In the first installment of our Community Spotlight series, I asked Geoff Burke from Tsunati to share his experience with Kubernetes and Calico Open Source. Geoff talks about how he got started with Kubernetes, the challenges that led him to search for a Container Network Interface (CNI), and why he has chosen Calico Open Source as his preferred CNI.
If you are just getting started with Kubernetes and curious about where other people start their journey, this blog post provides valuable insight and information.
Q: Please tell us a little bit about yourself, including where you currently work and what you do there.
I’m currently a senior cloud solutions architect at Tsunati. We are a data protection company and we focus on backup and recovery, mainly trying to help service providers enhance their services. We have a lot of virtualization expertise. In fact, I am a Veeam legend and a Veeam Vanguard. I also work quite intensely with Kasten by Veeam, which is a Kubernetes-native backup and recovery migration application.
Q: There are many people who are just getting started with Kubernetes and might have a lot of questions. Could you please talk a little bit about your own journey?
I would consider myself a relative newbie to Kubernetes; however, I have taken all the exams and have all the certifications that are out there for Kubernetes. I only really started this journey two years ago. In comparison to my history and experience with physical computers and virtualization, my experience with Kubernetes is a lot less. Since Tsunati is a company that deals with many other companies, we have to be ready to deal with any kind of platform. Therefore, we’ve been working with Rancher, OpenShift, Tanzu, and bare-metal Kubernetes.
I think the challenge with Kubernetes, especially for the foreseeable future, is that many of us are new to the Kubernetes platform. It’s a very steep learning curve, so we’re going to look for applications or aspects of Kubernetes that are reliable and not overly complicated.
Q: What were some of the challenges that led you to search for a CNI?
My interest really became focused while I was creating my own kubeadm bare-metal setups. I had three main issues:
- One of the issues I had (and still have) with these bare-metal setups is that as I was setting them up—and I had a lot of clusters in our DR (disaster recovery) environments, which are multi-tenants—I couldn’t find something that simplified and then covered everything at the same time. Especially in the CNI area of Kubernetes.
- For our security, we need to have more than just network policies in Kubernetes. Network policies are a great tool but they’re not all-encompassing. We’re missing some key aspects with basic Kubernetes networking. Specifically, Kubernetes network policies don’t protect the hosts.
- We have mixed environments such as Kubernetes and VMs. In our business, we find that the more solutions you involve in a project the more complicated things get and there is a greater chance they won’t be successful.
Q: There are other CNIs out there—What stood out about Calico for your needs?
Calico provides a solution for all of the issues I just mentioned. First of all, Calico has its own network policies. It doesn’t mean you have to give up Kubernetes network policies; you can use them at the same time. Calico extends Kubernetes network policies to global network policies and multi-namespace network policies, allowing you to create one network policy that affects multiple namespaces. That’s extremely helpful, especially when you are just starting off.
Furthermore, Calico can protect the host. You can create network policies to protect hosts and VMs at the same time. This is really important because it means you don’t need to have five different solutions for the same problem.
Again, because we are using Kasten and it does cloud migrations, you can migrate from one distribution of Kubernetes to another, and it has a transform mechanism there where you can change aspects, for instance, your container storage interface (CSI). Having a very dependable CNI that has a lot of things wrapped up all into one is very important to us. Calico seems to be the no-brainer choice for this.
Q: Have you used any other technologies such as a different orchestrator or a CNI?
Before getting involved in Kubernetes, I set up a Docker swarm cluster and it was much simpler. However, I lost the flexibility. I don’t think you can get rid of the complication without giving up some flexibility. So it’s important to define components in Kubernetes, which will allow you to do this but in an easy way.
Q: Can you tell our open source users more about your learning experience with Calico?
To begin my learning, I completed the Certified Calico Operator: Level 1 certification. I found it to be challenging. Even though the final exam was open book, it wasn’t something you could just ‘wing’ and I felt that it was worthwhile completing. Now there’s a new course, Certified Calico Operator: eBPF, which I’m working on.
When I started to look a bit deeper into the resources and features, I found that Calico offers a lot more possibilities. I have not had time to discover everything yet, but I’m hoping my participation in the Big Cats ambassador program will enable me to discover more. To not only teach others, but also teach myself simultaneously, which I find very exciting!
Q: Do you have any feedback for the Project Calico community about Calico resources?
Setting up Calico in one of my first bare-metal installs was very simple. The instructions were very clear and it was up and running just like that. I found it to be the easiest CNI to install—I didn’t have any problems with it.
My main goal is to really go deeper into Calico, and at the same time share the knowledge that I have gained. One thing that I like a lot about the Kubernetes community is it reminds me of the Linux community in the late 90s: very helpful, humble, and no one’s going to look down on you for asking a question that you might think is silly. So that’s a very good spirit to have in a community and it makes people want to learn more. I think there are a lot of newbies out there and being a part of the Calico community is a great opportunity for us all to continue on this journey together.
Sign up for one of our free certification courses to learn Kubernetes networking and security fundamentals using Calico!
For collaboration, reach out to us at devadvocacy [at] www.tigera.io.
Join our mailing list
Get updates on blog posts, workshops, certification programs, new releases, and more!