Author: root

Introduction

I’m excited to announce the release of Rancher 2.2 Preview 2, which contains a number of powerful features for day two operations on Kubernetes clusters.

Please visit our release page or the release notes to learn more about all of the features we shipped today.

In this article I introduce one of the features: multi-cluster applications. Read on to learn how this will dramatically reduce your workload and increase the reliability of multi-cluster operations.

Overview

If you’ve been using Kubernetes and have two or more clusters, you are familiar with at least one of the following use cases:

• Applications have higher fault tolerance when deployed across multiple availability zones (AZs)
• In edge computing scenarios with hundreds of clusters, the same application needs to run on multiple clusters.

In the high reliability use case operators often mitigate the risks associated with running in a single AZ by pulling nodes from a multiple AZs into a single cluster. The problem with this approach is that even though it resists the failure of an AZ, it will not withstand a failure of the cluster itself. The likelihood of a cluster failure is higher than that of an AZ failure, and if the cluster fails, it might affect the applications running within it.

An alternate approach is to run a separate cluster in each AZ and run a copy of the application on each cluster. This process treats each Kubernetes cluster as its own availability zone, but manually maintaining applications on each cluster is both time consuming and prone to error.

The edge computing use case suffers from the same issue as the multi-AZ cluster: maintenance of the application is either manual, time-consuming, and prone to error, or else the operations team has created sophisticated scripts to handle deployments and upgrades. This additional process overhead moves the point of failure to a different location in the workflow. These scripts require support and maintenance, and they introduce a dependency on the person or people with the knowledge to not only codify the process, but also to understand and manually execute the process if the scripts fail.

Beginning with Rancher 2.2 Preview 2, available from the 2.2.0-alpha6 release tag and up, Rancher will simultaneously deploy and upgrade copies of the same application on any number of Kubernetes clusters.

This feature extends our powerful Application Catalog, built on top of the rock-solid Helm package manager for Kubernetes. Before today the Application Catalog features only applied to individual clusters. We’ve added an additional section at the Global level where those with the correct privileges can deploy apps to any cluster managed by Rancher.

For a full demonstration of this feature and other features released with Rancher 2.2 Preview 2, join us for the upcoming online meetup, where we’ll give a live demo of the features and answer any questions you have.

Read on for a quick introduction to how multi-cluster applications work in Rancher.

Feature Quick Start

• When you log in to Rancher, you will see a list of all the clusters it manages. You will also see a new global menu item – Multi-Cluster Apps.

• After clicking Multi-Cluster Apps, you will see two buttons, Manage Catalogs and Launch. Manage Catalogs takes you to the Catalogs configuration screen where you can enable the main Helm repositories or add additional third-party Helm repositories.
• Click the Launch button to launch a new application.

• Rancher now shows a list of all the applications you can deploy. We will select Grafana.

• The next screen asks for configuration details. Choose the settings and the corresponding values using either the form or direct YAML input. The settings you choose here will be common across all the clusters to which Rancher will deploy this application.

• Under Configuration Options select the target clusters within the Target Projects dropdown. This list not only shows you the available clusters, but it also asks that you choose a specific Project within the destination cluster.

• Choose an upgrade strategy. For our demo, we will choose “Rolling Update” and provide a batch size of 1 and an interval of 20 seconds. When we do an upgrade in the future, this setting assures that Rancher will update the clusters one at a time, with a delay of 20 seconds between each.

• If you need to make adjustments to account for the differences between each cluster, you can do so in the Answer Overrides section.

• When you’re ready, click Launch at the bottom of the page. You will then see a page that shows all of the deployed multi-cluster apps for your installation. Each will show its current status and a list of the target clusters and projects.

• When an upgrade is available for the application, Rancher will show Upgrade Available as the application status.
• To initiate an upgrade, click on the hamburger menu (the menu with the three dots) in the Grafana box and choose Upgrade.

• Verify that the “Rolling Update” option is selected.
• Change some settings and click on the Upgrade button at the bottom of the page.

If you navigate to the Workloads tab of the target clusters, you’ll see one of them change its status to Updating. This cluster will update, then Rancher will pause for 20 seconds (or for the interval you chose) before continuing to the next cluster and updating its copy of the application.

Conclusion

Multi-cluster applications will reduce the workload of operations teams and make it possible to deploy and upgrade applications quickly and reliably across all clusters.

To test these features in your lab or development environment, install the latest alpha release. If you have any feedback, please open an issue on Github, or join us in the forums or on Slack.

Ankur Agarwal

Head of Product Management

Ankur joined Rancher from Qubeship.io, a CA Accelerator that he founded. He has led Product Management at VMware, Mercury Interactive and Oracle. In his spare time, he volunteers at his daughter’s elementary school, helping kids code.

Source

With the rise of the containerization technology and increased attention from enterprises and technologists in general, more and more containerized applications have been deployed to the cloud. Moreover, research conducted by 451 Research predicts that the application container market will grow dramatically through 2020, which will continue to expand the number of containerized applications being deployed to the cloud.

When the scale and complexity of production-critical containers rises, container orchestration tools come into the picture and become an indispensable part of enterprises’ container management toolbox. Kubernetes and Docker Swarm are two famous and leading players in the container orchestration market and become the essential part of microservices of many enterprises.

Overview of Kubernetes

Kubernetes is an open-source, community-driven Container Orchestration Engine (COE) inspired by a Google project called Borg. Kubernetes is used to orchestrate fleets of containers representing instances of applications that are decoupled from the machines they run on. As the number of containers in a cluster increases to hundreds or thousands of instances, with application components deployed as separate containers, Kubernetes comes to the rescue by providing a framework for deployment, management, auto-scaling, high availability, and related tasks.

Kubernetes allows you to handle various container orchestration related tasks such as scaling containers up or down, automatic failover, distributing workloads among containers hosted on different machines.

Kubernetes follows the traditional client-server type of architecture where the Master node has the global view of the cluster and is responsible for the decision making. Users can interact with the Master node through the REST API, the web UI, and the command line interface (CLI). The Master node interacts with the Worker nodes that host the containerized applications.

