2021-10-13

“Hello World”- Palette 2.0

It is a well-known fact that tech companies love abbreviations - it is almost an institution. For the Spectro Cloud engineering team, we go with “PIE” - Pursuit of Innovation and Excellence. This is how we define our culture and the relentless pursuit that enables us to solve some of the most cutting-edge Kubernetes problems for enterprises. Our team’s drive to not settle for a barely working solution but to excel and provide the best possible experience for our customers in terms of usability and enterprise-readiness, is what makes this new version of Palette truly best-in-class.

Version 1.0 of Spectro Cloud’s Kubernetes management platform was launched in June 2020. Since COVID hit last year, we have been constantly working with a select few enterprise customers and partners to refine the product to be truly enterprise-grade. Since our product is delivered as SaaS (with self-hosted and air-gapped options to meet various customer requirements), it is easy to introduce new features every other week. Today we are proud to announce the new version of our platform, Palette 2.0.

login

What’s new in Palette 2.0

Our mission with Palette is simple: to build the best Kubernetes enterprise management platform out there. One that really makes containers accessible to every organization, with all the “bells and whistles” that give peace of mind for IT Operations teams without needing to be scripting gurus, and the flexibility for development teams to get exactly what they need to focus on their applications.

Our end-to-end architecture, based on creating reusable templates from any cluster - we call them Cluster Profiles - is focused on simply making sure that everything “just works”, not just when deploying Kubernetes environments, but across the full lifecycle of day 0, day 1 and day 2 operations.

marketecture

Let’s take a look at some of the key features of Palette 2.0:

  • Existing cluster management: Customers should not be required to go through the pain of re-provisioning clusters when they need to adopt a new management platform. Our unique existing cluster management capability fulfills this requirement, by simply deploying a management agent into an existing cluster. Users can immediately gain visibility (health, cost), governance (RBAC, quota control), add-on integration management, and comprehensive day 2 operations (backup/restore, compliance reporting, OS patching, cert rotation and more). Clusters can be imported from any cloud, data center or edge location and even from other Kubernetes management solutions!

  • Full-stack bare metal support: As Kubernetes is maturing, we see more and more customers interested in deploying directly on bare metal servers. This not only gives better performance but also removes the operational overhead of hypervisor management and license cost. It also paves the way for having a converged container and VM management system all under one roof, also known as “container-native virtualization”. Unlike some other solutions on the market, Palette’s bare metal support, based on our recent open source contribution, works for all hardware vendors, without the need to buy any proprietary infrastructure. Perhaps more importantly, it is not a “bring-your-own-OS” approach, which means that Palette can deploy and manage clusters from top-to-bottom: from the Operating System, to the Kubernetes and add-on application services, all managed with the same declarative, profile-based approach. Check out Saad’s relevant blog at The New Stack.

  • Enhanced cost visibility and optimization: Cost in the Kubernetes world means more than just access to generic public cloud spend. Customers need more granular cost insight down to cluster namespaces, pods , and add-on application services. They also need metrics. This is why we have developed a unique algorithm that compares all pods’ costs to the overall Kubernetes spend to identify cost efficiencies. These features not only can help customers to do proper internal showback and chargeback, but also allow them to improve their efficiency by right-sizing clusters.

  • Logical workspace for multi-cluster namespace governance: Many enterprises run several large clusters for dev/test by isolating developers to namespaces. While this “soft” tenancy model provides a level of isolation for applications, visibility and governance - especially for applications that tend to span across multiple namespaces and sometimes across clusters - poses a huge challenge. Logical workspaces enable users to aggregate namespaces from multiple clusters into one entity to have cost visibility, access, and quota control.

  • Webhook for alerting: Palette continuously monitors and collects cluster health status, and sends it to our management plane. Many customers have been asking for multiple integrations with collaboration and ITSM tools, such as Slack, Microsoft Teams, ServiceNow and others. So we have created and exposed a webhook to enable customers to easily have alerts sent to a Slack channel or a Teams group, or automatically generate a ticket in ServiceNow, further improving the way they are staying ahead of problems and supporting their Kubernetes environment.

  • Reverse proxy with seamless OIDC authN/authZ for Kubernetes access: To access Kubernetes using kubectl, typically the Kubernetes API server needs to be exposed. This might be ok in a private data center environment since everything is behind the firewall, but it is not for a public cloud one, as it would directly expose the API Server over the Internet. In order to get around that risk, our platform gives the flexibility to customers to have configurable approaches for each cluster to choose from: 1) kubeconfig with direct API server endpoint; 2) kubeconfig with an endpoint from the management plane: the target cluster establishes a fully-encrypted TLS reverse proxy tunnel to the management plane, so that the API Server is not directly exposed. In both cases - on-prem data center direct API exposure and public cloud reverse proxy - kubectl can seamlessly handle authentication and authorization with external IDP via OIDC, so that IDP will be the single source of truth for all identity and group memberships.

I could not be more excited and proud about what we have delivered between the two versions, but also what we already have “in the oven”! I wanted to thank the entire engineering team for their passion and dedication, the late nights and weekends. Last but not least, our customers and technology partners for their critical support and commitment in our vision.

Go Spectro Cloud team!