Office Hours for April 2020

Hear ye, hear ye! It’s almost the third Wednesday of the month, that means it’s time for Office Hours! Our monthly livestream where we have a panel of Kubernetes experts answer questions from the audience. We have two sessions for you this month! Feel free to hang out in #office-hours on slack.k8s.io and start queuing up your question or post it here. When the livecasts are done we’ll post the notes here!

EU Session

9am ET

West Coast US Session

9am PT

All expertise levels are welcome, and if you’re interested in more information or volunteering, check it out:

• https://git.k8s.io/community/events/office-hours.md

We are going live today in about an hour after this post!

EU Session Links

• https://github.com/tekliner/rabbitmq-operator
• https://github.com/indeedeng/rabbitmq-operator
• Run a Replicated Stateful Application - Kubernetes
• https://github.com/influxdata/telegraf/issues/6959#issuecomment-608318315
• https://relnotes.k8s.io/?markdown=balancer&releaseVersions=1.18.0
• https://stackoverflow.com/questions/61113732/how-to-reuse-k8s-validation-in-my-own-crd-controller
• https://engineering.dollarshaveclub.com/kubernetes-fixing-delayed-service-endpoint-updates-fd4d0a31852c
• https://github.com/kubernetes/kubernetes/blob/master/go.mod#L124
• Certificate Rotation - Kubernetes
• https://github.com/kubernetes/community/tree/master/sig-cluster-lifecycle
• https://github.com/kubernetes/kubernetes/issues/88553
• https://github.com/lensapp/lens

West Coast Session Links

Thanks to @samudrala for these notes!

1. Question:

   • Text : Rotating certs
   • Asker: Panel answering Quetions from previous session
   • Answer:
     https://github.com/kubernetes/website/pull/19351
     Ansible playbooks

2. Question:

   • Text:
     Do you have any suggestions on how to setup prometheus for cluster monitoring to keep it highly available? ie, would you put it in the same cluster, a separate cluster or an external vm?

   Do you have any resources on how to setup a “master” prometheus? I am not sure how to send from one prometheus to another.

   • Asker: Bre Gielissen
   • Answer: Prometheus inside cluster ( issues with memory clog)
     Send to another one outside cluster
     Open source projects - storage backend
     Helm chart installation
     prometheus docs
     telegraf + influx for kubernetes monitoring is also a good choice
     trickster- https://github.com/tricksterproxy/trickster
     https://prometheus.io/docs/prometheus/latest/federation/
     https://github.com/thanos-io/thanos
     https://www.instana.com/
     https://istio.io/docs/tasks/observability/kiali/

3. Question:

   • Text
   • How to use Kafka more efficiently with K8s?
     Was using sync communication with Kafka from Microservice, but when it hits the FD limit, Microservice goes into restart mode. We used async communication later, but what are other ways to use it more efficiently?
   • Asker: WarDaddy
   • Answer:
     -https://github.com/danielqsj/kafka_exporter and https://github.com/lightbend/kafka-lag-exporter
     https://stackoverflow.com/questions/33649192/how-do-i-set-ulimit-for-containers-in-kubernetes

4. Question:

   • Text
     What are folks doing for inventory / tracking if running many clusters with many nodes? Any slick inventory operators or ways to track clusters?
   • Asker: jimangel
   • Answer:
     https://infra.app/
     https://kubecost.com/
     https://github.com/kubectl-plus/kcf
     https://github.com/rchakode/kube-opex-analytics
     https://rancher.com/blog/2020/fleet-management-kubernetes/
     https://github.com/getsentry/sentry
     https://github.com/lensapp/lens

5. Question:

   • Text
     Hello… Is there a way to get notified if Kubernetes pod goes out of memory without using kubestate metrics? (Basically the OOM killed terminated reason)
   • Asker: Saloni
   • Answer:
     -https://www.amazon.com/Kubernetes-Best-Practices-Blueprints-Applications-ebook/dp/B081J62KLW

6. Question:

   • Text: What resources are people using to help developers and junior SREs get up the steep learning curve of K8s?Coming from a mix of backgrounds using ecs, docker-compose, heroku, terraform, puppet, and some bare metal. We have some passionate k8s advocates and some who don’t know where to begin.
   • Asker: Aaron Eaton
   • Answer:
   • https://www.katacoda.com/learn
   • https://kind.sigs.k8s.io/docs/user/quick-start/
   • Install Minikube - Kubernetes
   • https://github.com/kelseyhightower/kubernetes-the-hard-way
     https://azure.microsoft.com/en-in/resources/kubernetes-up-and-running/
     https://kubernetes.io/
     Training - Kubernetes
     https://training.linuxfoundation.org/training/kubernetes-for-developers/#outline
     https://www.edx.org/course/introduction-to-kubernetes
     https://www.edx.org/course/introduction-to-linux
     https://killer.sh/course/preview/e84d0e31-4fff-4c42-8afd-be1bdbc0d994
     https://github.com/dgkanatsios/CKAD-exercises/blob/master/a.core_concepts.md
     kubectl Cheat Sheet - Kubernetes
     https://learnk8s.io/troubleshooting-deployments
     https://learnk8s.io/academy
     https://kodekloud.com/
     https://kubernauts.de/en/training/kubernetes-training-course.html
     https://docs.google.com/presentation/d/13EQKZSQDounPC1I6EC4PmqaRmdCrpT3qswQJz9KRCyE/edit#slide=id.g33599df588_13_58
     https://collabnix.github.io/kubelabs/
     https://www.katacoda.com/courses/kubernetes/playground
     Pluralsight is free till 30th April
     https://eksworkshop.com/

7. Question:

   • Text: I am currently setting up a bash script to setup our dev/staging GKE cluster so we can shut them down at night and restart them on mornings at will, but Im wondering if there’s any solution that exists that would allow me to bundle up all the resources needed, the cluster, the dns, the various public help charts (mongo, redis, etc…) with custom config and our own applications (happens to be also in custom helm charts) rather than a custom bash script? I know AWS has something called CloudFormation that might have allowed me to do this but we are using GKE. If many tools exists, which one you recommend?

   • Asker: Christian Roy

   • Answer: Terraform ,flux, Argo CD
     https://github.com/cloudposse/terraform-aws-eks-cluster
     https://eksctl.io/

8. Question:

   • Text:earlier today, I was troubleshooting an issue and noticed that in a cluster there are deployment using pvc with a storage class local-storage and others with local-storage-local, however there is SC object when I do “get sc” that presents the storage class, how did that happen? also tried to check the node for annotation/labels related, there was one label localstorage=true but nothing corresponding in the deployment

   • Asker: Walid

   • Answer:

9. Question:

   • Text: we are running machine learning model in kubernetes pod.if my pod is reached 100% pod resources automatically restarted but need to make some delay 10 mits to restart.how we can do?
   • Asker: devopsdymyr
   • Answer : set resource limits
     Configure Quality of Service for Pods - Kubernetes
     maybe pod prestop can help

10. Question:

    • Text: Do you have any suggestions on how to organize the yaml files for kubernetes resources? Right now, our cluster was setup with a bunch of yaml files that were applied manually which is very difficult to track. Would you use helm charts heavily there or something like a gitops workflow?
    • Asker: Bre Gielissen
    • Answer : Helm charts, Kustomize
      https://cloudposse.com/change-management/
      https://github.com/roboll/helmfile
      https://www.openpolicyagent.org/docs/v0.12.2/kubernetes-admission-control/

11. Question:

    • Text: What’s the purpose of setting a CPU limit if the container might be allowed to exceed it and won’t be killed or is it just to override the Limit Range admission controller? How does k8s knows whether if it will allow or not, does it depends on the allocatable resources of the node?
    • Asker: Javier
    • Answer: Its a cgroup behavior
      -https://github.com/kubernetes-sigs/descheduler

12. Question:

    • Text:What’s the best persistent storage for on-premise workloads? I have tried rook-ceph and Longhorn. What are you guys using?
    • Asker: Jawiz
    • Answer: rook, minio, portworx, NFS, and investigating vsphere(VSan) CSI
    • as a database geek, I do local volumes when I’m performance-constrained (and rely on DB replication), and when I’m not I do Ceph/Rook

URL’s:

• CloudPosse:https://cloudposse.com/
• Rotating certs: https://github.com/kubernetes/website/pull/19351
• Prometheus:
  • https://prometheus.io/docs/prometheus/latest/federation/
  • https://github.com/thanos-io/thanos
  • https://medium.com/faun/comparing-thanos-to-victoriametrics-cluster-b193bea1683
  • https://github.com/tricksterproxy/trickster
  • https://www.instana.com/
  • https://istio.io/docs/tasks/observability/kiali/
• Kafka:
  • https://github.com/danielqsj/kafka_exporter
  • https://github.com/lightbend/kafka-lag-exporter
  • https://stackoverflow.com/questions/33649192/how-do-i-set-ulimit-for-containers-in-kubernetes

https://infra.app/
https://kubecost.com/
https://github.com/kubectl-plus/kcf
https://github.com/rchakode/kube-opex-analytics
https://rancher.com/blog/2020/fleet-management-kubernetes/
https://github.com/getsentry/sentry
https://github.com/lensapp/lens
https://www.amazon.com/Kubernetes-Best-Practices-Blueprints-Applications-ebook/dp/B081J62KLW