Some of the common terminology used within the Kubernetes ecosystem are:

• Container: Containers are the units of packaging used to bundle application binaries together with their dependencies, configuration, framework, and libraries.
• Pods: Pods are the deployment units in Kubernetes ecosystem which contains one or more containers together on the same node. Group of containers can work together and share the resources to achieve the same goal.
• Node: A node is the representation of a single machine in the cluster running Kubernetes applications. A node can be a physical, bare metal machine or a virtual machine.
• Cluster: Several Nodes are connected to each other to form a cluster to pool resources that are shared by the applications deployed onto the cluster.
• Persistent Volume: Since the containers can join and leave the computing environment dynamically, local data storage can be volatile. Persistent volumes help store container data more permanently.

Overview of Docker Swarm

Docker Swarm is an alternative, Docker-native Container Orchestration Engine that coordinates container placement and management among multiple Docker Engine hosts. Docker Swarm allows you to communicate directly with swarm instead of communicating with each Docker Engine individually. Docker Swarm architecture comprises two types of nodes called Managers and Workers.

Below are the common terminology used in the Docker Swarm ecosystem:

• Node: A node is a machine that runs an instance of Docker Engine
• Swarm: A cluster of Docker Engine instances.
• Manager Node: Manager nodes distribute and schedule incoming tasks onto the Worker nodes and maintains the cluster state. Manager Nodes can also optionally run services for Worker nodes.
• Worker Node: Worker nodes are instances of Docker Engine responsible for running applications in containers.
• Service: A service is an image of a microservice, such as web or database servers.
• Task: A service scheduled to run on a Worker node.

Comparison of Kubernetes vs Docker Swarm Features

Both Kubernetes and Docker Swarm COEs have advantages and disadvantages , and the best fit will largely depend on your requirements. Below we compare a few features they share.

Feature	Kubernetes	Docker Swarm	Notes
Cluster Setup and Configuration	Challenging to install and setup a cluster manually. Several components such as networking, storage, ports, and IP ranges for Pods require proper configuration and fine-tuning. Each of these pieces require planning, effort, and careful attention to instructions.	Simple to install and setup a cluster with fewer complexities. A single set of tools is used to setup and configure the cluster.	Setting up and configuring a cluster with Kubernetes is more challenging and complicated as it requires more steps that must be carefully followed. Setting up a cluster with Docker Swarm is quite simple, requiring only two commands once Docker Engine is installed.
Administration	Provides a CLI, REST API, and Dashboard to control and monitor a variety of services.	Provides a CLI to interact with the services.	Kubernetes has a large set of commands to manage a cluster, leading to a steep learning curve. However, these commands provide great flexibility and you also have access to the dashboard GUI to manage your clusters. Docker Swarm is bound to Docker API commands and has a relatively small learning curve to start managing a cluster.
Auto-scaling	Supports auto-scaling policies by monitoring incoming server traffic and automatically scaling up or down based on the resource utilization.	Supports scaling up or down with commands.	From a technical perspective, it is not practical to manually scale containers up or down. Therefore, Kubernetes is clearly the winner.
Load-balancing	Load balancing must be configured manually unless Pods are exposed as services.	Uses ingress load balancing and also assigns ports to services automatically.	Manual configuration for load balancing in Kubernetes is an extra step, but not very complicated. Automatic load balancing in Docker Swarm is very flexible.
Storage	Allows sharing storage volumes between containers within the same Pod.	Allows sharing data volumes with any other container on other nodes.	Kubernetes deletes the storage volume if the Pod is killed. Docker Swarm deletes storage volume when the container is killed.
Market Share	According to Google Trends, as of February 2019, the popularity of the Kubernetes in worldwide web and YouTube searches are about 79% and 75% of peak values, respectively, for the past 12 months.	According to Google Trends, as of February 2019, the popularity of Docker Swarm in worldwide web and YouTube searches is at about 5% of peak values for the past 12 months.	As can be seen in the Google Trends report, Kubernetes leads the market share in the popularity of web and YouTube searches. Kubernetes dominates this category compared to the less popular Docker Swarm.

Conclusion

In summary, both Kubernetes and Docker Swarm have advantages and disadvantages.

If you require a quick setup and have simple configuration requirements, Docker Swarm may be a good option due to its simplicity and shallow learning curve.

If your application is complex and utilize hundreds of thousands of containers at the production, Kubernetes, with its auto scaling capabilities and high availability policies, is almost certainly the right choice. However, its steep learning curve and longer setup and configuration time can be a bad fit for some users. With additional tooling, like Rancher, some of these administration and maintenance pain points can be mitigated, making the platform more accessible.

Faruk Caglar, PhD

Cloud Computing Researcher and Solution Architect

Faruk Caglar received his PhD from the Electrical Engineering and Computer Science Department at Vanderbilt University. He is a researcher in the fields of Cloud Computing, Big Data, Internet of Things (IoT) as well as Machine Learning and solution architect for cloud-based applications. He has published several scientific papers and has been serving as reviewer at peer-reviewed journals and conferences. He also has been providing professional consultancy in his research field.

Source

Continue your education with Kubernetes Master Classes

Learn to navigate the modern development landscape with confidence and get started without leaving home.

Learn More

Introduction

Redis (which stands for REmote DIctionary Server) is an open source, in-memory datastore, often used as a database, cache or message broker. It can store and manipulate high-level data types like lists, maps, sets, and sorted sets. Because Redis accepts keys in a wide range of formats, operations can be executed on the server, which reduces the client’s workload. It holds its database entirely in memory, only using the disk for persistence. Redis is a popular data storage solution and is used by tech giants like GitHub, Pinterest, Snapchat, Twitter, StackOverflow, Flickr, and others.

Why Use Redis?

• It is incredibly fast. It is written in ANSI C and runs on POSIX systems such as Linux, Mac OS X, and Solaris.
• Redis is often ranked the most popular key/value database and the most popular NoSQL database used with containers.
• Its caching solution reduces the number of calls to a cloud database backend.
• It can be accessed by applications through its client API library.
• Redis is supported by all of the popular programming languages.
• It is open source and stable.

