Kubernetes is an open source container management and orchestration platform. It has been giving a decent competition to spring cloud environment, claiming to be the best environment for developing and running Microservices. Hands-on Microservices with Kubernetes will help you successfully create or evolve your system using the best practices. To start with, you will learn the synergy of both Kubernetes and microservices in detail. You will discover how to use Delinkcious, which will serve as a live lab throughout the book to explain the concepts in the context of a real-world application. Next, you will set up a CI/CD pipeline and configure microservices using Kubernetes ConfigMaps. Going ahead, you will get a hands-on experience for securing microservices, implementing REST and gRPC APIs as well as the Delinkcious data store. You will also explore the Fission and Kubeless project, run a serverless task on Kubernetes and manage and implement data-intensive tests. In addition to this, you will get to grips with deploying microservices on Kubernetes and the art of maintaining a well-monitored system. Towards the end, you will learn about Service Mesh and its working with Istio in a Delinkcious cluster. By the end of this book, you'll be able to implement microservices on Kubernetes with the help of the best tools and practices.
Author(s): Gigi Sayfan
Publisher: Packt Publishing
Year: 2019
Language: English
Commentary: true epub
Pages: 494
Cover
Title Page
Copyright and Credits
About Packt
Contributors
Table of Contents
Preface
Technical requirements
Kubernetes – the container orchestration platform
The state of Kubernetes
Understanding the Kubernetes architecture
The scheduler
The kubelet
Kubectl
Packaging and deploying microservices
Securing microservices
Secrets
Network policies
Role-based access control
Upgrading microservices
Monitoring microservices
Logging
Installing Minikube
Verifying your cluster
Playing with your cluster
Installing Helm
Further reading
Chapter 2: Getting Started with Microservices
Programming in the small – less is more
Employing interfaces and contracts
Exposing your service via APIs
Managing dependencies
The uniformity versus flexibility trade-off
Taking advantage of ownership
Understanding Conway's law
Matrix
Troubleshooting across multiple services
Choosing a source control strategy
Multiple repos
One data store per microservice
Employing Command Query Responsibility Segregation
Employing API composition
Using sagas to manage transactions across multiple services
Understanding the CAP theorem
Applying the saga pattern to microservices
Further reading
Chapter 3: Delinkcious - the Sample Application
LiteIDE
Choosing Go for Delinkcious
Getting to know Go kit
Structuring microservices with Go kit
Understanding transports
Understanding endpoints
Understanding middleware
Generating the boilerplate
The cmd subdirectory
The pkg subdirectory
Introducing the Delinkcious microservices
The object model
The service implementation
Implementing the support functions
Invoking the API via a client library
Storing data
Further reading
Technical requirements
Understanding a CI/CD pipeline
Options for the Delinkcious CI/CD pipeline
Spinnaker
Tekton
Rolling your own
Building your images with CircleCI
Reviewing the source tree
Configuring the CI pipeline
Understanding the build.sh script
Dockerizing a Go service with a multi-stage Dockerfile
Exploring the CircleCI UI
Considering future improvements
Deploying a Delinkcious microservice
Argo CD utilizes GitOps
Getting started with Argo CD
Configuring Argo CD
Exploring Argo CD
Summary
Further reading
Technical requirements
What is configuration all about?
Convention over configuration
Command-line flags
Environment variables
INI format
XML format
YAML format
TOML format
Proprietary formats
Hybrid configuration and defaults
Managing configuration dynamically
When is dynamic configuration useful?
