Hybrid Multicloud
The growing adoption of multicloud strategies by enterprises is fueled by several benefits: avoiding vendor lock-in to guarantee business continuity if a particular vendor discontinues operation for any reason, optimizing costs by balancing workloads across cloud vendors to optimize costs, or complying with regulatory requirements.
However, very few enterprises depend solely on public cloud solutions; they often incorporate an on-premises environment into their infrastructure. Remaining cloud agnostic while simultaneously leveraging cloud native technology presents a significant challenge for many companies.
Solution
Our Kubernetes-based platform seamlessly deploys across multiple public clouds and on-premises environments, offering:
Results
The platform enhances application portability, enabling deployments on-premises or any public cloud, optimizing workload deployment for cost efficiency or compliance, and ensuring a cloud agnostic security framework for all applications, regardless of deployment location.
Behind the scenes
Leveraging managed Kubernetes servicesâsuch as AKS, EKS, GKE, and on-premisesâwe built a secure platform layer on top.
We adopted SPIFFE as a uniform identity control plane across public cloud and on-premises infrastructure. This, combined with a service mesh, provides a security framework to identify and authorize all workloads. Consequently, it enables the enforcement of data access management policies.
Adopting a GitOps approach offers a declarative way to configure all application deployments. It also provides a version control system and an audit log for all changes applied to any environment.
Our observability stack is based around the Grafana core LGTM stack (Loki, Grafana, Tempo, Mimir) for logs, metrics, and traces.
The Technology
- Managed Kubernetes (Azure Kubernetes Service, Google Kubernetes Engine, Amazon Elastic Kubernetes Service, on-premises Kubernetes)
- Open source SPIRE (SPIFFE Runtime Environment)
- Istio service mesh
- Flux for GitOpsÂ
- Grafana LGTM stack for observability
The Expertise
- Kubernetes
- Service mesh
- GitOps
The Expert
âWhen you have many services that produce and/or consume data across various clouds or on-premises, ensuring data security becomes increasingly difficult.
We addressed these challenges by implementing a service mesh based on Istio, which allows us to uniquely identify data streams, encrypt all communications, and authorize both internal and external parties consuming these services.
We integrated Grafana LGTM stack with the service mesh to provide telemetry for workloads, enabling effortless collection of metrics, logs, and traces.
However, maintaining a uniform configuration across diverse clusters was challenging. We spent a lot of effort in developing automation workflows to express simplified configurations and generate required manifests for each cluster environment.â
”When you have many services that produce and/or consume data across various clouds or on-premises, ensuring data security becomes increasingly difficult.
Nick Van RymenantInfrastructure & Automation Engineer
Join us!
Want to work on similar projects?
Introverts and extroverts, geeks, nerds, and digital poets... Klarrio is the perfect place to learn and teach, experiment and brainstorm, exercise your brain, and feed your passion. Surrounded by people with amazing, world-changing talents.
Contact us!
We're your one-stop cloud-native partner
We design cloud native, cloud agnostic software solutions to empower you to control your data, limit cloud costs, and optimize performanceâall without compromise. What can Klarrio do for you today?
Other Projects
Just a few projects examples.