Kubernetes Operators—When, how and the gotchas to keep in mind

Kubernetes Operators—When, how and the gotchas to keep in mind

  • January 22, 2019
Table of Contents

Kubernetes Operators—When, how and the gotchas to keep in mind

Kubernetes Operators have now become mainstream. An Operator is essentially a Kubernetes Custom Controller managing one or more Custom Resources. The term Operator has become popular as it succinctly captures end result of what Custom Controller+Custom Resource combination is typically defined for, e.g.—declaratively managing a stateful software on Kubernetes (e.g.: databases, off-the-shelf web applications, ML workloads, etc.).

In technical terms, Custom Controller+Custom Resource combination is called ‘Custom Resource Definition’ (CRD). In the following post we use Operator and CRD interchangeably. Kubecon 2018 in Seattle had great customizing and extendibility track.

Presentations ranged from visionary, such as converting all Kubernetes constructs to CRDs, to examples of custom CRDs written for specific requirements, such as gaming server (Agones), workflow system (Airflow), Databases (Postgres Operator), proprietary SaaS products (Kolide), to Custom controllers without Custom Resources (Airbnb). Still, platform teams looking to build their own Operators face several questions regarding the overall approach, such as—which life-cycle actions of a software to automate using Operators? How to correctly model such actions using declarative primitives of a Custom Resource (the Custom Resource Spec)?

when to use Custom sub-resources? How to evaluate community Operators? Will different Custom Resources interoperate correctly?

As an example, here is a recent email from kubernetes-dev mailing list with such questions.

Source: medium.com

Share :
comments powered by Disqus

Related Posts

Rate Limiting at the Edge

Rate Limiting at the Edge

I’m sure many of you have heard of the “Death Star Security” model—the hardening of the perimeter, without much attention paid to the inner core—and while this is generally considered bad form in the current cloud native landscape, there is still many things that do need to be implemented at edge in order to provide both operational and business logic support. One of these things is rate limiting. Modern applications and APIs can experience a burst of traffic over a short time period, for both good and bad reasons, but this needs to be managed well if your business model relies upon the successful completion of requests by paying customers.

Read More
CVE-2018-18264 Privilege escalation through Kubernetes dashboard

CVE-2018-18264 Privilege escalation through Kubernetes dashboard

A recently disclosed vulnerability in Kubernetes dashboard (CVE-2018-18264) exposes secrets to unauthenticated users. In this blog post we’ll explore some key takeaways regarding monitoring privilege escalation on Kubernetes. The Kubernetes dashboard is a web based user interface that allows users to manage applications and resources within the cluster.

Read More
A Crash Course For Running Istio

A Crash Course For Running Istio

At Namely we’ve been running with Istio for a year now. Yes, that’s pretty much when it first came out. We had a major performance regression with a Kubernetes cluster, we wanted distributed tracing, and used Istio to bootstrap Jaeger to investigate.

Read More