and how they can be managed with Kubernetes.
2. Plan your deployment carefully: When deploying applications with Kubernetes, you must plan thoroughly and consider your workloads’ specific needs and requirements. This includes but is not limited to resource requirements, network connectivity, scalability, latency, and security considerations.
3. Use appropriate resource limits: One of the critical benefits of Kubernetes is its ability to manage resources dynamically based on the needs of your applications. To take advantage of this, try to set appropriate resource limits for your application. This will help ensure that your application has the resources they need to run effectively while preventing them from consuming too many resources and impacting other applications.
4. Monitor your application: It’s essential to monitor your applications and the underlying Kubernetes cluster to ensure they are running smoothly and to identify any issues that may arise. You want to analyze the alerts and react accordingly. You can use several tools and practices to monitor your applications, including log analysis, monitoring with tools like Prometheus and Grafana, and alerting systems.
5. Use appropriate networking configurations: Networking is critical to any Kubernetes deployment, and choosing the proper network configuration is substantial. What about load balancing, service discovery, and network segmentation?
6. Secure your application: Security is a top concern for many companies and organizations in Switzerland. You cannot proceed without ensuring that your Kubernetes deployment is secure. At this stage, your team is implementing network segmentation, using secure container runtime environments, and implementing advanced authentication and authorization systems.
7. Consider using a managed Kubernetes service: For companies without the resources or needing DevOps expertise to manage their clusters, managed Kubernetes services can be a business-saving solution. With managed services, you can get a production-ready cluster, i.e., a fully-managed Kubernetes environment, allowing teams and software engineers to focus on developing new features and deploying their applications rather than managing the underlying infrastructure.
8. Stay up-to-date with the latest developments: The Kubernetes ecosystem is constantly evolving, and it’s better to stay up-to-date with the latest developments and best practices. This may involve subscribing to newsletters like VSHN, VSHN.timer, or Digests, attending conferences and CNCF meetups, and following key players in the Kubernetes community.

By following best practices, IT leaders, stakeholders, and decision-makers can ensure that they use Kubernetes constructively and get the most out of the platform technology.

At VSHN and APPUiO.ch we rely on OpenShift as Kubernetes distribution. What a Kubernetes distribution is, why we use it and where the differences to ‘plain’ Kubernetes will be explained in this blog post.

What is Kubernetes?

The official description of Kubernetes is:

Kubernetes is a portable, extensible open-source platform for managing containerized workloads and services, that facilitates both declarative configuration and automation.

The most important part of this description is the fact that Kubernetes is a platform and not a ready off-the-shelf product. This is an important piece of information for understanding this article.

What is a Kubernetes distribution?

To understand the differences between Kubernetes and OpenShift, first of all we have to clarify the term ‘Kubernetes distribution’: if Kubernetes is installed directly from the open source Kubernetes project, you ‘only’ get the core components (API server, controller manager, scheduler, Kubelet, kube-proxy). In order for Kubernetes to be really usable, you need a lot of other components like etcd, ingress controller, logging server, metrics collector (for example Prometheus), software defined network (SDN) and many more. This is very similar to Linux: the Linux kernel alone does not help much, you need a whole Linux distribution which provides a shell, package management, boot process and much more.

OpenShift is a Kubernetes distribution and makes Kubernetes a product

A ‘minimum viable Kubernetes distribution’ requires the following additional components and tools for productive operation:

• Installation and upgrade mechanism: for an automated installation of all involved components.
• SDN (software defined network): pods must be able to communicate with each other no matter where they are running. The SDN ensures that.
• Ingress controller: to allow user access to applications running on the cluster.
• Authentication: a central user and group database provides the authenticated and authorized access.
• Security: Kubernetes executes containers via Docker or CRI-O. The security on the host system must be ensured accordingly.
• Persistent storage: stateful applications such as databases require persistent storage.
• Monitoring: constant monitoring of all cluster components and applications.
• Backup: backup of cluster components and persistent data.

Optionally, further components are recommended:

• Central logging with graphics and searchability
• Application and cluster metrics including alerting

OpenShift as Kubernetes distribution

Essentially, OpenShift relies 100% on Kubernetes, but as a Kubernetes distribution, it comes with everything needed for a Kubernetes cluster. To name just the most important functions:

• Operations tools: an official and supported way via Ansible allows the entire lifecycle of OpenShift to be executed. This includes the automated installation, as well as upgrades to newer versions of OpenShift.
• Router: the OpenShift router (ingress controller) – based on HAProxy – ensures that access to applications within the cluster is made possible via HTTP(S).
• Multi-tenancy: multi-tenancy is built-in the core on OpenShift projects, RBAC and other concepts to allow the use of the platform by various stakeholders.
• Authentication: the most different authentication backends are supported, above all LDAP, Active Directory (AD) and others.
• Metrics: the bundled metrics component collects all available data (RAM, CPU, network) of the applications running on the cluster and visualizes them in the web console.
• Central logging: all lines logged by the application on stdout are automatically collected by the central logging component and are made available to the user via the web console.
• Security: the platform is designed for maximum security. For example, security measures in the kernel of Red Hat Enterprise Linux like SELinux ensure that the security of the containers is guaranteed. Further measures such as ‘security context constraints’ (SCC) and the prevention of root containers ensure further security.
• Builds and pipelines: directly in the cluster integrated build and pipeline capabilities enable a fully integrated CI / CD workflow.
• Web console: all operations on the cluster are visually displayed to the user of the platform in a web console and allow an easy and quick access to the use of Kubernetes.
• SDN: the included software defined networking provides connectivity between the pods running on the platform and for an adequate network security with network policies.
• Container registry: Docker / container images are stored in the bundled registry and used for deployment onto the worker nodes.

