The Rise of the Kubernetes Managed Service
One of the key trends we have seen over the past few months is the move by most enterprises to considering a managed service for their container orchestration needs. A Managed Service enables customers to spin up their kubernetes clusters and pods within them in minutes, on any cloud of their choice. Be it Private (with VMware, OpenStack, Bare Metal etc) or Public (AWS, Azure, GCP et al), as opposed to the month’s long professional services efforts, needed to run a PaaS system at scale.
Kubernetes Provisioning Tools
While a bunch of tools is available to perform Day 1 operations on k8s – deploy & upgrade cluster deployments, the most popular ones include kubeadm, kops or Kubespray. Kubeadm enables the rapid setup & bootstrapping of a functional k8s cluster on top of an IaaS provider that has already provisioned the underlying servers. Kubeadm assumes that servers are provisioned, set up with an OS such as Ubuntu, Suse, Red Hat or a Unix variant and then it setups the Master node on one and Nodes on the others. It also supports the installations of popularly used tools in areas such as Prometheus, ELK, Jaeger et al.
etcd – The Hardest Part of the Kubernetes Puzzle
etcd is a distributed key, value store and is the storage layer for all k8s state and is the backbone of the kubernetes architecture. Containing all information on a kubernetes cluster – pods, nodes, workloads, Deployments etc. The lifecycle management of etcd is often counted as the most difficult aspect of setting up & managing a production quality kubernetes cluster.
Challenges range from installing etcd, creating and configuring certificates for client access, ensuring highly available etcd (sequencing members for install/upgrades etc), supporting scalability and recovery. Arun Sriraman & Daniel Lipovetsky at Platform9 envisioned a kubeadm-type tool that could abstract away the complexities of creating a secure etcd cluster from users. Their motivation was to create a tool that could provide availability and redundancy for etcd in production.
Etcd in Production
From a Day One operation standpoint the tool should automatically download the right binaries, setup the initial cluster configuration on each etcd node, setting and bringing up etcd. This is in addition to configuring the certificate authority and certificates for secure connections. [1]
From a “Day two” operations perspective, the caring/feeding and management of the etcd cluster are equally important. In the words of Arun and Dan – “We wanted to simplify scaling and disaster recovery so that the tedious work is done by the tool, rather than by the Kubernetes user. We designed etcdadm to make it easy to add or remove members from a cluster, and made sure that etcdadm helps you recover from quorum loss by easily creating a cluster from backup.”
To sum up, etcadm provides –
-
Quick and easy deploymentof a secure etcd cluster. While etcdadm does not automate cluster operation, it is pluggable so any cluster orchestrator can delegate the above tasks to etcdadm
-
The ability to recover from a loss of quorum. It does this by enabling the easy deployment of a cluster from an existing backup
-
Scaling operations– with easy addition or removal of nodes in an etcd cluster
- An ability to easily use it without a steep learning curve
- etcdadm canrun on any Linux distributionsuch as Ubuntu, CentOS, and Container Linux. It is supported on any private or public cloud when used as part ofPlatform9’s commercial offering, Platform9 Managed Kubernetes.
- Production Capable – Platform9’s customers already leverage it with the managed service
- Open Source and Extendable – It is exciting to announce that Platform9 is open-sourcingetcdadm, available under the Apache v2.0 licenseon GitHub.
Check out this short demo of the tool (courtesy Platform9):
Conceived & developed by Arun Sriraman and Dan Lipovetsky at Platform9 this project will now be developed by the open source community at large. My bet is that as this project evolves it will make it a snap to setup and perform ongoing operations on production grade etcd clusters.
References
[1] ” We’re open-sourcing etcdadm! Here’s what it means for Kubernetes in production” –https://platform9.com/blog/were-open-sourcing-etcdadm-heres-what-it-means-for-kubernetes-in-production/
[2] etcadm Git Repo –https://github.com/platform9/etcdadm