Klever’s Use of Google’s Kubernetes Engine to Deliver Excellence, by Head of DevSecOps Vinícius Niche Correa
How Klever leverages Google’s open-source platform Kubernetes to deliver excellence and reliable services to its users worldwide, by Klever's Head of DevSecOps Vinícius Niche Correa.
First of all, I would like to introduce myself. I’m Vinicius Niche Correa, but most call me by my nickname Vini. At Klever, I’m the Head of DevSecOps & Software Architect.
I have always loved technology and was eager to learn since my early days, by myself, from others, personally or over the internet. It was this passion that led me to start my professional career as a developer, specifically with Java at the time and eventually jumping into the infrastructure world.
The combination of these experiences gave me the wider perspective needed to help on the architecture and process enhancements for Klever’s solutions.
Today we’ll be talking about Kubernetes, also known as K8s, which is an open-source system we use at Klever for automating deployment, scaling, and management of containerized applications.
Kubernetes is one of the key components that empowers the Klever ecosystem to achieve:
Scalability: Infrastructure grows alongside our users base and shrinks when in lower-usage hours
Reliability: Fast-recover from potential outages and high availability through multiple running servers
Security: By default, Kubernetes services are only accessible inside its network.
Of course the real value of K8s lies in the dedicated teams behind the operations and product development, but the platform does a great deal to ease things so we can apply more effort on the experience itself rather than on the tools that support it.
Development to Market
To keep it short, we at Klever rely on GitOps for automated deployments and Kustomize to write once and achieve multiple stages on running environments, which are usually Development, Staging and lastly, what our users see and consume, Production:
We practice this by having a Base file with the structure that will be present on all environments and environment specific configurations which only carries customizations.
For instance: On Base we make available for a server 0.2 CPU and 256 Megabytes of memory and in Production we need 0.5 CPU and 512 Megabytes of memory. This means that we only have to customize Production and leave both Development and Staging to inherit Base settings.
With operations running as expected, there are still extra capabilities we need to ensure it will stay that way, such as:
This allows our services to behave the same with 100 or 1,000 or 10,000 or 100,000 users, and we achieve this by fine-configuring Kubernetes Horizontal Pod Autoscaler native functionality, along with custom metrics from Google’s Cloud Monitoring, which through testing we found to be more reliable than the cluster native metrics.
We also need the ability to quickly identify whenever a server is misbehaving and eventually take an action.
For this, Klever relies on both Kubernetes native Health Check to replace malfunctioning servers upon failures and Grafana Cloud Synthetic Monitoring to monitor the whole service quality and uptime and notify operators when thresholds are met, like higher response times or error rates.
There are several components that ensures the highest level of security on our servers and its provided services, the ones worth mentioning are:
Kubernetes is designed to not expose services by default, so for this to happen it must be done explicitly.
HashiCorp’s Vault that enables secrets (eg.: database credentials) to be managed and consumed as a service.
Mutual authentication for end-to-end secured encrypted communications, where in combination with x509 certificates secured services, clients also need to carry their keypair and be verified by servers when connected.
What sets Klever as a whole apart from other companies and blockchain firms is the constant eagerness to improve on every aspect from products, development, culture and processes to community engagement, all together learning from our own mistakes and the mistakes of others in order to keep leveling up the quality of our products and services.
Klever’s software architecture of our operations using Kubernetes, along with other scalable and flexible development tools, assist us in achieving this goal, so our users can enjoy the most reliable and high performance app experience technologically possible.
Vinícius Niche Correa
Klever Head of DevSecOps & Software Architect