Kubernetes fire drills – a common practice for Cleura Business and Enterprise customers

As the adoption of Kubernetes continues to grow, its critical role in ensuring business continuity has become abundantly clear, not least by the sheer nature of being the technology that runs such a considerable portion of our digital lives.

Kubernetes is an inherently complex technology designed to solve complex problems, and failures can occur at all levels, from nodes and pods to entire clusters. Regular fire drills on your Kubernetes environment are essential to maximize your chances of withstanding failures and improve your chances of coming out unscathed on the other side.

This article briefly discusses our reasoning and high-level thinking in and around Kubernetes fire drills. We apply these practices with our Business and Enterprise customers to help them achieve their business objectives with container orchestration in Cleura Cloud. We base this article and some of our methods and technical capabilities on our container orchestration engine, Gardener, and Kubernetes. However, the general principles outlined here apply to any microservice environment.

What is a Kubernetes Fire Drill?

Fire drills on Kubernetes environments are exercises that simulate different failures to test an environment’s resiliency and validate a recovery plan.

In helping our clients with fire drills, we generally go through five main stages, regularly learning new lessons and drawing more and more knowledge from:

1. Preparation
2. Define the scope.
3. Simulate a failure.
4. Activate the recovery plan.
5. Validate the recovery.
6. Conduct a post-mortem.

Performing a Kubernetes fire drill

1. Preparation – involve all stakeholders.

It sounds simple, but involving all potential stakeholders will ensure you cover as many critical areas as possible in the disaster recovery plan. Each stakeholder has a unique perspective and knowledge of the business processes they are responsible for, and they can help identify potential vulnerabilities and suggest additional recovery steps.

For example, if the team was developing a disaster recovery plan for an e-commerce website, involving stakeholders from the marketing team would help ensure that customer data and marketing campaigns are fully protected in the event of a disaster. Also, in this example, the marketing team would be the ones who are most qualified to answer wether or not the recovery plan did the trick.

2. Define the scope

Before we do anything else, clearly defining the fire drill’s scope is essential. It should include which type of failure we will simulate, which services will suffer what impact, and the recovery plan we will use to mediate the problem. Both developers, operations personnel, and business owners need to be part of defining the scope to ensure that it covers all vital areas.

Here is an example of a high-level, real-life scope from a fire drill we practiced with one of our clients. We stick to the high-level points in the scope to give a good overview.

Example of scope

1. Simulate a sudden increase in traffic to the Kubernetes cluster by throwing many requests to the applications running on the cluster.
2. Monitor the cluster’s response to the increased traffic and identify performance issues or bottlenecks.
3. Test the cluster’s ability to handle a node failure by simulating the loss of one or more nodes in the cluster.
4. Observe the cluster’s response to the node failure and ensure the applications run smoothly.
5. Verify that the Kubernetes autoscaling mechanisms are working correctly by adding additional nodes and observing the cluster’s ability to handle the increased load.
6. Document the results of the fire drill and identify any areas for improvement or optimization.

3. Simulate the failure(s)

The next step is to simulate the failure according to the scope of the drill. It could be as easy as manufacturing a high load or a node failure, as illustrated in our example scope, to be as complicated as your team likes the scenario to be.

Choosing what types of failures to practice depends entirely on how well you want your team and systems to handle different scenarios. We think keeping a healthy balance between accomplishing fire drills and improving the systems is essential, and our best tip is to limit your failure types to core backend components and expand when you get into the habit of exercising fire drills.

4. Activate the recovery plan

When your simulated scenario is activated, it’s time to start the recovery plan that you have already outlined in Step 1. The recovery plan should be well-defined and documented to cover all critical areas.

Some of the features in our container orchestration engine, Gardener, such as the ability to recover from backup or perform a rolling upgrade, can be used to recover from the failure. Other scenarios might need restoring network connectivity and relying on Kubernetes self-healing properties.

