Twitter
Home Blog Page 573

What Is Kubernetes?

By
Carla Schroder
-

Kubernetes is open source software for automating deployment, scaling, and management of containerized applications. The project is governed by the Cloud Native Computing Foundation, which is hosted by The Linux Foundation. And it’s quickly becoming the Linux of the cloud, says Jim Zemlin, executive director of The Linux Foundation.

Running a container on a laptop is relatively simple. But connecting containers across multiple hosts, scaling them when needed, deploying applications without downtime, and service discovery among several aspects, are really hard challenges. Kubernetes addresses those challenges with a set of primitives and a powerful API.

A key aspect of Kubernetes is that it builds on 15 years of experience at Google, which donated the technology to CNCF in 2015. Google infrastructure started reaching high scale before virtual machines became pervasive in the datacenter, and containers provided a fine-grained solution to pack clusters efficiently.

In this blog series, we introduce you to LFS258: Kubernetes Fundamentals, the Linux Foundation Kubernetes training course. The course is designed for Kubernetes beginners, and will teach students to deploy a containerized application, and how to manipulate resources via the API. You can download the sample chapter now.

The Meaning of Kubernetes

“Kubernetes” means the helmsman, or pilot of the ship. In keeping with the maritime theme of Docker containers, Kubernetes is the pilot of a ship of containers.

Challenges

Containers have seen a huge rejuvenation in the past three years. They provide a great way to package, ship, and run applications. The developer experience has been boosted tremendously thanks to containers. Containers, and Docker specifically, have empowered developers with ease of building container images, and simplicity of sharing images via Docker registries.

However, managing containers at scale and architecting a distributed application based on microservices’ principles is still challenging. You first need a continuous integration pipeline to build your container images, test them, and verify them. Then you need a cluster of machines acting as your base infrastructure on which to run your containers. You also need a system to launch your containers, watch over them when things fail, and self-heal. You must be able to perform rolling updates and rollbacks, and you need a network setup which permits self-discovery of services in a very ephemeral environment.

Kubernetes Architecture

To quickly de-mystify Kubernetes, let’s have a look at Figure 1, which shows a high-level architecture diagram of the system components. In its simplest form, Kubernetes is made of a central manager (aka master) and some worker nodes. (You will learn in the course how to run everything on a single node for testing purposes).

The manager runs an API server, a scheduler, a controller, and a storage system to keep the state of the cluster. Kubernetes exposes an API via the API server so you can communicate with the API using a local client called kubectl, or you can write your own client. The scheduler sees the requests for running containers coming to the API and finds a suitable node to run that container in.

Each node in the cluster runs two processes: a kubelet and a service proxy. The kubelet receives requests to run the containers and watches over them on the local node. The proxy creates and manages networking rules to expose the container on the network.

Figure 1: Kubernetes system components.

In a nutshell, Kubernetes has the following characteristics:

  • It is made of a manager and a set of nodes

  • It has a scheduler to place containers in a cluster

  • It has an API server and a persistence layer with etcd

  • It has a controller to reconcile states

  • It is deployed on VMs or bare-metal machines, in public clouds, or on-premise

  • It is written in Go

How Is Kubernetes Doing?

Since its inception, Kubernetes has seen a terrific pace of innovation and adoption. The community of developers, users, testers, and advocates is continuously growing every day. The software is also moving at an extremely fast pace, which is even putting GitHub to the test. Here are a few numbers:

  • It was open sourced in June 2014

  • It has 1,000+ contributors

  • There are 37k+ commits

  • There have been meetups in over 100 cities worldwide, with over 30,000 participants in 25 countries

  • There are over 8,000 people on Slack

  • There is one major release approximately every three months

To see more interesting numbers about the Kubernetes community, you can check the infographic created by Apprenda.

Who Uses Kubernetes?

Kubernetes is being adopted at a rapid pace. To learn more, you should check out the case studies presented on Kubernetes.io. eBay, box, Pearson, and Wikimedia have all shared their stories. Pokemon Go, the fastest growing mobile game, runs on Google Container Engine (GKE), the Kubernetes service from Google Cloud Platform (GCP).

In this article, we talked about what Kubernetes is, what it does, and took a look at its architecture. Next week in this series, we’ll compare Kubernetes to competing container managers.

Download the sample chapter now.

Kubernetes sample

Meet Your Instructor: Sebastien Goasguen

This blog series is adapted from materials prepared by course instructor Sebastien Goasguen, a 15-year open source veteran. He wrote the O’Reilly Docker Cookbook and, while investigating the Docker ecosystem, he started focusing on Kubernetes. He is the founder of Skippbox, a Kubernetes startup that provides solutions, services, and training for this key cloud-native technology, and Senior Director of Cloud Technologies for Bitnami. He is also a member of the Apache Software Foundation and a member/contributor to the Kubernetes Incubator.

Using the Valgrind Framework to Build a Persistent Memory Error Detector

By
Dawn Foster
-

Persistent Memory was a hot topic at LinuxCon Europe with at least three talks from the team involved in developing the Non-Volatile Memory Library (NVML), including an overview of persistent memory in Linux and extending libstdc++ and libc++ for easier persistent memory programming. In the last talk on this topic from LinuxCon Europe, Krzysztof Czurylo, Software Architect at Intel, goes into detail about using the Valgrind framework to build a persistent memory error detector.

Czurylo started with an overview of persistent memory and the SNIA NVM Programming Model, which was covered in more detail in the blog posts for the other two talks in this series. He quickly moved on to talk about some of the issues and the tools they needed to build to solve them. Specifically, they needed a persistent memory error detection tool that could:

  • Differentiate between volatile and persistent memory regions.
  • Detect stores that were not flushed to persistence.
  • Detect stores that were overwritten before being made persistent.
  • Detect superfluous flushes.
  • Support persistent memory transactions.
  • Simulate failure / flush reordering.

They were thinking about writing some tools from scratch, but Czurylo said that eventually they decided to use Valgrind, which is a popular tool that supports multiple platforms and is already widely used by the community. Valgrind is also feature-rich with low-level instrumentation and good multi-threading support. More specifically, Valgrind already performs a lot of what they needed in a persistent memory error detection tool, since it already tracks changes to memory, so they only needed to write tools that allowed Valgrind to detect whether the order of operations is correct. One nice feature of Valgrind is that it already has a client request mechanism, which allows them to inject specific persistent memory requests or queries into the code. However, there are a couple of downsides. The API isn’t well documented and can be difficult to use, and there are also performance issues where the execution is a couple of times slower when you run your program using this tool. 

The Valgrind pmemcheck tool is still evolving with several new features and other improvements being planned. Future work includes store reordering, ADR support / detection, performance tuning, upstreaming to the Valgrind repositories, and more.

Watch the video of Czurylo’s talk to get all of the details about using the Valgrind pmemcheck tools.

Interested in speaking at Open Source Summit North America on September 11-13? Submit your proposal by May 6, 2017. Submit now>>

Not interested in speaking but want to attend? Linux.com readers can register now with the discount code, LINUXRD5, for 5% off the all-access attendee registration price. Register now to save over $300!

Slaying Monoliths with Docker and Node.js, a Netflix Original by Yunong Xiao, Netflix.com

By
The Linux Foundation
-

https://www.youtube.com/watch?v=H_iK7jww_j8?list=PLfMzBWSH11xYaaHMalNKqcEurBH8LstB8

Yunong Xiao, Principal Software Engineer at Netflix, describes scaling challenges the company has encountered and explains how the company delivers content to a global audience on an ever-growing number of platforms.

 

Modules vs. Microservices

By
O'Reilly
-

Much has been said about moving from monoliths to microservices. Besides rolling off the tongue nicely, it also seems like a no-brainer to chop up a monolith into microservices. But is this approach really the best choice for your organization? It’s true that there are many drawbacks to maintaining a messy monolithic application. But there is a compelling alternative which is often overlooked: modular application development. In this article, we’ll explore what this alternative entails and show how it relates to building microservices.

Microservices for modularity

“With microservices we can finally have teams work independently”, or “our monolith is too complex, which slows us down.” These expressions are just a few of the many reasons that lead development teams down the path of microservices. Another one is the need for scalability and resilience. What developers collectively seem to be yearning for is a modular approach to system design and development. Modularity in software development can be boiled down into three guiding principles:

Read more at O’Reilly

 

IEEE Looks Beyond Moore’s Law with IRDS Technology Roadmap

By
insideHPC
-

IEEE is taking a lead role in building a comprehensive, end-to-end view of the computing ecosystem, including devices, components, systems, architecture, and software. In May 2016, IEEE announced the formation of the IRDS under the sponsorship of IEEE RC. The historical integration of IEEE RC and the International Technology Roadmap for Semiconductors (ITRS) 2.0 addresses mapping the ecosystem of the new reborn electronics industry. The new beginning of the evolved roadmap—with the migration from ITRS to IRDS—is proceeding seamlessly as all the reports produced by the ITRS 2.0 represent the starting point of IRDS.

While engaging other segments of IEEE in complementary activities to assure alignment and consensus across a range of stakeholders, the IRDS team is developing a 15-year roadmap with a vision to identify key trends related to devices, systems, and other related technologies.

Read more at insideHPC

Using Proprietary Services to Develop Open Source Software

By
OpenSource.com
-

… a lot of open source software is developed on (and with the help of) proprietary services running closed-source code. Countless open source projects are developed on GitHub, or with the help of JIRA for bug tracking, Slack for communications, Google Docs for document authoring and sharing, Trello for status boards. That sounds a bit paradoxical and hypocritical—a bit too much “do what I say, not what I do.” Why is that? If we agree that open source has so many tangible benefits, why are we so willing to forfeit them with the very tooling we use to produce it?

But it’s free!

The argument usually goes like this: Those platforms may be proprietary, they offer great features, and they are provided free of charge to my open source project.

Read more at OpenSource.com

Open Source Project Uses Docker for Serverless Computing

By
InfoWorld
-

Function as a Service (FaaS) uses Docker and Swarm to create a simple system for running functions in the container, language, and runtime of your choice.

Serverless computing has fast become a staple presence on major clouds, from Amazon to Azure. It’s also inspiring open source projects designed to make the concept of functions as a service useful to individual developers.

FaaS is designed to be more elementary than similar projects, mainly because it emphasizes Unix mechanisms and metaphors as much as the tools of the Docker stack.

Read more at InfoWorld

Slaying Monoliths at Netflix with Node.js

By
Paul Brown
-

The growing number of Netflix subscribers — nearing 85 million at the time of this Node.js Interactive talk — has generated a number of scaling challenges for the company. In his talk, Yunong Xiao, Principal Software Engineer at Netflix, describes these challenges and explains how the company went from delivering content to a global audience on an ever-growing number of platforms, to supporting all modern browsers, gaming consoles, smart TVs, and beyond. He also looks at how this led to radically modifying their delivery framework to make it more flexible and resilient.

One of the first steps Netflix took to cope with their swelling subscriber base was to migrate all their infrastructure to the cloud. But somehow, Xiao says, that didn’t mean that once the migration complete, the developers could “just sit around and watch TV shows.” The cloud, after all, is just somebody else’s computer, and scaling for the number of users is just part of the problem. As the number of users increased, so did the number of platforms they had to deliver to. In its first iteration, Netflix only worked on the browsers, and the framework was simply a Java web server that managed everything. The server did more or less everything, both rendering the UI and accessing the data.

Netflix relies on microservices to provide a diverse range of features. For each microservice there is a team of developers that more or less owns the service and provides a client to the Java server to use. The Java server — the monolith in this story — suffered from several issues. To begin with, it was very slow to push and innovate. Every time a new show launched and they wanted to add a new roll title to the UI, they had to push the service. If one of the development teams launched a new and improved version of a client, they had to push the service. When a new microservice was added to the existing ones, they had to push the service. Furthermore, increasing the number of supported devices was nearly impossible in any practical sense.

