Deploying Application Services in Kubernetes

Deploying Application Services in Kubernetes

We provide guidance on where to deploy application services in a Kubernetes environment, using WAF as an example. Depending on your needs, it can make sense to deploy your WAF at the "front door" of the environment, on the Ingress Controller, per-service, or per-Pod.

In the previous blog in this series, we looked at the rising influence of DevOps in controlling how applications are deployed, managed, and delivered. Although this may appear to invite conflict with NetOps teams, enterprises instead need to recognize that each team has different responsibilities, goals, and modes of operation. Careful choices about where to locate application services such as load balancing and web application firewall (WAF), with duplication in some cases, is the key to specialization and operational efficiency.

There are two primary criteria to consider when determining where to locate an application service:

  1. Is the service you wish to deploy (a) specific to an application or line of business, or (b) general, for all applications?
  2. Is the service configuration owned by (a) DevOps or DevSecOps, or (b) NetOps or SecOps?

When you lean towards (a), it often makes sense to deploy the service close to the applications that require it, and to give control to the DevOps team which is responsible for the operation of those applications.

When you lean more towards (b), then it’s generally best to deploy the service at the front door of the infrastructure, managed by the NetOps team which is responsible for the successful operation of the entire platform.

In addition, you need to consider the technical fit in case compromises are necessary. Can the service be deployed and operated using the ecosystem tools that either DevOps or NetOps teams are comfortable with? Do the appropriate tools deliver the necessary functionality, configuration interfaces, and monitoring APIs?

Kubernetes Introduces Additional Choices

In a Kubernetes environment, there are several locations where you might deploy application services:

Let’s take web application firewall (WAF) as an example. WAF policies implement advanced security measures to inspect and block undesirable traffic, but these policies often need to be fine‑tuned for specific applications in order to minimize the number of false positives.

blog opinion devops kubernetes waf ingress controller netops application services secops

Bootstrap 5 Complete Course with Examples

Bootstrap 5 Tutorial - Bootstrap 5 Crash Course for Beginners

Nest.JS Tutorial for Beginners

Hello Vue 3: A First Look at Vue 3 and the Composition API

Building a simple Applications with Vue 3

Deno Crash Course: Explore Deno and Create a full REST API with Deno

How to Build a Real-time Chat App with Deno and WebSockets

Convert HTML to Markdown Online

HTML entity encoder decoder Online

50+ Useful Kubernetes Tools for 2020 - Part 2

Our original Kubernetes tool list was so popular that we've curated another great list of tools to help you improve your functionality with the platform.

AWS Fargate for Amazon Elastic Kubernetes Service | Caylent

Easily run Kubernetes-based applications on AWS by leveraging AWS Fargate and Amazon Elastic Kubernetes Service together. Learn more here.

Performance Testing NGINX Ingress Controllers in a Dynamic Kubernetes Cloud Environment

We compare the performance of the community, NGINX Open Source, and NGINX Plus Ingress Controllers in a dynamic Kubernetes cloud environment. As the number of Pod replicas scales up and down, only the NGINX Plus Ingress Controller doesn't incur high latencies.

Deploying Application Services in Kubernetes, Part 1

We explain why duplicating application services paradoxically can improve overall efficiency: because NetOps and DevOps teams have different mandates, it makes sense for them to select and manage the tools that best suit their specific needs. Deploying Application Services in Kubernetes, Part 1

What is Kubernetes Ingress and How to setup Ingress?

Whenever you want to expose any service which is running inside Kubernetes then there are a couple of ways to do it but the easiest one is to have an Ingress.