5. Validate the recovery

The last step is to validate that the recovery plan restored the system to its original state.

Besides checking the overall status of the cluster, including its nodes and system components, you need to verify the health and performance of the applications deployed on the cluster. Data consistency should also be critical to your recovery plan, especially for stateful applications or applications that persist data. Other practical tests include ensuring that your monitoring and logging services are functioning correctly and that your cluster can, once again, handle auto-scaling in response to increased workloads after recovering.

We keep coming back to the stakeholders but don’t forget to involve all of them in the validation process to ensure that as many areas as possible are covered.

6. Document a post-mortem

After the fire drill, it is time to conduct a post-mortem to evaluate the effectiveness of the recovery plan and identify any areas for improvement. Use the findings from the post-mortem to update the recovery plan and improve your system’s resiliency. 

Conducting regular fire drills in a Kubernetes environment, perhaps using our container orchestration engine, Gardener, is essential to ensure your system and staff are better prepared to handle failures.

The steps outlined in this article provide a rough framework for conducting effective fire drills in a Kubernetes environment. By following these steps, you, too, can identify and fix any major issues before an actual disaster strikes.

Martin Dahl

Customer Solutions Architect at Cleura

Karlskrona, Sweden

With over a decade in the field, Martin Dahl is an accomplished Solutions Architect specializing in containers, Kubernetes, and OpenStack.

Our Cloud Guide

Answer a number of questions about your business and your IT organization and we will give you an indication of which of our cloud services we think suits you and how we can help you.

1Terms

2Business

3Organisation

4Services

5Customers

6Contact

7Indication

Next

Which sector does your business belong to? *

• Consumer goods
• Realestate
• Finance
• Healthcare
• Industrial goods
• Information technology
• Power supply
• Medicines
• Medical devices
• Public sector
• Telco

Does your business belong to a regulated industry or public sector? *

• Yes
• No

The financial and healthcare sectors are examples of regulated industries. Businesses in these sectors usually have specific laws and rules that dictate how they can operate and, in some cases, some form of external supervision.

Number of employees *

• 0-9
• 10-49
• 50-249
• 250-499
• 500+

PreviousNext

Does your business have its own IT organization? *

• Yes
• No

Do any of these competencies exist within your IT organization? *

• IaaS (AWS, Cleura, Azure, Google Cloud and others)
• OpenStack
• Virtual IT operations
• No

Highlight all the competencies that exist within your IT organization.

How does your organization view the outsourcing of operational services? *

• We do not want to work with outsourcing
• We want to work more with outsourcing
• Don’t know / Don’t want to answer

PreviousNext

Does your business need specific services and solutions in any of the following areas?

• 5G & Edge Computing
• AI
• Data integrations
• E-health services
• E-signing
• Identity & Security
• Internet of Things
• Kubernetes
• Collaboration tools

In addition to operating in the cloud, we bring together an ecosystem of service providers who base their solutions on our cloud services, or use our services to offer versions of their solution with built-in regulatory compliance.

PreviousNext

Does your business have customers in regulated industries or the public sector? *

• Yes
• No

If your business has customers in sectors such as the public sector, finance or healthcare, there may be specific requirements for you as a supplier.

Regulated businesses, including those in the above-mentioned sectors, usually have specific laws and regulations that dictate how the activity in question may be conducted both directly and indirectly via subcontractors. In many cases, there is some form of external supervision.

PreviousNext

Get contacted by our cloud experts

Thank you for answering the questions! Please fill in your contact details to receive your indication.

Name *

Email *

Phone number *

Your personal information *

• I understand that Cleura will handle my personal data according to the privacy notice and that I will be contacted by a Cleura cloud expert.

PreviousGet our indication

Our recommendation – Compliant Cloud

Based on your answers, we believe that Cleura Compliant Cloud is the right cloud service for your organization. Furthermore, you have your own IT organization, which is a prerequisite for independently managing the operation and maintenance of your virtual IT infrastructure.