So in the next iteration, the development team migrated to a REST API. This unlocked the ability to support more devices. The new framework also separated the rendering of the UI and the accessing of data processes. However, the REST API also came with its fair share of disadvantages. For one it was inflexible, as it was originally designed for one kind of device and adding new devices was painful. Also, as a different team owned the REST API, the microservices teams were often waiting weeks for API changes to support their own new services.

It also proved inefficient. REST is resource based and every little element on the Netflix UI is a resource. So, in order to, for example, fetch all of a customer’s favorite movies, the services had to make multiple round trips to the back end. Ultimately, it proved difficult to maintain, because the API became more complex and bloated as developers tried to retrofit it with more features.

The different developer teams needed flexibility to innovate for the platforms they were supporting, and the resulting REST API was too clunky and restrictive for this. Another evolution of the Netflix framework was required.

The API.NEXT allowed each team to upload their own custom APIs to the servers. The teams could change the scripts (written in Groovy) as much as they liked without affecting other teams. The API service itself could also be updated independently from the APIs that it was serving. The problem was the Monolith was back again, and that led to scaling problems. Netflix has literally thousands of scripts sharing the same space, serving millions of clients. It was common, says, Xiao, to “run out of headspace,” be that memory, CPU, or I/O bandwidth. This led to expensive upgrades when more resources were needed. Another thing that even led to outages were errors in the scripts themselves: If a script had a memory leak, for example, it could bring down the system for everyone.

Another problem was what Xiao calls “Developer Ergonomics.” The NEXT.API server was a very complex piece of software with multiple moving parts. Scripts could not be tested locally. To test a script, the team had to upload it to a test site, run it, test it, and, if there were any problems, go through the whole process again after troubleshooting the issues. This process was slow and inconvenient and led to the current iteration of the Netflix framework, one in which scalability and availability, and developer productivity are taken into account.

While designing the new framework, it was established that, on the scalability/availability front, one of the goals was to achieve process isolation to avoid the problems the NEXT.API suffered from. It also required that the data access scripts and API servers were kept separate to reduce infrastructure costs. The designers also wanted to reduce the startup time and have immutable deployment artifacts, which would allow to reproduce the different builds.

As for developer productivity, most developers wanted to use the same language (preferably JavaScript) on the server and the client, and not deal with two distinct technologies. They also needed to be able to run tests locally, have faster incremental builds, and an environment that as closely mirrored the production as possible.

The new framework, called New Generation Data Access API, has moved all the data accessing APIs into separate apps running Node.js. Each app is now isolated running in a Docker container. The back-end services are now contained within a Java-based server the Netflix development team calls the Remote Service Layer. The RSL integrates all back-end services under one consistent API. Whenever developers want to deploy a new APIs, they push JavaScript to the server in the form of a Node.js container.

Overall, Netflix’s current combined Java/Node-based platform allows for a quicker and easier deployment, with fewer of the issues that plagued prior monolithic approaches.

Watch the complete presentation below:

https://www.youtube.com/watch?v=H_iK7jww_j8?list=PLfMzBWSH11xYaaHMalNKqcEurBH8LstB8

If you’re interested in speaking at or attending Node.js Interactive North America 2017 – happening October 4-6 in Vancouver, Canada – please subscribe to the Node.js community newsletter to keep abreast of dates and deadlines.

Amadeus: Redefining Travel Industry Tech Through Open Source and SDN

By
Libby Clark
-

Travel tech giant Amadeus has been moving toward a fully software-defined data center strategy over the past few years — one based on open source and software-defined networking (SDN).

Rashesh Jethi, SVP of Engineering at Amadeus, will speak at Open Networking Summit 2017, April 3-6, in Santa Clara, CA.
“We are actively leveraging software-defined networking in our existing data centers and all new infrastructure projects,” says Rashesh Jethi, SVP of Engineering and head of Research & Development for Amadeus in the North America and Latin America regions.

