Digvijay Singh
Nov 06, 2022
6 min read
Copy link
“Kubernetes is often called container orchestration ,but it’s more like improvisational jazz.” — Joe Beda
Hello Folks, Lot more to go, as this year wraps up, some articles are already in my medium draft, and I wanted to share light on Kubernetes features and how we can utilize most of them. With the tool chain developed around it, its journey is growing steadily fast. Let’s discuss five things to consider before proceeding with your K8s Journey.
- kubectl get pods -n kube-system --watch
- kubectl get nodes -l dedicated=production
It is a hefty task to manage the scalability of nodes, micro-services, ingresses, and node pools. Every time the stack grows, there is friction to land into ops issues—certainly, an ops issue where developers can complain about application scalability. Scaling objects like HPA, VPA, and cluster-autoscaler came to the rescue anyway. Still, setting things initially with bench-marking, and scale factor/metric computation will be tricky in managing cost situations. Features like Metrics based scaling, and Ingress RPS-based scaling are some solutions around it. But finally, it is all about minimizing the ops problem and increasing site reliability.
docker build -t package-v0.1.1 .
helm upgrade [release] [chart] --version [version-number]
helm install $HELM_CHARTS/package/ \
--set image.tag=0.1.0 \
--set image.repository=package \
--set dockerregistry=$REGISTRY_NAME \
--namespace backend \
--name package-v0.1.0
Right from packaging an app into a docker container to spinning apps into integration, staging environment where we should put effort into. By choosing minimal docker images, unit, integration, and testing suites in place, the CI pitfalls problem can be resolved. Helm can be one of the packaging tools to cater to deployment needs to promote the application versions and also provide rollback functionality.
$ docker scan --help
Usage: docker scan [OPTIONS] IMAGE A tool to scan your images
$ cat > helm-vault-raft-values.yml
server:
affinity: ""
ha:
enabled: true
raft:
enabled: true
EOF
$ helm install vault hashicorp/vault --values
helm-vault-raft-values.yml
$ helm template charts/v1 | pluto detect --target-versions
k8s=v1.20.0 -
Security is one of the critical parts of your Kubernetes story and we should have security scanning in place not only for containers using tools like Synk, Twist-lock, etc but also using code coverage tools like SonarQube, Code-smells, etc.
We can also bundle application secrets API keys to be engrossed by Hashicorp’s Vault which eliminates the need for hard-coded secrets with its Shamir’s Secret Sharing algorithm. Also, Bitnami’s sealed secrets is a good alternative.
We should keep track of depreciated APIs using Pluto, scanning policies, and configuration with Datree, Checkov becomes handy.
We can also put guardrails to inter-service communication using mTLS and authorization services by powering apps with Service mesh like Istio and Linkerd.
kubectl logs -l app.kubernetes.io/name=prometheus --follow
We should invest in monitoring tools like centralized logging such as Sentry to achieve the application error logging. Observability can only be completed with Synthetic dashboards and service monitor alerts in place. Prometheus and Grafana are popular choices here. We can also monitor the K8s platform with the help of Falco or any cloud firewalls, or WAF to audit external hacks. Tools like Robusta can add troubleshooting analysis and remediation steps if necessary. I found Robusta very friendly and its Python-based action and playbooks make life easier.
kubectl annotate microservice-namespace
"linkerd.io/inject=enabled"
helm template charts/v1 | pluto detect --target-versions
k8s=v1.20.0 -
Taking advantage of what you have is an abundance of Kubernetes APIs
such as Cron, Jobs, and Sidecar patterns using Linkerd Service mesh
will be a much more valuable addition to your K8s Cluster.
Introducing tools like flux-cd, and Argo-CD will be an added
advantage to your cloud-native workflow severs the purpose of having
canary deployments. Application Health probes, Helm test hooks,
checksum annotations for helm releases, use of scaffolding tools
like Cookiecutter to initialize micro-service templates, and keeping
services internal using ingress annotation are some gotchas we have
implemented so far. Embracing this journey in K8s was not an easy
task, with collaboration with developers and bringing passion toward
Efficient infrastructure was always rewarding.
That being said, Keep reading and Keep being Awesome !!.
TechTalk
15
People Speak
15
USA - Headquarters
4000 Executive
Parkway, Suite 264
San Ramon, CA 94583
India - Hyderabad
4th Floor, Sy 41&42, Opp. Best Western
Jubilee Ridge, 17, Madhapur Rd, Kavuri Hills,
Hyderabad, Telangana 500033
Mail ID:
© Enterprise Minds