Customer Handover Documents
Rackspace Kubernetes-as-a-Service
Last updated: Feb 11, 2022
Release: v6.0.2
This section includes the information required for transferring a Kubernetes cluster to the customer. The topics in this section provide a list of items that a Rackspace engineer needs to discuss during the handover call with the customer.
Contents
- Demo Handover Script
- Customer Handover Script
Demo Handover Script
Follow this script when handing over a demo cluster to the customer.
Pre-handover tasks
Before you hand over a Rackspace KaaS deployment to a customer, complete the following tasks:
- Verify that the Kubernetes dashboard is working.
- Verify that the OpenStack users can access the cluster.
- Deploy Harbor secrets to cluster
Recap of customer needs
Review customer requirements and problems:
- Describe the customer requirements that this demo meets.
- Describe the customer problems that this demo resolves.
Customer architecture
Describe and review the customer’s environment and how everything is set up.
Cluster Layout
- etcd node count (default: 5)
- Master node count (default: 3)
- Worker node count (varies)
OpenStack
A high-level overview of how Kubernetes sits on top of OpenStack and integration points:
- OpenStack Block Storage service (cinder) and Ceph - PersistentVolumes.
- OpenStack DNS-as-a-Service (designate)
- OpenStack Identity service (keystone) - user authentication and role-based access control (RBAC).
- OpenStack Load-Balancing-as-a-Service (octavia) - enables kubernetes type loadbalancer services.
- OpenStack Compute service (nova) - anti-affinity policies for cluster members, provisioning new nodes.
- OpenStack Networking service (neutron) - networking between nodes.
- OpenStack Object Storage service (swift) - etcd backups, Harbor storage.
Important
Mention Openstack flavors/names used in MK8S, and the fact that we don’t recommend to manually change those without Rackspace intervention/notification first.
Networking and ingress
Review the networking and ingress setup with the customer so that they understand the network traffic flow.
- Review the Pod networking setup.
- Describe how VXLAN works.
- Discuss the Container Network Interface (CNI), including Calico, Flannel, and Canal.
- Overview of the NGINX ingress controller.
etcd
Review the etcd cluster specification:
- Describe how the etcd nodes are configured.
- Review the etcd backup strategy (every eight hours).
RBAC
Review role-based access control (RBAC) with the customer:
- Initial RBAC account.
- Integrations with the customer identity provider (LDAP, Keystone, and so on).
- Provisioning new accounts.
- Deleting old accounts.
kubectl walkthrough
Describe the kubectl
basics and demonstrate deployment of an application.
Basics
- Minimum
kubectl
version customers should be running - get/describe/create/apply/delete
- Specifying namespaces
- Output formatting
- Resource definition files
Deploy an application
Walk through the demo application deployment.
Other services
Introduce the customer to other managed services running on their cluster:
Dashboard
- Show Kubernetes dashboard
EFK (Elasticsearch, Fluentd, Kibana)
- Show the Kibana UI.
Prometheus/Grafana
- Show the Grafana UI.
- Show the Prometheus UI.
- Show the Alert Manager UI.
Harbor
- Show the Harbor UI functionality by performing basic operations.
Feedback
Request feedback on the demo and environment configuration.
Customer Handover Script
Follow this script when handing over a production cluster to the customer.
Pre-handover tasks
Before you hand over a Rackspace KaaS deployment to a customer, complete the following tasks:
- Verify that the Kubernetes dashboard is working.
- Verify that the OpenStack users can access the cluster.
- Deploy Harbor secrets to cluster.
Kubernetes core concepts
Provide a brief introduction to Kubernetes for the customer to ensure some foundational knowledge exists. You can skip this section.
Control plane
Describe the components of the Kubernetes control plane:
- etcd
- kube-apiserver
- kube-controller-manager
- kube-scheduler
- kubelet
- kube-proxy
Objects
Describe the main objects in Kubernetes:
- Pod
- Service
- Volume
- Namespace
Controllers
Describe different types of controllers in Kubernetes:
- ReplicaSet
- Deployment
- StatefulSet
- DaemonSet
- Job
RBAC
Describe the account security model in Kubernetes:
- Roles and ClusterRoles
- RoleBindings and ClusterRoleBindings
- Service Accounts
- Identity Providers
Customer architecture
Describe and review the customer’s environment and how everything is set up.
Cluster Layout
- etcd node count (default: 5)
- Master node count (default: 3)
- Worker node count (varies)
OpenStack
A high-level overview of how Kubernetes sits on top of OpenStack and integration points:
- OpenStack Block Storage service (cinder) and Ceph - PersistentVolumes.
- OpenStack DNS-as-a-Service (designate)
- OpenStack Identity service (keystone) - user authentication and role-based access control (RBAC).
- OpenStack Load-Balancing-as-a-Service (octavia) - enables kubernetes type loadbalancer services.
- OpenStack Compute service (nova) - anti-affinity policies for cluster members, provisioning new nodes.
- OpenStack Networking service (neutron) - networking between nodes.
- OpenStack Object Storage service (swift) - etcd backups, Harbor storage.
Important
Mention Openstack flavors/names used in MK8S, and the fact that we don’t recommend to manually change those without Rackspace intervention/notification first.
Networking and ingress
Review the networking and ingress setup with the customer so that they understand the network traffic flow.
- Review the Pod networking setup.
- Describe how VXLAN works.
- Discuss the Container Network Interface (CNI), including Calico, Flannel, and Canal.
- Overview of the NGINX ingress controller.
etcd
Review the etcd cluster specification:
- Describe how the etcd nodes are configured.
- Review the etcd backup strategy (every eight hours).
RBAC
Review role-based access control (RBAC) with the customer:
- Initial RBAC account.
- Integrations with the customer identity provider (LDAP, Keystone, and so on).
- Provisioning new accounts.
- Deleting old accounts.
kubectl walkthrough
Go over kubectl
basics and demonstrate deployment of an application.
Basics
- Minimum
kubectl
version customers should be running - get/describe/create/apply/delete
- Specifying namespaces.
- Output formatting.
- Using YAML and resource manifests.
Other services
Introduce the customer to other managed services running on their cluster:
KaaS Control Panel and dashboard
- Generate kubeconfig and tokens in KaaS Control Panel.
- Log in to dashboard and show basic functionality.
Logging and monitoring
Provide an overview of the Elasticsearch, Fluentd, and Kibana (EFK) stack.
- Discuss the purpose of the tool (log monitoring).
- Review how services have been deployed.
- Discuss Curator and log truncating (default data retention: seven days).
- Show the Kibana UI.
Prometheus and Grafana
- Discuss performance monitoring provided by the tools.
- Review how services have been deployed.
- Show the Grafana UI.
- Show the Prometheus UI.
- Show the Alert Manager UI.
- Discuss data retention (default: three days).
Internal Docker® registry
- Push a new container image to Harbor.
- Check for vulnerabilities using Clair.
Best practices
Walk through the best practices of using Kubernetes:
- Use namespaces to isolate and control applications.
- Store resource declarations in version control.
- Use annotations liberally to enable efficient sorting and filtering.
- Deploy Pods using a Deployment object.
- Use persistent volumes to preserve Pod data.
Security Caveats
- Discuss security limitations within the user guide so customer understands them.
Feedback
Updated about 1 year ago