Deployment models for software on Kubernetes
Each deployment model has its advantages and disadvantages. The on-premise model is focused on deploying distributed containers to on-premise servers while securing storage centrally. The cloud-based model is focused on deploying the instance that can meet the monitoring and logging requirements of the cloud environment.
In this section, we cite the challenges and considerations associated with each deployment model for running workloads in production. In the following sections, we describe the container security, Kubernetes deployments, and the network security. Each layer of the deployment may either be self-managed or fully managed service and comes with its best practice.
1. Standalone On-Premise model:
The standalone deployment of any software in Kubernetes comes with a requirement to automate the initialization of the Kubernetes cluster required to host the deployed instance. This installer comes with a documentation that describes the software included in the package, their version and the minimal steps needed to get the instance up and running for the first time. The installation is already secure out of the box in adhering to the product security guidelines and has been analyzed for container image security, web application, network intrusion security among others. The administrator can then secure the product specific features listed in this guide for both the resource requirements of the application and the Kubernetes execution environment of the cluster hosting the application in a two later srack if application over cluster.
2. Cloud-based security model:
The cloud-based deployment of the same software on Kubernetes also comes with a requirement to automate the deployment of the application but on a PKS cluster so that it can be deployed the same to the public or private cloud. PKS allows us to use the same automation to initialize the cluster regardless of the site where it is deployed. However, there are quite a few differences between cloud-based deployment and a standalone deployment that span layers and shared components which require administrator involvement to customize the configuration before first use.
Both deployments require configuration of the application with administrator involvement before users can begin analyzing streams. This calls out activities such as artifact repository configuration, metrics and monitoring setup, diagnosability and logging configuration as well as settings for scaling the capacity to meet the forecasted demand from the deployed instance.
Each deployment model has its advantages and disadvantages. The on-premise model is focused on deploying distributed containers to on-premise servers while securing storage centrally. The cloud-based model is focused on deploying the instance that can meet the monitoring and logging requirements of the cloud environment.
In this section, we cite the challenges and considerations associated with each deployment model for running workloads in production. In the following sections, we describe the container security, Kubernetes deployments, and the network security. Each layer of the deployment may either be self-managed or fully managed service and comes with its best practice.
1. Standalone On-Premise model:
The standalone deployment of any software in Kubernetes comes with a requirement to automate the initialization of the Kubernetes cluster required to host the deployed instance. This installer comes with a documentation that describes the software included in the package, their version and the minimal steps needed to get the instance up and running for the first time. The installation is already secure out of the box in adhering to the product security guidelines and has been analyzed for container image security, web application, network intrusion security among others. The administrator can then secure the product specific features listed in this guide for both the resource requirements of the application and the Kubernetes execution environment of the cluster hosting the application in a two later srack if application over cluster.
2. Cloud-based security model:
The cloud-based deployment of the same software on Kubernetes also comes with a requirement to automate the deployment of the application but on a PKS cluster so that it can be deployed the same to the public or private cloud. PKS allows us to use the same automation to initialize the cluster regardless of the site where it is deployed. However, there are quite a few differences between cloud-based deployment and a standalone deployment that span layers and shared components which require administrator involvement to customize the configuration before first use.
Both deployments require configuration of the application with administrator involvement before users can begin analyzing streams. This calls out activities such as artifact repository configuration, metrics and monitoring setup, diagnosability and logging configuration as well as settings for scaling the capacity to meet the forecasted demand from the deployed instance.
No comments:
Post a Comment