Pod scheduling-2: Pod Affinity and Node Affinity

Here in this post we will be exploring in deep dive on the Node Affinity. Node Affinity is more capable alternative to node lables and selector on the Kubernetes cluster.

There are three types of affinities in Kubernetes

1. Node affinity
2. Pod affinity
3. Pod anti-affinity

Node Affinity meaning that the pod should only be scheduled on target nodes with specific lables, this is basically what the node selector does for example only schedule the db-pod on the size=large

Then, We have Pod affinity for dictates that the pod should only be scheduled on nodes where other specific pods are already running. For example cache pod  scheduled only on nodes where the webserver pods already running. In generic way we could say "Schedule Pod X  ' only on where ' Pod Y". Its like Indian girl marrying boy she stay with him! This way we can reduce the network latency between the two pods which need to communication(think about web pod connects with db pods).

Finally, the Pod anti-affinity it is like divorced pair where boy stays there girl wont stay! Pod X should not be scheduled on the same node where Pod Y running. This could be the need where you have two database processing pods don't want to run on the same node therefore you can use Pod anti-affinity to make sure that these database pods repel each other and hence they will get scheduled on two different nodes.

Let's checkout the sample of a node affinity to understand deeper

apiVersion: v1
kind: Pod
metadata:
  name: web-pod
spec:
  containers:
  - name: nginx-container
    image: nginx:alpine
  affinity:
    nodeAffinity:
	  requiredDuringSchedulingIgnoredDuringExecution:
	    nodeSelectorTerms:
		- matchExpressions:
		  - key: machine-type
		    operator: In
			values:
			- hicpu 
		  - key: disk-type
		    operator: In
			values:
			- solidstate 

The node Affinity comes with two options: 

• requiredDuringSchedulingIgnoredDuringExecution
• preferredDuringSchedulingIgnoredDuringExecution 

These names of fields are really lengthy :) But it make sense to easy to use them because they do that they spell out exactly!! Here the nodeSelectorTerms will be defining the requirements for the nodeAffinitiy, there can be more number of conditions to match. Node Affinity Example -2 Here we have variation in the nodeAffinity section.

apiVersion: v1
kind: Pod
metadata:
  name: web-pod
spec:
  containers:
  - name: nginx-container
    image: nginx:alpine
  affinity:
    nodeAffinity:
	  preferredDuringSchedulingIgnoredDuringExecution:
	    - weight: 2
		  preference:
	    	matchExpressions:
			- key: machine-type
			  operator: In
			  values:
			  - locpu 
		- weight: 1
		  preference:
	    	matchExpressions:		
			- key: disk-type
			  operator: In
			  values:
			  - harddisk 

In the above nodeAffinity will be look for what node have the higher weight preference given to schedule pod on it. Here the Kubernetes will schedule the pod onto node that have highest total weight on it. You might be wondered the Pod might be scheduled onto the node with no condition matched these labels because the nodeAffinity is preferred not required.

Experiment with changing the Preferred with Required

Understanding the Kubernetes Pods

Kubernetes pod 

The Kubernetes pod is going to represent a running process on the Kubernetes cluster.

It encapsulates an application container, storage resources, a unique network IP Address. Inside a pod, we can have one or more containers. The containers in a Pod are automatically co-located and co-scheduled on the same physical or virtual machine in the Kubernetes cluster.

A Multi container pod is going to be very tightly coupled inside. The containers share access to their memory space. They can be connected to each other using localhost. That is if a web application running on a container can be accessed in a busybox container running in the same pod. Containers in the pod can share storage(volumes) disk space as well.

What is a Pod in Kubernetes?

A pod is an atomic unit of scheduling in the Kubernetes ecosystem. Pods are ephemeral they live in a short time span.

On the master node, the different Controllers are running for monitoring and self-healing of the pods. Containers in different pods have distinct IP addresses. And if the pod regenerated every time new IP address will be assigned to the Pod.

What does a pod do?

K8s Pods represent the processes running on a cluster. By limiting pods to a single process, Kubernetes can report on the health of each process running in the cluster. 

Pods have:

• a unique IP address (which allows them to communicate with each other)
• persistent storage volumes (as required)
• configuration information that determines how a container should run.

Although most pods contain a single container, many will have a few containers that work closely together to execute the desired function

What are the benefits of a Pod?

=>When pods contain multiple containers, communications, and data sharing between them is simplified. Since all containers in a pod share the same network namespace, they can locate each other and communicate via localhost. Pods can communicate with each other by using another pods IP address or by referencing a resource that resides in another pod.

Pods can include containers that run when the pod is started, say to perform initiation required before the application containers run. Additionally, pods simplify scalability, enabling replica pods to be created and shut down automatically based on changes in demand

How does a pod work?

=>Pods are created by workload resources called controllers, which manage the rollout, replication, and health of pods in the cluster. For example, if a node in the cluster fails, a controller detects that the pods on that node are unresponsive and creates replacement pod(s) on other nodes.

The three most common types of controllers are:

• Jobs for batch-type jobs that are ephemeral, and will run a task to completion
• Deployments for applications that are stateless and persistent, such as web servers (HTTP servers)
• StatefulSets for applications that are both stateful and persistent such as databases

If a pod has multiple containers, they are all scheduled together on the same server in the cluster, whether VM or physical server. All containers in the pod share their resources and dependencies and can coordinate their execution and termination. For example, pods can contain ‘init’ containers that run before the application containers run, setting up the environment for the applications that follow.

Pods are almost always created by controllers which then can automatically manage the pod lifecycle, including replacing failed pods, replicating pods when necessary, and evicting the pod from cluster nodes when they are complete or no longer needed.

Controllers use information in a pod template to create the pods, and controllers ensure that running pods match the deployment defined in the pod template, for example by creating replicas to match the number defined in the deployment.

How do pods communicate with each other?

=>When a pod is created it is assigned its own unique IP address. If there are multiple containers within the pod, they can communicate with each other simply by using localhost. Communications outside of the pod is achieved by exposing a port. Communications between pods in a cluster takes advantage of the fact that Kubernetes assigns a cluster-private IP address to every pid in a cluster, eliminating the need to either explicitly create links between pods or to map container ports to host ports. In this way, every pod in a cluster can ‘see’ each other without the need for NAT

6)what are the basic kubectl commands used for pods?

1) get

2) create pods

3) delete pods

4) get pods

What are Pod lifecycle states?

The pod life cycle states will be represented with the docker action as shown:

Kubernetes Pod Life Cycle

=>pending

=>running

=>succeeded

=>failed

=>unknown

downloading=>     blocked=>          pending=>      starting=>         ready=>       failed

   (docker image) (docker create)    (created)     (docker start)    (container up)    (exited)

--------------------------------------------------------------------------------------------------------------------

Kubernetes multi-container pods

=>Sidecar containers "help" the main container (may be web application or database). 

For example, log or data change watchers, monitoring adapters, and so on. 

A log watcher, for example, can be built once by a different team and reused across different applications. 

Another example of a sidecar container is a file or data loader that generates data for the main container.

We can define a fresh pod-config in a YAML file sample file is given below:

#File: nginx-pod.yaml
apiVersion: v1
kind: pod
metadata:
  name: nginx-pod
  labels:
    app: nginx
    tier: dev
spec:
  container:
  -name: nginx-container
   image: nginx

Pod Create & Display commands 

1) To create a new pod we can use the kubectl create and then pass the pod definition YAML file. 

kubectl create -f nginx-pod.yaml 
  pod/nginx-pod created
  

Other options to Create a new pod with the nginx image using deployment or using run sub-command:

  kubectl create deployment mynginx -- image=nginx
  kubectl run nginx --image=nginx
  

2) How to check how many pods exists on the system?

To know how many pods running in the current default namespace. To check pod is RUNNING or failed  we can use the kubectl with  get sub-command on Kubernetes cluster running system to get pods status

kubectl get pods

* The READY column in the output indicates Running containers in Pod/Total containers in Pod. 3) To check IP address of the pod we can use the -o wide option

kubectl get pod -o wide 

4) To get the Pod definition in JSON or  YAML file we have to mention the output format as shown:

kubectl get pod nginx-pod -o yaml 

5) Display all details and events of a pod

kubectl describe pod nignx-pod 

6) Validating the pod network by pinging the container IP from the Kubernetes master node

ping 10.240.1.26 

7) To enter into the Pod/container we need to use exec sub-command like in docker we do. We can use sh or bash as per the image used for creation of container, following is the command to getting a shell to a RUNNING container

kubectl exec -it nginx-pod -- /bin/sh

8) To delete the pod use the delete sub-command

kubectl delete pod nginx-pod

9) We can use the get sub-command for many resources together only thing here we need to use comma to separate them. See the following command list one or more resources

kubectl get pods,deploy

10) Display detailed state of one single pod

kubectl describe pods [pod-name] 

11) To delete pod and services which have the label provided

kubectl delete pods,service -l name=[label-name]

When you delete the pod - wait till that termination completes. 12) To delete all pod resources from the default namespace

kubectl delete pods --all

13) Execute a command against a container in a pod.

kubectl exec [pod-name] date

14) If there are multiple container is running inside a Pod, we need to communicate or connect with single container the command is note (this command execute in master node)

kubectl exec [pod-name] -c [container-name] date 

15) The exec command with -i indicates interactive and -t indicates terminal for the container inside the container

kubectl1 exec -ti [pod-name] /bin/bash 

How to Look into the Pod logs

Kubernetes maintains a logger in the ecosystem. To accessing the Kubernetes pod logs  there are two log levels are available:

• Node-level
• Cluster-level

print the logs for a container in a pod
 

kubectl logs [pod-name] 

for example: using nginx pod logs.

Kubernetes DaemonSet (ds)

 Overview of DaemonSets

Kubernetes DaemonSet is one of the controllers which are at the Kubernetes Master node.

A DaemonSet ensures that all or some nodes run a Pod

As nodes are added to the Kubernetes cluster, Pods have added accordingly for each node as per the DaemonSet defined.

As nodes are removed or drained from the Kubernetes cluster, they are GC. Deleting a DaemonSet will clean up those Pods it created on each node

The DaemonSet Controller creating pods on each nodes

Where we can use this DaemonSet?

When a Kubernetes cluster running many microservices with multi-nodes there will be a need for Monitoring the system resources with collecting metrics and Logging should be enabled for the application level or database level to collect respective access and server-specific logs.

Some example daemon pods can be:

• Collectd, Node exporter -- Monitoring daemon on nodes for Prometheus
• Fluentd, logstash – log collection daemon for ELK, EFK stacks
• Ceph, glusterd – Storage daemon for Cloud storages 

Running your DaemonSet

First, check that how many nodes in the cluster and what are their status.

  kubectl get nodes

Creating DaemonSet

Defining the DaemonSet in YAML for fluentd Image.

 apiVersion: apps/v1
kind: DaemonSet
metadata:
    name: fluentd-ds
spec:
  selector:
    matchLabels:
      name: fluentd
  template:
    metadata:
      labels:
        name: fluentd
    spec:
      tolerations: # Tolerations
      - key: node-role.kubernetes.io/master
        effect: NoSchedule
      containers:
      - name: fluentd-con
        image: quay.io/fluentd_elasticsearch/fluentd:v2.5.2

 kubectl create -f fluentd-daemonset.yaml

List the pods with wide option

kubectl get po -o wide

Get the DaemonSet object

kubectl get daemonset -o wide

The output of the above command is:

ds

Observe that DaemonSet created pod ControlledBy line it will be under control of DaemonSet.

  kubectl describe ds
  

Describe the DaemonSet

Cleanup DaemonSet

   kubectl delete ds fluentd-ds
  

Confirm that DaemonSet is detleted by checking the list ds

 kubectl get ds

References:

  Flountd Docker Image

Kubernetes ReplicaSets - ReplicationController

We have seen the word 'replicas' in the Docker Swarm services definition time.

How to work with ReplicaSet?

  What does ReplicaSet do?

ReplicaSet will define the group of pods. You can tell how many replicas of pods for your application. The template section will define how many pods and their specification will be defined. Defining ReplicaSet allows you to deploy podand keep it alive as per configuration.

How to create ReplicaSet?

ReplicaSet relationship with Pod

        apiVersion: apps/v1
        kind: ReplicaSet
        metadata:
          name: my-tcat-rs
          labels:
            version: "3.0"
        spec:
          replicas: 2
          selector:
            matchLabels:
              project: MyWeb
              role: frontend
          template:
            metadata:
              labels:
                project: MyWeb
                role: frontend
                env: dev
        
            spec:
              containers:
              - name: mytomcat
                image: tomcat:latest
                resources:
                 requests:
                  cpu: 100m
                  memory: 256Mi
                ports:
                - containerPort: 8080       
	

Create the replicaset using the YAML manifestat file.

kubectl create -f replicasets.yml
  

2. Describe the ReplicaSet
In the spec, section is where the important things happen: we have defined a set of labels for the ReplicaSet, but we have also defined a pod template (in this case, with a single container) and specified that we want two pod instances of it (replicas: 2).

        kubectl -n vybhava describe rs
        # another option to see the replicaset
        kubectl -n vybhava describe replicaset my-tcat-rs
	

3. How to Scale the ReplicaSet?

a. Scale-up ReplicaSet

You can specify the increased number for replicas configuration

        kubectl -n vybhava scale --replicas=6 rs my-tcat-rs
        kubectl -n vybhava get all
	

b. Scale down ReplicaSet

You cna brought down the replicas to 0 as well.

        kubectl -n vybhava scale --replicas=0 rs my-tcat-rs
        kubectl -n vybhava get all
	

4. Print wide output of the ReplicaSet

The regular kubectl command with get sub-command using -o wide option will give more details this we can use with alias name rs as well.

kubectl get rs -o wide or
  kubectl get replicasets -o wide 

Kubernetes replicaset listing with wide output

5. Delete the ReplicaSet

Deleting the ReplicaSet using 'delete' sub-command provide the name of the replicaset.

kubectl -n vybhava delete rs my-tcat-rs
kubectl -n vybhava get rs   
	

6.   