Redis Use in the Real World

• Some Facebook online games have a very high number of score updates. Executing these operations is trivial when using a Redis sorted set, even if there are millions of users and millions of new scores per minute.
• Twitter stores the timeline for all users within a Redis cluster.
• Pinterest stores the user follower graphs in a Redis cluster where data is sharded across hundreds of instances.
• Github uses Redis as a queue.

What is Redis Cluster?

Redis Cluster is a set of Redis instances, designed for scaling a database by partitioning it, thus making it more resilient. Each member in the cluster, whether a primary or a secondary replica, manages a subset of the hash slot. If a master becomes unreachable, then its slave is promoted to master. In a minimal Redis Cluster made up of three master nodes, each with a single slave node (to allow minimal failover), each master node is assigned a hash slot range between 0 and 16,383. Node A contains hash slots from 0 to 5000, node B from 5001 to 10000, node C from 10001 to 16383. Communication inside the cluster is made via an internal bus, using a gossip protocol to propagate information about the cluster or to discover new nodes.

Deploying Redis Cluster in Kubernetes

Deploying Redis Cluster within Kubernetes has its challenges, as each Redis instance relies on a configuration file that keeps track of other cluster instances and their roles. For this we need a combination of Kubernetes StatefulSets and PersistentVolumes.

Prerequisites

To perform this demo, you need the following:

• Rancher
• A Google Cloud Platform or other cloud provider account. The examples below use GKE, but any other cloud provider will also work.

Starting a Rancher Instance

If you do not have an instance of Rancher, launch one with the instructions in the quickstart.

Use Rancher to Deploy a GKE Cluster

Use Rancher to set up and configure your Kubernetes cluster, following the documentation.

When the cluster is ready, we can check its status via kubectl.

$ kubectl get nodes
NAME STATUS ROLES AGE VERSION
gke-c-8dcng-default-pool-08c0a15c-2gpw Ready <none> 1h v1.11.2-gke.18
gke-c-8dcng-default-pool-08c0a15c-4q79 Ready <none> 1h v1.11.2-gke.18
gke-c-8dcng-default-pool-08c0a15c-g9zv Ready <none> 1h v1.11.2-gke.18

Deploy Redis

Continue to deploy Redis Cluster, either by using kubectl to apply the YAML files or by importing them into the Rancher UI. All of the YAML files that we need are listed below.

$ kubectl apply -f redis-sts.yaml
configmap/redis-cluster created
statefulset.apps/redis-cluster created

$ kubectl apply -f redis-svc.yaml
service/redis-cluster created

Click for YAML content

redis-sts.yaml

—
apiVersion: v1
kind: ConfigMap
metadata:
name: redis-cluster
data:
update-node.sh: |
#!/bin/sh
REDIS_NODES=”/data/nodes.conf”
sed -i -e “/myself/ s/[0-9]\.[0-9]\.[0-9]\.[0-9]/$/” $
exec “$@”
redis.conf: |+
cluster-enabled yes
cluster-require-full-coverage no
cluster-node-timeout 15000
cluster-config-file /data/nodes.conf
cluster-migration-barrier 1
appendonly yes
protected-mode no
—
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: redis-cluster
spec:
serviceName: redis-cluster
replicas: 6
selector:
matchLabels:
app: redis-cluster
template:
metadata:
labels:
app: redis-cluster
spec:
containers:
– name: redis
image: redis:5.0.1-alpine
ports:
– containerPort: 6379
name: client
– containerPort: 16379
name: gossip
command: [“/conf/update-node.sh”, “redis-server”, “/conf/redis.conf”]
env:
– name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
volumeMounts:
– name: conf
mountPath: /conf
readOnly: false
– name: data
mountPath: /data
readOnly: false
volumes:
– name: conf
configMap:
name: redis-cluster
defaultMode: 0755
volumeClaimTemplates:
– metadata:
name: data
spec:
accessModes: [ “ReadWriteOnce” ]
resources:
requests:
storage: 1Gi

redis-svc.yaml

—
apiVersion: v1
kind: Service
metadata:
name: redis-cluster
spec:
type: ClusterIP
ports:
– port: 6379
targetPort: 6379
name: client
– port: 16379
targetPort: 16379
name: gossip
selector:
app: redis-cluster

Verify the Deployment

Check that the Redis nodes are up and running:

$ kubectl get pods
NAME READY STATUS RESTARTS AGE
redis-cluster-0 1/1 Running 0 7m
redis-cluster-1 1/1 Running 0 7m
redis-cluster-2 1/1 Running 0 6m
redis-cluster-3 1/1 Running 0 6m
redis-cluster-4 1/1 Running 0 6m
redis-cluster-5 1/1 Running 0 5m

Below are the 6 volumes that we created:

$ kubectl get pv
NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE
pvc-ae61ad5c-f0a5-11e8-a6e0-42010aa40039 1Gi RWO Delete Bound default/data-redis-cluster-0 standard 7m
pvc-b74b6ef1-f0a5-11e8-a6e0-42010aa40039 1Gi RWO Delete Bound default/data-redis-cluster-1 standard 7m
pvc-c4f9b982-f0a5-11e8-a6e0-42010aa40039 1Gi RWO Delete Bound default/data-redis-cluster-2 standard 6m
pvc-cd7af12d-f0a5-11e8-a6e0-42010aa40039 1Gi RWO Delete Bound default/data-redis-cluster-3 standard 6m
pvc-d5bd0ad3-f0a5-11e8-a6e0-42010aa40039 1Gi RWO Delete Bound default/data-redis-cluster-4 standard 6m
pvc-e3206080-f0a5-11e8-a6e0-42010aa40039 1Gi RWO Delete Bound default/data-redis-cluster-5 standard 5m

We can inspect any of the Pods to see its attached volume:

$ kubectl describe pods redis-cluster-0 | grep pvc
Normal SuccessfulAttachVolume 29m attachdetach-controller AttachVolume.Attach succeeded for volume “pvc-ae61ad5c-f0a5-11e8-a6e0-42010aa40039”

The same data is visible within the Rancher UI.

