Certified Kubernetes Application Developer (CKAD) 2021 Tasks

Task 1

Research how Kubernetes is used in Industries and what all use cases are solved by Kubernetes?
Create a blog/Article/video on industry use case for Kubernetes.

Solution

What is Kubernetes?

Kubernetes is a portable, extensible, open-source platform for managing containerized workloads and services, that facilitates both declarative configuration and automation. It has a large, rapidly growing ecosystem. Kubernetes services, support, and tools are widely available. Kubernetes is an open-source orchestration tool developed by Google for managing microservices or containerized applications across a distributed cluster of nodes. Kubernetes provides a highly resilient infrastructure with zero downtime deployment capabilities, automatic rollback, scaling, and self-healing of containers (which consists of auto-placement, auto-restart, auto-replication, and scaling of containers on the basis of CPU usage).

Kubernetes basic terms and definitions

To begin understanding how to use K8S, we must understand the objects in the API. Basic K8S objects and several higher-level abstractions are known as controllers. These are the building block of your application lifecycle.

Basic objects include:

  • Pod. A group of one or more containers.
  • Service. An abstraction that defines a logical set of pods as well as the policy for accessing them.
  • Volume. An abstraction that lets us persist data. (This is necessary because containers are ephemeral — meaning data is deleted when the container is deleted.)
  • Namespace. A segment of the cluster dedicated to a certain purpose, for example a certain project or team of devs.

Controllers, or higher-level abstractions, include:

  • ReplicaSet (RS). Ensures the desired amount of pod is what’s running.
  • Deployment. Offers declarative updates for pods an RS.
  • StatefulSet. A workload API object that manages stateful applications, such as databases.
  • DaemonSet. Ensures that all or some worker nodes run a copy of a pod. This is useful for daemon applications like Fluentd.
  • Job. Creates one or more pods, runs a certain task(s) to completion, then deletes the pod(s).

Micro Service

A specific part of a previously monolithic application. A traditional micro-service based architecture would have multiple services making up one, or more, end products. Micro services are typically shared between applications and makes the task of Continuous Integration and Continuous Delivery easier to manage.

Images

Typically a docker container image — an executable image containing everything you need to run your application; application code, libraries, a runtime, environment variables and configuration files. At runtime, a container image becomes a container which runs everything that is packaged into that image.

Pods

A single or group of containers that share storage and network with a Kubernetes configuration, telling those containers how to behave. Pods share IP and port address space and can communicate with each other over localhost networking. Each pod is assigned an IP address on which it can be accessed by other pods within a cluster. Applications within a pod have access to shared volumes — helpful for when you need data to persist beyond the lifetime of a pod.

Namespaces

Namespaces are a way to create multiple virtual Kubernetes clusters within a single cluster. Namespaces are normally used for wide scale deployments where there are many users, teams and projects.

Replica Set

A Kubernetes replica set ensures that the specified number of pods in a replica set are running at all times. If one pod dies or crashes, the replica set configuration will ensure a new one is created in its place. You would normally use a Deployment to manage this in place of a Replica Set.

Deployments

A way to define the desired state of pods or a replica set. Deployments are used to define HA policies to your containers by defining policies around how many of each container must be running at any one time.

Services

Coupling of a set of pods to a policy by which to access them. Services are used to expose containerised applications to origins from outside the cluster.

Nodes

A (normally) Virtual host(s) on which containers/pods are run.

Kubernetes architecture and components

A K8S cluster is made of a master node, which exposes the API, schedules deployments, and generally manages the cluster. Multiple worker nodes can be responsible for container runtime, like Docker or rkt, along with an agent that communicates with the master.

Master components

These master components comprise a master node:

  • Kube-apiserver. Exposes the API.
  • Etcd. Key value stores all cluster data. (Can be run on the same server as a master node or on a dedicated cluster.)
  • Kube-scheduler. Schedules new pods on worker nodes.
  • Kube-controller-manager. Runs the controllers.
  • Cloud-controller-manager. Talks to cloud providers.

Node components

  • Kubelet. Agent that ensures containers in a pod are running.
  • Kube-proxy. Keeps network rules and perform forwarding.
  • Container runtime. Runs containers.

What benefits does Kubernetes offer?

Out of the box, K8S provides several key features that allow us to run immutable infrastructure. Containers can be killed, replaced, and self-heal automatically, and the new container gets access to those support volumes, secrets, configurations, etc., that make it function.

These key K8S features make your containerized application scale efficiently:

  • Horizontal scaling.Scale your application as needed from command line or UI.
  • Automated rollouts and rollbacks.Roll out changes that monitor the health of your application — ensuring all instances don’t fail or go down simultaneously. If something goes wrong, K8S automatically rolls back the change.
  • Service discovery and load balancing.Containers get their own IP so you can put a set of containers behind a single DNS name for load balancing.
  • Storage orchestration.Automatically mount local or public cloud or a network storage.
  • Secret and configuration management.Create and update secrets and configs without rebuilding your image.
  • Self-healing.The platform heals many problems: restarting failed containers, replacing and rescheduling containers as nodes die, killing containers that don’t respond to your user-defined health check, and waiting to advertise containers to clients until they’re ready.
  • Batch execution.Manage your batch and Continuous Integration workloads and replace failed containers.
  • Automatic binpacking.Automatically schedules containers based on resource requirements and other constraints.

Why you need Kubernetes and what it can do

Containers are a good way to bundle and run your applications. In a production environment, you need to manage the containers that run the applications and ensure that there is no downtime. For example, if a container goes down, another container needs to start. Wouldn’t it be easier if this behavior was handled by a system?

That’s how Kubernetes comes to the rescue! Kubernetes provides you with a framework to run distributed systems resiliently. It takes care of scaling and failover for your application, provides deployment patterns, and more. For example, Kubernetes can easily manage a canary deployment for your system.

Kubernetes provides you with:

  • Service discovery and load balancing Kubernetes can expose a container using the DNS name or using their own IP address. If traffic to a container is high, Kubernetes is able to load balance and distribute the network traffic so that the deployment is stable.
  • Storage orchestration Kubernetes allows you to automatically mount a storage system of your choice, such as local storages, public cloud providers, and more.
  • Automated rollouts and rollbacks You can describe the desired state for your deployed containers using Kubernetes, and it can change the actual state to the desired state at a controlled rate. For example, you can automate Kubernetes to create new containers for your deployment, remove existing containers and adopt all their resources to the new container.
  • Automatic bin packing You provide Kubernetes with a cluster of nodes that it can use to run containerized tasks. You tell Kubernetes how much CPU and memory (RAM) each container needs. Kubernetes can fit containers onto your nodes to make the best use of your resources.
  • Self-healing Kubernetes restarts containers that fail, replaces containers, kills containers that don’t respond to your user-defined health check, and doesn’t advertise them to clients until they are ready to serve.
  • Secret and configuration management Kubernetes lets you store and manage sensitive information, such as passwords, OAuth tokens, and SSH keys. You can deploy and update secrets and application configuration without rebuilding your container images, and without exposing secrets in your stack configuration.

Pinterest’s Kubernetes Story

With over 250 million monthly active users and serving over 10 billion recommendations every single day, the engineers at Pinterest knew these numbers are going to grow day by day, and they began to realize the pain of scalability and performance issues.

Their initial strategy was to move their workload from EC2 instances to Docker containers; they first moved their services to Docker to free up engineering time spent on Puppet and to have an immutable infrastructure.

The next strategy was to move to Kubernetes. Now they can take ideas from ideation to production in a matter of minutes, whereas earlier they used to take hours or even days. They have cut down so much overhead cost by utilizing Kubernetes and have removed a lot of manual work without making engineers worry about the underlying infrastructure.

Challenge

After eight years in existence, Pinterest had grown into 1,000 microservices and multiple layers of infrastructure and diverse set-up tools and platforms. In 2016 the company launched a roadmap towards a new compute platform, led by the vision of creating the fastest path from an idea to production, without making engineers worry about the underlying infrastructure.

Solution

The first phase involved moving services to Docker containers. Once these services went into production in early 2017, the team began looking at orchestration to help create efficiencies and manage them in a decentralized way. After an evaluation of various solutions, Pinterest went with Kubernetes.

Impact

“By moving to Kubernetes the team was able to build on-demand scaling and new failover policies, in addition to simplifying the overall deployment and management of a complicated piece of infrastructure such as Jenkins,” says Micheal Benedict, Product Manager for the Cloud and the Data Infrastructure Group at Pinterest. “We not only saw reduced build times but also huge efficiency wins. For instance, the team reclaimed over 80 percent of capacity during non-peak hours. As a result, the Jenkins Kubernetes cluster now uses 30 percent less instance-hours per-day when compared to the previous static cluster.”

With Kubernetes, the U.S. Department of Defense is enabling DevSecOps on F-16s and battleships

Challenge 👨‍💻

In the recent past, software delivery within the U.S. Department of Defense could take anywhere from three to ten years for big weapons systems. “It was mostly teams using waterfall, no minimum viable product, no incremental delivery, and no feedback loop from end-users,” says Nicolas M. Chaillan, Chief Software Officer of the U.S. Air Force. “Particularly when it comes to AI, machine learning, and cybersecurity, everyone realized we have to move faster.”

Solution 💡

Chaillan and Peter Ranks, Deputy Chief Information Officer for Information Enterprise, DoD CIO, created the DoD Enterprise DevSecOps reference design, with a mandate to use CNCF-compliant Kubernetes clusters and other open source technologies across the DoD.

Impact ⚡

Releases, which once took as long as 3 to 8 months, now can be achieved in one week. An authority to operate (ATO) for a cloud enclave can be obtained within one week, plus “we have a continuous ATO on the platform stack,” says Chaillan. “Anytime it’s going to pass the gates, the software is automatically accredited. So you can push software multiple times a day.” All told, “we’re thinking with the 37 programs, it’s going to be a 100+ year saved off planned program time,” he adds.

CERN: Processing Petabytes of Data More Efficiently with Kubernetes

Challenge 👨‍💻

At CERN, the European Organization for Nuclear Research, physicists conduct experiments to learn about fundamental science. In its particle accelerators, “we accelerate protons to very high energy, close to the speed of light, and we make the two beams of protons collide,” says CERN Software Engineer Ricardo Rocha. “The end result is a lot of data that we have to process.” CERN currently stores 330 petabytes of data in its data centers, and an upgrade of its accelerators expected in the next few years will drive that number up by 10x. Additionally, the organization experiences extreme peaks in its workloads during periods prior to big conferences and needs its infrastructure to scale to those peaks. “We want to have a more hybrid infrastructure, where we have our on-premise infrastructure but can make use of public clouds temporarily when these peaks come up,” says Rocha. “We’ve been looking to new technologies that can help improve our efficiency in our infrastructure so that we can dedicate more of our resources to the actual processing of the data.”

Solution 💡

CERN’s technology team embraced containerization and cloud-native practices, choosing Kubernetes for orchestration, Helm for deployment, Prometheus for monitoring, and CoreDNS for DNS resolution inside the clusters. Kubernetes federation has allowed the organization to run some production workloads both on-premise and in public clouds.

Impact ⚡

“Kubernetes gives us the full automation of the application,” says Rocha. “It comes with built-in monitoring and logging for all the applications and the workloads that deploy in Kubernetes. This is a massive simplification of our current deployments.” The time to deploy a new cluster for a complex distributed storage system has gone from more than 3 hours to less than 15 minutes. Adding new nodes to a cluster used to take more than an hour; now it takes less than 2 minutes. The time it takes to autoscale replicas for system components has decreased from more than an hour to less than 2 minutes. Initially, virtualization gave 20% overhead, but with tuning, this was reduced to ~5%. Moving to Kubernetes on bare metal would get this to 0%. Not having to host virtual machines is expected to also get 10% of memory capacity back.

“Kubernetes is something we can relate to very much because it’s naturally distributed. What it gives us is a uniform API across heterogeneous resources to define our workloads. This is something we struggled with a lot in the past when we want to expand our resources outside our infrastructure.”

— RICARDO ROCHA, SOFTWARE ENGINEER, CERN

Thanks to sir Vimal and the LW team

#worldrecordholder #righteducation #vimaldaga #kubernetes #containerization #containertechnology #devops #cka #administration #virtualization #makingindiafutureready #ckabylw #ckadbylw #cka2020 #ckad #righteducation #cloudnative #training

🚀 Summary 🚀

Kubernetes is an orchestration tool for managing distributed services or containerized applications across a distributed cluster of nodes. It was designed for natively supporting (auto-)scaling, high availability, security, and portability. Kubernetes itself follows a client-server architecture, with a master node composed of etcd cluster, Kube-apiserver, Kube-controller-manager, cloud-controller-manager, scheduler. Client (worker) nodes are composed of Kube-proxy and kubelet components. Core concepts in Kubernetes include pods (a group of containers deployed together), services (a group of logical pods with a stable IP address), and deployments (a definition of the desired state for a pod or replica set, acted upon by a controller if the current state differs from the desired state), among others.