Jethi leads the teams responsible for developing and maintaining distribution software and airline passenger support systems at Amadeus — a multi-billion dollar technology company that connects and enables the entire travel industry – as well as travel — around the world.

On Tuesday, April 4 he will speak at Open Networking Summit in Santa Clara about how software-defined networking and data centers are redefining the travel industry and moving millions of people every day. Here, he discusses how Amadeus uses open source software and SDN, the best way for companies to get involved in the SDN revolution, and how networking affects adjacent industries such as IoT, cloud, and big data.

Want to learn more? Register now for Open Networking Summit 2017! Linux.com readers can use code LINUXRD5 for 5% off the attendee registration.

Linux.com:  Which open source networking projects does your organization use and contribute to? Why do you participate? How are you contributing?

Jethi: Amadeus primarily uses OpenStack. Other open source projects we use that indirectly contribute to SDN include Github, Jenkins, Ansible, Puppet, and Chef. Amadeus is an active member in the open source community and regularly contributes code to open source libraries.

Linux.com: What’s your advice to individuals and companies getting started in SDN?

Jethi: SDN should be viewed as a means to an end. What’s important is to first understand why you want to embrace SDN and how you will get the organizational buy-in and technical talent behind the project.

Talk to other individuals and companies who have gone through it. Don’t readily believe the hype from equipment manufacturers or the promised positive outcomes at large from the community. It’s important to set realistic goals and be pragmatic along the way!

Linux.com:  How can companies and individuals best participate in the ‘Open Revolution’ in networking?

Jethi: The best participation comes from three things: learning, contributing and getting started – even if in a small way – rather than endless debates and analysis.

Linux.com: How has networking had a profound impact on adjacent “hot” industries like Cloud, Big Data, IoT, Analytics, Security, Intelligence, and others?

Jethi: They are all very interconnected in some ways. The growth of hyperscale computing platforms – whether public clouds or private clouds – would not be possible without the enabling software-defined infrastructure provisioning, deployment, and automation capabilities. (The cost and complexity in legacy models is too high). The availability of these hyperscale computing platforms has, in turn, facilitated the development of data, analytics and IoT solutions.

How to Set Up External Service Discovery with Docker Swarm Mode and Træfik

By
John Kinsella
-

In my previous post, I showed how to use service discovery built into Docker Swarm Mode to allow containers to find other services in a cluster of hosts. This time, I’ll show you how to allow services outside the Swarm Mode cluster to discover services running in the cluster.

It turns out this isn’t as easy as it used to be. But first, allow me to talk about why one would want external service discovery, and why this has become more difficult to achieve.

Why External Service Discovery?

For most of us, we are not running 100 percent of our applications and services in containers. Maybe some are, but they’re running them in two or more Swarm Mode clusters. Perhaps a large group are constantly deploying and working on containers. In these situations, it can become trying to have to update configuration files or DNS entries every time a service is published or changes location.

What changed?

Those of us who use Docker heavily are familiar with Docker’s “move fast and break things” philosophy. While the “break” part happens less frequently than in Docker’s early days, rollouts of significant new features such as Swarm Mode can be accompanied by a requirement to retool how one uses Docker. With earlier versions of Docker, my company used a mixture of HashiCorp’s Consul as a key/value pair, along with Gilder Labs’ Registrator to detect and publish container-based service information into Consul. With this setup, Consul provided us DNS-based service discovery – both within and external to the Swarm (note: Swarm, not Swarm Mode) cluster.

While Docker 1.12 brought Swarm Mode and extreme ease of use to building a cluster of Docker hosts, Swarm Mode architecture is not really compatible with Registrator. There are some workarounds to get Registrator working on Swarm Mode, and after a good amount of experimentation I felt the effort didn’t justify the result.

Taking a step back, what’s wanted out of external service discovery? Basically, the ability to allow an application or person to easily and reliably access a published service, even as the service moves from host to host, or cluster to cluster (or across geographic areas, but we’ll cover that in a later post). The question I asked myself was “how can I combine Swarm Mode’s built-in service discovery with something else so I could perform name-based discovery outside the cluster?” One answer to this question would be to use a proxy that can do name-based HTTP routing, such as Træfik.

