Using different tools (kubent for example) I see that I have deprecated API in my cluster. For example
Type: Ingress Name: kibana API: networking.k8s.io/v1beta1
But when I open Ingress itself, I can see this:
apiVersion: networking.k8s.io/v1
kind: Ingress
managedFields:
- manager: Go-http-client
operation: Update
apiVersion: networking.k8s.io/v1beta1
So, it shows that API of my Ingress is actually "v1", not "beta". But "managedFields" section indeed has "v1beta1" API. According to official documentation, this is server side API that should not be edited by user.
So, my question is - should/can I do anything with deprecated API in this "managedField"? Will there be any issues during upgrade to next k8s version? Because currently my GCP console shows that there will be problems.
There will be no issue while upgrading your Kubernetes cluster to the latest version even if you have deprecated API version in the managed field in the ingress configuration. The reason why you still see versions “/v1beta1” in the UI is because there are different parts of GKE that rely on both versions(v1 and v1beta1).
Between the two Kubernetes versions 1.19 and 1.21, both endpoints networking.k8s.io/v1 and extensions/v1beta1 are supported. They are functionally identical, and it is down to the given UI's preference for which version is displayed. So it won’t affect the functionality of your Ingress. As said, GKE clusters were created on versions 1.22 and later stopped supporting extensions/v1beta1 and networking.k8s.io/v1beta1 Ingress.
A detection of deprecated K8S APIs by 'kubent' tool can be performed in various modes:
kubectl
helm2
helm3
manifest file
According the official documentation, the 'kubectl' mode ('-c=true') uses the following field to scan deperecated API on live cluster resources:
kubectl.kubernetes.io/last-applied-configuration - that's one of the reasons you probably see it as deprecated
Related
I have a Kafka cluster that is running on K8S. I am using the confluent kafka image as and I have an EXTERNAL listeners that is working.
How can I add SSL encryption? Should I use an ingress? Where can I find good documentation?
Thank you
You have a manual way in this gist, which does not use the confluent image.
But for Confluent and its Helm chart (see "Confluent Operator: Getting Started with Apache Kafka and Kubernetes" from Rohit Bakhshi), you can follow:
"Encryption, authentication and external access for Confluent Kafka on Kubernetes" from Ryan Morris
Out of the box, the helm chart doesn’t support SSL configurations for encryption and authentication, or exposing the platform for access from outside the Kubernetes cluster.
To implement these requirements, there are a few modifications to the installation needed.
In summary, they are:
Generate some private keys/certificates for brokers and clients
Create Kubernetes Secrets to provide them within your cluster
Update the broker StatefulSet with your Secrets and SSL configuration
Expose each broker pod via an external service
I recommend using Strimzi kafka operator to deploy Kafka to Kubernetes. I'm using it in production for a year now.
It supports SSL, external load balancers, kafka exporter, etc
Strimzi Kafka Operator
I want deploy a s3 compatible blob storage in my Kubernetes Cluster. I already use GlusterFS for volumes like mongodb, and I tried to set up minio with the helm chart https://github.com/helm/charts/tree/master/stable/minio. I just realize I can't scale up minio easily because of erasure code.
So I have some questions about blob storage solutions :
Is GlusterFS blob storage service stable and reliable (https://github.com/gluster/gluster-kubernetes/tree/master/docs/examples/gluster-s3-storage-template) ?
Do I must use OpenShift to deploy GlusterFS blob storage as I read in the web ? I think no because I can see simple Kubernetes manifests in the GlusterFS repo like this one : https://github.com/gluster/gluster-kubernetes/blob/master/deploy/kube-templates/gluster-s3-template.yaml.
Is it easy to use Minio federation in Kubernetes ? Is it easily scalable with a "helm upgrade --set replicas=X" or do I need manually upgrade minio configuration ?
As you can see, I feel lost with this s3 storage. So if you have more information/solutions, do not hesitate.
Thanks in advance !
About reliability you should read more about user experience like:
An end user review of GlusterFS
Community Survey Feedback, 2019
Why openshift with glusterFS:
For standalone Red Hat Gluster Storage, there is no component installation required to use it with OpenShift Container Platform. OpenShift Container Platform comes with a built-in GlusterFS volume driver, allowing it to make use of existing volumes on existing clusters but Red Hat Gluster Storage is a commercial storage software product, based on Gluster.
How to deploy it in AWS
For minio please follow official docs:
ConfigMap allows injecting containers with configuration data even while a Helm release is deployed.
To update your MinIO server configuration while it is deployed in a release, you need to
Check all the configurable values in the MinIO chart using helm inspect values stable/minio.
Override the minio_server_config settings in a YAML formatted file, and then pass that file like this helm upgrade -f config.yaml stable/minio.
Restart the MinIO server(s) for the changes to take effect
I didn't try but, but as per documentation:
For federation I can see additional environment variables in the values.yaml.
In addition you should Run MinIO in federated mode Federation Quickstart Guide
Here you can find differences between google and amazon s3 sotrage
or Cloud Storage interoperability from gcloud perspective.
Hope this help.
I was planning on installing Istio on my new AKS cluster. However, in the prerequisites for Istio, it is mentioned that K8S cluster should have RBAC enabled. However, I read that AKS ( preview ) doesn't have it enabled. Is this true? Is there an option for me to try Istio on AKS.
AKS is GA and looks like RBAC is available now,
https://azure.microsoft.com/en-us/blog/azure-kubernetes-service-aks-ga-new-regions-new-features-new-productivity/
In fact RBAC is not available in Azure AKS currently. According to this GitHub issue it is on the roadmap for Q1 2018.
In Azure you can use ACS which is an older version of AKS, but with control over Kubernetes master or acs-engine where you have full control over Kubernetes cluster.
AKS now enables RBAC by default.
There are also docs on how to install Istio:
https://learn.microsoft.com/en-us/azure/aks/istio-install
We are doing POC for service mesh on our AKS cluster using istio. I have found a very good guide to install istio with all its components on AKS cluster and it does not require any RBAC on AKS. Infact this guide is cloud agnostic. I am not sure if it production graded ready but working like a charm till now. Just apply first 3 files and 4th one optional. The name might be little confusing for you. But its working on AKS very well. Hope that worsk for you.
Istio Installation Files
kubectl apply -f 1-istio-init.yaml 2-istio-minikube.yaml 3-kiali-secret.yaml
I am using Kafka Version 0.10.2.0. Is there a way to secure communication between Zookeper Client i.e ZkClient and zookeper server with SSL. I found some way to do through SASL but i want it through SSL.
Zookeeper 3.5 includes SSL support but it is still in alpha so Kafka doesn't yet support it. The highest supported version is 3.4 which only includes sasl.
Ref: https://issues.apache.org/jira/browse/ZOOKEEPER-1000
This task can still be achieved by a simple workaround mentioned in the steps below;
Install zookeeper-3.5.1-alpha (to use the .jar files. version 3.5+ can be used)
Replace default zookeeper*.jar with /zookeeper-3.5.1-alpha/zookeeper-3.5.1-alpha.jar in <kafka-installation-folder>\libs
Copy /zookeeper-3.5.1-alpha/lib/netty-3.7.0.Final.jar into <kafka-installation-folder>\libs
Relevant changes to enable SSL on Zookeeper (https://cwiki-test.apache.org/confluence/display/ZOOKEEPER/ZooKeeper+SSL+User+Guide)
What are the prerequisite steps to be done, apart from starting the service of Heapster, before I use Heapster API to retrieve the metrics related Kubernetes ? Thanks.