Jan 10, 2019| Daniel Jones
PKS is Pivotal’s Kubernetes distribution that brings self-service Kubernetes-as-a-Service to the enterprise, be that on private or public cloud. By leveraging the BOSH deployment tool under the hood, PKS is able to solve many of the most common headaches for Kubernetes operators.
We’ve been experimenting with PKS (Pivotal
Kubernetes Container Service), standing it up on a variety of IaaSes, and keeping it up-to-date using Concourse pipelines - just as we do with Cloud Foundry.
PKS is an exciting prospect for enterprises who want to exploit Kubernetes whilst avoiding some of the headaches that it brings.
In November I was speaking at cloud conference in New York, and found the time to catch a talk entitled Six Kubernetes Pain Points. The common issues enumerated were:
Thankfully PKS addresses all of these points with the exception of managing data storage, which is really out-of-scope for a Kubernetes deployment tool and distribution.
Solution: PKS makes it easy to manage many clusters
Unlike Cloud Foundry, Kubernetes isn’t safely multi-tenant - and so best practice is currently to have one cluster per untrusted tenant. PKS brings the Kubernetes-as-a-Service experience that Amazon and Google offer to the enterprise. With a command line tool operators can spin up new Kubernetes clusters effortlessly.
Because all of these clusters are managed by PKS, keeping them upgraded and in sync is significantly easier than manually deployed clusters. Combine the PKS CLI with a Concourse pipeline, and you’ve got GitOps-driven, self-healing, auto-updating Kubernetes-as-a-service inside the enterprise.
Solution: PKS can deploy Kubernetes to local private cloud
Because spinning up new clusters is a breeze, there’s no reason not to have clusters for development teams. Because BOSH (hence also PKS) can deploy on internal infrastructure like vSphere, developers can access clusters on the local internal network without having to reach out to the nearest AWS/GCP/Azure datacentre, lowering latency and increasing responsiveness.
Solution: BOSH can rotate credentials and will resurrect nodes
BOSH is famous for its powerful capabilities around day-two operations. In fact, it’s part of the reason for its steep learning
curve cliff. With the power of BOSH tamed and hidden underneath the PKS tooling, you get the benefits of BOSH’s resurrector bringing back unhealthy VMs and managing processes on those VMs.
Let’s not forget the three R’s of security: rotate, repave, repair. With BOSH in play, we can rotate security credentials, recreate VMs regularly to limit the amount of time malware can lie in hiding, and apply updates and patches in a timely fashion - all of which help avoid vulnerabilties that go on for four years.
Solution: PKS automates deployments, so no snowflakes
Through the use of BOSH, you can deploy PKS clusters to different IaaSes and have their differences abstracted away. By automating deployments, Kubernetes nodes become cattle and not pets, and will all be uniformly provisioned.
Solution: Kubernetes masters are backed up
PKS 1.3 ships with built-in support for backup and restore of not only the PKS control plane, but also of the Kubernetes master nodes themselves - meaning all the etcd data are backed up. Once again, this comes courtesy of tooling that’s available for BOSH and has been battle-tested in production by some of the largest enterprises and governments over a period of years.
In subsequent versions PKS will support backup and restore for even more components: persistent volumes for your apps’ data, and also Harbor, the CNCF image registry.
Once federated Kubernetes is mature, tools like PKS will become even more powerful. Federated Kubernetes will allow users to only consider one single logical deployment platform, but will have their workloads spread across multiple Kubernetes instances. With PKS and its use of BOSH, those instances can be on different cloud providers, insulating operators from the risk of outage of any given IaaS, and even opening the possibility of scaling clusters in and out based on which IaaS is cheaper at a given moment in time.
Pivotal have been in the platform game for longer than Kubernetes has been in existence. They are now applying all they’ve learnt and all they’ve built to Kubernetes, making manual deployment of Kubes an absurd choice by comparison.