#Kubernetes

We now get to make use of the IKO.

Below we define the environment we will be creating via a Custom Resource Definition (CRD). It lets us define something outside the realm of what the Kubernetes standard knows (this is objects such as your pods, services, persistent volumes (and claims), configmaps, secrets, and lots more). We are building a new kind of object, an IrisCluster object.

The IKO documentation is robust. A single web page, that consists of about 50 actual pages of documentation. For beginners that can be a bit overwhelming. As the saying goes: how do you eat an elephant? One bite at a time. Let's start with the first bite: helm.

What is Helm?

Helm is to Kubernetes what the InterSystems Package Manager (IPM, formerly ObjectScript Package Manager - ZPM) is to IRIS.

The Istio Service Mesh is commonly used to monitor communication between services in applications. The "battle-tested" sidecar mode is its most common implementation. It will add a sidecar container to each pod you have in your namespace that has Istio sidecar injection enabled.

IAM - InterSystems API Manager is a great tool for monitoring your traffic. If you are trying to use it in your Kubernetes cluster you may have tried doing a deployment similar to this one:

Anakin Skywalker challenged the high ground and has been terribly injured on Mustafar.

I attended Cloud Native Security Con in Seattle with full intention of crushing OTEL day, then perusing the subject of security applied to Cloud Native workloads the following days leading up to CTF as a professional excercise. This was happily upended by a new understanding of eBPF, which got my screens, career, workloads, and atitude a much needed upgrade with new approaches to solving workload problems.

So I made it to the eBPF party and have been attending clinic after clinic on the subject ever since, here I would like to "unbox" eBPF as a technical solution, mapped directly to what we do in practice (even if its a bit off), and step through eBPF through my experimentation on supporting InterSystems IRIS Workloads, particularly on Kubernetes, but not necessarily void on standalone workloads.

eBee Steps with eBPF and InterSystems IRIS Workloads

In our previous article, we have explored the most common Kubernetes components:

• We started with the pods and the services we needed to communicate with each other.
• Then, we examined the Ingress component used to Route traffic into the cluster.
• We also skimmed through an external configuration using ConfigMaps and Secrets.
• Afterward, we analyzed Data persistence with the help of Volumes.
• Finally, we took a quick look at pod blueprints with such replicating mechanisms as Deployments and StatefulSets (the latter is employed specifically for such stateful applications as databases).

In this article, we will explore Kubernetes architecture and configuration.

In this article, we will cover below topics:

• What is Kubernetes?
• Main Kubernetes (K8s) Components

What is Kubernetes?

Kubernetes is an open-source container orchestration framework developed by Google. In essence, it controls container speed and helps you manage applications consisting of multiple containers. Additionally, it allows you to operate them in different environments, e.g., physical machines, virtual machines, Cloud environments, or even hybrid deployment environments.

In case you're planning on deploying IRIS For Health, or any of our containerized products, via the IKO on OpenShift, I wanted to share some of the hurdles we had to overcome.

As with any IKO based installation, we first need to deploy the IKO itself. However we were getting this error:

The IKO allows for sidecars. The idea behind them is to have direct access to a specific instance of IRIS. If we have mirrored data nodes, the web gateway will (correctly) only give us access to the primary node. But perhaps we need access to a specific instance. The sidecar is the solution.

Building on the example from the previous article, we introduce the sidecar by using a mirrored data node and of course arbiter.

Hey Community,

Hit that play button and enjoy the new video on InterSystems Developers YouTube:

⏯ Can You Autoscale This? Lessons from the Field on Kubernetes @ Global Summit 2023

https://www.youtube.com/embed/AjPUDGYyNsU
[This is an embedded link, but you cannot view embedded content directly on the site because you have declined the cookies necessary to access it. To view embedded content, you would need to accept all cookies in your Cookies Settings]

Hi, I was wondering if anyone already dealt with this issue:
"System has been suspended for over X seconds, exceeding the maximum duration specified. Allowing system activity to resume. Any ongoing backup has presumably failed. Next InterSystems IRIS backup must be a full one"

our backup system "Commvault" is automatic, how do you tell it once you get this message that the next backup should be full?

thanks,

Eyal

We have solution which uses IRIS with IAM and webgateway integrated.

After integration, we notice that in the kong configuration in the kongdb upstreams are not created as listed in the kong.yml

We noticed that, IAM api calls are failing with enterprise license expired.

[kong@iam-deployment-75f485954c-ssdfv /]$ curl --location --request POST 'http://localhost:8001/services/'
{"message":"Enterprise license missing or expired"}

From Logs:

K9s is a terminal-based UI (aka kubectl clown suit), to manage Kubernetes clusters that drastically simplifies navigating, observing, and managing your applications in K8s, including Custom Resources like the InterSystems Kubernetes Operator (IKO) and ArgoCD Applications. If you are about to take your CKD, CKA, or CKS, leave k9s well enough alone for awhile as the abstraction to kubectl will become the standard for navigating the cluster and you will undoubtedly become estranged to the extended flags of kubectl and bomb the exam.