Compliant Cloud.
Compliant Cloud is IT infrastructure as a service for industries and companies with high security requirements.
It is a full-fledged, standalone cloud that, thanks to shell protection, security mechanisms, ISO certifications and specific logging, enables our customers to comply with their industry-specific data protection laws and standards.

Read more about Compliant Cloud.
How Folksam increases the pace of innovation with Cleura Compliant Cloud.
Why Evimiera stores patient records in Cleura Compliant Cloud

Our recommendation – Compliant Cloud with an integrator

Based on your answers, we believe that Cleura Compliant Cloud is the right cloud service for your organization. The lack of your own IT organization and the fact that you are positive about outsourcing all or part of your IT operations means that we recommend further dialogue with one of our integration partners.

Compliant Cloud.
Compliant Cloud is IT infrastructure as a service for industries and companies with high security requirements.
It is a full-fledged, standalone cloud that, thanks to shell protection, security mechanisms, ISO certifications and specific logging, enables our customers to comply with their industry-specific data protection laws and standards.

Read more about Compliant Cloud.
How Folksam increases the pace of innovation with Cleura Compliant Cloud.
Why Evimiera stores patient records in Cleura Compliant Cloud

Our recommendation – Compliant Cloud with or without an integrator

Based on your answers, we believe that Cleura Compliant Cloud is the right cloud service for your organization. Furthermore, you have your own IT organization, which is a prerequisite for independently managing the operation and maintenance of your virtual IT infrastructure, but since you are positive about outsourcing, we also recommend a continued dialogue with one of our integration partners.

Compliant Cloud.
Compliant Cloud is IT infrastructure as a service for industries and companies with high security requirements.
It is a full-fledged, standalone cloud that, thanks to shell protection, security mechanisms, ISO certifications and specific logging, enables our customers to comply with their industry-specific data protection laws and standards.

Read more about Compliant Cloud.
How Folksam increases the pace of innovation with Cleura Compliant Cloud.
Why Evimiera stores patient records in Cleura Compliant Cloud

We need to learn more about your challenges

Based on your answers, we need to learn more about your challenges in order to give an indication. Your answers indicate that Cleura Compliant Cloud is the right cloud service for your organization, but the lack of your own IT organization combined with the fact that you do not want to work with outsourcing means that we unfortunately cannot take a position on how you should proceed at this time.

Your answers indicated that your organization needs even more support in tackling the challenges of digitization and a closer dialogue on how we can help you on that journey.

We will contact you to book a meeting where we can find out more about your challenges and tell you more about how we can guide your business into the cloud.

We need to learn more about your challenges

Based on your answers, we need to learn more about your challenges in order to make a complete recommendation. Your answers indicate that Cleura Public Cloud is the right cloud service for your organization, but the lack of your own IT organization combined with the fact that you do not want to work with outsourcing means that we unfortunately cannot take a position on how you should proceed at this time.

Vi tolkar ditt svarsmönster som att du och din organisation behöver ännu mer stöd i att tackla digitaliseringens utmaningar och en tätare dialog kring hur vi kan hjälpa er på den resan.

Vi kommer att kontakta dig för att boka ett möte där vi kan ta reda på mer om era utmaningar och berätta mer om hur vi kan guida in er i molnet.

Our recommendation – Public Cloud

Based on your answers, we believe that Cleura Public Cloud is the right cloud service for your organization. Because you have your own IT organization, you have all the prerequisites to independently manage the operation and maintenance of your virtual IT infrastructure.

Cleura Public Cloud.
In our public cloud, you can quickly, easily and cost-effectively build a virtual server environment, container cluster or data lake directly in your browser or via our API. You choose which geographical region(s) you want to use and can easily build redundant environments for any type of use case.

Create an account and get started right away.

