System StatusPortal Login

Customer Handover Documents

Suggest Edits

Rackspace Kubernetes-as-a-Service

Last updated: Feb 11, 2022

Release: v6.0.2

This section includes the information required for transferring a Kubernetes cluster to the customer. The topics in this section provide a list of items that a Rackspace engineer needs to discuss during the handover call with the customer.

Contents

Demo Handover Script

Follow this script when handing over a demo cluster to the customer.

Pre-handover tasks

Before you hand over a Rackspace KaaS deployment to a customer, complete the following tasks:

Recap of customer needs

Review customer requirements and problems:

  • Describe the customer requirements that this demo meets.
  • Describe the customer problems that this demo resolves.

Customer architecture

Describe and review the customer’s environment and how everything is set up.

Cluster Layout

  • etcd node count (default: 5)
  • Master node count (default: 3)
  • Worker node count (varies)

OpenStack

A high-level overview of how Kubernetes sits on top of OpenStack and integration points:

  • OpenStack Block Storage service (cinder) and Ceph - PersistentVolumes.
  • OpenStack DNS-as-a-Service (designate)
  • OpenStack Identity service (keystone) - user authentication and role-based access control (RBAC).
  • OpenStack Load-Balancing-as-a-Service (octavia) - enables kubernetes type loadbalancer services.
  • OpenStack Compute service (nova) - anti-affinity policies for cluster members, provisioning new nodes.
  • OpenStack Networking service (neutron) - networking between nodes.
  • OpenStack Object Storage service (swift) - etcd backups, Harbor storage.
Important

Mention Openstack flavors/names used in MK8S, and the fact that we don’t recommend to manually change those without Rackspace intervention/notification first.

Networking and ingress

Review the networking and ingress setup with the customer so that they understand the network traffic flow.

  • Review the Pod networking setup.
  • Describe how VXLAN works.
  • Discuss the Container Network Interface (CNI), including Calico, Flannel, and Canal.
  • Overview of the NGINX ingress controller.

etcd

Review the etcd cluster specification:

  • Describe how the etcd nodes are configured.
  • Review the etcd backup strategy (every eight hours).

RBAC

Review role-based access control (RBAC) with the customer:

  • Initial RBAC account.
  • Integrations with the customer identity provider (LDAP, Keystone, and so on).
  • Provisioning new accounts.
  • Deleting old accounts.

kubectl walkthrough

Describe the kubectl basics and demonstrate deployment of an application.

Basics

  • Minimum kubectl version customers should be running
  • get/describe/create/apply/delete
  • Specifying namespaces
  • Output formatting
  • Resource definition files

Deploy an application

Walk through the demo application deployment.

Other services

Introduce the customer to other managed services running on their cluster:

Dashboard

  • Show Kubernetes dashboard

EFK (Elasticsearch, Fluentd, Kibana)

  • Show the Kibana UI.

Prometheus/Grafana

  • Show the Grafana UI.
  • Show the Prometheus UI.
  • Show the Alert Manager UI.

Harbor

  • Show the Harbor UI functionality by performing basic operations.

Feedback

Request feedback on the demo and environment configuration.

Customer Handover Script

Follow this script when handing over a production cluster to the customer.

Pre-handover tasks

Before you hand over a Rackspace KaaS deployment to a customer, complete the following tasks:

Kubernetes core concepts

Provide a brief introduction to Kubernetes for the customer to ensure some foundational knowledge exists. You can skip this section.

Control plane

Describe the components of the Kubernetes control plane:

  • etcd
  • kube-apiserver
  • kube-controller-manager
  • kube-scheduler
  • kubelet
  • kube-proxy

Objects

Describe the main objects in Kubernetes:

  • Pod
  • Service
  • Volume
  • Namespace

Controllers

Describe different types of controllers in Kubernetes:

  • ReplicaSet
  • Deployment
  • StatefulSet
  • DaemonSet
  • Job

RBAC

Describe the account security model in Kubernetes:

  • Roles and ClusterRoles
  • RoleBindings and ClusterRoleBindings
  • Service Accounts
  • Identity Providers

Customer architecture

Describe and review the customer’s environment and how everything is set up.

Cluster Layout

  • etcd node count (default: 5)
  • Master node count (default: 3)
  • Worker node count (varies)

OpenStack

A high-level overview of how Kubernetes sits on top of OpenStack and integration points:

  • OpenStack Block Storage service (cinder) and Ceph - PersistentVolumes.
  • OpenStack DNS-as-a-Service (designate)
  • OpenStack Identity service (keystone) - user authentication and role-based access control (RBAC).
  • OpenStack Load-Balancing-as-a-Service (octavia) - enables kubernetes type loadbalancer services.
  • OpenStack Compute service (nova) - anti-affinity policies for cluster members, provisioning new nodes.
  • OpenStack Networking service (neutron) - networking between nodes.
  • OpenStack Object Storage service (swift) - etcd backups, Harbor storage.
Important

Mention Openstack flavors/names used in MK8S, and the fact that we don’t recommend to manually change those without Rackspace intervention/notification first.

Networking and ingress

Review the networking and ingress setup with the customer so that they understand the network traffic flow.

  • Review the Pod networking setup.
  • Describe how VXLAN works.
  • Discuss the Container Network Interface (CNI), including Calico, Flannel, and Canal.
  • Overview of the NGINX ingress controller.

etcd

Review the etcd cluster specification:

  • Describe how the etcd nodes are configured.
  • Review the etcd backup strategy (every eight hours).

RBAC

Review role-based access control (RBAC) with the customer:

  • Initial RBAC account.
  • Integrations with the customer identity provider (LDAP, Keystone, and so on).
  • Provisioning new accounts.
  • Deleting old accounts.

kubectl walkthrough

Go over kubectl basics and demonstrate deployment of an application.

Basics

  • Minimum kubectl version customers should be running
  • get/describe/create/apply/delete
  • Specifying namespaces.
  • Output formatting.
  • Using YAML and resource manifests.

Other services

Introduce the customer to other managed services running on their cluster:

KaaS Control Panel and dashboard

  • Generate kubeconfig and tokens in KaaS Control Panel.
  • Log in to dashboard and show basic functionality.

Logging and monitoring

Provide an overview of the Elasticsearch, Fluentd, and Kibana (EFK) stack.

  • Discuss the purpose of the tool (log monitoring).
  • Review how services have been deployed.
  • Discuss Curator and log truncating (default data retention: seven days).
  • Show the Kibana UI.

Prometheus and Grafana

  • Discuss performance monitoring provided by the tools.
  • Review how services have been deployed.
  • Show the Grafana UI.
  • Show the Prometheus UI.
  • Show the Alert Manager UI.
  • Discuss data retention (default: three days).

Internal Docker® registry

  • Push a new container image to Harbor.
  • Check for vulnerabilities using Clair.

Best practices

Walk through the best practices of using Kubernetes:

  • Use namespaces to isolate and control applications.
  • Store resource declarations in version control.
  • Use annotations liberally to enable efficient sorting and filtering.
  • Deploy Pods using a Deployment object.
  • Use persistent volumes to preserve Pod data.

Security Caveats

  • Discuss security limitations within the user guide so customer understands them.

Feedback

Updated 5 months ago