6. How to get the ReplicaSets output to YAML or JSON format?

Hope you guys enjoyed this simple story about ReplicaSet commands and their outputs. Note that The Kubernetes docs explicitly suggest using a deployment rather than a ReplicaSet directly.

References

1. ReplicaSets Official Docs  

Kubernetes (K8s) StatefulSet (sts)

Greetings of the day dear Orchestrator!! In this post, we will discuss exploring the Kubernetes StatefulSet(sts) 

What is the purpose of Stateful deployment?

Kubernetes' basic unit is Pod, which will be ephemeral in nature and it was designed in such a way that it cannot store the state. To store and maintain the state of the application, Kubernetes introduced a new type of deployment manifestation called it as StatefulSet.

Here in this post, we will be experimenting with the most important deployment model that is StatefulSet which will be interconnected with the multiple storage related objects PersistantVolume(PV) and PersistentVolumeClaim (PVC).   

Assumptions

To work on this experiment you must have Kubernetes cluster running on single node or multi-node and it should have a NFS remote storage access that depends on your platform. Here I've EC2 instance having  NFS service configured and run:

• Kubernetes Cluster configured and Up
• Prepare a NFS server up and running on EC2 centos instance

Let's define the couple of PV(4) using the NFS server which will be consumed by the PVC. The Stateful deployment is going to have the Pod and PVC template manifestation.

Creating a YAML file for pvc :

apiVersion: v1
kind: PersistentVolume
metadata:
  name: nfs-pv0
spec:
  storageClassName: manual
  capacity:
    storage: 200Mi
  volumeMode: Filesystem
  accessModes:
    - ReadWriteOnce
  mountOptions:
    - hard
    - nfsvers=4.1
  nfs:
    path: /export/volume/pv0
    server: 172.31.46.253
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: nfs-pv1
spec:
  storageClassName: manual
  capacity:
    storage: 200Mi
  volumeMode: Filesystem
  accessModes:
    - ReadWriteOnce
  mountOptions:
    - hard
    - nfsvers=4.1
  nfs:
    path: /export/volume/pv1
    server: 172.31.46.253
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: nfs-pv2
spec:
  storageClassName: manual
  capacity:
    storage: 200Mi
  volumeMode: Filesystem
  accessModes:
    - ReadWriteOnce
  mountOptions:
    - hard
    - nfsvers=4.1
  nfs:
    path: /export/volume/pv2
    server: 172.31.46.253
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: nfs-pv3
spec:
  storageClassName: manual
  capacity:
    storage: 200Mi
  volumeMode: Filesystem
  accessModes:
    - ReadWriteOnce
  mountOptions:
    - hard
    - nfsvers=4.1
  nfs:
    path: /export/volume/pv3
    server: 172.31.46.253

Now, use the following command to create the PVC:

Syntax :
kubectl create -f nfs-pv.yaml

Output :



Checking the PVC are created or not with the simple ls command :

Syntax :

ls

Output :

Using another YAML file for creating PV files :

---
apiVersion: v1
kind: Service
metadata:
  name: nginx
  labels:
    app: nginx
spec:
  ports:
  - port: 80
    name: web
  clusterIP: None
  selector:
    app: nginx
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: web-sts
spec:
  serviceName: "nginx"
  replicas: 4
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: gcr.io/google_containers/nginx-slim:0.8
        ports:
        - containerPort: 80
          name: web-sts
        volumeMounts:
        - name: www
          mountPath: /usr/share/nginx/html
  volumeClaimTemplates:
  - metadata:
      name: www
    spec:
      storageClassName: manual
      accessModes:
        - ReadWriteOnce
      resources:
        requests:
          storage: 100Mi 

Now, use the following command to create the PV:

Syntax:

kubectl create -f web-sts.yaml

Output :

Checking the PV are created or not with the following command :

Syntax :

kubectl get pv 

Output :

Ready to use Statefulsets now, you can watch all the running terms at one place by using the below command :
Syntax :

watch kubectl get all

Output :