Avesha Open Sources KubeSlice To Better Manage Multi-Tenancy In Kubernetes

Kubernetes multi-tenancy can be problematic to achieve but is essential in leveraging the greater operational efficiencies and better managing resources and cloud costs. Avesha’s platform, KubeSlice, enables enterprises to use multi-tenancy inside Kubernetes, not just in single cluster but also in multi-cluster. The online tool aims to simplify cluster management and help organizations in their journey to adopting Kubernetes.

On this episode of TFiR Let’s Talk, Swapnil Bhartiya sits down with Prasad Dorbala, Co-Founder and CPO of Avesha, to discuss some of the key challenges organizations are facing and how KubeSlice is helping.

When discussing how KubeSlice is helping tackle talent shortages, Dorbala says, “Kubernetes, as much as we all love it, the talent pool is very sketchy, in the sense like there is not enough talent pool, right? So what we are trying to do is give an open source solution. But we will wrap around the service angle to it if they want us to maintain it.”

Key highlights from this video are:

Although Kubernetes is good at orchestrating clusters and workloads, multi-tenancy can be problematic, and you need to have the appropriate guardrails for SOC 2 compliance. Dorbala explains how this led to starting Avesha, and how it is helping solve these problems.
Multi-tenancy can be challenging to achieve in Kubernetes infrastructure. Dorbala discusses how KubeSlice is helping with consistency, ensuring there are security guardrails and resource management with a control plane.
Dorbala discusses why they felt it was important to make KubeSlice open source, and how it is helping developers in adopting the technology rather than about top-down sales. He discusses why this approach is helping developers better understand and deploy it.
Talent shortages in Kubernetes present difficulties in deploying and maintaining it, but Avesha also offers a service angle to help customers. Dorbala explains that they are putting other AI usability features around the open source too, and how this will help people with Kubernetes.
One of the key challenges with multi-cluster is that the clusters are getting increasingly bigger. Dorbala goes into depth about the challenges of managing them from an operational efficiency perspective and how KubeSlice is addressing the problem.
Cloud costs and security continue to be hot topics. Dorbala discusses some of the challenges of finding a balance between these two elements in multi-clusters. He explains the concept of micro-segmentation and how it can reduce the attack surface.
Dorbala details the customers who are leveraging KubeSlice and shares the use cases they are seeing.

Connect with Prasad Dorbala (LinkedIn, Twitter)

The summary of the show is written by Emily Nicholls.

[expander_maker]

Here is the automated and unedited transcript of the recording. Please note that the transcript has not been edited or reviewed.

Swapnil Bhartiya: Hi, this is your host Swapnil Bhartiya and welcome to another episode of TFiR Let’s Talk. And today we have with us Prasad Dorbala, co-founder and CPO of Avesha. Prasad, is good to have you on the show.

Prasad Dorbala: Thank you very much, Swapnil. Thank you.

Swapnil Bhartiya: Yeah, today we are going to talk about KubeSlice, your open sourcing. But before we talk about this specific project, I would love to know a bit about the company itself since you’re a co-founders. So tell me, what is it all about? What problem did you see in the space that you wanted to solve, which led to the creation of this company?

Prasad Dorbala: Sure. What we have seen, we have been working together many years and on Kubernetes in different SaaS platforms. Kubernetes is very good at orchestrating clusters and workloads. But, when it comes to the teams and how to have freedom for the teams to have their own tenancy, it is a little weak and tenancy is not the first class citizen in Kubernetes. So we always used to have challenges with adding capacity or giving them control because security was always a bigger burden on from a SaaS perspective, when you have to do SOC two compliance and other things you would want to have proper guardrails. But on the other hand, teams also need to be focused on their velocity of deploying things at a much higher pace because with microservices, lot of teams used to deploy multiple deployments per day, and then having to have that kind of a framework, but also giving capacity was bigger challenge and observability is another factor which we always used to run into.

So learning from all the lessons which we have seen, we wanted to create a platform for enterprises to use multi-tenancy inside Kubernetes, not only in a single cluster, but also extend that across multi-cluster. As a SaaS provider, people used to deploy it at different locations, but have to have the same kind of constructs across. That is what we kind of felt that it is must needed, a solution to have tenancy inside a cluster and extend it to multi-cluster.

Swapnil Bhartiya: Why, first of all, multi-tenancy is kind of hard to achieve in Kubernetes infrastructure? And then how we are trying to address this by bringing in KubeSlice there?

Prasad Dorbala: As you are aware, there are different things which are necessary for cluster resources, and there are different things which are Namespace, scoped resources. So Kubernetes’ cluster is always focused around… Essentially in a single enterprise. So there are lots of things with respect to cluster resources, which like if you have a custom resource definition that is only in the cluster resources. So API server is common to entire cluster. So how do you shard an API server? How do you define isolation? Right? Namespace gives you an isolation, but does every team need to have a single Namespace or do we have to have multiple Namespaces for a team? And a team wants to deploy in different location with edge providers coming up and as a SaaS provider, you want to have workload closer to the customer. And so now that is essentially becoming either multi-cluster or multi-cloud right. So how do we make sure that there is consistency, not only consistency, there is security guardrails and as well as resource management with a control plane, which is common across that is what the problem which we were tackling within KubeSlice.

Swapnil Bhartiya: Talk about the open source aspect of it. First of all, why you’re open sourcing it? And second is that, what are the core components or raw components of this project?

Prasad Dorbala: Kubernetes is an open source, right? Everybody, developers it’s a product led growth, right? Developers would want to have the freedom to see what they are deploying, right? So it is not something if a old way of top down sales, it is more about adoption. Developers would feel much more closer to them for if they know what is going inside the production. At the end of the day, they are the ones who are managing those things. So having to have that openness is important for them to understand, to deploy it. But when something goes wrong, they need to know how to fix it, right? Healing is very important for them because the service availability is fundamental to any SaaS provider. So that’s the reason why we think it is important to give the community, to have an openness and then build use cases by the community.

So that community has freedom to say how do they define their specific use case? That’s the reason why we have decided to open source it and what we call it open core. There are functionalities like multi-cluster connectivity, same name nest across multi-cluster, resource allocation across multi-cluster. So we call it Slice. Slice is a way of segmenting cluster and extending that cluster across multi-cluster, whether it is multi-cloud, or whether it is edge, or a hybrid scenario where you have a cluster inside your data center. That is why we are open sourcing it.

Swapnil Bhartiya: With typical open source project there is, of course, as you mentioned, this open core project, where folks can go and check it out, play with it, but then also a commercial angle to it without commercialization open source will not succeed. So also talk about how is Avesha either leveraging this open source project, or how are you bringing it to those folks who do want to leverage it, but they may not have resources to invest in the open source project?

Prasad Dorbala: No, certainly very good point from now. Kubernetes, as much as we all love it, the talent pool is very sketchy, in the sense like there is not enough talent pool, right? So what we are trying to do is give an open source, but we will wrap around the service angle to it if they want to have maintaining. And they have some use cases, which they want us to quickly inculcate or insight into the upstream community. That is what we were going to do. And beyond that, there are a lot of usability features we are actually putting, wrapping around the open source, essentially like AI capabilities, right? And the network capabilities. The network, which we are offering as an overlay across multi-cluster is layer three and above, right? So now there are traditional workloads still, right?

So Kubert is a fantastic project, where people are taking the VMs and then putting into Kubernetes. Now Kubert workloads are not HTTP centric, but you want to have that connections from a non HTTP centric workload to something which is modernized microservices. How do we bring that? That is the kind of foundation which we are building from a network standpoint, from a multi-cluster.

Swapnil Bhartiya: When we talk about multi-cluster, it’s not just as you’re talking about, we are looking at edge data. So not only is spreading out, those clusters also getting bigger and bigger. So how do you look at it as a challenge from operational efficiency? What kind of one second challenge poses for developers or develop team, and then how either Avesha or KubeSlice tried to address that problem?

Prasad Dorbala: Yeah. Fundamentally when Kubernetes came about, tenancy in their mind was only a single name space, right? A single name space is not sufficient for a team, right? So you have to have multiple name spaces and then together, they need to also connect different edge providers. And so teams were used to say, “Huh, I need a cluster.” So the cluster sprawl became a bigger challenge. So as you can see, 1.24 has 5,000 nodes and 150,000 pods, which you can have. So consolidate… When you are operating, you need to have tools which are essentially visibility tools, security tools, logging, and all that stuff. So the more you have sprawl, each one of them would cost a lot more. And then your scheduler is not going to be, there are lots of resources which are going to get wasted if you are boundary is only the cluster.

