Kris Sharma
on 17 January 2022
Canonical Kubernetes for Financial Services
To serve today’s on-demand customer, financial institutions must become agile digital enterprises focused on delivering innovative products, services, and customer experiences.
Adopting a container-first approach represents an unrivalled opportunity for financial institutions to increase system efficiency and resource utilisation, improve security, introduce automation, and accelerate innovation.
Containers offer a logical packaging tool in which applications can be decoupled from the underlying infrastructure on which they run. This allows container-based applications to be installed easily and consistently, regardless of whether the target environment is a private or public cloud. With containerisation, development teams move fast, deploy software efficiently, and operate at an unprecedented scale.
Despite the advantages, containers can be hard to manage and to track individually, and across multiple cloud platforms. Container orchestration solves this issue by automating the management and tracking of containers. Kubernetes has established itself as the leading open source platform for managing containerised workloads and services.
Canonical Kubernetes
Canonical Kubernetes is an umbrella term for all of Canonical’s Kubernetes products and services. Canonical has two CNCF-certified Kubernetes distributions, MicroK8s and Charmed Kubernetes.
Charmed Kubernetes (K8s) is an enterprise-scale, composable Kubernetes for multi-cloud deployments. Charmed K8s leverages the model-driven operations approach, which offers straightforward cluster lifecycle management and compatibility with cloud services as well as legacy application architectures.
MicroK8s is a low-ops, minimal production Kubernetes. It provides the functionality of core Kubernetes components, in a small footprint, scalable from a single node to a high-availability production cluster.
Key considerations for enterprise Kubernetes in Financial Services
The Kubernetes ecosystem is vast and complex. There are numerous different versions of Kubernetes to choose from, and it can be difficult to understand the best-suited version for an organisation’s specific requirements. Here are some of the key considerations that financial institutions need to consider for their enterprise Kubernetes.
CNCF conformant
CNCF certification is a conformance program that ensures each vendor’s Kubernetes distribution supports the required APIs and provides timely updates. Choosing a CNCF certified Kubernetes installation allows financial institutions to guarantee the adaptability, predictability and interoperability of the product. Canonical Kubernetes is CNCF certified.
Lifecycle operations
When beginning a Kubernetes journey, it’s easy for IT teams at financial institutions to get caught up in development and deployment while Day 2 operations become an afterthought. Many solutions around Kubernetes address the early phases of the Kubernetes lifecycle – Day 0 and Day 1 operations, but enterprise Kubernetes challenges on topics like scalability, high availability, update management, security and observability begin at Day 2.
When it comes to Day 2 operations, Canonical Kubernetes leverages operators to deliver full lifecycle automation. Canonical Kubernetes operators can be composed together to deliver highly complex applications and services. Canonical Kubernetes is deployed using Juju, and it has been designed with operators in mind, making long-term challenges like maintenance and upgrades easier to solve.
Container runtime and registries
Container runtimes are responsible for creating, starting, and managing containers at a low-level on the underlying nodes of a Kubernetes cluster. They are thus a core component of any Kubernetes deployment, and must be installed on every node in a cluster. When evaluating Kubernetes distributions with respect to container runtimes, the differentiating factor is the breadth of runtime options that each distribution supports, and the use-cases that these runtimes enable.
The primary runtime options are Containerd, Kata Containers, and CRI-O. Containerd is a high-level container runtime that can manage the complete container lifecycle, delivering simplicity, robustness, and portability. Containerd can be seen as the industry-standard container runtime, and it is the default in upstream Kubernetes. Canonical Kubernetes supports containerd.
Kata Containers puts the emphasis on security, providing deeper isolation between containers by placing them inside lightweight VMs. Canonical Kubernetes also supports Kata Containers.
The container registry is another fundamental building block of a successful Kubernetes strategy. The registry is where container images are stored, and these images are critical to application development and scalability. Container registries come in various flavours, and Canonical Kubernetes support private registries, public cloud registries and DockerHub.
Monitoring and operations management
The ability to monitor the status of a Kubernetes deployment from a single, centralised location is invaluable. With effective monitoring solutions, a financial institution’s enterprise IT teams can easily track resource utilisation, application performance, and bottlenecks, enabling them to proactively manage and optimise their Kubernetes clusters.
Canonical Kubernetes ships with a standardised set of open source log aggregation and systems monitoring dashboards. As Charmed Kubernetes is upstream Kubernetes, enterprises can use any of the tools and techniques to examine cluster logs as described in the Kubernetes documentation.
Bare metal deployment and automation
Not all financial services application workloads are suited to virtualisation, and financial institutions will sometimes need to deploy Kubernetes directly on bare metal servers. Canonical Kubernetes comes with bare metal provisioning capabilities.
With Canonical Kubernetes, enterprises can leverage Metal-as-a-Service (MAAS) to fully automate discovery, commissioning, deployment, and configuration of bare metal machines with zero-touch, cloud-style provisioning. Once the machine has been provisioned, Juju integration lets users deploy Canonical Kubernetes just as easily as they would in a public or private cloud.
Multi-cloud deployments
Financial institutions rarely rely on a single cloud platform. Rather, enterprises will typically pursue a multi-cloud strategy where applications are hosted on different public or private clouds (or bare metal) depending on their requirements. As such, the ease with which Kubernetes can be deployed and ported across different platforms should be a key consideration for financial institutions when choosing a distribution.
Canonical Kubernetes utilises Juju to help businesses navigate the complexity of multi-cloud provisioning, installation, and configuration. Juju Charmed Operators (“charms”) facilitate the deployment and management of Kubernetes across different cloud providers and instances by utilising the concept of model-driven operations.
Managed Kubernetes offering
Kubernetes brings unprecedented levels of automation and a ubiquitous platform for enterprise workloads. However, Kubernetes is a highly complex technology, and not all businesses have the expertise or time to maintain it in-house. A fully-managed Kubernetes cluster eliminates this issue by enabling users to consume Kubernetes as a service. The vendor takes care of operating the cluster while users focus on delivering their core business value.
With Canonical Kubernetes, financial institutions can opt for fully-managed clusters on bare metal, OpenStack, or any public cloud. Financial institutions can focus on their applications while Canonical will build and operate the cluster, with in-house experts available 24/7 to stand-up and scale the deployment. What’s more, users can choose to fully take over operational control at any time, and even redeploy or replicate the deployment using the exact same tools.
Further reading
Kubernetes platform comparison: Red Hat OpenShift, SUSE Rancher and Canonical Kubernetes
Kubernetes and cloud native operations report
Reference architectures:
Charmed Kubernetes reference architecture by Dell EMC and Canonical
Charmed Kubernetes reference architecture by Lenovo and Canonical
Photo by Cameron Venti on Unsplash