The Container Story

The concept of isolating code has been around for decades. Isolation and separation of concerns is a fundamental approach to simplify the solution and minimize the risk of disruption when introducing changes.  However, only the more mature development teams actually held firm to these principles in practice.

containers

Containerization has encouraged a more streamlined approach that has driven isolation into the mainstream.   Specifically Docker has provided an effective platform to create, ship, and run containers with isolation by default.  We can easily create abstraction at the application layer and package code and dependencies together. These small and lightweight execution components share the operating system kernel but otherwise run in isolation from one another.

The key benefit of the sandbox concept is the ability to package an application and its dependencies into a standard, self-contained unit. Multiple containers can run on the same machine and share the OS kernel with other containers, while remaining isolated. Unlike virtual machines, containers do not have high overhead and thus consume less of the underlying system and resources.

docker
An open-source project called Docker was released in 2013 to deliver software packages via containers

It set the industry trend towards application containerization that has come to be known as cloud-native development.  The whale carrying a stack of containers symbolizes its core values: expedition, automation, encapsulation, and simplification

Comparing Virtual Machines to Containers

Virtual Machines Containers
Heavyweight Lightweight
Limited Performance Native performance
Each VM runs an operating System All containers share the OS
Hardware-level virtualization Operating system level virtualization
Startup time in minutes Startup time in seconds
Allocates required memory Requires less memory space


Their lightweight size is usually measured in megabytes and takes just seconds to start, versus gigabytes and minutes for virtual machines. Containers provide a highly efficient and granular technique for combining software components into the service stacks needed in a modern enterprise, as well as keeping those software pieces updated and maintained.

Docker has demonstrated that containerization can streamline the process of moving applications through development, testing, and production. However, once the app matures, there is a growing demand to run multiple containers across multiple computers.

  • Containers are environment agnostic meaning they can run without changes

  • Microservices architecture enables a single monolithic application to be structured into its component services

  • A container requires minimal resources to run thus increasing operating efficiency while reducing costs.


The intricate architecture dealing with scheduling, networking, and storage needs supporting containers demanded another set of tools. Without proper instruments, building and maintaining a series of microservices can be even more challenging than maintaining a single monolithic application. Some workloads require thousands of container instances running across multiple hosts. They require constant scheduling, monitoring, orchestrating, and scaling.

By design – containers are ephemeral – so the developers can quickly and easily perform testing and afterward recycle them back into the resource pool. In fact, one recent study had found that 74% of containers have a lifespan of less than an hour.

To address that challenge, various frameworks for organizing containers running in distributed computing environments have surfaced such as Kubernetes, Mesosphere DC/OS, Docker Swarm, and others. The Kubernetes platform has emerged as the most favored and operator-friendly solution. Since it was converted to an open-source in 2014, it has received exceptional support from the community, members, enterprises, and the rest of the industry, which resulted in the creation of an incredible ecosystem.

The Rise of Kubernetes

Kubernetes is based on Google’s internal cluster management system that scales its ecosystem of apps, Gmail, YouTube, Maps, and so on. While the technology was pioneered at Google, it is now maintained by the Cloud Native Computing Foundation (CNCF).

Google partnered with the Linux Foundation to form the CNCF and donated Kubernetes 1.0. The open-source community has nurtured and contributed to it to the extent of making it the undisputed go-to container management platform. Today, Kubernetes is a must-have and the only platform offered as a managed service by all of the top public cloud vendors (Google, Microsoft, Amazon, IBM, DigitalOcean, VMware, and so on). If and whenever needed, you can

routinely move containerized applications among public cloud vendors and private environments. Kubernetes breaks cloud barriers and may be a viable solution to the vendor-lock-in perplexity. Although Kubernetes is self-healing, the need for continuous monitoring of your cluster and application health is crucial. Some of the most prominent add-on tools are Prometheus and Grafana, which provide real-time monitoring.

Kubernetes Cluster

To understand better, let’s look at the Kubernetes’ components. At its core, etcd is Kubernetes’ system of record, a highly consistent database. The API Server is a frontend policy agent and the only component that talks to etcd. It handles gateway policies such as permissions, authentication, schema validation, and resource initialization.

