avatarYitaek Hwang

Free AI web copilot to create summaries, insights and extended knowledge, download it at here

4177

Abstract

clusters. In this post, we’ll look at some popular hosted solutions as well as open-source projects to manage multiple Kubernetes clusters.</p><h1 id="a11b">Rancher</h1><figure id="c27a"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/0*Yrqv8qbvmF1e_DmB.png"><figcaption>Image Credit: <a href="https://rancher.com/products/rancher/multi-cluster-management/">Rancher</a></figcaption></figure><p id="23c5">Before Google announced <a href="https://cloud.google.com/anthos/docs/concepts/overview">Anthos</a> and AWS introduced <a href="https://aws.amazon.com/eks/eks-anywhere/">EKS Anywhere</a>, Rancher was one of the few enterprise-ready options along with OpenShift and Cloud Foundry to support running Kubernetes on hybrid and multi-cloud infrastructures. Rancher provides a single control plane to create or add existing Kubernetes clusters.</p><p id="5c7a">Multi-cluster apps have been supported since <a href="https://rancher.com/docs/rancher/v2.x/en/deploy-across-clusters/multi-cluster-apps/">Rancher v2.2.0</a>, and a newer project called <a href="https://rancher.com/docs/rancher/v2.x/en/deploy-across-clusters/fleet/">Fleet</a> (multi-cluster app deployment based on GitOps principles) is now available as of Rancher v2.5. Applications distributed across multiple clusters can also benefit from Rancher’s Global DNS to configure load balancing across apps without having to use an external solution like Cloudflare.</p><figure id="bc7a"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/0*2L0SYkDGXLAg45ag.png"><figcaption>Image Credit: <a href="https://rancher.com/docs/rancher/v2.x/en/deploy-across-clusters/fleet/">Rancher</a></figcaption></figure><p id="5f2c">All of Rancher Lab’s projects, including Rancher, RKE, Longhorn, and K3s, are open-source, but they also provide a hosted version if you need a SaaS solution.</p><h1 id="5129">Google Anthos</h1><p id="7de7">When Thomas Kurian took over Google Cloud, he carried over a vision for a multi-cloud strategy from Oracle, which I detailed in “<a href="https://readmedium.com/why-bigquery-omni-is-a-big-deal-e7e696b4cd60">Why BigQuery Omni is a Big Deal</a>.” Google Anthos, a Kubernetes-based, open platform to extend GKE to hybrid and multi-cloud environments, fits this strategy perfectly. It’s no secret that Google is a leader in Kubernetes, and for existing GKE users and new organizations looking to adopt Kubernetes, Anthos is an enticing option.</p><figure id="c890"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/0*jx_1uvt-F4-_-y45.png"><figcaption>Image Credit: <a href="https://cloud.google.com/anthos/multicluster-management/environs">Google Cloud</a></figcaption></figure><p id="4336">Anthos organizes clusters into environs, a logical grouping of clusters and resources (e.g. workload identities, namespaces, services) that can be managed together. Another powerful feature of Anthos is Anthos Config Management, which is comprised of the following components:</p><ul><li><a href="https://cloud.google.com/kubernetes-engine/docs/add-on/config-sync/overview"><b>Config Sync</b></a>: follows the GitOps model to continuously sync configuration across multiple clusters (e.g. namespaces, cluster roles, security policies)</li><li><a href="https://cloud.google.com/anthos-config-management/docs/concepts/policy-controller"><b>Policy Controller</b></a>: based on the <a href="https://github.com/open-policy-agent/gatekeeper">Open Policy Agent Gatekeeper project</a> to enforce policies (e.g. non-compliant API requests)</li><li><a href="https://cloud.google.com/binary-authorization/docs/overview"><b>Binary Authorization</b></a>: requires that images running in the cluster are signed by trusted authorities</li><li><a href="https://cloud.google.com/anthos-config-management/docs/overview#hierarchy-controller"><b>Hierarchy Controller</b></a>: based on the <a href="https://github.com/kubernetes-sigs/multi-tenancy/tree/master/incubator/hnc">Hierarchical Namespace Controller project</a> to create namespaces that share a common parent namespace for inheritance or delegation of control</li></ul><h1 id="a1d6">Microsoft Azure Arc</h1><figure id="b2d9"><i

