Kubernetes for the absolute beginner - Part IV
In the previous posts (part I, part II and part III), we covered most of the major concepts and objects that you will need to know in order to be conversant with Kubernetes. In this article let’s look at some Kubernetes-related topics: How to start learning Kubernetes? How to test Kubernetes locally? What are some of the most common monitoring and security tools used with Kubernetes?
How to Learn Kubernetes?
There are basically 3 different routes to self-taught Kubernetes knowledge. We have only offered a general outline here; it is advisable to also read through this post for more details:
- Learning and installing Kubernetes from scratch: For real mastery of Kubernetes, you cannot do much better than installing Kubernetes from scratch yourself. Be warned though, Kubernetes from scratch is not an easy beast to slay. Installing Kubernetes is not simply a “download file -> click install” type of operation; Kubernetes consists of multiple components, some running in separate containers that must be individually installed and configured. And even before you begin on Kubernetes, you need to be pretty technically savvy to prepare the operating system you are installing it in, which will most likely be some flavor of Linux. If you decide to go this route, you are best advised to stick to one of the step-by-step tutorials online or use guided tutorials such as this one on Github that is literally named ‘Kubernetes the Hard Way.’ Also, keep in mind that even though it is technically free as an open-source solution, Kubernetes does come with some hidden costs that may not be obvious to a beginner.
- Kubernetes Self-hosted solutions: These solutions are tools and utilities that greatly ease the task of installing and configuring a small Kubernetes cluster on your local computer. They are a great way to learn the ins and outs of Kubernetes, while not being too daunting for a newbie and being lightweight enough to be installed on a personal computer. The most popular self-hosted Kubernetes tools and environments are Minikube, MicroK8s, and Kind. Minikube and MicroK8s are even included in the official Kubernetes documentation – here and here. Keep in mind, though, that these solutions often have some limitations – for example, Minikube only allows the creation of one node. Despite these drawbacks, these tools are highly recommended because they combine ease of learning with cost-efficiency for a beginner just getting started on Kubernetes.
- Cloud-hosted Solutions: Commercial cloud platforms have noticed the rise of Kubernetes and have recently provided customized Kubernetes solutions to meet this demand. The 3 most prominent such solutions are, naturally, from the largest cloud providers – Amazon’s EKS (Elastic Kubernetes Service), Google’s GKE (Google Kubernetes Engine), and Microsoft’s AKS (Azure Kubernetes Service). Each of them has its strengths and weaknesses, as explained at length in this same article.
Testing and Debugging Kubernetes Locally
As part of installing Kubernetes locally, you will most likely also require some testing and debugging capability to make sure everything is running smoothly, especially with tricky tasks such as defining ingress and egress policies. Also, there is an entire ecosystem of useful Kubernetes add-ons that you may want to use to extend your Kubernetes cluster functionality. Adding all these necessitates yet more testing to ensure they are playing nice with your base Kubernetes installation.
One of the best tools for developing and debugging your Kubernetes services is telepresence. Even with some limitations, this nifty add-on is an open-source tool that lets you run a single service locally while connecting that service to a remote Kubernetes cluster. This allows you to connect your local machine and will enable it to operate as part of a larger cluster – great for developing services locally instead of on your production cluster.
The Kubernetes project has also understood the need for end-to-end (E2E) testing for Kubernetes installations. To this end, the core project team has been ensuring that E2E testing is more properly supported in recent releases. This includes capabilities such as allowing the reuse of tests and incorporating testing for more external add-ons and drivers. Read more about this in the Kubernetes blog.
Kubernetes Monitoring Tools
Kubernetes provides detailed information about your application's resource usage at each level of the cluster in which the app is installed – pods, containers, services. This detailed information enables you to evaluate your application's performance and identify which bottlenecks can be removed to improve overall performance.
After all, monitoring helps you in understanding technical details about how your application and cluster performs, and this will help you in gaining knowledge and skills if you want to learn Kubernetes.
Kubernetes contains 2 inbuilt metrics-gathering utilities for monitoring – the resources pipeline and the full-metrics pipeline. The resources pipeline is a lower-level and more limited tool and is mainly focused on metrics relating to the various controllers. The full-metrics pipeline, as its name implies, fetches and displays a much richer set of metrics from almost all cluster components. Read more about these pipelines here.
There are also 3rd-party tools that can be installed and integrated into your Kubernetes cluster. Two of the best and most widely-used such tools for Kubernetes are Prometheus and Grafana.
- Prometheus is a richly-featured open-source system monitoring and alerting utility. Prometheus contains an internal datastore that it uses to collect advanced metrics such as time-series data generated. Prometheus also has an extensive series of plugins available that allow it to expose data to various external solutions, and to import data from any number of other data sources, including all the major public cloud-monitoring solutions we described previously – Microsoft AKS, Amazon EKS, and Google GKE. Interestingly, Amazon even recommends Prometheus for monitoring in its EKS platform, tacitly acknowledging its superiority over its in-house CloudWatch monitoring tool.
- And Grafana is a great dashboard, analytics, and data-visualization utility. It does not have the full-featured data collection capability of Prometheus, but then Prometheus in turn does not have the slick data-presentation interface of Grafana. In fact, these 2 are best deployed in combination – Prometheus for data collection and aggregation, and Grafana for data presentation. Together they create a powerful combination that covers data collection, basic alerting, and visualization.
- For advanced alerting, you can add tools like Cabot, Nagios, ngDesk, or Prometheus Alertmanager or paid services like VictorOps, OpsGenie, or PagerDuty. These alerting tools have usually a plethora of integrations. You can define different teams and on-call shifts for each team. You can then define what parameters you want to monitor - such as ‘When any pod is unavailable’ or ‘When any node is unreachable’, ‘When the volume gets to 90% full’, etc, and then send any combination of customized notifications via email, SMS text, mobile-app alert, phone call to the individual(s) on call. You can also create escalation policies, such as: If an alert defined as ‘Critical’ is not acknowledged within 10 minutes by an on-call person, then escalate (send alert) to the person’s manager.
You now have a great overview of Kubernetes and Docker. You know what Kubernetes does, and how it can simplify application deployment and management via Docker containers.
Debugging and monitoring technologies are not just operational tools but you can consider them as learning tools too. What’s best than learning by doing? This is why we included some tools you can implement in your Kubernetes setup.
Remember that if your application is tiny and you do not anticipate many changes or significant fluctuations in user demand (such as an application used only internally in a company) then Kubernetes may be overkill, and in such a scenario you may be better served to work directly in Docker.
Get similar stories in your inbox weekly, for free
Share this story with your friends
A report detailing changes being made by Git systems to the algorithm at GitHub.
Insights into the proposed bill on ransomware attacks and the possible effect.
A report from the insights released by WhiteSource on DevSecOps practices
News on security agencies' investigation of the rising attacks on organizations by ransomware experts.
We look at how attackers can use PowerShell to orchestrate attacks on vulnerable servers and …