From building your own cluster to running cloud-native applications with Kubernetes, this workshop covers it all using engaging examples and activities
Key Features
* Explore the Kubernetes environment and understand how containers are managed
* Learn how to build, maintain, and deploy cloud-native applications using Kubernetes
* Get to grips with using Kubernetes primitives to manage the life cycle of a full application stack
Book Description
Thanks to its extensive support for managing hundreds of containers that run cloud-native applications, Kubernetes is the most popular open source container orchestration platform that makes cluster management easy. This workshop adopts a practical approach to get you acquainted with the Kubernetes environment and its applications.
Starting with an introduction to the fundamentals of Kubernetes, you'll install and set up your Kubernetes environment. You'll understand how to write YAML files and deploy your first simple web application container using Pod. You'll then assign human-friendly names to Pods, explore various Kubernetes entities and functions, and discover when to use them. As you work through the chapters, this Kubernetes book will show you how you can make full-scale use of Kubernetes by applying a variety of techniques for designing components and deploying clusters. You'll also get to grips with security policies for limiting access to certain functions inside the cluster. Toward the end of the book, you'll get a rundown of Kubernetes advanced features for building your own controller and upgrading to a Kubernetes cluster without downtime.
By the end of this workshop, you'll be able to manage containers and run cloud-based applications efficiently using Kubernetes.
What you will learn
* Get to grips with the fundamentals of Kubernetes and its terminology
* Share or store data in different containers running in the same pod
* Create a container image from an image definition manifest
* Construct a Kubernetes-aware continuous integration (CI) pipeline for deployments
* Attract traffic to your app using Kubernetes ingress
* Build and deploy your own admission controller
Who this book is for
Whether you are new to the world of web programming or are an experienced developer or software engineer looking to use Kubernetes for managing and scaling containerized applications, you'll find this workshop useful. A basic understanding of Docker and containerization is necessary to make the most of this book.
Author(s): Zach Arnold et al.
Publisher: Packt Publishing
Year: 2020
Cover
FM
Copyright
Table of Contents
Preface
Chapter 1: Introduction to Kubernetes and Containers
Introduction
The Evolution of Software Development
Virtual Machines versus Containers
Docker Basics
What's behind docker run?
Dockerfiles and Docker Images
Exercise 1.01: Creating a Docker Image and Uploading It to Docker Hub
Exercise 1.02: Running Your First Application in Docker
The Essence of Linux Container Technology
Namespace
Exercise 1.03: Joining a Container to the Network Namespace of Another Container
Cgroups
Containerization: The Mindset Change
Several Applications in One Container
One Application in One Container
A Comparison of These Approaches
The Need for Container Orchestration
Container Interactions
Network and Storage
Resource Management and Scheduling
Failover and Recovery
Scalability
Service Exposure
Delivery Pipeline
Orchestrator: Putting All the Things Together
Welcome to the Kubernetes World
Activity 1.01: Creating a Simple Page Count Application
Summary
Chapter 2: An Overview of Kubernetes
Introduction
Setting up Kubernetes
An Overview of Minikube
Exercise 2.01: Getting Started with Minikube and Kubernetes Clusters
Kubernetes Components Overview
etcd
API Server
Scheduler
Controller Manager
Where Is the kubelet?
kube-proxy
Kubernetes Architecture
Container Network Interface
Migrating Containerized Application to Kubernetes
Pod Specification
Applying a YAML Manifest
Exercise 2.02: Running a Pod in Kubernetes
Service Specification
Exercise 2.03: Accessing a Pod via a Service
Services and Pods
Delivering Kubernetes-Native Applications
Exercise 2.04: Scaling a Kubernetes Application
Pod Life Cycle and Kubernetes Components
Exercise 2.05: How Kubernetes Manages a Pod's Life Cycle
Activity 2.01: Running the Pageview App in Kubernetes
A Glimpse into the Advantages of Kubernetes for Multi-Node Clusters
Summary
Chapter 3: kubectl – Kubernetes Command Center
Introduction
How kubectl Communicates with Kubernetes
Setting up Environments with Autocompletion and Shortcuts
Exercise 3.01: Setting up Autocompletion
Setting up the kubeconfig Configuration File
Common kubectl Commands
Frequently Used kubectl Commands to Create, Manage, and Delete Kubernetes Objects
Walkthrough of Some Simple kubectl Commands
Some Useful Flags for the get Command
Populating Deployments in Kubernetes
Exercise 3.02: Creating a Deployment
Exercise 3.03: Updating a Deployment
Exercise 3.04: Deleting a Deployment
Activity 3.01: Editing a Live Deployment for a Real-Life Application
Summary
Chapter 4: How to Communicate with Kubernetes (API Server)
Introduction
The Kubernetes API Server
Kubernetes HTTP Request Flow
Authentication
Authorization
Admission Control
Exercise 4.01: Starting Minikube with a Custom Set of Modules
Validation
The Kubernetes API
Tracing kubectl HTTP Requests
API Resource Type
Scope of API Resources
Namespace-Scoped Resources
Cluster-Scoped Resources
API Groups
Core Group
Named Group
System-Wide
API Versions
Exercise 4.02: Getting Information about API Resources
How to Enable/Disable API Resources, Groups, or Versions
Exercise 4.03: Enabling and Disabling API Groups and Versions on a Minikube Cluster
Interacting with Clusters Using the Kubernetes API
Accessing the Kubernetes API Server Using kubectl as a Proxy
Creating Objects Using curl
Exercise 4.04: Creating and Verifying a Deployment Using kubectl proxy and curl
Direct Access to the Kubernetes API Using Authentication Credentials
Method 1: Using Client Certificate Authentication
Method 2: Using a ServiceAccount Bearer Token
Activity 4.01: Creating a Deployment Using a ServiceAccount Identity
Summary
Chapter 5: Pods
Introduction
Pod Configuration
Exercise 5.01: Creating a Pod with a Single Container
Name
Namespace
Exercise 5.02: Creating a Pod in a Different Namespace by Specifying the Namespace in the CLI
Exercise 5.03: Creating a Pod in a Different Namespace by Specifying the Namespace in the Pod Configuration YAML file
Exercise 5.04: Changing the Namespace for All Subsequent kubectl Commands
Node
Status
Containers
Exercise 5.05: Using CLI Commands to Create a Pod Running a Container
Exercise 5.06: Creating a Pod Running a Container That Exposes a Port
Exercise 5.07: Creating a Pod Running a Container with Resource Requirements
Exercise 5.08: Creating a Pod with Resource Requests That Can't Be Met by Any of the Nodes
Exercise 5.09: Creating a Pod with Multiple Containers Running inside It
Life Cycle of a Pod
Phases of a Pod
Probes/Health Checks
Types of Probes
Liveness Probe
Readiness Probe
Configuration of Probes
Implementation of Probes
Command Probe
HTTP Request Probe
TCP Socket Probe
Restart Policy
Exercise 5.10: Creating a Pod Running a Container with a Liveness Probe and No Restart Policy
Exercise 5.11: Creating a Pod Running a Container with a Liveness Probe and a Restart Policy
Exercise 5.12: Creating a Pod Running a Container with a Readiness Probe
Best Practices While Using Probes
Activity 5.01: Deploying an Application in a Pod
Summary
Chapter 6: Labels and Annotations
Introduction
Labels
Constraints for Labels
Label Keys
Label Values
Why Do We Need Labels?
Organizing Pods by Organization/Team/Project
Running Selective Pods on Specific Nodes
Exercise 6.01: Creating a Pod with Labels
Exercise 6.02: Adding Labels to a Running Pod
Exercise 6.03: Modifying And/Or Deleting Existing Labels for a Running Pod
Selecting Kubernetes Objects Using Label Selectors
Equality-Based Selectors
Exercise 6.04: Selecting Pods Using Equality-Based Label Selectors
Set-Based Selectors
Exercise 6.05: Selecting Pods Using Set-Based Label Selectors
Exercise 6.06: Selecting Pods Using a Mix of Label Selectors
Annotations
Constraints for Annotations
Annotation Keys
Annotation Values
Use Case for Annotations
Exercise 6.07: Adding Annotations to Help with Application Debugging
Working with Annotations
Activity 6.01: Creating Pods with Labels/Annotations and Grouping Them as per Given Criteria
Summary
Chapter 7: Kubernetes Controllers
Introduction
ReplicaSets
ReplicaSet Configuration
Replicas
Pod Template
Pod Selector
Exercise 7.01: Creating a Simple ReplicaSet with nginx Containers
Labels on the ReplicaSet
Selectors for the ReplicaSet
Replicas
Pods Status
Pods Template
Events
Exercise 7.02: Deleting Pods Managed by a ReplicaSet
Exercise 7.03: Creating a ReplicaSet Given That a Matching Pod Already Exists
