Chef and Kubernetes

Scale Kubernetes Adoption and Lower Maintenance Costs with Chef

Chef helps accelerate the adoption of high value technologies like Kubernetes by building technology-agnostic automation that makes it easy to deliver applications to any platform. Using Chef, DevOps teams build compact, immutable artifacts that eliminate run-time failures and can be deployed on-premises, in the cloud, on Kubernetes, or on whatever platform comes next. This helps organizations ensure any initial savings gained from the implementation of a new technology aren’t outweighed by higher operational overhead and compliance remediation costs in the future.

The Power of Kubernetes Depends on the Quality of Containers it Manages

Container solutions have provided organizations with the means to deliver applications in a way that’s lightweight, immutable, and portable. This, in turn, enables the creation of highly efficient, distributed architectures for their environments. While Kubernetes has improved how organizations schedule and orchestrate containers, it doesn’t address challenges related to creation and maintenance including:

Opaque Containers: Inspecting and determining what exactly is running in a live container can be difficult.
Security & Compliance: Detecting which containers are affected by new regulatory requirements or threats and then planning remediation is not straightforward.
Non-Cloud Native Apps: Migrating older apps using a “lift and shift” approach moves the app and everything else running along with the app, resulting in bloated, hard-to-manage containers.

Less is More:
Minimized Containers Maximize ROI

Kubernetes has no opinion on what goes into a container; it just runs them. The better containers you give Kubernetes to manage the better job it can do. Chef believes the best way to build good containers is to minimize what goes into them. The less you put into a container, the less you have to manage, and the less you have to worry about when that container becomes part of a Kubernetes cluster.

Chef’s Approach to Kubernetes

Chef delivers simplicity to Kubernetes by abstracting an application from the underlying operating system and bundling it with the dependencies it needs to run. By abstracting the application from both the internal (library) and external (service) dependencies, an immutable build artifact is created that is guaranteed to run the same in any environment. This not only creates a minimal build artifact, but one that can be easily inspected and audited, whether you’re building a new cloud-native application or migrating existing applications into modern environments.

By building containers with Chef Habitat, organizations can dramatically increase the quality of the containers they build and reduce the time and effort it takes to deploy and maintain applications deployed in Kubernetes.

“The combination of Chef Habitat and Kubernetes has significantly accelerated our microservices migration and expanded the number of teams that can move apps forward with cloud adoption.”

Nicholas Kirschbaum
Manager of Automation Platforms, Alaska Airlines

Benefits of Using Chef with Kubernetes

Efficiency

Create minimal, predictable container builds across all apps. Mount new secret and config maps and reload services automatically.

Continuous Compliance

Applications built with Chef Habitat can be easily audited to ensure vulnerable libraries are not in use and compliance policy is being followed.

Portability

Apps are no longer dependent on underlying OS versions or infrastructure and can be easily ported across on-premises and cloud environments.

Solution Spotlight:
Microsoft Azure Kubernetes Services

Chef Habitat offers direct support for publishing to Azure Container Registry (ACR), which allows customers to implement a seamless, integrated workflow from pushing code to GitHub to deploying to Azure Kubernetes Services (AKS).

Read the Blog

Key Products

Chef Habitat is patented application lifecycle management automation platform that enables app teams to standardize the way they: define run-time dependencies (like the jre or ruby) and build-time dependencies (like the jdk or gcc); how they initialize an app: how they run an app: and how that app interacts with other apps.

All of these outputs are then consolidated together into a single package versioned and stored along the app source code. The package can then be consumed by any CI/CD system and run in any environment – bare metal, VM, or a container on platforms like Kubernetes or Red Hat OpenShift.

Chef InSpec is a framework for testing and auditing applications and infrastructure. Chef InSpec works by comparing the actual state of a system with the desired state of a system.

Chef InSpec can inspect a Docker container via the Docker API. This provides the ability to make assertions about a live, running container without requiring any changes to the container’s contents or build process.