Kubernetes and containers have made software applications more portable, scalable and helped improve resource utilisation. For DevOps however Kubernetes has a much broader appeal: the ability to configure, manage and operate containerised microservices at scale. Kubernetes allows them to bake in a degree of automation into the creation, deployment, scaling and configuration of these applications that significantly reduces the management overhead and the probability of mistakes happening.
There is one caveat to all this however: It doesn’t work so well for stateful applications. Deploying, scaling, operating and configuring stateful applications and building in automation requires a lot more input from DevOps in the shape of application specific domain knowledge.
Enter Kubernetes operators. Operators are built for specific applications that make it easier to create, configure and manage those applications on Kubernetes. Most operators also extend across the entire application lifecycle making it easier to perform operational tasks like scaling, upgrading, backup and recovery of complex stateful applications. Since they use and extend the Kubernetes API, they are tightly integrated in the Kubernetes framework.
Here is a list of some of the most common functions that Kubernetes operators perform:
Operators leverage the extensibility and modularity of Kubernetes to help automate administrative and operational tasks involved in creating, configuring and managing Kubernetes applications.
Operators build on the concepts of custom Kubernetes controllers and custom resources combining the two to allow DevOps to incorporate operational knowledge into how applications are managed on Kubernetes. They act on custom resource definitions to ensure the actual state of the cluster matches that defined in the CRDs.
The prometheus operator from CoreOs is a great example. It is deployed as a custom Kubernetes controller that watches the Kubernetes API for four custom resource definitions: Prometheus, ServiceMonitor, PrometheusRule and AlertManager. Once deployed the Prometheus operator installs and configures a full Prometheus stack. that includes Prometheus servers, Alertmanager, Grafana, Host node_exporter and kube-state-metrics. DevOps can then easily scale the number of individual replicas of each component, make configuration changes, update alerting rules or automatically monitor new services.
Now that we have covered the concept of Kubernetes operators let’s outline some useful operators that every DevOps should know about.
The RBAC Manager is a Kubernetes operator from Fairwinds that aims to make RBAC on Kubernetes easier to setup, configure and manage. Kubernetes authorisation is often tedious and repetitive, requires lots of manual configuration and is hard to scale. RBAC manager significantly reduces the configuration involved in managing RBAC and creating, deleting or updating role bindings, cluster role bindings and service accounts. It serves as a single source of truth for understanding RBAC state by summarising role bindings across multiple namespaces in a single RBAC Definitions file.
The MongoDB operator helps DevOps standardize the process of creating MongoDB clusters at scale and makes it repeatable. The operator can be configured to take over typical administrative tasks involved in spinning up and managing MongoDB clusters including provisioning storage and compute, configuring network connections and setting up users. The Kubernetes operator also integrates with other MongoDB management tools like MongoDB Ops Manager and MongoDB Cloud Manager to provide backup, monitoring and performance optimisation.
The HPA operator from Banzai cloud is another useful operator that makes it easier to add pod autoscaling features to Helm charts. It watches for Kubernetes deployments or StatefulSets and automatically creates, deletes or updates Horizontal Pod Autoscalers (HPAs) based on annotations defined in the config. HPA’s Github page provides Kafka as an example. The Helm chart for Kafka does not define any HPAs for the cluster which means that deploying it will not bring up any HPAs as part of the Kafka deployment. To ensure HPAs are deployed as part of the Helm chart, DevOps can add annotations for min and maxReplicas. Once added the HPA operator will spin up the desired number of HPA replicas based on the annotations. The HPA operator also takes Prometheus based custom metrics exposed by Kube Metrics Adapter.
Cert-manager from Jetstack is a Kubernetes operator that aims to automate the management and issuance of TLS certificates. DevOps can use this operator to automate recurring tasks like ensuring certificates are valid and up to date and renewal. Once deployed Cert-manager runs as a Kubernetes deployment. DevOps can configure a list of certificates and certificate issuers as Kubernetes CRDs. Once configured certificates can be requested on the fly by referring to one of the configured issuers.
The ArgoCD operator manages the complete life cycle for ArgoCD and its components. ArgoCD is one of the highest rated continuous delivery tools in the CNCF landscape and is specifically targeted towards Kubernetes. The operator makes it easy to configure and install ArgoCD, as well as making it easier to upgrade, backup, restore and scale ArgoCD components. The operator does this by watching for three Kubernetes CRDs including ArgoCD, which defines the desired state for an ArgoCD cluster and ArgoCDExport which defines the desired state for export and recovery of ArgoCD components.
Ready for Production? Download our Kubernetes Production readiness and best practices checklist before taking the plunge!
Fan of all things cloud, containers and micro-services!
Part three of our Kubernetes and Cloud native application checklist dives into cloud native networking tools. We also compare them based on the type of network encapsulation used, degree of support for network policy, encryption, service discovery and load balancing.
March 5, 2020
4 min read
Part Two of our Kubernetes and Cloud native application checklist outlines CICD tools that CIOs, CTOs and DevOps teams leads can use to accelerate the build, test and deploy workflow for cloud native containerised applications.
January 27, 2020
4 min read