There were a lot of really good questions during the Kubernetes workshop Q&A. Our Community Guy Dave McAllister hunkered down yesterday to write out answers to each of them (with the exception of one really thought-provoking question).
We compiled all of the questions and answers below (there’s 33 btw), so get comfy and dig in. Let us know if you have any other questions, and or have suggestions for improving the answers provided, by emailing info at scalyr dot com.
Q&A from the Kubernetes Workshop
(Note: We preserved people’s questions “as is” from the workshop, typos and all.)
- Are minions the containers?
A node is a worker machine, also called a minion. That can be a VM or a physical node. Nodes/minions lead to pods which leads to containers. - Hi, how can we do security scanning for K8s nodes, what are some of the best practices for K8s security, will SSH be the only way to ensure K8 node security
This would be a great topic for a future workshop. But not being a security guy, let me point you to “A Hacker’s Guide to Kubernetes Security” as a starting point - [Not a question, but a share from an attendee] https://github.com/kelseyhightower/kubernetes-the-hard-way
Thanks, Oscar! This is a great resource for all things Kuberrnetes. - Right now, which cloud providers offer managed Kubernetes and who is the best as of now?
Almost every cloud IaaS offers Kubernetes services. Rather than try to pick a leader, let me point you to an excellent summary here from Chris Ward of CodeShip. - So, Kubernetes is another application sitting on top of actual application? If so, is there any monetary aspect attached to it in terms of buying licenses
Kubernetes itself is an open source product, under the management of the Cloud Native Compute Foundation. As such, there are no licensing fees. In managed Kubernetes services there are definitely charges, but again, not licensing. - I would be interested in seeing how you could use Kubernetes to implement RED/Green deploys and also Canary builds…
That could be another topic for an upcoming webinar. An approach I’ve seen was to create a component that creates the new deployments, does a health check, then reconfigures the load balancer from the old to the new instances. You can check out more on this approach since the company open sourced the component. - Is Kubernetes highly available? Or can it be configured in such a way?
Yes, Kubernetes is designed to be highly available. It does require configuration. And monitoring of Kubernetes itself is highly recommended. - Does Kubernetes fit if I want to want to architecture a serverless web application using Azure Functions and Proxy?
Well, for Azure Function, yes you can, according to this post. You could also mimic Azure functions in Kubernetes with Kubeless. Azure Proxy might be a bit more of a challenge. - Does Kubernetes fit if I want to architecture a serverless web application?
It certainly works well. The initial serverless working group at CNCF produced two pieces: A Serverless Overview Whitepaper and the Serverless Landscape. Since then the CNCF TOC agreed to have the working group continue its work and develop the CloudEvents specification. It might be worth checking out this pretty nice list as well, even if it is becoming a little dated. - What is the tool that Christian is using on the screen now?
Visual Studio Code - In a typical on-prem kubernetes implementation- master, nodes/minions, etc. are the physical hosts? if so what would be the base OS for them?
You can always use a preferred Linux distribution, but we would also suggest looking over the following advice. After all, Kubernetes can run on almost anything. - The node has an IP address, too , right? Similar to a hypervisor with vms?
Yes, nodes have a hostname, an external IP, and internal IP. - Is it logging that orchestration? (adding the new pod after one was deleted)
Yes, you can see those logs from Kubernetes. In fact, we strongly recommend that you have access to the logs at every level of the infrastructure, orchestration, node, pod, container as well as your apps. In modern architectures, the ability to quickly get to the root cause is important, and as abstractions go up, being able to dig into the abstractions likewise increases in importance. - Is there any limit for replicas for master?
You can take a look at all the limits that you’ll have with Kubernetes and large clusters here. - Can you add pods based on some performance characteristic? connections / CPU use? etc?
Yes, it’s not that mature yet but you can use Node Affinity/Anti-Affinity. Starting with Kubernetes 1.6, four advanced scheduling features were added: node affinity/anti-affinity, taints and tolerations, pod affinity/anti-affinity, and custom schedulers. There is also a very solid slide deck on this topic from Kublr. - Would it be correct to call Kubernetes an orchestration tool for containers
Absolutely. Kubernetes is the leading orchestration for containers. - So, I need to establish VLANs permissions between pods that are in two different nodes that are in different VLANs?
Maybe. Your mileage may vary: In a Kubernetes cluster, all containers should communicate with each other without NAT. All nodes should communicate with all containers without NAT. The IP as seen by one container is the same as seen by the other container (in other words, Kubernetes disallows any IP masquerading). Pods can communicate regardless of what Node they sit on. - Can we use an optional External IP in K8s’ service?
