Let’s focus on the application and forget about Kubernetes internals and complexity

Photo by Joan Gamell on Unsplash

If you are a developer, chances are you have already been asked to deploy your applications on a Kubernetes cluster. You have probably figured out this is not an easy task, especially if you don’t know Kubernetes that much. Kubernetes is a huge beast, and knowing how to define (YAML all the way) and manipulate the basic resources it offers (Pod, Deployment, Service, ConfigMap, Secret, …) is not straightforward, left alone the more advanced resources (NetworkPolicies, RBAC related ones, …).

Today there is no doubt Kubernetes is the solution of choice to run containerized applications. But, as a developer, most…


Several ways to deploy an application in Kubernetes

Photo by Elena Mozhvilo on Unsplash

In this article we will use the VotingApp, a sample microservices application, to illustrate several of the ways an application can be deployed in a Kubernetes cluster:

The VotingApp

The VotingApp is an application created by Docker, it is mainly used to illustrate Docker and Kubernetes functionalities. This application follows a microservices architecture, it is made of five services as illustrated in the schema below.


An easy way to discover and play with Rook on the local machine

Photo by Nick Fewings on Unsplash

In a previous article, we presented Rook and used it to set up a HA Ceph cluster. In this new article, we will install Rook on a single node K3s cluster as it’s a good way to get started with this great CNCF project.

Setup of the k3s cluster

For the purpose of this article, we will use local VM provisioned on VirtualBox using Vagrant. The Vagrantfile below defines:

  • the configuration of the VM that will be created: the Linux distribution used, its IP address (192.168.33.10), the amount of RAM (2G), the addition of a disk with a capacity of 10G
  • setting up K3s and…


An intuitive graphical tool to define complex network policies

Dragonfly
Dragonfly
Photo by Andreas Weilguny on Unsplash.

Cilium, the eBPF-based networking solution, just released a web editor to facilitate the creation of Kubernetes network policies. In this article, we will demo the tool and use it to define a sample network policy.

A Quick Presentation of Cilium and eBPF

“Cilium is an open source project that has been designed on top of eBPF to address the networking, security, and visibility requirements of container workloads. It provides a high-level abstraction on top of eBPF.” — Cilium blog

Cilium has a wide application domain and is commonly used as a CNI plugin in Kubernetes, as illustrated in the following schema:


Using another container runtime for better isolation and security

People standing on an ice floe.
People standing on an ice floe.
Photo by Roxanne Desgagnés on Unsplash

As not all pods can be trusted, this article will show different options to enhance process isolation through the usage of container runtimes other than the default one (runc). We will use Kubernetes k0s distribution to illustrate all of this. If you do not know k0s, you can find a quick introduction in this article.

Create a K0s Cluster

In the introduction article, we detailed the steps needed to easily setup a k0s cluster. …


Get familiar with some key concepts of cluster management

Kitten pawing at flower
Kitten pawing at flower
Photo by Dimitri Houtteman on Unsplash.

This article offers a back-to-basics approach to help you understand several actions that can be done on a cluster’s nodes.

Our Test Cluster

Let’s consider a newly created kubeadm cluster containing one master and two worker nodes:

$ kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-1 Ready control-plane,master 18m v1.20.0
k8s-2 Ready <none> 18m v1.20.0
k8s-3 Ready <none> 18m v1.20.0

First, we will install Kubernetes Operational View (aka kube-ops-view). This application is very handy for seeing all the pods running in a cluster at a glance. There are currently 14 pods running:

  • Two of them are in the default namespace and are…


An example showing how kube-proxy plays with iptables

Examples of iptables rules
Examples of iptables rules
Examples of iptables rules. Photo by the author.

The Kubernetes network proxy (aka kube-proxy) is a daemon running on each node. It basically reflects the services defined in the cluster and manages the rules to load-balance requests to a service’s backend pods.


Demystifying the usage of CNI plugins

When setting up a Kubernetes cluster, the installation of a network plugin is mandatory for the cluster to be operational. To keep things simple, the role of a network plugin is to set up the network connectivity so Pods running on different nodes in the cluster can communicate with each other. Depending upon the plugin, different network solutions can be provided: overlay (vxlan, IP-in-IP) or non-overlay.

To simplify the usage of a network plugin, Kubernetes exposes the Container Network Interface (aka CNI) so any network plugin that implements this interface can be used.

Kubernetes also allows the usage of kubenet


A first look into the Vanilla Stack, a new open-source-only, cloud-native stack based on Kubernetes

flowers of the vanilla plant with pods attached
flowers of the vanilla plant with pods attached

A couple of weeks ago, I stumbled upon the Vanilla Stack, a technology stack based on Kubernetes and embedding many great open source components. In this article, which is mainly a presentation of the stack, we will quickly go through the installation process showing the different options available.

Vanilla Stack — A Gentle Introduction

The Vanilla Stack can be defined as a Kubernetes cluster shipped with many open source components.

Among the different solutions provided out of the box are:

  • Rook to manage distributed storage (filesystem, block, object)
  • OpenStack offering infrastructure as a service (IaaS)
  • Cloud Foundry offering a platform as a service (PaaS)

The following…

Luc Juggery

Docker & Kubernetes trainer (CKA / CKAD), 中文学生, Learning&Sharing

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store