All these built-in functionalities can be added to any Kubernetes cluster, but only with a lot of effort. Comparable to building your own Linux distribution, as for example  Linux From Scratch demonstrates. Kubernetes has a similar guide called Kubernetes The Hard Way.

OpenShift as PaaS

The strength of Kubernetes lies in the container orchestration. In addition, OpenShift offers classic Platform-as-a-Service (PaaS) functionalities. One of these is the automatic building and deployment of application code directly from a Git repository. Nevertheless, as a user of the platform and thanks to its great flexibility, you always have the choice of whether you want to use the integrated build functions, or rather build outside the cluster. This can be chosen for each deployment, so both types can be used on one cluster.

OpenShift as upstream to Kubernetes

Many developments in Kubernetes originally came from OpenShift. The best example is RBAC (role based access control). This feature has been part of OpenShift since the first release and has been gradually integrated into Kubernetes. RBAC has been an integral part of Kubernetes since Kubernetes version 1.6. The OpenShift ‘Route’ or the ‘DeploymentConfiguration’ object also played a key role in the current objects ‘Ingress’ and ‘Deployment’ in Kubernetes.
Since OpenShift is 100% based on Kubernetes, all Kubernetes native workloads are also supported, such as the ‘Deployment’ or the ‘Ingress’ object.
If you look more closely at the contributor statistics, you’ll find that Red Hat is one of the top 3 contributor companies, so Red Hat is crucial in the development of Kubernetes. With the purchase of the company CoreOS, Red Hat has acquired formidable Kubernetes know-how. The merger of OpenShift and Tectonic will be the next milestone of the Kubernetes distribution OpenShift.

Alternatives to OpenShift

OpenShift is not the only Kubernetes distribution on the market. A quick comparison shows the differences:

• Cloud vendor Kubernetes: the big clouds offer their own Kubernetes distributions as a service. These are tailored to the respective cloud and are maintained by the providers. Installation on your own private cloud or on other public clouds is not possible.
  • Amazon Elastic Container Service for Kubernetes (Amazon EKS)
  • Google Kubernetes Engine
  • Azure Kubernetes Service (AKS)
  • IBM Cloud Kubernetes Service
  • Alibaba Cloud Container Service for Kubernetes
• Rancher: since version 2.0, Rancher focuses 100% on Kubernetes and offers a multi-cluster management function as a major strength. With Rancher, Kubernetes clusters in the cloud (for example, on Amazon or Google) can be managed centrally, as well as Kubernetes clusters with the ‘Rancher Kubernetes Engine’ on your own VMs. With the web interface, setting up a new cluster is very easy and application deployments using Helm are also directly available.
• Tectonic: this distribution lies great importance on cloud-native automation. Through Red Hat’s acquisition of CoreOS, Tectonic will be merged with OpenShift and many of its features will inserted into OpenShift.
• Canonical / Ubuntu Kubernetes: platform based on Ubuntu, which uses Juju as installation tool. In partnership with Google and Rancher, a hybrid cloud solution will be offered in the future.
• SUSE CaaS platform: a very new platform based on SUSE MicroOS. Salt is used to ensure configuration management. Under the following link you can participate in the beta program: SUSE CaaS Platform Beta.

Further Kubernetes distributions include:

• Kontena Pharos
• Cisco Container Platform
• And even more from the Kubernetes documentation: Picking the Right Solution

One very important aspect to consider is the cloud and / or vendor lock-in. Many of the Kubernetes distributions have their own characteristics, which may not be compatible with each other. Using the example of ‘cloud vendor’ distributions: these can only be used in the corresponding cloud. However, if you want to pursue a hybrid cloud approach, this is not possible due to the lock-in. In contrary, a self-installable distribution like OpenShift makes this option possible.
Pure open source distributions without manufacturer support are not recommended for productive environments, as this is of great advantage for a complex platform like Kubernetes.

APPUiO – Swiss Container Platform

The attentive reader may have noticed that there are some discrepancies between the ‘minimum viable Kubernetes distribution’ and OpenShift. This is exactly where APPUiO comes in: we refine OpenShift into a comprehensive, production-ready Kubernetes distribution by offering managed services. We automatically monitor and secure the cluster status, take care of regular updates, fix bugs, provide persistent storage and help with our know-how to make the most out of the platform.

More information about Kubernetes and OpenShift

At the Cloud Native Meetup on August 28, 2018 in Zurich, we also talked about Kubernetes distributions: you can find the slides on Speaker Deck. You can also find more about OpenShift, Docker and Kubernetes here. Another recommendable blog post on this topic by Tomasz Cholewa: 10 most important differences between OpenShift and Kubernetes (English, technical).

How can we help?

Through our experience in operating OpenShift clusters around the world, we offer managed OpenShift clusters on almost any public, private or on-premise cloud. Or are you interested in another Kubernetes distribution than OpenShift? We gladly help you with the evaluation, integration and operation and support with our many years of Kubernetes experience.
Contact us, follow us on Twitter or take a look on our services.
We are looking forward to your feedback!