Containerization in clear language: data storage and security in Kubernetes, why Ansible is needed

What is the problem with databases and how do you take care of security in Kubernetes? How to get into Ansible? Read the answers to these and other questions in the continuation of the interview of Lex ITBoroda with the senior engineer of Southbridge Nikolai Mesropyan and the Slurma service station Marsel Ibraev.

Kubernetes? : Docker- .

, , . . kubernetes_ru ( Kubernetes) .

, Docker ? Docker ?

. , 12 , , , 2020 . , -.

«12 » — , stateless . - stateful , , . , stateless.

. Kubernetes ( , — ), : PersistentVolume, PersistentVolumeClaim, StorageClass — . , Kubernetes.

, . Kubernetes , (Pod): stateless stateful — . . , Kubernetes , , .

?

. , . .

- , Kubernetes ?

, - DBA, 1000 , : «, ! !».

, request/limit. Request/limit — , .

Request — . , , 200 . , . request 200.

limit — . , 512 , , - .

— ! , 1 , .

, ( , ) , — . Kubernetes , : , . , . , , . , .

4 , :

1. , ,
2. , ,
3. , ,
4. , .

, — , - . , SaaS , . , .

, — , . , ( ) : «, - Google Digital Ocean, , “using local SSD”, , - , OK».

- , ( Kubernetes) — , , . . SSD, SSD . , . , Kubernetes, , . .

, — , - . , - SSD. , , — Ceph. Ceph, , , : «, , , ». .

: 2 , 4 — , . : « Kubernetes?», , .

Kubernetes (charts) (Helm), ?

, . , , , .

, - . , . .

— yaml-, . (Pod), , , Deployment ( ), StatefulSet ( stateful-), DaemonSet, . Service — . Ingress — . PV/PVC — , .

, - . - , - . , image 2, 3. 2 3. , . , . , .

, kubectl based, , , kubectl. : «kubectl, , , ». . - ( ), kubectl . kubectl rollout undo, deployment, , . , ? - , ( Kustomize, json.net), — .

Helm, c rollout, , , - . . , , . , config -. , . « 1», . . — , « 2». . , - 9, , . : «, 8», .

, , , . , Helm . Chart.

stateful stateless . . , stateless : . - stateful ? Kubernetes? - ? ? ?

Kubernetes . . . CSI Driver, .

CSI Driver — , . Container Runtime Interface, Docker , , CRI , CSI , . , , . , , Ceph Kubernetes . , Kubernetes .

Kubernetes stateful ?

. , storage class. , . , , Kubernetes, . , , .

, ? https, -? , , , API Kubernetes ? ?

API ! .

? ?

, VPN, — - . API , . 2018 , , 9,8, . API, — , . 2019 . .

, API. , API , , TLS, . , API .

Kubernetes , .

?

, . — API. Kubernetes , , . iptables SSH , , . , . Kubernetes , . , - .

— . Kubernetes . Role Based Access Control RBAC . , : , — . , .

, Kubernetes namespace — . , Kubernetes, namespace: . , , - . CI/CD. , 2 . (Pod), master, , . , .

, . . Pod security policy, , , .

Kubernetes. , , . , namespace (endpoints), . Network policies. firewall . , , , , . .

, Kubernetes — . , ( GitLab, , Yandex.Cloud ). , , - : «! () ! !»

, Kubernetes . , limit ranges, resource quotas. , Kubernetes. , - . . : . , , — . , Kubernetes, Nomad. , : « 111 ? . !» , . , : « 10 , ».

Nomad. Kubernetes?

, , — Docker Swarm. Docker Swarm — Docker, . : swarm-, Docker Swarm.

Docker Swarm — , Kubernetes. , Kubernetes — , . Docker Swarm , : , Docker Swarm. , Kubernetes, , . , , , , . . — , , . , .

Kubernetes?

Linux: CentOS, Debian.

?

Windows. , , , .

, Kubernetes? , , - ? YAML, .

YAML, , … , , , Kubernetes . , , Kubernetes .

, , Linux ( Kubernetes Linux-, ) .

Kubernetes ?

, , , . , Kubernetes , .

«Kubernetes ». , , , : « Kubernetes, ». - .

Kubernetes , «12 ». , , . , , , Kubernetes, .

, , Kubernetes … , . .

, : Kubernetes Ansible?

Ansible — , , . Kubernetes — .

Ansible , Kubernetes, . Kubernetes - , Ansible .

, Kubernetes — Infrastructure as code (IaC), IaC - . ? , : - Kubernetes — — . Ansible Kubernetes, , .

Ansible ?

. ? , : , , - , . 2, 10 — . 20, 100, 1000. .

? 25 , …

Ansible , — «Pets vs Cattle». Pets — . , , . Cattle — . - , . , , . , .

!

, , . , . , , , , - , — .

Jenkins , , . - Ansible?

, . Ansible Chef, Puppet, SaltStack. Jenkins GitLab CI TeamCity. , .

, GitLab CI , Chef.

GitLab CI Ansible. . .

Ansible, ? - , ?

C . , , Ansible.

: pull push.

pull, , , daemon (), .

push — , ( ). , .

— SSH, FTP?

, SSH. Ansible push. , , .

pull, push ?

Push .

pull , , , API .

push SSH, - , , , .

push pull?

, footprint ().

, , . , Southbridge. , , . , - . , : « , , - !» — , : « !»

, pull-. . , - . push.

, . (Ruby, ) : , . - .

, , push , - ?

, Ansible ( , ).

Ansible , (playbook), . — . — .

— , (play).

, YAML. Ansible Python, YAML.

Ansible, , virtualenv, …

, , , Ansible : Linux.

?

. - , , Linux. Linux-, Windows- Mac OS. Mac, , .

Android, ?

- , .

, .

— . : , , tasks — , .

, Ansible , , , , . . task — - , . : ,

— …?

, command, .

?

, .

SSH ?

command — , .

, command systemctl start engine, service systemd, , , . .

, . , . , . .

, , …

.

REST API, .

!

Ansible ( ) . , . .

? . , , , - nginx, .

, . , Ansible Galaxy — - . . , GitHub, . , Ansible.

— , ?

, .

. ?

. ansible-playbook, , — . , ( Ansible , ), , .

Jinja2 ?

Jinja2 — . Jinja2 .

, , ?

. — , . , , .

, , , — - , ansible-play . - ?

, , .

Ansible . - . , . — . , .

« » (Infrastructure-as-Code, IaC). ? , , , .

?

. GitLab, GitHub — .

? ?

, . . - , merge request ( , ). : «, , » . : « , ».

, . job — lint. ansible-lint . , command "yum" "apt-get" install, : « yum apt». , .

, , . , , . , Molecule. ...

: ?

, , , Molecule Ansible .

, ?

.

, ?

. Ansible. . , job’.

, , ?

. Molecule - - … , , Selenium ( ), , , . , , Python .

, Ansible, ? , YAML, Python, - , -. , : Ansible?

. .

?

Python. , , , task, , «bashsible» , Ansible. -.

. Shell, , , .

Ansible, ?

.

C .

, , .

Ansible? ?

, , , . ( ) — Chef CFEngine. .

?

pull: , .

Ansible — , push ?

Ansible pull, . SaltStack push, . Ansible, , . , , Google Trends , Chef, Ansible, , Ansible . - . , .

, - , , Ansible?

Ansible . docs.ansible.com , , .

Ansible: Up and Running. , Ansible . , .

iamitbeard