Kubernetes is a modern cloud native container orchestration tool and one of the most popular open source projects worldwide. In addition to the technology being powerful and highly flexible, Kubernetes engineers are in high demand across the industry.
This book is a comprehensive guide to deploying, securing, and operating modern cloud native applications on Kubernetes. From the fundamentals to Kubernetes best practices, the book covers essential aspects of configuring applications. You'll even explore real-world techniques for running clusters in production, tips for setting up observability for cluster resources, and valuable troubleshooting techniques. Finally, you'll learn how to extend and customize Kubernetes, as well as gaining tips for deploying service meshes, serverless tooling, and more on your cluster.
By the end of this Kubernetes book, you'll be equipped with the tools you need to confidently run and extend modern applications on Kubernetes.
Author(s): Alexander Raul
Publisher: Packt Publishing
Year: 2021
Language: English
Pages: 446
Cover
Title Page
Copyrights and Credits
About Packt
Contributors
Table of Contents
Preface
Section 1: Setting Up Kubernetes
Chapter 1: Communicating with Kubernetes
Technical requirements
Introducing container orchestration
What is container orchestration?
Benefits of container orchestration
Popular orchestration tools
Kubernetes' architecture
Kubernetes node types
The Kubernetes control plane
The Kubernetes API server
The Kubernetes scheduler
The Kubernetes controller manager
etcd
The Kubernetes worker nodes
kubelet
kube-proxy
The container runtime
Addons
Authentication and authorization on Kubernetes
Namespaces
Users
Authentication methods
Kubernetes' certificate infrastructure for TLS and security
Authorization options
RBAC
ABAC
Using kubectl and YAML
Setting up kubectl and kubeconfig
Imperative versus declarative commands
Writing Kubernetes resource YAML files
Summary
Questions
Further reading
Chapter 2: Setting Up Your Kubernetes Cluster
Technical requirements
Options for creating a cluster
minikube – an easy way to start
Installing minikube
Creating a cluster on minikube
Managed Kubernetes services
Benefits of managed Kubernetes services
Drawbacks of managed Kubernetes services
AWS – Elastic Kubernetes Service
Getting started
Google Cloud – Google Kubernetes Engine
Getting started
Microsoft Azure – Azure Kubernetes Service
Getting started
Programmatic cluster creation tools
Kubeadm
Kops
Kubespray
Creating a cluster with Kubeadm
Installing Kubeadm
Starting the master nodes
Starting the worker nodes
Setting up kubectl
Creating a cluster with Kops
Installing on macOS
Installing on Linux
Installing on Windows
Setting up credentials for Kops
Setting up state storage
Creating clusters
Creating a cluster completely from scratch
Provisioning your nodes
Creating the Kubernetes certificate authority for TLS
Creating config files
Creating an etcd cluster and configuring encryption
Bootstrapping the control plane component
Bootstrapping the worker node
Summary
Questions
Further reading
Chapter 3: Running Application Containers on Kubernetes Using Pods
Technical requirements
What is a Pod?
Implementing Pods
Pod paradigms
Pod networking
Pod storage
Namespaces
The Pod life cycle
Understanding the Pod resource spec
Summary
Questions
Further reading
Section 2: Configuring and Deploying Applications on Kubernetes
Chapter 4: Scaling and Deploying Your Application
Technical requirements
Understanding Pod drawbacks and their solutions
Pod controllers
Using ReplicaSets
Replicas
Selector
Template
Testing a ReplicaSet
Controlling Deployments
Controlling Deployments with imperative commands
Harnessing the Horizontal Pod Autoscaler
Implementing DaemonSets
Understanding StatefulSets
Using Jobs
CronJobs
Putting it all together
Summary
Questions
Further reading
Chapter 5: Services and Ingress – Communicating with the Outside World
Technical requirement
Understanding Services and cluster DNS
Cluster DNS
Service proxy types
Implementing ClusterIP
Protocol
Using NodePort
Setting up a LoadBalancer Service
Creating an ExternalName Service
Configuring Ingress
Ingress controllers
Summary
Questions
Further reading
Chapter 6: Kubernetes Application Configuration
Technical requirements
Configuring containerized applications using best practices
Understanding ConfigMaps
Understanding Secrets
Implementing ConfigMaps
From text values
From files
From environment files
Mounting a ConfigMap as a volume
Mounting a ConfigMap as an environment variable
Using Secrets
From files
Manual declarative approach
Mounting a Secret as a volume
Mounting a Secret as an environment variable
Implementing encrypted Secrets
Checking whether your Secrets are encrypted
Disabling cluster encryption
Summary
Questions
Further reading
Chapter7: Storage on Kubernetes
Technical requirements
Understanding the difference between volumes and persistent volumes
Volumes
Persistent volumes
Persistent volume claims
Attaching Persistent Volume Claims (PVCs) to Pods
Persistent volumes without cloud storage
Installing Rook
The rook-ceph-block storage class
The Rook Ceph filesystem
Summary
Questions
Further reading
Chapter 8: Pod Placement Controls
Technical requirements
Identifying use cases for Pod placement
Kubernetes node health placement controls
Applications requiring different node types
Applications requiring specific data compliance
Multi-tenant clusters
Multiple failure domains
Using node selectors and node name
