Governed by the Cloud Native Computing Foundation, Kubernetes is an open-source project that is defined as a portable, extensible, open-source platform for managing containerised workloads and services, which facilitates both declarative configuration and automation.
MTI partner, VMware contributes heavily to the open-source Kubernetes software base and is deeply involved in Kubernetes communities and governance.
Containers first started on Linux in 2008, they provide a lightweight and portable way to distribute and run applications across operating systems and clouds. Containers differ from virtual machines, and by being lightweight they don’t have the same well-defined boundaries in terms of security and performance that virtual machines have. This brings both challenges and advantages.
Containers can be incredibly useful for developing applications. Kubernetes was created to help manage many of the challenges around deploying those applications by helping automate and orchestrate deployments and availability.
Kubernetes is API-driven, which lends itself well to automation. Kubernetes is attractive to application developers looking to implement modern development practices, with short or continuous development cycles, well-defined APIs and clearly separated and defined services.
vSphere and Virtual Infrastructure administrators often find themselves positioned between developers seeking to implement modern application development practices and those who focus on more traditional IT infrastructure and governance rooted in decades of practice.
Many of the challenges around Kubernetes for IT admins are around security, but understanding the potential risks can help them avoid them. Let’s take a look at some of the most common challenges for IT admins when first adopting Kubernetes.
Images and image registries can pose a security threat
Ensuring that container images are built using secure images from your approved base images and from image registries on your allow list will help reduce this threat. Developing strong governance policies around how images are built and stored in trusted image registries will further safeguard against any issues arising.
Containers and Kubernetes can pose compliance challenges
Admins must adapt their strategies to ensure their Kubernetes environments meet the controls that were originally written for traditional application architectures. The dynamic nature of containerised applications means monitoring for compliance and audits must be fully automated to achieve compliance at scale and overcome any challenges.
Kubernetes default configuration options may be the least secure
Kubernetes offers a set of controls that can be used to secure clusters and their applications. For example, Kubernetes network policies control how pods communicate with each other and other endpoints. You can set the policy for each pod to define which assets it can communicate with, but this is not done by default. So admins must make sure they select the correct config to avoid creating a vulnerability.
What is vSphere with Kubernetes?
MTI partner, VMware adds Kubernetes capabilities to vSphere in ways that respect the traditional experiences of both developers and vSphere Admins to achieve a unified approach to infrastructure that is suited for hosting both traditional workloads and modern, cloud-native applications.
VMware delivers a simple Kubernetes implementation so that customers can run existing enterprise applications alongside containerised applications while maintaining application portability. vSphere with Tanzu helps customers modernise the 70M+ workloads running on vSphere and is the fastest way to get started with Kubernetes workloads on developer-ready infrastructure.
Designed into vSphere with Kubernetes from the ground up, NSX acts as a default pod networking and network security solution. It provides a rich set of networking capabilities including distributed switching and routing, fire-walling and load balancing.
Contact us today to learn how we can assist you in modernising your infrastructure and unlocking the full potential of vSphere with Kubernetes.