KubeSphere: A New Pluggable Kubernetes Application Management Platform

A comprehensive, opinionated platform to help enterprises adopt Kubernetes by integrating with familiar tools.

Earlier this year, I dove into popular multi-cluster Kubernetes management solutions, including Rancher, Google Anthos, Azure Arc, and Volterra. Afterwards, one of the readers pointed me to KubeSphere, an open-source Kubernetes platform which uses kubefed underneath the hood to manage multiple Kubernetes clusters across different cloud providers. Following the tutorial on how to manage clusters deployed to DigitalOcean and Amazon EKS, I quickly realized that KubeSphere is more than just a multi-cluster Kubernetes management tool. In fact, it’s more of a Kubernetes application management platform with native integrations for observability, cost management, service mesh, external authentication, and CI/CD plugins.

So how does KubeSphere compare against self-managing various open-source tools for a production-grade cluster? Let’s dive into each of KubeSphere’s features.

KubeSphere Ecosystem

At a high-level, KubeSphere organizes applications via workspaces and projects. A workspace can span multiple clusters and holds projects and other plugins (e.g. Jenkins) as well as RBAC roles to manage resources and access. Within each workspace, multi-tenancy is controlled by projects, which are just Kubernetes namespaces. This is important to note since project isolation is subject to the same Kubernetes namespace features and not something stronger like vclusters. Still the built-in user management per project is a nicer experience than configuring Kubernetes roles and rolebindings natively. Projects also enforce resource quotas and a default ingress controller (NGINX).

For users wanting to use a service mesh, KubeSphere provides a built-in plugin for Istio when servicemesh.enabled is set to true. This installs the typical istio components (e.g. istio, ingress gateway) as well as monitoring tools (e.g. Kiali, Jaeger).