Announcing Telekube v4

Nov 3, 2017 by Sasha Klizhentas

What is Telekube?

Telekube enables simple provisioning and reliable upgrades across a multitude of Kubernetes clusters on any infrastructure. Telekube runs underneath Kubernetes and leverages our open source SSH server, Teleport, for seamless trust management and remote cluster updates across multi-region, behind-firewall environments.

Why is that useful?

Telekube enables the delivery of complex multi-tier applications into both traditional datacenter and public cloud environments. It allows developers to leverage the latest generation of cloud-native tooling without having to rip out or replace legacy infrastructure.

You can read more about Telekube in the docs or feel free to reach out for a demo. Now, let’s get to the updates…

Telekube 4.x Updates

We are pleased to announce that Telekube v4 is now a long term support (“LTS”) release with version 4.44.0 LTS. This release focuses on improved security, usability and stability.

Telekube v4 LTS

Here are some of the more notable features with Telekube v4:

Improved upgrade procedures

Telekube 4.x has implemented production ready upgrades. Admittedly, “production ready” is a loaded term - so what do we mean by this?

We have found that the common practice of self-upgrading Kubernetes (while a nice concept and great when it works) is problematic when things go sideways. The all-or-none self-upgrade methodology makes it difficult to figure out where a failure happened and roll back to a particular step in the upgrade procedure.

Telekube employs a state machine independent from Kubernetes state that uses an “Operation Plan” which defines the upgrade procedures and monitors the progress of each step of the upgrade. If a failure happens, the process can be rolled back to a particular step in the upgrade, regardless of Kubernetes state or etcd state.

Telekube upgrades can be rolled through a manual or automatic process. The new upgrade mechanism allows for the following improvements:

More fine-grained access controls

Telekube 4.x comes with advanced role based access controls (“RBAC”) across participating clusters. RBAC can be integrated with external identity providers that support OIDC like Okta and Auth0. This allows for role based control per cluster based on identity metadata. All operational activities across the clusters can be linked to the the operator that performed them, which is often a must at security conscious organizations.

Advanced Cluster Provisioning

Telekube 4.x introduces a CLI and API to create clusters on AWS.

In addition, it supports pluggable provisioning pipelines with external provisioning tools, like terraform and cloud formation.

This gives you a powerful provisioning pipeline to spin up up everything from the infrastructure to the application layer in an automated way. We have put together a sample, production ready AWS provisioning pipeline using Terraform on our Github Repo.

Security

Telekube recently went through a series of security audits. The result of those audits is that Telekube now comes with a hardened set of pod security policies and tuned Kubernetes configurations.

The security auditor, Cure53, has agreed to publish the audit they performed here.

Monitoring and Alerting

The built-in Telekube 4.x monitoring service includes a configurable monitoring and alerting system using Heapster, InfluxDB, Kapacitor, and Grafana. It comes with built-in alerts for typical issues such as disk outages, networking problems and server misconfigurations.

This allows for more scalable and proactive operational management across multiple clusters. In addition, customers can upgrade to InfluxEnterprise or managed InfluxCloud for production ready, scalable metrics storage with enterprise-level support.

Upgrade to Kubernetes 1.7.7

Telekube uses upstream Kubernetes. Before we update the version of Kubernetes it uses, we thoroughly test it for reliability and to make sure it plays nice with all of its dependencies. With this release we have upgraded the Kubernetes version it uses to 1.7.7. Kubernetes 1.7 focuses on security, stateful application and extensibilty features

Conclusion

We have been working with Kubernetes since its inception and couldn’t be happier with the choice of using it as a portable runtime for complex applications. Many of the improvements above were implemented to extend the power of Kubernetes and to serve our own need to scale the operational management of applications across many clusters.

If you are interested in taking Telekube for a spin or just want to provide feedback, please reach out: [email protected].

Did you enjoy this post?

Check out how our products can help your company: