Michael Schmid ·
Feb 05, 2020 · 5 min read
When we started building Lagoon, best practices for containerized hosting were still being developed, and building everything based on OpenShift was an obvious choice, as it provided an enterprise-class solution.
As the cloud-native landscape has grown, native Kubernetes has not only become the industry standard to maintain, start, and deploy containers, but a broad open-source ecosystem has been built around it, and now provides a lot of the tools and features that were previously only available in Openshift.
Our main work in 2020 is to offer and expand on support for native Kubernetes in Lagoon. This shift will allow amazee.io to build and deploy clusters more easily, streamline maintenance efforts, and offer more opportunities for Lagoon to take advantage of, and contribute to, all the newest advantages and features of Kubernetes.
Running Lagoon on a more traditional Kubernetes multi-cluster architecture will allow for more clusters with smaller nodes and fewer pods, and allow even more flexibility to host with Lagoon anywhere in the world. amazee.io will offer cloud hosting in the UK and Germany in early 2020 with many more locations to come.
The changes we are making now will not change the basic setup of Lagoon itself, initially offering projects the ability to deploy to Kubernetes clusters in addition to Openshift. The stretch goal for 2020 is to make Kubernetes the default for all Lagoon deployments, in addition to continuing to support OpenShift. As Openshift moves from version 3 to 4 — a change that will not support a simple upgrade between them — they’re supporting the more recent versions of Kubernetes out of the box, so bringing Lagoon up to date with Kubernetes support will benefit all users, regardless of platform.
Although this may sound like a large shift, the developer process for deploying into Lagoon will be unchanged, and any needed migrations will be straightforward, with scripts to help us automate the processes.
A New Level of Autoscaling
Although Lagoon already makes autoscaling easy, Kubernetes opens up the possibilities of even more specific flexibility. Instead of manually adding nodes when traffic demands it, clusters will be able to add and remove them as needed even within short timeframes. amazee.io can set parameters for a minimum and a maximum number of nodes to use and let Kubernetes scale as needed. This can work even for short fluctuations in traffic such as a site with a sudden influx of unplanned activity, as well as scaling non-production clusters down overnight and at weekends. This lowers maintenance overheads significantly since Kubernetes can procure, configure, and manage the cluster on its own.
Quicker Set-Up and Maintenance
Using our current system, in order to do maintenance on a node, we must remove it from the cluster, update it, then bring it back online. Doing this process manually can occasionally mean longer outages during our weekly maintenance windows. With the managed Kubernetes services, the ability to replace an in-cluster node will ensure that maintenance windows can be faster and more regular. It even opens up the possibility of continual maintenance which could potentially eliminate most maintenance downtime altogether.
Harbor is a Docker registry that performs image scanning and image signing inside a Kubernetes cluster. Depending on the roles and setup of a project, vulnerabilities can be introduced in the dockerfile creation process. Harbor can guard against these by testing created Docker images before they are deployed. By making more use of this open-source tool, we can gather more information and enforce security standards on the images to offer even more security while deploying critical workloads.
While many Lagoon users and amazee.io customers already use firewall protection at the edge, there are still cases where traffic may bypass them and go directly to the cluster, skipping the CDN and WAF altogether. While we don’t regulate how people set up their CDN we realize that setting up a WAF in Lagoon itself will increase security for the cluster itself. This is a way we can increase security out of the box while maintaining the flexibility of using Lagoon with different setups. Lagoon WAF will also allow for simple rules to be implemented on-cluster in addition to any rules deployed at the edge.
Docker Image Verification
The Lagoon Base Docker images provided by and maintained by amazee.io are vetted carefully, and we will be looking to offer more transparency into the application versions that we are testing and deploying. Because these images are built on other open-source projects, we will be looking to strengthen our verification and reporting systems to serve as a docker image supply chain, allowing everyone to see that the tools and images they are using have been certified and approved by amazee.io on behalf of our community. This will reduce the risk of users deploying a project or site with an image that has a vulnerability or contains malware.
More Power to the Users
As we continue to improve the Lagoon UI, we’ll be adding support for additional features that will allow users to self-service their projects more, and rely less on support/helpdesk interactions. This will include updating their own SSH keys, and add and edit projects from the dashboard. Supporting this is the RBAC system we released in 2019, which lets each user and company set roles and define who has access to edit or add projects within their team.
Additionally, we’re working on even more transparency through automatic usage reports and billing systems. This will allow users to track their usage, gather more metrics and possibly even track costs in real-time directly from the Lagoon UI.
We’re also working on expanding and refining our documentation, to empower users to explore and utilize all that Lagoon has to offer.
If there are features, additions or documentation improvements that you’d like to see, please reach out to us or file a GitHub issue, and we will see what we can do!
Community and Contributions
As we bring Lagoon into the Kubernetes world, we’re excited to be a part of the greater open source cloud-native community. We’ll be contributing code and improvements, attending Kubernetes events, and writing blogs and documentation that will help the community at large.
Much of our work to improve Lagoon and expand it into Kubernetes is supported through our work with contribution-focused clients. We’ve built up a lot of knowledge on the tools and helpers required to manage and maintain clusters at scale — and we’re excited to bring those learnings back into the main Lagoon product.
The opportunity to develop custom solutions and added features through our work and give back to the community supports our values of continuous contribution and transparency in everything we do. Here’s to another great year of open-source hosting!
We want to say thank you to all the people that supported Lagoon so far and cheers to all the people that will help Lagoon become what it will be in the future. Also thank you to all the governments, enterprises, and companies that support Lagoon by allowing us to contribute back the features we implement for them. This is an incredible journey and the whole Lagoon team is very excited for 2020. If you want to be part of it in any way, please don’t hesitate to reach out at firstname.lastname@example.org.