So given the fact that there is a lot of advances in 1.24 to have large clusters, you can literally shard the clusters by tenancy and then consolidate all the tooling so that you have consistency and as well as cost saving. And then your scheduler is going to get much better because you can do a bin packing much easier because the resource pool is pretty much. We also offer a per tenancy isolation of a node and different things. So let’s say if I have a GPU node and I want only certain set of Namespaces to use the GPU node, you can create a slice and then assign that GPU node to those set of Namespaces. And so that web centric workload is not running on a GPU node, right? So those kind of fundamental, operational, efficient way of running an infrastructure is what we are bringing to the KubeSlice.

Swapnil Bhartiya: Excellent. Thanks for explaining that. Now there are two keywords that I picked up when you talked about cost and you also talk about security. Cloud cost is becoming a big topic. KubeCon also, they like more than two days just dedicated to security. So talk about, first of all, not only from a vicious perspective, but from KubeSlice perspective, how do you look at it? Because these are also kind of challenges that teams face; cost is big, security cannot compromised. So what is your approach toward these two to make a fine balance? Because security can also have impact of efficiency and performance, it can slow things down, and of course, cost is there. Companies are becoming very, very cost efficient after the pandemic and as we are kind of inching towards session. So please talk about these two things as well.

Prasad Dorbala: No, Certainly. One way efficiency can be maintained is the control plane is satisfying a whole bunch of nodes, right? So why do you want to have multiple clusters, it is not multiple as in, there are people who are actually having 40-50 clusters. One of the customer we are talking about, they have many, many data centers, large bank, and then they have lots and lots of clusters. And then when they group the nodes, the business unit, which is using that set of nodes, may not consume all the things. So just they are over provisioning the nodes just for the sake of capacity, right? If they can combine them into a virtual cluster, then they can use the nodes, which are shared across multiple business units with the guardrail of security, right? Security is paramount because back in the days of networking, they’re all bell heads who have worked in networking all over.There is a concept of micro-segmentation.

That micro-segmentation is something which you would want to have. This is like antithesis from a Kubernetes’ standpoint. The network is a flat network inside Kubernetes, right? So how do you get that micro-segmentation or a segmentation so that your attack surface is reduced, right? So that once you have an attack surface reduced, then attack vectors are kind of controlled in whether it is internal threats or an external threats. They’re all going to be all supply chain challenges because everybody is actually taking third party containers embedded into them and then creating it, right? So even though there is a whole slew of things from a scanning point of view, but at the run time, there is not many things which are available. So what we are trying to do at the run time is to put some guardrails, to be able to figure out how do we secure it. And one fundamental thing of tenancy and isolation is about reducing attack surface, right? So that is what we are trying to bring from a security perspective at the run time and then a deployment time, right?

Swapnil Bhartiya: Excellent. And you gave example of banks. And if I may ask you what kind of use cases you have seen, what kind of customers are there, who are leveraging it? That would be great.

Prasad Dorbala: Oh, it’s interesting. There are lots and lots of customers who are kind of interested in how do I distribute the workloads closer to the customer, right? Which is the Q of E aspect, quality of experience from a customer standpoint, because I’m a SaaS provider. I have my retail customers who are closer in different things. Back in the day, we have already done the lot of analysis. If the web is slow, you abandon the shopping cart faster, right? So if you want to have a workload closer to them, you’ve already modernized your workloads to be microservices. How do you deploy the workload closer to them? How do you desegregate them? So you don’t want to have full stack closer to the customer because there is not enough capacity there.

Hyperscalers did a fantastic job of scaling up and all that stuff. So you have a small point of workload sitting closer to you as a retail customer. And then having that connect to hyperscalers. That’s one use case where retail industry is benefiting out of it, right? Now, there are east, west traffic is increasing quite a bit. East, west traffic is what you have multi-cluster scenarios, where you want to have proper guardrails from a security standpoint, the banks, are interested in that east, west traffic to be provided across multi-cluster. So those are all the use cases we are seeing, Swapnil.

Swapnil Bhartiya: Prasad, thank you so much for taking time out today and not only talk about Avesha, KubeSlice project, but also share some of the challenges that are there for developers, developer teams face in the ecosystem. Thanks for sharing those insights and I would love to have you back on the show. Thank you.

Prasad Dorbala: Thank you very much Swapnil. I would love to catch up sometime. I am actually in Austin. If you’re interested, we should meet up there.

[/expander_maker]

You may also like

Apiiro wants to be the Diamond Standard for Application Security Posture Management

Upbound delivers enterprise-ready Crossplane experience with new features

Akamai further fortifies its API Security with latest PCI DSS Compliance

If Iron Man has Jarvis, Transposit has Tanya

Bringing vCluster to Rancher is healthy competition: Lukas Gentele

How to choose best observability practices: Julian Fischer