How Many Kubernetes Clusters?

Please separate production and testing by having two separate Kubernetes clusters. Here is why:

Why separate testing and production?

• This is best practice for ensuring production stays stable and secure.
• Several data protection regulations require it:
  • ISO 27001 A.12.1.4;
  • HSLF-FS 2016:40 3 kap. 10 §;
  • HIPAA § 164.308(a)(4)(ii)(A);
  • GDPR Art. 32;
  • MSBFS 2020:7 3 kap. 1 §.

How to separate testing and production?

I recommend using a separate Kubernetes cluster for production.

I understand the pressure to save costs, but here are the issues you really want to discover before production:

• APIs may get removed between Kubernetes versions. Your application Helm Chart may no longer work.
• APIs of platform components may change. For example, cert-manager changed annotations before it hit version 1.x. If not caught, your application could have ended up exposed insecurely via HTTP.

Why not … ?

There are many other ways to separate testing and production.

• Namespaces
• Virtual Clusters, pejoratively called “glorified namespaces”

These are excellent way to share a testing cluster and avoid cluster sprawl.

They are also a good way to get started. No need to worry about downtime, if you have hardly any user to complain.

But in my experience, only a separate cluster properly tests the integration between the application and the platform.

✨ Please do your own risk assessment. Ask yourself:

How many minutes of downtime are equal to the cost of another Kubernetes cluster?