Because tech is moving so fast, I’ve been keeping dossiers in Evernote of open source products I have to learn more of. Like Kubernetes. This morning I suddenly thought this would be perfect for a blog.. if properly organized. My plan is to add new interesting material as soon as I have it.
Do you have a cracking good thing to add? Let me know in the comments!
[Update January 7th 2019] Added Performance section and a couple of articles for my reading list.
[Update January 15th 2019] Added CNCF Best Practices for security.
[Update January 21th 2019] Added Kubernetes Failure Stories.
A short description – in English
This wasn’t in my original tech dossier, but decided it could be helpful. What is Kubernetes? The standard answer is: it’s for container orchestration. What does that mean?
Think about the architecture of a website of an organization: these days they have more and more components. Especially with microservices. So you got web applications, databases, big data systems like Hadoop, search engine products like Elastic, and so on. A lot of them ran on virtual machines in the past. And then as Docker containers. Kubernetes allows you to quickly create them (“Quick! Install an Elasticsearch container for me, will you”), scale them (“Could you make 4 replicas for that? Thanks.”) and when one container fails it can quickly bring another one up again on another node.
Learning Kubernetes
A good starter course: Kubernetes from a DevOps Guru on Udemy.com.
An extensive course: Kubernetes Certified Administrator by School of DevOps on Udemy.com. Not only good to study for the Certified Kubernetes Administrator exam, but otherwise an exellent course to cover all your bases. Just look through the Indian accent, because these guys are excellent at explaining the technical topics. You can already look on GitHub for their bootcamp, to get an idea what they’re covering: https://github.com/schoolofdevops/ultimate-kubernetes-bootcamp
There’s also Kubernetes on the Cloud and the CNCF CKA Certification. Haven’t tried this one yet.
And Google has videos to get you started with Kubernetes:
It’s hard to keep up though: https://gravitational.com/blog/kubernetes-release-cycle/#
There’s even is a Children’s Illustrated Guide to Kubernetes. Useful, even for older children 🙂
Building your own Kubernetes cluster
On VirtualBoxesses
Because I’m a cheapskate, I don’t want to pay by the hour in the cloud. I just want to run it on a bunch of VirtualBoxes on my laptop. I’ve found these two tutorials to do it. But unfortunately I didn’t know Kubernetes well enough to understand some of the instructions.
Building a Kubernetes Cluster in VirtualBox with Ubuntu by Kevin Hoffman
Kubernetes over Ubuntu on VirtualBox by Mike Gravilov
How to get the necessary port forwarding on VirtualBox done: http://blog.johannesmp.com/2017/01/25/port-forwarding-ssh-from-virtualbox/
Nowadays I have my own four node cluster on VirtualBoxes thanks to the Kubernetes Certified Administrator by School of DevOps course. They have excellent step by step instructions to do it. And with their Vagrant setup, even I can 🙂 .
In the cloud
Building a Kubernetes cluster, the hard way – by Kelsey Hightower.
Kubernetes clusters for the hobbyist – has useful information on properly securing your cluster.
Using Kubernetes for personal projects
But should you use Kubernetes for personal projects?
Here’s a blogpost that says it’s great: http://www.doxsey.net/blog/kubernetes–the-surprisingly-affordable-platform-for-personal-projects
And here’s a response that says you shouldn’t: https://carlosrdrz.es/kubernetes-for-small-projects/
Performance
Schedule bpftrace programs on your kubernetes cluster using the kubectl
Security and Kubernetes
Kubernetes best practices by the Cloud Native Computing foundation: https://www.cncf.io/blog/2019/01/14/9-kubernetes-security-best-practices-everyone-must-follow/
Puja Abbassi has just started a series on this topic. Starting here: https://itnext.io/why-is-securing-kubernetes-so-difficult-e64f6e30f35c
The silent CVE in the heart of Kubernetes API server. Explanation on the recent vulnerability of Kubernetes (CVE-2018-1002105).
Privilege escalation through the Kubernetes Dashboard (CVE-2018-18264): https://galattacity.com/bs-entertainment/cve-2018-18264-privilege-escalation-through-kubernetes-dashboard/
Backups
https://kubernetes.io/docs/getting-started-guides/ubuntu/backups/#snapshot-etcd-data
https://kubernetes-incubator.github.io/kube-aws/advanced-topics/etcd-backup-and-restore.html
Every hype has it’s other side
Preparing for the CKA certification
Where to register for the exam: https://www.cncf.io/certification/cka/
(You didn’t hear it from me, but there’s a coupon code for 15% off: KUBERNETES15 )
This practical exam takes 3 hours and still you might come up short in time. So: prepare!
A good list of stuff you need to know about: https://kubernetes.io/docs/tasks/
Always handy to know your way to the Kubernetes reference: https://kubernetes.io/docs/reference/
Walid Shaari made a list of topics and links to documentation.
A good tip from Prabhat Sharma in here: make a short alias for kubectl at the beginning of the exam, so you can run these commands just a little faster: https://prabhatsharma.in/blog/how-i-passed-certified-kubernetes-administrator-exam-on-first-attempt/
An extensive list of Kubernetes learning resources: https://docs.google.com/spreadsheets/d/10NltoF_6y3mBwUzQ4bcQLQfCE1BWSgUDcJXy-Qp2JEU/edit#gid=0
kubectl explain is very useful when you need explanations quickly: https://blog.heptio.com/kubectl-explain-heptioprotip-ee883992a243?gi=493f0e6ecb65
In the news
Kubernetes in Google Cloud was down for 3 days. I mean. Wow.
Kubernetes Federation is a way to run your application on multiple Kubernetes clusters. I suspect we’re going to hear more about this. https://kubernetes.io/blog/2018/12/12/kubernetes-federation-evolution/
On my reading list:
The horrors of upgrading etcd beneath Kubernetes
More horrors: the horrors of using Azure Kubernetes Service in production
Stateful service design considerations for the Kubernetes stack
Benchmark results of Kubernetes network plugins (CNI) over 10 Gbit/s network
Managing Ingress controllers on Kubernetes (Currently a 4 part series)
10 Most Read Kubernetes Articles on my Blog in 2018.
Comparing Kubernetes Service Mesh Tools