Professional Documents
Culture Documents
Sean Wingert
swinger@us.ibm.com
More details about what I’ll cover are already on our YouTube channel:
https://ibm.biz/BdY5V5
Preliminary
In Linux, it’s very helpful to use vim, not just vi, to troubleshoot, because you’ll be
working “remotely” (ssh commands):
Books:
Preliminary
Problem:
Docker and especially Kubernetes and Helm are under heavy
development, so books often outdated—at least on specifics. They’re
useful for theory, but see the following Websites for the latest
commands.
Preliminary
Websites:
https://kubernetes.io/
https://github.com/helm/helm
https://www.docker.com/
Preliminary
https://www.ibm.com/support/knowledgecenter/SSCKRH_1.0.3/platform/install_deployment_topology.html
Preliminary
Containers
Containers
cgroup
namespace
device mapper
https://fr.slideshare.net/jpetazzo/anatomy-of-a-container-namespaces-cgroups-some-filesystem-magic-linuxcon
Containers
Cgroups
limits how much / many system resources you can use
Containers
Namespaces:
Provide processes with their own
view of the system.
Device Mapper:
The device mapper is a framework provided by the Linux kernel for
mapping physical block devices onto higher-level virtual block devices.
It forms the foundation of the logical volume manager (LVM), software
RAIDs and dm-crypt disk encryption, and offers additional features such
as file system snapshots.[1]
-- Wikipedia
Containers
Containers
VMs are sometimes called “pets” because you lavish time on them and
don’t want them to stop working.
What’s cool about containers is that they look and feel like VMs, but
they much faster and “lighter” because they share the hosts’ kernel,
unlike VMs.
Docker
Docker
In short, you copy what you want to modify, modify it onto a new file
and update the old pointers to point to new locations.
Docker
Registry:
Docker hub (public) or your local one (private). Contains the repository.
Repository:
“Images are stored in collections, known as a repository, which is keyed by a name.” Effectively the
image with optional tags visible by curling the catalog
Catalog:
“The list of available repositories is made available through the catalog.”
Docker
Docker Compose - which allows you to run stacks of containers to represent application
stacks, for example web server, application server and database server containers running
together to serve a specific application.
Docker Swarm - which allows you to create clusters of containers, called swarms, that
allow you to run scalable workloads.
NOTE: FCI doesn’t use the above in production but you’ll likely see those mentioned
elsewhere. The FCI team settled on Kubernetes instead of Docker Swarm because k8s has a
good mechanism to get two containers to talk to each other and because the tide is
moving towards Kubernetes.In other words Kubernetes won the “battle” over Swarm in
terms of running Docker Containers and is more popular than Swarm, despite that the
company that created Docker also created Swarm.
Docker
In the declarative model, you define the end state, and the system
determines how to get there.
Docker
In the imperative model, you define each step in sequence. You tell the
system how to get to the end state.
Docker
The FCI installer installs and configures all of these Docker and
Kubernetes components for you. Specifically it installs Docker CE on all
servers, all the rpms needed for Docker & Kubernetes, the Docker
Registry, Kubernetes, Helm, & Calico.
Docker
In FCI, if you already have Docker installed, the FCI installer will detect it
and utilize the existing Docker and lay Kubernetes on top of it.
Docker
Useful commands:
docker ps
shows a list of images on the current host
docker stats
shows CPU and disk usage on the current host
docker exec –ti CONTAINER_NAME /bin/bash
e.g., docker run –it ubuntu bash
docker version
gives the currently installed version of docker
Docker
Problems
What happens when you have 10, 50, 100, or 1,000 containers spread
across multiple hosts?
Docker alone can’t give you much insight about what they’re doing.
Docker
Enter Kubernetes!
Kubernetes
Kubernetes
"The first thing to know is that Kubernetes came out of Google. The
next thing to know is that in the summer of 2014 it was open-sourced
and handed over to the Cloud Native Computing Foundation (CNCF).
Since then it’s gone on to become one of the most important
container-related technologies in the world - probably second only to
Docker.“ - Turnbull
Kubernetes
History
Kubernetes was originally called Borg.
“Stories of Google crunching through billions of containers a week are
re-told at meetups all over the world.”
Kubernetes
In Kubernetes, A Node is a
bare-metal or Virtual
machine (VM), typically a
VM in FCI, that runs your
pods.
A Service in
Kubernetes is a
Resource and
REST object,
similar to a Pod.
Like all of the REST
objects, a Service
definition can be
POSTed to the
apiserver to create
a new instance.
Kubernetes
https://sddevops.github.io/presentations/kubernetes-overview/
Kubernetes
Example:
kubectl logs fcii-fci-insurance-liberty-6dcdbf968d-gl8vs -c CONTAINERNAME
Kubernetes
Resources
pods
secrets
configmap
persistent volumes (PV)
persistent volume claims (PVC)
Kubernetes
“The declarative model and the concept of desired state are two tings
at the very heart of the way Kubernetes works.”
Kubernetes
“If you are running Kubernetes worker and Kubernetes master on the
same server or virtual machine (VM), than you need to run the kubectl
taint command, which allows pods to be scheduled to run on the
Kubernetes master server.” -- IBM Knowledge Center
Kubernetes
Namespaces
Commands
kubectl ...
kubectl get pods
kubectl get pods -o wide
kubectl get pods -o yaml
kubectl get all -o wide
kubectl version
Kubernetes
"During the startup of a Pod, the Init Containers are started in order,
after the network and volumes are initialized. Each Container must exit
successfully before the next is started. If a Container fails to start due to
the runtime or exits with failure, it is retried..."
Kubernetes
"A Pod cannot be Ready until all Init Containers have succeeded...A Pod
that is initializing is in the Pending state but should have a condition
Initializing set to true.“
Useful command
watch kubectl get pods
Kubernetes
Problems
With Kubernetes, you only interact with one resource at a time.
Note: FCI’s installer manages Helm for you and customers, but it’s still useful
to know for troubleshooting.
cat /root/fci-install-toolkit-1.1/helm/install-20181113-160413.log
helm upgrade --install --recreate-pods fcii -f fcii-values.yaml --set
global.coreReleaseName=fci --set
global.initPvImage=fciicluster1.fyre.ibm.com:5000/centos:7 --set
global.managerFQDN=fciicluster1.fyre.ibm.com --set
global.nfsServer=fciicluster1.fyre.ibm.com --set
global.dockerRepository=fciicluster1.fyre.ibm.com:5000 /root/fcii-install-toolkit-
3.1/helm/fci-insurance-3.1.tgz
Helm
If you need to modify a Kubernetes resource, you can use kubectl edit
Potentially, that means 10 different kubectl edit commands.
If you use Helm to make those changes instead, you get rollbacks and
audits of changes. In seconds, you can undo mistakes.
Helm
"A Helm Repository is the place where charts can be collected and
shared. It’s like Perl’s CPAN archive or the Fedora Package Database,
but for Kubernetes packages"
Helm
You can install a chart, upgrade to the next version (APAR), and track
which version is deployed.
Helm
“Project Calico is a layer 3-based networking model that uses the built-in
routing functions of the Linux kernel. Routes are propagated to virtual
routers on each host via Border Gateway Protocol (BGP). Calico can be used
for anything from small-scale deploys to large Internet-scale installations.
Because it works at a lower level on the network stack, there is no need for
additional NAT, tunneling, or overlays.”
Ingress
Question:
How do I know if my system installed correctly?
Troubleshooting
Answer:
Question:
How do I know if my system is running correctly?
Troubleshooting
Answer:
kubectl get all -o wide
Troubleshooting
Question:
What does this mean?
Answer:
Mention the container with -c: