Part 2 – Node.js on Kubernetes – What to expect from the managed IBM Kubernetes service

Check out the Part 2 video on YouTube that goes with this blog post. In Part 1 we took a simple Node.js application that uses a Cloudant database for a backend and deployed it to Cloud Foundry. The app is really simple and we used the IBM Cloud portal to create the Cloudant service, connect it to our app, deploy the app using the command line, and auto-scale the app. In Part 2 we took the same app and deployed it to the IBM Kubernetes Service (IKS). The same app works for both deployment targets with the only difference being how the Cloudant connect string gets passed to the app.

Picture1

I thought I would spend time in this blog post looking at the IBM Kubernetes service and why it is unique to any other Kube service from other cloud vendors. The IBM Kubernetes Service is a managed Kubernetes service providing an intuitive user experience with simplified cluster lifecycle management. IKS has built-in security and isolation to enable rapid delivery of apps while leveraging IBM Cloud services including weather data, IOT, Analytics, data, or AI capabilities with Watson. Available in 6 IBM regions world-wide including 25+ data centers.

First and foremost, IKS is a managed solution. So what does that mean? First of all, IBM manages the master node side of the architecture. The master node are fully managed and maintained by IBM inside of an IBM account. You have multiple master nodes (high-availability) so that if any one goes down you do not lose your cluster. You have a fully-featured user interface portal that allows you to manage your cluster and its health. You can upgrade your Kubernetes version via the UI.

The worker nodes on the other hand are yours and fully under your control. The worker nodes run in your IBM account and you have complete access and architecture control of your worker nodes. When you create a cluster, you can specify the worker node architecture (bare metal, virtual shared and virtual dedicated). You can mix and match architectures in your cluster (i.e. edge nodes vs app nodes) and configure the network to you liking. A worker nodes will automatically be recovered if it goes down. IBM will upgrade Kube versions on your workers for you when requested. Workers can be deployed to single zone or multi-zone configurations.

From a security standpoint, again IKS lets you control your worker nodes. Therefore you can add your own security capabilities as you see fit. Kube secrets and volumes are automatically encrypted and you can provide your own keys via the IBM Key Protect service. Picture2Images can be stored securely in your own IBM private registry or you can use whatever registry you would like. IBM Vulnerability Advisor provides Docker image and running container scanning to detect vulnerabilities and configuration weaknesses. Images can be signed by Docker Notary to further insure you are using approved images.

IBM also allows you to extend you cluster to use other IBM Cloud services. You can enhance your applications with Watson, IOT, Analytics and Data services from the IBM Cloud catalog. Persistent volumes can be created using IBM Cloud storage solutions (file, block, object). IKS is integrated with IBM Cloud identity and access management for single point control of access and permissions translated to cluster RBAC.

And IKS offers the complete Kubernetes distribution with no changes including 100% API and CLI. IBM is a certified Kubernetes provider with conformance testing for each release. IKS is also integrated with IBM Cloud logging and monitoring or you can wire the cluster into your own popular logging or monitoring solutions. IBM also offers managed add-on capabilities such as installing and maintaining Istio or Knative into your cluster as of today.

OK, enough with the commercial. The other aspect to IKS is that it is used extensively within the IBM Cloud and is the underpinnings of almost everything IBM does both internally and publicly. All IBM Cloud services (140+) run on top of IKS. And there are numerous internal applications that run on IKS as well. IBM continues to be a large contributor to Kubernetes and Kube-based capabilities like Istio and Knative. More to come on those topics.

Needless to say, IBM has based its future on Kube and I would expect it to be a key piece of any future offerings. Please compare IKS to what you get from Azure, AWS, or Google and let me know if you don’t think IKS holds its own against any of them.

 

Advertisements

What is Your Path to the Cloud?

I think it is fair to say that the data center is dead. It was never even alive for newer organizations or startups as they began in the cloud. But I will wager that every organization, large or small, has a “plan” to get to a cloud-based application runtime model. Let’s take a look at how you might get there.street-731820_1280

First, let’s start with the end in mind and look at what we all should be shooting for. As we speak (if you read this in the not too distant future this may not be the case), I do not believe anyone can argue that the North Star of application architectures is a micro-services container architecture managed by Kubernetes orchestration. If you haven’t jumped on the container bandwagon you are too late. The same can be said for Kubernetes as the orchestration choice. It is the de facto winner and we shouldn’t even waste time with other orchestration options. Kube has won. (That is until the next big thing, maybe I will have to write another blog entry on serverless sooner than anyone thinks). And to take advantage of all of the cloud services out there (object storage, DBaaS, streams, AI, blockchain, …) we need to deploy our Kube clusters in the cloud. So, if we know what the target looks like, how do we get there. Let’s take a look at a few paths to get there.

