Tech dossier: Kubernetes

Because tech is moving so fast, I’ve been keeping dossiers in Evernote of open source products I have to learn more of. Like Kubernetes. This morning I suddenly thought this would be perfect for a blog.. if properly organized. My plan is to add new interesting material as soon as I have it.

Do you have a cracking good thing to add? Let me know in the comments!

[Update January 7th 2019] Added Performance section and a couple of articles for my reading list.

[Update January 15th 2019] Added CNCF Best Practices for security.

[Update January 21th 2019] Added Kubernetes Failure Stories.

 

A short description – in English

This wasn’t in my original tech dossier, but decided it could be helpful. What is Kubernetes? The standard answer is: it’s for container orchestration. What does that mean?

Think about the architecture of a website of an organization: these days they have more and more components. Especially with microservices. So you got web applications, databases, big data systems like Hadoop, search engine products like Elastic, and so on. A lot of them ran on virtual machines in the past. And then as Docker containers. Kubernetes allows you to quickly create them (“Quick! Install an Elasticsearch container for me, will you”), scale them (“Could you make 4 replicas for that? Thanks.”) and when one container fails it can quickly bring another one up again on another node.

 

Learning Kubernetes

A good starter course: Kubernetes from a DevOps Guru on Udemy.com.

An extensive course: Kubernetes Certified Administrator by School of DevOps on Udemy.com. Not only good to study for the Certified Kubernetes Administrator exam, but otherwise an exellent course to cover all your bases. Just look through the Indian accent, because these guys are excellent at explaining the technical topics. You can already look on GitHub for their bootcamp, to get an idea what they’re covering: https://github.com/schoolofdevops/ultimate-kubernetes-bootcamp

There’s also Kubernetes on the Cloud and the CNCF CKA Certification. Haven’t tried this one yet.

And Google has videos to get you started with Kubernetes:

View at Medium.com

It’s hard to keep up though: https://gravitational.com/blog/kubernetes-release-cycle/#

There’s even is a Children’s Illustrated Guide to Kubernetes. Useful, even for older children 🙂

 

Building your own Kubernetes cluster

On VirtualBoxesses

Because I’m a cheapskate, I don’t want to pay by the hour in the cloud. I just want to run it on a bunch of VirtualBoxes on my laptop. I’ve found these two tutorials to do it. But unfortunately I didn’t know Kubernetes well enough to understand some of the instructions.

Building a Kubernetes Cluster in VirtualBox with Ubuntu by Kevin Hoffman

Kubernetes over Ubuntu on VirtualBox by Mike Gravilov

How to get the necessary port forwarding on VirtualBox done: http://blog.johannesmp.com/2017/01/25/port-forwarding-ssh-from-virtualbox/

Nowadays I have my own four node cluster on VirtualBoxes thanks to the Kubernetes Certified Administrator by School of DevOps course. They have excellent step by step instructions to do it. And with their Vagrant setup, even I can 🙂 .

 

In the cloud

Building a Kubernetes cluster, the hard way – by Kelsey Hightower.

Kubernetes clusters for the hobbyist – has useful information on properly securing your cluster.

 

Using Kubernetes for personal projects

But should you use Kubernetes for personal projects?

Here’s a blogpost that says it’s great: http://www.doxsey.net/blog/kubernetes–the-surprisingly-affordable-platform-for-personal-projects

And here’s a response that says you shouldn’t: https://carlosrdrz.es/kubernetes-for-small-projects/

 

Performance

Schedule bpftrace programs on your kubernetes cluster using the kubectl

 

 

Security and Kubernetes

Kubernetes best practices by the Cloud Native Computing foundation: https://www.cncf.io/blog/2019/01/14/9-kubernetes-security-best-practices-everyone-must-follow/

Puja Abbassi has just started a series on this topic. Starting here: https://itnext.io/why-is-securing-kubernetes-so-difficult-e64f6e30f35c

The silent CVE in the heart of Kubernetes API server. Explanation on the recent vulnerability of Kubernetes (CVE-2018-1002105).

Privilege escalation through the Kubernetes Dashboard (CVE-2018-18264): https://galattacity.com/bs-entertainment/cve-2018-18264-privilege-escalation-through-kubernetes-dashboard/

 

Backups

https://kubernetes.io/docs/getting-started-guides/ubuntu/backups/#snapshot-etcd-data

https://kubernetes.io/docs/tasks/administer-cluster/configure-upgrade-etcd/#backing-up-an-etcd-cluster

https://kubernetes-incubator.github.io/kube-aws/advanced-topics/etcd-backup-and-restore.html

 

Every hype has it’s other side

Kubernetes failure stories

 

Preparing for the CKA certification

Where to register for the exam: https://www.cncf.io/certification/cka/

(You didn’t hear it from me, but there’s a coupon code for 15% off: KUBERNETES15 )

This practical exam takes 3 hours and still you might come up short in time. So: prepare!

A good list of stuff you need to know about: https://kubernetes.io/docs/tasks/

Always handy to know your way to the Kubernetes reference: https://kubernetes.io/docs/reference/

Walid Shaari made a list of topics and links to documentation.

A good tip from Prabhat Sharma in here: make a short alias for kubectl at the beginning of the exam, so you can run these commands just a little faster: https://prabhatsharma.in/blog/how-i-passed-certified-kubernetes-administrator-exam-on-first-attempt/

An extensive list of Kubernetes learning resources: https://docs.google.com/spreadsheets/d/10NltoF_6y3mBwUzQ4bcQLQfCE1BWSgUDcJXy-Qp2JEU/edit#gid=0

kubectl explain is very useful when you need explanations quickly: https://blog.heptio.com/kubectl-explain-heptioprotip-ee883992a243?gi=493f0e6ecb65

 

In the news

Kubernetes in Google Cloud was down for 3 days. I mean. Wow.

Kubernetes Federation is a way to run your application on multiple Kubernetes clusters. I suspect we’re going to hear more about this. https://kubernetes.io/blog/2018/12/12/kubernetes-federation-evolution/

 

On my reading list:

The horrors of upgrading etcd beneath Kubernetes

More horrors: the horrors of using Azure Kubernetes Service in production

Stateful service design considerations for the Kubernetes stack

Benchmark results of Kubernetes network plugins (CNI) over 10 Gbit/s network

Managing Ingress controllers on Kubernetes (Currently a 4 part series)

10 Most Read Kubernetes Articles on my Blog in 2018.

Comparing Kubernetes Service Mesh Tools

Tinder’s move to Kubernetes

 

About Marcel-Jan Krijgsman

In 2017 I made the leap to Big Data after 20 years of experience with Oracle databases. I followed courses on Hadoop, Big Data Analytics, Machine Learning and Python, MongoDB and Elasticsearch.
This entry was posted in Kubernetes, Tech dossier and tagged , , , , , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.