Skip to main content

Posts

Kubernetes: 21. Secrets

Passwords In the webapps we store the properties file for storing and retrieving the data required by application But we never store the application passwords, truststore, keystore passwords etc here We might store them in an encrypted format, but storing them as plain text is not the correct way In Kubernetes we store these sensitive information in Secrets https://medium.com/avmconsulting-blog/secrets-management-in-kubernetes-378cbf8171d0 Secrets Secrets are used to store the sensitive information They are similar to ConfigMaps, except that they are stored in hashed or encoded format Note that they are only encoded (using base64) but are not encrypted So secrets are a safe option to store sensitive information but infact they are not the safest option As such secret objects should be not checked into source code tools, its best to store them encrypted at REST in ETCD Again as in ConfigMaps, we have to create the secrets object first and then inject them into the pods There are 2 ways
Recent posts

Kubernetes: 20. ConfigMaps

  A Java map is a object that maps key to value. The key has to be unique. Environment Variables Environment variables can be directly added into Pod definition file under specs.env array But they will be limited to only the pod for which they are added For new Pods, the environment variables have to be added again ConfigMaps ConfigMaps are a way of storing the data in key: value pair This data is then injected into Pods via the definition file The data injected can be created as environment variables in the pod Or the data is just injected as a file that then can be used by the pod Create ConfigMaps There are two ways to create the ConfigMaps like any other Kubernetes objects Imperative  Declarative Note that in the declarative way there is no specs , we instead have data section config-map APP_COLOR: Blue APP_ENV: Prod config-map-creation-imperative kubectl create configmap -> Imperative way of creating configmap <config-name> --from-literal=<key>=<value>

Kubernetes: 19. Configure Application

Configuring application consists of Configuring commands and arguments on applications Configuring environment variables Configuring secrets Docker Commands docker run ubuntu  -> Runs ubuntu container and exit, container CMD is set to [bash], so the container quitely exits docker run ubuntu echo "Hello World" -> Runs ubuntu container, prints "Hello World" exits quitely. To update the default settings, create your own image from the base image lets call this ubuntu-sleeper image FROM ubuntu CMD sleep 5 CMD can also be mentioned in the JSON format like CMD ["sleep", "5"] Note that with JSON format the first element should always be the command to execute,  for eg, it CANNOT be ["sleep 5"] Run build the new ubuntu-sleeper image and run the new image docker build -t ubuntu-sleeper .  -> Build the image docker run ubuntu-sleeper -> Run the new image So the new image will launch ubuntu container, sleep for 5 seconds and quitely ex

Kubernetes: 18. Rollout and Rollback

Deployment When a deployment is created, it triggers a rollout Rollout creates a new revision (version) In the future when new deployment is created,  a new rollout is created The new rollout creates one more "new" version These versions help to keep track of the changes and rollback if necessary Deployment Strategy First strategy is delete and recreate strategy.  Delete all the existing pods and deploy the new updated pods But this comes with application downtime Second strategy and default strategy is Rolling update strategy Kubernetes deletes one pod at a time in the older version and in its place creates a one pod at a time in the newer version Update Strategy Updates can be many things like updating the labels, docker image, replicas etc These are directly updated into the deployment file and the changes are applied When the changes are applied using kubectl apply command, a new rollout and a new revision is created Another way to update the image name is to use the kube

Kubernetes: 17. Application Logs

Docker Logs docker run will shows the logs on the terminal docker run when executed in detached mode "-d" will not show the logs on the terminal To view the logs of container running in the detached mode we use docker logs command. Add "-f" flag to follow the live logs Kubernetes Logs Kubernetes pod logs can be viewed using kubectl logs command If there are multiple containers running in the pod, provide the container name as input to the command Use "-f" flag to "follow" the logs similar to docker When using "-f" flag with kubectl create, it indicates create from the file specified in the command docker run nginx  -> Run a container on the terminal, logs will be be displayed docker run -d nginx  -> Run the container in the detached mode, logs will no more be displayed docker logs -f nginx -> display the logs of the container, -f (follows) will shows the live logs kubectl logs -f <pod-name> -> Shows the logs of the <

Kubernetes: 16. Monitor Cluster Component

  Cluster Components Kubernetes does not have a OOB monitoring for its own cluster component Node health, node resources - CPU, Memory and Disk space are some of the resources you want to monitor Pod health, pod resources - CPU, Memory and Disk space are some of the resources you want to monitor This may change or might have already changed in the latest versions There are some good open source solutions for monitoring these components and doing analytics on them Metrics Server Heapster was one of the original project to monitor resource consumption, it was then replaced with Metrics Server Metrics Server is an IN MEMORY solution.  It aggregates and stores all the nodes and pod resources information So there is no historical data with metrics server Kubelet service is responsible to listen to the kube-api service instructions to build the pods Kubelet also has other responsibilities, one of it is cAdvisor (container advisor) cAdvisor collects the resource information from nodes and po

Kubernetes: 15. Multiple Schedulers

Custom Scheduler Kubernetes allows to create custom schedulers There can be multiple schedulers running at a same time apart from the default scheduler or A custom scheduler can replace the default kube-scheduler to become the default one So a few pods that requires additional checks apart from taints and toleration, node affinity can go through the custom scheduler before getting scheduled on the node Whereas the rest of the pods can go through the default kube-scheduler Create Custom Scheduler We can either download the kube-scheduler and run it as a service or alternatively create it using a static pod Below here we are downloading the binaries to run it The property scheduler-name is used to define the name of the scheduler, if not set then it will be defaulted to default-scheduler For your custom schedulers, update this property name to set a custom name for your scheduler For Static pods, the name can be updated directly in the pod-definition file Use kubectl create -f <pod-de