It’s 11 commands to debug everything about an application deployment... from downloading the docker image all the way to debugging the load balancer. Most git cheat sheets have 3 times the number of commands.
Most of the diamonds listed here aren’t things you have to remember, they’re statuses that are explicitly called out in the responses of those commands. This is an over-complicated chart that in reality is summed up as: look at the pod, look at the service, look at ingress.
There are for sure a few concepts you need to learn with k8s, however I wonder if it would be much shorter if you did a guide like this for manually done / bash script powered / ansible deployments
Every other large-ish product I've maintained would have a chart at least this large. Complex systems are complicated to maintain, regardless of platform.
You've worked on complex systems with charts? Most places I've worked lack charts and documentation. The flow chart only exists in pieces of the people's heads still working there, the rest in employees who left.
That's one of the strengths with K8s, at least there is documentation, unlike a 1000 line perl script with no tests which does service discovery.
I said "would have a chart" not "had a chart". :-D Of course it wasn't properly documented. :-(
I fully agree on that being a major strength of k8s. Looking at the resource manifests gives a ton of insight into how a system is supposed to function.
I dunno, I did an install using the k8s install instructions, and got to a point where I could access the containers locally but not from other nodes in the cluster. I could see a bunch of routing and iptables rules, but I didn't have any model for what it SHOULD look like, so I was at a loss for untangling all that spaghetti.
that sounds like your pod-cidr, service-cidr, or network plugin are misconfigured. As another person said, going through the hard way could help you understand, but realistically you need to take some time to understand your network plugins config and the kubeadm flags for configuring cidrs.
I went through your problem before on a practice cluster and ended up giving up on that one.
Realistically the hard way doesn't actually explain much of the commands you're running, and much of it covers the tedium of getting the many many certs you need to bootstrap everything (which will then expire and not rotate automatically). It's much better to just use kubeadm, and take some time to read all the args to kubelet, kubeadm, kubeproxy, etc...
Sure but I am not comparing it against manually done / bash script powered / Ansible deployments. Even if I was the CI/CD pipeline would capture many of the problems early and than I have an immutable AMI with autoscaling groups that is very easy to debug, networking setup is super simple and load-balancing is also straightforward to troubleshoot. Cramming all of these into a simple project that is not as easy to debug is not worth the effort for us.
> I guess I can just print this out and show to people any time somebody wants to move to k8s.
A complete flow chart of all the possible states for any non-trivial thing appears complex. In practice the actual problems you run into are part of a much smaller set of possibilities.
I'm somewhat sure you could make a similarly complicated looking chart that would entail:
- using ping
- sshing into a box
- using ssh port forwarding
- using ps aux
- understanding system load
- understanding oom killer messages
- is this systemd? use systemctl, otherwise figure it out
- is this systemd? use journalctl, otherwise figure out where an app is logging
- is nginx running? what box is it running on?
- is the nginx config okay?
- what about haproxy? are health checks going through?
Plus dealing with whatever configuration management system you're using, credential store you're using, etc.
Kubernetes, while complex, does take over a huge chunk of responsibilities from existing deployments. As such, a large part of any debugging will be done via kubectl and on a much different level of abstraction than if you were dealing with individual machines and services deployed on them via Ansible.
Yes, there's new things to learn. But for many cases (not even just scale!) it's quite worth it.
TBF a lot of people don't know what any of that is and use Heroku or equivalent. I've worked with people who don't even know how to use find or chmod, much less ps, htop, and other system tools.
Yep, and many of these projects are 10+ years old rock solid code that very rarely breaks and the failure scenarios are well understood (the only real exception is systemd). Can you tell the same about k8s?
Well yes, people who already pay for external cloud providers running k8s for little business value is a meme at this point. If you are creating a cloud provider though then you're very much welcome to use k8s.
I understand that Kubernetes is a complex project, but I struggle to see how this comment adds to the discourse.
For those that do need a solution like Kubernetes, charts like this are helpful, and the knowledge requirements certainly aren't too steep relative to comparable platforms.
What about Kubernetes makes it especially worth going in and commenting that you don't have a use case for it, in a thread dedicated to Kubernetes? Would you make similar comments about other platforms/libraries/technologies that you, for whatever reason, don't have a use case for?
Because echo chambers need their bubble's pierced every so often. Kubernetes is such garbage that no one runs it on their servers and if they do they have an army dedicated to managing it 24/7. Go to any company that's running it and ask them how they feel about it.
Because many people (including managers) take HN seriously and then go and try to implement or push for this being implemented because they read it on HN. Unfortunately they cannot go to HN when a outage explodes in their face, caused by an unknown problem in k8s. There is no clear value proposition for using k8s. It is trading time to figure out what would make the most sense for a project for black box complexity in most cases and that is a very bad deal. You pay the price once for the first one and all the time for the second one. If I do not comment here then you have a nice echo chamber that all fine and dandy with k8s and there is no downside at all using it. Btw. it is not only k8s and HN supposed to be a discussion site not a fanboy club of broken tech. I understand that the latter is much more appealing to many people.
Most of the diamonds listed here aren’t things you have to remember, they’re statuses that are explicitly called out in the responses of those commands. This is an over-complicated chart that in reality is summed up as: look at the pod, look at the service, look at ingress.