Containers and Kubernetes Inside the Firewall

So you want to build containerized applications and deploy them to a Kube cluster, but you are not comfortable with building your own Kube cluster and integrating all of the open source capabilities you need for a first class enterprise application platform. Why not start with one already built for you that you can run in-house? IBM Cloud Private (ICP) is your answer. ICP is a pre-built Kubernetes platform with many, many open source capabilities already built in (Helm, Terraform, Prometheus, Grafana, …). ICP also has become the target platform for new deployment models of IBM Middleware. WAS, MQ, DB2 all have versions certified and ready to deploy on ICP. Many other open source components are also available (MongoDB, RabbitMQ, Redis, …). You can deploy on almost any platform (bare metal, VSIs, OpenStack, VMWare, OpenShift, AWS, Google, …). You can even deploy Cloud Foundry on top of ICP for your own private CF environment. ICP also comes with Cloud Automation Manager, which is a Terraform deployment built it. It includes Transformation Advisor, which is a tool to help you analyze existing IBM stack apps and help you understand the work needed to “containerize” it. And the newest member of the family, Multi-Cloud Manager, helping you manage deployments across numerous ICP installations. Lot’s to absorb and lots to consume. But it is all integrated and configured for you. This is a great way to get started.

Private Cloud off-prem?

Maybe you are ready to go to cloud but are not excited with the “public” part of cloud. IBM leads the industry in “private” access to its public cloud. The first step is to create a dedicated connection to the IBM Cloud. This might be a VPN solution or most likely a Direct Connect implementation. Then, many of IBM Cloud services offer the concept of a private end point. In AWS when you create an S3 bucket you are given a public URL. With IBM’s Cloud Object Storage, you can get a private end-point that is not accessible via the public internet. You get all of the benefits of on-demand public cloud services but the security of direct access only via your private connection. On the IBM Cloud, you can create your own on-demand Cloud Foundry instance only accessible by your organization. With the IBM Cloud you can keep the “public” out of your solutions.

Lift-and-Shift / Extend to the Cloud

If your primary driver of going to cloud is to get out of the data center business, you have many options to get you there. But let’s address the gorilla in the room first. This is not necessarily a cost savings strategy. Simply lifting and shifting your existing application portfolio to be cloud hosted is not a recipe for cost savings. All of the benefits of containers and Kube are based on agility and speed and applications that are static and monolithic do not take advantage of the benefits of cloud. But there may be many reasons why getting out of the data center is a driver to the cloud. Hardware refreshes, aging data center facilities, want out of an outsourcing contract, etc, are all legitimate reasons.

Lifting and shifting is all about utilizing what you already know. Going the virtual server instance route can be relatively easy if you already have experience in virtual servers, which is almost a given these days. But creating virtual servers and re-hosting an application is time consuming and error prone as it involves lots of testing. Cloud VSIs are usually not the same as the one running your app. Better yet, if you as an organization use VMWare you can extend your VMWare infrastructure into the cloud. The IBM VMWare Cloud solution allows you to create a VMWare environment in the IBM Cloud and simply extend the tools and skills that you already have. No new tools to learn. No new skills to obtain. Continue to do what you do today. And you can use VMWare capabilities like HCX to quickly move VMs out of your data center and onto the cloud.

Testing / Development in the Cloud

Maybe you have started your journey to containers but the projected timeframe to get there is daunting. And you don’t want to continue to invest in internal infrastructure to “support” the existing applications you have that aren’t going away any time soon. The IBM Cloud for Skytap might be just what you need. Skytap is an environment-as-a-service offering. You take snapshots of existing running applications. These snapshots include everything including network configurations. You can then create new instances of these environments on-demand. This allows developers to create full environment in the cloud for development and testing without any need for additional resources in your data center. This also gives your cloud-native developers legacy application environments to be able to do their transformation work.

The IBM Focus

The journey to the cloud is more than half the battle. IBM takes a huge leadership position in helping you get to your ultimate cloud architecture. IBM also takes a very hard stance in that multi-cloud will be the norm. The Multi-Cloud Manager is the first entry in helping you manage a multi-cloud strategy. Stay tuned for more.

Next time, I will look at the IBM Kubernetes Service, a fully managed Kubernetes platform in the IBM Cloud.