Getting Started with Installing Kubernetes On-Prem

Let’s get you started on your Kubernetes journey with installing Kubernetes on premises in virtual machines. 

Kubernetes is a distributed system, you will be creating a cluster which will have a master node that is in charge of all operations in your cluster. In this walkthrough we’ll create three workers which will run our applications. This cluster topology is, by no means, production ready. If you’re looking for production cluster builds check out Kubernetes documentation. Here and here. The primary components that need high availability in a Kubernetes cluster are the API Server which controls the state of the cluster and the etcd database which stores the persistent state of the cluster. You can learn more about Kubernetes cluster components here.

In our demonstration here, the master is where the API Server, etcd, and the other control plan functions will live. The workers, will be joined to the cluster and run our application workloads. 

Get your infrastructure sorted

I’m using 4 Ubuntu Virtual machines in VMware Fusion on my Mac. Each with 2vCPUs and 2GB of RAM running Ubuntu 16.04.5. Ubuntu 18 requires a slightly different install. Documented here. In there you will add the Docker repository, then install Docker from there. The instructions below get Docker from Ubuntu’s repository 

  • k8s-master –
  • K8s-node1 – DHCP
  • K8s-node2 – DHCP
  • K8s-node3 – DHCP

Ensure that each host has a unique name and that all nodes can have network reachability between each other. Take note of the IPs, because you will need to log into each node with SSH. If you need assistance getting your environment ready, check out my training on Pluralsight to get you started here! I have courses on installation, command line basics all the way up through advanced topics on networking and performance.

Another requirement, which Klaus Aschenbrenner reminded me, is that you need to disable the swap on any system which you will run the kubelet, which in our case is all systems. To do so you need to turn swap off with sudo swapoff -a and edit /etc/fstab removing or commenting out the swap volume entry. 

Overview of the cluster creation process

  • Install Kubernetes packages on all nodes
    • Add Kubernetes’ apt repositories
    • Install the required software for Kubernetes
  • Download deployment files for your pod network
  • Create a Kubernetes cluster on the master
    • We’re going to use a utility called kubeadm to create our cluster with a basic configuration
  • Install a Pod Network
  • Join our three worker nodes to our cluster

Install Kubernetes

Let’s start off with installing Kubernetes on to all of the nodes in our system. This is going to require logging into each server via SSH, adding the Kubernetes apt repositories and installing the correct packages. Perform the following tasks on ALL nodes in your cluster, the master and the three workers. If you add more nodes, you will need to install these packages on those nodes. 

Add the gpg key for the Kubernetes Apt repository to your local system

demo@k8s-master1:~$ curl -s | sudo apt-key add –

Add the Kubernetes Apt repository to your local repository locations

demo@k8s-master1:~$ sudo bash -c ‘cat <<EOF >/etc/apt/sources.list.d/kubernetes.list

> deb kubernetes-xenial main

> EOF’

Next, we’ll update our apt package lists

demo@k8s-master1:~$ sudo apt-get update

Install the required packages

demo@k8s-master1:~$ sudo apt-get install -y kubelet kubeadm kubectl

Then we need to tell apt to not update these packages. In Kubernetes, cluster upgrades will be managed by…you guessed it…Kubernetes

demo@k8s-master1:~$ sudo apt-mark hold kubelet kubeadm kubectl

Here’s what you just installed
  • Kubelet – On each node in the cluster, this is in charge of starting and stopping pods in response to the state defined on the API Server on the master 
  • Kubeadm – Primary command line utility for creating your cluster
  • Kubectl – Primary command line utility for working with your cluster
  • Docker – Remember, that Kubernetes is a container orchestrator so we’ll need a container runtime to run your containers. We’re using Docker. You can use other container runtimes if required

Download the YAML files for your Pod Network

Now, only on the master, let’s download the YAML deployment files for your Pod network and get are cluster created. Networking in Kubernetes is different than what you’d expect. For Pods to be on different nodes to be able to communicate with each other on the same IP network, you’ll want to create a Pod network. Which essentially is an overlay network that gives you a uniform address space for Pods to operate in. The decision of which Pod network to use, or even if you need one is very dependent on your local or cloud infrastructure. For this demo, I’m going to use the Calico Pod network overlay. The code below will download the Pod definition manifests in YAML and we’ll deploy those into our cluster. This start up a container on our system in what’s called a DaemonSet. A DaemonSet is a Kubernetes object that will start the specified container on all or some of the nodes in the cluster. In this case, the calico network Pod will be deployed on all nodes in our cluster. So as we join nodes, you might see some delay in nodes becoming ready…this is because the container is being pulled and started on the node.
Download the YAML for the Pod network

demo@k8s-master1:~$ wget

demo@k8s-master1:~$ wget

If you need to change the address of your pod network edit calico.yaml, look for the name: CALICO_IPV4POOL_CIDR and set the value: to your specified CIDR range. It’s by default. 

Creating a Kubernetes Cluster

Now we’re ready to create our Kubernetes cluster, we’re going to use kubeadm to help us get this done. It’s a community-based tool that does a lot of the heavy lifting for you.
To create a cluster do this, here we’re specifying a CIDR range to match that in our calico.yaml file.

demo@k8s-master1:~$ sudo kubeadm init –pod-network-cidr=

What’s happening behind the scenes with kubeadm init:
  • Creates a certificate authority – Kubernetes uses certificates to secure communication between components and also to verify the identity of hosts in the cluster
  • Creates configuration files – On the master, this will create configuration files for various Kubernetes cluster components
  • Pulls control plane images – the services implementing the cluster components are deployed into the cluster as containers. Very cool! You can, of course, run these as local system daemons on the hosts, but Kubernetes suggests keeping them inside containers
  • Bootstraps the control plane pods – starts up the pods and creates static manifests on the master start automatically when the master node starts up
  • Taints the master to just system pods – this means the master will run (schedule) only system Pods, not user Pods. This is ideal for production. In testing, you may want to untaint the master, you’ll really want to do this if you’re running a single node cluster. See this link for details on that.
  • Generates a bootstrap token – used to join worker nodes to the cluster
  • Starts any add-ons – the most common add-ons are the DNS pod and the master’s kube-proxy
If you see this, you’re good to go! Keep that join command handy. We’ll need it in a second.

Your Kubernetes master has initialized successfully!

…output omitted

You can now join any number of machines by running the following on each node

as root:

  kubeadm join –token 2a71vm.aat5o5vd0eip9yrx –discovery-token-ca-cert-hash sha256:57b64257181341928e60548314f28aa0d2b15f4d81bf9ae9afdae0cee6baf247

The output from your cluster creation is very important, it’s going to give you the code needed to access your cluster as a non-root user, the code needed to create your Pod network and also the code needed to join worker nodes to your cluster (just go ahead and copy this into a text file right now). Let’s go through each of those together.

Configuring your cluster for access from the master node as a non-privileged user

This will allow you to log into your system with a regular account and administer your cluster.

mkdir -p $HOME/.kube

sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config

sudo chown $(id -u):$(id -g) $HOME/.kube/config

Create your Pod network

Now that your cluster is created, you can deploy the YAML files for your Pod network. You must do this prior to adding more nodes to your cluster and certainly before starting any Pods on those nodes. We are going to use kubectl -f to deploy the Pod network from the YAML file we downloaded earlier. 

demo@k8s-master1:~$ kubectl apply -f rbac-kdd.yaml created created

demo@k8s-master1:~$ kubectl apply -f calico.yaml

configmap/calico-config created

service/calico-typha created

deployment.apps/calico-typha created

poddisruptionbudget.policy/calico-typha created

daemonset.extensions/calico-node created

serviceaccount/calico-node created created created created created created created created created created

Before moving forward, check for the creation of the Calico pods and also the DNS pods, once these are created and the STATUS is Running then you can proceed. In this output here you can also see the other components of your Kubernetes cluster. You see the containers running etcd, API Server, the Controller Manager, kube-proxy and the Scheduler.

demo@k8s-master1:~$ kubectl get pods –all-namespaces

NAMESPACE     NAME                                  READY   STATUS    RESTARTS   AGE

kube-system   calico-node-6ll9j                     2/2     Running   0          2m5s

kube-system   coredns-576cbf47c7-8dgzl              1/1     Running   0          9m59s

kube-system   coredns-576cbf47c7-cc9x2              1/1     Running   0          9m59s

kube-system   etcd-k8s-master1                      1/1     Running   0          8m58s

kube-system   kube-apiserver-k8s-master1            1/1     Running   0          9m16s

kube-system   kube-controller-manager-k8s-master1   1/1     Running   0          9m16s

kube-system   kube-proxy-8z9t7                      1/1     Running   0          9m59s

kube-system   kube-scheduler-k8s-master1            1/1     Running   0          8m55s


Joining worker nodes to your cluster

Now on each of the worker nodes, let’s use kubeadm join to join the worker nodes to the cluster. Go back to the output of kubeadm init and copy the string from that output be sure to put a sudo on the front before you do this on each node. The process below is called a TLS bootstrap. This securely joins the node to the cluster over TLS and authenticates the host with server certificates. 

demo@k8s-node1:~$ sudo kubeadm join –token 2a71vm.aat5o5vd0eip9yrx –discovery-token-ca-cert-hash sha256:57b64257181341928e60548314f28aa0d2b15f4d81bf9ae9afdae0cee6baf247

[preflight] running pre-flight checks

[discovery] Trying to connect to API Server “”

[discovery] Created cluster-info discovery client, requesting info from “”

[discovery] Requesting info from “” again to validate TLS against the pinned public key

[discovery] Cluster info signature and contents are valid and TLS certificate validates against pinned roots, will use API Server “”

[discovery] Successfully established connection with API Server “”

[kubelet] Downloading configuration for the kubelet from the “kubelet-config-1.12” ConfigMap in the kube-system namespace

[kubelet] Writing kubelet configuration to file “/var/lib/kubelet/config.yaml”

[kubelet] Writing kubelet environment file with flags to file “/var/lib/kubelet/kubeadm-flags.env”

[preflight] Activating the kubelet service

[tlsbootstrap] Waiting for the kubelet to perform the TLS Bootstrap…

[patchnode] Uploading the CRI Socket information “/var/run/dockershim.sock” to the Node API object “k8s-node1” as an annotation


This node has joined the cluster:

* Certificate signing request was sent to apiserver and a response was received.

* The Kubelet was informed of the new secure connection details.

Run ‘kubectl get nodes’ on the master to see this node join the cluster.

If you didn’t keep the token or the CA Cert Hash in the earlier steps, go back to the master and run these commands. Also note, that join token is only valid for 24 hours. 
To get the current join token

demo@k8s-master1:~$ kubeadm token list

To get the CA Cert Hash

demo@k8s-master1:~$ openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed ‘s/^.* //’

Back on the master, check on the status of your nodes joining the cluster. These nodes are currently NotReady, behind the scenes they’re pulling the Calico container and setting up the Pod network.

demo@k8s-master1:~$ kubectl get nodes


k8s-master1   Ready      master   14m    v1.12.2

k8s-node1     NotReady   <none>   100s   v1.12.2

k8s-node2     NotReady   <none>   96s    v1.12.2

k8s-node3     NotReady   <none>   94s    v1.12.2

And here we are with a fully functional Kubernetes cluster! All nodes joined and Ready.

demo@k8s-master1:~$ kubectl get nodes


k8s-master1   Ready    master   15m     v1.12.2

k8s-node1     Ready    <none>   2m34s   v1.12.2

k8s-node2     Ready    <none>   2m30s   v1.12.2

k8s-node3     Ready    <none>   2m28s   v1.12.2

In our next post, we’ll deploy a SQL Server Pod into our freshly created Kubernetes cluster.
Please feel free to contact me with any questions regarding Linux or other SQL Server related issues at:

My Current Training Courses on Pluralsight!

Here’s a run down of the Linux training that I have available on Pluralsight!

Just getting started! 

Understanding and Using Essential Tools for Enterprise Linux 7 – If you heard what Linux is and want to get started this is the place to be. We’ll cover installation, command line basics, the file system, text editors and more! This is my most popular course.

SQL Server on Linux Administration Fundamentals – SQL Server is available for Linux and Docker! This course is targeted towards both the SQL Server DBA and the Linux professional to get you started using SQL Server on Linux. We cover architecture, administration basics, Tools and backup and recovery!

Provisioning Microsoft Azure Virtual Machines – Need to deploy a VM in the cloud, start here! We cover the basics of getting started and walk through how to deploy VMs both in the portal and at the command line. We also cover Azure Disk storage and building custom virtual machine images for consistent repeatable deployments. 

Deeper cuts!

Once you’ve mastered the basics let’s move you along in your Linux journey and get your ready to run your applications and servers in production! 

LFCE: Advanced Network and System Administration – If you’re going to run Linux in production, you should watch this course. We cover managing services, system performance, package management and sharing files with Samba and NFS. A must see. This is my second most popular course.

LFCE: Advanced Linux Networking – Tired of the network team saying “I can ping it” if so, watch this course. We’ll learn about the OSI model, addressing and subnets, ARP and DNS, how routing works, TCP internals and my network troubleshooting model!

LFCE: Network and Host Security – Speaking of production ready, this course is a must. We cover security concepts and architecture, Linux firewalls including iptables and firewalld, we also cover remote access with SSH and also cover how to reach applications behind firewalls wiht tunneling services through SSH. 

Kubernetes Installation and Configuration Fundamentals – Let’s get you started learning Kubernetes. First, you’ll learn about its architecture, and then how to install your first cluster. With that cluster up and running you’ll explore how to work with it and deploy applications in Kubernetes!

For the those with services on the internet!

LFCE: Linux Service Management – HTTP Services – Need to set up a web server, watch this course and learn how. We’ll cover Apache’s architecture, how DNS works, installation and configuration, implementing Apache security features and troubleshooting and logging.

LFCE: Linux Service Management – Advanced HTTP Services – Once you have that web server up an online, learn how to really build scalable internet architecture with this course! We cover proxy and caching techniques and also a deep dive into Apache Modules.

LFCE: Linux Service Management – Advanced Email Services – If you’re a consulting customer of mine and you ask me to build you an email server I’m going to tell you to give me your credit card because we’re going to buy a cloud based solution for that. But for those of you who need to know how to build SMTP based mail environments this is your course! We’ll cover installation and configuration of Postfix as a mail server, we cover relay services and how to access your mail server securely.

SQL Server on Linux – External Memory Pressure with 2019 CTP2

In this blog post we’re going to revisit how SQL Server on Linux responds to external memory pressure. This is a very long post, and it ends with me not knowing exactly what’s going on…but the journey is pretty fun…let’s go!
On Windows-based SQL Server systems we’ve become accustomed to the OS signaling to SQL Server that there’s a memory shortage. When signaled, SQL Server will kindly start shrinking it’s memory caches, including the buffer pool, to maintain overall system stability and usability. Well that story is a little different in SQL Server on Linux…last year I wrote a similar post for SQL Server 2017 RTM and how it reacted to external memory pressure, check that out here! That was quite a dramatic story, you can literally cause SQL Serve to swap nearly its entire process address space out to disk! Now, let’s look and see how SQL Server on Linux responds to external memory pressure in SQL Server 2019 CTP2.

The Scenario

Our SQL Server on Linux system is a CentOS 7.5 VM, running SQL Server 2019 (CTP2). There is 12GB of physical memory and 80% of that is dedicated to SQL Server via mssql-conf about 9.2GB, the default configuration. I’ve also set Max Server memory to 8GB for the SQL Server instance.

So let’s start up SQL Server on Linux 2019 CTP2 and query the SQL Server’s cache sizes when there’s no data loaded. I’m going to look in  sys.dm_os_memory_clerks for memory allocation accounting information. In Figures 1 we can get a feel for the memory distribution across the system’s caches. Special shoutout to the new “Azure Data Studio” I’m using in these demos.

Screen Shot 2018 10 13 at 6 46 19 AM

 Figure 1 – Top memory consumers at system startup

Now, I’m going to load an 8GB table into the buffer pool, maxing out SQL Server’s MAX memory instance setting. Now we’ll look at the allocations again. In Figure 2, we can see the buffer pool is the dominant consumer of memory and that our database is the dominant consumer in the buffer pool. So far so good, eh?

Screen Shot 2018 10 13 at 6 50 58 AM

Figure 2 – Top memory consumers after server reached maximum memory

Getting Memory Information From Linux

We can use tools like pstop and htop to look our are virtual and physical memory allocations. We can also look in the /proc virtual file system for our process and look at the status file. In here we’ll find the point in time status of a process, and most importantly the types of memory allocations for a process. We’ll get granular data on the virtual memory allocations and also the resident set size of the process. Here are the interesting values in the status file we’re going to focus on today.

  • VmSize – total current virtual address space of the process
  • VmRSS – total amount of physical memory currently allocated to the process
  • VmSwap – total amount of virtual memory currently paged out to the swap file (disk)

We can use the command pidof sqlservr to find the process ID for our SQL on Linux process, in our case it’s 14689. When running SQL Server on Linux there is always two processes for sqlservr, we’re going to look the one with the higher process ID as the one with the lower PID is the watchdog process.

Now to access the status information for our process we look in /proc/14689/status

Below is the output from our process’ status file, filtering for the values we’re interested in. You can see about 16.4GB of Virtual Memory (VmSize), 7.9GB of which is in actual RAM (VmRSS) and 0MB in the swap file (VmSwap). Wait a second, 16GB of for VmSize? Yea, 16GB for VmSize. That’s the reserved allocation for the whole process. More on that in a second…

VmSize:  17165472 kB

VmRSS:    8579016 kB

VmSwap:         0 kB 

Table 1 – Process memory for SQL Server 2019

Now, if we look back at the previous post here on SQL Server 2017 RTM, the memory distribution was a bit different. We see about 10.16GB of memory in VmSize

VmSize:  10661380 kB

VmRSS:    8201240 kB

VmSwap:         0 kB

Table 2 – Process memory for SQL Server 2017

Phantom Memory Allocation?

Now, I very rarely post something when I don’t have an answer for a specific behavior but this case I don’t. My thoughts on this are, that 16GB is the reserved allocation for the whole process. Linux uses a demand paging allocation system so the majority of the process access space is just a reservation and isn’t backed by actual pages. So it’s not *really* consuming physical memory. But what I do find interesting is the process seems to carry that allocation forward, as I loaded memory in, the VmSize went from 8GB (which is the VmSize when SQL Server Starts) to 16GB (when I loaded the 8GB table). I’ve reported this to the product team and I am awaiting for an answer on the ~8GB discrepancy between the two tests.

Let’s Add Some Pressure

Using a small C program I wrote, I use calloc to allocate large sections of contiguous memory and then I have the program continually write data into the memory buffer to ensure those pages stay in physical memory. Using this program, let’s allocate 7GB of RAM. I’m choosing this value because its going to cause my system to exceed it’s physical memory but NOT exceed the amount virtual memory in my system when including the swap file’s size which is 5.8GB on my system. Things can get really dicey if you exceed physical and virtual memory size, processes will start to get killed. Microsoft documents a case here. Just so you know how important adding a monitor for external memory pressure is, when I allocated 7.5GB and exceeded physical + virtual memory Linux killed both the memory allocation program and SQL Server to protect the stability of the system, oomkiller is a thing to look out for!

Now, let’s look at the memory accounting information at /proc/PID/status for my memory allocator program. In the output below you can see we have just about 7GB of virtual memory (VmSize) allocated and nearly the same amount of memory that’s resident in physical memory (VmRSS) and no data in the swap file.

VmSize:  7344248 kB

VmRSS:   7340312 kB

VmSwap:        0 kB

Table 3 – Process memory for external memory allocation program
Now in SQL Server 2017 with that 7GB program running would cause Linux to need to make room in physical memory for this process. Linux does this by swapping least recently used pages from memory out to disk. So under external memory pressure, let’s look at the SQL Server process’ memory allocations according to Linux. In the output below we see we still have a VmSize of around 10GB, but our VmRSS value has decreased dramatically. In fact, our VmRSS is now only 2.95GB. VmSwap has increased to 5.44GB. Wow, that’s a huge portion of the SQL Server process swapped to disk.

VmSize:  10700328 kB

VmRSS:    3098456 kB

RssAnon:  3096308 kB

VmData:  10442840 kB

VmSwap:   5711856 kB

Table 4 – Process memory for SQL Server 2017 on Linux under external memory pressure

In SQL Server 2019, there’s a different outcome! In the data below we see our 16GB VmSize which won’t change much because of the virtual address space for the process. With that large external process running SQL Server reduced VmRSS from 7.9GB (from Table 1) to 2.8GB only placing about 4.68GB in the swap file. That doesn’t sound much better, does it? I thought SQL Server was going to react to the external memory pressure…let’s keep digging and ask SQL Server what it thinks about this.

VmSize:  17159552 kB

VmRSS:    2938684 kB

VmData:  16806460 kB

VmSwap:   4911120 kB

Table 5 – Process memory for SQL Server 2019 on Linux under external memory pressure

What’s SQL Server Think About This?

In SQL Server on Linux 2017, we saw a large chunk of the process address space swap out and we saw those pages stay resident in SQL Server’s buffer pool or really any part of the SQL Server process address space since the Linux kernel is an equal opportunity swapper…so anything in the caches managed by SQL Server didn’t know if that memory was resident in physical memory or was actually on disk. In figure 3, we see the top memory consumers after external memory pressure, our buffer pool is still fully populated with our table data.

Screen Shot 2018 10 13 at 8 24 02 AM

Figure 3 – Top memory consumers after external memory pressure in SQL Server 2017

Ok, let’s look at what happens in SQL Server 2019 with external memory pressure. Looking at the memory distribution, we see that the memory clerk for SQL Server’s buffer pool reduced its memory footprint from 7,227MB (the value from way back in Figure 2) when the buffer pool was first loaded with our large table. Wh then applied external memory pressure with our 7GB process and now we see the buffer pool is reduced to 3,502MB a reduction of 3,725MB. Cool, looks like we dumped our buffer pool to protect the system but not the whole buffer pool, there’s still 3,502MB in memory. But the SQL Server 2019 on Linux process still swapped out about that much data (Table 5)…what’s going on? I still don’t know. Let’s keep digging.
Screen Shot 2018 10 13 at 8 24 39 AM

Figure 4 – Top memory consumers after external memory pressure in SQL Server 2019

Now, in SQL Server 2017 on Linux Resource Monitor didn’t exist…let’s look at what we have in SQL Server 2019…using the query from Amit Banerjee and Sudarshan Narasimhan in this post here let’s see what happened according to the newly implemented Resource Monitor for SQL Server 2019 on Linux.
Screen Shot 2018 10 13 at 10 02 45 AM
Figure 5 – Resource Monitor output before and after external memory pressure
From the output of this query, we can see that System Indicator is 2 during periods of external memory pressure. This is a signal from Resource Monitor to SQL Server to dump its caches to protect the health of the overall system.  We certainly observed that in the output in Figure 4. But what we also found is that Linux is placing 4.68GB of memory into the swap file and that SQL Server is holding on to 3,502MB of memory in the buffer pool while the VmRSS of the process is 2.8GB (Table 5). So the question remains, why is SQL Server swapping so much of its memory out to disk and holding on to so much memory in the buffer pool even though it’s seeing the low memory signal from Resource Monitor. This data is further backed up by the fact that we see SQL_CommitedMemory_KB staying relatively stable in the light of the external memory pressure, the expectation is that would reduce. So it’s like it’s not quite finishing the job deallocating the memory. So let’s ask Linux what it thinks about this. 

Resource Monitor on Linux – How I think it works…

If you’ve read this blog before you know I like to use strace to find out how applications interact with the OS via system calls. Well, let’s use that technique to try to figure out what happens when SQL Server starts dumping it’s cache under external memory pressure. 
In the last section, we learned that Resource Monitor can track high and low memory conditions in Linux. In this section, let’s see how it interacts with the Linux memory management system to deallocate memory.
In the output below (Table 6) you can see the aggregated system calls when I’m applying external memory pressure to SQL Server on Linux. From that output, it looks like SQL Server on Linux uses memory mapped files, which is a file access technique where files are opened mapped directly into a process’ memory address space. The process can then access the file via direct memory addressing rather than using system calls.  This type of access actually makes quite well to the internal file structures used in SQL Server data files.
During external memory pressure, the madvise is the most frequently called system call during this period. This system call is used by applications to advise (hint) the kernel on what to do with ranges of memory under certain conditions. In the last section, we observed that Resource Monitor can sense the external memory pressure and signals SQL Server to clear its caches and this is likely the implementation of how those caches are dumped.  
Under memory pressure, the madvise system call is called with the MADV_DONTNEED flag for large address ranges in SQL Server’s process address space, the memory mapped file. The MADV_DONTNEED flag tells the kernel that the application does not expect to access these pages in the near future and they can be discarded and eventually freed rather than swapped out to disk. See the kernel source code here for how it works.

madvise(0x69274a000, 8192, MADV_DONTNEED) = 0

My theory is that this is how Resource Monitor is signaling to the OS that these pages are no longer needed and should be deallocated due to the semantics of the madvise system call the pages are marked as not needed. So we see the reduction in the size reported by SQL Server’s memory clerks. But what I find interesting is the amount of memory that’s still hitting swap when we look at the memory accounting information for the individual processes and the IO profile of the system during external memory pressure. So it seems like the kernel or the application is holding onto pages and they’re hitting swap rather than being deallocated.
This is just my theory and I’m trying to bring the pieces together in this emerging technology since it’s still in CTP. So if you have some insight as to what’s happening at this layer, I’d love to hear from you :) 

strace -p PID -f -c

% time     seconds  usecs/call     calls    errors syscall

—— ———– ———– ——— ——— —————-

 75.98  575.483472       12188     47217     11425 futex

  8.24   62.370591      275976       226           epoll_wait

  7.73   58.578205     2253008        26        14 restart_syscall

  3.44   26.050226     2170852        12           io_getevents

  1.60   12.096475      549840        22           nanosleep

  1.55   11.726022      266501        44        44 rt_sigtimedwait

  0.71    5.387356          14    389517           clock_gettime

  0.49    3.688034          24    154405           madvise

  0.12    0.944458         803      1176           munmap

  0.07    0.495154         343      1445           mmap

  0.06    0.444399        7796        57           open

  0.01    0.062301        1093        57           read

  0.00    0.013327         579        23        23 stat

  0.00    0.009003          46       196           gettid

  0.00    0.005058          43       119           sched_setaffinity

  0.00    0.004188          68        62           clone

  0.00    0.004018          65        62           set_robust_list

  0.00    0.003902          36       109           rt_sigprocmask

  0.00    0.003194          56        57           fstat

  0.00    0.002914          47        62           sched_getaffinity

  0.00    0.002331          38        62           sigaltstack

  0.00    0.001805          29        62           arch_prctl

  0.00    0.001575          28        57           close

  0.00    0.001182         394         3           io_submit

  0.00    0.000672          42        16           sched_yield

  0.00    0.000506          22        23           rt_sigaction

  0.00    0.000011          11         1           fdatasync

—— ———– ———– ——— ——— —————-

100.00  757.380379                595118     11506 total

Table 6: Aggregated system calls for SQL Server on Linux under external memory pressure

 % time     seconds  usecs/call     calls    errors syscall

—— ———– ———– ——— ——— —————-

 71.52  569.206916       33673     16904      4444 futex

 12.46   99.164048      819538       121           epoll_wait

  6.90   54.920907     2387866        23        17 restart_syscall

  2.73   21.715336        1084     20033           io_getevents

  2.15   17.123567     1902619         9           nanosleep

  2.07   16.494124      868112        19        19 rt_sigtimedwait

  1.77   14.122895        1070     13202           io_submit

  0.22    1.780524         218      8180           munmap

  0.10    0.769185          93      8262           mmap

  0.06    0.502749         125      4026           clock_gettime

  0.00    0.006171         386        16           sched_setaffinity

  0.00    0.005702          62        92           read

  0.00    0.004128         197        21           fstat

  0.00    0.003996         118        34           sched_yield

  0.00    0.003961         165        24           gettid

  0.00    0.003112         346         9           arch_prctl

  0.00    0.002615         291         9           sched_getaffinity

  0.00    0.002528          84        30           rt_sigprocmask

  0.00    0.002045          85        24           close

  0.00    0.001929          92        21           open

  0.00    0.001924         214         9           clone

  0.00    0.001752         195         9           set_robust_list

  0.00    0.001647          97        17           madvise

  0.00    0.001198         599         2           fdatasync

  0.00    0.000989         110         9           sigaltstack

  0.00    0.000632          57        11        11 stat

  0.00    0.000446          45        10           rt_sigaction

  0.00    0.000351          18        19           write

  0.00    0.000316          11        29           epoll_ctl

  0.00    0.000310          44         7           writev

  0.00    0.000159          11        15         7 readv

  0.00    0.000051          26         2           socket

  0.00    0.000021          11         2           setsockopt

  0.00    0.000014           4         4           getcpu

  0.00    0.000009           3         3           getsockname

  0.00    0.000009           5         2           getpeername

  0.00    0.000004           4         1           accept

  0.00    0.000004           2         2           fcntl

—— ———– ———– ——— ——— —————-

100.00  795.846274                 71212      4498 total

Table 7: Aggregated system calls for SQL Server on Linux under external memory pressure

Installing minikube on CentOS

In this blog post, I’ll show you how to install Minikube on CentOS. Minikube is a platform you can use to test kubernetes clusters on your local machine or in a virtual machine.

Let’s start off with a fresh Install of CentoOS 7 on a virtual machine using a minimal install. If you need some help getting a Linux VM us, check out my Pluralsight course here to help you with that. You will want to ensure this virtual machine has the resource you want to run the container/pods scenarios you’d like to worth with. My configuration is dual vCPU with 10GB of RAM. 

Since we’re running a hypervisor inside a VM, you will need to enable nested virtualization in your virtual machine configuration. Cloud friends, this will not apply to you as most cloud providers do not have this enabled. 

Let’s get started with some prerequisites!

SSH into your virtual machine. I don’t have DNS internally…so I am using the IP address of the virtual machine

demo:~ aen$ ssh aen@

First, install a hypervisor on CentOS, I’m going to use KVM. Installing KVM on RHEL based Linux distributions is most easily done by using a yum group install. This will install all of the packages included in that group for you in one command. Minikube will run inside your virtual machine as a KVM virtual machine. Minikube can use other hypervisors such as Virtual Box and VMware Fusion/Workstation.

sudo yum group install “Virtualization Host”

Once the installation is complete, confirm the KVM kernel module is loaded by listing the running kernel modules with lsmod then grepping for the string kvm.

lsmod | grep kvm

kvm_intel             183720  0 

kvm                   578558  1 kvm_intel

irqbypass              13503  1 kvm

Next we’ll install the KVM2 Driver Plugin for minikube

curl -Lo docker-machine-driver-kvm2 \

 && chmod +x docker-machine-driver-kvm2 \

 && sudo cp docker-machine-driver-kvm2 /usr/local/bin/ \

 && rm docker-machine-driver-kvm2

Now, that we have the prep work out of the way, let’s install kubectl. This is the command line utility you will use to interact with your Kubernetes cluster.

sudo yum install kubernetes-client

Next we’ll Install Minikube on our VM

sudo curl -Lo minikube \

 && chmod +x minikube \

 && sudo cp minikube /usr/local/bin/ \

 && rm minikube

With everything installed, let’s launch minikube – this will download the Minicube ISO, which is a virtual machine containing the minikube cluster.

[aen@k8s1 ~]$ minikube start –vm-driver kvm2

Starting local Kubernetes v1.10.0 cluster…

Starting VM…

Downloading Minikube ISO

 171.87 MB / 171.87 MB [============================================] 100.00% 0s

Getting VM IP address…

Moving files into cluster…

Downloading kubeadm v1.10.0

Downloading kubelet v1.10.0

Finished Downloading kubelet v1.10.0

Finished Downloading kubeadm v1.10.0

Setting up certs…

Connecting to cluster…

Setting up kubeconfig…

Starting cluster components…

Kubectl is now configured to use the cluster.

Loading cached images from config file.

Finally lets check on your cluster configuration to ensure everything is online.

[aen@k8s1 ~]$ kubectl cluster-info

Kubernetes master is running at

CoreDNS is running at


To further debug and diagnose cluster problems, use ‘kubectl cluster-info dump’.

With that, you have a functioning Kubernetes cluster inside your virtual machine which you can use for testing and development of your Kubernetes based solutions. 

My Experiences Tech Editing Pro SQL Server on Linux

The Opportunity

Earlier this year I received an email from Jonathan Gennick, an editor at Apress books. The subject of the email was “Tech edit a book” and he asked if I was familiar with SQL Server on Linux. I excitedly replied “yes…I think I’m your guy for this”. In 2017, I had the opportunity to tech edit another book on SQL Server on Linux and had to back out of that project and this was a fantastic second chance to still be able to work on a topic I really want to participate in and help move forward. I replied to Jonathan and asked who the author is…he replied…the author is Bob Ward.

The Author

If you’re active in the SQL Server community you know Bob. Ever present at the major conferences and Principal Architect for on the SQL Server Product Team. Bob has a unique combination of world-class engineering skills and the ability to communicate extremely complex technical details in simple, approachable terms. My first experience watching Bob speak was at SQL Intersection 2014 Fall edition in Las Vegas. At this conference, I saw one of his legendary 3-hour sessions on SQL Server internals. He delivered a session on SQL Server’s memory management system. I remember being amazed by how he took a very complex topic and made it very approachable and understandable to the audience, I even tweeted about it here

The Book

Knowing what an exceptional communicator Bob is and having the opportunity to tech edit a book written by him, this was a no-brainer. I wanted to do this project. We kicked off the project and the first chapter was delivered its title is “Why SQL Server on Linux”. This chapter alone makes the book worth every penny. In this chapter, you’ll learn about the journey of putting SQL Server on Linux. You get first-hand anecdotal stories straight from Bob’s experiences getting SQL Server working on Linux. I remember reading that first chapter and thinking, this is a stellar intro to the book, I literally don’t want to stop reading.

In each chapter, Bob brings his years of experience to help tell the reader what they really need to know about SQL Server on Linux, how it works and how to have a successful SQL Server on Linux deployment. And throughout the book, Bob brings historical anecdotes describing how the various facets of SQL Server got to where they are today. And he also calls out the work of the PMs and members of the product team for the features or innovations they’re responsible for as they’re discussed in the chapters of the book. Bob even takes time to give credit to various members of the SQL Server community and their contributions. This book is as much about the people and journey, as the technology being discussed. 

Getting the Book

The book is still in the final stages of the publishing process and it’s currently available for pre-order online at Apress’ site and also on Amazon. Oh, and at the time of me writing this post, the book is currently number 1 in the “Linux Servers” new releases category and number 18 in the overall “Linux” new releases category on Amazon! Congrats Bob on the book and the successful release!

Bob wrote a blog post about his experiences writing the book, check it out here!

Pro SQL Server on Linux

New Pluralsight Course – Provisioning Microsoft Azure Virtual Machines

My new course “Provisioning Microsoft Azure Virtual Machines” in now available on Pluralsight here! If you want to learn about the course, check out the trailer here or if you want to dive right in check it out here! This course offers practical tips from my experiences building Azure Virtual Machines for Centino Systems clients.

This course targets IT professionals that design and maintain Azure IaaS based solutions.The course can be used by both the IT pro learning new skills and the senior system administrator preparing for using IaaS Virtual Machine services in Microsoft Azure

Let’s take your Azure administration skills to the next level and get you started now!

The modules of the course are:

  • Provisioning VMs with the Microsoft Azure Portal, Azure CLI, and PowerShell – Learn how to create Virtual Machines using Azure tools.
  • Building and Deploying a Custom Virtual Machine Image – Learn how to create a VM image, with your configuration and your apps to source additional VM deployments.
  • Managing Virtual Machine Disks – Learn common disk administrative operations such as adding, expanding, snapshotting and removing virtual hard disks.
  • Designing and Implementing Azure DevTest Labs – Learn how to quickly create a lab, test or classroom environment of virtual machines.

Pluralsight Redhat Linux

Check out the course at Pluralsight!

I’m Speaking at SQLSaturday Cambridge!

Speaking at SQLSaturday Cambridge!

I’m proud to announce that I will be speaking at SQL Saturday Cambridge on September 8th 2018! And wow, 748 SQL Saturdays! This one won’t let you down. Check out the amazing schedule of International Experts and Microsoft MVPs!

If you don’t know what SQLSaturday is, it’s a whole day of free SQL Server training available to you at no cost!

If you haven’t been to a SQLSaturday, what are you waiting for! Sign up now!

SQLSaturday #748 - Cambridge 2018

This year I have TWO sessions!

1. Monitoring Linux Performance for the SQL Server Admin

So you’re a SQL Server administrator and you just installed SQL Server on Linux. It’s a whole new world. Don’t fear, it’s just an operating system. It has all the same components Windows has and in this session we’ll show you that. We will look at the Linux operating system architecture and show you where to look for the performance data you’re used to! Further we’ll dive into SQLPAL and how it architecture and internals enables high performance for your SQL Server. By the end of this session you’ll be ready to go back to the office and have a solid understanding of performance monitoring Linux systems and SQL on Linux. We’ll look at the core system components of CPU, Disk, and Memory and monitoring techniques for each.

2. Containers – You Better Get on Board

Containers are taking over, changing the way systems are developed and deployed…and that’s NOT hyperbole. Just imagine if you could deploy SQL Server or even your whole application stack in just minutes. You can do that, leveraging containers! In this session, we’ll get your started on your container journey learning container fundamentals in Docker, then look at some common container scenarios and introduce deployment automation with Kubernetes. In this session we’ll look at Container Fundamentals with Docker Common Container Scenarios Automation with Kubernetes.

Questions from PASS Marathon Containers

Thanks to everyone who attended the PASS Marathon Containers edition and to PASS for the opportunity to present. I received the Questions from the session and wanted to provide answers to the attendees and the community.
If you want to see the session again, check it out on YouTube. The decks are available online at
Here’s the list of questions from the session and my answers.
  • What do you mean it is not for production environment in Windows?
    • It’s my understanding that only Linux based SQL Server containers are supported and that Windows based containers are not. I’m looking to find an official statement, like a web site link) from Microsoft on this but I am having troubles doing so. Here is the official statement on running SQL Server on Linux in a Container –

  • When you say App1 on a container, is it just 1 executable/service or can be multiple of those on the same container?
    • Generally speaking you’ll want only one process in a container. A primary reason for using containers is agility and a core way of achieving that is breaking dependencies by reducing what’s included inside the container.. Technically speaking, you can have more than one process inside a container. If fact SQL Server on Linux does. There’s the Watchdog process, then the actual SQL Server process. The output below is a process listing from inside a running SQL Server on Linux container. You can see PID 1 and 7 are processes inside the container.

      root 1   /opt/mssql/bin/sqlservr

      root 7   /opt/mssql/bin/sqlservr

      For the internals geeks out there, let’s look a a process listing on the host OS that’s running our container. From there we can see that the sqlservr process is a child process of containerd which is managed by dockerd. This is the same SQL Server process inside the container. But in the first example you here can see the impact of namespaces…the process IDs are rebased and start at 1 and the second SQL Server PID is 9. In the output below you can see the PIDs are 2172 and 2213.

      root 1034 /usr/bin/dockerd

      root 1245 \_ docker-containerd 

      root 2154     \_ docker-containerd-shim -namespace moby -workdir 

      root 2172         \_ /opt/mssql/bin/sqlservr

      root 2213             \_ /opt/mssql/bin/sqlservr

  • Maybe I missed this part, how do I know what kind of image I could pull down?
    • In the demos I show how to use docker search to find images that are available from the Docker Hub. If you prefer a web browser experience, check out the Docker Hub to see what containers are available to you. Here’s the code to find the mysql-server images available in Docker Hub.
      • docker search mssql-server | sort
  • Does SQL Container fit into production environment?
    • Here is a link to the official word from Microsoft on running containers in production –
    • What I want you to leave this session with is an introduction to containers, starting your journey on what’s next when using containers. To that end here are some of the things you’ll need to consider before using containers in production
      • Is your organization ready – Do the operational skills and technologies exist to support using containers in production.
      • Backup and recovery – Does the organization have a strong backup and recovery environment. How are you going to protect the data running in a SQL Server container. Luckily, it’s just SQL Server on Linux so you can use the traditional technologies and techniques to backup your data. 
      • Data persistency – Understanding the underlying physical infrastructure and how to persistent data in ways that it’s protected and well performing.
      • Orchestration – Is there technologies in place to manage the state of your containers, things like workload placement, starting, stopping and also data persistency.
  • How do SQL Containers work with High Availability and Disaster Recovery?
    • Backups and data persistency are primary concerns here. You still need to care and feed for your SQL Server databases just as if they were platformed on a full operating system. For HA, Microsoft has some guidance on how to use Kubernetes to provide HA services to your SQL Server containers here. What I want you to think about when using containers for SQL Server is deploying a new container is VERY fast. We want to be able to persist the data and be able to stand up a new container and mount our data inside that container. Using this technique we can restore SQL Services very quickly with low RTO. That itself is an interesting way to provide HA services without any additional technologies.
  • Is there a way to have persistent storage for the system databases (e.g. master database for logins and what not)?
    • In the demos during the session I defined a Docker Data Volume when we started the container where we mounted that as /var/opt/mssql/ inside the container.  When SQL Server on Linux starts for the first time it will copy the system databases from its package directories into /var/opt/mssql/data. Since this data is stored in the persistent data volume if we stop and delete this container and start a new container pointing at that same docker data volume when SQL Server starts up it will use those system databases.

      Starting a SQL Server Container with a Docker Data Volume. The -v parameter names the volume sqldata1 and /var/opt/mssql is where it will be mounted inside the container.

  • How about the backup of a container? can it be like VM’s snapshot? 
    • You can snapshot the state of a container with docker commit. This will create a new image from the container and that image can be used to create additional containers. But recall, containers are intended to be ephemeral, we really want to define the state of the container OUTSIDE of the container in code. The things inside the container that require data persistency, like databases should be taken care of using  techniques like Docker Data Volume, backups and other high availability scenarios.


Speaking at SQLSaturday Sacramento – 757!

Speaking at SQLSaturday Sacramento!

I’m proud to announce that I will be speaking at SQL Saturday Sacramento on July 28th 2018! And wow, 757 SQL Saturdays! This one won’t let you down. Check out the amazing schedule!

If you don’t know what SQLSaturday is, it’s a whole day of free SQL Server training available to you at no cost!

If you haven’t been to a SQLSaturday, what are you waiting for! Sign up now!

SQLSaturday #757 - Sacramento 2018

This year I have TWO sessions!

1. Monitoring Linux Performance for the SQL Server Admin

So you’re a SQL Server administrator and you just installed SQL Server on Linux. It’s a whole new world. Don’t fear, it’s just an operating system. It has all the same components Windows has and in this session we’ll show you that. We will look at the Linux operating system architecture and show you where to look for the performance data you’re used to! Further we’ll dive into SQLPAL and how it architecture and internals enables high performance for your SQL Server. By the end of this session you’ll be ready to go back to the office and have a solid understanding of performance monitoring Linux systems and SQL on Linux. We’ll look at the core system components of CPU, Disk, Memory and Networking monitoring techniques for each and look some of the new tools available.

2. Containers – You Better Get on Board

Containers are taking over, changing the way systems are developed and deployed…and that’s NOT hyperbole. Just imagine if you could deploy SQL Server or even your whole application stack in just minutes. You can do that, leveraging containers! In this session, we’ll get your started on your container journey learning container fundamentals in Docker, then look at some common container scenarios and introduce deployment automation with Kubernetes. In this session we’ll look at Container Fundamentals with Docker Common, Container Scenarios and Orchestration with Kubernetes

Microsoft Most Valuable Professional – Data Platform for 2018-2019

Today, I’m proud to announce that I have been renewed as an Microsoft MVP – Data Platform for the 2018-2019 award year, my second MVP award. This is an truly an honor and I’m humbled to be included in this group of exceptional data professionals. I really look forward to continuing to work with everyone in the MVP community and continuing to contribute to our unmatched SQL Community!

MVP Logo Horizontal Secondary Blue286 CMYK 300ppi

What is an MVP?

Here’s the definition according to Microsoft

Microsoft Most Valuable Professionals, or MVPs, are technology experts who passionately share their knowledge with the community. They are always on the “bleeding edge” and have an unstoppable urge to get their hands on new, exciting technologies. They have very deep knowledge of Microsoft products and services, while also being able to bring together diverse platforms, products and solutions, to solve real world problems. MVPs make up a global community of over 4,000 technical experts and community leaders across 90 countries and are driven by their passion, community spirit, and quest for knowledge. Above all and in addition to their amazing technical abilities, MVPs are always willing to help others – that’s what sets them apart.

For 2018-2019, I have been named a Data Platform MVP, which means my technical specialization is on data products like SQL Server. The group of people that have received this award is quite small…by my count 367 worldwide and less than 100 in the US. I’m honored to be in this group of talented professionals.

Why I’m excited to be an MVP?

Honestly, the primary reason I’m excited to be an MVP is to give back (more), I’ve learned so much from other MVPs and receiving this award will help me to continue to build relationships with other MVPs and Microsoft employees to further help develop the Data Platform itself and the community that surrounds that platform.

At the start of 2016 I had set a goal of being an MVP in 5 years. I don’t know why I picked that number, but what I figured was…MVP would be validation of consistent, quality work for our community and being recognized for the work that I’ve contributed. Things like blogging, social media, public speaking and more. You learn a ton by teaching! 

To the people that have helped along the way, I thank you all!