Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
If you're questioning why you need it, you probably don't.
Simply put, it's a container orchestration system for managing clusters of containers for scalability and reliability purposes. You don't just want to spin up a single docker node and rely on it in prod for obvious reasons, so K8s gives you a single point to manage however many nodes you want.
If you're just using it for testing or Dev purposes though - almost certainly not needed. -
Ganzalf1904y@AlmondSauce thanks for the short and concise answer! I'm being "forced" to use it. I'm no devops but I'm still required to fiddle with it a bit. Stupid question: how does it compare to Docker Compose, which Im most used to?
-
Apples and oranges. Docker compose is really just a helper utility for starting and configuring a predefined bunch of containers on a single machine.
Kubernetes is instead used for running containers across *multiple* nodes, and managing that in production with all the bells and whistles you expect (rolling upgrades with no downtime, auto scaling, detection of bad nodes, etc.) If you've ever used docker swarm, it's much more comparable to that. -
Ganzalf1904y@AlmondSauce awesome, thanks for clarification! I definitely need to investigate Kubernetes a little bit better.
-
@AlmondSauce I agree to a certain point.
Just some more gotchas.
Docker Compose versioning:
V3 -> meant for Docker Swarm
V2 -> meant for Docker
https://docs.docker.com/compose/...
Docker Swarm is "Kubernetes thin"
It has the basic capabilities of managing a "swarm" of docker engines and thus acts as a resource pool for containers.
Resource pool meaning that a DNS name identifies a service, but hidden behind the DNS name for the service is the docker swarm manager. It manages on which docker engine (e.g. a docker server) one or more (scaling) docker containers provide the service - assigning the docker server based on the resources you allocate. (not fully correct, but enough to get the right idea).
You've now hidden all the dirty laundry of resource/container management behind the DNS name.
Kubernetes has the same idea - hide the dirty laundry. It just has another approach and far more capabilities.
Look here first...
https://kubernetes.io/docs/...
Kubernetes approach is to not only hide and scale - it's abstraction adds high availability, uniform API -/ configuration, distributed storage and a few other things...
In short: It's on steroids - it's not just about scaling the workload of an application based on containers, but about scaling and managing the management, too ;) -
@IntrusionCM Oh, completely agree with all of that. I was just trying to keep it a tad simple 👍
-
@AlmondSauce Yeah. My gotchas were only regarding v2 / v3.
Rest was a basic explanation.
I was .... Extremely confused when I first stumbled upon v2/v3... Till I found out that v2 is what you should use for simple container on a host vs v3 for containers in swarm.
Resource management is entirely different in v2 vs v3 because of that... :)
And yeah... It took a while to understand that based on the documentation 🙄😁 -
@Ganzalf Yes... Depth of information completely annihilates the structure and hierarchy. Jesus Christ.
Great that I can read a page in 3 mins.
But If I have to read dozens of pages to find the missing link between the several pages it sucks. -
codecrow2174yIm an android dev but I hired a guy to help me setup K8s on a personal project. And I just watched him work off of my machine. It's waaaayyy more efficient than any tutorial. He's helped me with best practices and any errors I have and how to integrate k8s with CICD. The whole process is pretty easy to follow but the initial setup is just annoying. But I know basic deployment commands and how to debug issues. Plus it's better to put env variables in kube secrets rather than bitbucket pipelines and docker.
-
codecrow2174yBtw, the first guy I hired didn't use values. So we made duplicate files for each environment. Which is just plain inefficient.
-
@codecrow
https://docs.docker.com/engine/...
Secret storage exists in Docker Swarm, too.
But good job at the admin. :)
A generic pipeline ensures sanity, you don't overburden yourself with maintenance 👍 -
The important question for me would be: if k8s is no longer a useful choice in 2021, then what are the alternatives?
-
codecrow2174y@IntrusionCM I'm not familiar with docker swarm. My issue was docker env variables are readable if someone gets a hold of the docker image. Is docker swarm more secure?
-
@telephantasm why is k8s no longer a useful choice Oo
@codecrow the question is kind a conundrum...
Docker Swarm isn't per se more secure. But it adds management / orchestrating of several docker engines and thus allows distribution via "docker secrets".
Security is important, but regarding environment it's a bit more complex imho.
Docker secrets use TLs afaik and store it in an encrypted file, Kubernetes is Base64 plain text I think.
Environment data doesn't appear magical, it's read ""somewhere"", stored ""somewhere"" and transmitted to the container and stored there usually.
My point is: If the server used to e.g. add environment data to docker secrets is compromised and someone reads the bash history, then all the security is for nuts.
If someone posts the database password stored as a secret in eg. Slack or another messenger cause it's easy... Well. Secrets won't help ;)
I think you get the gist. Secrets are a valid tool to increase security and prevent storing all kinds of sensible data in the environment / pod definition - but that's just useful if security is in general respected and "properly executed". -
@telephantasm ?! How about a whole sentence so no one has to guess what you could mean?
-
@IntrusionCM
"@telephantasm why is k8s no longer a useful choice oO"
Unnecessary* == maybe "useful" is not the word, so let's go with "unnecessary"
I replied to YOU, so no one has to "guess". Now, have an answer?
Related Rants
Fucking Kubernetes tutorials on youtube. I still have no clue on why. I just get the how.
Fucking explain why we need it in the first place!
rant
random thoughts