What is the system host name, what is the local IP address, what binaries and libraries are available on the file system, and so on? Several companies are now offering enterprise-quality Kubernetes products that are built from the open-source project. Refer to the Envoy proxy documentation at envoyproxy.io to learn more. Figure 7.6 Pod volumes can also map to storage volumes that persist across pod restarts If the pod is deleted and a new pod is created to replace it, the same network-attached storage volume can be attached to the new pod instance so that it can access the data stored there by the previous instance. You'll gradually expand your initial application, adding features and deepening your knowledge of Kubernetes architecture and operation. It is distributed through a container registry and used to create running containers. Listing 7.5 A pod using a gcePersistentDisk volume: mongodb-pod-gcepd.yaml apiVersion: v1 kind: Pod metadata: name: mongodb spec: volumes: - name: mongodb-data #A gcePersistentDisk: #B pdName: mongodb #C fsType: ext4 #D containers: - image: mongo name: mongodb Manning Publications Co. To comment go to liveBook 197 volumeMounts: - name: mongodb-data mountPath: /data/db ports: - containerPort: 27017 protocol: TCP #A #E #A The name of the volume (also referenced in the volumeMounts section below) #B The volume type is GCE Persistent Disk. The number of objects created by the controller depends on the number of replicas specified in the application deployment object. For example, the RUN directive executes a command in the container during the build. For example, to give the pod 10s to shut down, you run the following command: $ kubectl delete po kubia-ssl --grace-period 10 NOTE If you set this grace period to zero, the pods pre-stop hooks are not executed. DELETING OBJECTS BY SPECIFYING THE MANIFEST FILE You can delete the kubia-ssl pod, which you created from the kubia-ssl.yaml file, with the following command: $ kubectl delete -f kubia-ssl.yaml pod "kubia-ssl" deleted In your case, the file contains only a single pod object, but youll typically come across files that contain several objects of different types that represent a complete application. The contents of the volume are then available at that location. 1.2.4 How Kubernetes runs an application With a general overview of the components that make up Kubernetes, I can finally explain how to deploy an application in Kubernetes. If the backend service fails, restarting the frontend will not solve the problem. The condition can also contain a reason field that specifies a machine-facing reason for the last change of the conditions status, and a message field that explains the change in detail. Therefore, deleting a file with a subsequent directive wont reduce the size of the image. This behavior can be changed by setting the restartPolicy field in the pods spec. The post-start hook runs asynchronously and must be successful for the container to continue running.

To view the logs from the previous container, use the --previous (or -p) option. This means that developers can Manning Publications Co. To comment go to liveBook 11 now deploy applications on their own, even if they dont know anything about the number of nodes or the characteristics of each node. Youll typically see this exit code when the container runs a shell that has terminated gracefully. The container status also indicates the internal ID of the container (containerID), the image and imageID the container is running, whether the container is ready or not and how often it has been restarted (restartCount). Manning Publications Co. To comment go to liveBook 153 6.2.3 Creating an HTTP GET liveness probe Lets look at how to add a liveness probe to each of the containers in the kubia-ssl pod. For more information, see: https://developers.google.com/compute/docs/disks#pdperformance. 5.5.1 Introducing init containers A pod manifest can specify a list of containers to run when the pod starts and before the pods normal containers are started. It loads its configuration from a configuration file called kubeconfig. This means that a process running in a container will only see some of the files, processes and network interfaces on the system, as well as a different system hostname, just as if it were running in a separate virtual machine.

