Kubernetes in Action First Edition Marko Luksa

Visit https://ebookultra.com to download the full version and
explore more ebooks
Kubernetes in Action First Edition Marko Luksa
_____ Click the link below to download _____
https://ebookultra.com/download/kubernetes-in-action-
first-edition-marko-luksa/
Explore and download more ebooks at ebookultra.com

Here are some suggested products you might be interested in.
Click the link to download
Learning Android 1st Edition Marko Gargenta
https://ebookultra.com/download/learning-android-1st-edition-marko-
gargenta/
Kubernetes Operators 1st Edition Jason Dobies
https://ebookultra.com/download/kubernetes-operators-1st-edition-
jason-dobies/
Getting Started with Kubernetes 2nd Edition Jonathan Baier
https://ebookultra.com/download/getting-started-with-kubernetes-2nd-
edition-jonathan-baier/
Ultimate Certified Kubernetes Administrator CKA Rajesh
Vishnupant Gheware
https://ebookultra.com/download/ultimate-certified-kubernetes-
administrator-cka-rajesh-vishnupant-gheware/

Hadoop in Action Chuck Lam
https://ebookultra.com/download/hadoop-in-action-chuck-lam/
Hacking Kubernetes Threat Driven Analysis and Defense 1st
Edition Andrew Martin
https://ebookultra.com/download/hacking-kubernetes-threat-driven-
analysis-and-defense-1st-edition-andrew-martin/
Tuscany SCA in Action Simon Laws
https://ebookultra.com/download/tuscany-sca-in-action-simon-laws/
wxPython in Action Noel Rappin Ph.D.
https://ebookultra.com/download/wxpython-in-action-noel-rappin-ph-d/
Redis in Action Josiah L. Carlson
https://ebookultra.com/download/redis-in-action-josiah-l-carlson/

Kubernetes in Action First Edition Marko Luksa Digital
Instant Download
Author(s): Marko Luksa
ISBN(s): 9781617293726, 1617293725
Edition: First Edition
File Details: PDF, 11.80 MB
Year: 2018
Language: english

Kubernetes resources covered in the book
* Cluster-level resource (not namespaced)
** Also in other API versions; listed version is the one used in this book
(continues on inside back cover)
Resource (abbr.) [API version] Description Section
Namespace* (ns) [v1] Enables organizing resources into non-overlapping
groups (for example, per tenant)
3.7
Deploying
workloads
Pod (po) [v1] The basic deployable unit containing one or more
processes in co-located containers
3.1
ReplicaSet (rs) [apps/v1beta2**] Keeps one or more pod replicas running 4.3
ReplicationController (rc) [v1] The older, less-powerful equivalent of a
ReplicaSet
4.2
Job [batch/v1] Runs pods that perform a completable task 4.5
CronJob [batch/v1beta1] Runs a scheduled job once or periodically 4.6
DaemonSet (ds) [apps/v1beta2**] Runs one pod replica per node (on all nodes or
only on those matching a node selector)
4.4
StatefulSet (sts) [apps/v1beta1**] Runs stateful pods with a stable identity 10.2
Deployment (deploy) [apps/v1beta1**] Declarative deployment and updates of pods 9.3
Services
Service (svc) [v1] Exposes one or more pods at a single and stable
IP address and port pair
5.1
Endpoints (ep) [v1] Defines which pods (or other servers) are
exposed through a service
5.2.1
Ingress (ing) [extensions/v1beta1] Exposes one or more services to external clients
through a single externally reachable IP address
5.4
Config
ConfigMap (cm) [v1] A key-value map for storing non-sensitive config
options for apps and exposing it to them
7.4
Secret [v1] Like a ConfigMap, but for sensitive data 7.5
Storage
PersistentVolume* (pv) [v1] Points to persistent storage that can be mounted
into a pod through a PersistentVolumeClaim
6.5
PersistentVolumeClaim (pvc) [v1] A request for and claim to a PersistentVolume 6.5
StorageClass* (sc) [storage.k8s.io/v1] Defines the type of dynamically-provisioned stor-
age claimable in a PersistentVolumeClaim
6.6

Kubernetes
in Action
MARKO LUKŠA
M A N N I N G
SHELTER ISLAND

For online information and ordering of this and other Manning books, please visit
www.manning.com. The publisher offers discounts on this book when ordered in quantity.
For more information, please contact
Special Sales Department
Manning Publications Co.
20 Baldwin Road
PO Box 761
Shelter Island, NY 11964
Email: orders@manning.com
©2018 by Manning Publications Co. All rights reserved.
No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in
any form or by means electronic, mechanical, photocopying, or otherwise, without prior written
permission of the publisher.
Many of the designations used by manufacturers and sellers to distinguish their products are
claimed as trademarks. Where those designations appear in the book, and Manning
Publications was aware of a trademark claim, the designations have been printed in initial caps
or all caps.
Recognizing the importance of preserving what has been written, it is Manning’s policy to have
the books we publish printed on acid-free paper, and we exert our best efforts to that end.
Recognizing also our responsibility to conserve the resources of our planet, Manning books
are printed on paper that is at least 15 percent recycled and processed without the use of
elemental chlorine.
Manning Publications Co. Development editor: Elesha Hyde
20 Baldwin Road Review editor: Aleksandar Dragosavljević
PO Box 761 Technical development editor: Jeanne Boyarsky
Shelter Island, NY 11964 Project editor: Kevin Sullivan
Copyeditor: Katie Petito
Proofreader: Melody Dolab
Technical proofreader: Antonio Magnaghi
Illustrator: Chuck Larson
Typesetter: Dennis Dalinnik
Cover designer: Marija Tudor
ISBN: 9781617293726
Printed in the United States of America
1 2 3 4 5 6 7 8 9 10 – EBM – 22 21 20 19 18 17

To my parents,
who have always put their children’s needs above their own

vii
brief contents
PART 1 OVERVIEW
1 ■ Introducing Kubernetes 1
2 ■ First steps with Docker and Kubernetes 25
PART 2 CORE CONCEPTS
3 ■ Pods: running containers in Kubernetes 55
4 ■ Replication and other controllers: deploying
managed pods 84
5 ■ Services: enabling clients to discover and talk
to pods 120
6 ■ Volumes: attaching disk storage to containers 159
7 ■ ConfigMaps and Secrets: configuring applications 191
8 ■ Accessing pod metadata and other resources from
applications 225
9 ■ Deployments: updating applications declaratively 250
10 ■ StatefulSets: deploying replicated stateful
applications 280

BRIEF CONTENTS
viii
PART 3 BEYOND THE BASICS
11 ■ Understanding Kubernetes internals 309
12 ■ Securing the Kubernetes API server 346
13 ■ Securing cluster nodes and the network 375
14 ■ Managing pods’ computational resources 404
15 ■ Automatic scaling of pods and cluster nodes 437
16 ■ Advanced scheduling 457
17 ■ Best practices for developing apps 477
18 ■ Extending Kubernetes 508

ix
contents
preface xxi
acknowledgments xxiii
about this book xxv
about the author xxix
about the cover illustration xxx
PART 1 OVERVIEW
1 Introducing Kubernetes 1
1.1 Understanding the need for a system like Kubernetes 2
Moving from monolithic apps to microservices 3 ■ Providing a
consistent environment to applications 6 ■ Moving to continuous
delivery: DevOps and NoOps 6
1.2 Introducing container technologies 7
Understanding what containers are 8 ■ Introducing the Docker
container platform 12 ■ Introducing rkt—an alternative to Docker 15
1.3 Introducing Kubernetes 16
Understanding its origins 16 ■ Looking at Kubernetes from the
top of a mountain 16 ■ Understanding the architecture of a
Kubernetes cluster 18 ■ Running an application in Kubernetes 19
Understanding the benefits of using Kubernetes 21
1.4 Summary 23

CONTENTS
x
2 First steps with Docker and Kubernetes 25
2.1 Creating, running, and sharing a container image 26
Installing Docker and running a Hello World container 26
Creating a trivial Node.js app 28 ■ Creating a Dockerfile
for the image 29 ■ Building the container image 29
Running the container image 32 ■ Exploring the inside
of a running container 33 ■ Stopping and removing a
container 34 ■ Pushing the image to an image registry 35
2.2 Setting up a Kubernetes cluster 36
Running a local single-node Kubernetes cluster with Minikube 37
Using a hosted Kubernetes cluster with Google Kubernetes
Engine 38 ■ Setting up an alias and command-line completion
for kubectl 41
2.3 Running your first app on Kubernetes 42
Deploying your Node.js app 42 ■ Accessing your web
application 45 ■ The logical parts of your system 47
Horizontally scaling the application 48 ■ Examining what
nodes your app is running on 51 ■ Introducing the
Kubernetes dashboard 52
2.4 Summary 53
PART 2 CORE CONCEPTS
3 Pods: running containers in Kubernetes 55
3.1 Introducing pods 56
Understanding why we need pods 56 ■
Understanding pods 57
Organizing containers across pods properly 58
3.2 Creating pods from YAML or JSON descriptors 61
Examining a YAML descriptor of an existing pod 61 ■
Creating a
simple YAML descriptor for a pod 63 ■
Using kubectl create to
create the pod 65 ■
Viewing application logs 65 ■
Sending
requests to the pod 66
3.3 Organizing pods with labels 67
Introducing labels 68 ■
Specifying labels when creating a pod 69
Modifying labels of existing pods 70
3.4 Listing subsets of pods through label selectors 71
Listing pods using a label selector 71 ■ Using multiple conditions
in a label selector 72

CONTENTS xi
3.5 Using labels and selectors to constrain pod
scheduling 73
Using labels for categorizing worker nodes 74 ■
Scheduling pods to
specific nodes 74 ■
Scheduling to one specific node 75
3.6 Annotating pods 75
Looking up an object’s annotations 75 ■
Adding and modifying
annotations 76
3.7 Using namespaces to group resources 76
Understanding the need for namespaces 77 ■ Discovering other
namespaces and their pods 77 ■ Creating a namespace 78
Managing objects in other namespaces 79 ■ Understanding
the isolation provided by namespaces 79
3.8 Stopping and removing pods 80
Deleting a pod by name 80 ■
Deleting pods using label
selectors 80 ■
Deleting pods by deleting the whole
namespace 80 ■
Deleting all pods in a namespace,
while keeping the namespace 81 ■
Deleting (almost)
all resources in a namespace 82
3.9 Summary 82
4 Replication and other controllers: deploying managed pods 84
4.1 Keeping pods healthy 85
Introducing liveness probes 85 ■ Creating an HTTP-based
liveness probe 86 ■ Seeing a liveness probe in action 87
Configuring additional properties of the liveness probe 88
Creating effective liveness probes 89
4.2 Introducing ReplicationControllers 90
The operation of a ReplicationController 91 ■
Creating a
ReplicationController 93 ■
Seeing the ReplicationController
in action 94 ■
Moving pods in and out of the scope of a
ReplicationController 98 ■
Changing the pod template 101
Horizontally scaling pods 102 ■
Deleting a
ReplicationController 103
4.3 Using ReplicaSets instead of ReplicationControllers 104
Comparing a ReplicaSet to a ReplicationController 105
Defining a ReplicaSet 105 ■
Creating and examining a
ReplicaSet 106 ■
Using the ReplicaSet’s more expressive
label selectors 107 ■
Wrapping up ReplicaSets 108

CONTENTS
xii
4.4 Running exactly one pod on each node with
DaemonSets 108
Using a DaemonSet to run a pod on every node 109
Using a DaemonSet to run pods only on certain nodes 109
4.5 Running pods that perform a single completable
task 112
Introducing the Job resource 112 ■
Defining a Job resource 113
Seeing a Job run a pod 114 ■
Running multiple pod instances
in a Job 114 ■
Limiting the time allowed for a Job pod to
complete 116
4.6 Scheduling Jobs to run periodically or once
in the future 116
Creating a CronJob 116 ■
Understanding how scheduled
jobs are run 117
4.7 Summary 118
5 Services: enabling clients to discover and talk to pods 120
5.1 Introducing services 121
Creating services 122 ■
Discovering services 128
5.2 Connecting to services living outside the cluster 131
Introducing service endpoints 131 ■ Manually configuring
service endpoints 132 ■ Creating an alias for an external
service 134
5.3 Exposing services to external clients 134
Using a NodePort service 135 ■
Exposing a service through
an external load balancer 138 ■
Understanding the peculiarities
of external connections 141
5.4 Exposing services externally through an Ingress
resource 142
Creating an Ingress resource 144 ■
Accessing the service
through the Ingress 145 ■
Exposing multiple services
through the same Ingress 146 ■
Configuring Ingress to
handle TLS traffic 147
5.5 Signaling when a pod is ready to accept connections 149
Introducing readiness probes 149 ■ Adding a readiness probe
to a pod 151 ■ Understanding what real-world readiness
probes should do 153

CONTENTS xiii
5.6 Using a headless service for discovering individual
pods 154
Creating a headless service 154 ■
Discovering pods
through DNS 155 ■
Discovering all pods—even those
that aren’t ready 156
5.7 Troubleshooting services 156
5.8 Summary 157
6 Volumes: attaching disk storage to containers 159
6.1 Introducing volumes 160
Explaining volumes in an example 160 ■ Introducing available
volume types 162
6.2 Using volumes to share data between containers 163
Using an emptyDir volume 163 ■
Using a Git repository as the
starting point for a volume 166
6.3 Accessing files on the worker node’s filesystem 169
Introducing the hostPath volume 169 ■
Examining system pods
that use hostPath volumes 170
6.4 Using persistent storage 171
Using a GCE Persistent Disk in a pod volume 171 ■
Using other
types of volumes with underlying persistent storage 174
6.5 Decoupling pods from the underlying storage
technology 176
Introducing PersistentVolumes and PersistentVolumeClaims 176
Creating a PersistentVolume 177 ■
Claiming a PersistentVolume
by creating a PersistentVolumeClaim 179 ■
Using a
PersistentVolumeClaim in a pod 181 ■
Understanding the
benefits of using PersistentVolumes and claims 182 ■
Recycling
PersistentVolumes 183
6.6 Dynamic provisioning of PersistentVolumes 184
Defining the available storage types through StorageClass
resources 185 ■
Requesting the storage class in a
PersistentVolumeClaim 185 ■
Dynamic provisioning
without specifying a storage class 187
6.7 Summary 190

CONTENTS
xiv
7 ConfigMaps and Secrets: configuring applications 191
7.1 Configuring containerized applications 191
7.2 Passing command-line arguments to containers 192
Defining the command and arguments in Docker 193
Overriding the command and arguments in Kubernetes 195
7.3 Setting environment variables for a container 196
Specifying environment variables in a container definition 197
Referring to other environment variables in a variable’s value 198
Understanding the drawback of hardcoding environment
variables 198
7.4 Decoupling configuration with a ConfigMap 198
Introducing ConfigMaps 198 ■ Creating a ConfigMap 200
Passing a ConfigMap entry to a container as an environment
variable 202 ■ Passing all entries of a ConfigMap as environment
variables at once 204 ■ Passing a ConfigMap entry as a
command-line argument 204 ■ Using a configMap volume to
expose ConfigMap entries as files 205 ■ Updating an app’s config
without having to restart the app 211
7.5 Using Secrets to pass sensitive data to containers 213
Introducing Secrets 214 ■
Introducing the default token
Secret 214 ■
Creating a Secret 216 ■
Comparing ConfigMaps
and Secrets 217 ■
Using the Secret in a pod 218
Understanding image pull Secrets 222
7.6 Summary 224
8 Accessing pod metadata and other resources from
applications 225
8.1 Passing metadata through the Downward API 226
Understanding the available metadata 226 ■
Exposing metadata
through environment variables 227 ■
Passing metadata through
files in a downwardAPI volume 230
8.2 Talking to the Kubernetes API server 233
Exploring the Kubernetes REST API 234 ■ Talking to the API
server from within a pod 238 ■ Simplifying API server
communication with ambassador containers 243 ■ Using client
libraries to talk to the API server 246
8.3 Summary 249

CONTENTS xv
9 Deployments: updating applications declaratively 250
9.1 Updating applications running in pods 251
Deleting old pods and replacing them with new ones 252
Spinning up new pods and then deleting the old ones 252
9.2 Performing an automatic rolling update with a
ReplicationController 254
Running the initial version of the app 254 ■
Performing a rolling
update with kubectl 256 ■
Understanding why kubectl rolling-
update is now obsolete 260
9.3 Using Deployments for updating apps declaratively 261
Creating a Deployment 262 ■
Updating a Deployment 264
Rolling back a deployment 268 ■
Controlling the rate of the
rollout 271 ■
Pausing the rollout process 273 ■
Blocking
rollouts of bad versions 274
9.4 Summary 279
10 StatefulSets: deploying replicated stateful applications 280
10.1 Replicating stateful pods 281
Running multiple replicas with separate storage for each 281
Providing a stable identity for each pod 282
10.2 Understanding StatefulSets 284
Comparing StatefulSets with ReplicaSets 284 ■
Providing a
stable network identity 285 ■
Providing stable dedicated storage
to each stateful instance 287 ■
Understanding StatefulSet
guarantees 289
10.3 Using a StatefulSet 290
Creating the app and container image 290 ■
Deploying the app
through a StatefulSet 291 ■
Playing with your pods 295
10.4 Discovering peers in a StatefulSet 299
Implementing peer discovery through DNS 301 ■
Updating a
StatefulSet 302 ■
Trying out your clustered data store 303
10.5 Understanding how StatefulSets deal with node
failures 304
Simulating a node’s disconnection from the network 304
Deleting the pod manually 306
10.6 Summary 307

CONTENTS
xvi
PART 3 BEYOND THE BASICS
11 Understanding Kubernetes internals 309
11.1 Understanding the architecture 310
The distributed nature of Kubernetes components 310
How Kubernetes uses etcd 312 ■
What the API server does 316
Understanding how the API server notifies clients of resource
changes 318 ■
Understanding the Scheduler 319
Introducing the controllers running in the Controller Manager 321
What the Kubelet does 326 ■
The role of the Kubernetes Service
Proxy 327 ■
IntroducingKubernetesadd-ons 328 ■
Bringingit
all together 330
11.2 How controllers cooperate 330
Understanding which components are involved 330 ■
The chain
of events 331 ■
Observing cluster events 332
11.3 Understanding what a running pod is 333
11.4 Inter-pod networking 335
What the network must be like 335 ■
Diving deeper into
how networking works 336 ■ Introducing the Container
Network Interface 338
11.5 How services are implemented 338
Introducing the kube-proxy 339 ■ How kube-proxy uses iptables 339
11.6 Running highly available clusters 341
Making your apps highly available 341 ■ Making Kubernetes
Control Plane components highly available 342
11.7 Summary 345
12 Securing the Kubernetes API server 346
12.1 Understanding authentication 346
Users and groups 347 ■
Introducing ServiceAccounts 348
Creating ServiceAccounts 349 ■
Assigning a ServiceAccount
to a pod 351
12.2 Securing the cluster with role-based access control 353
Introducing the RBAC authorization plugin 353 ■
Introducing
RBAC resources 355 ■
Using Roles and RoleBindings 358
Using ClusterRoles and ClusterRoleBindings 362
Understanding default ClusterRoles and ClusterRoleBindings 371
Granting authorization permissions wisely 373
12.3 Summary 373

CONTENTS xvii
13 Securing cluster nodes and the network 375
13.1 Using the host node’s namespaces in a pod 376
Using the node’s network namespace in a pod 376 ■ Binding to
a host port without using the host’s network namespace 377
Using the node’s PID and IPC namespaces 379
13.2 Configuring the container’s security context 380
Running a container as a specific user 381 ■ Preventing a
container from running as root 382 ■ Running pods in
privileged mode 382 ■ Adding individual kernel capabilities
to a container 384 ■ Dropping capabilities from a container 385
Preventing processes from writing to the container’s filesystem 386
Sharing volumes when containers run as different users 387
13.3 Restricting the use of security-related features
in pods 389
Introducing the PodSecurityPolicy resource 389 ■
Understanding
runAsUser, fsGroup, and supplementalGroups policies 392
Configuring allowed, default, and disallowed capabilities 394
Constraining the types of volumes pods can use 395 ■
Assigning
different PodSecurityPolicies to different users and groups 396
13.4 Isolating the pod network 399
Enabling network isolation in a namespace 399 ■ Allowing
only some pods in the namespace to connect to a server pod 400
Isolating the network between Kubernetes namespaces 401
Isolating using CIDR notation 402 ■ Limiting the outbound
traffic of a set of pods 403
13.5 Summary 403
14 Managing pods’ computational resources 404
14.1 Requesting resources for a pod’s containers 405
Creating pods with resource requests 405 ■
Understanding how
resource requests affect scheduling 406 ■
Understanding how CPU
requests affect CPU time sharing 411 ■
Defining and requesting
custom resources 411
14.2 Limiting resources available to a container 412
Setting a hard limit for the amount of resources a container
can use 412 ■
Exceeding the limits 414 ■
Understanding
how apps in containers see limits 415
14.3 Understanding pod QoS classes 417
Defining the QoS class for a pod 417 ■
Understanding which
process gets killed when memory is low 420

CONTENTS
xviii
14.4 Setting default requests and limits for pods per
namespace 421
Introducing the LimitRange resource 421 ■
Creating a
LimitRange object 422 ■
Enforcing the limits 423
Applying default resource requests and limits 424
14.5 Limiting the total resources available in
a namespace 425
Introducing the ResourceQuota object 425 ■
Specifying a quota
for persistent storage 427 ■
Limiting the number of objects that can
be created 427 ■
Specifying quotas for specific pod states and/or
QoS classes 429
14.6 Monitoring pod resource usage 430
Collecting and retrieving actual resource usages 430 ■
Storing
and analyzing historical resource consumption statistics 432
14.7 Summary 435
15 Automatic scaling of pods and cluster nodes 437
15.1 Horizontal pod autoscaling 438
Understanding the autoscaling process 438 ■ Scaling based
on CPU utilization 441 ■ Scaling based on memory
consumption 448 ■ Scaling based on other and custom
metrics 448 ■ Determining which metrics are appropriate for
autoscaling 450 ■ Scaling down to zero replicas 450
15.2 Vertical pod autoscaling 451
Automatically configuring resource requests 451 ■ Modifying
resource requests while a pod is running 451
15.3 Horizontal scaling of cluster nodes 452
Introducing the Cluster Autoscaler 452 ■ Enabling the Cluster
Autoscaler 454 ■ Limiting service disruption during cluster
scale-down 454
15.4 Summary 456
16 Advanced scheduling 457
16.1 Using taints and tolerations to repel pods from certain
nodes 457
Introducing taints and tolerations 458 ■
Adding custom taints to
a node 460 ■
Adding tolerations to pods 460 ■
Understanding
what taints and tolerations can be used for 461

CONTENTS xix
16.2 Using node affinity to attract pods to certain nodes 462
Specifying hard node affinity rules 463 ■ Prioritizing nodes when
scheduling a pod 465
16.3 Co-locating pods with pod affinity and anti-affinity 468
Using inter-pod affinity to deploy pods on the same node 468
Deploying pods in the same rack, availability zone, or geographic
region 471 ■
Expressing pod affinity preferences instead of hard
requirements 472 ■
Scheduling pods away from each other with
pod anti-affinity 474
16.4 Summary 476
17 Best practices for developing apps 477
17.1 Bringing everything together 478
17.2 Understanding the pod’s lifecycle 479
Applications must expect to be killed and relocated 479
Rescheduling of dead or partially dead pods 482 ■ Starting
pods in a specific order 483 ■ Adding lifecycle hooks 485
Understanding pod shutdown 489
17.3 Ensuring all client requests are handled properly 492
Preventing broken client connections when a pod is starting up 492
Preventing broken connections during pod shut-down 493
17.4 Making your apps easy to run and manage in
Kubernetes 497
Making manageable container images 497 ■
Properly
tagging your images and using imagePullPolicy wisely 497
Using multi-dimensional instead of single-dimensional labels 498
Describing each resource through annotations 498 ■
Providing
information on why the process terminated 498 ■
Handling
application logs 500
17.5 Best practices for development and testing 502
Running apps outside of Kubernetes during development 502
Using Minikube in development 503 ■ Versioning and auto-
deploying resource manifests 504 ■ Introducing Ksonnet as an
alternative to writing YAML/JSON manifests 505 ■ Employing
Continuous Integration and Continuous Delivery (CI/CD) 506
17.6 Summary 506

CONTENTS
xx
18 Extending Kubernetes 508
18.1 Defining custom API objects 508
Introducing CustomResourceDefinitions 509 ■ Automating
custom resources with custom controllers 513 ■ Validating
custom objects 517 ■ Providing a custom API server for your
custom objects 518
18.2 Extending Kubernetes with the Kubernetes Service
Catalog 519
Introducing the Service Catalog 520 ■
Introducing the
Service Catalog API server and Controller Manager 521
Introducing Service Brokers and the OpenServiceBroker API 522
Provisioning and using a service 524 ■
Unbinding and
deprovisioning 526 ■
Understanding what the Service
Catalog brings 526
18.3 Platforms built on top of Kubernetes 527
Red Hat OpenShift Container Platform 527 ■
Deis Workflow
and Helm 530
18.4 Summary 533
appendix A Using kubectl with multiple clusters 534
appendix B Setting up a multi-node cluster with kubeadm 539
appendix C Using other container runtimes 552
appendix D Cluster Federation 556
index 561

xxi
preface
After working at Red Hat for a few years, in late 2014 I was assigned to a newly-
established team called Cloud Enablement. Our task was to bring the company’s
range of middleware products to the OpenShift Container Platform, which was then
being developed on top of Kubernetes. At that time, Kubernetes was still in its
infancy—version 1.0 hadn’t even been released yet.
Our team had to get to know the ins and outs of Kubernetes quickly to set a proper
direction for our software and take advantage of everything Kubernetes had to offer.
When faced with a problem, it was hard for us to tell if we were doing things wrong or
merely hitting one of the early Kubernetes bugs.
Both Kubernetes and my understanding of it have come a long way since then.
When I first started using it, most people hadn’t even heard of Kubernetes. Now, virtu-
ally every software engineer knows about it, and it has become one of the fastest-
growing and most-widely-adopted ways of running applications in both the cloud and
on-premises datacenters.
In my first month of dealing with Kubernetes, I wrote a two-part blog post about
how to run a JBoss WildFly application server cluster in OpenShift/Kubernetes. At the
time, I never could have imagined that a simple blog post would ultimately lead the
people at Manning to contact me about whether I would like to write a book about
Kubernetes. Of course, I couldn’t say no to such an offer, even though I was sure
they’d approached other people as well and would ultimately pick someone else.
And yet, here we are. After more than a year and a half of writing and researching,
the book is done. It’s been an awesome journey. Writing a book about a technology is

PREFACE
xxii
absolutely the best way to get to know it in much greater detail than you’d learn as just
a user. As my knowledge of Kubernetes has expanded during the process and Kuber-
netes itself has evolved, I’ve constantly gone back to previous chapters I’ve written and
added additional information. I’m a perfectionist, so I’ll never really be absolutely sat-
isfied with the book, but I’m happy to hear that a lot of readers of the Manning Early
Access Program (MEAP) have found it to be a great guide to Kubernetes.
My aim is to get the reader to understand the technology itself and teach them
how to use the tooling to effectively and efficiently develop and deploy apps to Kuber-
netes clusters. In the book, I don’t put much emphasis on how to actually set up and
maintain a proper highly available Kubernetes cluster, but the last part should give
readers a very solid understanding of what such a cluster consists of and should allow
them to easily comprehend additional resources that deal with this subject.
I hope you’ll enjoy reading it, and that it teaches you how to get the most out of
the awesome system that is Kubernetes.

xxiii
acknowledgments
Before I started writing this book, I had no clue how many people would be involved
in bringing it from a rough manuscript to a published piece of work. This means
there are a lot of people to thank.
First, I’d like to thank Erin Twohey for approaching me about writing this book,
and Michael Stephens from Manning, who had full confidence in my ability to write it
from day one. His words of encouragement early on really motivated me and kept me
motivated throughout the last year and a half.
I would also like to thank my initial development editor Andrew Warren, who
helped me get my first chapter out the door, and Elesha Hyde, who took over from
Andrew and worked with me all the way to the last chapter. Thank you for bearing
with me, even though I’m a difficult person to deal with, as I tend to drop off the
radar fairly regularly.
I would also like to thank Jeanne Boyarsky, who was the first reviewer to read and
comment on my chapters while I was writing them. Jeanne and Elesha were instrumen-
tal in making the book as nice as it hopefully is. Without their comments, the book
could never have received such good reviews from external reviewers and readers.
I’d like to thank my technical proofreader, Antonio Magnaghi, and of course all
my external reviewers: Al Krinker, Alessandro Campeis, Alexander Myltsev, Csaba Sari,
David DiMaria, Elias Rangel, Erisk Zelenka, Fabrizio Cucci, Jared Duncan, Keith
Donaldson, Michael Bright, Paolo Antinori, Peter Perlepes, and Tiklu Ganguly. Their
positive comments kept me going at times when I worried my writing was utterly awful
and completely useless. On the other hand, their constructive criticism helped improve

ACKNOWLEDGMENTS
xxiv
sections that I’d quickly thrown together without enough effort. Thank you for point-
ing out the hard-to-understand sections and suggesting ways of improving the book.
Also, thank you for asking the right questions, which made me realize I was wrong
about two or three things in the initial versions of the manuscript.
I also need to thank readers who bought the early version of the book through
Manning’s MEAP program and voiced their comments in the online forum or reached
out to me directly—especially Vimal Kansal, Paolo Patierno, and Roland Huß, who
noticed quite a few inconsistencies and other mistakes. And I would like to thank
everyone at Manning who has been involved in getting this book published. Before I
finish, I also need to thank my colleague and high school friend Aleš Justin, who
brought me to Red Hat, and my wonderful colleagues from the Cloud Enablement
team. If I hadn’t been at Red Hat or in the team, I wouldn’t have been the one to write
this book.
Lastly, I would like to thank my wife and my son, who were way too understanding
and supportive over the last 18 months, while I was locked in my office instead of
spending time with them.
Thank you all!

xxv
about this book
Kubernetes in Action aims to make you a proficient user of Kubernetes. It teaches you
virtually all the concepts you need to understand to effectively develop and run appli-
cations in a Kubernetes environment.
Before diving into Kubernetes, the book gives an overview of container technolo-
gies like Docker, including how to build containers, so that even readers who haven’t
used these technologies before can get up and running. It then slowly guides you
through most of what you need to know about Kubernetes—from basic concepts to
things hidden below the surface.
Who should read this book
The book focuses primarily on application developers, but it also provides an overview
of managing applications from the operational perspective. It’s meant for anyone
interested in running and managing containerized applications on more than just a
single server.
Both beginner and advanced software engineers who want to learn about con-
tainer technologies and orchestrating multiple related containers at scale will gain the
expertise necessary to develop, containerize, and run their applications in a Kuberne-
tes environment.
No previous exposure to either container technologies or Kubernetes is required.
The book explains the subject matter in a progressively detailed manner, and doesn’t
use any application source code that would be too hard for non-expert developers to
understand.

ABOUT THIS BOOK
xxvi
Readers, however, should have at least a basic knowledge of programming, com-
puter networking, and running basic commands in Linux, and an understanding of
well-known computer protocols like HTTP.
How this book is organized: a roadmap
This book has three parts that cover 18 chapters.
Part 1 gives a short introduction to Docker and Kubernetes, how to set up a Kuber-
netes cluster, and how to run a simple application in it. It contains two chapters:
■ Chapter 1 explains what Kubernetes is, how it came to be, and how it helps to
solve today’s problems of managing applications at scale.
■ Chapter 2 is a hands-on tutorial on how to build a container image and run it in
a Kubernetes cluster. It also explains how to run a local single-node Kubernetes
cluster and a proper multi-node cluster in the cloud.
Part 2 introduces the key concepts you must understand to run applications in Kuber-
netes. The chapters are as follows:
■ Chapter 3 introduces the fundamental building block in Kubernetes—the pod—
and explains how to organize pods and other Kubernetes objects through labels.
■ Chapter 4 teaches you how Kubernetes keeps applications healthy by automati-
cally restarting containers. It also shows how to properly run managed pods,
horizontally scale them, make them resistant to failures of cluster nodes, and
run them at a predefined time in the future or periodically.
■ Chapter 5 shows how pods can expose the service they provide to clients run-
ning both inside and outside the cluster. It also shows how pods running in the
cluster can discover and access services, regardless of whether they live in or out
of the cluster.
■ Chapter 6 explains how multiple containers running in the same pod can share
files and how you can manage persistent storage and make it accessible to pods.
■ Chapter 7 shows how to pass configuration data and sensitive information like
credentials to apps running inside pods.
■ Chapter 8 describes how applications can get information about the Kuberne-
tes environment they’re running in and how they can talk to Kubernetes to
alter the state of the cluster.
■ Chapter 9 introduces the concept of a Deployment and explains the proper way
of running and updating applications in a Kubernetes environment.
■ Chapter 10 introduces a dedicated way of running stateful applications, which
usually require a stable identity and state.
Part 3 dives deep into the internals of a Kubernetes cluster, introduces some addi-
tional concepts, and reviews everything you’ve learned in the first two parts from a
higher perspective. This is the last group of chapters:
■ Chapter 11 goes beneath the surface of Kubernetes and explains all the compo-
nents that make up a Kubernetes cluster and what each of them does. It also

ABOUT THIS BOOK xxvii
explains how pods communicate through the network and how services per-
form load balancing across multiple pods.
■ Chapter 12 explains how to secure your Kubernetes API server, and by exten-
sion the cluster, using authentication and authorization.
■ Chapter 13 teaches you how pods can access the node’s resources and how a
cluster administrator can prevent pods from doing that.
■ Chapter 14 dives into constraining the computational resources each applica-
tion is allowed to consume, configuring the applications’ Quality of Service
guarantees, and monitoring the resource usage of individual applications. It
also teaches you how to prevent users from consuming too many resources.
■ Chapter 15 discusses how Kubernetes can be configured to automatically scale
the number of running replicas of your application, and how it can also increase
the size of your cluster when your current number of cluster nodes can’t accept
any additional applications.
■ Chapter 16 shows how to ensure pods are scheduled only to certain nodes or
how to prevent them from being scheduled to others. It also shows how to make
sure pods are scheduled together or how to prevent that from happening.
■ Chapter 17 teaches you how you should develop your applications to make them
good citizens of your cluster. It also gives you a few pointers on how to set up your
development and testing workflows to reduce friction during development.
■ Chapter 18 shows you how you can extend Kubernetes with your own custom
objects and how others have done it and created enterprise-class application
platforms.
As you progress through these chapters, you’ll not only learn about the individual
Kubernetes building blocks, but also progressively improve your knowledge of using
the kubectl command-line tool.
About the code
While this book doesn’t contain a lot of actual source code, it does contain a lot of
manifests of Kubernetes resources in YAML format and shell commands along with
their outputs. All of this is formatted in a fixed-width font like this to separate it
from ordinary text.
Shell commands are mostly in bold, to clearly separate them from their output, but
sometimes only the most important parts of the command or parts of the command’s
output are in bold for emphasis. In most cases, the command output has been reformat-
ted to make it fit into the limited space in the book. Also, because the Kubernetes CLI
tool kubectl is constantly evolving, newer versions may print out more information
than what’s shown in the book. Don’t be confused if they don’t match exactly.
Listings sometimes include a line-continuation marker (➥) to show that a line of
text wraps to the next line. They also include annotations, which highlight and explain
the most important parts.

ABOUT THIS BOOK
xxviii
Within text paragraphs, some very common elements such as Pod, Replication-
Controller, ReplicaSet, DaemonSet, and so forth are set in regular font to avoid over-
proliferation of code font and help readability. In some places, “Pod” is capitalized
to refer to the Pod resource, and lowercased to refer to the actual group of running
containers.
All the samples in the book have been tested with Kubernetes version 1.8 running
in Google Kubernetes Engine and in a local cluster run with Minikube. The complete
source code and YAML manifests can be found at https:/
/github.com/luksa/kubernetes-
in-action or downloaded from the publisher’s website at www.manning.com/books/
kubernetes-in-action.
Book forum
Purchase of Kubernetes in Action includes free access to a private web forum run by
Manning Publications where you can make comments about the book, ask technical
questions, and receive help from the author and from other users. To access the
forum, go to https:/
/forums.manning.com/forums/kubernetes-in-action. You can also
learn more about Manning’s forums and the rules of conduct at https:/
/forums
.manning.com/forums/about.
Manning’s commitment to our readers is to provide a venue where a meaningful
dialogue between individual readers and between readers and the author can take
place. It is not a commitment to any specific amount of participation on the part of
the author, whose contribution to the forum remains voluntary (and unpaid). We sug-
gest you try asking the author some challenging questions lest his interest stray! The
forum and the archives of previous discussions will be accessible from the publisher’s
website as long as the book is in print.
Other online resources
You can find a wide range of additional Kubernetes resources at the following locations:
■ The Kubernetes website at https:/
/kubernetes.io
■ The Kubernetes Blog, which regularly posts interesting info (http:/
/blog.kuber-
netes.io)
■ The Kubernetes community’s Slack channel at http:/
/slack.k8s.io
■ The Kubernetes and Cloud Native Computing Foundation’s YouTube channels:
– https:/
/www.youtube.com/channel/UCZ2bu0qutTOM0tHYa_jkIwg
– https:/
/www.youtube.com/channel/UCvqbFHwN-nwalWPjPUKpvTA
To gain a deeper understanding of individual topics or even to help contribute to
Kubernetes, you can also check out any of the Kubernetes Special Interest Groups (SIGs)
at https:/
/github.com/kubernetes/kubernetes/wiki/Special-Interest-Groups-(SIGs).
And, finally, as Kubernetes is open source, there’s a wealth of information available
in the Kubernetes source code itself. You’ll find it at https:/
/github.com/kubernetes/
kubernetes and related repositories.

xxix
about the author
Marko Lukša is a software engineer with more than 20 years of
professional experience developing everything from simple
web applications to full ERP systems, frameworks, and middle-
ware software. He took his first steps in programming back in
1985, at the age of six, on a second-hand ZX Spectrum com-
puter his father had bought for him. In primary school, he was
the national champion in the Logo programming competition
and attended summer coding camps, where he learned to pro-
gram in Pascal. Since then, he has developed software in a
wide range of programming languages.
In high school, he started building dynamic websites when
the web was still relatively young. He then moved on to developing software for the
healthcare and telecommunications industries at a local company, while studying
computer science at the University of Ljubljana, Slovenia. Eventually, he ended up
working for Red Hat, initially developing an open source implementation of the Goo-
gle App Engine API, which utilized Red Hat’s JBoss middleware products underneath.
He also worked in or contributed to projects like CDI/Weld, Infinispan/JBoss Data-
Grid, and others.
Since late 2014, he has been part of Red Hat’s Cloud Enablement team, where his
responsibilities include staying up-to-date on new developments in Kubernetes and
related technologies and ensuring the company’s middleware software utilizes the fea-
tures of Kubernetes and OpenShift to their full potential.

xxx
about the cover illustration
The figure on the cover of Kubernetes in Action is a “Member of the Divan,” the Turkish
Council of State or governing body. The illustration is taken from a collection of cos-
tumes of the Ottoman Empire published on January 1, 1802, by William Miller of Old
Bond Street, London. The title page is missing from the collection and we have been
unable to track it down to date. The book’s table of contents identifies the figures in
both English and French, and each illustration bears the names of two artists who
worked on it, both of whom would no doubt be surprised to find their art gracing the
front cover of a computer programming book ... 200 years later.
The collection was purchased by a Manning editor at an antiquarian flea market in
the “Garage” on West 26th Street in Manhattan. The seller was an American based in
Ankara, Turkey, and the transaction took place just as he was packing up his stand for
the day. The Manning editor didn’t have on his person the substantial amount of cash
that was required for the purchase, and a credit card and check were both politely
turned down. With the seller flying back to Ankara that evening, the situation was get-
ting hopeless. What was the solution? It turned out to be nothing more than an old-
fashioned verbal agreement sealed with a handshake. The seller proposed that the
money be transferred to him by wire, and the editor walked out with the bank infor-
mation on a piece of paper and the portfolio of images under his arm. Needless to say,
we transferred the funds the next day, and we remain grateful and impressed by this
unknown person’s trust in one of us. It recalls something that might have happened a
long time ago. We at Manning celebrate the inventiveness, the initiative, and, yes, the
fun of the computer business with book covers based on the rich diversity of regional
life of two centuries ago‚ brought back to life by the pictures from this collection.

1
Introducing Kubernetes
Years ago, most software applications were big monoliths, running either as a single
process or as a small number of processes spread across a handful of servers. These
legacy systems are still widespread today. They have slow release cycles and are
updated relatively infrequently. At the end of every release cycle, developers pack-
age up the whole system and hand it over to the ops team, who then deploys and
monitors it. In case of hardware failures, the ops team manually migrates it to the
remaining healthy servers.
Today, these big monolithic legacy applications are slowly being broken down
into smaller, independently running components called microservices. Because
This chapter covers
 Understanding how software development and
deployment has changed over recent years
 Isolating applications and reducing environment
differences using containers
 Understanding how containers and Docker are
used by Kubernetes
 Making developers’ and sysadmins’ jobs easier
with Kubernetes

2 CHAPTER 1 Introducing Kubernetes
microservices are decoupled from each other, they can be developed, deployed, updated,
and scaled individually. This enables you to change components quickly and as often as
necessary to keep up with today’s rapidly changing business requirements.
But with bigger numbers of deployable components and increasingly larger data-
centers, it becomes increasingly difficult to configure, manage, and keep the whole
system running smoothly. It’s much harder to figure out where to put each of those
components to achieve high resource utilization and thereby keep the hardware costs
down. Doing all this manually is hard work. We need automation, which includes
automatic scheduling of those components to our servers, automatic configuration,
supervision, and failure-handling. This is where Kubernetes comes in.
Kubernetes enables developers to deploy their applications themselves and as
often as they want, without requiring any assistance from the operations (ops) team.
But Kubernetes doesn’t benefit only developers. It also helps the ops team by automat-
ically monitoring and rescheduling those apps in the event of a hardware failure. The
focus for system administrators (sysadmins) shifts from supervising individual apps to
mostly supervising and managing Kubernetes and the rest of the infrastructure, while
Kubernetes itself takes care of the apps.
NOTE Kubernetes is Greek for pilot or helmsman (the person holding the
ship’s steering wheel). People pronounce Kubernetes in a few different ways.
Many pronounce it as Koo-ber-nay-tace, while others pronounce it more like
Koo-ber-netties. No matter which form you use, people will understand what
you mean.
Kubernetes abstracts away the hardware infrastructure and exposes your whole data-
center as a single enormous computational resource. It allows you to deploy and run
your software components without having to know about the actual servers under-
neath. When deploying a multi-component application through Kubernetes, it selects
a server for each component, deploys it, and enables it to easily find and communi-
cate with all the other components of your application.
This makes Kubernetes great for most on-premises datacenters, but where it starts
to shine is when it’s used in the largest datacenters, such as the ones built and oper-
ated by cloud providers. Kubernetes allows them to offer developers a simple platform
for deploying and running any type of application, while not requiring the cloud pro-
vider’s own sysadmins to know anything about the tens of thousands of apps running
on their hardware.
With more and more big companies accepting the Kubernetes model as the best
way to run apps, it’s becoming the standard way of running distributed apps both in
the cloud, as well as on local on-premises infrastructure.
1.1 Understanding the need for a system like Kubernetes
Before you start getting to know Kubernetes in detail, let’s take a quick look at how
the development and deployment of applications has changed in recent years. This
change is both a consequence of splitting big monolithic apps into smaller microservices

3
Understanding the need for a system like Kubernetes
and of the changes in the infrastructure that runs those apps. Understanding these
changes will help you better see the benefits of using Kubernetes and container tech-
nologies such as Docker.
1.1.1 Moving from monolithic apps to microservices
Monolithic applications consist of components that are all tightly coupled together and
have to be developed, deployed, and managed as one entity, because they all run as a sin-
gle OS process. Changes to one part of the application require a redeployment of the
whole application, and over time the lack of hard boundaries between the parts results
in the increase of complexity and consequential deterioration of the quality of the whole
system because of the unconstrained growth of inter-dependencies between these parts.
Running a monolithic application usually requires a small number of powerful
servers that can provide enough resources for running the application. To deal with
increasing loads on the system, you then either have to vertically scale the servers (also
known as scaling up) by adding more CPUs, memory, and other server components,
or scale the whole system horizontally, by setting up additional servers and running
multiple copies (or replicas) of an application (scaling out). While scaling up usually
doesn’t require any changes to the app, it gets expensive relatively quickly and in prac-
tice always has an upper limit. Scaling out, on the other hand, is relatively cheap hard-
ware-wise, but may require big changes in the application code and isn’t always
possible—certain parts of an application are extremely hard or next to impossible to
scale horizontally (relational databases, for example). If any part of a monolithic
application isn’t scalable, the whole application becomes unscalable, unless you can
split up the monolith somehow.
SPLITTING APPS INTO MICROSERVICES
These and other problems have forced us to start splitting complex monolithic appli-
cations into smaller independently deployable components called microservices. Each
microservice runs as an independent process (see figure 1.1) and communicates with
other microservices through simple, well-defined interfaces (APIs).
Server 1
Monolithic application
Single process
Server 1
Process 1.1
Process 1.2
Microservices-based application
Server 2
Process 2.1
Process 2.2
Figure 1.1 Components inside a monolithic application vs. standalone microservices

Microservices communicate through synchronous protocols such as HTTP, over which
they usually expose RESTful (REpresentational State Transfer) APIs, or through asyn-
chronous protocols such as AMQP (Advanced Message Queueing Protocol). These
protocols are simple, well understood by most developers, and not tied to any specific
programming language. Each microservice can be written in the language that’s most
appropriate for implementing that specific microservice.
Because each microservice is a standalone process with a relatively static external
API, it’s possible to develop and deploy each microservice separately. A change to one
of them doesn’t require changes or redeployment of any other service, provided that
the API doesn’t change or changes only in a backward-compatible way.
SCALING MICROSERVICES
Scaling microservices, unlike monolithic systems, where you need to scale the system as
a whole, is done on a per-service basis, which means you have the option of scaling only
those services that require more resources, while leaving others at their original scale.
Figure 1.2 shows an example. Certain components are replicated and run as multiple
processes deployed on different servers, while others run as a single application process.
When a monolithic application can’t be scaled out because one of its parts is unscal-
able, splitting the app into microservices allows you to horizontally scale the parts that
allow scaling out, and scale the parts that don’t, vertically instead of horizontally.
Server 1
Process 1.1
Process 1.2
Process 1.3
Server 2
Process 2.1
Process 2.2
Server 3
Process 3.1
Process 3.2
Process 3.3
Server 4
Process 4.1
Process 4.2
Process 2.3
Single instance
(possibly not scalable)
Three instances of
the same component
Figure 1.2 Each microservice can be scaled individually.

5
Understanding the need for a system like Kubernetes
DEPLOYING MICROSERVICES
As always, microservices also have drawbacks. When your system consists of only a
small number of deployable components, managing those components is easy. It’s
trivial to decide where to deploy each component, because there aren’t that many
choices. When the number of those components increases, deployment-related deci-
sions become increasingly difficult because not only does the number of deployment
combinations increase, but the number of inter-dependencies between the compo-
nents increases by an even greater factor.
Microservices perform their work together as a team, so they need to find and talk
to each other. When deploying them, someone or something needs to configure all of
them properly to enable them to work together as a single system. With increasing
numbers of microservices, this becomes tedious and error-prone, especially when you
consider what the ops/sysadmin teams need to do when a server fails.
Microservices also bring other problems, such as making it hard to debug and trace
execution calls, because they span multiple processes and machines. Luckily, these
problems are now being addressed with distributed tracing systems such as Zipkin.
UNDERSTANDING THE DIVERGENCE OF ENVIRONMENT REQUIREMENTS
As I’ve already mentioned, components in a microservices architecture aren’t only
deployed independently, but are also developed that way. Because of their indepen-
dence and the fact that it’s common to have separate teams developing each compo-
nent, nothing impedes each team from using different libraries and replacing them
whenever the need arises. The divergence of dependencies between application com-
ponents, like the one shown in figure 1.3, where applications require different ver-
sions of the same libraries, is inevitable.
Server running a monolithic app
Monolithic app
Library B
v2.4
Library C
v1.1
Library A
v1.0
Library Y
v3.2
Library X
v1.4
Server running multiple apps
Library B
v2.4
Library C
v1.1
Library C
v2.0
Library A
v1.0
Library A
v2.2
Library Y
v4.0
Library Y
v3.2
Library X
v2.3
Library X
v1.4
App 1 App 2 App 3 App 4
Requires libraries
Requires libraries
Figure 1.3 Multiple applications running on the same host may have conflicting dependencies.

Deploying dynamically linked applications that require different versions of shared
libraries, and/or require other environment specifics, can quickly become a night-
mare for the ops team who deploys and manages them on production servers. The
bigger the number of components you need to deploy on the same host, the harder it
will be to manage all their dependencies to satisfy all their requirements.
1.1.2 Providing a consistent environment to applications
Regardless of how many individual components you’re developing and deploying,
one of the biggest problems that developers and operations teams always have to deal
with is the differences in the environments they run their apps in. Not only is there a
huge difference between development and production environments, differences
even exist between individual production machines. Another unavoidable fact is that
the environment of a single production machine will change over time.
These differences range from hardware to the operating system to the libraries
that are available on each machine. Production environments are managed by the
operations team, while developers often take care of their development laptops on
their own. The difference is how much these two groups of people know about sys-
tem administration, and this understandably leads to relatively big differences
between those two systems, not to mention that system administrators give much more
emphasis on keeping the system up to date with the latest security patches, while a lot
of developers don’t care about that as much.
Also, production systems can run applications from multiple developers or devel-
opment teams, which isn’t necessarily true for developers’ computers. A production
system must provide the proper environment to all applications it hosts, even though
they may require different, even conflicting, versions of libraries.
To reduce the number of problems that only show up in production, it would be
ideal if applications could run in the exact same environment during development
and in production so they have the exact same operating system, libraries, system con-
figuration, networking environment, and everything else. You also don’t want this
environment to change too much over time, if at all. Also, if possible, you want the
ability to add applications to the same server without affecting any of the existing
applications on that server.
1.1.3 Moving to continuous delivery: DevOps and NoOps
In the last few years, we’ve also seen a shift in the whole application development pro-
cess and how applications are taken care of in production. In the past, the develop-
ment team’s job was to create the application and hand it off to the operations team,
who then deployed it, tended to it, and kept it running. But now, organizations are
realizing it’s better to have the same team that develops the application also take part
in deploying it and taking care of it over its whole lifetime. This means the developer,
QA, and operations teams now need to collaborate throughout the whole process.
This practice is called DevOps.

7
Introducing container technologies
UNDERSTANDING THE BENEFITS
Having the developers more involved in running the application in production leads
to them having a better understanding of both the users’ needs and issues and the
problems faced by the ops team while maintaining the app. Application developers
are now also much more inclined to give users the app earlier and then use their feed-
back to steer further development of the app.
To release newer versions of applications more often, you need to streamline the
deployment process. Ideally, you want developers to deploy the applications them-
selves without having to wait for the ops people. But deploying an application often
requires an understanding of the underlying infrastructure and the organization of
the hardware in the datacenter. Developers don’t always know those details and, most
of the time, don’t even want to know about them.
LETTING DEVELOPERS AND SYSADMINS DO WHAT THEY DO BEST
Even though developers and system administrators both work toward achieving the
same goal of running a successful software application as a service to its customers, they
have different individual goals and motivating factors. Developers love creating new fea-
tures and improving the user experience. They don’t normally want to be the ones mak-
ing sure that the underlying operating system is up to date with all the security patches
and things like that. They prefer to leave that up to the system administrators.
The ops team is in charge of the production deployments and the hardware infra-
structure they run on. They care about system security, utilization, and other aspects
that aren’t a high priority for developers. The ops people don’t want to deal with the
implicit interdependencies of all the application components and don’t want to think
about how changes to either the underlying operating system or the infrastructure
can affect the operation of the application as a whole, but they must.
Ideally, you want the developers to deploy applications themselves without know-
ing anything about the hardware infrastructure and without dealing with the ops
team. This is referred to as NoOps. Obviously, you still need someone to take care of
the hardware infrastructure, but ideally, without having to deal with peculiarities of
each application running on it.
As you’ll see, Kubernetes enables us to achieve all of this. By abstracting away the
actual hardware and exposing it as a single platform for deploying and running apps,
it allows developers to configure and deploy their applications without any help from
the sysadmins and allows the sysadmins to focus on keeping the underlying infrastruc-
ture up and running, while not having to know anything about the actual applications
running on top of it.
1.2 Introducing container technologies
In section 1.1 I presented a non-comprehensive list of problems facing today’s devel-
opment and ops teams. While you have many ways of dealing with them, this book will
focus on how they’re solved with Kubernetes.

Kubernetes uses Linux container technologies to provide isolation of running
applications, so before we dig into Kubernetes itself, you need to become familiar
with the basics of containers to understand what Kubernetes does itself, and what it
offloads to container technologies like Docker or rkt (pronounced “rock-it”).
1.2.1 Understanding what containers are
In section 1.1.1 we saw how different software components running on the same
machine will require different, possibly conflicting, versions of dependent libraries or
have other different environment requirements in general.
When an application is composed of only smaller numbers of large components,
it’s completely acceptable to give a dedicated Virtual Machine (VM) to each compo-
nent and isolate their environments by providing each of them with their own operat-
ing system instance. But when these components start getting smaller and their
numbers start to grow, you can’t give each of them their own VM if you don’t want to
waste hardware resources and keep your hardware costs down. But it’s not only about
wasting hardware resources. Because each VM usually needs to be configured and
managed individually, rising numbers of VMs also lead to wasting human resources,
because they increase the system administrators’ workload considerably.
ISOLATING COMPONENTS WITH LINUX CONTAINER TECHNOLOGIES
Instead of using virtual machines to isolate the environments of each microservice (or
software processes in general), developers are turning to Linux container technolo-
gies. They allow you to run multiple services on the same host machine, while not only
exposing a different environment to each of them, but also isolating them from each
other, similarly to VMs, but with much less overhead.
A process running in a container runs inside the host’s operating system, like all
the other processes (unlike VMs, where processes run in separate operating sys-
tems). But the process in the container is still isolated from other processes. To the
process itself, it looks like it’s the only one running on the machine and in its oper-
ating system.
COMPARING VIRTUAL MACHINES TO CONTAINERS
Compared to VMs, containers are much more lightweight, which allows you to run
higher numbers of software components on the same hardware, mainly because each
VM needs to run its own set of system processes, which requires additional compute
resources in addition to those consumed by the component’s own process. A con-
tainer, on the other hand, is nothing more than a single isolated process running in
the host OS, consuming only the resources that the app consumes and without the
overhead of any additional processes.
Because of the overhead of VMs, you often end up grouping multiple applications
into each VM because you don’t have enough resources to dedicate a whole VM to
each app. When using containers, you can (and should) have one container for each

9
application, as shown in figure 1.4. The end-result is that you can fit many more appli-
cations on the same bare-metal machine.
When you run three VMs on a host, you have three completely separate operating sys-
tems running on and sharing the same bare-metal hardware. Underneath those VMs
is the host’s OS and a hypervisor, which divides the physical hardware resources into
smaller sets of virtual resources that can be used by the operating system inside each
VM. Applications running inside those VMs perform system calls to the guest OS’ ker-
nel in the VM, and the kernel then performs x86 instructions on the host’s physical
CPU through the hypervisor.
NOTE Two types of hypervisors exist. Type 1 hypervisors don’t use a host OS,
while Type 2 do.
Containers, on the other hand, all perform system calls on the exact same kernel run-
ning in the host OS. This single kernel is the only one performing x86 instructions on
the host’s CPU. The CPU doesn’t need to do any kind of virtualization the way it does
with VMs (see figure 1.5).
The main benefit of virtual machines is the full isolation they provide, because
each VM runs its own Linux kernel, while containers all call out to the same kernel,
which can clearly pose a security risk. If you have a limited amount of hardware
resources, VMs may only be an option when you have a small number of processes that
Apps running in three VMs
(on a single machine)
Bare-metal machine
VM 1 VM 2 VM 3
App A
App B
App C
App D
App E
App F
Guest OS Guest OS Guest OS
Bare-metal machine
Host OS
Hypervisor
Apps running in
isolated containers
Container 1 Container 2 Container 3
App A App B App C
App D App E App F
App ... App ... App ...
Host OS
Figure 1.4 Using VMs to isolate groups of applications vs. isolating individual apps with containers

you want to isolate. To run greater numbers of isolated processes on the same
machine, containers are a much better choice because of their low overhead. Remem-
ber, each VM runs its own set of system services, while containers don’t, because they
all run in the same OS. That also means that to run a container, nothing needs to be
booted up, as is the case in VMs. A process run in a container starts up immediately.
Apps running in multiple VMs
VM 1
App
A
App
B
Kernel
Virtual CPU
Hypervisor
Physical CPU
Kernel
Physical CPU
VM 2
App
D
Kernel
Virtual CPU
App
C
App
E
VM 3
App
F
Kernel
Virtual CPU
Apps running in isolated containers
Container
A
Container
B
Container
C
Container
D
Container
E
Container
F
App
A
App
B
App
D
App
E
App
F
App
C
Figure 1.5 The difference between
how apps in VMs use the CPU vs. how
they use them in containers

11
INTRODUCING THE MECHANISMS THAT MAKE CONTAINER ISOLATION POSSIBLE
By this point, you’re probably wondering how exactly containers can isolate processes
if they’re running on the same operating system. Two mechanisms make this possible.
The first one, Linux Namespaces, makes sure each process sees its own personal view of
the system (files, processes, network interfaces, hostname, and so on). The second
one is Linux Control Groups (cgroups), which limit the amount of resources the process
can consume (CPU, memory, network bandwidth, and so on).
ISOLATING PROCESSES WITH LINUX NAMESPACES
By default, each Linux system initially has one single namespace. All system resources,
such as filesystems, process IDs, user IDs, network interfaces, and others, belong to the
single namespace. But you can create additional namespaces and organize resources
across them. When running a process, you run it inside one of those namespaces. The
process will only see resources that are inside the same namespace. Well, multiple
kinds of namespaces exist, so a process doesn’t belong to one namespace, but to one
namespace of each kind.
The following kinds of namespaces exist:
 Mount (mnt)
 Process ID (pid)
 Network (net)
 Inter-process communication (ipc)
 UTS
 User ID (user)
Each namespace kind is used to isolate a certain group of resources. For example, the
UTS namespace determines what hostname and domain name the process running
inside that namespace sees. By assigning two different UTS namespaces to a pair of
processes, you can make them see different local hostnames. In other words, to the
two processes, it will appear as though they are running on two different machines (at
least as far as the hostname is concerned).
Likewise, what Network namespace a process belongs to determines which net-
work interfaces the application running inside the process sees. Each network inter-
face belongs to exactly one namespace, but can be moved from one namespace to
another. Each container uses its own Network namespace, and therefore each con-
tainer sees its own set of network interfaces.
This should give you a basic idea of how namespaces are used to isolate applica-
tions running in containers from each other.
LIMITING RESOURCES AVAILABLE TO A PROCESS
The other half of container isolation deals with limiting the amount of system
resources a container can consume. This is achieved with cgroups, a Linux kernel fea-
ture that limits the resource usage of a process (or a group of processes). A process
can’t use more than the configured amount of CPU, memory, network bandwidth,

and so on. This way, processes cannot hog resources reserved for other processes,
which is similar to when each process runs on a separate machine.
1.2.2 Introducing the Docker container platform
While container technologies have been around for a long time, they’ve become
more widely known with the rise of the Docker container platform. Docker was the
first container system that made containers easily portable across different machines.
It simplified the process of packaging up not only the application but also all its
libraries and other dependencies, even the whole OS file system, into a simple, por-
table package that can be used to provision the application to any other machine
running Docker.
When you run an application packaged with Docker, it sees the exact filesystem
contents that you’ve bundled with it. It sees the same files whether it’s running on
your development machine or a production machine, even if it the production server
is running a completely different Linux OS. The application won’t see anything from
the server it’s running on, so it doesn’t matter if the server has a completely different
set of installed libraries compared to your development machine.
For example, if you’ve packaged up your application with the files of the whole
Red Hat Enterprise Linux (RHEL) operating system, the application will believe it’s
running inside RHEL, both when you run it on your development computer that runs
Fedora and when you run it on a server running Debian or some other Linux distribu-
tion. Only the kernel may be different.
This is similar to creating a VM image by installing an operating system into a VM,
installing the app inside it, and then distributing the whole VM image around and
running it. Docker achieves the same effect, but instead of using VMs to achieve app
isolation, it uses Linux container technologies mentioned in the previous section to
provide (almost) the same level of isolation that VMs do. Instead of using big mono-
lithic VM images, it uses container images, which are usually smaller.
A big difference between Docker-based container images and VM images is that
container images are composed of layers, which can be shared and reused across mul-
tiple images. This means only certain layers of an image need to be downloaded if the
other layers were already downloaded previously when running a different container
image that also contains the same layers.
UNDERSTANDING DOCKER CONCEPTS
Docker is a platform for packaging, distributing, and running applications. As we’ve
already stated, it allows you to package your application together with its whole envi-
ronment. This can be either a few libraries that the app requires or even all the files
that are usually available on the filesystem of an installed operating system. Docker
makes it possible to transfer this package to a central repository from which it can
then be transferred to any computer running Docker and executed there (for the
most part, but not always, as we’ll soon explain).

13
Three main concepts in Docker comprise this scenario:
 Images—A Docker-based container image is something you package your appli-
cation and its environment into. It contains the filesystem that will be available
to the application and other metadata, such as the path to the executable that
should be executed when the image is run.
 Registries—A Docker Registry is a repository that stores your Docker images and
facilitates easy sharing of those images between different people and comput-
ers. When you build your image, you can either run it on the computer you’ve
built it on, or you can push (upload) the image to a registry and then pull
(download) it on another computer and run it there. Certain registries are pub-
lic, allowing anyone to pull images from it, while others are private, only accessi-
ble to certain people or machines.
 Containers—A Docker-based container is a regular Linux container created from
a Docker-based container image. A running container is a process running on
the host running Docker, but it’s completely isolated from both the host and all
other processes running on it. The process is also resource-constrained, mean-
ing it can only access and use the amount of resources (CPU, RAM, and so on)
that are allocated to it.
BUILDING, DISTRIBUTING, AND RUNNING A DOCKER IMAGE
Figure 1.6 shows all three concepts and how they relate to each other. The developer
first builds an image and then pushes it to a registry. The image is thus available to
anyone who can access the registry. They can then pull the image to any other
machine running Docker and run the image. Docker creates an isolated container
based on the image and runs the binary executable specified as part of the image.
Docker
Image
Container
Image registry
Image
Docker
Image
Development machine Production machine
1. Developer tells
Docker to build
and push image
2. Docker
builds image
4. Developer tells
Docker on production
machine to run image
3. Docker
pushes image
to registry
5. Docker pulls
image from
registry
6. Docker runs
container from
image
Developer
Figure 1.6 Docker images, registries, and containers

Another Random Scribd Document
with Unrelated Content

THE Court spent the summer at the Palace of Peterhof. My aunt, Princess
Cherwachidze, always rented a villa there on leaving her house at
Petrograd. Most of the Grand Dukes had their palaces there also. Being
only at a distance of about one hour by train from Petrograd, Peterhof with
its numerous palaces and villas, situated in their lovely gardens, reminded
me of the Riviera; by its brilliant society, both military and civil, Peterhof
was indeed a delightful place to live in. There was a perpetual round of
luncheons and dinners in the Court Circle which I enjoyed very much, also
the concerts and the theatre.
The place is charmingly pretty; the park magnificent, reaching right
down to the shores of the Baltic where many of its fine trees dip their long
branches into the sea. In the park we used to meet the Imperial Children,
Grand Duchess Olga, the eldest, and lately one of the leading sister-
disciples of Rasputin’s religion, was then a pretty little doll, always very
gracious and well-dressed. She used to say “Bonjour” aloud when anyone
bowed to her; policemen and others were delighted with the salutation of
their “little Empress!” Later on, their drives and rides had to be
discontinued as attempts on their lives were feared.
The second daughter, Grand Duchess Tatiana, was said to be the
cleverest of the family and her father’s favourite.
The playing of the fountains was a sight worth seeing, the Russians
never ceased asking me whether they did not outshine the “Grandes Eaux”
of Versailles.
The appearance of the exterior of the Palace inspired gaiety, whilst the
interior was the very acme of comfort.
The Russian Court was the most luxurious Court in the world,
combining as it did all the wealth and luxury of the East and the West. It
was a rule that all the numerous palaces of the Emperor should be kept up
during his absence just as though he were in residence—always ready to
receive him at any moment.
I often accompanied my aunt to the Palace of Peterhof to see my uncle,
Prince Cherwachidze, who was Grand Master of the Court of Russia,
specially attached to the person of the Empress-Dowager, being also Grand
Master of her Court; and he sometimes came to spend his evenings with us.
My aunt continually lunched with the Empress-Dowager, who used to
invite her every year to spend long friendly visits with her at Gatchina; she

also lunched very often at the Palace. My aunt might have taken up her
abode in the Palace had she chosen, but always declared she preferred her
liberty to the perpetual glow and
THE CASTLE OF MONREPOS FROM THE PARK

PETERHOF, THE IMPERIAL CHILDREN
fuss of the Court—in my view a somewhat injudicious step to have taken
considering all things.
Princess Cherwachidze, née Baronne de Nicolay, my father’s first
cousin, is small and slender, very refined and fragile, so fragile indeed that
one is almost afraid of breaking her when embracing her, but possessing in
her heart an unfathomable depth of kindness and devotion.
My dear little aunt—Aunt Maka, as I called her—seemed to be in love,
so much in love with her husband that morning and night, especially when
at Petrograd, she rushed off as fast as she could cover the ground to the
telephone to converse with the object of her adoration, who was always in
waiting on his Imperial Mistress wherever she happened to be—Gatchina,
Peterhof, Tsarskoë-Celo or Petrograd, at the Anitschkoff Palace. The
conversation was always the same and in her soft emotional voice she
commenced:—
“Comment vas-tu?” The reply I never caught. “Allons tant mieux.”
Idem. “Tu vas venir aujourd’hui, n’est-ce pas?” I guessed the reply to be in
the negative. “Et demain?” Again in the negative. “Alors tu me diras. Au
revoir.” Then it was over. He was not often able to respond to these
summonses.
She seemed quite satisfied to know that her spouse was in good health—
there was no alternative—and then again would rush off across the
drawing-rooms back to her comfortable study where she always had a vast

correspondence to attend to, and to reply to in that beautiful calligraphy of
hers—everything she undertook to do was executed to perfection. Every
day she received several begging letters, some from people desirous of
obtaining employment, others seeking for Imperial audiences for some
protégé or other—and these latter simply poured in!
Again at night, she used to ring up my uncle on the telephone which,
alas, more often than not gave no reply; then my poor little aunt became
quite thoughtful and sadly consoled herself by saying, “Comme son service
est fatiguant!”
She had also a conversation on the telephone very often with Grand
Duke Nicholas Michaelovitch who had been a friend of hers for many
years. His Imperial Highness sometimes came to see us in the evening and
we always knew when he had entered the apartment by the tremendous
clatter of his scabbard on the parquet floor of the ante-room and the
clinking of his spurs as he walked. He was of a jovial disposition and spoke
with a very loud voice. He was besides un gai causeur and extremely
literary, amongst his last publications was La Famille des Strogonoff.
Every morning, dressed as simply as possible, and wearing a little black
felt hat with a tiny little ruffled up feather and carrying a small black leather
bag, my aunt used to go out on missions of charity; the felt was no longer
very new, neither was the feather, but that mattered not at all to my dear
little aunt.
Ordinary—and extraordinary—confessor to all the troubled consciences
which chose to make her house their meeting place, nothing struck me as
being more strangely dissimilar than this immaculate soul—almost unique
beneath the snow-laden sky of this frozen country—to those who invaded
the blessed atmosphere of that drawing-room, pouring out all their griefs
and faults into her ever-sympathetic ears.
The Prince was less sentimental. Spoilt by a great fortune, occupying a
high post at Court, his presence at home became less and less until there
seemed no real reason to bind him to it at all, and yet, when he did happen
to come, he seemed so happy. But it was extremely difficult for anyone to
read exactly the innermost thoughts of my dear uncle, who belongs to a
very good old princely family of Georgia; he is a Caucasian, and
consequently portrays in his character all the mystery of his race, to a
greater degree even than the Slav. He has a somewhat striking appearance

with his large dark eyes. He is very gracious, when he chooses, and
unequalled in the art of finesse, morally speaking.
Although his thoughts were nearly always in the clouds, they
occasionally issued from their nebulous seclusion, but never for long. This
originality seemed to please his Sovereign Lady and some people used to
conceive this to be the cause of the high favour in which he stood.
At official ceremonies my uncle, in his magnificent gold uniform all
covered with Ribbons and Orders, appeared to emerge from the midst of
those yards of shimmering velvet or silk which formed the train of the
Empress-Dowager and which seemed to take pleasure in rustling all the
more at his touch. He cut a superb figure as he sat in his Court carriage,
wearing his fine cocked hat surmounted with white plumes, and on the box
seat the men in Royal scarlet and gold liveries with their gold-gallooned
hats slightly tilted to one side—the whole being drawn by a pair of high-
stepping greys.
At Peterhof we often used to drive in this fine turn-out, and many were
the low obeisances bestowed on us by respectful functionaries as we
passed.
Tongues were very busy on the subject of my uncle and I could not but
feel a little sad for my aunt. It was with eyes closed and with her heart brim-
full of him that she used to visit a certain perfidious beauty enjoying the
liberty of grass widowhood—her husband being at the war—and I felt sure
that the lady knew more about my uncle during her brief acquaintance with
him than did my dear good credulous aunt during the whole of her twenty-
five years of legitimate married life. But perhaps my youthful imagination
ran riot and judging from what people whispered you may think jealousy is
as rampant in Russia as it is here.
Queen Alexandra arrived at Peterhof during my sojourn there to spend a
few days with her sister, the Empress-Dowager, and I remember so well
seeing her. A cordon of sentinels had been drawn only a few paces apart all
round the Park interspersed with mounted Cossacks. My uncle has a
profound admiration for the Rose Queen, who has held him in great esteem
for many years. In the old days, when the world was normal, he used to
meet Her Majesty at Copenhagen every year, where she always presented
him with the latest photograph of herself, signed by her Royal hand—and at
Petrograd he had a regular gallery of these.

My uncle is entirely devoted to the Empress and she will never let him
out of her sight for long, giving him her full confidence; but, as he is a very
bad sailor and dreads the long sea voyages, he always obtained her Imperial
sanction to travel by way of Germany; so as to avoid sea-sickness as much
as possible and for this purpose he wears a pair of red glasses. May this be a
hint in future to all those who suffer from mal de mer!
He is still attached to the person of his Imperial Mistress, in the Crimea,
and now sharing her life in misfortune with as much devotion as in former
days. I feel sure he will never willingly consent to abandon her as in all
probability she has been forsaken by so many.
On one occasion, while at Copenhagen, a little scandal was spread about
in which the name of a certain very pretty maid of honour, who for the fun
of the thing mischievous people wished to compromise, and that of my
uncle, amongst others, were coupled. The papers, of course, got hold of the
story and naturally exaggerated the whole event.
The Empress was furious and outraged at the mere suggestion of such a
thing and in a loud voice protested, saying, “Le Prince n’y était pas, le
Prince était chez moi.” Now, the hour mentioned was one in which
Morpheus makes one forget the sad hours when he no longer holds sway—
and it was good of the Empress to champion her hero thus. People smiled
but held their peace!
As every one knows, the greatest love and affection exist between our
lovely Queen Alexandra and her sister. Since these Russian days I have
often been to see my uncle in London, both at Buckingham Palace and,
since King Edward’s death, at Marlborough House, during the Empress’s
visits to the Queen, which during King Edward’s lifetime usually took place
when he was abroad on his several diplomatic missions, causing him to be
recognized as Edward the Peacemaker. How richly he deserved that
appellation is to be shown in the great result he achieved in bringing about
the Entente Cordiale—as though he foresaw the present cataclysm—thus
laying the foundation of the great brotherhood in arms which now exists
between France and her old antagonist England in their common
determination to crush the loathsome beast—the abominable Hun—in a life
or death struggle. May time only strengthen this great alliance, is the
heartfelt desire of one amongst thousands of the daughters of France.

At Buckingham Palace my uncle occupied a charming apartment just
above the Visitors’ Entrance, though at Marlborough House his installation
was naturally less sumptuous. There I was greeted at the top of the stairs by
two giant Cossacks, the Cossacks of the Empress.
As my uncle experiences a good deal of difficulty in speaking English,
the long sojourn in our midst used to get rather on his nerves, especially
after King Edward died, as it was so hard for Queen Alexandra to reconcile
herself to parting with her Imperial sister. Whenever the Empress thought of
departure, the Queen threw herself into the Empress’s arms and begged her
to remain—and remain she did. Neither did the visits to Sandringham
satisfy my uncle, who was only really happy in one place and that place was
Copenhagen—where he seemed to become young again! quite young! I was
told. My uncle took his place in the funeral procession of the late King
Edward as one of the Russian delegates on that solemn occasion.
On his last visit to London, soon after my marriage, my husband and I
saw a great deal of my uncle, with whom we often used to lunch at
Buckingham Palace Hotel where he had a lovely suite of apartments on the
first floor, because, as he used to say, “I am freer here than at Marlborough
House.” And he seemed to revel in the idea of his own garçonnière,
although he had his room at Marlborough House as well.
That year the Empress remained in England until the last day of July,
and was travelling on her way back to Russia through Germany on the day
Russia actually declared war. On her arrival at Berlin the Imperial bomb-
proof train was not allowed to continue any further east, but was ordered
either to go back whence it came, namely to Calais, or else proceed to
Denmark, as German Authorities felt sure she was conveying important
messages from the King to his cousin the Tzar.
Her Imperial Majesty chose the latter route, thinking it would be the best
way home later on.
My uncle also showed us a very pretty miniature of the Empress-
Dowager given to him lately by Queen Alexandra, a charming thought for
which he seemed very grateful.
He had sent to Petrograd for an enormous box of delicious bonbons
which he gave us, they are so luscious there, and to ensure getting a good
cup of tea when he came to see us, I expect, he presented us with some
excellent green Russian tea.

T
CHAPTER IV
HE first great important ceremony which I attended was the funeral of
General Obroutcheff, a great dignitary of the Empire.
The ceremony took place at La Laure, which is the ecclesiastical
quarter of Petrograd and is an enormous monastery surrounded by walls and
ditches full of water, a kind of fortified place—in fact, a town.
It contains a large cemetery, beautiful gardens and no less than seven
churches. The monks, of whom there are a great number, wear long and
very wide black cassocks with a sort of high hat widening toward the top.
All of them let their hair and often their beards grow long; with some the
hair reaches to the waist and is an object of great care. At night, the monks
stand one behind the other plaiting each other’s hair, which is generally
curled and waved.
The popes are the secular and parish priests, and are married. Popes are
in a certain degree a race of people apart; their children intermarry, the sons
often become popes themselves. They are not generally much esteemed and
the common saying is: “Pope, son of a dog!” As I have said, a pope can
enter the married state, but only once in a life-time.
The police cordon was drawn as tight as possible. Quite close to us was
the officer of the police with a sullen look and a livid complexion who took
note of every one.
Presently the remainder of the guests arrived and the funeral procession
itself appeared, the uniforms were superb and the coup d’œil a magnificent
one.
All the Grand Dukes were there, amongst whom I recognized Alexis,
George, Oldenburg, and the Court dignitaries, including my uncle Prince
Cherwachidze, in full uniform, all covered with gold, the various
Ambassadors, wearing only Russian decorations on this occasion, but such
a profusion of them!
The Emperor and his brother—then the heir to the throne, for the
Tzarevitch was not born—with the Empress-Dowager entered the church,
after the celebration of Mass, for the committal service and took up their
positions quite close to me, to the right of the Sanctuary, so close indeed
that stretching out my hand I could have touched them.

On the arrival of the Emperor and Empress at the Church the whole
congregation bowed as the Imperial pair passed to their seats. There they
were duly incensed, the Tzar’s brother only receiving one incensing and
accordingly only gave one inclination.
The Emperor appeared very shy and nervous with a somewhat
frightened expression. The Empress-Dowager is short and dark, she has
nothing of the beauty of her sister, Queen Alexandra. The Tzar’s brother is
tall and fair with very blue eyes. He is a great sportsman and so strong that
he can lift Prince Cherwachidze up as easily as a feather. He was very
popular I believe.
The singing was wonderful, although unaccompanied by musical
instruments as is customary in the Russian Church. I was carried away by it.
The priests’ vestments were incomparably rich, all white and gold—no
trace of black anywhere. It is the custom of the Greek Church for even
funeral hearses to be gilded or silvered, but never black as with us. It is also
a rule that the corpse should be exposed in an open coffin during the
religious ceremony, but in the case of the defunct general, who had died at
his wife’s home in France—she being French—this form was dispensed
with.
That night, on our return to Peterhof I accompanied my Aunt
Cherwachidze to a dinner given at Michaelovka by Grand Duke Michael-
Michaelovitch, uncle of the Tzar. At this dinner were present Grand
Duchess of Mecklenburg-Schwerin, with her daughter Princess Cecilie,
now Crown Princess of Prussia, the Grand Duchess Xenia, sister of the
Emperor, and others.
The previous evening I had dined with my friends the Saint-Pairs at the
famous Ernest Restaurant on the Islands, the other guests including Prince
and Princess Kotchoubey, the Prince has a very Turkish appearance and
looks extremely flighty, while the Princess possesses a most wonderful
figure, but is very made up with her hair dyed gold; she has fine eyes but
they lack lustre; the Swedish Minister and Countess Gyldenstolpe, who
since then they have been to Paris many years in the same capacity, where I
have seen a good deal of them, Countess Gyldenstolpe being a Miss
Plunkett, a daughter of a former English Ambassador, both very
distinguished looking and charming. Monsieur Lefèvre-Pontalis, Vicomte et
Vicomtesse de Guichen and Vicomte de Salignac-Fénelon, all of the French

Embassy, made up the party, which took place in a huge recess on the first
floor overlooking the restaurant and just opposite the Rumanian orchestra
which was playing gaily.
The table was beautifully decorated with pink roses and ilex and lighted
by a profusion of prettily-shaded candles and electric lamps.
This was my first large dinner-party in Petrograd, which was to be
followed so often by others. I enjoyed it thoroughly.
I returned to Petrograd a few days later with Princess Lise Bagration-
Moncransky—a great friend of my Aunt Cherwachidze—then staying with
us. After an excellent lunch at the Hôtel de l’Europe, then the smartest in
Petrograd, he went off to see a Red Cross train on the point of leaving for
Manchuria, everybody being interested at that time in the poignant question
of the Russo-Japanese war—especially so, as we only received news from
the war zone by way of Japan I was told. Princess Obolensky did the
honours of her hospital train, showing us all the details, which were very
complete.
The train was entirely painted in white with huge red crosses at intervals.
What a good target it would have been for the modern German marksman!
It was immensely long, being able to accommodate 300 people,
including doctors, sisters of charity, and hospital attendants, and there was
room for twenty-five officers. The medical corps were most comfortably
installed, their study being so cosy—the writing-tables covered with green
baize—so suitably furnished; charming little holy images with lamps
burning in front of them were in every compartment.
The sisters of charity slept two in each room, their beds folded up as in
ordinary “sleepers”—simplicity was the order of the day in this department.
But the men were thoroughly spoilt, having a club room all to themselves, a
fact which often makes me exclaim: “On voit bien que le Créateur était un
homme.”
There were four carriages set aside for slightly wounded cases, and I
thought to myself the poor soldiers would suffer from being overcrowded—
the beds being so close together. On each bed were a pair of leather
slippers, a pair of socks and a grey woollen shirt. Crutches were placed at
intervals for the use of convalescents.
Then followed the quarters for the serious cases with very fine mosquito
nets in front of each window. The train was bomb proof, but I noticed the

absence of iron shutters or any shutters at all, which struck me as being a
great omission. These cases would enjoy more space and their beds could
be easily removed as they were only stretchers.
There were two stories to this part of the train—quite like a house on
wheels—icons and pious books were in great profusion. There were also a
pharmacy and an operating room well stocked with every modern
appliance.
The officers’ beds were entirely covered with white mosquito nets and
there were also head nets. We were shown the place where the linen was
washed and disinfected. No money seemed to have been spared in the
installation of this luxurious train, and I cannot help wondering what has
been its destiny and how many poor suffering creatures it helped towards
the alleviation of their pains.
The Hun takes as much pleasure in destroying the Red Cross as he does
in finishing off the wounded on the battlefield; and I can only hope those
who fought and died in 1904 did not encounter the same barbarous
treatment at the hands of their enemies as those brave men who are in
deadly contest now with the disciples of Kultur.
I was seized with a great desire to accompany Madame Narischkine, a
friend of my Aunt de Nicolay, to Irkoutz, where she intended to go in order
to nurse convalescents after her cure at the Eaux-Bonnes in France—
Russians are always taking cures and they go across Europe as easily as we
do from London to Brighton. She was already a middle-aged woman, but
very refined-looking. There was only one thing about her which rather
spoilt her appearance, and that was that her fingers were very much stained
with tobacco, and her teeth, too, from smoking cigarettes. In this she merely
followed the example of the majority of Russian ladies, amongst whom
smoking often becomes a real passion.
I spent my summer therefore amongst the great ones of the earth.
One day we went to a big luncheon-party at the Palace in honour of the
birthday of the Emperor Francis Joseph of Austria. It seems strange now to
think of having celebrated that event.
Grand Duchess Xenia and the Grand Duke, her husband, came to see my
aunt. I admired her charming simplicity, she took a snapshot of my aunt
with her son and myself and afterwards sent us each a copy accompanied by
a charming little note.

The Grand Duchesses were always dressed as simply as possible, tailor-
made dresses and small sailor-hats; so much so, that it really seemed to be a
uniform.
These sailor-hats appeared to me as being rather rétrograde for the
sensible craze for these generally becoming hats had been for some time no
longer the fashion in France, and to wear one would have seemed very
démodé.
That summer Plehve, the Minister, was the victim of a bomb explosion
while crossing the bridge opposite the Warsaw station in his carriage, on his
way to Peterhof from Petrograd, where he was going to present his usual
report to the Tzar; and this, in spite of the tremendous speed at which the
horses were going, for his life was always in danger, as well as that of every
one in the government and about the Court at that time. We were to have
travelled by the same train and only changed our mind at the last minute.
His death made a great impression, although he was thoroughly detested
by all parties, but the Tzar lost in him a strong pillar of autocratic rule. The
debris of his carriage were blown up as high as the fourth floor of the
neighbouring houses, and this explosion caused the death of, at least,
twenty other persons—the unfortunate Minister being literally blown to
atoms and the assassin himself injured.
A young and charming officer whom my aunt knew very well was killed;
and another friend of hers whilst driving in his carriage 100 yards away
from the scene of the outrage was dazed by the explosion, the coachman
falling on to his lap and the horse being thrown down. Another officer
became deaf, so terrific was the report of the bursting of the infernal
machine.
A few minutes later we passed the actual spot on our way to the station,
and saw the remains of the late Minister’s carriage strewn all over the road.
Witte succeeded Plehve; he had the reputation of being clever and strong
but also of being utterly unscrupulous and untrustworthy. He was sent to
America to discuss the peace terms of the Russo-Japanese war. Nearly
every one thought he was not a man to fulfil such an important mission, for
he inspired very little confidence. However, on his return, he was made a
Count. He was a friend of the Kaiser and demonstrated this feeling too well
before his end.

On Sundays I sometimes went to Mass at Cronstadt, the great naval
fortress which should protect Petrograd from an attack by sea—may it now
make good its raison d’être! is my most humble prayer, October 26th, 1917
—in a very fine steamer which only took half an hour to do the crossing
from the mainland, and was always crowded with people and laden with
horses and carriages.
Cronstadt is by no means a pretty town in spite of its wide streets, and
evidently the City Fathers were not a very energetic body as the walls of the
theatre which was completely gutted by fire thirty years previously were
still standing in their ruined state, while some of the actual panes of glass
were still to be seen in their broken window frames, flapping in the wind.
The Catholic church is very large. I noticed how many of the shops bore
French and German names, and not merely German names but also a great
number of inscriptions, denoting particular wares, Cronstadt being a very
commercial city and probably seething with German spies.
The place has distinguished itself lately by establishing itself as a
separate Republic with the notorious Lenin as president—which state of
affairs, however, was short lived.
A somewhat curious feature in certain places is that the pavements,
instead of being composed of flags of stone or brick, are made of small
pierced iron squares. The great solemn masses of the men-of-war lying at
anchor in the harbour seemed to be sleeping on the still waters—
unconscious as yet of the fearful doom that awaited so many of them in the
Sea of Japan.
I was interested watching a young naval officer from a pinnace trying to
conceal from public view beneath his cloak a superb bouquet of bright red
flowers, evidently the symbol of the very ardent love he bore ashore.
The sentinels apparently considered I was too long stationary in one
place, as they began to look me up and down with suspicion, which amused
me very much.
A lovely walk bordered by a number of weeping willows runs for a long
distance by the sea into which they dip their branches.
At that tune, there was living at Cronstadt an Orthodox priest, Father
John of Cronstadt. He possessed a great personality, and was very well
known in Russia. People, in some instances, positively worshipped him,

G
giving him a reputation for working miracles, also of being a very holy man
and even a prophet.
Once I ran after a war hero and pulled him by his sleeve, whereupon he
turned round and gave me such a saucy look! But, showing my
photographic apparatus, I made him understand that I only wanted to take
his photograph. He beamed all over and I placed next to him another hero.
They were both survivors of the glorious Koreitz which not long before
perished in the fatal Sea of Japan.
Then, I was told of a church which was nearer to us; so one Sunday I
determined to go there, but, to my horror, I suddenly found myself in the
courtyard of some military barracks where there was a chapel—but not
mine!
There I was, I and my coucouchka or little cab, surrounded by a double
row of soldier giants, but luckily being able to mutter a few words in
Russian a friendly policeman put me on the right road.
We flew along, passing woods, bridges, and a large palace which was
used for the Red Cross work.
I was told that the preceding winter, at The Hermitage, where the
Empress often came to work, she had a nigger who helped her to pull out
the bastings from her sewing.
At last I arrived at my destination and driving up to a charming little
church saw advancing towards me a smart-looking officer, a great friend of
Uncle Cherwachidze, Count Beckendorff, brother of the late Russian
Ambassador in London, and holding an important post at Court. He was
carrying an enormous prayerbook, almost as big as himself.
I went several times to the races at Crasnoë-Celo, which I will refrain
from giving a description of, as Count Tolstoi’s account in his marvellous
novel, Anna Karenina, gives one the best idea of this exclusively military
meeting.
CHAPTER V
REAT preparations now began for the baptism of the Tzarevitch. I shall
never forget with what joy we heard the appointed number of guns
fired announcing the glad tidings that a son and heir had been born to
the Emperor and Empress.

This happy event—July 30th, 1904—coincided with the Silver Wedding
day of my uncle and aunt, my aunt being the recipient of many beautiful
and valuable gifts from the Empress-Dowager, Grand Duchess Xenia and
many others. My Uncle Cherwachidze presented me with a charming
curbed chain Faberge bangle made of the three golds, as the Russians say,
namely of white gold or platinum, red gold and green gold. It was a delicate
attention on his part and one, which needless to say, I greatly appreciated.
Since the birth of his son, the Emperor appeared radiant.
I saw him shortly after the event at Crasnoë-Celo races distributing the
prizes amongst the winners from the Imperial stand, which resembles a
small villa with a balcony on the first floor—as is customary in Russian
houses.
Then I saw Grand Duke Cyril, just back from the war in Manchuria
where he had fallen into a hole; he was recuperating and declared that the
air of Petrograd was the only one that could improve his health!
He was at this time paying attention to his divorced cousin, whom he
eventually married in spite of the Tzar’s disapproval.
We went also to the Tzaria, the great national festival, and were invited
to the Imperial tent; the Empress-Dowager drove up in a carriage with four
horses and postilions. The Court uniforms were most brilliant. My uncle
appeared again all in gold lace. The scene was most beautiful and
impressive.
For the baptism of Grand Duke Alexis, heir to the throne, we first went
to the Countesses Koutousoff, two sisters, maids of honour to the Empress-
Dowager, where we found Countess Worontsoff and the others in full
Russian Court Dress, of dark green velvet, as she was mistress of the Court
of the Empress-Dowager, each Grand Duke’s Court having its own
particular colour.
There we met a number of friends, amongst whom were a Princess
Troubetzkoy and her husband, and Princess Yousoupoff, a great friend of
my aunt. The latter was absolutely charming, I thought, so pretty and so
simple. She possesses the largest fortune in Russia, and jewels—such as
one reads of in fairy tales.
Her second son was there, who notwithstanding a rather effeminate
appearance has distinguished himself lately by being implicated in the
murder of that arch-fiend and mock monk Rasputin.

Very soon after the baptism of Grand Duke Alexis, the eldest son was
killed in a duel; he had fallen head over ears in love with a well-known girl
in Russian Society, but his parents absolutely refused to sanction this
alliance. In consideration of their position and of their immense fortune,
they imagined that the only suitable wife for their son must be the daughter
of a Grand Duke.
Accordingly, the announcement of the young lady’s engagement to
another suitor was made public and the religious ceremony took place in
Paris, but that very night she gave her husband the slip and flew to the hotel
where her lover awaited her.
The result of this naturally was a duel in which the lover was killed by
the husband—his dead body being sent back to his home quite unattended
in his motor—and some time after his adversary became mad.
Petrograd society was dumbfounded by this drama and for many years
the young woman who was the cause of it was looked at askance, but now, I
have heard, she is being readmitted into the enchanted circle.
Prince and Princess Yousoupoff were quite overcome with sorrow and
could not reconcile themselves to the fact that they would never see their
adored son again. They had his body embalmed and laid in a glass coffin, so
that they could gaze upon his features, and made a point of conveying the
coffin with them wherever they went. This state of things went on for over a
year, until one day a friend broke it quietly to them that it was high time to
put the coffin out of sight; and this they finally agreed to do.
The Yousoupoffs’ second and only remaining son has accomplished the
feat of marrying the beautiful sister of Grand Duke Dmitri, thus satisfying
his parents’ ambition, and should be universally applauded for having
helped to rid Russia and the whole world of that most evil genius of the age,
the mock monk Rasputin, who through his deplorable influence over the
pro-German Empress Alexandra Feodorovna has been the cause not only of
the fall of the House of Romanoff and of that supremely brilliant Court but
also, I fear, of the complete downfall of great Holy Russia—at least for
generations to come.
The Imperial cortège was truly fairy-like: there were gilt coaches
surmounted at the four corners by white ostrich feathers, drawn by four or
eight white horses with white harness and white plumes on their heads; the
bridle of each horse being held by a footman dressed in white and gold.

In one of the coaches was Princess Galitzine, Grand Mistress of the
Court, and in her arms the then precious infant, a very fine child, with blue
eyes and dark hair.
The religious ceremony in the Imperial Chapel was indescribably
beautiful. I fancied myself in Fairyland. My aunt was of course in full Court
dress and looked a real picture in her velvet dress with a lot of her jewels on
her kakochnik or head-dress.
About this cradle surrounded as it was by so much love—and also by so
much hate, during these already troublous times—one could not help but
ask oneself, with anxious feelings at the bottom of one’s heart, as to what
the future held in store for this innocent babe, born in the purple: the hope
of the Romanoffs—the target of its enemies.
Prince Dolgorouky, who was Gold Stick in Waiting, drove past in a
gilded open state carriage looking the regular grand seigneur with his air of
supreme distinction as he held his long wand of office in his right hand. In
spite of his already advanced age and of his silvery locks, he was still a
superb-looking man. One unwelcome shower having fallen during the
return journey rather damaged the splendour of his white plumed hat and
splendid uniform.
I knew all the members of his family very well, as they and the Nicolays
were on very intimate terms with one another. His sister, Madame
d’Albédinsky, had been a great friend of the Emperor Alexander III. She
was charming—most sympathetic.
A few days later we attended the parade of the Chevaliers-Gardes at
Peterhof; a magnificent spectacle, the troops wearing white uniforms with
silver helmets surmounted by a golden eagle with outspread wings.
On one side a carpet had been laid down and priests were offering up
prayer, for there is never any ceremony in Russia without a religious side to
it.
I often met Baron Fredericks—since then he has become Count—who
had been Grand Marshal of the Court for many years. He was to be seen
here, there, and everywhere and must have proved himself a most useful
spy of the Kaiser—as recent events have indicated.
On the outbreak of the late Revolution he was found in hiding and
promptly imprisoned in the Fortress of St Peter and St Paul; from which,

however, in consideration of his great age and for a big lump sum of money
he has been released.
Princess Lise Bagration-Moucransky, my aunt’s friend, was on intimate
terms with all the crowned heads and even the non-crowned ones of the
Imperial family. One day I went with her to see Grand Duke Michael-
Michaelovitch and his daughter, Grand Duchess of Mecklenburg-Schwerin
—of whom I shall have more to say later on.
I found the Princess quite charming; “elle avait dû avoir beaucoup de
‘chien,’ ” as we say in France, and still had a very merry twinkle in her eye
which caused me great amusement. Being a Bagration, she was descended
from the Royal House of Georgia, and her husband—who had been dead
some years—had held numerous high appointments.
One day I went with my aunt to see Grand Duchess of Oldenburg, sister
of the Tzar—who has since divorced the Grand Duke, to marry his aide-de-
camp—she lived quite near us; also Grand Duke and Duchess of
Leuchtenbergh. This corner of the world seemed to be peopled with nothing
but Royalties!
One of our frequent visitors was a very dignified and decided though
kind looking cousin of my uncle’s, also a Princess Cherwachidze, who was
maid of honour to Grand Duchess Eugénie of Oldenburg.
It pleased my uncle sometimes to be extremely gay and amusing, and I
remember what fun we had together singing “Viens, Poupoule, viens.” This
was then a favourite refrain of the Paris Boulevards, which the Russians
adored.
There were at Oranienbaum, near Peterhof, a great number of soldiers
getting ready to start for the theatre of war, wearing caps covered with a sort
of greenish grey cloth and blouses of the same shade, with khaki coloured
great-coats, which they always wore. The officers wore green tunics and
dark caps.
One evening at six o’clock we went to see them take their departure and
I never shall forget the beauty of the setting for that sad scene—the Baltic
seemed to have borrowed something of the deep warm tones of the
Mediterranean. Cronstadt stood out, in the distance across the water, as
clear against the radiantly blue sky as if it had been painted for some stage
scenery.

There they were, bands playing and flags waving in the breeze, all those
gallant fellows having mustered from many different parts of the Empire,
all ready to step into that long brick-red train with the Imperial Arms
emblazoned on it, which would convey them far, far away to other Steppes,
but desert ones these—and terrible.
How many restrained tears in those dark or blue eyes, to which pain and
suffering had given an almost terrible expression, and how many never to
be realized dreams were enclosed behind these broad foreheads. How
melancholy—sad, too—were the expressions on the fresh faces of the
young, as on the wrinkled ones of the old peasant women with their heads
almost entirely concealed beneath wide gaudy coloured handkerchiefs.
From time to time the stillness of this great pathetic scene was disturbed
by the shrill and joyous tones of a voice of a child too young as yet to
understand the true and awful significance of this—for many—the last
earthly farewell. How numerous they were—these poor little innocents!
When the bell announcing the starting of the train rang for the third tune,
one last and long hurrah was raised by the entire sad-hearted multitude; and
it was terrible to think of the hardships those poor fellows would be
subjected to during that long journey to accomplish across Siberia, forty of
them in one truck, an open one very often!
Ammunition and guns were conveyed by the same train, which I was
told would take six weeks to reach its destination. Altogether a most
poignant spectacle, which greatly impressed me; but nowadays such an
event as the one I have attempted to describe has become, alas, a common
occurrence in almost every country of the world which is traversing the
most terrible agony of pain and sorrow of all time.
The Emperor had come and bid them farewell the night before.
As Oranienbaum is so near Cronstadt, it was a favourite place for the
wives of sailors with their, usually, large families to live in.
Amongst my aunt’s numerous men-servants there was one called
Coucoulsky who was the head butler—very fat and rotund, with the usual
flat head of the Pole, wearing enormous whiskers, with a pair of tiny
sparkling eyes always filled with astonishment. The poor man was no
longer young—il sue, il souffle, il est rendu—and to put him into this state
it was merely sufficient for him to offer to his little Princess on a huge
silver tray some wonderful pièce montée, which he held at such an angle

that one always expected to see the contents flung into her lap. This he did
with a most beatified expression on his broad smiling face.
He was for ever tripping up over imaginary obstacles, and always
appeared to be running, but somehow or other he never managed to be there
when required; this was inexplicable. And yet, in this fanciful and fantastic
being, there was a soul, an exquisite poetic soul.
In the summer on moonlight nights, afar off in the garden, alone amongst
the shrubs, his comical profile could be seen detaching itself against the
sky, his huge mouth wide open, his whiskers trembling and his little eyes
closed; while he sang languorously. Three fox terriers disturbed in their
slumbers by these nocturnal sounds always made a combined attack on him,
threatening to bite his calves to the bone. One by one the windows of the
house were closed, but all in vain—nothing could distract him from this
reverie of song!
One evening, on one of the rare occasions of a visit from Prince
Cherwachidze, Coucoulsky appeared with a radiant expression carrying a
plat monté, as my amorous little aunt was determined to welcome her
spouse by setting before him a regular feast.
Every one’s surprise was great on perceiving the faithful butler with a
napkin like a child’s immense bib tied beneath his chin, he in his anxiety
having forgotten to remove it and no one venturing to remind him of its
existence as neither my aunt, on account of her short sightedness, nor my
uncle, owing to his usual state of oblivion, had noticed the grotesque
appearance of the poor man, as he trotted and scrambled round the table
balancing the huge dish and threatening everybody with a douche of its
contents.
Later on, I found out that the reason for his wearing the bib was on
account of the desire to preserve the freshness of his highly-starched collar
when off duty—but on this celebrated occasion he had forgotten to remove
it.
Although the charms of poor Coucoulsky were many, my aunt failed to
see them in their true light and, after a few months, he with many tears of
regret was obliged to leave this hospitable interior where he was considered
both too old and too young. He left but too few regrets, only the memory of
him made many laugh.

L
He was quite unique, this good Coucoulsky. He returned to his wife who
was somewhat old, rather ugly and with only one eye, but to him she
appeared always full of charm and grace—she never was more beautiful nor
less blind—but they were young, both of them. Oh, the good old time!
CHAPTER VI
IFE at Michaelovka was very gay and delightful, in that beautiful palace
belonging to Grand Duke Michael-Michaelovitch on the shore of the
Baltic, and surrounded by every possible luxury amidst a gay and
numerous suite.
Michaelovka is situated at Strelna, quite near Peterhof. I stayed there
with my uncle, General de Baranoff, and my aunt. My uncle was Grand
Marshal of the Court of Grand Duke Michael-Michaelovitch, who always
spent a great part of each summer there.
The poor Grand Duke Michael-Michaelovitch was then very old and in
failing health and was not often visible—for years past he had spent his
winters at Cannes, where he owned the beautiful Villa Kasbeck.
My uncle and aunt made a perfect couple and ideal parents. It was a
genuine pleasure for one to see their two white heads approach one another
several times a day and join in an affectionate embrace. I had met my uncle
on the Riviera when at Cannes some years previously and also General
Tolstoi, both forming part of the suite of the Grand Duke. General Tolstoi
could be really witty at times, and once I remember he amused us greatly
when he came to see us with my uncle. Bowing and bending himself with
that grace and suppleness peculiar to the Russian he pretended to efface
himself while ushering in my uncle and said: “Je vous présente un grand
ravageur.” Of this particular side of my uncle’s character I know nothing,
but I can well believe he might have been the cause of many a heart beat,
and I for one should have heartily congratulated each one of those hearts for
the good taste they showed.
Very tall and thin, very intelligent beneath an impassive countenance,
kindness itself, General de Baranoff combines the acme of distinction with
the personification of honesty; very fond, like nearly all Russians, of putting
questions to foreigners but making a point of never answering any—himself
a past master in the art.

Grand Duke Michael-Michaelovitch, however, paid full justice to my
uncle’s great integrity and appreciated the advantage of having at his side a
man of his high character, for they were often surrounded by sycophants of
whom, however, one might say that they followed the example of their
august masters in that their needs were insatiable and unsatisfied, certainly
a thorn in the side of the Imperial crown; so much so that one day while
walking with one of my aunts in the palace grounds, we were passed by a
big motor-car, salutations were exchanged and I asked my aunt who was the
gorgeous occupant.
“C’est le Grand Duc,...” she said, “le ‘seul’ qui soit sérieux!”
Unlike the rest of the suite of Grand Duke Michael-Michaelovitch, my
uncle never took any advantage of his position and would never even take
at the Grand Duke’s expense a single trunk with him beyond what was
strictly necessary, though he accompanied him on all his journeys—Cannes,
Baden-Baden, etc. This was in vivid contrast to one of the Grand Duke’s
retinue, who never spent a penny except at his master’s charge and even
went so far as to get the Grand Duke to pay the tickets of all his family and
finally persuaded him to rent for them a Villa at Cannes much to the disgust
of my uncle. I never liked this person with a German sounding name and a
doubtful profile.
I often said to my aunt, “Do you know, I almost entertain a passion for
my uncle,” whereupon she used to smile that beautiful smile of hers which I
liked seeing so much.
My Aunt de Baranoff, née de Bibikoff, was charming; she had beautiful
white hair and very pretty blue eyes, and in her youth must have been very
much admired.
She combined tremendous entrain with much affability, and in her own
set she was what might be called, in schoolboy language, a jolly good sort,
which pleased me—her reflections being always to the point, and time
spent with her never lagged. How we used to laugh over things together! I
shall always retain much affection for her. I believe her first husband—
whom she divorced—was a perfect brute to her.
By her marriage with my uncle she had two children; her daughter Olga
was married to Lieutenant de Zinovieff, in the Garde à Cheval quartered at
Petrograd, a late page of the Empress, but she was for the time being at the

Camp of Crasnoë-Celo, not far from us, and I spent a few delightful days
with her.
Russian soldiers always leave their barracks during the summer months
and camp out of doors—those of Petrograd going into the neighbourhood.
This healthy measure is never practised in France, which is a great mistake
I think; and I always admired these huge camps composed of innumerable
white tents, like parasols, erected in perfect symmetry, looking from a
distance like so many small white mushrooms instead of being the
improvised shelters of these giant-like soldiers. The Camp of Crasnoë-Celo
was, I think, the largest.
Her son Petia, the regular type of a true Russian, not without charm and
dark and good-looking, was at that time preparing at the Lycée to enter the
regiment of the Chevaliers-Gardes in which he held a distinguished position
before the war.
My poor aunt, fearing the wars, wanted him to choose a diplomatic
career, but nothing would induce him to change his mind. He is now in the
trenches—or was lately—and has been badly wounded once.
During the summer the heat is at times very intense in Russia—a kind of
damp heat like the mild hot vapours of a conservatory—and the nights on
the coast of the Baltic were very damp and a thick white steam rose spirally
from the ground in patches, like smoke, between the Palace and the sea,
which caused a most curious effect.
My aunt had one daughter, Lily, by her first marriage and she and I
became great friends. She also lived with her parents, as she had been
obliged to leave a brute of a husband who was an officer of the Lancers of
the Guard, of which my uncle was in command at the time of her marriage
at Peterhof. Not long after her marriage she had gone away for a few days
to visit a relation who was ill, and on her return she found her own house
occupied not only by her husband’s mistress but by the children of that
illicit union as well. The wretch then proposed to her that she should remain
on in the house and that they should all live together, which proposition she
naturally scorned and thereupon returned to her old home.
She divorced the man in consequence, but not, like most people in
Russian society, in order to try her luck again, having already looked out for
number “two”—not at all, once having recovered her liberty she took good
care to preserve it.

Her library seemed to me to be literally filled with the works of Anatole
France and Pierre Loti, and my acquaintance with literature owing to my
strict French upbringing being more than limited—I had scarcely ever read
anything but fairy tales until then—I consequently found it extremely
difficult to talk to our friends with any clear knowledge of those popular
French authors about whom I was always being questioned.
Lily seemed to take me somewhat under her wing and gave me—at least
in words—an insight into life; and with the passing of time I have often
thought how very much to the point her doctrine was.
Colonel Echappard du Breuil was frequently to be seen at my aunt’s
house, he claimed to be of French origin, his ancestors having escaped—
échappé—across the Pyrenées into France at the time of the Moorish
expulsion from Spain, during the reign of the “Catholic Kings,” Ferdinand
and Isabella—hence the origin of this somewhat curious name.
The Colonel was attached to the suite of Grand Duke George, and
whenever I asked him where he was going he always replied “To
Christophky”—to the grand café-concert, on the island of that name at The
Islands—and he never ceased expatiating on the charms of the fair and dark
beauties of that delectable spot. He was a jolly fellow with a fat round face
wreathed in smiles—he seemed to render the very atmosphere sunny.
And Lily behind the wings—dans les coulisses, as we say in France—
used to hum to salute his departure the following refrain, which she had
taught me and which we loved, this charming little refrain about the three
cocks:—
Cocorico oooo
Quand je veux, je peux.
(Le jeune coq.)
Cocorico oooo
Quand je peux, je veux.
(Coq d’âge moyen.)
Cocorico ooooo
Que vous êtes heureux.
(Le vieux coq.)

Oh, how we did pity you, poor old man! And we did not allow feathers
to grow in this hen coup, but, willy-nilly, spurs and uniform of some
attaché de la suite.
Another character was General Tolstoi, whom I have already mentioned.
He came very often to see us, especially when we were in Petrograd; he
frequently spoke Russian and recounted interminably long stories in that
language which I regret to say used to make me yawn, as I could not always
follow them, and just to tease me, at the most critical part of the story, he
rapidly changed from Russian into French so that my ears should receive
the full benefit of it all. Quel toupet!
One evening, he told us of how he had once climbed up a tree, and from
there had had an uninterrupted view over a high fence, behind which,
apparently believing themselves to be sheltered from inquisitive eyes, some
members of the fair sex were in the full enjoyment of a sun bath cure!
These descendants of Eve were walking about in their birthday costumes,
so that the marvellous effects of the luminous rays should have full play. On
this occasion his particular attention was drawn to a certain Titianesque
beauty.
I pictured him in this attitude looking like a hideous orang-outang
squatting on a branch of a tree—as he, poor fellow, was not endowed with
any personal beauty!
If I am not mistaken, I am afraid he has since come to a tragic end
attributed to debts.
At my Aunt de Baranoff’s all the suite of the Grand Duke came more or
less every day and Prince Orbeliani with them, always shuffling his feet on
the floor and making a terrible noise in doing so; this unfortunate
peculiarity, apart from being an illness from which nearly all the members
of his family suffer, was with him to some extent a pose—où va-t-elle se
nicher—la pose!—and a very disturbing one, too, as far as I was concerned.
As luck would have it, the princely apartments were situated just over
my bedroom, so that every morning my peaceful slumbers were disturbed
by his Excellency’s shufflings, which he admitted he accentuated just to
tease me.
He was married to Countess Kleinmichel, the daughter of old Countess
Kleinmichel who entertained a good deal in Petrograd; the latter had the
reputation of being a spy for Germany, and was arrested at the outbreak of

Welcome to our website – the ideal destination for book lovers and
knowledge seekers. With a mission to inspire endlessly, we offer a
vast collection of books, ranging from classic literary works to
specialized publications, self-development books, and children's
literature. Each book is a new journey of discovery, expanding
knowledge and enriching the soul of the reade
Our website is not just a platform for buying books, but a bridge
connecting readers to the timeless values of culture and wisdom. With
an elegant, user-friendly interface and an intelligent search system,
we are committed to providing a quick and convenient shopping
experience. Additionally, our special promotions and home delivery
services ensure that you save time and fully enjoy the joy of reading.
Let us accompany you on the journey of exploring knowledge and
personal growth!
ebookultra.com

Kubernetes in Action First Edition Marko Luksa

Recommended

More Related Content

Similar to Kubernetes in Action First Edition Marko Luksa (20)

Recently uploaded (20)

Kubernetes in Action First Edition Marko Luksa