Baremetal Kubernetes Cluster - Final Thoughts
This is the conclusion of a series on creating a Kubernetes cluster. In the previous post, we deployed an application to the Kubernetes (k8s) cluster and saw everything working end-to-end.
I hope you enjoyed your journey with me and learned a lot along the way. It's been fun and challenging to create this series, and I have to say I am happy to have my cluster back up and running. I hope you find many things to host on your shiny new k8s cluster.
Now, all that remains is to highlight a few areas to explore from here.
We did not address
SSL/TLS for accessing our Services. It is possible to configure a Service to use SSL certificates. The Kubernetes docs have a section on securing your services to get you started. Another option, which is what I do, is to put an nginx reverse proxy in front of your k8s cluster and proxy certain requests to your
nginx-ingress external IP. This has a few benefits. It keeps your Services only concerned with their application. It allows you to forward other
HTTP(S) requests to hosts outside of k8s. It allows you to setup a wildcard cert once for your domain, then define multiple Ingresses with subdomains that all get securely tunneled without additional configuration. Of course, the drawback to this approach is you have to configure and maintain nginx yourself, which isn't necessarily a bad thing. Maybe I'll write a future post on how I do this.
We did not discuss upgrading your deployed services. From my experience, this is as simple as deleting the current Pod and letting k8s deploy another instance. You can also scale your replicas down to zero, then back to your desired number. If you didn't specify a version in your Deployment, it will download the latest version when creating new Pods.
We did not cover
namespaces. Namespaces are just a way to separate objects in k8s. The convenient thing is that you can delete a namespace and everything in it is gone. This is nice when you are trying something that didn't work and just want it all cleaned up. The annoying thing about namespaces is that you cannot access a
PVC from another namespace. This means if you already have an NFS mount to some data, you either have to jam whatever else needs it into the same namespace or create a whole new
PV in order to bind a new
PVC in the other namespace. Also, if running
kubectl commands, you must specify the namespace in the
-n paramter or else you will only see results from the
default namespace. You can also specify
--all-namespaces to see everything.
We did not look at the Kubernetes Dashboard, which is a nice way to see an overview of your cluster. I don't find it particularly helpful for managing the cluster, though. Applying
yaml files is easier. But it is nice to look at!
Best wishes on your future Kubernetes adventures!