dev-resources.site
for different kinds of informations.
Introduction to the Kubernetes ecosystem
Thanks to my technical agency, SFEIR, I had the chance to go to KubeCon 2024 to see the latest news regarding Kubernetes.
At this conference, a multitude of different products from across the Kubernetes world are represented, so much so that sometimes you don't really know where to turn. There are currently 750 members and 185 projects listed by the CNCF, of which 115 projects are still in the “sandbox” state.
This is therefore a good opportunity to recall some key products to implement on a Kubernetes cluster, while mentioning some interesting projects to follow.
Key projects to implement on a Kubernetes cluster
The first thing is of course to already master the concepts of Kubernetes (pods, namespaces, services, networking, security, autoscaling, storages, deployment patterns, cluster management, and so on).
Once this is done, you can use these projects to improve the operation of your cluster, to run your applications smoothly and professionally.
Network management
- Cilium : A networking, observability, and security platform based on eBPF. As a CNI, it provides a flat Layer 3 network, even across clusters. Cilium enforces network policies on L3-L7 using an identity based security model. Cilium implements distributed load balancing between pods and to external services by replacing kube-proxy. It also has advanced functionality like ingress and egress gateway, bandwidth management, service mesh, deep network and security observability through Hubble and Tetragon (Alternatives : Calico, Istio, LinkerD, Envoy)
API management
- Traefik : A modern HTTP reverse proxy and load balancer that makes deploying microservices easy. Traefik integrates with your existing infrastructure components and configures itself automatically and dynamically. it's also well integrated with Let's Encrypt (Alternatives : HAProxy, Kong, NGINX)
Observability
- Prometheus : A systems and service monitoring system. It collects metrics from configured targets at given intervals, evaluates rule expressions, displays the results, and can trigger alerts if some condition is observed to be true (Alternatives : Datadog, Splunk, Dynatrace, New Relic, InfluxDB, VictoriaMetrics)
- Grafana : A general purpose dashboard and graph composer. It's focused on providing rich ways to visualize time series metrics, mainly though graphs but supports other ways to visualize data through a pluggable panel architecture. It currently has rich support for for Graphite, InfluxDB and OpenTSDB, but supports other data sources via plugins (Alternatives : Datadog, Splunk, Dynatrace, Kibana)
- Fluentd : It collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. Fluentd helps you unify your logging infrastructure (Alternatives : Datadog, Splunk, Dynatrace, Logstash, collectd, Filebeat, Loki, Quickwit)
- Jaeger : A distributed tracing platform created by Uber Technologies and donated to the CNCF. It can be used to monitor microservices-based distributed systems through distributed context propagation, distributed transaction monitoring, root cause analysis, service dependency analysis, and performance/latency optimization (Alternatives : Datadog, Splunk, Dynatrace, Dapper, OpenZipkin, Grafana Tempo)
Deployement
- Helm : A tool that streamlines installing and managing Kubernetes applications. Think of it like apt/yum/homebrew for Kubernetes
- Flux CD : A tool that automatically ensures that the state of your Kubernetes cluster matches the configuration you’ve supplied in Git. It uses an operator in the cluster to trigger deployments inside Kubernetes, which means that you don’t need a separate continuous delivery tool (Alternative : Argo CD)
Secrets management
- External-Secrets Operator : A Kubernetes operator that integrates external secret management systems like AWS Secrets Manager, HashiCorp Vault, Google Secrets Manager, and many more. The operator reads information from external APIs and automatically injects the values into a Kubernetes Secret (Alternatives : Vault, SOPS, Sealed Secrets)
Security
- Kyverno : A policy engine designed for Kubernetes. With Kyverno, policies are managed as Kubernetes resources and no new language is required to write policies. This allows using familiar tools such as kubectl, git, and kustomize to manage policies. Kyverno policies can validate, mutate, and generate Kubernetes resources. The Kyverno CLI can be used to test policies and validate resources as part of a CI/CD pipeline (Alternatives : OPA, Kubewarden)
- Trivy Operator : A simple and comprehensive vulnerability scanner for containers and other artifacts. It detects vulnerabilities of OS packages (Alpine, Debian, CentOS, etc.) and application dependencies (pip, npm, yarn, composer, etc.) (Alternatives : Grype, Snyk, Clair, Anchore, Twistlock)
Some promising projects to follow
During my visit to KubeCon 2024, I spotted some promising projects highlighted, I share with you the list of these projects, in no particular order. They can be useful to further expand the possibilities of your cluster.
- Buildpacks : It transforms your application source code into images that can run on any cloud. It embrace modern container standards, such as the OCI image format. They take advantage of the latest capabilities of these standards, such as cross-repository blob mounting and image layer "rebasing" on Docker API v2 registries (Alternatives : Docker, Kaniko, Packer)
- Crossplane : It introduces workload and resource abstractions on-top of existing managed services that enables a high degree of workload portability across cloud providers. A single crossplane enables the provisioning and full-lifecycle management of services and infrastructure across a wide range of providers, offerings, vendors, regions, and clusters (Alternatives : Terraform, Pulumi)
- Backstage : It is an open platform for building developer portals. Powered by a centralized service catalog, it restores order to your microservices and infrastructure and enables your product teams to ship high-quality code quickly, without compromising autonomy. the tool is developed by the Spotify teams (Alternative : Port)
- Keda : A Kubernetes-based Event Driven Autoscaling component. It provides event driven scale for any container running in Kubernetes (Alternative : Knative)
- KubeVirt : It addresses the needs of development teams that have adopted or want to adopt Kubernetes but possess existing Virtual Machine-based workloads that cannot be easily containerized. More specifically, the technology provides a unified development platform where developers can build, modify, and deploy applications residing in both Application Containers as well as Virtual Machines in a common, shared environment (Alternatives : KVM, Proxmox)
- OpenCost : It gives teams visibility into current and historical Kubernetes spending and resource allocation. These models provide cost transparency in Kubernetes environments that support multiple applications, teams, departments, etc. (Alternative : Kubecost)
- K8sGPT : It is a tool for scanning your Kubernetes clusters, diagnosing and triaging issues in simple English. It has SRE experience codified into its analyzers and helps to pull out the most relevant information to enrich it with AI
- Kaito (Kubernetes AI Toolchain Operator) : An operator that automates the AI/ML inference model deployment in a Kubernetes cluster. The target models are popular large open-sourced inference models such as falcon and llama2
It is also interesting to meet the community : the TAGs (Tech Advisor Group) which provide strategic guidance and advice on technical issues, as well as the SIGs (Special Interest Group) which focuses on areas of interest or specific expertise within the Kubernetes community to drive development and innovation.
The TAGs are specialized by areas, for example on security or environmental sustainability.
To conclude
Here's a fairly comprehensive overview of the tools you can implement on a Kubernetes cluster, which provides a good basis for understanding the ecosystem.
You have at your disposal a suite of tools that you can install as standard on a Kubernetes cluster to manage common issues related to microservices (API management, monitoring, logging, secrets management, deployment, etc.), as well as emerging tools, which you can also study.
In the future it is not impossible that I will write dedicated articles on some of the tools that I presented to you.
Featured ones: