Not all server platforms, even the most powerful and scalable, satisfy all needs as they are. While Kubernetes works great on its own, it may lack the right pieces to be complete. You will always find a special case that ignores your need, or where Kubernetes won't work on a default install, such as database support or CD operation.
This is where add-ons, extensions and other goodies for this container orchestrator appear, supported by the widest community. In this article, there will be 11 of the best things we found. We ourselves in they are very interesting, and we plan to deal with them practically - to disassemble them into screws and nuts and see what's inside. Some of them will perfectly complement any Kubernetes cluster, while others will help solve particular tasks that are not implemented in the typical Kubernetes distribution.
Gatekeeper: policy management
Project (OPA) provides the ability to create policies on top of cloud application stacks in Kubernetes, from ingress to service mesh. gives Kubernetes native ability to enforce policies on the cluster automatically, and also provides inspection for any events or resources that violate the policy. All of this is handled by the relatively new Kubernetes mechanism, the Webhooks admission manager, which fires when resources change. With Gatekeeper, OPA policies become another part of the state of your Kubernetes cluster without the need for constant oversight.
Gravity: Portable Kubernetes Clusters
If you want to roll out an application to Kubernetes, many applications have a Helm chart that guides and automates this process. But what if you want to take your Kubernetes cluster "as is" and roll it out somewhere else?
takes snapshots of Kubernetes clusters, their registry for container images, as well as running applications called "application packages". Such a package, which is a regular file .tar, can replicate the cluster wherever Kubernetes can run.
Gravity also checks that the target infrastructure behaves the same as the source infrastructure, and also that the Kubernetes environment on the target is available. The paid version of Gravity also adds security features, including RBAC and the ability to synchronize security settings across different cluster deployments.
The latest major release, Gravity 7, can push a Gravity image into an existing Kubernetes cluster, instead of spinning up an entirely new cluster from the image. Gravity 7 can also work with clusters installed without using the Gravity image. Gravity also supports SELinux, and works natively with the Teleport SSH gateway.
Kaniko: Building Containers in a Kubernetes Cluster
Most container images are built on systems outside of the container stack. However, sometimes you need to build the image inside a stack of containers, such as somewhere in a running container, or in a Kubernetes cluster.
builds containers inside a container environment, but without depending on a containerization service, such as Docker. Instead, Kaniko extracts the file system from the base image, executes all user-space build commands on top of the extracted file system, taking a snapshot of the file system after each command.
Note: Kaniko is currently (May 2020, approx. translator) cannot build Windows containers.
Kubecost: Kubernetes startup cost options
Most Kubernetes administration tools focus on ease of use, monitoring, understanding the behavior inside a pod, and so on. But what about monitoring the cost - in rubles and kopecks - associated with the launch of Kubernetes?
processes Kubernetes parameters in real time, resulting in up-to-date cost information from running clusters at major cloud providers, displayed in a panel with monthly cost per cluster. Prices for RAM, CPU time, GPU and disk subsystem are broken down by Kubernetes components (container, pod, service, etc.)
Kubecost also tracks the cost of non-cluster resources such as Amazon S3 buckets, although this is limited by AWS. The cost data can be sent to Prometheus so you can use it to change the behavior of the cluster programmatically.
Kubecost is free to use if you have enough 15 days of log data. For additional features, pricing starts at $199 monthly for monitoring 50 nodes.
KubeDB: Running Battle Databases in Kubernetes
Databases are also difficult to run spectacularly in Kubernetes. You'll find Kubernetes operators for MySQL, PostgreSQL, MongoDB, and Redis, but they all have drawbacks. Also, the typical Kubernetes feature set does not directly address most of the defined database problems.
helps you create your Kubernetes statements for database management. Running backups, cloning, monitoring, snapshots, and declarative database creation are its constituent parts. Note that feature support is database dependent. For example, creating a cluster works for PostgreSQL, but not for MySQL ( there is, as rightly pointed out , approx. translator).
Kube-monkey: Chaos Monkey for Kubernetes
The most error-free method of stress testing is considered to be random breakdowns. This theory is at the heart of Netflix's Chaos Monkey, a chaotic engineering tool that randomly shuts down virtual machines and production environment containers to "incentivize" developers to build more resilient systems. - implementation of the same basic theory of stress testing for Kubernetes clusters. It works by randomly killing modules in the cluster that you designate, and can also be set to run at a specific time interval.
Kubernetes Ingress Controller for AWS
Kubernetes provides an external load balancer and cluster networking services through a service called AWS provides load balancing features but does not automatically bundle them with the same Kubernetes features. closes this gap.
It automatically manages AWS resources for each ingress in the cluster, creating load balancers for new ingress resources, and deleting load balancers when resources are removed. It uses CloudFormation to make sure the cluster state stays consistent. It also supports CloudWatch Alarm settings and automatically manages other elements used in the cluster, such as SSL certificates and EC2 Auto Scaling Groups.
Kubespray: Automatic installation of Kubernetes
automates the installation of a production-ready Kubernetes cluster, from installation on hardware servers to major public clouds. It uses Ansible (Vagrant optional) to kickstart the deployment and create a high-availability cluster from scratch with your choice of network add-ons (like Flannel, Calico, etc.) on your choice of popular Linux distribution when installed on hardware servers.
Skaffold: Iterative Development for Kubernetes
- one of the Google tools used to organize application CDs in Kubernetes. As soon as you make changes to the source code, skaffold automatically detects this, starts building and deploying, and warns you if there are any errors. Skaffold runs completely on the client side, so there may be little nuances with installation or updating. It can be used with existing CICD pipelines as well as interact with some external build tools, mainly Google's Bazel.
Teresa: The simplest PaaS on Kubernetes
is an application deployment system that runs a simple PaaS on top of Kubernetes. Teamed users can deploy and manage their own applications. This makes things a little easier for people who trust this application and don't want to deal with Kubernetes and all its complexities.
Tilt: Stream container updates to Kubernetes clusters
, developed by Windmill Engineering, monitors changes to different Dockerfiles and then progressively deploys the appropriate containers to the Kubernetes cluster. In essence, it allows you to update the production cluster in real time simply by updating the Dockerfiles. Tilt builds inside the cluster, the source code is all that needs to be changed. You can also take a snapshot of the cluster state and capture error conditions directly from Tilt to share with team members for debugging.
PS All these tools we have repeatedly in probed with our curious hands. To present real practices already (hopefully!) at offline intensives in February. February 8β10, 2021. And February 12β14. Honestly, we also missed the warm and energetically charged atmosphere of offline learning. No matter how advanced technologies are, they will not replace live human communication and a special atmosphere when like-minded people gather.
Source: habr.com