Fotolia

Tip

Build consistent, resilient microservices with Kubernetes

A microservices architecture brings many changes to an enterprise IT stack. Kubernetes can help organizations manage, orchestrate and secure container-based microservices.

Successful microservices architectures require a compatible infrastructure stack, and more organizations are turning to containers to help meet this need. However, containers alone are not enough. More organizations are running microservices with Kubernetes to help manage and orchestrate the complex storage and networking challenges containers present.

Kubernetes organizes containers into groups of Pods. This organizational structure brings consistency to how you manage your container stack by allowing you to manage Pods rather than individual containers. Each Pod acts like a virtual machine to which you can allocate tasks. Kubernetes dynamically assigns Pods to services as nodes are added and removed. Each Pod has a replica that serves as a backup, allowing Kubernetes to provide high availability (HA).

Microservices with Kubernetes give you more control and simplicity when managing your stack, but the way you handle aspects like storage, networking and security for these Pods is fundamentally different from a traditional infrastructure.

Persistent data storage

With the large quantities of data and numerous types of databases in use in applications today, storage is a key factor that influences performance. As Kubernetes dynamically starts and stops containers or restarts failed containers, the storage volumes attached to them are lost. To store persistent data beyond the individual container's life, Kubernetes employs a feature called PersistentVolumes. Public cloud providers, like AWS, offer multiple options for persistent storage volumes, such as Amazon's Elastic File System, Elastic Block Store or Simple Storage Service.

Kubernetes supports robust storage management tools, like Portworx and Ceph, which let you handle storage challenges separate from the rest of your stack. It brings powerful capabilities, like combining multiple public clouds for storage, dynamically scaling storage volumes based on need and ensuring HA for your data.

Networking in multiple layers

With the increasing complexity of a container stack, container networking is taking center stage in conversations about microservices today. Kubernetes has strong foundations for container networking. It provides an IP address to each Pod and doesn't require you to manage IP sharing tactics, like port mapping.

One of the primary challenges to container networking is communication among the various components of the stack. Containers must communicate with other containers, and Pods must communicate with other Pods.

Kubernetes' solution to these challenges is to offload the management of network communication to external networking tools. It enforces a common networking protocol called Container Networking Interface and lets networking tools act as plug-ins. Today, many organizations use a suite of networking tools to address different container networking aspects.

Flannel provides an overlay network that acts as an abstracted networking layer above the host network. It uses a flanneld agent on every node and routes communication among these agents. Weave is a similar tool that uses a micro domain name system on every host to create a virtual network on top of the host network. Calico allows administrators to create network security policies. It dynamically adapts to Pod or service changes to apply security policies to resources as they are created or replaced.

Pod and data security

Running containers in the cloud requires a different approach to security as well. Securing Pods and the data in your system involves a range of tactics. It begins with defining the right security context for each Pod. This security information is stored in a YAML file, provides details on what resources a Pod can use and defines its access to the host.

Further, Kubernetes' secrets feature ensures that all sensitive information -- such as passwords, OAuth tokens and Secure Shell keys -- are encrypted and made available to each Pod only when they are required for a particular task. The secrets feature uses the principle of least privilege to ensure the sensitive data isn't inadvertently shared externally or with a user or application that doesn't need access to it.

Microservices with Kubernetes bring change to the application stack. Resources are distributed, scalable, dynamic and multilayered. To operate a microservices system, it takes the power and control that containers offer. Kubernetes can help organizations manage these containers. It has strong defaults and a robust architecture suited to a microservices system. As you look to modernize your application stack, microservices with Kubernetes are the way to go. But simply plugging in Kubernetes won't do, organizations must also rethink established processes and learn ones that better fit a modern containerized application.

Next Steps

How to auto scale Kubernetes pods for microservices

Dig Deeper on Enterprise architecture management