There have been written many training materials about Kubernetes, therefore it’s better to refer to the Kubernetes Website.
To use Kubernetes for your project the answer to the following questions must be obvious to the Kubernetes Development & Management Team.
- What do Container, and Kubernetes mean?
- Why does a project need Kubernetes and what can it does for this project?
- What’s the benefit of using containers in our project?
It doesn’t matter where the cluster is running on-prem or on-cloud the following topics have to be covered with customers.
The differences between on-cloud and on-prem are the following:
|You have to provide the hardware for infrastructure.||It’s provided by a cloud vendor and you pay as you go or reserve-instance.|
|You have to provide a physical security||Cloud vendor provides physical security for you.|
|You do the hardware maintenance.||Cloud vendor provides the hardware maintenance for you.|
|You can use VMware but the operation responsibility is with you.||You don’t have VMware.|
Where should we deploy a cluster on-prem and manage it:
- when you have an air-gap environment.
Azure Kubernetes Service (AKS)
Installing a Managed Kubernetes Cluster on Azure (AKS) is pretty simple but for the Kubernetes which must be exposed from an enterprise it must be security compliance, therefore some setting must be done for better cluster security and a better life cycle.
The items which can help to have a secure cluster and provide a better life cycle are the following:
- Using Azure Role Based Access Control (RBAC) & AAD
- Configure DNS-Zone.
- Manage certificates.
- Security software
- Automated restart-daemon (kured) to activate the security fixes from MS
- OAuth 2.0 Authentication in AAD
Instead of doing all the above error-prone items manually, it’s better to use templates to make our job easier.