How to search image name in multiple Pods on Kubernetes like a Pro?

Introduction

Sometimes we have a requirement to find a particular image which any pod is using. But you are not sure about the image. In that case we have the describe command to check and see all the information about the pod. The problem occurs when you have multiple pods and you can't write multiple describe commands to find that image. So we'll do it differently using a loop like Pro. 

Prerequisites

You need to have the Kubernetes installed on your machine and it's up and running. You can check it by running below command.

kubectl get pods

If you see some error like command not found then probably you don't have Kubernetes installed on your machine so you need to get it installed. 

Let's start

First we'll create multiple Pods on our cluster with different images. Code is below:

for img in nginx3 alpine alpine2 alpine3

do

kubectl run $img --image=$img

done

Results:

pod/nginx3 created

pod/alpine created

pod/alpine2 created

pod/alpine3 created

So I used a for loop in bash script and passed multiple images name and created multiple Pods at once.

Now I am checking the status of pods. Since i used wrong images so there must be multiple pods in not running status.

kubectl get pods

NAME READY STATUS RESTARTS AGE

alpine 0/1 CrashLoopBackOff 4 (56s ago) 3m10s

alpine2 0/1 ImagePullBackOff 0 3m10s

alpine3 0/1 ImagePullBackOff 0 3m10s

nginx 1/1 Running 0 3h38m

nginx2 1/1 Running 0 3h33m

nginx3 0/1 ImagePullBackOff 0 3m10s

So we have multiple Pods now, we can look for images using our favourite for loop.

Let's list Pod and it's image.

for pds in $(kubectl get pods --no-headers -o custom-columns=":metadata.name")

do

echo "*************Pod_Name: $pds**************"

kubectl describe pods $pds | grep -i image:

done

Results:

********************Pod_Name: alpine***************

Image: alpine

********************Pod_Name: alpine2**************

Image: alpine2

********************Pod_Name: alpine3**************

Image: alpine3

*******************Pod_Name: nginx*****************

Image: nginx

*******************Pod_Name: nginx2****************

Image: nginx

*******************Pod_Name: nginx3****************

Image: nginx3

Now we can see which Pod is using which image. But this solution is still not feasible because this will give me all the pods and images in default namespace. I need to search one image ie. alpine3 among all Pods.

for pds in $(kubectl get pods --no-headers -o custom-columns=":metadata.name")

do

echo "************Pod_Name: $pds**************"

kubectl describe pods $pds | grep -i "image: alpine3"

done

Just search alpine3 in your grep command and see results below. You can use if else to remove extra print from the output.

for pds in $(kubectl get pods --no-headers -o custom-columns=":metadata.name")

do

if kubectl describe pods $pds | grep -q -i "image: alpine3"

then

echo "***********Pod_Name: $pds*****************"

else

echo

fi

done

*************Pod_Name: alpine3**************

Conclusion

Combining your shell scripting skill can be very useful in Kubernetes. You can get multiple things done quickly. This was example to find images in multiple Pods but you can use above script to find other properties as well like variables and configs. Using shell script you can automate lot of stuff on Kubernetes. 

Default memory limits for a Kubernetes Pod

Understanding about memory and other resources consumption is very important in Kubernetes. Whenever we run a Pod it consumes some amount of memory and cpu depending on the load.

By default Pods run with unbounded CPU and memory limits. That means any Pod in the system will be able to consume as much CPU and memory on the node that executes the Pod. So to avoid these situations user can impose some restrictions on the amount of resource a single Pod can use for variety of reasons. 

To impose a memory restrictions we have few options:

1. Either we can define our memory and cpu limits in deployment file

2. Or we can create a limit which will used to set default memory limit to Pods in specific namespace.

Let's create a namespace first by below command.

kubectl create namespace memory-demo

Now create a pod using yaml file.

apiVersion: v1

kind: Pod

metadata:

name: mem-demo

namespace: memory-demo

spec:

containers:

- name: mem-demo-cont

image: polinux/stress

resources:

requests:

memory: "100Mi"

limits:

memory: "200Mi"

command: ["stress"]

args: ["--vm", "1", "--vm-bytes", "150M", "--vm-hang", "1"]

We have provided a memory limit 200Mi. Save it as mempod.yaml and run below command to create the pod.

kubectl create -f mempod.yaml

Note: Mi and MB are different but they are close in size. 
Mi(Mebibyte) = 1024 KB
MB(Megabyte) = 1000 KB

