Like it or not, SAS Viya 4 is going to have a tremendous impact on every Viya administrator. No longer will a Viya admin be able to lord over a domain of dedicated hardware without regard for other applications or administrators. Viya 4 will only run in a Kubernetes cluster which will likely host other application and be managed by a Kubernetes admin. Many of the tasks usually performed by a Viya admin such as monitoring services, examining logs, and starting/stopping/restarting services are going to rely on existing cluster management tools such as Grafana, Kibana, and kubectl commands. The tasks still need to be done but getting them done will require cooperation and collaboration with the Kubernetes admin who will need to enable the Viya admin with sufficient access and authorization to the tools. Ultimately, the line blurs between the responsibilities a Viya admin is handles and those a Kubernetes admin handles. The fact that these two areas of responsibility overlap in many cases creates an interdependence between the two roles.
Consider the Kubernetes admin for a moment. With a focus and responsibility for the entire cluster, they
Consider the SAS Viya admin. With a primary focus on SAS Viya, they
[I am going to refer to the Viya admin and the Kubernetes admin in singular form throughout this post, fully aware that each persona may involve multiple people.]
To oversimplify it, the Viya admin is responsible for a portion of the cluster while the Kubernetes admin is responsible for the entire cluster, including Viya.
However, in order for both admins to be successful, they will need to help each other and combine their domain knowledge to solve problems. The Viya admin may need to help the Kubernetes admin understand workload patterns in Viya in order to properly allocate certain Viya pods to appropriate nodes. Think CAS...without knowing something about how it works, the Kubernetes admin may not understand that they should separate worker pods or try to bind them to nodes with sufficient resources. Likewise, the Kubernetes admin may need to help the Viya admin by performing certain actions on behalf of the Viya admin that require elevated cluster privileges. Or it may be necessary for the Kubernetes admin to grant limited privileges to the Viya admin to allow them to self-manage a Viya namespace.
There are a few areas where one can envision situations where the Viya admin and Kubernetes admin will need to collaborate including:
So who will be responsible for monitoring Viya 4? I believe the Viya admin and the Kubernetes admin will both participate in monitoring activities. Because Viya is but one part of the cluster, the Kubernetes admin monitoring the cluster will be looking at the metrics for Viya as a part of the bigger picture. Similarly, the Viya admin will want to see how things are going in the Viya namespace but is less likely to care as much about non-Viya activity and resources. They will both be using something like Grafana, but the Viya admin will probably be given access to see only the resources and namespaces for Viya.
I think we can expect cases where the Kubernetes admin notices 'unusual' resource usage patterns emanating from the Viya namespace and subsequent conversations in which the Viya admin explains what CAS_DISK_CACHE does or how Viya users can easily cause CPU or memory spikes when running high-end analytics.
The Viya admin may also see unexpected situations after which they may need to work with the Kubernetes admin to better understand the overall workload on the cluster, not just the VIya workload.
Together, the two admins help each other understand the nuances of Viya or how Viya behaves as a citizen of the larger cluster community.
Logging in Viya 4 will likely continue to be primarily the domain of the Viya admin but there will still be a need to work with the Kubernetes admin to view log messages. Log messages from Viya pods are streamed to stdout where they are collected, aggregated, and persisted by Elastic Search and eventually viewed with an application like Kibana.
Viya admins who are used to combing physical Viya logs will now either have to use Kibana or go to the Kubernetes admin every time logs need examining. I don't believe it will take long before the Kubernetes admin simply grants access to Kibana to the Viya admin with access to see log messages emitted from the Viya namespace.
This is an interesting one. Before Viya 4, Viya admins could issue scripts or commands to start, stop, or restart Viya services. In the Kubernetes world, starting, stopping, or restarting Viya services is primarily done via the kubectl command to manipulate pods and which requires elevated privileges.
For example, if a change was made requiring a restart of the identities service to surface, a command similar to this would delete the current identities service pod but cause Kubernetes to restart a new one to satisfy the manifest requirements that there be at least one identities service pod:
kubectl --namespace viyadev delete pod identities-5d66fcf9fb-tbv6v
Typically, the Kubernetes admin would be responsible for running such a command due to its power. At first, one can imagine the Viya admin having to ask the Kubernetes admin to restart identities for them. Maybe it happens twice, or three times...a day. At some point, the Kubernetes admin will decide that they do not want go through this every day. In that case, the Kubernetes admin will probably delegate certain abilities to the Viya admin but limiting their scope to just one or more Viya namespaces. At this point, the Viya admin can be more self-sufficient but also be prevented from accidentally running commands outside of the Viya world.
I could go on with other examples but I think you get the point. There is not going to be a set-in-stone list of tasks that a Viya admin always does and another list for the Kubernetes admin to do. The admins will likely work together and need to help each other to keep users happy.
SAS is certainly aware of the need to help Kubernetes admins learn about Viya and to help Viya admins learn about Kubernetes. Viya 4 documentation splits these two worlds into our best guess as to who will do what. The SAS Viya Operations documentation is for the areas Kubernetes admins will likely oversee such as deployment and maintenance.
The more traditional Viya admin tasks are covered in SAS Viya Administration documentation which helps with authorization, data, promotion, and other areas.
Who does what will largely depend on the skills of the two admins. It may take a Viya admin some time to prove themselves worthy of the trust of the Kubernetes admin before being granted more access to tools outside of Viya itself which means the Kubernetes admin will bear a larger administrative burden, at least at first. Over time, as the Viya admin gains Kubernetes skills and as the Kubernetes admin builds a better understanding of Viya and a trust of the Viya admin, they will begin to build independence. Until then, keeping users happy will require a certain amount of interdependence between the two admins.
Registration is open! SAS is returning to Vegas for an AI and analytics experience like no other! Whether you're an executive, manager, end user or SAS partner, SAS Innovate is designed for everyone on your team. Register for just $495 by 12/31/2023.
If you are interested in speaking, there is still time to submit a session idea. More details are posted on the website.
Data Literacy is for all, even absolute beginners. Jump on board with this free e-learning and boost your career prospects.