Kubernetes: The components

In previous articles we have seen some details of how the Kubernetes architecture is built.

Today the working mechanisms of the Kubernetes engine will be described indicating the name of each component; to remain faithful to the comparison of the car engine, we will speak of the camshafts, valves, bearings, … that belong to the Cloud Native

Note 1: The installation of k8s in Datacenter, Cloud, and Laboratory will not be discussed, the network has already made comprehensive tutorials available.

To familiarize yourself with k8s I recommend using Minikube (Linux platform) Docker Desktop (Windows & Mac platform).

Let’s begin!

Kubernetes Master:It is the main node of the cluster on which three processes that are vital for the existence of the cluster run.

  • kube-apiserver
  • kube-controller-manager
  • Kube-scheduler

In the master node, there is also the DataBase etcd, which stores all configurations created in the cluster.

The nodes that take care of running the applications and therefore the services are said worker node. The processes present on the worker node I’m:

  • Kubelet
  • kube-proxy

kubectl : AND’ The official Kubernetes client ( CLI ) through which you can manage the cluster ( Kube-apiserver ) using the API.

Some simple examples of kubectl commands are:

  • kubectl version (indicates the version of k8s installed)
  • kubectl get nodes (find out the number of nodes in the cluster)
  • kubectl describe nodes nodes-1 (shows the health status of the node, the platform on which k8s is running (Google, AWS, ….) and the allocated resources (CPU, RAM)).

Kube-Proxy : He is responsible for managing networking, from Routing to Load Balancing rules.

Note 2 : K8s will try to use them all libraries available at the level of operating system .

Container Runtime : It is the foundation on which the k8s technology rests.

kubernetes supports several runtimes among which we remember, container-d , cri-o , rktlet .

Note 3 : The runtime Docker it has been deprecated in favor of those that use interfaces CRI ; Docker images will still continue to work in the cluster.

The objects Kubernetes base are:

  • Pod
  • Services
  • Volumes
  • Namespace

THE controller provide additional functionality and are:

  • ReplicaSet
  • Deployment
  • StatefulSet
  • DaemonSet
  • Job

Between Deployment it is imperative to mention Kube-DNS which provides name resolution services. Since kubernetes version 1.2 the name has changed to Core-dns.

Add-On : they are used to configure further cluster functions and are placed inside the name space kube-system (such as Kube-Proxy, Kube-DNS, kube-Dashboard)

Add-ons are categorized according to their use:

  • Add-on of Netwok policy . (For example the NSX-T add-on takes care of the communication between the K8s environment and VMware)
  • Add-on Infrastructural (For example KubeVirt which allows connection with virtual architectures)
  • Add-on of Visualization and Control (For example Dashboard a web interface for K8s).

For commissioning, Add-ons use controllers DaemonSet And Deployment .

The image in figure 1 summarizes what has just been explained.

Figure 1

Take care and see you soon.

Kubernets: Know the details

A good way to describe cloud-native environments is to refer to the image of your car.

The container is the engine, k8s is the electronic control unit that manages the proper functioning of the vehicle, the drivers, indicating the route and the destination, select the type of service to be provided.

Today’s article will reveal some architectural details to understand how “the car” manages to reach its destination in an efficient way.

Containers are of two types:

The first is called System Container. It is the bodywork of the car (I mean from the plates to seats, steering wheel, gear lever and accessories).

Often for simplicity of creation, it is a Virtual Machine (VM) with Linux operating system (it can also be Windows).

The most common services present in the VM are ssh , cron and syslog , the File System is of type ext3, ext4, etc.

The second type is called Application Container and is the place where the image will carry out the activities.

Note1: The image is not a single large file. They are usually multiple files which, through an internal cross-pointing system, allow the application to operate correctly.

The Container application (from now on container only), has an operating mode based on a rigid logic, where all levels (layers) have the peculiarity of communicating with each other and are interdependent.

Figure 1

This approach is very useful as it is able to manage the changes that may occur over time in an effective and hierarchical way.

Let’s take an example: When a service configuration change occurs, for which Layer C is updated, Layer A and B are not affected, which means that they must NOT be modified in turn.

Since Developers like to refine their own images (program files) rather than dependencies, it makes sense to set the service logic in the mode indicated in figure 2 where the dependencies are not affected by a new image.

Figure 2

Note2 : The File system on which the images are placed (in the example of the car engine we are talking about pistons, connecting rods, shafts …) is mainly of three different types:

  • Overlay
  • Overlay 2
  • AUFS

Note3 : A good advice on the security side is not to build the architecture so that the passwords are contained in the images ( Baked in – Cooked)

One of the splendid innovations introduced in the container world is the management of images:

In a classic high-reliability environment, the application is installed on every single node of the cluster.

In containers, the application is downloaded and deployed only when the workload requires more resources than a new cluster node with a new image.

For this reason, the images are saved in “virtual” warehouses, which can be local or distributed on the internet. They are called “Register Server”.

The most famous are Docker Hub, Google Container Registry, Amazon Elastic Container Registry, Azure Container Registry.

We conclude this article by talking about the management of resources associated with a service.

The container platform uses two features called Cgroup and NameSpace to allocate resources that work at the kernel level.

The purpose of the Cgroup is to assign the correct resources ( CPU & RAM ).

Name spaces have the purpose of grouping the different processes and making sure that they are isolated from each other ( Multitenancy ).

The type of NameSpace can affect all the components of the service as indicated in the list below.

  • Cgroup
  • PID
  • Users
  • Mount
  • Network
  • IPC (Interprocess communication)
  • UTS (allows a single system to appear with different host and domain names and with different processes, useful in case of migration)

An example of limiting the resources of an application is shown in Figure 3 where thegable image, downloaded from the Register Server grcgp, has a limit of RAM and CPU resources allocated.

Figure 3

Soon

Cloud Native Kubernetes: Flow and Job Opportunities

This new article aims to indicate the new job opportunities created by a cloud-native environment.

Image n ° 1 shows the four main levels required by the architecture to function correctly ( left rectangular part).

On the right side ( circles ) are represented the occupations of the operator with respect to every single level.

Picture 1

Bottom up:

1- Storage and Network Operators ( SNOs ) are responsible for managing the hardware architecture.

Role activity number may decrease if deployed in a public cloud or IaaS (Infrastructure as a Service)

2- The Operating System Operator ( OSO ) works at the level of the operating system where the k8s service is running.

The OSO needs expertise in Linux and Windows . Skills in virtualization architecture such as VMware , RedHat , Nutanix , etc. are often required.

If the architecture has been leased from the public cloud or in an IaaS in general, the skills must cover this new architecture.

3- The orchestrator operator (OO) works with the core of the cloud-native administration environment. This world needs a lot of new skills.

Automation is the child of orchestration.

The main concept is that the OO should have sufficient skills to be able to follow all the processes of “Continuous Integration” and “Continuous Delivery” (often called CI / CD ).

Image 2 gives an idea about it

The central arrows show the flow to allow the delivery of a service.

For every single arrow, there are new tools to know to manage the entire release of the service.

Just a few examples: to test the environment you can work with cucumber or Cypress.io, for distribution and construction you can use Jenkins … and so on …

Image 2

Note 1 There are so many platforms available that choosing the right one can be very challenging

4- The development operator is the role of the people who are writing lines of code. They often use software to run businesses like Jira Core and Trello.

Note 2: In my personal opinion, the vendor who creates a software layer capable of centrally managing all these 6 core activities will have a competitive advantage over their competitors.

The big vendors are already playing: RedHat is working from the beginning with its platform ( OpenStack ), VMware has released Tanzu, Nutanix with Carbonite and Microsoft will play its role with the new version of Windows 2022 .

The only good suggestion I can give you is to study this new and fantastic world.

See you soon and take care of yourself

A flexible file backup Strategy – Part 2

In this second article, we are going to cover the File to Tape strategy.

Why tape devices are still widely present in the IT department?

  • It’s a good way (but not the only one) to manage the offline backup data (read it as improving the Security Strategy of your data).
  •  Media can be easily carried or moved (read it as Portability).
  • Deployment is often very quickly (read it as speeding up the adoption).
  • It has a potentially infinite capacity (Just adding media).
  • The LTO is a neverending technology in a continued evolution.
  • The tape is a well-known device, IT operators have the skills to manage it.
  • The costs for GB is lower than disk technologies.
  • The costs are quite predictable, managers can budget it easily.

VBR needs a Windows Physical Server named Tape Server to control the Drives and Robotic, LTO3 or later Drives, and MS-Windows drivers (supply by the hardware vendor).

The official user guide available on the Veeam site gives all detailed info.

Just a note before starting:

VBR uses Tape Technology in two different ways.

The most used one is back up to tape (Picture 1).

In this case,  the source backup data are the backups already present and created with a backup job or backup copy job.

They are saved to Repository (Repository is a Disk technology).

It means that the scope of backup to tape is to pour out data to tape.

Picture 1

Please have a look at the following video (https://www.youtube.com/watch?v=Il8mH2KB_Uo) to get more details.

The second way is File to Tape and it is the topic of this article (picture 2).

https://lnx.gable.it/wp-content/uploads/2021/01/nas-7.jpgPicture 2

Which type of source files can be saved to tape?

  • Windows & Linux servers (virtual or physical doesn’t matter)
  • NAS file share (SMB (CIFS) and NFS ).
  • NDMP filers (it will be covered in the next article).
  • How does it work?

Picture 3

Picture 3 shows the data streams when a tape process is performed:

  1. The main components are Data Movers. These Services run on the source and on the Tape Server.
  2. VBR triggers the source Data Mover to perform a copy of the files to the target. At the destination, the target Data Mover check if the files have arrived correctly.
  3. The tape Server manages the write operation to the tape also.
  4. VBR stores all info about files saved (media used, retention, etc.)  in a catalog.
  5. In the restore scenario, the step order is four to one.
  • *Note: To perform a backup of Windows and Linux servers, it is requested to add those servers to the managed server as shown in picture 3. Through this process, the Data mover service is properly installed.
  • Network Share: Adding SMB/NFS Share as shown in the previous article (A Flexible file backup strategy – Part 1).
Picture 3
  • Common scenarios

File to Tape backup can be used by any customer. You need just a Tape Server, Tape Devices, Drivers, and VBR.

There are at least two main cases:

  • Customers who want a copy of their data to tape.
  • Customers with a small budget who doesn’t need rapid restore

The next video will show how to set it up.

Main Pro

  • There is not a room limit. It means the license doesn’t count how many GB, TB, PB will be written to Tape.
  • The VBR architecture is as usual flexible. It’s possible to add more tape servers and more than 1 tape library.

Version 11 will add more great features:

  • Tape cloning (https://community.veeam.com/blogs-and-podcasts-57/tape-improvements-in-vbr-v11-277)
  • Tape verification (https://community.veeam.com/blogs-and-podcasts-57/part-ii-tape-improvements-in-vbr-v11-289)

Cons

*This behavior is quite common to all backup software that writes data directly to Tape.

  • For saving a file, VBR needs to trigger a process of discovering the file to the source, gathering and writing it to a media.

If you consider that the common NAS scenario is composed of millions of small files and thousands of folders and that the tape technology has to choose for every file the location in the media (where the file will be copied)  it’s clear that this process, common to all backup servers, stresses the hardware architecture and in particular the drive header.

The backup process has a small speed advantage compared to restoring because writings to media are often sequential and not random.

Image to restore 10k files located in 10k different positions in a single tape.

The drive has to perform a great job. It is going to suffer from an effect called shoe-shining (also known as tape back-hitching)  which occurs when a tape drive cannot transfer data at an acceptable speed.

Shoe shining can contribute to data loss over time, as the repeated back-and-forth motion will wear the tape drive’s read/write heads and negatively affect the readable portion of the tape

  • Loss of Tape Cartridge Capacity
  • Increased Risk of Read/Write Issues
  • Excessively Worn Tape Drive Heads
  • Low Data Transfer Rates
  • Data Loss
  • The Veeam DB needs to be sized correctly and the best practice is to switch from SQL Express to SQL Standard
  • Media management is quite challenging when the amount of tapes is big. Remember to store them in a fireproof and non-magnetic safe.

Do you also prefer the NAS backup feature introduced in v.10? Let me know!

That’s all for now.  

See you next week for talking about NDMP

VBR – Proxy linux server UUID

When a Linux VM is added to Veeam console as a Proxy Server,  you can fall out in the error shown in picture 1

Picture 1

The reason for this behavior is that the default VM config does not allow another software to see the UUID of the VM.

What is UUID?

It’s the unique identifier used to uniquely identify partitions in Linux operating systems.

Why is it important to use it?

A backup where the proxy is a Linux VM only works with virtual appliance transport mode. It uses the VMware hot add capability.

Easier: when a job starts, the proxy Linux mounts the disks of the VM that have to be processed and then send a copy of data to the Veeam Repository.

If the backup server knows which are the proxy disks it can process the others easily and without errors.

The result is that it’s mandatory to set it up correctly as shown in the user guide and in Veeam forum

Note 1: the Linux command to show UUID is blkid

To address the issue just switch off the VM and, from vCENTER Console, follow the procedure showed in the next 4 pictures highlighted in yellow.

Picture 2

Picture 3

Picture 4

Picture 5

That’s all folks

How to add an XFS Repository to Veeam

This is the second article talking about how to set up a Linux Veeam Repository for using the XFS technology.

In my last article, I wrote about how to create an XFS disk and now we are going to cover how to integrate it.

There are just two steps: 

1. Adding the new Linux Server to the managed VBR server.

2. Creating the Repository Server enabling the XFS add-on.

1. Before working with the VBR console it’s necessary to check the firewall status and more precisely if the ports needed are open to allow the system to work properly.

In this lab the way to set up the firewall is working with ufw command:

sudo ufw status (to check the status) 

If the firewall is disabled, please change its status with the command:

sudo ufw enable  (corrected on 8th May 2021)

Opening the ports with the following command:

sudo ufw allow #port/protocol

In my example I launched the following two commands:

sudo ufw allow 22/tcp

sudo ufw allow 2500:3300/tcp

as shown in the  Veeam user guide (picture 1)

Picture 1

The last command to check the firewall status is on port 22:

sudo lsof -i:22

the output is:

COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
sshd 915 root 3u IPv4 27288 0t0 TCP *:ssh (LISTEN)
sshd 915 root 4u IPv6 27290 0t0 TCP *:ssh (LISTEN)

2. Now we are ready to create the new XFS repository:

  • 1. From VBR console add a new Linux Server (Picture 2)

Picture 2

  • Click on the Advanced button and check the right match between the ports  (Picture 3 and 4)

Picture 3

Picture 4

  • Add a new Repository, by choosing the just added server (in my case his name is cento01).

In the repository option, browse the server folders selecting the XFS one,  selecting the option Use fast Cloning (Picture 5 and 6)

Picture 5

Picture 6

Complete the task with some more clicks.

Note1: If you need more details about how to set up the firewall please have a look at the following site:

Linux Firewall

The next article will talk about performances,  see you soon and take care.