No alt text provided for this image

Scheduler does the bin packing or which container is going to run on which machine (selects the nodes for new pods). Controller Manager does the background processes. Kubelet is the agent that is responsible for sets of pods that are allocated to its node. Each Controller continuously compares its configuration (ideal state) with the actual state of pods and clusters in the real world. They react to each other very quickly, making the system exceptionally responsive and self-healing. If a controller cannot fully achieve the desired state, it will keep trying until it finds a fix. Pods are the smallest deployable units in which at least one container is managed – a container image runs in a pod. A set of pods typically binds a container, its storage resources, IP address, and other components into an instance of an application that will run on Kubernetes. Groups of pods are co-located on a single machine called a node. Docker is usually the container runtime used in a pod. Nodes are grouped into clusters, which, in turn, are managed by a master node. As a Kubernetes administrator, you specify clusters by using a YAML file declaration.

No alt text provided for this image

As more services move to the cloud and containerization, organizations will be able to focus more on deploying their applications and less on managing virtual or bare-metal machines. Kubernetes is sprawling, sophisticated, and thus challenging to set up and configure. Most pods hold just one container though tightly-coupled processes will sometimes share a pod.

Businesses are struggling to understand the need and the role of containers in their DevOps strategy as well as to build teams that can develop and support these technologies. Not only that, but much of the heavy lifting is left to the end-user. The most optimal approach, therefore, is not to take the code and try to implement it solely, but to seek out a complete container solution that includes Kubernetes as a managed component.

Google Cloud relies on partners like Serverless Solutions to provide customers strategic guidance, onboarding, technical support, billing support, implementation services and advocacy inside of Google. Serverless Solutions provides professional cloud services that accelerate the time to value by leveraging cloud technologies such as Kubernetes to drive innovations that impact real business outcomes.

DevOps like containers not only because it makes their coding easier and more straightforward but also because it makes it more efficient. When they push new code out in containers and use tools like Kubernetes, they can avoid repeatable coding errors, like new updates breaking existing applications, bringing down entire environments, and having major outages. Meanwhile, the continued adoption of multi-provider strategies — hybrid and multi-cloud — will also continue, with Kubernetes being the go-to platform for container deployment across a variety of environments.

We have decided to deploy our Kubernetes cluster on Google Cloud Platform (GCP), using Google Kubernetes Engine (GKE), for several reasons. For a healthcare company, security is always one of the highest priorities. Google has multiple layers of native security mechanisms build-in such as Cloud IAM. There is also a dedicated cloud security scanner for container images, domains, URLs, outdated libraries, and other vulnerabilities. GKE offers automated updates, reliable service, and overall less friction. Switching cost from Amazon Web Services (AWS) to GCP was more than justified. Our team has built and automated a CI/CD pipeline around GKE and other support tools.

Mason Hensley, Chief Security Officer and a VP of Analytics, Houston-based healthcare company

Kubernetes on Google Cloud Platform

Kubernetes has two core parts: the control plane and the node components. With Google Kubernetes Engine (GKE), Google Cloud hosts the control plane, and the Kubernetes API server is the only control-plane component accessible to customers. GKE manages the node components in the customer’s project using instances in Compute Engine. With GKE On-Prem, all parts are hosted in the customer’s on-prem virtualization environment. With Kubernetes installed and running, you have access to a gold-standard orchestration layer that manages application deployment, configuration, upgrade, and scaling. Cloud-native technologies like Docker and Kubernetes form a larger attack surface, with more potential entry points for malicious software such as crypto mining and ransomware. Services running in your Kubernetes clusters are not entirely isolated and may have access to other areas in your cluster. When a company deploys a GKE cluster, it also acquires the benefits of advanced cluster management offering that Google Cloud Platform provides. Some of these services include vulnerabilities protection, GCP’s L4/L7 load-balancing for compute engine instances, automatic node scaling, software updates, auto-repair, and logging and monitoring with Stackdriver.

