Brainstorm Meeting

High Security and Performance K8s

On Bare Metal to Improve Scientific Research

European Union
LOCATION
Not-For-Profit
INDUSTRY
Kubernetes Consulting
Service Provided
01. CLIENT

About the Client

BUSINESS

The client is a significant European research organization bound by stringent regulations and can’t use the public cloud due to compliance and data privacy regulations.

BACKGROUND

Missing internal bare metal Kubernetes expertise the Client contracted a hardware provider and asked Maven Solutions to deliver the software infrastructure solution.

02. Project Challenge

INITIAL REQUEST

The Client needed flexible computing resources that meet the highest security standards while providing a solution capable of supporting extensive container infrastructures and a few projects with high-performance needs. Kubernetes on bare metal fit the bill.

THE CHALLENGE

The Client needed a Kubernetes strategy to run it on-premises in their data centers while improving infrastructure utilization and realizing cost savings.

Maven Solutions helped the Client accomplish the stated goals by leveraging various tools and strategies to analyze, optimize, and manage project costs effectively while maintaining performance and reliability.
01
Secure cloud options were way too costly for the available budget.
02
Full data ownership was further more important than any alternative.
03
Specialized bare metal expertise was not available in-house.
03. SOLUTION

PROJECT SOLUTION

Data Compliance

The client, a prominent European scientific organization, faced the challenge of data security compliance while working with an exploding workload for data analysis.

As their operations expanded, they encountered complexities in effectively analyzing and optimizing capacity across multiple clusters and needed an integrated hardware and software solution that maintained cost-effectiveness while upholding performance and reliability standards with rapidly scaling workloads.
Running K8s on bare metal can help reduce application tail latencies and significant compute core savings but can also be challenging for the DevSecOps team.

Maven Solutions consulted the DevOps and infrastructure teams to implement a multifaceted approach leveraging a combination of tools, strategies, and best practices in on-premise Kubernetes consulting.

Our Strategic Approach

Instead of setting up virtual machines, we established guides on how to configure actual hardware.
This included dealing with hardware compatibility issues, kernel modules, and drivers to optimize Kubernetes.

Node configuration

We proposed best practices for setting up the network, DNS & storage configurations.
For scaling, we outlined the manual preparation of nodes and their addition to the cluster.

Backup and migration

Without virtual machine snapshots, a different approach was needed for backup and migration. Also, we found new ways to back up server OSes and move them to hardware selected by the client.

Scaling planning

Scalability is vital for Kubernetes on bare metal. Predicting future growth, we designed the Client’s infrastructure with additional nodes, storage, and network equipment in mind.

High availability

We established the process of setting up load balancers, backup network switches, power sources, and other backup equipment.
We also configured the etcd database, control plane nodes, and worker nodes to ensure they can handle failures.

Security measures

We established security measures at both the physical and software levels. We established a plan and implemented strong security practices like strict authentication, secret management, and network traffic encryption from the start.

Monitoring сonfiguration

We created and implemented the Client’s monitoring system using tools like Prometheus, Grafana, and Loki.
We also set up log processing and alert notifications for important whole system, OS level, Kubernetes level events.
We provided a robust Kubernetes solution on bare metal, ensuring scalability, security, and high availability for the client's growing workload.
04. Results

Value Delivered

Complete security control
  • Advanced security
  • Virtualization avoidance
  • Lower risk of attacks
Infrastructure flexibility
  • Specific GPU/CPU instructions
  • Special network card functions
  • Server & OS configurations
Maximum performance
  • Direct use of server resources
  • High performance & low latency
  • Best for ML and AI model training

Cost control
  • 40% cost savings
  • Optimal performance & reliability
  • Always-on clusters
DevSecOps Engineer
EU Research Lab
The on-premise Kubernetes solution by Maven met our growing needs without compromising our stringent security requirements. We planned, and achieved cost discipline, and were able to launch the planned projects on time.
As an added benefit, we do not need to focus on putting out infrastructure fires, it just works within the boundaries we specified.
BUDGET DISCIPLINE
With improved resource cost insights we are able to forecast and budget IT infrastructure costs reliably.
BETTER DEVSECOPS EFFICIENCY
With a better customized solution, our research teams can reliably schedule and complete projects on time almost 100% of the time.

Connect with a Kubernetes Expert

Andrew Korolov

Founder & Solution Architect

About your meeting

1. Describe Your Challenge & Vision
2. Share Your Business Goals
3. Get Your Kubernetes Roadmap