Kubernetes

Kubernetes simplified applications management a lot and this also applies to databases like MySQL/MariaDB, but lot of DevOps forget to apply traditional maintenance and optimization which is still necessary unless you are using some operator capable of doing so. The optimization method that will be described here applies just to single and master-slave replicated MySQL/MariaDB instances. If you run some clustered version like Galera , you probably have to find another way because of possible consistence and performance problems during the eventual optimization. This method would still work but you may have unpredictable consequences.

If you know the concept of Persistent Volumes in Kubernetes, then you also know three of the supported access modes: ReadWriteOnce, ReadOnlyMany or ReadWriteMany. The first mode allows a volume to be mounted just once, meaning it is usually already used by some pod and it is possible to access it just through this pod. The other two types can be mounted multiple times, meaning multiple pods can access the same data. In case of ReadOnlyMany all pods can just read the data, but in case of ReadWriteMany all pods can read and write data. In this article we are going to focus to these volumes that we can mount multiple times.

Two years ago I developed an image to auto-recompile and auto-restart Go application, named go-reflex , but it was intented to be used by docker-compose. Today I gave it a try with Kubernetes, namely with kind (Kubernetes in Docker) and it turned out it works like a charm. In this article I will describe how to set this up and save your time for something creative (i.e. beer drinking).

Learn how to setup Traefik 2.2 on Kubernetes and how to automatically get TLS wildcard certificates.

Traefik is a modern Web server made in the cloud era so it’s authors define it as a Cloud Native edge router. It is written in Go and it’s maybe not as fast as nginx or HAProxy, but it is fast enough and in the same time it has great features not present in traditional Web servers. These features include automatic care of TLS certificates, nice control panel, support for Docker stacks and Kubernetes, etc.

So, what is the Traefik middleware, anyways? It is a piece of code which is triggered just before the Ingress itself. Here you can find the full list of available directives that you can use to create your middleware. In this article we are going to define two middlewares, one to redirect www.example.io to example.io, so that we make SEO happy and another one for basic authentication. Here is how this would look like using helmfile declaration:

You may wonder what the heck is helmfile ? Well, I would say what is docker-compose to Docker, this is helmfile to Helm . Basically, it allows us to install the whole stack of applications to our Kubernetes cluster in a declarative way.

And you may also wonder why is cert-manager so special? I would say cert-manager itself is not that special Helm chart, but it contains CRD ’s which may be installed either by using value installCRDs=true or by installing them using kubectl apply before you install the chart.

According to Wikipedia , Network File System (NFS) is a distributed file system protocol originally developed by Sun Microsystems (Sun) in 1984, allowing a user on a client computer to access files over a computer network much like local storage is accessed.

Even though this idea is 35 years old, it is still very useful in your Kubernetes cluster, specially if you need ReadWriteMany storage class. If you are interrested about this, you are probably wondering how to achieve this?

Few months ago I wrote an article about replacing Minikube with MicroK8s , but now we have even better soluion, kind . Like dind allows running Docker inside Docker containers, kind allows running Kubernetes inside Docker containers. kind basically abstracts nodes as Docker containers and then runs Kubernetes inside.

After you install Golang , it is quite easy to install and setup kind:

GO111MODULE="on" go get sigs.k8s.io/kind@v0.5.1
kind create cluster

After some 30 seconds your single node cluster will be ready for development and testing. But that’s not all, kind allows much complex setup, for example three node cluster with one master and two workers. Let’s first create declarative object:

Scaleway , a French company based in Paris, owned by Illiad telecommunication provider, just announced public availability of their managed Kubernetes solution called Kapsule . Scaleway has 5 data centers, 4 in France and 1 in Netherlands, but at the moment Kapsule (public beta version) is available just in the datacenter in Paris. DigitalOcean just got competition, so we can compare the pricing schemes in the later text.

Kapsule service includes block storage (PersistentVolumeClaim), pool autoscaling, control-plane’s upgrade, S3 compatible object storage and container registry with free bandwidth. You won’t pay any special fee for Kapsule, you pay just for instances, load balancers and block storage (free for early access).

As a prerequisite to complete the following step, you need to install Go first. Now let’s install hcloud command line utility :

export PATH=~/go/bin:/usr/local/go/bin:$PATH
go get -u github.com/hetznercloud/cli/cmd/hcloud

In order to be able to connect to your Hetzner Cloud account using hcloud command, you will need to get your API key on their web console and export it:

Minikube is very popular and the most known Kubernetes version for local software development. It runs inside a virtual machine like VirtualBox and allows developers to run Kubernetes applications locally. As Docker runs natively just on Linux, you may wonder why do we need virtual machine on Linux? Well, not anymore.

Mac users have no other way of running Docker except in a virtual machine, hidden or visible. However, Linux users should be able to run Docker and Kubernetes over it just on the bare metal. Minikube has possibility to run on Linux without a virtual machine, but as it installs locally in that case, different configuration files get spread over the host system and this is pretty much messy, actually not much different than installing Kubernetes using kubeadm . Fortunatelly, MicroK8s comes as help.

Helm is a great tool to deploy popular services and applications to your Kubernetes cluster, but from the moment I started using it I had a feeling that something is missing. You could easily configure and install whatever, but each chart that you use is a separate unit and there is no code containing all resources. This practically means in case of disaster it was still not easy to recreate the cluster, at least not in a quick time frame. Another contra is that in order to pin exact image versions, you would have to edit each values file every time you want to upgrade something.

Few days ago, DigitalOcean announced PostgreSQL DBaaS , which is really nice, but even better, they promised soon availability of MySQL and Redis managed services. While we are waiting for this, I will describe in this article how to backup your Kubernetes MySQL database to Spaces , DigitalOcean’s S3 compatible storage.

In my case, MySQL database, actually MariaDB is running as a cluster service on my Kubernetes cluster. First you have to create your Spaces storage and you should get an endpoint similar to this one https://mybucket.ams3.digitaloceanspaces.com . Next, under menu API, on the left hand side menu, you should create your Spaces keys. These values are needed to configure the backup cronjob.