Now let's check the memory consumption of above pod using below command.

kubectl get pod mem-demo -n memory-demo -o yaml | grep -i resources -A 4

O/P:

resources:

limits:

memory: 200Mi

requests:

memory: 100Mi

Let's try to understand what will happen when pod will exceed the memory limit. We'll create a pod again to exceed memory limits. Use the above mempod.yaml file and just change the memory limits to lower and see.

apiVersion: v1

kind: Pod

metadata:

name: mem-demo

namespace: memory-demo

spec:

containers:

- name: mem-demo-cont

image: polinux/stress

resources:

requests:

memory: "50Mi"

limits:

memory: "50Mi"

command: ["stress"]

args: ["--vm", "1", "--vm-bytes", "150M", "--vm-hang", "1"]

Before creating the same again again we need to delete the existing pod first using below command.

kubectl delete pod mem-demo -n memory-demo

kubectl create -f mempod.yaml

Check if new pod created is in running state? by running below command

kubectl get pods -n memory-demo

NAME READY STATUS RESTARTS AGE

mem-demo 0/1 CrashLoopBackOff 6 9m34s

So it's not running and it's failed. Let's debug why it's failed using kubectl describe command.

kubectl describe pods mem-demo -n memory-demo | grep -i state -A 5

State: Waiting

Reason: CrashLoopBackOff

Last State: Terminated

Reason: OOMKilled

Exit Code: 1

It says OOM killed means memory limit was exceeded and it was killed. 

Instead of assigning memory limits and resources to individual pods we can create memory limits in namespace and every pod created in this namespace will have the default memory limit. 

To do this we'll create a limit range in memory-demo namespace. 

apiVersion: v1

kind: LimitRange

metadata:

name: mem-limit-range

spec:

limits:

- default:

memory: 512Mi

defaultRequest:

memory: 256Mi

type: Container

save it as limit.yaml

kubectl apply -f limit.yaml -n memory-demo

So limit range has been created and we can verify it by below command.

kubectl get limits -n memory-demo

NAME CREATED AT

mem-limit-range 2022-08-07T13:27:36Z

Now create a Pod using imperative command way

kubectl run nginx --image=nginx -n memory-demo

And check the memory limits for the container , it should be default limits by limit range.

spec:

containers:

- image: nginx

imagePullPolicy: Always

name: nginx

resources:

limits:

memory: 512Mi

requests:

memory: 256Mi

That's how we can use the limit range to set default memory limits.

Note: If you think this helped you and you want to learn more stuff on devops, then I would recommend joining the Kodecloud devops course and go for the complete certification path by clicking this link

Understanding the replica set in Kubernetes

What is Replica?

Replica means copy so having exact same copy of a running pod is called as Replica. Where as ReplicaSet is a way to maintain the stable set of replica Pods running at any time. It guarantees the availability of specified number of identical Pods.

How does it work

ReplicaSet is defined with fields having a selector that specifies how to identify Pods It can acquire, a number of replicas indicating how many Pods it should be maintaining and a pod template specifying the data of  of new pods which it should be maintaining. When replica-set needs to create a new pod it uses pod template to create a new pod.

ReplicaSet VS ReplicationController

ReplicaSet and Replication Controller both do the same thing. Both of them ensures that a specified number of Pods mentioned in replicas are running at any time. The only difference comes with the usage 

of selectors to replicate Pods.ReplicaSet uses Set-Based selectors while Replication Controller use Equity-Based selectors.

See in below examples:

Replication Controller

apiVersion: v1

kind: ReplicationController

metadata:

name: RepCon

spec:

replicas: 3

selector:

app: RepCon

template:

metadata:

name: RepCon

labels:

app: RepCon

spec:

containers:

- name: RepCon

image: RepCon/rc

ports:

- containerPort: 80

Replica-Set

apiVersion: apps/v1

kind: ReplicaSet

metadata:

name: frontend

labels:

app: RS

tier: frontend

spec:

# modify replicas according to your case

replicas: 3

selector:

matchLabels:

tier: frontend

template:

metadata:

labels:

tier: frontend

spec:

containers:

- name: redis

image: gcr.io/google_samples/gb-frontend:v3

Save it as ReplicaSet.yaml in current directory and run below command.

kubectl apply -f ReplicaSet.yaml

Now you can check the ReplicaSet with below command:

kubectl get rs

or

kubectl get replicaset

Note: If you think this helped you and you want to learn more stuff on devops, then I would recommend joining the Kodecloud devops course and go for the complete certification path by clicking this link

Creating a Pod inside a Namespace

 Creating a Pod inside a Namespace

We are going to understand what is namespace in programming and what is namespace in Kubernetes world. Both are actually very much same. So today we'll talk about the namespace ,how to create it, check it and creating a Pod in a namespace.