Options

mg src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/0*FuPvA9_Pm0IfJCUB.jpg"><figcaption>Image Credit: <a href="https://www.c-sharpcorner.com/article/what-is-azure-arc/">C# Corner</a></figcaption></figure><p id="6d55">For Microsoft Azure users, <a href="https://azure.microsoft.com/en-us/services/azure-arc/">Azure Arc</a> provides similar capabilities as Google Anthos. <a href="https://azure.microsoft.com/en-us/services/azure-lighthouse/">Azure Lighthouse</a> is used to control RBAC across all Kubernetes clusters, along with <a href="https://azure.microsoft.com/en-us/services/azure-policy/">Azure Policy</a> to enforce and evaluate policy violations in realtime. Azure Arc also natively supports some Azure data services such as Azure SQL Managed Instance and Azure PostgresSQL Hyperscale.</p><h1 id="6eba">Volterra</h1><p id="25c7">A few weeks ago, <a href="https://techcrunch.com/2021/01/07/f5-snags-volterra-multi-cloud-management-startup-for-500m/">F5 announced their acquisition of Volterra</a>, a multi/hybrid-cloud management startup that emerged in 2019 with investments from Khosla Ventures, Mayfield, M12 (Microsoft), and Samsung Ventures. In “<a href="https://readmedium.com/control-plane-for-distributed-kubernetes-paas-e20a82acd6d3">Control Plane for Distributed Kubernetes PaaS</a>,” Volterra CEO, Ankur Singla, described the motivation for founding Volterra:</p><ul><li>No robust Kubernetes distribution or PaaS (e.g. OpenShift, Cloud Foundry) existed that provided a comprehensive set of security and operational services for distributed clusters such as RBAC/user-management, secrets/key management, and multi-cluster service mesh.</li><li>Anthos, Azure Arc, and Rancher focused on packaging and deploying multiple services to distributed clusters and less on the operational and multi-tenancy requirements.</li></ul><p id="5393">Since 2019, other competitors have added some features to addresses these concerns, but at the time, Volterra’s suite of SaaS products provided a unique solution to deploy, connect, secure, and operate apps across multiple cloud and edge platforms:</p><ul><li><b>VoltConsole</b>: portal to centrally manage apps running on VoltMesh and VoltStack</li><li><b>VoltStack</b>: distributed Kubernetes platform to deploy, secure, and operate apps running across clouds and the edge</li><li><b>VoltMesh</b>: high-performance networking layer to connect apps running on different clouds and the edge</li><li><b>Volterra Global Network</b>: app-to-app network for extreme performance</li></ul><figure id="a6f1"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/0*9QbpkAL2Tl0UDilW.png"><figcaption>Image Credit: <a href="https://readmedium.com/control-plane-for-distributed-kubernetes-paas-e20a82acd6d3">Volterra Blog</a></figcaption></figure><h1 id="4af6">Other Solutions</h1><ul><li><a href="https://rafay.co/">Rafay Managed Kubernetes Platform</a>: a solution from Rafay (notable customer: <a href="https://rafay.co/the-kubernetes-current/verizon-partners-with-rafay-systems-to-power-cutting-edge-application-kubernetes-platform/">Verizon</a>)</li><li><a href="https://tanzu.vmware.com/mission-control">VMWare Tanzu Mission Control</a>: central management solution from VMWare</li><li><a href="http://ibm.com/cloud/garage/dte/tutorial/multi-cluster-management/">IBM Cloud Pak</a>: multicluster management solution from IBM</li><li><a href="https://admiralty.io/">Admirality</a>: open-source or cloud-hosted/enterprise version available</li><li><a href="http://gopaddle.io">Gopaddle</a>: application-centric platform to with centralized cluster management support</li></ul><h1 id="18a1">Open Source Projects</h1><ul><li><a href="https://github.com/kubernetes-sigs/kubefed">kubefed</a>: official Kubernetes SIG project in alpha</li><li><a href="https://gardener.cloud/">gardener</a>: multi-cloud/cluster project with strong support from SAP</li><li><a href="https://github.com/Mirantis/kqueen">KQueen</a>: an old project from Mirantis seems to be no longer maintained</li></ul><p id="8538">If I missed any other solutions in the market, please leave a comment, and I will update accordingly.</p></article></body>

Multi-cluster Kubernetes Management Solutions

An overview of popular SaaS solutions including Rancher, Google Anthos, Azure Arc, and Volterra as well as open-source alternatives.

Photo by Alina Grubnyak on Unsplash

As more organizations migrate their infrastructure to Kubernetes, the question is no longer just “How do I manage all of my applications on a single Kubernetes cluster?” Now more cluster administrators are grappling with how to manage multi-clusters within their organization. While Kubernetes supports namespaces for soft-isolation and virtual clusters for hard multi-tenancy within a single cluster, running multiple clusters may sometimes be required.

