Notes from episode 28 of TGIK: Exploring CockroachDB on Kubernetes
Over the past few months I’ve been trying to learn everything there is to know about Kubernetes. Kubernetes is an amazing technology for deploying and scaling containers though it comes with a cost. It’s an incredibly complex piece of software and there are a ton of bells and whistles to become familiar with. One way that I’ve found for coming up to speed is Joe Beda’s weekly TGIK live broadcast. This occurs each Friday at 4PM EST and is CHOCK full of fantastic information. In episode twenty-eight Joe discusses running cockroachdb in a statefulset. You can watch it here:
Stateful sets allow you to run stateful applications inside Kubernetes.
Stateful workloads have a persistent storage requirement which can typically be solved through the use of persistent volumes and persistent volume claims.
Persistent volumes have three types of access modes:
ReadWriteOnce volumes can be mounted as read-write by a single node.
ReadOnlyMany volumes can be mounted read-only by several nodes.
ReadWriteMany volumes can be mounted read-write by several nodes.
Pods in a statefulset have a unique ordinal index and a stable network identity.
Deleting a stateful set doesn’t necessarily delete the PVs and PVCs associated with it.
The persistent volume reclaim policy controls what happens to PVs when the resources using them are deleted.
Topology Aware Volume Scheduling will be available in Kubernetes 1.10. This allows the scheduler to take volume constraints (region, zone, etc.) into consideration.
Cockroach was inspired by the Google spanner project.
Roles are specific to the namespace they are deployed to. These can provide more fine grained security.
Pod disruption budgets can be used to ensure that there is never more than maxUnavailable pods down at a time.
Pod affinities allow you to tell the scheduler if pods should be scheduled together or isolated from each other.
Cockroachdb will be adding liveness / readiness checks to the next release.
You can view certificate signing requests with the kubectl csr command:
$ kubectl get csr
You can describe the contents of a certificate signign request with kubectl describe csr:
$ kubectl describe csr default.node.cockroachdb-0
You can approve a certificate signing request with kubectl certificate approve:
$ kubectl certificate approve default.node.cockroachdb-0
Cockroachdb has some UNREAL debugging and visibility data at igning requests with the kubectl csr command:
Cockroachdb ships with 2 services:
One for the public to use.
For for internal cluster communication.
The public cockroachdb service will funnel requests to all of the pods. An A record is also created with the IPs of all of the database members.
Raft is a consensus algorithm that allows a number of devices to determine that something is true.
Things I need to learn more about:
Need to sit down and read the RAFT spec.
Need to play around with cockroachdb. It looks pretty incredible!
This article was posted by Matty on 2018-03-03 18:00:00 -0500 -0500