Field Description medium The type of storage medium to use for the directory. USING THE UTS NAMESPACE TO GIVE A PROCESS A DEDICATED HOSTNAME Another example of how to make it look like the process is running on its own host is to use the UTS namespace. You can also use those instructions to install Kubernetes on your bare-metal machines or in VMs running in the cloud. The following figure illustrates the container termination sequence. As the name suggests, it starts as an empty directory. NOTE If init containers are defined in the pod and one of the pods regular containers is restarted, the init containers are not executed again. Figure 5.9 The long communication path between curl and the container when using port forwarding As shown in the figure, the curl process connects to the proxy, which connects to the API server, which then connects to the Kubelet on the node that hosts the pod, and the Kubelet then connects to the container through the pods loopback device (in other words, through the localhost address). The UNIX Time-sharing System (UTS) namespace isolates the system hostname and the Network Information Service (NIS) domain name. LIMITING A CONTAINERS USE OF MEMORY As with CPU, a container can use all the available system memory, just like any regular OS process, but you may want to limit this. 5.4.2 Adding Envoy proxy to the pod Youll create a new pod with two containers. Whenever a container needs to be stopped or restarted, the TERM signal is sent to the main process in the container. Kubernetes doesnt yet provide a mechanism to specify whether a container depends on another container, which would allow you to ensure that one is started before the other. 5.5.2 Adding init containers to a pod In a pod manifest, init containers are defined in the initContainers field in the spec section, just as regular containers are defined in its containers field. If the connection is successfully established, the probe is considered successful. Docker builds an image from a Dockerfile that contains commands that Docker should execute during the build process. An Exec probe executes a command inside the container and checks the exit code it terminates with. If youre unfamiliar with busybox, its a single executable file that combines many of the standard UNIX command-line tools, such as echo, ls, gzip, and so on. This will allow you to debug the Manning Publications Co. To comment go to liveBook 48 containers networking system with tools available on the host that may not be available in the container. Marko Luka is an engineer at Red Hat working on Kubernetes and OpenShift. Using the latest tag ensures that you get the latest version when you first run the image. It also provides a good starting point from which you can add many other features provided by Envoy that you would probably never implement in the application code itself. This ability to move applications allows the applications to be packed tightly together so that the resources of the nodes can be utilized in the best possible way. The pods lifecycle is divided into the three stages shown in the next figure: Manning Publications Co. To comment go to liveBook 170 Figure 6.10 The three stages of the pods lifecycle The three stages of the pods lifecycle are: 1. Youve already learned that the way you log on to a node depends on what you used to deploy your cluster. You can see the layers of an image and their size by running docker history, as shown in the following listing. It defines a post-start hook that takes 60 seconds to complete. A container image contains the user application and all its dependencies. I put most of what I learned into the book. This enables you to run the app on any other Docker-enabled host without installing Node.js there either. The following figure shows the two planes and the different nodes they consist of. The higher the result of periodSeconds * failureThreshold, the longer it takes to restart the application if it becomes unhealthy. These are best explained with the following figure. Why specify container ports in pod definitions Specifying ports in the pod definition is purely informative. You submit the application manifest to the Kubernetes API. But as soon as you scale the cluster back up, they will be redeployed. To reduce the cost of your cluster, you can reduce the number of nodes to one, or even to zero while not using it. It consists of a single container and a single volume backed by the GCE Persistent Disk you created earlier. Manning Publications Co. To comment go to liveBook 117 CREATING OBJECTS BY APPLYING THE MANIFEST FILE TO THE CLUSTER When you post the manifest to the API, you are directing Kubernetes to apply the manifest to the cluster. When the last init container completes, the pods main containers are started. This can be problematic if the process doesnt start up immediately. Press ctrl-C to stop streaming the log when youre done. Youll create a trivial Node.js web application and package it into a container image. The probe is also considered to have failed if the command fails to terminate in time. The event has the following message: AttachVolume.Attach failed for volume "mongodb-data" : googleapi: Error 400: RESOURCE_IN_USE_BY_ANOTHER_RESOURCE - The disk resource 'projects/-xyz/zones/europe-west3c/disks/mongodb' is already being used by 'projects/ xyz/zones/europe-west3c/instances/gke-kubia-default-pool-xyz-1b27' The message indicates that the node hosting the mongodb2 pod cant attach the external volume because its already in use by another node. It limits, accounts for and isolates system resources such as CPU, memory and disk or network bandwidth.

This has the advantage that you can scale your cluster at any time at short notice if required. You can unsubscribe at any time. If the pre-stop hook fails, youll see a FailedPreStopHook warning event among the pod events, but you might not see any indication of the failure if you are only monitoring the status of the pod. After inspecting the containers on this ship, youre now ready to raise the anchor and sail into the next chapter, where youll learn about running containers with Kubernetes. Each process thus has two IDs. Manning Publications Co. To comment go to liveBook 24 2.1.1 Comparing containers to virtual machines Instead of using virtual machines to isolate the environments of individual microservices (or software processes in general), most development and operations teams now prefer to use containers. Two types of hooks are currently supported: Post-start hooks, which are executed when the container is started, and Pre-stop hooks, which are executed shortly before the container stops.

Sitemap 32