Namespace

A namespace is set of signs or names that are used to identify and refer to objects of various kinds. A namespace ensures that all of the objects have unique name so that they can be easily identified. You can 

correlate this with schema in SQL server database where you can have multiple  tables with same name but in different schema. 

Similarly you can have multiple pods with same name but in different namespace.

How to check all available namespaces?

You can run kubectl get namespaces to get all available namespaces on cluster.

kubectl get namespaces

NAME              STATUS   AGE

default           Active   2d

kube-public       Active   2d

kube-system       Active   2d

You can also run kubectl get ns , where ns is short form of namespace.

How to create a namespace

To create a namespace you need to run kubectl create namespace namespace_name

kubectl create namespace test

namespace/test created

kubectl get namespaces         

NAME              STATUS   AGE

default           Active   82d

kube-public       Active   82d

kube-system       Active   82d

test              Active   5s

You can see test namespace has been created. 

Now you'll notice what are these namespaces other than test. I didn't create them. Let me explain.

• kube-system: Namespace for objects created by kubernetes system
• default: It's default namespace when you don't specify name then objects will be created in default namespace
• kube-public: This is created automatically and readable by all users. This namespace is mostly reserved for cluster usage.

Let' create a Pod in test namespace now using below commands.

kubectl run mypod --image=nginx -n test

kubectl run mypod --image=nginx -n test

pod/mypod created

Let's check the pod and make sure you look at test namespace.

kubectl get pods -n test

NAME    READY   STATUS    RESTARTS   AGE

mypod   1/1     Running   0          2m10s

I have created mypod in prod namespace as well. So we can have an application with same name but in different namespace.

kubectl run mypod --image=nginx -n prod

pod/mypod created

kubectl get pods -n prod               

NAME    READY   STATUS    RESTARTS   AGE

mypod   1/1     Running   0          14s

Conclusion

Namespace is very useful when deploying your application on cluster. It's always a best practice to create a namespace and deploy your application. You can think of a scenario where one team creates a pod with name testPod and other team also tries to name a pod testPod. So in this case Pod creation will be failed due to duplicate name. So best practice says create your pod inside a namespace. 

Note: If you think this helped you and you want to learn more stuff on devops, then I would recommend joining the Kodecloud devops course and go for the complete certification path by clicking this link

Debugging your pod on Kubernetes?

 Debugging the pods on Kubernetes

Debugging is very important to identify the issue in Pod. sometimes your application may behave differently /wrong. Your Pod has stopped or some other issues happening inside your Pod. You can always debug that to identify the issue and fix it. 

So the most basic thing we do to debug the issue is to start with checking the logs. Logs are very crucial part and play very important role in any application. If anything goes wrong we can always check the logs and analyse it. Similar to above we are going to check the logs, events and definition of Pod to identify the issues. 

To start with it, we first need to run the pod. You can follow below command to run the pod.

kubectl run mypod --image=nginx

Here mypod is name of the pod and nginx image will be used.

Check if the pod is running. 

kubectl get pods

Result below:

NAME    READY   STATUS              RESTARTS   AGE

mypod   0/1     ContainerCreating   0          5s

It says container creating state. We may wait and see if it is completed and running state.

NAME    READY   STATUS    RESTARTS   AGE

mypod   1/1     Running   0          21s

So it's in running state. We can also use yaml file to create the pod.

Let's break something and see what we issues and status we get. I'll delete the pod and recreate it with the wrong image name.

To delete the Pod use below command:

kubectl delete pod mypod

pod "mypod" deleted

Now since the pod has been delete let's recreate it with wrong image.

kubectl run mypod --image=nginx-myimage-123

Run it and pod will be created successfully. But wait did we check the status if the pod is running. 

Check it using Kubectl get pods command.

kubectl get pods

NAME    READY   STATUS         RESTARTS   AGE

mypod   0/1     ErrImagePull   0          9s

You can identify under the status column that there is an error. It says ErrImagePull. We can guess that there is an error during image pull. We know that because we put that wrong image name. But in real life scenario we don't know about if our image is wrong. So we can check the events. 

To check the events we can use describe command:

kubectl describe pod mypod

Once we run this command it will give us result in key/value pair format. Just scroll to the bottom and look for the events. 

Events:

  Type     Reason     Age                From               Message

  ----     ------     ----               ----               -------

  Normal   Scheduled  34s                default-scheduler  Successfully assigned default/mypod to docker-desktop

  Normal   BackOff    26s                kubelet            Back-off pulling image "nginx-myimage-123"

  Warning  Failed     26s                kubelet            Error: ImagePullBackOff

  Normal   Pulling    12s (x2 over 33s)  kubelet            Pulling image "nginx-myimage-123"

  Warning  Failed     6s (x2 over 27s)   kubelet            Failed to pull image "nginx-myimage-123": rpc error: code = Unknown desc = Error response from daemon: pull access denied for nginx-myimage-123, repository does not exist or may require 'docker login': denied: requested access to the resource is denied

  Warning  Failed     6s (x2 over 27s)   kubelet            Error: ErrImagePull

Here we can see it says either repository does not exist or we don't have access to it. 

So checking the events is very important step. This can tell us what happened when we ran our kubectl run command. There is one more way by which we can check and that is logs. By checking logs can give us some insights. Sometimes we don't get much information from the events and in those scenarios checking logs can be very helpful if we can find something. We can check the log in this case as well but since the issue is only with image. We used wrong image name and this issue was very much understandable from the events. But let's check the logs anyway by running below command.

kubectl logs mypod

Result:

Error from server (BadRequest): container "mypod" in pod "mypod" is waiting to start: trying and failing to pull image

In logs also we can check that its saying "trying and failing to pull image" step.

If we have specific container failing inside the pod then you can run below command.

kubectl logs mypod container_name                           

If our container has ever crashed previously then we can use --previous flag in command.

kubectl logs --previous mypod container_name                 

Conclusion 

These are the basic ways by which we can check and fix the issues in Pod. Events can be very helpful but sometimes logs can be more helpful. So it depends on what is the issue. It's always better to check for events and then go for logs. 

Hope this can be helpful!

Note: If you think this helped you and you want to learn more stuff on devops, then I would recommend joining the Kodecloud devops course and go for the complete certification path by clicking this link

How to scan vulnerabilities for Docker images

 Vulnerability scanning for Docker

Today we use a lot of docker. It enables developers to package application into containers, A standardized

executable component combining application source code with OS libraries and dependencies required to 

run code in any environment. We create the docker image and distribute it to others but how sure are we if that image is secure enough and doesn't have any vulnerability? 

Suppose you have an image which has lot of vulnerabilities and that is being used in your production system. Then any hacker can find those weaknesses in your system and can exploit easily. So identifying the vulnerabilities in your image is very important part for the security of your system.

Vulnerability scanning  

Vulnerability scanning is the process of identifying the security weakness and flaws in the system. This is an integral part of vulnerability management program which is to protect organizations from data breach.

Vulnerability scanning for docker local images allow teams to review the security state of the container images and take actions on fixing issues identified during scan.

Docker scan runs on Snyk engine. It is providing users the visibility into the security standards of their Dockerfiles and images. Users triggers vulnerability scans through CLI and use the CLI to view the results. The scan results contain the list of common vulnerabilities and exposures also called as CVEs. 

  

I recommend upgrading to latest version to Docker scan tool. 

Let's check the options available for docker scan using help command.

docker scan --help

docker scan --help

Usage: docker scan [OPTIONS] IMAGE

A tool to scan your images

Options:

      --accept-license    Accept using a third party scanning provider

      --dependency-tree   Show dependency tree with scan results

      --exclude-base      Exclude base image from vulnerability scanning (requires --file)

  -f, --file string       Dockerfile associated with image, provides more detailed results

      --group-issues      Aggregate duplicated vulnerabilities and group them to a single one (requires --json)

      --json              Output results in JSON format

      --login             Authenticate to the scan provider using an optional token (with --token), or web base token if empty

      --reject-license    Reject using a third party scanning provider

      --severity string   Only report vulnerabilities of provided level or higher (low|medium|high)

      --token string      Authentication token to login to the third party scanning provider

      --version           Display version of the scan plugin

Now you can see all the options available with docker scan. Let's check the version using below command.

docker scan --accept-license --version

So if you have version earlier that v0.11.0 then docker scan is not able to detect log4j-CVE-2021-44228.