Implementing taints and tolerations
Multiple taints and tolerations
Controlling Pods with node affinity
Using requiredDuringSchedulingIgnoredDuringExecution node affinities
Using preferredDuringSchedulingIgnoredDuringExecution node affinities
Multiple node affinities
Using inter-Pod affinity and anti-affinity
Pod affinities
Pod anti-affinities
Combined affinity and anti-affinity
Pod affinity and anti-affinity limitations
Pod affinity and anti-affinity namespaces
Summary
Questions
Further reading
Section 3: Running Kubernetes in Production
Chapter 9: Observability on Kubernetes
Technical requirements
Understanding observability on Kubernetes
Understanding what matters for Kubernetes cluster and application health
Using default observability tooling
Metrics on Kubernetes
Logging on Kubernetes
Installing Kubernetes Dashboard
Alerts and traces on Kubernetes
Enhancing Kubernetes observability using the best of the ecosystem
Introducing Prometheus and Grafana
Implementing the EFK stack on Kubernetes
Implementing distributed tracing with Jaeger
Third-party tooling
Summary
Questions
Further reading
Chapter 10: Troubleshooting Kubernetes
Technical requirements
Understanding failure modes for distributed applications
The network is reliable
Latency is zero
Bandwidth is infinite
The network is secure
The topology doesn't change
There is only one administrator
Transport cost is zero
The network is homogeneous
Troubleshooting Kubernetes clusters
Case study – Kubernetes Pod placement failure
Troubleshooting applications on Kubernetes
Case study 1 – Service not responding
Case study 2 – Incorrect Pod startup command
Case study 3 – Pod application malfunction with logs
Summary
Questions
Further reading
Chapter 11: Template Code Generation and CI/CD on Kubernetes
Technical requirements
Understanding options for template code generation on Kubernetes
Helm
Kustomize
Implementing templates on Kubernetes with Helm and Kustomize
Using Helm with Kubernetes
Using Kustomize with Kubernetes
Understanding CI/CD paradigms on Kubernetes – in-cluster and out-of-cluster
Out-of-cluster CI/CD
In-cluster CI/CD
Implementing in-cluster and out-of-cluster CI/CD with Kubernetes
Implementing Kubernetes CI with AWS Codebuild
Implementing Kubernetes CI with FluxCD
Summary
Questions
Further reading
Chapter 12: Kubernetes Security and Compliance
Technical requirements
Understanding security on Kubernetes
Reviewing CVEs and security audits for Kubernetes
Understanding CVE-2016-1905 – Improper admission control
Understanding CVE-2018-1002105 – Connection upgrading to the backend
Understanding the 2019 security audit results
Implementing tools for cluster configuration and container security
Using admission controllers
Enabling Pod security policies
Using network policies
Handling intrusion detection, runtime security, and compliance on Kubernetes
Installing Falco
Understanding Falco's capabilities
Mapping Falco to compliance and runtime security use cases
Summary
Questions
Further reading
Section 4: Extending Kubernetes
Chapter 13: Extending Kubernetes with CRDs
Technical requirements
How to extend Kubernetes with custom resource definitions
Writing a custom resource definition
Self-managing functionality with Kubernetes operators
Mapping the operator control loop
Designing an operator for a custom resource definition
Using cloud-specific Kubernetes extensions
Understanding the cloud-controller-manager component
Installing cloud-controller-manager
Understanding the cloud-controller-manager capabilities
Using external-dns with Kubernetes
Using the cluster-autoscaler add-on
Integrating with the ecosystem
Introducing the Cloud Native Computing Foundation
Summary
Questions
Further reading
Chapter 14: Service Meshes and Serverless
Technical requirements
Using sidecar proxies
Using NGINX as a sidecar reverse proxy
Using Envoy as a sidecar proxy
Adding a service mesh to Kubernetes
Setting up Istio on Kubernetes
Implementing serverless on Kubernetes
Using Knative for FaaS on Kubernetes
Using OpenFaaS for FaaS on Kubernetes
Summary
Questions
Further reading
Chapter 15: Stateful Workloads on Kubernetes
Technical requirements
Understanding stateful applications on Kubernetes
Popular Kubernetes-native stateful applications
Understanding strategies for running stateful applications on Kubernetes
Deploying object storage on Kubernetes
Installing the Minio Operator
Installing Krew and the Minio kubectl plugin
Starting the Minio Operator
Creating a Minio tenant
Accessing the Minio console
Running DBs on Kubernetes
Running CockroachDB on Kubernetes
Testing CockroachDB with SQL
Implementing messaging and queues on Kubernetes
Deploying RabbitMQ on Kubernetes
Summary
Questions
Further reading
Assessments
Chapter 1 – Communicating with Kubernetes
Chapter 2 – Setting Up Your Kubernetes Cluster
Chapter 3 – Running Application Containers on Kubernetes
Chapter 4 – Scaling and Deploying Your Application
Chapter 5 – Services and Ingress – Communicating with the Outside World
Chapter 6 – Kubernetes Application Configuration
Chapter 7 – Storage on Kubernetes
Chapter 8 – Pod Placement Controls
Chapter 9 – Observability on Kubernetes
Chapter 10 – Troubleshooting Kubernetes
Chapter 11 – Template Code Generation and CI/CD on Kubernetes
Chapter 12 – Kubernetes Security and Compliance
Chapter 13 – Extending Kubernetes with CRDs
Chapter 14 – Service Meshes and Serverless
Chapter 15 – Stateful Workloads on Kubernetes
Other Books You May Enjoy
Index
