Check out the Part 2 video on YouTube that goes with this blog post. In Part 1 we took a simple Node.js application that uses a Cloudant database for a backend and deployed it to Cloud Foundry. The app is really simple and we used the IBM Cloud portal to create the Cloudant service, connect it to our app, deploy the app using the command line, and auto-scale the app. In Part 2 we took the same app and deployed it to the IBM Kubernetes Service (IKS). The same app works for both deployment targets with the only difference being how the Cloudant connect string gets passed to the app.
I thought I would spend time in this blog post looking at the IBM Kubernetes service and why it is unique to any other Kube service from other cloud vendors. The IBM Kubernetes Service is a managed Kubernetes service providing an intuitive user experience with simplified cluster lifecycle management. IKS has built-in security and isolation to enable rapid delivery of apps while leveraging IBM Cloud services including weather data, IOT, Analytics, data, or AI capabilities with Watson. Available in 6 IBM regions world-wide including 25+ data centers.
First and foremost, IKS is a managed solution. So what does that mean? First of all, IBM manages the master node side of the architecture. The master node are fully managed and maintained by IBM inside of an IBM account. You have multiple master nodes (high-availability) so that if any one goes down you do not lose your cluster. You have a fully-featured user interface portal that allows you to manage your cluster and its health. You can upgrade your Kubernetes version via the UI.
The worker nodes on the other hand are yours and fully under your control. The worker nodes run in your IBM account and you have complete access and architecture control of your worker nodes. When you create a cluster, you can specify the worker node architecture (bare metal, virtual shared and virtual dedicated). You can mix and match architectures in your cluster (i.e. edge nodes vs app nodes) and configure the network to you liking. A worker nodes will automatically be recovered if it goes down. IBM will upgrade Kube versions on your workers for you when requested. Workers can be deployed to single zone or multi-zone configurations.
From a security standpoint, again IKS lets you control your worker nodes. Therefore you can add your own security capabilities as you see fit. Kube secrets and volumes are automatically encrypted and you can provide your own keys via the IBM Key Protect service. Images can be stored securely in your own IBM private registry or you can use whatever registry you would like. IBM Vulnerability Advisor provides Docker image and running container scanning to detect vulnerabilities and configuration weaknesses. Images can be signed by Docker Notary to further insure you are using approved images.
IBM also allows you to extend you cluster to use other IBM Cloud services. You can enhance your applications with Watson, IOT, Analytics and Data services from the IBM Cloud catalog. Persistent volumes can be created using IBM Cloud storage solutions (file, block, object). IKS is integrated with IBM Cloud identity and access management for single point control of access and permissions translated to cluster RBAC.
And IKS offers the complete Kubernetes distribution with no changes including 100% API and CLI. IBM is a certified Kubernetes provider with conformance testing for each release. IKS is also integrated with IBM Cloud logging and monitoring or you can wire the cluster into your own popular logging or monitoring solutions. IBM also offers managed add-on capabilities such as installing and maintaining Istio or Knative into your cluster as of today.
OK, enough with the commercial. The other aspect to IKS is that it is used extensively within the IBM Cloud and is the underpinnings of almost everything IBM does both internally and publicly. All IBM Cloud services (140+) run on top of IKS. And there are numerous internal applications that run on IKS as well. IBM continues to be a large contributor to Kubernetes and Kube-based capabilities like Istio and Knative. More to come on those topics.
Needless to say, IBM has based its future on Kube and I would expect it to be a key piece of any future offerings. Please compare IKS to what you get from Azure, AWS, or Google and let me know if you don’t think IKS holds its own against any of them.