技术见解 / Kubernetes Management

What is Kubernetes management?

Open source Kubernetes

Kubernetes is an open source container orchestration system designed to automate the deployment, scaling, and management of containerized applications. Kubernetes achieves this by grouping containers that make up an application into logical units for easy management and discovery. Kubernetes builds upon 15 years of experience running production workloads at Google, combined with best-in-class ideas and practices from the community.




Managing Kubernetes environments

With the explosive growth of modern cloud computing, environments have quickly become highly distributed and depend on a high degree of container orchestration. This is where Kubernetes management comes into play.

Kubernetes management is an umbrella term that describes any strategy used by IT teams to manage a grouping of Kubernetes clusters, which is a set of nodes that run the containerized application. And note that any company that wishes to leverage a Kubernetes environment at scale requires a sound management strategy to manage multiple clusters and support the distributed applications across environments.

Kubernetes management strategies

There are a variety of strategies and services offered to achieve a sound Kubernetes management approach. VMware’s implementation is VMware Tanzu Kubernetes Grid, a Kubernetes footprint that you can run both on-premises in vSphere and in the public cloud on Amazon EC2 and Microsoft Azure. When you add VMware Tanzu Mission Control, you also get a centralized hub for simplified Kubernetes cluster management.

Deployment management

Deployment management is easily achievable with the Kubernetes Deployment Controller. Deployments, from the perspective of the Kubernetes definition, provide declarative updates for Pods and ReplicaSets.

Further, Kubernetes deployment procedures go on to note: “You describe a desired state in a deployment, and the Deployment Controller changes the actual state to the desired state at a controlled rate. You can define deployments to create new ReplicaSets, or to remove existing deployments and adopt all their resources with new deployments.”

Cluster management and administration

Tanzu Mission Control acts as a centralized management platform that delivers consistent operations for your Kubernetes infrastructure, independent of where those clusters reside. Whether your operations are in the public cloud, on-premises, or at the edge, Tanzu Mission Control can provision new Tanzu Kubernetes clusters or attach any existing Cloud Native Computing Foundation (CNCF)-conformant Kubernetes clusters for comprehensive control, management, and security.

Managing multiple clusters

The following stages walk through instantiating and managing clusters within Tanzu Mission Control. These steps can be repeated multiple times to achieve a sound management approach to managing multiple Kubernetes clusters.

Kubernetes cluster security

Setting up a Kubernetes environment is one thing; ensuring it’s protected is another. In the following section, we’ll investigate a few critical steps in ensuring your cluster is protected.

  • Leverage role-based access control (RBAC)
    RBAC defines user roles and associated access within the Kubernetes cluster environment. This administration approach allows organizations to authenticate and limit access to sensitive information, a critical step in keeping today’s digital environments protected.
  • Harden node security
    Configure the host appropriately so as to follow the security threshold unique to your organization. In doing so, this secure posture is validated against benchmarks tied to specific Kubernetes releases in parallel with your unique security tolerance. Reducing administrative access to Kubernetes nodes is another valuable strategy in limiting the attack surface area of any Kubernetes environment.
  • Use third-party authentication for the API server
    Integrate Kubernetes with a third-party authentication provider (e.g., GitHub) or leverage VMware’s authentication method via vSphere Plugin for kubectl and vCenter single sign-on credentials.
  • Limit access
    Keep in mind that Kubelets expose HTTPS endpoints that grant powerful control over the node and containers. It’s recommended to regulate HTTPS access via authentication and authorization.

Kubernetes node management

Kubernetes nodes are managed via a control plane that automatically deploys and manages nodes within a cluster. With VMware Tanzu Mission Control, there are several core values that organization gain regarding Kubernetes nodes management.

  • Centralized control
    Tanzu Mission Control provides centralized policy management that enables operators to properly control Kubernetes across clouds or edge sites.
  • Consistency
    Tanzu Mission Control offers DevOps consistent clusters, which lead to predictable deployments across environments with increased DevOps velocity.
  • Flexibility
    Tanzu Mission Control provides choices and self-service access to clusters with guardrails so developers can focus on building even better apps.

VMware Tanzu: Streamlining management

Kubernetes management is made easier with VMware Tanzu. Between leveraging Tanzu Kubernetes Grid and/or Tanzu Mission Control, users have access to a large ecosystem of services aimed at providing more resources and a streamlined Kubernetes experience.

Tanzu Kubernetes Grid provides organizations with a consistent, upstream-compatible, regional Kubernetes substrate that’s ready for end-user workloads and ecosystem integrations. Tanzu Kubernetes Grid is central to many of the offerings in the VMware Tanzu portfolio.

Tanzu Mission Control is a centralized management platform for consistently operating and securing your Kubernetes infrastructure across multiple teams and clouds. Available through VMware Cloud services, Tanzu Mission Control provides operators with a single control point that ensures consistent management and operations across environments for increased security and governance. This allows developers the independence and flexibility needed to increase their effectiveness.