Our recommendation – Public Cloud with implementation and managed services or with an integrator

Based on your answers, we believe that Cleura Public Cloud is the right cloud service for your organization. The fact that you are positive about outsourcing all or parts of your IT operations means that you have several options on how to best tackle the digitalization journey. We can offer help with architecture, implementation, operation and maintenance but are happy to discuss whether an implementation partner may be the right way to go.

Cleura Public Cloud.
In our public cloud, you can quickly, easily and cost-effectively build a virtual server environment, container cluster or data lake directly in the browser or via our API. You choose which geographical region(s) you want to use and can easily build redundant environments for any type of use case.

Create an account and get started right away.

Professional Services
Our engineers and architects excel in open source solutions for cloud computing and distributed storage and can help your organization every step of the way. Whether you need us for various levels of technical support, deployment of an OpenStack environment or a storage cluster with Ceph, we have the knowledge and experience to guide you through the entire process.

Read about Professional Services.

Managed Services
Our Managed Services team can act as your remote hands to ensure your databases, backups, Kubernetes clusters and more are taken care of 24/7/365. These additional services can be applied to any part of your Cleura infrastructure and allow you to focus on what you do best while we do the same.

Read more about Managed Services.

Our recommendation – Public Cloud with or without an integrator

Based on your answers, we believe that Cleura Public Cloud is the right cloud service for your organization. Furthermore, you have your own IT organization, which is a prerequisite for independently managing the operation and maintenance of your virtual IT infrastructure, but since you are positive about outsourcing, you have several options to best tackle the digitization journey. We can offer help with architecture, implementation, operation and maintenance, but are happy to discuss whether an implementation partner may be the right way to go for your particular business.

Cleura Public Cloud.
In our public cloud, you can quickly, easily and cost-effectively build a virtual server environment, container cluster or data lake directly in the browser or via our API. You choose which geographical region(s) you want to use and can easily build redundant environments for any type of use case.

Create an account and get started right away.

Professional Services
Our engineers and architects excel in open source solutions for cloud computing and distributed storage and can help your organization every step of the way. Whether you need us for various levels of technical support, deployment of an OpenStack environment or a storage cluster with Ceph, we have the knowledge and experience to guide you through the entire process.

Read about Professional Services.

Managed Services
Our Managed Services team can act as your remote hands to ensure your databases, backups, Kubernetes clusters and more are taken care of 24/7/365. These additional services can be applied to any part of your Cleura infrastructure and allow you to focus on what you do best while we do the same.

Read more about Managed Services.

Education

All our IaaS services are based on OpenStack, an open source software built to operate clouds. It is a great advantage to let your IT organization learn all about how to manage your most important asset, your IT environment.

Our educational team can train your IT organization in various aspects of cloud computing. We provide both self-study and instructor-led training, technical documentation and customized courses for your specific needs. With our web-based training platform, we can help your IT organization reach its full potential through our online courses.

Read more about Cleura Cloud Academy.

Further training

All our IaaS services are based on OpenStack, an open source software built to run clouds.

According to your answers, your IT organization has expertise in OpenStack and we believe you can quickly get started and benefit from all the functionality our public cloud offers.

If your IT organization needs further training in cloud services in general and OpenStack in particular, we recommend taking a look at our training courses. Our educational team can train your organization in different areas of cloud computing. We provide both self-study and instructor-led trainings, technical documentation and customized courses for your specific needs. With our web-based training platform, we can help your organization reach its full potential through our online courses.

Read more about Cleura Cloud Academy.

Other services and solutions

Your answers indicate that your organization is in need of additional services and solutions provided by our customers and partners.

Compliant by Cleura
Compliant by Cleura is a collection of solutions, services and applications that use our cloud services. Their infrastructure layer (IaaS) processes and stores personal data in accordance with European data protection laws and regulations.

Explore Compliant by Cleura.

5G & Edge computing

Converstational AI

Data integrations

E-health services

E-signing

Identity & Security

IoT management

KPaaS

Collaboration tools

Send