Using Træfik

For this tutorial, we’ll build up a swarm cluster using the same Vagrant setup from my previous post. I’ve added a new branch with some more exposed TCP ports for this post. To grab a copy, switch to the proper branch and start the cluster, follow below:

$ git clone https://github.com/jlk/docker-swarm-mode-vagrant.git

Cloning into 'docker-swarm-mode-vagrant'...

remote: Counting objects: 23, done.

remote: Total 23 (delta 0), reused 0 (delta 0), pack-reused 23

Unpacking objects: 100% (23/23), done.

$ cd docker-swarm-mode-vagrant/

$ git checkout -b traefik_proxy origin/traefik_proxy

$ vagrant up

If this is the first time you’re starting this cluster, this takes about 5 minutes to update and install packages as needed.

Next, let’s fire up a few WordPress containers – again, similar to the last post, but this time we’re going to launch two individual WordPress containers for different websites. While they both use the same database, you’ll notice in the docker-compose.yml file I specify different table prefixes for each site. Also in the YML you’ll see a definition for a Træfik container, and a Træfik network that’s shared with the two WordPress containers.

Let’s connect into the master node, check out the code from GitHub, switch to the appropriate branch, and then start the stack up:

$ vagrant ssh node-1

$ git clone http://github.com/jlk/traefiked-wordpress.git

$ cd traefiked-wordpress

$ docker stack deploy --compose-file docker-compose.yml  traefiked-wordpress

Finally, as this example has Træfik using hostname-based routing, you will need to create a mapping for beluga and humpback to an IP address in your hosts file. If you’re not familiar with how to do this, Rackspace has a good page covering how to do this for various operating systems. If you’re running this example locally, 127.0.0.1 should work for the IP address.

Once that’s set up, you should be able to browse to http://beluga or http://humpback in your browser, and see two separate WordPress setup pages. Also, you can hit http://beluga:8090 (or humpback, localhost, etc) and see the dashboard for Træfik.

NDVq3Jiai4T9CSvBqx3Kyt9wOa3K_p4mC0bAxyxB

jdBff81VuyDesgkYenpyCv0VdIoDEcYtnMYT_9QY

An Added Benefit, But with a Big Caveat

One of the things which drew me to Træfik is it comes with Let’s Encrypt built in. This allows free, automatic TLS certificate generation, authorization, and renewal. So, if beluga had a public DNS record, you could hit https://beluga.test.com and after a few seconds, have a valid, signed TLS certificate on the domain. Details for setting up Let’s Encrypt in Træfik can be found here.

One important caveat that I learned the hard way: When Træfik receives a signed certificate from Let’s Encrypt, it is stored in the container. Unless specified in the Træfik configuration, this file will be stored on ephemeral storage, being destroyed when the container is recreated. If that’s the case, each time the Træfik container is re-created and a proxied TLS site is accessed, it will send a new certificate signing request to Let’s Encrypt, and receive a newly signed certificate. If this happens often enough within a small period of time, Let’s Encrypt will stop signing requests from that top-level domain for 7 days. If this happens in production, you will be left scrambling. The important line you need to have in your traefik.toml is…

       storage = "/etc/traefik/acme.json"

…and then make sure /etc/traefik is a volume you mount in the container.

Now we understand external, DNS-based service discovery for Swarm Mode. In the final part of this series, we’ll add high availability and failover to this mixture.

Learn more about container networking at Open Networking Summit 2017. Linux.com readers can register now with code LINUXRD5 for 5% off the attendee registration.

John Kinsella has long been active in open source projects – first using Linux in 1992, recently as a member of the PMC and security team for Apache CloudStack, and now active in the container community. He enjoys mentoring and advising people in the information security and startup communities. At the beginning of 2016 he co-founded Layered Insight, a container security startup based in Silicon Valley where he is the CTO. His nearly 20-year professional background includes datacenter, security and network operations, software development, and consulting.

1...572573574...10,743Page 573 of 10,743