Skip to content

Category: Containers and Kubernetes

The Illustrated Guide to Kubernetes

»The other day, my daughter sidled into my office, and asked me, “Dearest Father, whose knowledge is incomparable, what is Kubernetes?”

And I responded, “Kubernetes is an open source orchestration system for Docker containers. It handles scheduling onto nodes in a compute cluster and actively manages workloads to ensure that their state matches the users’ declared intentions. Using the concepts of “labels” and “pods”, it groups the container which make up an application into logical units for easy management and discovery.”

And my daughter said to me, “Huh?”

And so I give you…«

Video: https://www.youtube.com/watch?v=4ht22ReBjno

Comic: The Illustrated Guide to Kubernetes

Leave a Comment

Back from Kubecon

Right on the heels of the Openshift Commons and co-located with them, Kubecon 2017 happened at the BCC in Berlin. Supposedly 1500 people attended, which was straining BCC’s capacity to the limit, especially on the A-level. Room A03, which hosted the “Deep Dive track” was continuously overcrowded and could not accommodate all interested people.

Also, this was the most noisy event I have been attending in a long time, especially in the vendor booth setup in B01/B02. On the other hand, the hallway track was exceptionally useful, especially if one escaped out the door, weather permitting, or upstairs.

Quite a bit of content was a duplicate from the Openshift Commons Gathering preceding the Kubecon, but the inclusion of rkt and containerd as CNCF projects have been news and are very welcome.

Especially rkt will be useful, as Docker is not doing very many useful things in the context of Kubernetes and rkt kind of restricts itself to doing only these useful things and not having any other, less useful (in the K8s context) code.

At the CoreOS booth I learned that rkt is right now not yet a drop-in replacement for Docker, but may well be soon – work is being done, and quickly.

1 Comment

Back from Openshift Commons

So I have been to Berlin this week, for the Openshift Commons Gathering and Kubecon, and of course to meet a few Berliners.

Openshift is Redhats distribution of Google Kubernetes, plus their own enhancements. It is available on your own machines as Openshift Origin (the GPL version) or OCP (Open Container Project). Redhat also operates dedicated and public clouds based on this. The Openshift Commons Gathering is a meeting of the Openshift Users Community, Commons.

Commons was a nice and fine gathering in the basement level of the BCC, a single track event with a nice mix of users reporting back  their experience with Kubernetes and Openshift. In fact, Commons already had quite a bit of the content later duplicated in Kubecon, but in a smaller and less noisy setting.

Leave a Comment

Netways OSDC 2017: Something Openshift Kubernetes Containers

OSDC 2017 Registration
I will be speaking at the Netways Open Source Data Center Conference, which is in Berlin between May 16 and 18.

At work, we are currently busy loading our first two Kubernetes Clusters (Openshift actually) with workloads.

What exactly will be in the slides I do not know, yet, but it will be about our journey at Booking, the transition from automated baremetal provisioning of rather monolithic applications to a more containerized setup and the changes and challenges this brings. It will be very much a snapshot of the state of things at that point in time, and our learnings and perspective then.

Leave a Comment

Docker Image Vulnerability Research

federacy reports “24% of the latest Docker images have significant vulnerabilities“.

The Report underlines the importance of running your own image building service and your own local registry when deploying Docker and Kubernetes.

And that includes the base operating system images, because the test above focused on latest images of official docker images of base operating system images, and known vulnerabilities in it. It lists last years vulnerabilities still being present in current images.

Leave a Comment

BFQ is coming…

LWN reports that the 4.11 merge window opens. Among other things, Maik Zumstrull reminds us, we get

The multiqueue block layer finally has support for I/O scheduling. That is useful in its own right, but the real news is that it enables the merging of the long-awaited BFQ I/O scheduler. That, says block maintainer Jens Axboe, “should be ready for 4.12”.

Of course, if you are on a LTS release of a Linux kernel, it’s unlikely that you will profit from this any time soon.

Leave a Comment

Containers 101

It is helpful to remember that containers are just normal Unix processes with two special tricks.

Normal Unix Processes

Unix starts processes by performing a fork() system call to create a new child process. The child process still contains the same program as the parent process, so the parent processes program still has control over the child. It usually performs a number of operations within the context of the new child, preparing the environment for the new program, from within.

PID 17 forks, and creates a new process with PID 18. This process executes a copy of the original program.

Then, after the environment is complete, the parent program within the child processes context replaces itself by calling execve(). This system call unloads the current program in a process and reuses the process to load a new program into it.

Leave a Comment