Deploy Redis Cluster

The next step is to form a Redis Cluster. To do this, we run the following command and type yes to accept the configuration. The first three nodes become masters, and the last three become slaves.

$ kubectl exec -it redis-cluster-0 — redis-cli –cluster create –cluster-replicas 1 $(kubectl get pods -l app=redis-cluster -o jsonpath='{.status.podIP}:6379 ‘)

Click for full command output.

>>> Performing hash slots allocation on 6 nodes…
Master[0] -> Slots 0 – 5460
Master[1] -> Slots 5461 – 10922
Master[2] -> Slots 10923 – 16383
Adding replica 10.60.1.13:6379 to 10.60.2.12:6379
Adding replica 10.60.2.14:6379 to 10.60.1.12:6379
Adding replica 10.60.1.14:6379 to 10.60.2.13:6379
M: 2847de6f6e7c8aaa8b0d2f204cf3ff6e8562a75b 10.60.2.12:6379
slots:[0-5460] (5461 slots) master
M: 3f119dcdd4a33aab0107409524a633e0d22bac1a 10.60.1.12:6379
slots:[5461-10922] (5462 slots) master
M: 754823247cf28af9a2a82f61a8caaa63702275a0 10.60.2.13:6379
slots:[10923-16383] (5461 slots) master
S: 47efe749c97073822cbef9a212a7971a0df8aecd 10.60.1.13:6379
replicates 2847de6f6e7c8aaa8b0d2f204cf3ff6e8562a75b
S: e40ae789995dc6b0dbb5bb18bd243722451d2e95 10.60.2.14:6379
replicates 3f119dcdd4a33aab0107409524a633e0d22bac1a
S: 8d627e43d8a7a2142f9f16c2d66b1010fb472079 10.60.1.14:6379
replicates 754823247cf28af9a2a82f61a8caaa63702275a0
Can I set the above configuration? (type ‘yes’ to accept): yes
>>> Nodes configuration updated
>>> Assign a different config epoch to each node
>>> Sending CLUSTER MEET messages to join the cluster
Waiting for the cluster to join
….
>>> Performing Cluster Check (using node 10.60.2.12:6379)
M: 2847de6f6e7c8aaa8b0d2f204cf3ff6e8562a75b 10.60.2.12:6379
slots:[0-5460] (5461 slots) master
1 additional replica(s)
S: 47efe749c97073822cbef9a212a7971a0df8aecd 10.60.1.13:6379
slots: (0 slots) slave
replicates 2847de6f6e7c8aaa8b0d2f204cf3ff6e8562a75b
M: 754823247cf28af9a2a82f61a8caaa63702275a0 10.60.2.13:6379
slots:[10923-16383] (5461 slots) master
1 additional replica(s)
M: 3f119dcdd4a33aab0107409524a633e0d22bac1a 10.60.1.12:6379
slots:[5461-10922] (5462 slots) master
1 additional replica(s)
S: e40ae789995dc6b0dbb5bb18bd243722451d2e95 10.60.2.14:6379
slots: (0 slots) slave
replicates 3f119dcdd4a33aab0107409524a633e0d22bac1a
S: 8d627e43d8a7a2142f9f16c2d66b1010fb472079 10.60.1.14:6379
slots: (0 slots) slave
replicates 754823247cf28af9a2a82f61a8caaa63702275a0
[OK] All nodes agree about slots configuration.
>>> Check for open slots…
>>> Check slots coverage…
[OK] All 16384 slots covered.

Verify Cluster Deployment

Check the cluster details and the role for each member.

$ kubectl exec -it redis-cluster-0 — redis-cli cluster info

Click for full command output

cluster_state:ok
cluster_slots_assigned:16384
cluster_slots_ok:16384
cluster_slots_pfail:0
cluster_slots_fail:0
cluster_known_nodes:6
cluster_size:3
cluster_current_epoch:6
cluster_my_epoch:1
cluster_stats_messages_ping_sent:41
cluster_stats_messages_pong_sent:41
cluster_stats_messages_sent:82
cluster_stats_messages_ping_received:36
cluster_stats_messages_pong_received:41
cluster_stats_messages_meet_received:5
cluster_stats_messages_received:82

$ for x in $(seq 0 5); do echo “redis-cluster-$x”; kubectl exec redis-cluster-$x — redis-cli role; echo; done

Click for full command output

redis-cluster-0
1) “master”
2) (integer) 56
3) 1) 1) “10.60.1.13”
2) “6379”
3) “56”

redis-cluster-1
1) “master”
2) (integer) 70
3) 1) 1) “10.60.2.14”
2) “6379”
3) “70”

redis-cluster-2
1) “master”
2) (integer) 70
3) 1) 1) “10.60.1.14”
2) “6379”
3) “70”

redis-cluster-3
1) “slave”
2) “10.60.2.12”
3) (integer) 6379
4) “connected”
5) (integer) 84

redis-cluster-4
1) “slave”
2) “10.60.1.12”
3) (integer) 6379
4) “connected”
5) (integer) 98

redis-cluster-5
1) “slave”
2) “10.60.2.13”
3) (integer) 6379
4) “connected”
5) (integer) 98

Testing the Redis Cluster

We want to use the cluster and then simulate a failure of a node. For the former task, we’ll deploy a simple Python app, and for the latter, we’ll delete a node and observe the cluster behavior.

Deploy the Hit Counter App

We’ll deploy a simple app into our cluster and put a load balancer in front of it. The purpose of this app is to increment a counter and store the value in the Redis cluster before returning the counter value as an HTTP response.

Deploy this using kubectl or the Rancher UI.

$ kubectl apply -f app-deployment-service.yaml
service/hit-counter-lb created
deployment.apps/hit-counter-app created

Click for YAML content.

app-deployment-service.yaml

—
apiVersion: v1
kind: Service
metadata:
name: hit-counter-lb
spec:
type: LoadBalancer
ports:
– port: 80
protocol: TCP
targetPort: 5000
selector:
app: myapp
—
apiVersion: apps/v1
kind: Deployment
metadata:
name: hit-counter-app
spec:
replicas: 1
selector:
matchLabels:
app: myapp
template:
metadata:
labels:
app: myapp
spec:
containers:
– name: myapp
image: calinrus/api-redis-ha:1.0
ports:
– containerPort: 5000

Rancher shows us the resources that we created: a Pod containing the Python app, and the Service of type LoadBalancer. The details of the Service will show us its public IP address.

At this point, we can start hitting the IP with a browser to generate some values for the hit counter.

Simulate a Node Failure

We can simulate the failure of a cluster member by deleting the Pod, either via kubectl or from within the Rancher UI. When we delete redis-cluster-0, which was originally a master, we see that Kubernetes promotes redis-cluster-3 to master, and when redis-cluster-0 returns, it does so as a slave.

Before

$ kubectl describe pods redis-cluster-0 | grep IP
IP: 10.28.0.5
POD_IP: (v1:status.podIP)

$ kubectl describe pods redis-cluster-3 | grep IP
IP: 10.28.0.6
POD_IP: (v1:status.podIP)

$ kubectl exec -it redis-cluster-0 — redis-cli role
1) “master”
2) (integer) 1859
3) 1) 1) “10.28.0.6”
2) “6379”
3) “1859”

$ kubectl exec -it redis-cluster-3 — redis-cli role
1) “slave”
2) “10.28.0.5”
3) (integer) 6379
4) “connected”
5) (integer) 1859

After

$ kubectl exec -it redis-cluster-0 — redis-cli role
1) “slave”
2) “10.28.0.6”
3) (integer) 6379
4) “connected”
5) (integer) 2111

$ kubectl exec -it redis-cluster-3 — redis-cli role
1) “master”
2) (integer) 2111
3) 1) 1) “10.28.2.12”
2) “6379”
3) “2111”

We see that the IP for redis-cluster-0 has changed, so how did the cluster heal?

When we created the cluster, we created a ConfigMap that in turn created a script at /conf/update-node.sh that the container calls when starting. This script updates the Redis configuration with the new IP address of the local node. With the new IP in the confic, the cluster can heal after a new Pod starts with a different IP address.

During this process, if we continue to load the page, the counter continues to increment, and following the cluster convergence, we see that no data has been lost.

Conclusion

Redis is a powerful tool for data storage and caching. Redis Cluster extends the functionality by offering sharding and correlated performance benefits, linear scaling, and higher availability because of how Redis stores data. The data is automatically split among multiple nodes, which allows operations to continue, even when a subset of the nodes are experiencing failures or are unable to communicate with the rest of the cluster.

For more information on Redis Cluster, please visit the tutorial or specification documentation.

For more information on Rancher, please visit our main website or our documentation.

Calin Rus

Source

Automate Operations on your Cluster with OperatorHub.io

Author:
Diane Mueller, Director of Community Development, Cloud Platforms, Red Hat

One of the important challenges facing developers and Kubernetes administrators has been a lack of ability to quickly find common services that are operationally ready for Kubernetes. Typically, the presence of an Operator for a specific service – a pattern that was introduced in 2016 and has gained momentum – is a good signal for the operational readiness of the service on Kubernetes. However, there has to date not existed a registry of Operators to simplify the discovery of such services.

To help address this challenge, today Red Hat is launching OperatorHub.io in collaboration with AWS, Google Cloud and Microsoft. OperatorHub.io enables developers and Kubernetes administrators to find and install curated Operator-backed services with a base level of documentation, active maintainership by communities or vendors, basic testing, and packaging for optimized life-cycle management on Kubernetes.

The Operators currently in OperatorHub.io are just the start. We invite the Kubernetes community to join us in building a vibrant community for Operators by developing, packaging, and publishing Operators on OperatorHub.io.

What does OperatorHub.io provide?

OperatorHub.io is designed to address the needs of both Kubernetes developers and users. For the former it provides a common registry where they can publish their Operators alongside with descriptions, relevant details like version, image, code repository and have them be readily packaged for installation. They can also update already published Operators to new versions when they are released.

Users get the ability to discover and download Operators at a central location, that has content which has been screened for the previously mentioned criteria and scanned for known vulnerabilities. In addition, developers can guide users of their Operators with prescriptive examples of the CustomResources that they introduce to interact with the application.

What is an Operator?

Operators were first introduced in 2016 by CoreOS and have been used by Red Hat and the Kubernetes community as a way to package, deploy and manage a Kubernetes-native application. A Kubernetes-native application is an application that is both deployed on Kubernetes and managed using the Kubernetes APIs and well-known tooling, like kubectl.

An Operator is implemented as a custom controller that watches for certain Kubernetes resources to appear, be modified or deleted. These are typically CustomResourceDefinitions that the Operator “owns.” In the spec properties of these objects the user declares the desired state of the application or the operation. The Operator’s reconciliation loop will pick these up and perform the required actions to achieve the desired state. For example, the intent to create a highly available etcd cluster could be expressed by creating an new resource of type EtcdCluster:

apiVersion: “etcd.database.coreos.com/v1beta2”
kind: “EtcdCluster”
metadata:
name: “my-etcd-cluster”
spec:
size: 3
version: “3.3.12”

The EtcdOperator would be responsible for creating a 3-node etcd cluster running version v3.3.12 as a result. Similarly, an object of type EtcdBackup could be defined to express the intent to create a consistent backup of the etcd database to an S3 bucket.

How do I create and run an Operator?

One way to get started is with the Operator Framework, an open source toolkit that provides an SDK, lifecycle management, metering and monitoring capabilities. It enables developers to build, test, and package Operators. Operators can be implemented in several programming and automation languages, including Go, Helm, and Ansible, all three of which are supported directly by the SDK.

If you are interested in creating your own Operator, we recommend checking out the Operator Framework to get started.

Operators vary in where they fall along the capability spectrum ranging from basic functionality to having specific operational logic for an application to automate advanced scenarios like backup, restore or tuning. Beyond basic installation, advanced Operators are designed to handle upgrades more seamlessly and react to failures automatically. Currently, Operators on OperatorHub.io span the maturity spectrum, but we anticipate their continuing maturation over time.

While Operators on OperatorHub.io don’t need to be implemented using the SDK, they are packaged for deployment through the Operator Lifecycle Manager (OLM). The format mainly consists of a YAML manifest referred to as [ClusterServiceVersion](https://github.com/operator-framework/operator-lifecycle-manager/blob/master/Documentation/design/building-your-csv.md) which provides information about the CustomResourceDefinitions the Operator owns or requires, which RBAC definition it needs, where the image is stored, etc. This file is usually accompanied by additional YAML files which define the Operators’ own CRDs. This information is processed by OLM at the time a user requests to install an Operator to provide dependency resolution and automation.

What does listing of an Operator on OperatorHub.io mean?

To be listed, Operators must successfully show cluster lifecycle features, be packaged as a CSV to be maintained through OLM, and have acceptable documentation for its intended users.

Some examples of Operators that are currently listed on OperatorHub.io include: Amazon Web Services Operator, Couchbase Autonomous Operator, CrunchyData’s PostgreSQL, etcd Operator, Jaeger Operator for Kubernetes, Kubernetes Federation Operator, MongoDB Enterprise Operator, Percona MySQL Operator, PlanetScale’s Vitess Operator, Prometheus Operator, and Redis Operator.

Want to add your Operator to OperatorHub.io? Follow these steps

If you have an existing Operator, follow the contribution guide using a fork of the community-operators repository. Each contribution contains the CSV, all of the CustomResourceDefinitions, access control rules and references to the container image needed to install and run your Operator, plus other info like a description of its features and supported Kubernetes versions. A complete example, including multiple versions of the Operator, can be found with the EtcdOperator.

After testing out your Operator on your own cluster, submit a PR to the community repository with all of YAML files following this directory structure. Subsequent versions of the Operator can be published in the same way. At first this will be reviewed manually, but automation is on the way. After it’s merged by the maintainers, it will show up on OperatorHub.io along with its documentation and a convenient installation method.

Want to learn more?

• Attend one of the upcoming Kubernetes Operator Framework hands-on workshops at ScaleX in Pasadena on March 7 and at the OpenShift Commons Gathering on Operating at Scale in Santa Clara on March 11
• Listen to this OpenShift Commons Briefing on “The State of Operators” with Daniel Messer and Diane Mueller
• Join in on the online conversations in the community Kubernetes-Operator Slack Channel and the Operator Framework Google Group
• Finally, read up on how to add your Operator to OperatorHub.io: https://operatorhub.io/contribute

Source

Almost one year ago I started
Stampede as an R&D project to look at the
implications of Docker on cloud computing moving forward, and as such
I’ve explored many ideas. After releasing Stampede, and getting so much
great feedback, I’ve decided to concentrate my efforts. I’m renaming
Stampede.io to Rancher.io to signify the new
direction and focus the project is taking. Going forward, instead of the
experimental personal project that Stampede was, Rancher will be a
well-sponsored open source project focused on building a portable
implementation of infrastructure services similar to EBS, VPC, ELB, and
many other services. Most Docker projects today look to build solutions
that will sit on top of Docker and allow developers to schedule, monitor
and manage applications. Rancher takes a different approach, it focuses
on developing infrastructure services that will sit below Docker.
Rancher will deliver a completely portable implementation of the
infrastructure services you would expect to find in a cloud such as AWS,
including EBS, VPC, ELB, Security Groups, Monitoring, RDS, and many
more. Docker has dramatically impacted cloud computing because it offers
a portable package for an application. This portability means an
application will run on any infrastructure whether it is your laptop, a
physical server, or a cloud. Once you have a portable application you
can do some amazing things to improve application performance,
availability and costs using scheduling, service discovery, application
templating, policy management, etc. Exciting projects including
Kubernetes, Panamax, Helios, Clocker, Dies, etc, are building technology
on top of Docker to deliver this type of value. Rancher focuses on a
very different problem. Imagine I have an application running on AWS
today that uses functionality from EBS and VPC. If I Dockerize my
application and run it on AWS, I will still be able to leverage EBS and
VPC. However, if I move that application to Digital Ocean, or my own
datacenter, those services just don’t exist. While Docker itself is
portable, infrastructure services vary dramatically between clouds, and
data centers, making real application portability almost impossible
without architecting around those differences in your application.
Rancher focuses on building portable implementations of these
infrastructure services that can run on any cloud, or even multiple
clouds at the same time. With Rancher you will be able to get
infrastructure services as reliable as AWS provides, anywhere, including
on your own hardware, another cloud provider, a dedicated server
provider, or any combination of physical and virtual resources. With
Rancher, hybrid cloud is no longer an over-hyped marketing term that
relies on trying to make incompatible APIs work together, but instead a
core capability as ubiquitous as Linux and Docker. In the short term you
can expect Rancher to focus on fundamental storage and networking
services similar to EBS, VPC, ELB, and Route 53. Once those fundamental
services are implemented they will serve as the foundation for other
infrastructure services similar to CloudWatch, CloudMetrics,
AutoScaling, RDS etc. I’m building Rancher, because I want users to be
able to access awesome portable infrastructure services everywhere they
can run Docker. Docker is portable because Linux is everywhere, and
Rancher takes the same approach; we build storage, networking, and other
infrastructure services from simple Linux VMs and servers. Thank you
again for all of the input on Stampede, and I hope you will join me in
making Rancher an enormous success. If you’d like to learn more about
Rancher, please schedule a demo, and we can talk with you about the
project. -Darren Shepherd
(@ibuildthecloud)

Source

Hi Everyone, I’m Will Chan, the new VP of engineering here at Rancher,
and I wanted to post an update about some of the things we’re working on
here at Rancher for release later this quarter. I started at Rancher in
early December, and since then I’ve been thrilled to see how many people
have downloaded Rancher and are using it to manage and implement
networking around Docker. I’m really excited about some of the features
we’re working on, and wanted to give you a sneak peek of what’s coming
over the next two months.  Docker Swarm Rancher has always
closely followed Docker, and based on announcements at DockerCon in
Amsterdam, we are excited to announce that we’re working on adding
support for Docker Swarm and Docker Machine. If you haven’t had a chance
to look at these features, please do so as we feel Docker
Swarm, a tool that
allows the deployment of Docker containers into multiple hosts, and
Docker Machine, a
tool that allows the creation of Docker-enabled hosts across various
cloud providers, will become core elements of the Docker ecosystem. Here
are some of features we plan on developing in the short term:

• Docker Machine Support: Docker Machine is designed to run locally on
  the machine where it has been installed. We will be integrating this
  functionality with Rancher so that users will be able to create new
  Docker enabled hosts via Rancher’s UI/API and automatically have
  those hosts register with Rancher. This should simplify scaling of
  infrastructure, and will enable Docker Machine to work with all of
  Rancher’s networking and orchestration capabilities. Of course, you
  can always create hosts via machine outside of Rancher and register
  them manually with Rancher, but we think once you start using
  machine within Rancher you’ll find it much easier.
• Docker Swarm Support: Swarm is also currently a tool that is
  intended to run locally on the machine where it was installed. We
  want to help Swarm scale, so we’re adding a few things to the Swarm
  experience:
  • First, if you create a Swarm cluster via the Rancher UI/API, we
    will automatically create and manage a swarm-server that Rancher
    can communicate against. We will also automatically install the
    swarm-agent on any hosts that have been added to Swarm via
    Rancher.
  • Second, we are working with the Docker team to extend Swarm so
    that a cluster can be created outside of Rancher and
    automatically imported into Rancher for management.
• New UI: We are working on an entirely new UI that will debut soon.
  The UI will focus on visualizing containers, swarms and hosts, and
  will incorporate support for many of the new features we’ll talk
  about below.
• Authentication Support: Currently, Rancher supports a single user
  model. We plan to integrate a framework that will allow
  authentication against an external system via LDAP, OAUTH, SAML,
  etc. Our first implementation will be against Github via OAUTH. With
  this feature, users will be able to invite colleagues to join
  Rancher and collaborate.
• Projects: To extend the focus on collaboration, Rancher is adding
  support for projects. Projects will allow users to share hosts and
  containers across multiple accounts. Initially, we’ll be defining
  Project members as Github team members.

As we work on all of this, we’ll be sharing design and implementation
details on GitHub. Please don’t
hesitate to send feedback. Our goal is to create a fantastic operations
platform that will allow users to seamlessly work with existing Docker
environments and preserve the native Docker experience. Happy New Year
and here’s to a successful 2015! Will

Source

Hi everyone, I recorded a brief overview of how to launch a Rancher 0.3
environment, connect it with some resources from a few different public
clouds, and then deploy an application. If you’d like to learn more
about Rancher, please visit our GitHub site for
information on joining the community, or downloading the software. You
can also schedule a demo to talk with one of our engineers about the
project.

You Might Also Like

blog

Introducing Projects: Docker Environments for Collaboration

blog

Darren Shepherd demonstrates RancherOS at San Francisco Docker Meetup

blog

Rancher 0.47 is now available!

Source

Hi, I’m Sidhartha Mani, one of the engineers here
@Rancher_Labs, and I’ve been
working on the user management functionality in Rancher. This week, we
released support for GitHub OAuth. I’m very excited about his, because
it allows organizations to connect their GitHub org structures to docker
and collaborate on management. In this blogpost I’ll show you how to
setup GitHub OAuth on Rancher for your organization.

• Rancher-Auth 2-minute setup.
• How do we do authentication?
• What’s planned for the future?

Rancher Auth 2-minute Setup

Here’s a short video explaining the setup of Github OAuth on Rancher.

How do we do authentication?

Github is free and easy to use. A wide spectrum of organizations, from
large corporations to small startups display their open source might
using GitHub. In order to make it easy for our users to use our product,
we built our authentication feature based on GitHub OAuth. GitHub OAuth
provides capabilities like :-

1. GitHub organizational structure reflects the access control
   structure that organizations wish for.
   • GitHub organizations consist of teams, and teams consist of
     repositories. Rancher allows one to create access controls based
     on these structures.
     • For example, If you wanted the resources of one of your
       projects to be controlled by a limited set of people (say
       the members of a single team within your organization), it
       is easy to setup a rancher project just for that team. The
       team members would then be able to add/delete/edit the
       resources that belong to them.
   • Additionally, GitHub allows one to configure auth based on users
     and organizations. Rancher leverages the flexibility of these
     structures as well.
     • For example, If you wanted the resources to be constrained
       to just one user, you could create a Rancher project and set
       the scope to user.
     • Similarly, you could set the scope to “organization” level
       and all the members of your organization would be able to
       access the resources of the project.
2. The setup, maintanance and usage of GitHub auth is simple.
   • Since Rancher doesn’t maintain passwords or complex mappings,
     the implementation is safe, secure, simple and robust.

What’s planned for the future?

We’re working on a couple things. First, we’ll be adding support for
projects. Basically these are Docker environments that can be shared
between groups of users. Project support will be coming out in late
February (This is now
available: Blog).
Second, GitHub OAuth doesn’t provide fine grained access controls such
as providing read only access to a subset of people in the organization
or write access to another subset of people in the organization. Such
complex access control can be provided with LDAP. LDAP can be expected
in the near future versions of Rancher. If at any point you’d like to
learn more about Rancher, please request a 1:1 demonstration, and we’ll
be happy to answer all of your questions.

Source

We’re excited to announce v0.6 of cert-manager, the general purpose x509 certificate management tool for Kubernetes. cert-manager provides automated issuance, renewal and management of certificates within your organisation.

Certificate management in highly dynamic environments is no easy feat, and if approached without careful consideration
could quickly lead to outages and service interuption when certificates begin expiring.
By standardising on a single tool for managing your PKI assets, you can ensure that certificates are being
automatically renewed, and that the appropriate teams are notified if there are any issues or policy violations within
your cluster.

Over the last year, we’ve seen the project grow rapidly, approaching 3,000 stars on GitHub and with a community of
over 100 code contributors, and thousands of people providing support, discussion and insight.

In this post, we’re going to explore some of the new features of the v0.6 release, as well as discuss our plans for
the project as it works towards a “1.0” release!

In the past, due to the way that cert-manager was initially designed, we’ve had problems controlling and managing
cert-manager’s ACME client usage. This has in some cases lead to excessive use of ACME APIs, which can cause problems
for public ACME providers such as Let’s Encrypt.

This release significantly refactors how we process and manage ACME certificates, and as a result we’ve seen a net
reduction in API usage of up to 100x in some of the worst cases.
Making this change was no small job, and has taken a few months to properly mature into what it is today.

In order to achieve these improvements, we’ve created ‘Order’ and ‘Challenge’ resource types within the Kubernetes API.
This allows us to cache and reason about objects that would usually only exist within the ACME server, using our own
API. By doing it this way, it also allows more advanced users and integrators to understand and control the ACME Order
flow, as we present structured information about the process in the form of our CRDs.

To summarise, this restructure gives us:

• Centralised point of logging and debugging of the ACME authorization process. Instead of searching through log
  messages, it’s now possible to run kubectl describe to understand what the state of a certificate is.
• Fewer API calls to ACME servers. Information about Orders and Challenges is now stored within the Kubernetes API.
  This means we don’t need to query the ACME API in order to make control-flow decisions.
• Cleaner, more understandable separation of concerns. This allows you to build your own integrations and ‘hook in’
  to the authorization process.

This is largely an internal change, but with far reaching benefits. For more details, check out the details in the pull
request #788.

We are keen to hear feedback on this new design, so please create issues including the /area acme text in order to
report feedback.

Off the back of the changes discussed above, we’ve been able to implement far more intelligent handling of rate limits
and quotas with ACME servers. This was previously not possible, due to the way we scheduled challenges for processing.

In large scale deployments, we’ve seen these changes have an extremely positive effect. In one case, up to 80000 domain names were validated without hitting quota troubles! We’ll be publishing more information on some of our
largest users, and how we’ve helped them with their managed certificate offerings, over the coming weeks – stay tuned!

So far we’ve spoken a lot about improving how we use external APIs, but how do we know we’ve made improvements?

Well, as part of v0.6 we’ve expanded out the set of Prometheus metrics we expose. This allows you to build custom
dashboards and alerts to monitor your cert-manager deployment, including:

• Certificate expiry times
• Number of certificates
• How the ACME client is used

In later releases we’re going to extend this further so that you can build alerting policy so you can keep ahead of
the curve with upcoming or newly introduced issues!

Below is an example of a dashboard we’ve assembled, that allows you to monitor how cert-manager is interacting with
Let’s Encrypt APIs. The metrics are broken down by path, status code and a number of other labels:

A sample of the metrics exposed by the ACME client

We’ll also be publishing some example dashboards that can be easily used with cert-manager over the coming releases.

In earlier releases, we introduced the ‘webhook’ component which performs advanced resource validation of your
resources before they can be stored in the apiserver, such as ensuring that all DNS names provided are valid.

This means that when a user creates a Certificate, Issuer or ClusterIssuer resource, they can be validated and checked
to ensure they are well-formed and don’t contain mistakes that could otherwise cause problems for the way the
controller works.

As part of the v0.6 release, we now enable this webhook component by default. Doing this will ensure that all users
are running with a ‘level playing field’ and hopefully prevent bugs/misconfigurations sneaking into production setups!

It’s been requested for a while that we support different private key types beyond RSA. Thanks to the community, we now
support ECDSA private keys in all parts of cert-manager.

In order to use the alternate key algorithm, you can simply specify certificate.spec.keyAlgorithm on your Certificate
resource. As the project matures, we’ll look to add and expose new fields like this as part of the API specs.

We hope, in time, to provide a meaningful abstractions over the x509 specification, giving you full control over the
shape of your PKI assets!

As part of our validation for this release, we’ve been able to test cert-manager in larger deployment configurations.
This includes running with 10s of thousands of certificate resources at a time, whilst also ensuring that our client,
memory and CPU usage scale linearly.

As a result of this testing, we’ve also got numerous scale-related improvements triaged for the next release, v0.7.

Since we’ve moved to a monthly release cadence, cert-manager v0.7 is due to be released at the end of February.
This means more frequent, smaller releases.

cert-manager v0.7 therefore contains a few new features, and a slew of bugfixes. Notable features include:

• Webhook based DNS01 solvers (ACME): since we began supporting the ACME DNS01 challenge mechanism, we’ve had requests
  for some way for users to integrate cert-manager with their own DNS nameservers.
  @zuzzas has been working on a new DNS01 challenge provider, the ‘webhook’ provider.
  This will allow anyone to integrate cert-manager with their own DNS setups, without having to create pull requests
  upstream.
• ARM32 and ARM64 support: this has been a long time coming – from v0.7 onwards, we’ll begin publishing both ARM32 and
  ARM64 docker images that can be used in your ARM based clusters.
• Improvements to the webhook deployment strategy: we’ve previously relied on a CronJob resource that periodically
  ensures PKI assets for the webhook are up-to-date. After feedback, we’ve decided to move this to be handled by a
  new, dedicated controller. This should mean the certificate rotation process for the webhook itself is far more
  robust.
• Moving to our own Helm chart repository: this will allow us to publish new copies of the Helm chart more frequently,
  and also expose the chart on the Helm hub.
• Improved challenge error handling: we’ll be including failure reasons as part of the ‘reason’ field on Challenge
  resources, meaning you’ll no longer need to grep through the cert-manager logs in order to work out why your ACME
  validations are failing.
• Alpha level support for Venafi issued certificates: a lot of enterprise users make use of the
  Venafi platform to procure certificates from their own CAs, and have existing processes that utilise the Venafi
  management capabilities across their organisations. The v0.7 release will include support for integrating
  cert-manager with Venafi, allowing organisations that already have automated PKI configured to begin consuming
  certificates within their Kubernetes clusters.

The v0.6 release has been a long time coming, but has set a basis for us to work and pave the way for a stable
v1.0 release. We’re really looking forward to getting the next iteration of the project out there, and have goals to
mature our API to beta (and finally GA) within the next 6 months.

Stay tuned, keep an eye on the project and watch the blog for more updates!

Source