Deploying on K8S

Using Kubernetes technology provides us with some features that we recommend to use by default when deploying MetaDefender Core in a Kubernetes cluster

With Kubernetes we are able to progressively rolls out changes to our application or its configuration, while monitoring application health to ensure it doesn't kill all the instances at the same time. If something goes wrong, Kubernetes will rollback the change for us.

Kubernetes Probes

The kubernetes probes are needed to control the correct behavior of the application on this environment.

StartUp Probe (Set Up Health Check indicating min active engines & required engines)
- initialDelaySeconds= 15 (Waiting for the rest service to be up and running)
- periodSeconds = 15 ( Try every 15 seconds)
- successThreshold = 1 (Health Check setup ready)
- failureThreshold= 5 ( After 5 failures it will means that the REST service is not ready because some issue)
  - periodSeconds x failureThreshold + initialDelaySeconds = Total Time to be sure that the REST endpoints are ready

From version 5.6.1, StartUp Probe can be replaced by environment variables that configure the health check on start of the container.

Readiness Probe ( Check /readyz endpoint to know if the Health Check is OK )
- initialDelaySeconds= 150
- periodSeconds = 15
- successThreshold = 1
Liveness Probe ( Check /readyz endpoint to know if the Health Check is OK after Pod is ready)
- initialDelaySeconds= 300
- timeoutSeconds = 10
- periodSeconds = 10
- failureThreshold= 5

Scaling up Cores

Traffic won’t be sent to pods until readiness probe is successful
- Readiness probe is using health check API to check that engines are ready.
If we scale it down, older pods will be terminated

Rolling Update Strategy

Traffic wont be sent to pods until readiness probe is successful
Old version pods won’t be terminated until new pods are ready to serve traffic

See examples on how to deploy this strategy in Upgrade/Deployment Strategy on K8S

Last updated on

Was this page helpful?