Asking for help? Comment out what you need so we can get more information to help you!
Cluster information:
Google Cloud Kubernetes
A devops person setup a workload in Google CLoud Platform and I’m pretty ignorant of how all this stuff works. Most I understand is there is a workload, a yaml file, and pods that have to exist to allow the application to run. It’s a web application and I know how to do IP safe-listing in the ngnix part of Google to access the application.
Where I’m stumped here is the vendor is requesting just automatically update the pods anytime they do an update from Dockerhub repository.
So in GCP Kubernetes I see it connects to Dockerhub using a credential.
What I’m not sure on is besides running these two commands, how can I get them to just auto-update?
kubectl scale deployment WebApp --replicas=0 -n WebApp
kubectl scale deployment WebApp --replicas=2 -n WebApp
The vendor said it’s fine to not worry about a bad build in the super rare even that might happen, given the nature and low severity of the application.
You have 2 main choices. The better choice is to use immutable labels on your images (i.e. not “latest”). Then you update your Deployment to use the new label. It will do a rolling update of the pods. The less ideal choice is to use the same label and either scale-to-zero and back (as you did) or change a label or something in the Deployment to trigger an update (make sure you set PullPolicy to “Always”).
@thockin
Thank you for taking time to reply. So for the new label name approach, that means anytime on Docker Hub they update the image, I still need to go manually trigger an update on the Kubernetes side? Or you mean I configure the workload to use :latest and tell the vendor to simply give new images a new name and it will automatically update on the Kubernetes side?
What if I created some type of scheduled task that ran the commands like each night instead?
Do you REALLY want your deployments updating without a human in the loop? If so (scary!) then yeah, you need something to tell k8s to start a redeployment, either a build-time trigger or periodic or something
That’s the funny thing. I’m typical IT and keep thing simple so this is a new world for me. Can imagine my confusion when I’m told to do this by a Docker enthusiast, and then advised not to by my fellow advisors on the Kubernetes forums. So I’m not sure what I want because I don’t know if this is normal or not.
Not sure if an image build is something that typically happens every day, or every month or what – out there in DevOps/containerization land.
Well, as someone concerned with reproducibility, mutable labels scare me. As someone who is also lazy, I occasionally use them myself, but a) I know exactly how it can go wrong (having had mysql eat itself) and b) I know my use-cases are not critical (mysql was down for 3 weeks before I noticed).
There is no “normal”, there are only your own requirements. If you want unattended upgrades to :latest, you should be able to set imagePullPolicy: Always
and do daily kubectl rollout restart...
. But when it breaks, there’s no rollback
Thanks Yeah my understanding with this particular application is that rollback isn’t even really a thing/option, because the latest image – whatever they’re pushing out – contains essential necessary stuff and up to date information… or something like that.
So I believe, if that is the case and it’s bad, they just simple have to update their image AGAIN to fix whatever broke, and we let Kubernetes just pick it up AGAIN – right?
Or you’re saying it could potentially “break” Kubernetes, putting me in a bad situation?
Nah, you won’t break Kubernetes, just the app.
Thanks and this is the only Kubernetes thing in our environment. We have dozens of other things but they run in full VMs or are externally hosted SaaS Apps. I don’t want that to deter me from learning more about how this really
Works though since I know it’s the future. Can you recommend like an idiots guide to all of this stuff?
A “don’t ask a fish about water” type of take on learning this for a beginner who’s more Ops side not a developer?