You must update you docker desktop to 4.3.1 or higher.

How to scan

You can docker scan command just by passing the image name. 

docker scan my-image

Above command will provide you a report on terminal about your scan. 

Scan images during Development and Production

Creating an image from Dockerfile or rebuilding it can introduce new vulnerabilities in the system. So scanning the image during the development process should be a normal workflow. You can automate this process like:

 image_building ==> docker scan image ==> Push to dockerhub/private registry

For Production system, whenever there is new vulnerability discovered, running the scan can always be a better idea to detect that vulnerability in your system. Periodically scanning of container should be a good choice.

Ending thoughts

Building secure images is continuous process. Consider all the best practices to build an efficient, scalable and secure images. Start with your base images and always remember to choose images from official and verified publisher. Because you don't know what's inside that image.

Note: If you think this helped you and you want to learn more stuff on devops, then I would recommend joining the Kodecloud devops course and go for the complete certification path by clicking this link

Running your first Pod on Kubernetes

 What is Kubernetes

Kubernetes is an open source, cloud native infrastructure tool that automates scaling, deployment and management of containerized applications. 

Kubernetes was originally developed by google and later was handed over to Cloud Native Computing Foundation(CNCF) for enhancement and maintenance. Kubernetes is the most popular and highly in demand  orchestrator tool. Kubernetes is complex tool and a bit difficult to learn compare to swarm.

Here are few main architecture components of Kubernetes below:

Cluster 

A collection of multiple nodes, typically at least one master node and several worker nodes(also known as minions)

Node

A physical or Virtual Machine(VM)

Control Plane

A component that schedule and deploys application instances across all nodes

Kubelete

An agent process running on nodes. It is responsible of managing the state of each nodes and it can perform several actions to maintain a desired state.

Pods

Pods are basic scheduling unit. Pods consist of one or more containers co-located on a host machine and share same resources.

How to run your first Pod on Kubernetes

Before you begin you need to have a Kubernetes cluster running on your system and kubectl must be configured on it. Kubectl is command line tool which will be communicating with your cluster.

The easiest way to start with it, is get the docker for desktop on windows/Mac. Once you have it you can start docker for desktop and go to settings and you can find Kubernetes label on it. Click it and it will install Kubernetes on your system.

Once done you can run below command to check if Kubernetes cluster is running.

kubectl cluster-info

This command will give you information about your Kubernetes cluster. Now since we checked that our cluster is up and running, we'll deploy our first Pod now.

To check running pods on system run below command:

kubectl get pods 

No pods running currently so you'll see no information. To run a Pod execute below command:

kubectl run ng --image=nginx 

Here ng is name of Pod I have given. you can give it any name. Now check if Pod is running?

kubectl get pods            

NAME    READY   STATUS    RESTARTS   AGE

ng      1/1     Running   0          98s

So our first Pod is running. 

A Pod can run more than one container in it. Behind the scene you are actually running a container with added abstraction layer which is called a Pod. But remember you can't have more than one container with same name inside a Pod.

You can add -o wide in you get Pod command to get more information about running Pods.

kubectl get pods -o wide    

NAME    READY   STATUS    RESTARTS   AGE   IP          NODE             NOMINATED NODE   READINESS GATES

So you get more info. 

Note: 

kubectl get pods will check running Pods in default Namespace. Kubernetes has a concept of Namespace. So you can have multiple namespaces. When you install Kubernetes so by default the are two namespaces. 

1. Default
2. kube-system

kubectl get pods --all-namespaces -o wide

By running above command you can see all Pods running on all different namespaces.

What are some more flags/options in running a pod?

#Start a single instance of busybox and keep it in the foreground, don't restart it if it exits.

Command Below:

kubectl run -i --tty busybox --image=busybox --restart=Never

# Start a replicated instance of nginx.

Command Below:

kubectl run nginx --image=nginx --replicas=3

Sometimes you need to stop and start the Pod like you do in docker. You stop the container and you start the container. But in Kubernetes, it's not possible to stop the Pod and resume later. You can edit the Pod.yaml file and redeploy your changes. But you also can delete your Pod and easily recreate it.

kubectl delete pod ng                  

pod "ng" deleted

We have successfully deleted a Pod. 

Thats how you can start you first Pod on Kubernetes. Kubernetes is most popular container orchestrator. You can run multiple Pods at scale and monitor them easily. Pods are very essential part of Kubernetes system. So Pods are used to control containers in an indirect manner in Kubernetes. This blog has covered basics of starting a Pod and deleting it.

Note: If you think this helped you and you want to learn more stuff on devops, then I would recommend joining the Kodecloud devops course and go for the complete certification path by clicking this link

Containers orchestration: Kubernetes vs Docker swarm

When deploying applications at scale, you need to plan all your architecture components with current and future strategies in mind. Container orchestration tools help achieve this by automating the management of application microservices across all clusters. 

There are few major containers orchestration tools listed below:

• Docker Swarm
• Kubernetes
• OpenShift
• Hashicorp Nomad
• Mesos

Today we'll talk about Docker Swarm and Kubernetes and we'll compare them in terms of features.

What is container orchestration 

Container orchestration is a set of practices for managing the Docker Containers at large scale. As soon as containerized applications scale to large number of containers, then there is need of container management capabilities. Such as provisioning containers, scaling up and scaling down, manage networking, load balancing ,security and others.  

Let's talk Kubernetes

Kubernetes is an open source, cloud native infrastructure tool that automates scaling, deployment and management of containerized applications. 

Kubernetes was originally developed by google and later was handed over to Cloud Native Computing Foundation(CNCF) for enhancement and maintenance. Kubernetes is the most popular and highly in demand  orchestrator tool. Kubernetes is complex tool and a bit difficult to learn compare to swarm.

Here are few main architecture components of Kubernetes below:

Cluster 

A collection of multiple nodes, typically at least one master node and several worker nodes(also known as minions)

Node

A physical or Virtual Machine(VM)

Control Plane

A component that schedule and deploys application instances across all nodes

Kubelete

An agent process running on nodes. It is responsible of managing the state of each nodes and it can perform several actions to maintain a desired state.

Pods

Pods are basic scheduling unit. Pods consist of one or more containers co-located on a host machine and share same resources.

Deployments, Replicas and ReplicaSets

Docker Swarm

Docker swarm is native to Docker platform Docker was developed to maintain the application efficiency and availability in different runtime environments by deploying containerized application microservices across multiple clusters. 

A mix of docker-compose, swarm, overlay network can be used to manage cluster of docker containers.

Docker swarm is still maturing in terms of functionalities when compare to other open source container orchestration tools.

Here are few main architecture components of Docker swarm below:

Swarm 

A collection of nodes that include at-least one manager and several worker nodes.

Service

A task that agent nodes or managers are required to perform on the swarm.

Manager node

A node tasked with delivering work. It manages and distributes the task among worker nodes.

Worker node

A node responsible for running tasks distributed by the swarm's manager node.

Tasks

Set of commands

Choosing the right Orchestrator for your containers

Kubernetes focuses on open-source and modular orchestration, offering an efficient container orchestration solution for high demand applications with complex configuration.

Docker swarm emphasises ease of use, making it most suitable for simple applications that are quick to deploy and easy to manage.

Some fundamental differences between both 

GUI:

Kubernetes features an easy web user interface(dashboards) that helps you

• Deploy containerized application on cluster 
• Manage cluster resources 
• View an error log, deployments, jobs

Unlike Kubernetes, Docker swarm does not come with Web UI to deploy applications and orchestrate containers. But there are some third party tools which can achieve this with Docker.

Availability:

Kubernetes ensure high availability by creating clusters to eliminate ingle point of failures. You can use Stacked Control Plane nodes that ensure availability by co-locating etcd objects with all available nodes of a cluster during failover. Or you can use external etcd objects for load balancing while controlling the control plane nodes separately.  

For Docker to maintain high-availability, Docker uses service replication at swarm nodes level. A swarm manager deploys multiple instances of the same container with replicas of services in each.

Scalability:

Kubernetes supports autoscaling on both  cluster level and pod level. Whereas Docker Swarm deploys containers quickly. This gives the orchestration tool faster reaction times that allow for on-demand scaling.

Monitoring: 

Kubernetes offers multiple native logging and monitoring solutions for deployed services within a cluster. Also Kubernetes supports third-party integration to help with event-based monitoring.

On the other side Docker Swarm doesn't offer monitoring solution like Kubernetes. As a result you need to rely on third party applications to support monitoring. So monitoring a Docker Swarm is considered to e more complex than Kubernetes. 

 

Note: If you think this helped you and you want to learn more stuff on devops, then I would recommend joining the Kodecloud devops course and go for the complete certification path by clicking this link