| copyright | lastupdated | keywords | subcollection | ||
|---|---|---|---|---|---|
|
2021-03-30 |
kubernetes, iks, containers |
containers |
{:DomainName: data-hd-keyref="APPDomain"} {:DomainName: data-hd-keyref="DomainName"} {:android: data-hd-operatingsystem="android"} {:api: .ph data-hd-interface='api'} {:apikey: data-credential-placeholder='apikey'} {:app_key: data-hd-keyref="app_key"} {:app_name: data-hd-keyref="app_name"} {:app_secret: data-hd-keyref="app_secret"} {:app_url: data-hd-keyref="app_url"} {:authenticated-content: .authenticated-content} {:beta: .beta} {:c#: data-hd-programlang="c#"} {:cli: .ph data-hd-interface='cli'} {:codeblock: .codeblock} {:curl: .ph data-hd-programlang='curl'} {:deprecated: .deprecated} {:dotnet-standard: .ph data-hd-programlang='dotnet-standard'} {:download: .download} {:external: target="_blank" .external} {:faq: data-hd-content-type='faq'} {:fuzzybunny: .ph data-hd-programlang='fuzzybunny'} {:generic: data-hd-operatingsystem="generic"} {:generic: data-hd-programlang="generic"} {:gif: data-image-type='gif'} {:go: .ph data-hd-programlang='go'} {:help: data-hd-content-type='help'} {:hide-dashboard: .hide-dashboard} {:hide-in-docs: .hide-in-docs} {:important: .important} {:ios: data-hd-operatingsystem="ios"} {:java: .ph data-hd-programlang='java'} {:java: data-hd-programlang="java"} {:javascript: .ph data-hd-programlang='javascript'} {:javascript: data-hd-programlang="javascript"} {:new_window: target="_blank"} {:note .note} {:note: .note} {:objectc data-hd-programlang="objectc"} {:org_name: data-hd-keyref="org_name"} {:php: data-hd-programlang="php"} {:pre: .pre} {:preview: .preview} {:python: .ph data-hd-programlang='python'} {:python: data-hd-programlang="python"} {:route: data-hd-keyref="route"} {:row-headers: .row-headers} {:ruby: .ph data-hd-programlang='ruby'} {:ruby: data-hd-programlang="ruby"} {:runtime: architecture="runtime"} {:runtimeIcon: .runtimeIcon} {:runtimeIconList: .runtimeIconList} {:runtimeLink: .runtimeLink} {:runtimeTitle: .runtimeTitle} {:screen: .screen} {:script: data-hd-video='script'} {:service: architecture="service"} {:service_instance_name: data-hd-keyref="service_instance_name"} {:service_name: data-hd-keyref="service_name"} {:shortdesc: .shortdesc} {:space_name: data-hd-keyref="space_name"} {:step: data-tutorial-type='step'} {:subsection: outputclass="subsection"} {:support: data-reuse='support'} {:swift: .ph data-hd-programlang='swift'} {:swift: data-hd-programlang="swift"} {:table: .aria-labeledby="caption"} {:term: .term} {:tip: .tip} {:tooling-url: data-tooling-url-placeholder='tooling-url'} {:troubleshoot: data-hd-content-type='troubleshoot'} {:tsCauses: .tsCauses} {:tsResolve: .tsResolve} {:tsSymptoms: .tsSymptoms} {:tutorial: data-hd-content-type='tutorial'} {:ui: .ph data-hd-interface='ui'} {:unity: .ph data-hd-programlang='unity'} {:url: data-credential-placeholder='url'} {:user_ID: data-hd-keyref="user_ID"} {:vbnet: .ph data-hd-programlang='vb.net'} {:video: .video}
<style> </style>{: #learning-path-dev}
Following a curated learning path to deploy highly available containerized apps in Kubernetes clusters and use the powerful tools of {{site.data.keyword.containerlong_notm}} to automate, isolate, secure, manage, and monitor your app workloads across zones or regions. {: shortdesc}
{: #dev_cluster}
Begin working with your cluster by setting up the CLI and accessing the cluster. {: shortdesc}
- CLI setup: Set up the CLIs that are necessary to create and work with clusters. As you work with your cluster, refer to the command reference and keep track of CLI version updates with the CLI changelog.
- User permissions: Ensure that your cluster administrator gives you the proper {{site.data.keyword.cloud_notm}} IAM role to access the cluster.
- Cluster access: Access your cluster through the public or private cloud service endpoint.
Need help? Check out Troubleshooting clusters and masters and Troubleshooting worker nodes.
{: #dev_plan}
Before you deploy an app, decide how you want to set up your app so that your app can be accessed properly and be integrated with other services. {: shortdesc}
- Kubernetes-native: Plan your strategy for developing a Kubernetes-native app.
- Highly available: Plan your strategy for a highly available deployment.
{: #dev_develop}
Configure your app in a YAML file that declares the configuration of the Kubernetes object, and plan your app versioning strategy. {: shortdesc}
- Develop your app:
- Review the basics of Kubernetes-native app deployments.
- Build app containers from images in public or private image registries.
- Specify your app requirements in a YAML file, which declares the configuration of the Kubernetes object.
- Version your app:
- To plan customized configurations for more than one environment, such as development, testing, and production environments, use the Kustomize tool to manage your configuration YAML file.
- If you want to run your app in multiple clusters, public and private environments, or even multiple cloud providers, package your application to help automate deployments.
Need help? Check out Troubleshooting apps and integrations.
{: #dev_deploy}
Deploy your app to the cluster by running your app configuration file. {: shortdesc}
- Deploying apps with the Kubernetes dashboard
- Deploying apps with the CLI
- Deploying apps to specific worker nodes by using labels
- Deploying an app on a GPU machine
Need help? Check out Troubleshooting apps and integrations.
{: #dev_test}
While you conduct performance testing on your app, set up logging and monitoring to help you troubleshoot issues, gain visibility into your workloads, and improve the health and performance of your apps. {: shortdesc}
In a test environment, deliberately create various non-ideal scenarios, such as deleting all worker nodes in a zone to replicate a zonal failure. Review the logs and metrics to check how your app recovers.
- Test access: Test access to your app by creating a public or private NodePort on your worker nodes.
- Monitoring:
- Open a Kubernetes dashboard on your local system to view information about your app resources.
- Choose a monitoring solution, such as {{site.data.keyword.mon_full}}, to gain operational visibility into the performance and health of your apps.
- Logging:
- Choose a logging solution, such as {{site.data.keyword.la_full}}, to monitor container logs.
- If you expose your app by using Ingress, you can set up logging for requests that are proxied by your ALBs.
Need help? Check out Troubleshooting logging and monitoring.
{: #dev_update}
Perform rolling updates and rollbacks of apps without downtime for your users. {: shortdesc}
- Update strategy: Plan your strategy for keeping your app up-to-date.
- Set up updates:
- Add a rolling update to your deployment file
- Perform A/B, canary, and phased rollouts with the Istio managed add-on.
- Set up a continuous delivery pipeline for a cluster.
- Scaling: Enable horizontal pod autoscaling to automatically increase or decrease the number of instances of your apps based on CPU.
{: #dev_secure}
Use Kubernetes secrets to store confidential information, such as credentials or keys, and encrypt data in Kubernetes secrets to prevent unauthorized users from accessing sensitive app information. {: shortdesc}
- Secrets:
- Store personal or sensitive information in Kubernetes secrets that your app can access.
- Encrypt secrets by using a KMS provider.
- Verify that secrets are encrypted.
- Pod-to-pod traffic: Enable mTLS encryption for traffic between microservices within an Istio service mesh.
{: #dev_expose}
Publicly expose an app in your cluster to the internet or privately expose an app in your cluster to the private network only. {: shortdesc}
- Plan service discovery:
- Understand the basics of Kubernetes service discovery.
- Choose an app exposure service that fits your requirements for incoming traffic to the app.
- Expose your app:
-
Load balancers:
Classic clusters:
- Create an NLB 1.0 or NLB 2.0.
- Register a DNS subdomain for the NLB.
VPC clusters: Set up a VPC load balancer.
-
Ingress:
- Classic clusters: Configure Ingress for the public network or the private network.
- VPC clusters: Configure Ingress for the public network or the private network.
Need help? Check out Troubleshooting Ingress and Troubleshooting load balancers.
{: #dev_storage}
- Storage basics: Start by understanding the basics of Kubernetes storage.
- Requirements: Determine your requirements for a storage solution.
- Choose a solution: Using your storage requirements, choose a storage solution by comparing non-persistent, single-zone persistent, or multizone persistent storage.
Need help? Check out Troubleshooting persistent storage.
{: #dev_integrate}
Enhance app capabilities by integrating various external services and catalog services in your cluster with your app. {: shortdesc}
- Review supported integrations:
- All supported integrations
- {{site.data.keyword.containerlong_notm}} partners
- {{site.data.keyword.cloud_notm}} services and third-party integrations
- Add services to your cluster: Ask your cluster administrator to add the integration to your cluster.
- Access services from your app: Ensure that your app can access the service. For example, to access an IBM Cloud service instance from your app, you must make the service credentials that are stored in the Kubernetes secret available to your app.
Need help? Check out Troubleshooting apps and integrations.