Well, the short answer is yes. However, it may require some additional considerations, like adding an ingress controller and a LoadBalancer to allow you to deliver the packets correctly. - Can I arrange a full pipeline of environments? I mean, containerize an app in development, UAT, preproduction and production, each one in a different pod.
I suspect you can. The challenge would be in managing your structure, not the orchestration. An easy way would be to create a K8s cluster for each stage and manage the migration/promotion in a DevOps model. - Are there guidelines on what workload sizes make sense to transition to Kubernetes?
Wow, a tough question, and a great topic for another workshop. The easy answer is that Kubernetes is designed for huge environments (think of the original creator, Google, and what they run). There are some interesting concerns, like persistent storage and managing node resources correctly. - Would this be relevant for an up and coming developer?
Kubernetes, in its orchestration role, is part of the deployment of apps in public, private, hybrid clouds, on-premise and everywhere. It is well worth your time to learn about orchestration and how it impacts design, development and deployment. - How are Services, Deployments, and Pods all linked together? Is it solely based on the “label”?
In Kubernetes, Labels are really just that, a method to add a recognizable name to an item. What I believe may be the resolution is to define a service resolvable, and expose that hostname through Kube DNS - Or is there a concept or service a developer should learn first before Kubernetes?
Kubernetes itself is fairly straightforward (though made up of lots of pieces).
It’s worth understanding containers (containerd) in particular and the basics of virtual networks would come in handy as well. A useful place to start is this tutorial (and the other tutorials as well). This one from freecodecamp is pretty spot on, depending on your starting point. - How 2 pods(or containers) can talk to each other if located on different node/cluster and so on a different network?
kube-proxy is responsible for implementing a form of virtual IP for Services of a type other than ExternalName. Using kube-proxy is a way to enable this communication to be handled. - How easy is it to configure persistent storage between pods?
Ouch. Welcome to the not easy stuff. Given the number of steps, let me direct you to the official Kubernetes documentation on configuring persistent volume storage. - How does the performance in K8s compare to non K8s deployments? Is there an overhead added with pods managements?
There is virtually no overhead in the performance, as most of orchestration does deal with deployment. That’s not to say none, as some are required, but the comparative to orchestrating in Kubernetes versus manual make the performance degradation noise. - What is the Scalyr’s relationship with Kubernetes?
Scalyr is a member of the Cloud Native Compute Foundation. The Scalyr log management tool, including alerts and dashboards, understands Kubernetes as a service type and brings the unmatched performance of Scalyr into the increasingly large and complex environments orchestrated by Kubernetes. - Is Scalyr the Openshift competition?
OpenShift is a Platform as a Service (PaaS) offering. Scalyr is a cloud-based log search and management service. Scalyr could take the logs from OpenShift, its underlying IaaS, the K8s and container environments (if present) and allow free-form searching at 1.5 TB/sec (that’s as fast as downloading 500 HD movies in 1 sec). - What is Node Affinity/Anti-Affinity?
Node Affinity/Anti-Affinity is one way to set rules on which nodes are selected by the scheduler, introduced as beta in Kubernetes 1.6. This feature is a generalization of the nodeSelector feature which has been in Kubernetes since version 1.0. You can find out more here. - Can you link the github to the sample code that was used today?
Sure thing: Christian’s demos are here. You can try Scalyr for free for 30 days; note the trial is in a production environment (what you see is exactly what our customers use daily). - So Scalyr is a competitor to ELK and Splunk?
Yes. Scalyr is fast log search and management, with current search speeds in excess of 1.5 TB/sec (as fast as downloading 500 HD movies in 1 sec). Providing real-time alerts, collaboration features including annotations and Slack, Scalyr requires no query language, has no limits to scale and delivers a near-no-learning curve experience. Scalyr is different due to no keyword indexing, using a columnar NoSQL database. You can learn more about Scalyr (and try it for yourself) at our website. - How Kubernetes monitors the usage of compute resources? Does Scalyr allows to log the compute resource usage?
Kubernetes is not designed to be self-monitoring. However, there are a number of technologies that have evolved to allow you to monitor Kubernetes and its use. These include parts like Kubelet and Prometheus. Scalyr monitors all of the compute resources for the cluster environment and allows drill down to each portion. These can be viewed as metrics, charts on a dashboard and also by log search to deep dive into impact. - Does k8s affect the performance of an application in any way? given that it adds additional layers of abstraction.
Kubernetes has virtually no impact on your actual running application, especially if compared to the same app in a container. There can be a vanishingly small impact on start-up, but the automated nature certainly covers this compared to any manual or competing solution.