With the release of Kublr 1.19, we are continuing the tradition of expanding customization capabilities available to end users and Kubernetes operators and administrators. Kublr 1.19 includes numerous improvements to the customization of Kubernetes clusters deployed on AWS and other clouds. Key among these is support for mixed instance policies including spot and on-demand instances and multiple instance types.

In our final article on Kubernetes RBAC, we are focusing on RBAC itself. Everything else in the series led towards this key piece. In part one we discussed authentication and authorization on a high level and in part two we focused specifically on authentication. Now let’s dive into authorization.

In part one of this series on Kubernetes RBAC, we introduced authentication and authorization methods. In this article, we’ll dive a little deeper into authentication — a prerequisite for RBAC. As we saw, there are a few authentication methods including client certificates, bearer tokens, HTTP basic auth, auth proxy, and impersonation. Because HTTP basic auth and statically configured bearer tokens are considered insecure, we won’t cover them here.

When SUSE, the world’s largest independent open source company, announced its acquisition of Rancher Labs in early July 2020, the industry took notice. Clearly, the Kubernetes management industry is very much alive. But, the merger also raised the question of what this means for users? After all, a key value proposition of cloud native technologies, like SUSE, is that they are modular, interoperable, and flexible.

Cloud native and open source technologies have modernized how we develop software, and although they have led to unprecedented developer productivity and flexibility, they were not built with enterprise needs in mind. A primary challenge is bridging the gap between cloud native and enterprise reality. Enterprises need a centralized Kubernetes management control plane with logging and monitoring that supports security and governance requirements extended through essential Kubernetes frameworks.

We are excited to announce in-place Kublr Platform upgrades and a technical preview for external cluster support. That’s yet another step in making enterprise-grade Kubernetes adoption a breeze. While Kublr supports automated rolling cluster updates and upgrades with zero downtime, since our last release (1.17) updating the platform itself was still a semi-manual project supported by the Kublr team. Now, all it takes is the click of a button.

Kubernetes governance may sound dull. But, if you’re an enterprise, it’s a critical part of what you must figure out to be production-ready at scale. When standardizing on-demand services for your dev teams — a DevOps best practice — you must ensure that groups deploying Kubernetes clusters follow certain rules, a process that is typically automated via policy management.

If you’ve done your research, you probably know that Kubernetes is only one piece of the puzzle. Production grade deployments require a lot of moving pieces including logging and monitoring, governance, and more. You’ll also need some key extensions — some Kubernetes can’t go without, others that will make your life a lot easier. Let’s take a closer look.

KubeCon + CloudNativeCon sponsored this post, in anticipation of KubeCon + CloudNativeCon EU, in Amsterdam. If you’re new to Kubernetes and have been tasked with researching a vendor-supported platform for your enterprise, chances are you’re feeling overwhelmed. You’ll encounter a seemingly never-ending list of vendors, all promising more or less the same. To help you navigate the space and ask vendors the right questions, we created this no-BS Kubernetes checklist.

Most enterprises already have a reliable logging and monitoring system in place, so why should you worry about it in the context of Kubernetes? Well, traditional logging and monitoring tools are designed for stable infrastructure and application deployments. Cloud native environments, on the other hand, are highly dynamic. The IT world has changed and so must your toolkit.