Kubernetes – Third-party companies

Since the Kubernetes project’s initial release, there has been a growing ecosystem of partners. We looked at CoreOS, Sysdig, and many others in the previous chapters, but there are a variety of projects and companies in this space. We will highlight a few that may be useful as you move toward production. This is by no means an exhaustive list and it is merely meant to provide some interesting starting points.

Private registries

In many situations, organizations will not want to place their applications and/or intellectual property in public repositories. For those cases, a private registry solution is helpful in securely integrating deployments end to end.

Google Cloud offers the Google Container Registry at https://cloud.google.com/container-registry/.

Docker has its own trusted registry offering at https://www.docker.com/docker-trusted-registry.

Quay also provides secure private registries, vulnerability scanning, and comes from the CoreOS team, and can be found at https://quay.io/.

Google Kubernetes Engine

Google was the main author of the original Kubernetes project and is still a major contributor. Although this book has mostly focused on running Kubernetes on our own, Google also offers a fully managed container service through the Google Cloud Platform.

Find more information on the Google Kubernetes Engine (GKE) website at https://cloud.google.com/container-engine/.

Kubernetes will be installed on GKE and will be managed by Google engineers. They also provide private registries and integration with your existing private networks.

You create your first GKE cluster by using the following steps:

  1. From the GCP console, in Compute, click on Container Engine, and then on Container Clusters.
  2. If this is your first time creating a cluster, you’ll have an information box in the middle of the page. Click on the Create a container cluster button.
  3. Choose a name for your cluster and the zone. You’ll also be able to choose the machine type (instance size) for your nodes and how many nodes (cluster size) you want in your cluster. You’ll also see a choice for node image, which lets you choose the base OS and machine image for the nodes themselves. The master is managed and updated by the Google team themselves.
  4. Leave Stackdriver logging and Stackdriver monitoring checked. Click on Create, and in a few minutes, you’ll have a new cluster ready for use.
  5. You’ll need kubectl, which is included with the Google SDK, to begin using your GKE cluster. Refer to Chapter 1, Introduction to Kubernetes, for details on installing the SDK. Once we have the SDK, we can configure kubectl and the SDK for our cluster using the steps outlined at https://cloud.google.com/container-engine/docs/before-you-begin#install_kubectl.

Azure Kubernetes Service

Another cloud-managed offering is Microsoft’s Azure Kubernetes Service (AKS). AKS is really nice because it allows you to choose from industry standard tools such as Docker Swarm, Kubernetes, and Mesos. It then creates a managed cluster for you, but uses one of these toolsets as the foundation. The advantage is that you can still use the tool’s native API and management tools, but leave the management of the cloud infrastructure to Azure.

You can find out more about ACS at https://azure.microsoft.com/en-us/services/container-service/.


ClusterHQ provides a solution for bringing stateful data into your containerized applications. They provide Flocker, a tool for managing persistent storage volumes with containers, and FlockerHub, which provides a storage repository for your data volumes.


Portworx is another player in the storage space. It provides solutions for bringing persistence storage to your containers. Additionally, it has features for snapshotting, encryption, and even multi-cloud replication.

Please refer to the Portworx website for more information: https://portworx.com/.


Shippable is a continuous integration, continuous deployment, and release automation platform that has built-in support for a variety of modern container environments. The product touts support for any language with a uniform support for packaging and test.

Please refer to the Shippable website for more information: https://app.shippable.com/.


Twistlock.io is a vulnerability and hardening tool that’s tailor-made for containers. It provides the ability to enforce policies, hardens according to CIS standards, and scans images in any popular registry for vulnerabilities. It also provides scan integration with popular CI/CD tools and RBAC solutions for many orchestration tools such as Kubernetes.

Please refer to the Twistlock website for more information: https://www.twistlock.com/.

Aqua Sec

Aqua Sec is another security tool that provides a variety of features. Image scanning with popular registries, policy enforcement, user access control, and container hardening are all covered. Additionally, Aqua Sec has some interesting functionality in network segmentation.

Please refer to the Aqua’s website for more information: https://www.aquasec.com/.

Mesosphere (Kubernetes on Mesos)

Mesosphere itself is building a commercially supported product around the open source Apache Mesos project. Apache Mesos is a cluster management system that offers scheduling and resource sharing, a bit like Kubernetes itself, but at a much higher level. The open source project is used by several well-known companies, such as Twitter and Airbnb.

You can find out more information about the Mesos OS project and the Mesosphere offerings at the following sites:

  • http://mesos.apache.org/
  • https://mesosphere.com/

Mesos, by its nature, is modular, and allows the use of different frameworks for a variety of platforms. A Kubernetes framework is now available, so we can take advantage of the cluster management in Mesos while still maintaining the useful application-level abstractions in K8s. Refer to the following link for more information: https://github.com/kubernetes-incubator/kube-mesos-framework.


The Deis project provides an open source Platform as a Service (PaaS) solution based on and around Kubernetes. This allows companies to deploy their own PaaS on-premise or on the public cloud. Deis provides tools for application composition and deployment, package management (at the pod level), and service brokering.


Another PaaS solution is OpenShift from Red Hat. The OpenShift platform uses the Red Hat Atomic platform as a secure and slim OS for running containers. In version 3, Kubernetes was added as the orchestration layer for all container operations on your PaaS. This is a great combination for managing PaaS installations at a large scale.

More information on OpenShift can be found at https://enterprise.openshift.com/.

Comments are closed.