The most common reasons for running multiple clusters include:

  • Strict isolation: this may be driven by compliance (e.g. separating dev/qa/staging cluster with production) or by customer need (e.g. running a dedicated service based on customer request)
  • Multi-region: the application may need to run in multiple regions for availability, failover, latency, or locality (e.g. data protection laws) reasons
  • Multi-cloud: similarly, the application may need to run on multiple clouds for availability/disaster recovery protocol or to avoid vendor lock-in
  • Scale: on rare occasions, the service may hit the limits of the Kubernetes in terms of scale (e.g. 150k pods in a cluster for GKE)

To a certain degree, managing multiple clusters can be achieved with a good CI/CD pipeline. For example, in Kubernetes CI/CD with CircleCI and ArgoCD, I introduced leveraging apps of apps pattern to bootstrap a single cluster. That can be extended to pipelines deploying to different clusters to simplify the workflow. Some examples are linked below:

However, a true multi-cluster management solution requires more than application deployment. There are security considerations (e.g. RBAC, multi-cluster logging), config/secret management, as well as feature parity across different Kubernetes clusters. In this post, we’ll look at some popular hosted solutions as well as open-source projects to manage multiple Kubernetes clusters.

Rancher

Image Credit: Rancher

Before Google announced Anthos and AWS introduced EKS Anywhere, Rancher was one of the few enterprise-ready options along with OpenShift and Cloud Foundry to support running Kubernetes on hybrid and multi-cloud infrastructures. Rancher provides a single control plane to create or add existing Kubernetes clusters.

Multi-cluster apps have been supported since Rancher v2.2.0, and a newer project called Fleet (multi-cluster app deployment based on GitOps principles) is now available as of Rancher v2.5. Applications distributed across multiple clusters can also benefit from Rancher’s Global DNS to configure load balancing across apps without having to use an external solution like Cloudflare.

Image Credit: Rancher

All of Rancher Lab’s projects, including Rancher, RKE, Longhorn, and K3s, are open-source, but they also provide a hosted version if you need a SaaS solution.

Google Anthos

When Thomas Kurian took over Google Cloud, he carried over a vision for a multi-cloud strategy from Oracle, which I detailed in “Why BigQuery Omni is a Big Deal.” Google Anthos, a Kubernetes-based, open platform to extend GKE to hybrid and multi-cloud environments, fits this strategy perfectly. It’s no secret that Google is a leader in Kubernetes, and for existing GKE users and new organizations looking to adopt Kubernetes, Anthos is an enticing option.

Image Credit: Google Cloud

Anthos organizes clusters into environs, a logical grouping of clusters and resources (e.g. workload identities, namespaces, services) that can be managed together. Another powerful feature of Anthos is Anthos Config Management, which is comprised of the following components:

Microsoft Azure Arc

Image Credit: C# Corner

For Microsoft Azure users, Azure Arc provides similar capabilities as Google Anthos. Azure Lighthouse is used to control RBAC across all Kubernetes clusters, along with Azure Policy to enforce and evaluate policy violations in realtime. Azure Arc also natively supports some Azure data services such as Azure SQL Managed Instance and Azure PostgresSQL Hyperscale.

Volterra

A few weeks ago, F5 announced their acquisition of Volterra, a multi/hybrid-cloud management startup that emerged in 2019 with investments from Khosla Ventures, Mayfield, M12 (Microsoft), and Samsung Ventures. In “Control Plane for Distributed Kubernetes PaaS,” Volterra CEO, Ankur Singla, described the motivation for founding Volterra:

  • No robust Kubernetes distribution or PaaS (e.g. OpenShift, Cloud Foundry) existed that provided a comprehensive set of security and operational services for distributed clusters such as RBAC/user-management, secrets/key management, and multi-cluster service mesh.
  • Anthos, Azure Arc, and Rancher focused on packaging and deploying multiple services to distributed clusters and less on the operational and multi-tenancy requirements.

Since 2019, other competitors have added some features to addresses these concerns, but at the time, Volterra’s suite of SaaS products provided a unique solution to deploy, connect, secure, and operate apps across multiple cloud and edge platforms:

  • VoltConsole: portal to centrally manage apps running on VoltMesh and VoltStack
  • VoltStack: distributed Kubernetes platform to deploy, secure, and operate apps running across clouds and the edge
  • VoltMesh: high-performance networking layer to connect apps running on different clouds and the edge
  • Volterra Global Network: app-to-app network for extreme performance
Image Credit: Volterra Blog

Other Solutions

Open Source Projects

  • kubefed: official Kubernetes SIG project in alpha
  • gardener: multi-cloud/cluster project with strong support from SAP
  • KQueen: an old project from Mirantis seems to be no longer maintained

If I missed any other solutions in the market, please leave a comment, and I will update accordingly.

Kubernetes
DevOps
Programming
Pineapple2021
Recommended from ReadMedium