Learn how to automate and manage your containers and reduce the overall operation burden on your system. Key Features Use containers to manage, scale and orchestrate apps in your organization Transform the latest concept of Kubernetes 1.10 into examples Expert techniques for orchestrating containers effectively Book Description Kubernetes is an open source orchestration platform to manage containers in a cluster environment. With Kubernetes, you can configure and deploy containerized applications easily. This book gives you a quick brush up on how Kubernetes works with containers, and an overview of main Kubernetes concepts, such as Pods, Deployments, Services and etc. This book explains how to create Kubernetes clusters and run applications with proper authentication and authorization configurations. With real-world recipes, you'll learn how to create high availability Kubernetes clusters on AWS, GCP and in on-premise datacenters with proper logging and monitoring setup. You'll also learn some useful tips about how to build a continuous delivery pipeline for your application. Upon completion of this book, you will be able to use Kubernetes in production and will have a better understanding of how to manage containers using Kubernetes. What you will learn Build your own container cluster Deploy and manage highly scalable, containerized applications with Kubernetes Build high-availability Kubernetes clusters Build a continuous delivery pipeline for your application Track metrics and logs for every container running in your cluster Streamline the way you deploy and manage your applications with large-scale container orchestration Who this book is for This book is for system administrators, developers, DevOps engineers, or any stakeholder who wants to understand how Kubernetes works using a recipe-based approach. Basic knowledge of Kubernetes and Containers is required.
Author(s): Hideto Saito; Hui-Chuan Chloe Lee; Ke-Jou Carol Hsu
Edition: 2
Publisher: Packt Publishing Ltd
Year: 2018
Language: English
Pages: 554
Cover
Title Page
Copyright and Credits
Packt Upsell
Contributors
Table of Contents
Preface
Chapter 1: Building Your Own Kubernetes Cluster
Introduction
Exploring the Kubernetes architecture
Getting ready
How to do it...
Kubernetes master
API server (kube-apiserver)
Scheduler (kube-scheduler)
Controller manager (kube-controller-manager)
Command-line interface (kubectl)
Kubernetes node
kubelet
Proxy (kube-proxy)
How it works...
etcd
Kubernetes network
See also
Setting up the Kubernetes cluster on macOS by minikube
Getting ready
How to do it...
How it works...
See also
Setting up the Kubernetes cluster on Windows by minikube
Getting ready
How to do it...
How it works...
See also
Setting up the Kubernetes cluster on Linux via kubeadm
Getting ready
How to do it...
Package installation
Ubuntu
CentOS
System configuration prerequisites
CentOS system settings
Booting up the service
Network configurations for containers
Getting a node involved
How it works...
See also
Setting up the Kubernetes cluster on Linux via Ansible (kubespray)
Getting ready
Installing pip
Installing Ansible
Installing python-netaddr
Setting up ssh public key authentication
How to do it...
Maintaining the Ansible inventory
Running the Ansible ad hoc command to test your environment
Ansible troubleshooting
Need to specify a sudo password
Need to specify different ssh logon user
Need to change ssh port
Common ansible issue
How it works...
See also
Running your first container in Kubernetes
Getting ready
How to do it...
Running a HTTP server (nginx)
Exposing the port for external access
Stopping the application
How it works…
See also
Chapter 2: Walking through Kubernetes Concepts
Introduction
An overview of Kubernetes
Linking Pods and containers
Getting ready
How to do it...
How it works...
See also
Managing Pods with ReplicaSets
Getting ready
How to do it...
Creating a ReplicaSet
Getting the details of a ReplicaSet
Changing the configuration of a ReplicaSet
Deleting a ReplicaSet
How it works...
There's more...
See also
Deployment API
Getting ready
How to do it...
How it works...
Using kubectl set to update the container image
Updating the YAML and using kubectl apply
See also
Working with Services
Getting ready
How to do it...
Creating a Service for different resources
Creating a Service for a Pod
Creating a Service for a Deployment with an external IP
Creating a Service for an Endpoint without a selector
Creating a Service for another Service with session affinity
Deleting a Service
How it works...
There's more...
See also
Working with volumes
Getting ready
How to do it...
emptyDir
hostPath
NFS
glusterfs
downwardAPI
gitRepo
There's more...
PersistentVolumes
Using storage classes
gcePersistentDisk
awsElasticBlockStore
See also
Working with Secrets
Getting ready
How to do it...
Creating a Secret
Working with kubectl create command line
From a file
From a directory
From a literal value
Via configuration file
Using Secrets in Pods
By environment variables
By volumes
Deleting a Secret
How it works...
There's more...
Using ConfigMaps
Mounting Secrets and ConfigMap in the same volume
See also
Working with names
Getting ready
How to do it...
How it works...
See also
Working with Namespaces
Getting ready
How to do it...
Creating a Namespace
Changing the default Namespace
Deleting a Namespace
How it works…
There's more...
Creating a LimitRange
Deleting a LimitRange
See also
Working with labels and selectors
Getting ready
How to do it...
How it works...
Equality-based label selector
Set-based label selector
There's more...
Linking Service to Pods or ReplicaSets using label selectors
Linking Deployment to ReplicaSet using the set-based selector
See also
Chapter 3: Playing with Containers
Introduction
Scaling your containers
Getting ready
How to do it...
Scale up and down manually with the kubectl scale command
Horizontal Pod Autoscaler (HPA)
How it works...
There is more…
See also
Updating live containers
Getting ready
How to do it...
Deployment update strategy – rolling-update
Rollback the update
Deployment update strategy – recreate
How it works...
There's more...
See also
Forwarding container ports
Getting ready
How to do it...
Container-to-container communication
Pod-to-Pod communication
Working with NetworkPolicy
Pod-to-Service communication
External-to-internal communication
Working with Ingress
There's more...
See also
Ensuring flexible usage of your containers
Getting ready
How to do it...
Pod as DaemonSets
Running a stateful Pod
How it works...
Pod recovery by DaemonSets
Pod recovery by StatefulSet
There's more...
See also
Submitting Jobs on Kubernetes
Getting ready
How to do it...
Pod as a single Job
Create a repeatable Job
Create a parallel Job
Schedule to run Job using CronJob
How it works...
See also
Working with configuration files
Getting ready
YAML
JSON
How to do it...
How it works...
Pod
Deployment
Service
See also
Chapter 4: Building High-Availability Clusters
Introduction
Clustering etcd
Getting ready
How to do it...
Static mechanism
Discovery mechanism
kubeadm
kubespray
Kops
See also
Building multiple masters
Getting ready
How to do it...
Setting up the first master
Setting up the other master with existing certifications
Adding nodes in a HA cluster
How it works...
See also
Chapter 5: Building Continuous Delivery Pipelines
Introduction
Moving monolithic to microservices
Getting ready
How to do it...
Microservices
Frontend WebUI
How it works...
Microservices
Frontend WebUI
Working with the private Docker registry
Getting ready
Using Kubernetes to run a Docker registry server
Using Amazon elastic container registry
Using Google cloud registry
How to do it...
Launching a private registry server using Kubernetes
Creating a self-signed SSL certificate
Creating HTTP secret
Creating the HTTP basic authentication file
Creating a Kubernetes secret to store security files
Configuring a private registry to load a Kubernetes secret
Create a repository on the AWS elastic container registry
Determining your repository URL on Google container registry
How it works...
Push and pull an image from your private registry
Push and pull an image from Amazon ECR
Push and pull an image from Google cloud registry
Using gcloud to wrap the Docker command
Using the GCP service account to grant a long-lived credential
Integrating with Jenkins
Getting ready
How to do it...
Setting up a custom Jenkins image
Setting up Kubernetes service account and ClusterRole
Launching the Jenkins server via Kubernetes deployment
How it works...
