All Blogs

Hitachi Kubernetes Service – Getting Under the Hood With K8s

Peter Meister

January 19, 2021


Driving Agnostic Kubernetes Management Across Hybrid Environments

Hitachi Kubernetes Service takes a strong agnostic approach to management of Kubernetes (K8s). As the open-source Kubernetes platform is driving the adoption of containers, key areas we need to focus on are operations and security. Operations management of Kubernetes is complex, especially as you advance adoption across many public cloud providers and on-premises providers, including private cloud and virtualization. When Kubernetes runs well it’s great, but one challenging area is when things go wrong with Kubernetes in production. Troubleshooting Kubernetes is difficult if you do not have the proactive insight and information to act on issues that cause stability and production operations to be impacted.

Key areas of the Kubernetes management plane that support proactive operations management are the audit logging platform and resource logging, including user activity logging. In Hitachi Kubernetes Service, we correlate these data feeds and present the interactive data around audit, resource logging and user activity in the management plane. This approach allows IT operators and DevOps engineers to see the correlating interactions occurring on the Kubernetes clusters and classify the interactions that may have caused the active problem on the Kubernetes cluster. This capability is helps to significantly reduce root cause analysis (RCA) and get to the exact area where an impact to production has occurred. Whether it’s a configuration change in the cluster, or an application or resource misconfiguration, you can quickly drill down into the activities that underly the problem to answer the question of “WHY did it happen?”

Security of Kubernetes must be the top priority. We know that Kubernetes is exposed when deployed into the public cloud and private cloud. If you do not proactively plan your deployments, you will suffer insecurity with Kubernetes, and you do not want to tackle security reactively in this type of complex platform.

It becomes challenging to secure Kubernetes after the fact, so Hitachi Kubernetes Service provides a very strong security defense, an in-depth approach in our provisioning and deployment of Kubernetes clusters. We institute a zero-trust model, both in terms of platform and user permissions. When a new cluster is implemented within Hitachi Kubernetes Service, we do not open ports at the edge of the Kubernetes clusters. We create a reverse proxy tunnel established from the cluster to the management plane. Whether you are deploying from an on-premises location or in the cloud, this approach provides a secured proxy tunnel for all interaction and communications with the underlying clusters. One additional area of concern is how you secure the clusters themselves. We deploy strong resource templates and application templates that focus on security by default in terms of the infrastructure baseline and application baseline implementation. These templates further ensure that the underlying infrastructure and applications are secure when initially implemented.

As organizations adopt Kubernetes at a rapid pace, we must provide proactive operations management and security to ensure that the deployment, management and sustained support of this complex platform is in maintained at all times. Hitachi Kubernetes Service is built for the enterprise. Our focus is on making Kubernetes easier to operate, manage, secure and deploy, serving as trusted advisor to our partners and customers, and making sure the end user experience is the best in the industry, on day one.

To learn more about Hitachi Kubernetes Service, click here.