Remote configuration store
Configuring microservices with Kubernetes
Working with Kubernetes ConfigMaps
Creating and managing ConfigMaps
Applying advanced configuration
Kubernetes custom resources
Summary
Further reading
Chapter 6: Securing Microservices on Kubernetes
Applying sound security principles
User accounts
Service accounts
Managing secrets with Kubernetes
Understanding the three types of Kubernetes secret
Creating your own secrets
Passing secrets to containers
Building a secure pod
Managing permissions with RBAC
Authenticating microservices
Authorizing microservices
Always pull images
Using minimal base images
Dividing and conquering your network
Safeguarding your image registry
Granting access to Kubernetes resources as needed
Using quotas to minimize the blast radius
Implementing security contexts
Hardening your pods with security policies
Authorization via RBAC
Summary
Further reading
Technical requirements
Getting familiar with Kubernetes services
Service types in Kubernetes
East-west versus north-south communication
Building a Python-based API gateway service
Implementing social login
Routing traffic to internal microservices
Utilizing base Docker images to reduce build time
Adding ingress
Finding the Delinkcious URL
Getting an access token
Hitting the Delinkcious API gateway from outside the cluster
Implementing the news manager package
Exposing NewsManager as a gRPC service
Defining the gRPC service contract
Generating service stubs and client libraries with gRPC
Using Go-kit to build the NewsManager service
Implementing the gRPC transport
What is NATS?
Deploying NATS in the cluster
Sending link events with NATS
Subscribing to link events with NATS
Handling link events
Understanding service meshes
Further reading
Technical requirements
The Kubernetes storage model
Volumes, persistent volumes, and provisioning
Persistent volume claims
In-tree and out-of-tree storage plugins
Understanding CSI
Storing data outside your Kubernetes cluster
Understanding a StatefulSet
StatefulSet components
Orderliness
Reviewing a large StatefulSet example
A quick introduction to Cassandra
Deploying Cassandra on Kubernetes using StatefulSets
Storing your data in memory
Understanding where the data is stored
Using a deployment and service
Helping the user service locate StatefulSet pods
Managing schema changes
An introduction to Redis
Persisting events in the news service
Further reading
Technical requirements
Serverless in the cloud
Microservices and serverless functions
Building, configuring, and deploying serverless functions
Designing link checks
Implementing link checks
Serverless link checking with Nuclio
A quick introduction to Nuclio
Creating a link checker serverless function
Deploying the link checker function with nuctl
Deploying a function using the Nuclio dashboard
Invoking the link-checker function directly
Triggering link checking in LinkManager
Kubernetes Jobs and CronJobs
KNative
Kubeless
Summary
Further reading
Chapter 10: Testing Microservices
Unit testing with Go
Unit testing with Ginkgo and Gomega
Designing for testability
The art of mocking
Implementing the LinkManager unit tests
Should you test everything?
Integration testing
Running services
Running the actual test
Implementing database test helpers
Checking errors
Stopping a local service
Writing a smoke test
Running the test
Telepresence
Running a local link service via Telepresence
Attaching to the local link service with GoLand for live debugging
Isolating tests
Cluster per developer
Cross namespace/cluster
Acceptance testing
Performance testing
Manual test data
Summary
Further reading
Chapter 11: Deploying Microservices
Kubernetes deployments
Deploying to multiple environments
Recreating deployment
Rolling updates
Blue-green deployment
Adding deployment – the blue label
Updating the link-manager service to match blue pods only
Bumping the version number
Letting CircleCI build the new image
Deploying the new (green) version
Verifying that the service now uses the green pods to serve requests
Canary deployments
Employing a basic canary deployment for Delinkcious
Rolling back deployments
Rolling back standard Kubernetes deployments
Rolling back canary deployments
Dealing with a rollback after a schema, API, or payload change
Managing public APIs
Managing cross-service dependencies
Managing third-party dependencies
Local development deployments
Ko
Ksync
Draft
Skaffold
Tilt
Summary
Further reading
Chapter 12: Monitoring, Logging, and Metrics
Self-healing with Kubernetes
Container failures
Systemic failures
Horizontal pod autoscaling
Using the horizontal pod autoscaler
Cluster autoscaling
Vertical pod autoscaling
What resources should you provision?
Defining container limits
Specifying resource quotas
Rolling your own automated provisioning
Getting performance right
Performance and cost
Logging
The quest for the perfect Go logging interface
Setting up a logger with Go-kit
Using a logging middleware
Centralized logging with Kubernetes
Introducing the Kubernetes metrics API
Understanding the Kubernetes metrics server
Deploying Prometheus into the cluster
Recording custom metrics from Delinkcious
Embracing component failure
Warnings versus alerts
Fine-tuning noisy alerts
Utilizing the Prometheus alert man
Doing canary deployments