There are a bunch of ways to jump into Kubernetes, the open-source platform for orchestrating virtualized containers for software application deployment. An enterprise could run it on its own on-premises data center. It could also consume it from a service provider — maybe one running its entire cloud on the same Kubernetes service its selling.

The latter option is what it would get if it opted for IBM Corp.’s Cloud Kubernetes Service.

“The service that we provide to all of our customers, we’re actually running all of IBM Cloud on it,” said Daniel Berg (pictured), distinguished engineer, IBM Cloud Kubernetes Service and Istio, at IBM. “So all of our services — the Watson services, the cloud database services, our Key Protect service, identity management, billing, all of it.”

IBM deploys Kubernetes at massive scale, so it gets lots of practice solving glitches. It contributes solutions upstream to the Kubernetes open-source community. Wading knee-deep through the technology, IBM picks up useful dos and don’ts. It regularly infuses them back into the service, according to Berg.

Berg spoke with John Furrier (@furrier) and Stu Miniman (@stu), co-hosts of theCUBE, SiliconANGLE Media’s mobile livestreaming studio, during the KubeCon + CloudNativeCon event in Seattle, Washington. They discussed right and wrong ways to work with Kubernetes and why some companies create their own solutions while others buy ready-made products. (* Disclosure below.)

Dos, don’ts and zero downtime

Topping Berg’s “don’t” list is adopting Kubernetes for the heck of it. “We’ve seen some really crazy uses of Kubernetes, where they’re on Kubernetes but they’re not really, like, what I say, ‘Kube native,'” Berg said.

These customers do a bare-bones lift and shift of legacy applications to Kubernetes. They don’t adhere to Kubernetes principles and practices; they don’t have the proper probes, scheduling hints or quotas. It’s like: Why are they there, anyway? Berg pointed out.

“At the end of the day, if you truly want to get the value out of cloud and cloud native, your’e going to do an [application] rewrite eventually,” he said. 

Other customers put containers in VMware Inc. mini virtual machines for added security. This is questionable, according to Berg. True, running multi-tenant clusters with untrusted content requires caution.

“First and foremost, I would say, don’t do it, because you’re adding risk,” he stated. If they do, though, a VM might be a good safety net. But an isolated cluster with full isolation levels down to the hardware in a trusted environment? “I think it’s overkill, then,” he added. 

Berg’s, admittedly biased, Kubernetes “do”: Consume it as a managed service from a provider who lives and breathes it and invests massively in updating it with no downtime.

Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s coverage of the KubeCon + CloudNativeCon event. (* Disclosure: IBM Corp. sponsored this segment of theCUBE. Neither IBM nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE