Haseeb is CEO and co-founder of Rafaya Kubernetes operations platform for enterprises and service providers.
Spinning up a barebones Kubernetes cluster can be deceptively easy. For many companies, the excitement of getting to work is quickly overtaken by the realities of operational complexity. IT operations teams are quickly overwhelmed by the vagaries of multi-tenant Kubernetes management, add-on management, policy enforcement, auditing, etc.
Platform teams can be truly transformative for your company’s Kubernetes journey and for the teams that rely on Kubernetes to deliver software faster. When equipped with the right tools for Kubernetes operations, platform teams can pave the way for business acceleration by reducing the operational complexity of Kubernetes.
Platform teams have been around for a while. If your company has invested in a platform team that provides various IT functions for internal users, then Kubernetes should be in your purview. If you don’t have a platform team, it makes sense to consider creating one, as many other companies are doing right now. Platform teams tend to focus on providing compute (ie VMs, Kubernetes clusters, Kubernetes namespaces, etc.) and software (ie CI/CD) services to developers.
Organizations without a platform team are finding that developers end up having to save time and resources managing the Kubernetes infrastructure, reducing the amount of time they can spend delivering new software features. Additionally, the company ends up with wildly varying Kubernetes policies and configurations across teams due to a lack of standardization and governance.
Below are six reasons why organizations should build a platform team for Kubernetes and how that team’s responsibilities can contribute to business success. By leveraging a core platform strategy, organizations can deliver a consistent experience to internal users through a “shared services” approach, enabling rapid innovation and reducing risk.
Six guiding principles for platform teams
Consistent automation: Teams committed to standardized and consistently applied automation across the organization ultimately reduce the enterprise’s total cost of ownership (TCO) for Kubernetes.
Through automation, platform teams can quickly realize productivity improvements that benefit the entire engineering organization. By leveraging GitOps methodologies that use existing and known CI/CD tools, platform teams can empower developers to leverage the self-service workflows they are comfortable with.
Security preparation: Zero trust security principles for user access and endpoint probing are essential for secure, low-risk Kubernetes environments. Security teams should allow user access through a hierarchical access management model with fine-grained permissions. With the right access to the right roles, separation of duties becomes easier to implement and enforce, and it becomes easier for platform and security teams to protect against unauthorized use. This type of centralized access management model provides deep audits of user and system access, making it easy to review and trend access for security.
Centralized visibility: A centralized view of the entire Kubernetes fleet – which can span environments, clouds, AWS accounts, etc., and helps visualize all applications running in the fleet – keeps all teams on the same page so issues can be resolved quickly . Resource usage, consumption, access, cost metrics, and user activity must be readily available across the enterprise and to every internal team. Teams should always be able to review alerts, check cluster health, and check metrics relevant to them through a single dashboard.
Governance: Maintaining compliance amidst increasing infrastructure complexity can be challenging, but automating the application of enterprise-specific policies and permissions provides infrastructure consistency that reduces failures and the mean time to resolution (MTTR) in the event of a failure. Reusable templates and blueprints make it easy to customize policy details, preventing non-compliance.
Centralized governance helps prevent breaches and creates standardization across your clusters. Whenever a cluster is out of compliance, the platform team should know immediately through notifications on the platform. Industry and internal compliance is therefore optimized and risk is reduced accordingly.
Kubernetes deployment flexibility: Enterprises around the world are choosing hybrid cloud and multi-cloud strategies and are deploying Kubernetes across environments and clouds. Common practice in the industry is not to deploy a single distribution everywhere, but to select the distribution best suited to the environment at hand. You might be using Openshift on premises, but you should consider using AKS on Azure, EKS on AWS, and GKE on GCP. Ensuring that the Kubernetes platform you choose allows for this flexibility allows you to have a lock-in-free approach to managing Kubernetes.
Self-service oriented: Standardized and automated shared services help organizations scale staff access to computing resources. Platform teams manage, govern, and secure the shared infrastructure, centralizing access, policies, compliance, and cost management. Additionally, ensuring that developers can leverage easy-to-use workflows for requesting compute and access to production environments is crucial to enabling a rapidly evolving culture. With self-service workflows, everyone can access resources that suit their needs, resulting in an improved user experience for developers and DevOps teams.
Bringing Kubernetes under the umbrella of the platform team
With a platform approach that delivers Kubernetes as a shared service across the organization, all internal teams can request computing resources — and request access to those resources — on demand. A platform team model provides a centralized self-service infrastructure that can grow and change with the organization. In turn, you can standardize workflows, control operating costs, and gain the visibility and control you need to truly scale.
The Forbes Technology Council is an invite-only community for world-class CIOs, CTOs and technology executives. Do I qualify?