Ongoing Optimization

As you reach full Kubernetes maturity, you will now be focused on optimizing and automating your environment. This includes optimizing Kubernetes for cost and efficiency, automating as much as possible and regularly running configuration validation to check against errors.

Now that you are tracking and measuring, you will have data in dashboards. This will help you optimize Kubernetes to be more efficient or reliable. You’ll make small changes that make a big difference. For example, you may be able to optimize your clusters by:

• Using the right instance type based on your workload needs
• Scaling on custom metrics vs generic CPU usage
• Moving to multi-region to serve global traffic more efficiently
• Tracking and managing cost of cloud spend
• Decreasing risk in upgrades by increasing workload resiliency

You will never stop optimizing your clusters. As new data emerges and your applications run with more users, you will need to continuously look at dashboards and adjust. This is the last stage of maturity and it is hard to do. You’ll want to take one problem at a time for optimization.

This is the pinnacle of maturity. Until now, you have been doing everything by hand. Here you want to automate everything you’ve done manually during the previous phases. For example, you will:

• Review your Infrastructure as Code (IaC) to ensure it is solid
• Use monitoring failures to restart or manage problematic and failing resources
• Automatically audit and flag misconfigurations or security issues 
• Remove human access from production in favor of service accounts
• Build, upgrade and back up systems and infrastructure via software and tooling

Finally, you’ll use configuration validation tools built into the CI/CD process to ensure security, reliability and efficiency problems are not deployed to production. Using policy-as-code, you’ll be able to:

• Automate deployment guardrails and security best practices through Open Policy Agent (OPA) integrations at the CI/CD stage, or as an admission controller.
• Automate issue detection during application development to prevent mistakes from entering production in the first place.
• Gain continuous visibility into your Kubernetes security posture by scanning containers for vulnerabilities and auditing clusters for weaknesses.

You are likely to be challenged with: 

1. Policy management from CI/CD through production
2. Workloads and other Kubernetes resources using resources inefficiently, scaling improperly or not performant 
3. Costs are climbing or are not well understood 
4. Reliability issues still require a lot of human intervention and toil

• You are enforcing compliance by streamlining the handoff from development to operations through policy-driven configuration validation of containers and Kubernetes.
• Policy enforcement is included throughout the CI/CD process through to production preventing mistakes from causing security or reliability challenges.
• You are creating custom policies using OPA.
• You can dig into advanced Kubernetes reliability, efficiency and security practices.