Kubernetes is one of the fastest growing technologies today. While Docker got the container revolution started, Kubernetes has really cornered the industry by being a management layer for containers, and importantly, being vendor agnostic. Governed by the CNCF, Kubernetes’ direction and development aren’t controlled by any one organization. Many vendors in the cloud computing industry have come together to ensure Kubernetes is the best solution for any organization looking to modernize their applications and infrastructure. Despite this momentum, it is still early days for Kubernetes. Every company that runs Kubernetes in production today is an early adopter. They don’t have all the answers, but they’ve seen enough to take the plunge. They bump into challenges daily and find new solutions on the fly. Kubernetes in the cloud is powerful, but it puts all this power in the hands of those managing it and requires them to own its performance at every stage. If you’re considering transitioning to Kubernetes in the cloud, or already run Kubernetes clusters in production, you would want to look at peer organizations that run Kubernetes today and glean learnings. That’s what we discuss here.
In May, the KubeCon + CloudNativeCon took place in Copenhagen. Here, many organizations shared their stories of working with Kubernetes in production. This a collection of the best of those stories. You can view the talks in full on YouTube as well.
The New York Times: Transitioning to the cloud
The New York Times needs no introduction as it’s one of the leading global news organizations. Known for breaking some of the biggest stories and influencing popular culture, The New York Times has had an interesting journey as it has looked to modernize its technology infrastructure — both frontend and backend.
Since the 1990s, The New York Times has maintained its own datacenters and they got quite comfortable with their way of managing and operating these datacenters. However, in 2010 they dipped their toes in a public cloud platform, and since then began to consider making a gradual move to the cloud. In 2016, they decided to start this transition and began to shut down their datacenters and migrate all their applications to the cloud.
To manage these applications in the cloud, they would need a robust management tool. They looked to Kubernetes to be this tool. Apart from this, they would need a host of supporting tools that performed various functions complementary to Kubernetes. Most of all, they realized they needed a culture shift if this transition is to be a success.
The leveraged a chain of tools like GitHub to drive GitOps right at the start of the pipeline. They had been big users of Jenkins but grew tired of the heavy management tax it brought. Instead, they went with the more minimalist CI solution Drone.io. They decided to leverage AWS as their cloud platform and saw an opportunity to automate operations on AWS. For this, they used Terraform, which lets you use templates to create, configure, and retire AWS resources. Finally, they realized they need a dedicated tool to handle secret information like passwords. For this, they turned to Vault to ensure developers don’t share secrets on Slack and other platforms that are visible to many users in the organization.
They set up a decentralized content delivery network (CDN), which enabled developers to have a self-service experience rather than rely on Ops for provisioning of resources every time. They even organized their work into projects and assigned a budget for each project. This budget was entered into a YAML file from where teams can get notified about budget spends right from within Slack. To improve developer focus, they aggressively shut down services that were no longer needed or which could be replaced by newer and more updated services. They leveraged Prometheus for monitoring and Istio for networking.
With such a range of new tools and processes, this was no small change — it was a complete overhaul of how The New York Times handled application delivery. Kubernetes in the cloud was at the center of it all, making it possible to manage containers that powered 300-plus applications in the cloud, but alongside it, there were a host of tools like Drone.io, Terraform, Vault, Prometheus, and Istio and made the entire operation not just possible but a big success. The New York Times went from having a slow rate of deployment during their datacenter era to having 12,000 builds in just four weeks. Looking ahead, they want to improve their test automation using Blazemeter and want to deepen their usage of the service mesh for networking. The New York Times is a great story of the transition from a legacy stack running on hardware servers to moving to the cloud, and making the most of this move using containers and Kubernetes in the cloud. It takes the right tools, approach, and culture. You can watch the full talk in the video below:
[tg_youtube video_id=”Tm4VfJtOHt8″]
Caicloud: Handling trillions of payments in China
Caicloud is a consulting company that specializes in cloud computing, specifically focusing on using Kubernetes and TensorFlow to transform how enterprises function. Working with one of the largest national banks in China, Caicloud was tasked with the job of modernizing how the bank handled payments. There have been smaller more nimble mobile wallet solutions that have cropped up and have become the de facto way to make payments in China. To respond to this, Caicloud’s banking client wanted to improve the functioning of its own wallet service called Union Pay.
The big challenge with this is that the bank’s backend infrastructure was very outdated. It was a brown-field setup dominated by VMs and managed by OpenStack. There were a few processes run by containers, but there was no management layer for these containers. Considering how outdated the technology was, everything was run manually with no automation anywhere.
To modernize this setup, the obvious way to go was Kubernetes because of how it enables operations in a cloud-native environment. While Kubernetes off-the-shelf provides some key foundational features like namespaces, services, and DNS, the bank, being a large enterprise has specific management needs like multi-cluster zones, multi-tenancy, multi-networking place, a sophisticated SDN and more. These are things that Caicloud would need to configure on top of vanilla Kubernetes.
Caicloud got to work and helped build a robust cloud management platform for their banking client that was powered by Kubernetes. They created a CI/CD pipeline and helped the client to implement code review, better plan for releases, handle branching of repositories, and even versioning. They set up comprehensive testing reports and made sure every solution adheres to the policies of the bank. Decisions were not always made based on technological considerations and sometimes these policies enforced their own restrictions. But Caicloud worked through these restraints.
They drove a shift from a monolithic structure to a microservices architecture that was powered by containers. This resulted in two different platforms — an IaaS one and a container platform. However, rather than letting these differences fragment the system, they created a unified management pane for all resources whether in the container platform or the IaaS platform. They set up single sign-on (SSO) so users can access resources specific to them. They also defined a hierarchy of roles like System Admin, Tenant Admin, and Group/team & User. Each role had different roles and responsibilities and this was critical in ensuring that the entire team functioned as a unit. They found integrated solutions for storage. They even leveraged TensorFlow on top of Kubernetes to help the team predict customer behavior.
All this would not have been possible if the bank stuck to its old brown-field infrastructure. However, they realized what’s at stake and decided to make changes no matter how drastic the changes were. They also looked to a capable partner in Caicloud to help make their transition smoother. This is a key learning — that even if you don’t have all the resources and know-how internally within your organization, you can hire a capable consultancy to handle the migration and setup for you, and get you up to speed with the new setup. This would involve a trustful relationship and clear expectations to be set right from the start, and it is also a great way to ensure you achieve your goals in the quickest time possible.
You can watch the full talk in the video below:
[tg_youtube video_id=”OS5DKWffn9s”]
From heavy hardware to Kubernetes in the cloud
The New York Times and Caicloud are great examples of organizations doing cutting-edge work with Kubernetes. Yet, their stories are much like the story of every organization today. Their journey is from legacy infrastructure that’s heavily hardware-centric to the cloud that’s powered by containers and Kubernetes. As you make this transition, look to organizations like The New York Times and Caicloud for inspiration. You’re not alone on your path to Kubernetes mastery.
