Kubernetes is the most widely used container
orchestration solution today but is notably complex to implement. When you
initially deploy your configuration, you are likely to focus on Kubernetes'
basic functionality. Once you become comfortable with its basic features,
however, you'll likely want to begin implementing some of Kubernetes' more
advanced features.
Read on to learn about a few choice features
that can help you during this transition or give you a headstart in your new
deployment.
What Is Kubernetes?
Kubernetes (K8s) is an open-source platform
for automating the deployment, scaling, and management of containerized
applications. It is used to group containers into logical units for easy
management and discovery and can operate in on-premise, hybrid and public cloud
environments regardless of provider. K8s is currently in v1.15 with v1.16
scheduled for September 2019.
Kubernetes' primary features are:
- Service discovery and load balancing-automatically
gives pods IP addresses and DNS names and load-balances across them
- Automatic bin packing-places containers
according to resource requirements to optimize resource use and ensure
availability
- Self-healing-can restart failed containers,
replace containers upon node death, and kill containers that fail health checks
- Automated rollouts and rollbacks-prevents
system failure due to modifications and rolls back to previous versions when
issues occur
- Batch execution and horizontal scaling-manages
batches and CI workloads and scales applications manually or automatically
Under-Used Kubernetes Features
Your comfort level with K8s and your time
since deployment are likely to determine what features you are currently using.
The following features are especially useful when your deployment matures and
you begin tweaking your configuration, and can help you increase your system
performance.
PodDisruptionBudget
(PDB)
Using PDB allows you to limit the number of
pods in a cluster that are allowed to be down from voluntary disruptions, such
as maintenance, upgrade, or auto-scaling down. This can be specified through
both the minimum number of pods available and the maximum number unavailable.
PDB is particularly useful in Kubernetes enterprise deployments, as it
allows you to manipulate workloads without degrading application availability
or performance, ensuring that your customers and end-users remain unaffected.
When using this feature, keep in mind that it
cannot guarantee that a certain number of pods will always be available, it can
only prioritize that preference. If a node fails, for example, PDB will not
help you.
Custom
Controllers
Although the controllers built into Kubernetes
can provide most of the functionality you might need, some tasks are left out,
like the ability to dynamically reload application configurations when changes
are made to a cluster. To bridge this gap in functionality, you can create custom controllers to be used with
either native or custom resource types.
Custom controllers can provide a simpler way
to manage deployments than toolchains as they are created with a small amount
of code used to access APIs and if used in combination with custom resources,
provide you with a declarative API. Custom controllers can be
designed for a wide variety of purposes-GitHub, for example, uses different
custom controllers to assist in the creation of namespaces, monitor
deployments, correct node issues and more.
PodSecurityPolicy
(PSP)
PSP is a v1.15 beta feature that allows
fine-grained authorization of pod creation and updates through the definition
of a set of conditions for acceptance. It can be used to
extend privileges or capabilities that standard containers shouldn't have, such
as the ability to modify protected kernel values or perform advanced systems
calls, as well as restrict the usage of host namespaces, networking or ports
and volume types.
Implementing PSP can allow you to run
untrusted pods with minimum risk and prevent application inherent security
flaws from being exploited, thereby reducing risk to your clusters. Keep in
mind that you must enable the admission controller and authorize your policies
to use this feature. If you do not authorize any policies, no pods will be
created in the attached cluster.
Advanced
Scheduling Techniques
Using nodeAffinity in combination with nodeSelector allows
you to create custom scheduling rules with custom logic. You can specify which
nodes a pod should be assigned to, according to preference or requirement,
based on label inclusion or exclusion lists, rather than relying on strict
matching alone.
If you further combine this with podAffinity and podAntiAffinity rules, which control the
placement of pods in relation to each other, you can ensure that CPU intensive
pods are not placed in the same node and prevent them from negatively affecting
on performance.
Experienced users can further benefit from the
creation of a custom scheduler by taking advantage of Scheduling Framework #624, released with
v1.15, which allows customizations to be added to the scheduler as plug-ins.
This feature is currently in alpha but should simplify the implementation of
custom scheduling and make it easier to integrate changes through new APIs and
extension points.
Go
Modules
Go module support is now stably available in
K8s and the $GOPATH mode is planned to deprecate in
go1.13, meaning that now is a good time to adopt the use of modules. Modules
are versioned collections of Go packages that record precise dependency
requirements and create reproducible builds.
Using Go Modules can help ensure that changes
to dependencies do not negatively affect your applications and ease the process
of development, particularly for distributed teams.
Wrap Up
Although the features covered here might be
less commonly used than some of the more basic features, it is not because they
lack any benefits. Rather, these features are often simply overlooked or
avoided during initial deployments. Once you have built up your comfort level
with Kubernetes and begin focusing on system optimization, these features are
an excellent place to start your customization process.
##
About the Author
Gilad
David Maayan is a technology writer who has worked with over 150 technology
companies including SAP, Imperva, Samsung NEXT, NetApp and Ixia, producing
technical and thought leadership content that elucidates technical solutions
for developers and IT leadership. Today he heads Agile SEO, the leading marketing agency in the
technology industry.
LinkedIn:
https://www.linkedin.com/in/giladdavidmaayan/