GKE is a proven enterprise-grade platform for containerized applications, including stateful and stateless, AI and ML, Linux and Windows, API, and backend services. Your enterprise can benefit from industry-first features like four-way auto-scaling and no-stress management. Other features include integrated developer tools, optimized GPU and TPU provisioning as well as multi-cluster support.

CI/CD with Kubernetes

For organizations using container orchestration technologies, product direction is defined by developing a microservices architecture. Kubernetes is a natural platform of choice for continuous integration and continuous deployment (CI and CD) pipelines. DevOps teams are required to build, deploy, and manage an infrastructure that is secure, resilient, and high performing. Delivering these elements is not achievable with a traditional siloed approach. Software developers can deploy code faster and also reduce the human error with its automation capabilities. Kubernetes’ zero-downtime deployment ability removes fears about maintenance windows, thus making schedule delays, outages, and downtime, a thing of the past. The ability to pack the code into containers ensures that apps have the necessary resources and libraries while also making them easy to replicate and scale. As part of a rolling update, Kubernetes will spin up new pods running an application while the old ones are still running. When the new pods are healthy, Kubernetes will dispose of the old ones. It’s an intelligent concept, and one less thing to worry about in your CI/CD workflow.

The Next Frontier: GitOps

GitOps is an operational procedure where all of the infrastructure and configuration live in a centralized repository, and every change is led by a commit and push of that repository. Hence, Git becomes the single source of truth for what is running in production/staging/development. Declarative systems, such as Kubernetes, can capture the current state and compare it to the desired state, at all times. It provides a set of best practices to wrap up deployment, management, and monitoring for containerized applications. Accordingly, DevOps are focused on writing and pushing configuration through Git instead of interacting with Kubernetes itself. The key benefit of GitOps is a centralized configuration that automates CI/CD workflows, makes it easy to revert changes, and also simplifies Kubernetes. Also, GitOps will enable engineers to apply updates to infrastructure continuously. The version control system guarantees everything is recorded, visible, and in sync. It also enables continuous experimentation, such as A/B testing.

Conclusion

With the rise of the Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) offerings, software and architecture options have shifted to meet new infrastructure paradigms. While Kubernetes is a powerful tool, it can be challenging to operate self-reliably. Your team can either install and maintain Kubernetes in-house or find the managed solution that best suits your company’s needs. Understanding the functionality and features is necessary to find the right implementation model and achieve the greatest benefits. Google Kubernetes Engine (GKE) offers all-in-one solutions to deploy, update, manage, and monitor your applications and is also available on-premises. In addition to operating the container apps, you can utilize other essential services such as auto-scaling, updates, managed databases, health monitoring, and run Kubernetes behind L4/L7 load balancers for better performance. By choosing the right cloud platform, tool-set, and methodology, your organization can achieve and exceed its business goals through more release cycles, less downtime, fewer outages, and continuous improvement. Kubernetes has made the application lifecycle much simpler and easier to manage. In other words, developers can focus on microservices without managing the deployment environment. Google Kubernetes Engine delivers Kubernetes-native CI/CD tooling to secure and speed up each stage of the build and deploy life cycle. This level of control means that developers can leverage the Kubernetes ecosystem to produce an effortless and automated CI/CD workflow, which translates to a faster time to market. Finally, Kubernetes increases the speed of your company’s software development cycles, contributing directly to the success of your business.

No alt text provided for this image

Developing a long-term Kubernetes strategy and executing it optimally is complicated. The benefits of the technology are enormous, but it is important to take an approach that minimizes and manages the complexities. While building a solution with internal resources may seem cheaper at first, your design will likely be flawed if you don’t have an architect with relevant experience.  Serverless Solutions is focused on the client’s entire cloud journey, from initiation, implementation, innovation to impact.

Sources:

  • 1 Gartner, Arun Chandrasekaran, “Evolution of Virtualization: VMs, Containers, Serverless — Which to Use When?” Published: 26 September 2019
  • 2 451 Research, Voice of the Enterprise: DevOps Q1 2019
  • Images: Pixabay
  • Web Resources:
  • https://kubernetes.io/
  • https://www.docker.com/resources/
  • https://cloud.google.com/kubernetes-engine/