Container Platform Landing Zone

⭐️⭐️☁️ PlatformA dedicated landing zone offering a developer-centric experience for building and running container-based applications on the cloud on top of a container platform.

🚧 This capability reference page is a draft.

If you want to be notified when the capability reference page is finished, click here.

  • Many organizations have in-house application development teams. Unless they established DevOps (proper) and have dedicated resources embedded within every application team, providing a central platform bundling infrastructure operations makes a lot of sense and can provide major productivity enhancements (internal developer platform)

  • Many application teams target containers and kubernetes specifically as an abstraction layer. Reduced vendor lock-in, reasonable abstraction over cloud infrastructure

  • Central platform teams can build multi-tenant k8s on top of managed cloud provider offerings (e.g. GKE, AKS etc.) more easily. Should look into this angle first before offering Kubernetes Cluster as a Service - it’s easier to operate fewer bigger clusters than many small cluster

  • Caveat: Kubernetes is not specifically designed for hosting multi-tenant workloads, albeit this is usually fine in an in-house platform context with semi-trusted workloads. Some kubernetes based platforms like OpenShift offer better implementations

  • Developer experience essentially “serverless”, i.e. no infrastructure responsibility.

  • Make sure to enable kubernetes audit logs and store persistently → Centralized audit logs. This is easy with managed services, e.g. in new window

  • Can “augment” these landing zones with cloud-native tenant access, e.g. for object storage, cloud-native DBs (Dynamo DB etc.) → very powerful

  • Alternative is a proprietary fully-managed serverless stack, e.g. AWS lambda, Azure Functions etc. Using containers is optional here, but has advanatages (see toolchain below)

  • Landing Zone can deliver integrated Managed DevOps Toolchain, Shared container registry, SDLC tooling etc.

  • Landing Zone should set IAM policies and resource Quotas

  • Should include Private Cloud pay-per-use chargeback

  • Consider implementing the Container Platform on top of a Cloud-native Landing Zone if you also have it - good litmus test if the cloud-native LZ is really ready to serve cloud-native workloads

  • meshStack

    meshStack has built-in support for building and operating OpenShift, AKS and other Kubernetes based Landing Zones including IAM, quota management and consumption metering.

    Learn More open in new window

Depends On