https://kubernetes.io/docs/concepts/workloads/pods/pod/
Most Kubernetes resources can be labelled: the Pods, the Nodes, the Namespaces etc. This labelling is done injecting a key-value pair into the metadata. Labelling components allows for 2 things:
@@ARTICLE_CONTENT@@gt; kubectl get nodes -l zone=front
To go further: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
All Kubernetes resources can be written as a YAML or JSON files. The resource creation from a file is done with the command line:
@@ARTICLE_CONTENT@@gt; kubectl apply -f MYFILE.{yaml,json}
The apply command does a smart diff, so it only creates the resource if it wasn’t already there, updates it if the file was changed, and does nothing otherwise.
The use of files allows to track, version and reproduce the complete system at any time. It is therefore a commonly adopted practice to to version the _K8s_resource description files with the same rigor as for the code.
To go further: https://kubernetes.io/docs/concepts/cluster-administration/manage-deployment/#kubectl-apply
Pods never communicate directly with one another, they got through a Service, because Pods are volatile and short-lived across the cluster. During some maintenance operations, some Pods may migrate from one node to another. These same Pods may also reboot, scale out, or even be destroyed, when upgrading for instance. In each of these cases, the Pod IP changes, as well as its name. The Service is a Kubernetes resource located in front of the Pods and allowing for some ports of the Pods on the network. Services have a fixed name and a fixed dedicated IP. Thus you can access your Pods whatever their IPs or names. The matching between Services and Pods relies on labels. When the Service matches several Pods, it load-balances the traffic with a round-robin algorithm.
To go further: https://kubernetes.io/docs/tutorials/kubernetes-basics/expose-intro/
ConfigMaps and Secrets are Kubernetes resources allowing to manage the Pods configuration. The configuration is described as a set of key-values. These configurations are then injected into the Pods as environment variables or as configuration files mounted on the the containers. The use of these resources allows to decouple the Pods description from any configuration. Whether they are written in YAML or JSON, the configurations are versionable (except for Secrets which hold sensitive information).
To go further : https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/
In the many Pods configuration options, it is possible to define the resources used and usable by the Pod (CPU and memory):
If the Kubernetes cluster administrator defined resource quotas for the Namespaces, defining requests and limits becomes mandatory, or the Pod won’t be scheduled. When these values aren’t defined, the administrator may also define default values in a K8s resource named LimitRange.
To go further: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
It is possible to deploy a Pod by describing its configuration in a YAML/JSON file and injecting it into K8s with the kubectl client. Be careful, this method does not benefit from the Pods resilience offered by K8s by design. If the Pod crashes, it won’t be automatically replaced. It is recommended to use a Deployment. This K8s object allows to write a Pod along with its configuration but it also hides the resilience complexity. Indeed, the Deployment will generate a ReplicaSet. The only goal of the ReplicaSet is to make sure that the number of running Pods matches the desired number of Pods. It also provides the abilityto scale Pods at will. The Deployment allows to configure the deployment strategies. It is for instance possible to define a rolling-update strategy in case of a new version of a Pod’s container.
The following command allows to start Pods (for instance, a Nginx):
@@ARTICLE_CONTENT@@gt; kubectl run nginx image=nginx --replicas=2
This command will generate a Deployment with a Pod running the Nginx container. The same Deployment will also generate the ReplicaSet which will ensure 2 Pods are running at any time.
To go further: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
As we saw, the ReplicaSet allows to ensure the number of running Pods matches the number of desired Pods. It restarts any failing Pods. It is also possible to configure the Pods resiliency on the functional level. For that there is the LivenessProbe option. It provides the abilityto automatically restart the Pod if the condition is not verified.
Just like LivenessProbe monitors the status of an application, the ReadinessProbe monitors when an application is available after reboot. This is useful for an application that runs tasks before it actually starts (eg. data injection).
To go further: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
K8s is a container orchestrator and the name of the container to deploy is specified in the Pod configuration. The naming of an image is composed as such:
<Registry name>/<Container name>:<tag or version>
It is a common practice to increment the image version just like you increment the version of a code base, but also to assign the tag “latest” to the last build image. Configuring a Pod to deploy an image with the tag “latest” is not a good practice for several reasons:
IfnotPresent is the default option, so if we use an image with the tag “latest”, Kubernetes will fetch the “latest” version image from at the first deployment. Then as it will be locally present on the node for subsequent deployments, it won’t download the image again from the registry, even if a new “latest” version image was pushed.
To go further: https://kubernetes.io/docs/concepts/configuration/overview/#container-images
Pods are short lived and volatile, they can be moved to other nodes in case of maintenance, deployments or reboot. They can also - and that’s a big perk of K8s like systems - scale on demand. The inbound flow to Pods is load-balanced by the Service in front of the Pods. That’s why applications hosted on K8s must use a third party provider to store data. For instance an e-commerce website storing session information as files within a container (let’s say a purchase cart) will lose data when the Pod scales or restarts.
The solution to address this issue vary depending use cases. For instance, a key-value storage service (redis, memcache) can be considered to store session data. For a file hosting application, an object storage solution such as AWS S3 will be favored.
To go further: https://kubernetes.io/docs/tasks/run-application/run-stateless-application-deployment/
As we have seen, your applications should be stateless. You may need however to deploy stateful components requiring a storage layer such as a database. Kubernetes provides the abilityto mount volumes within the Pods. It then becomes possible to mount a volume provided by AWS, Azure of Google’s storage services. The storage is then external of your cluster and remains attached to the Pod in case of a redeployment to a different node. It is also possible to mount a volume between the node where the Pod is deployed and the Pod itself. But this solution should not be considered. Indeed, your Pod and its volume attached to the host may be migrated and lose all its data.
To go further: https://kubernetes.io/docs/concepts/storage/volumes/
The application code that will eventually be deployed to a Kubernetes cluster has to respect a set of rules. The 12 factors apps are a set of advice/good practices created by Heroku. Heroku is a PaaS provider hosting applications as containers, and these principles are a way to best operate code meant to be containerized.
The main recommendations are:
To go further: https://blog.octo.com/applications-node-js-a-12-facteurs-partie-1-une-base-de-code-saine/