Capabilities of hybrid cloud platform (functional architecture)
Core container platform
- Self-service portal
- Multi-tenancy (isolation between security zones / values streams)
- Container registry
- Kubernetes support
- Knative support (FaaS)
- Trusted and up to date base images for popular tools/frameworks/middleware
- Host affinity (e.g. graphics cards for ML).
Hybrid cloud
- Cloud-bursting
- Single management pane
- Supported for major cloud vendors
Networking
- Ingress gateway / load balancer
- Service Mesh
- API Gateway
- Software-defined networking
- Secure access to network zones in classic stack
Storage
- CSI support (Container Storage Interface)
- Hot/cool/cold storage tiers (operational/archive/disaster recovery)
Security
- Secrets management (e.g. Vault integration)
- SSO (OpenID Connect service)
- PKI service (with local CA)
- Container security & vulnerability scanning
- Automated infra provisioning, repave underlying nodes
- CIS benchmark for underlying nodes
- Intrusion detection
Observability
- Monitoring/metrics (OpenMetrics, Prometheus Stack)
- Central logging (Elasticsearch)
- Distributed tracing (Jaeger)
CI/CD
- CI/CD support
- K8S-native CI/CD pipelines
- GitOps framework, support for composite application services
Support
- Generally supported by commercial third party vendors (e.g. middleware, databases, low code platforms)
- Generally available knowledge/training
- Should run on development devices (shift-left)
Data infra as a service (vision: Data Mesh; will share more as vision / use cases evolve)
- Event Log (Kafka): for event-driven microservices, integration, IoT streams
- Object Store (S3, e.g. Minio): cloud-native alternative to file systems; message store for claim-check pattern
- Cloud-friendly RDBMS (e.g. Postgres)
- Wide-column database (e.g. Cassandra): for discrete time series vectors
- Graph DB (e.g. Neo4j): for provenance