Kubernetes and Docker Mini-Bootcamp: Some questions (and answers)

One of the things we love doing at Mirantis is free mini-courses that help you learn how to get the best out of your environment, or to take advantage of technologies you may not have used before.  As we get ready for tomorrow’s mini-class, Top Sysadmin Tasks and How to Do Them with OpenStack, we thought we’d revisit our last one, Kubernetes and Docker Mini-Bootcamp. Here are the Q&As.  

Don’t’ forget to register for the OpenStack mini-class! We’re including a bonus discount on full trainings for attendees…

What do I get with the Kubernetes self-paced class?

The self-paced kubernetes class includes:

  • 1-year of access to course materials and videos,
  • 72 hours of online hands-on labs,
  • 1 free KCM100 exam attempt
  • a discussion board connecting students to the instructor and peers,
  • a completion certificate upon completing the class.

Is the KD100 course geared for entry level or more advanced technical user? What are the prerequisites to attend?

The KD100 Course is mostly for container novices. You can see the prerequisites and outcomes here: https://training.mirantis.com/instructor-led-training/kubernetes-docker-bootcamp-exam

I’m a Network Architect. Which Kubernetes course do you recommend for me?

Both KD100 and KD200 would be good for you, depending on your initial familiarity with Kubernetes concepts. You’ll need familiarity with basic Linux commands, so check the prerequisites on each course page to decide which is most appropriate.


Are recordings in the on-demand courses kept up-to-date?

Yes, we do regular updates.

Is persistent storage available for containers?

Yes, you can create persistent volumes on which to store files.

Why are containers are still deployed on VMs?

Containers don’t have to be deployed on VMs; they can also be deployed directly on bare metal. They’re often deployed on VMs because that’s how today’s devops operates, as a rule. What’s more, most of today’s IaaS is based on VMs, so when developers need resources on which to deploy their containers, that’s what they get.

Are Docker and Kuberbetes stable enough to run application in production?

Yes, they are both stable enough to run production applications, and in fact both are used in production situations in various places.

When you declare a base image (say ubuntu) in the dockerfile, does that mean the image will load the entire OS, and then apps on top of it?

Yes, but there are several ways around this. First, usually, you don’t need the entire OS in a base image, only libraries and tools, such as /bin/bash, that your application really requires. Second, if you do need the base operating system, there are smaller alternatives, such as Alpine.

Who manages the OS in the container, as it is read only?

I’m not sure what you mean by “managing” the operating system, but the container image is read-only. The container itself, which is instantiated from that image, has a top writable layer.

If containers are ephemeral, how do you deal with data? How do you handle something like a database?

Kubernetes volumes, which you can attach to pods, are technically and architecturally “outside” of the container, so while the container is ephemeral the volume is not. This architecture enables you to store persistent data on a volume.

It seems that most of my customers who are deploying containers are deploying k8s alongside openstack. Can you speak about this sort of deployment? Are there caveats? Is Neutron sufficient for virtual networking in this sort of environment or do you see value in tools such as OpenOontrail?

There are two different ways to look at this problem:

  1. running Kubernetes and OpenStack on the same network so they can communicate, and
  2. running Kubernetes on resources provided by OpenStack.

Both of these situations do occur “in the wild”, so to speak, and though the second is probably more common, they’re both perfectly valid ways of handling a situation in which you needs require both cloud-native and VM-based resources.

As far as your networking question, Neutron has become a powerful networking solution over the next few years, but whether it’s appropriate for you will depend on your own circumstances.  That said, here at Mirantis we do use OpenContrail for these situations.

Does Kubernetes have integration with Openstack?

Again, this is going to depend on your definition of “integration”. There are various third-party products and projects that involve the two, and as far as “native” OpenStack projects, Magnum will deploy k8s on OpenStack. (It’s worth noting, also, that as of this morning the OpenStack Foundation itself will be focusing on these kinds of integrations.)

What is the best strategy for volumes for a multi-host container deployment ? NFS? iSCSI?

The best strategy for volumes in your multi-host container deployment is the one you can tune and support for reliability and performance. This is going to depend on your vendors and your organization’s capabilities.

Containers and security: I’m told it doesn’t exist. Is this true?

Shhhh, don’t say that too loud around here, you’ll start an argument. 🙂  In fact, security and containers exists and while some argue that it’s lacking, or that containers are less secure than VMs, in a way you can argue that you cannot have your cake and eat it too; containers are faster and cheaper because they remove a layer of abstraction (the hypervisor), so you have one less layer an attacker has to cross to get to your base OS.

How can we scale RDBMS on containers?

This is an RDBMS-dependent question. The answer may differ wildly for mysql vs. postgres vs. sqlite. Even for a single RDBMS there are different strategies. If your RDBMS is already proven to work at scale, then as a first step just run it outside the cloud and connect to it from the cluster. Baby steps. Also you can check out, for example, CockroachDB, a cloud-ready databse that can be deployed easily in containers. (The team has a target of making it compatible with PostgreSQL.)

We run a Mirantis Openstack Cloud (MCP). How can we offer container clusters to our customers? (We are an ISP.)

Using MCP, you can easily deploy a separate kubernetes cluster without Openstack. However, what you’re talking about is Containers as a Service (CaaS) (or perhaps more accurately, Kubernetes as a Service (KaaS)).  Fortunately, Mirantis does offer this as an option.  You can get more information here.

Do we have to rewrite all of our traditional apps in order to run and scale them on k8s?

That depends on what you mean by “rewrite”. At a minimum, you have to containerize them. To properly take advantage of container architecture, you might want to read up on microservices. If you have traditional applications, chances are they will not get significant benefit from containerization without decomposing their architecture into multiple containerized components, at the very least.  That said, some traditional applications can easily scale out, in which case containerization can help.

Can Kubernetes integrate with Neutron to automate network provisioning?

No, not directly. Integration would be through the container-runtime, such as Docker.

What is the difference between Kubernetes, Hypernetes, and Magnum?

Magnum is an installer for Kubernetes (and other container orchestration engines) on OpenStack. Hypernetes is a reimplementation of Kubernetes that runs VMs instead of containers.

We heard that a new version of kubernetes will be soon available. Kubernetes 1.9 or 2.0. What kind of new features will be available?

The most efficient way is to check, for example Kubernetes blog (http://blog.kubernetes.io/) or the Kubernetes feature tracking repository.

Does Kubernetes integrate with Nuage SDN ?

Kubernetes integration with networking is through the container-runtime, such as Docker. Docker can integrate with anything the Container Networking Interface (CNI) has a plugin for.

Are the images in the Docker repository safe to use? How do we make sure they are not compromised?

Public images are as safe as the trust and confidence you can place in the publisher of the image. The “golden” images in Docker Hub are actually scanned and checked by Docker. Also, because of how Dockerfiles work, you can see exactly what goes into every image, if you’re willing to take the time to check. In addition, there are multiple commercial products that do security analysis on container images.

You can view the entire video for this bootcamp, or join us for our next mini-class, Top Sysadmin Tasks and How to Do Them with OpenStack.


Subscribe to Our Newsletter

Latest Tweets

Suggested Content

Mirantis Cloud Platform
Top Sysadmin Tasks and How to Do Them with OpenStack
ONAP Overview