Virtualization Technology News and Information
Under-Used Kubernetes Features You Must Know About

Kubernetes is the most widely used container orchestration solution today but is notably complex to implement. When you initially deploy your configuration, you are likely to focus on Kubernetes' basic functionality. Once you become comfortable with its basic features, however, you'll likely want to begin implementing some of Kubernetes' more advanced features.

Read on to learn about a few choice features that can help you during this transition or give you a headstart in your new deployment.

What Is Kubernetes?

Kubernetes (K8s) is an open-source platform for automating the deployment, scaling, and management of containerized applications. It is used to group containers into logical units for easy management and discovery and can operate in on-premise, hybrid and public cloud environments regardless of provider. K8s is currently in v1.15 with v1.16 scheduled for September 2019.

Kubernetes' primary features are:

  • Service discovery and load balancing-automatically gives pods IP addresses and DNS names and load-balances across them
  • Automatic bin packing-places containers according to resource requirements to optimize resource use and ensure availability
  • Self-healing-can restart failed containers, replace containers upon node death, and kill containers that fail health checks
  • Automated rollouts and rollbacks-prevents system failure due to modifications and rolls back to previous versions when issues occur
  • Batch execution and horizontal scaling-manages batches and CI workloads and scales applications manually or automatically

Under-Used Kubernetes Features

Your comfort level with K8s and your time since deployment are likely to determine what features you are currently using. The following features are especially useful when your deployment matures and you begin tweaking your configuration, and can help you increase your system performance.

PodDisruptionBudget (PDB)

Using PDB allows you to limit the number of pods in a cluster that are allowed to be down from voluntary disruptions, such as maintenance, upgrade, or auto-scaling down. This can be specified through both the minimum number of pods available and the maximum number unavailable.

PDB is particularly useful in Kubernetes enterprise deployments, as it allows you to manipulate workloads without degrading application availability or performance, ensuring that your customers and end-users remain unaffected.

When using this feature, keep in mind that it cannot guarantee that a certain number of pods will always be available, it can only prioritize that preference. If a node fails, for example, PDB will not help you.

Custom Controllers

Although the controllers built into Kubernetes can provide most of the functionality you might need, some tasks are left out, like the ability to dynamically reload application configurations when changes are made to a cluster. To bridge this gap in functionality, you can create custom controllers to be used with either native or custom resource types.

Custom controllers can provide a simpler way to manage deployments than toolchains as they are created with a small amount of code used to access APIs and if used in combination with custom resources, provide you with a declarative API. Custom controllers can be designed for a wide variety of purposes-GitHub, for example, uses different custom controllers to assist in the creation of namespaces, monitor deployments, correct node issues and more.

PodSecurityPolicy (PSP)

PSP is a v1.15 beta feature that allows fine-grained authorization of pod creation and updates through the definition of a set of conditions for acceptance. It can be used to extend privileges or capabilities that standard containers shouldn't have, such as the ability to modify protected kernel values or perform advanced systems calls, as well as restrict the usage of host namespaces, networking or ports and volume types.

Implementing PSP can allow you to run untrusted pods with minimum risk and prevent application inherent security flaws from being exploited, thereby reducing risk to your clusters. Keep in mind that you must enable the admission controller and authorize your policies to use this feature. If you do not authorize any policies, no pods will be created in the attached cluster.

Advanced Scheduling Techniques

Using nodeAffinity in combination with nodeSelector allows you to create custom scheduling rules with custom logic. You can specify which nodes a pod should be assigned to, according to preference or requirement, based on label inclusion or exclusion lists, rather than relying on strict matching alone.

If you further combine this with podAffinity and podAntiAffinity rules, which control the placement of pods in relation to each other, you can ensure that CPU intensive pods are not placed in the same node and prevent them from negatively affecting on performance.

Experienced users can further benefit from the creation of a custom scheduler by taking advantage of Scheduling Framework #624, released with v1.15, which allows customizations to be added to the scheduler as plug-ins. This feature is currently in alpha but should simplify the implementation of custom scheduling and make it easier to integrate changes through new APIs and extension points.

Go Modules

Go module support is now stably available in K8s and the $GOPATH mode is planned to deprecate in go1.13, meaning that now is a good time to adopt the use of modules. Modules are versioned collections of Go packages that record precise dependency requirements and create reproducible builds.

Using Go Modules can help ensure that changes to dependencies do not negatively affect your applications and ease the process of development, particularly for distributed teams.

Wrap Up

Although the features covered here might be less commonly used than some of the more basic features, it is not because they lack any benefits. Rather, these features are often simply overlooked or avoided during initial deployments. Once you have built up your comfort level with Kubernetes and begin focusing on system optimization, these features are an excellent place to start your customization process.


About the Author

Gilad Maayan 

Gilad David Maayan is a technology writer who has worked with over 150 technology companies including SAP, Imperva, Samsung NEXT, NetApp and Ixia, producing technical and thought leadership content that elucidates technical solutions for developers and IT leadership. Today he heads Agile SEO, the leading marketing agency in the technology industry.

Published Wednesday, August 14, 2019 7:40 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<August 2019>