Using Jenkins to build a Docker image
Deploying the latest container image to Kubernetes
Chapter 6: Building Kubernetes on AWS
Introduction
Playing with Amazon Web Services
Getting ready
Creating an IAM user
Installing AWS CLI on macOS
Installing AWS CLI on Windows
How to do it...
How it works...
Creating VPC and Subnets
Internet gateway
NAT-GW
Security group
EC2
Setting up Kubernetes with kops
Getting ready
How to do it...
How it works...
Working with kops-built AWS cluster
Deleting kops-built AWS cluster
See also
Using AWS as Kubernetes Cloud Provider
Getting ready
How to do it...
Elastic load balancer as LoadBalancer service
Elastic Block Store as StorageClass
There's more...
Managing Kubernetes cluster on AWS by kops
Getting ready
How to do it...
Modifying and resizing instance groups
Updating nodes
Updating masters
Upgrading a cluster
There's more...
See also
Chapter 7: Building Kubernetes on GCP
Playing with GCP
Getting ready
Creating a GCP project
Installing Cloud SDK
Installing Cloud SDK on Windows
Installing Cloud SDK on Linux and macOS
Configuring Cloud SDK
How to do it...
Creating a VPC
Creating subnets
Creating firewall rules
Adding your ssh public key to GCP
How it works...
Launching VM instances
Playing with Google Kubernetes Engine
Getting ready
How to do it…
How it works…
See also
Exploring CloudProvider on GKE
Getting ready
How to do it…
StorageClass
Service (LoadBalancer)
Ingress
There's more…
See also
Managing Kubernetes clusters on GKE
Getting ready
How to do it…
Node pool
Multi-zone and regional clusters
Multi-zone clusters
Regional clusters
Cluster upgrades
See also
Chapter 8: Advanced Cluster Administration
Introduction
Advanced settings in kubeconfig
Getting ready
How to do it...
Setting new credentials
Setting new clusters
Setting contexts and changing current-context
Cleaning up kubeconfig
There's more...
See also
Setting resources in nodes
Getting ready
How to do it...
Configuring a BestEffort pod
Configuring a Guaranteed pod
Configuring a Burstable pod
How it works...
See also
Playing with WebUI
Getting ready
How to do it...
Relying on the dashboard created by minikube
Creating a dashboard manually on a system using other booting tools
How it works...
Browsing your resource by dashboard
Deploying resources by dashboard
Removing resources by dashboard
See also
Working with the RESTful API
Getting ready
How to do it...
How it works...
There's more...
See also
Working with Kubernetes DNS
Getting ready
How to do it...
DNS for pod
DNS for Kubernetes Service
DNS for StatefulSet
How it works...
Headless service when pods scale out
See also
Authentication and authorization
Getting ready
How to do it...
Authentication
Service account token authentication
X509 client certs
OpenID connect tokens
Authorization
Role and RoleBinding
ClusterRole and ClusterRoleBinding
Role-based access control (RBAC)
Admission control
NamespaceLifecycle
LimitRanger
ServiceAccount
PersistentVolumeLabel (deprecated from v1.8)
DefaultStorageClass
DefaultTolerationSeconds
ResourceQuota
DenyEscalatingExec
AlwaysPullImages
There's more…
Initializers (alpha)
Webhook admission controllers (beta in v1.9)
See also
Chapter 9: Logging and Monitoring
Introduction
Working with EFK
Getting ready
How to do it...
Setting up EFK with minikube
Setting up EFK with kubespray
Setting up EFK with kops
How it works...
There's more...
See also
Working with Google Stackdriver
Getting ready
How to do it...
How it works...
See also
Monitoring master and node
Getting ready
How to do it...
How it works...
Introducing the Grafana dashboard
Creating a new metric to monitor Pod
There's more...
Monitoring your Kubernetes cluster on AWS
Monitoring your Kubernetes cluster on GCP
See also
Other Books You May Enjoy
Index