Exercise 7.04: Scaling a ReplicaSet after It Is Created
Deployment
Deployment Configuration
Strategy
Exercise 7.05: Creating a Simple Deployment with Nginx Containers
Labels and Annotations on the Deployment
Selectors for the Deployment
Replicas
Rolling Back a Deployment
Exercise 7.06: Rolling Back a Deployment
StatefulSets
StatefulSet Configuration
Use Cases for StatefulSets
DaemonSets
Use Cases for DaemonSets
DaemonSet Configuration
Jobs
Job Configuration
A Use Case for Jobs in Machine Learning
Exercise 7.07: Creating a Simple Job That Finishes in Finite Time
Activity 7.01: Creating a Deployment Running an Application
Summary
Chapter 8: Service Discovery
Introduction
Service
Service Configuration
Types of Services
NodePort Service
Exercise 8.01: Creating a Simple NodePort Service with Nginx Containers
ClusterIP Service
Service Configuration
Exercise 8.02: Creating a Simple ClusterIP Service with Nginx Containers
Choosing a Custom IP Address for the Service
Exercise 8.03: Creating a ClusterIP Service with a Custom IP
LoadBalancer Service
ExternalName Service
Ingress
Activity 8.01: Creating a Service to Expose the Application Running on a Pod
Summary
Chapter 9: Storing and Reading Data on Disk
Introduction
Volumes
How to Use Volumes
Defining Volumes
Mounting Volumes
Types of Volumes
emptyDir
hostPath
Exercise 9.01: Creating a Pod with an emptyDir Volume
Exercise 9.02: Creating a Pod with an emptyDir Volume Shared by Three Containers
Persistent Volumes
PersistentVolume Configuration
storageClassName
capacity
volumeMode
accessModes
persistentVolumeReclaimPolicy
PV Status
PersistentVolumeClaim Configuration
storageClassName
resources
volumeMode
accessMode
selectors
How to Use Persistent Volumes
Step 1 – Provisioning the Volume
Step 2 – Binding the Volume to a Claim
Step 3 – Using the Claim
Exercise 9.03: Creating a Pod That Uses PersistentVolume for Storage
Dynamic Provisioning
Activity 9.01: Creating a Pod That Uses a Dynamically Provisioned PersistentVolume
Summary
Chapter 10: ConfigMaps and Secrets
Introduction
What Is a ConfigMap?
Exercise 10.01: Creating a ConfigMap from Literal Values and Mounting It on a Pod Using Environment Variables
Defining a ConfigMap from a File and Loading It onto a Pod
Exercise 10.02: Creating a ConfigMap from a File
Exercise 10.03: Creating a ConfigMap from a Folder
What Is a Secret?
Secret versus ConfigMap
Exercise 10.04: Defining a Secret from Literal Values and Loading the Values onto the Pod as an Environment Variable
Exercise 10.05: Defining a Secret from a File and Loading the Values onto the Pod as a File
Exercise 10.06: Creating a TLS Secret
Exercise 10.07: Creating a docker-registry Secret
Activity 10.01: Using a ConfigMap and Secret to Promote an Application through Different Stages
Summary
Chapter 11: Build Your Own HA Cluster
Introduction
How the Components of Kubernetes Work Together to Achieve High Availability
etcd
Networking and DNS
Nodes' and Master Servers' Locations and Resources
Container Network Interface and Cluster DNS
Container Runtime Interfaces
Container Storage Interfaces
Building a High-Availability Focused Kubernetes Cluster
Self-Managed versus Vendor-Managed Kubernetes Solutions
kops
Other Commonly Used Tools
Authentication and Identity in Kubernetes
Exercise 11.01: Setting up Our Kubernetes Cluster
Kubernetes Service Accounts
Exercise 11.02: Deploying an Application on Our HA Cluster
Activity 11.01: Testing the Resilience of a Highly Available Cluster
Deleting Our Cluster
Summary
Chapter 12: Your Application and HA
Introduction
An Overview of Infrastructure Life Cycle Management
Terraform
Exercise 12.01: Creating an S3 Bucket with Terraform
Exercise 12.02: Creating a Cluster with EKS Using Terraform
Kubernetes Ingress
Highly Available Applications Running on Top of Kubernetes
Exercise 12.03: Deploying a Multi-Replica Non-HA Application in Kubernetes
Working with Stateful Applications
The CI/CD Pipeline
Exercise 12.04: Deploying an Application with State Management
Activity 12.01: Expanding the State Management of Our Application
Summary
Chapter 13: Runtime and Network Security in Kubernetes
Introduction
Threat Modeling
The 4Cs of Cloud Native Security
Cluster Security
Kubernetes RBAC
Role
RoleBinding
ClusterRole
ClusterRoleBinding
Some Important Notes about RBAC Policies
ServiceAccount
Exercise 13.01: Creating a Kubernetes RBAC ClusterRole
NetworkPolicies
Exercise 13.02: Creating a NetworkPolicy
PodSecurityPolicy
Exercise 13.03: Creating and Testing a PodSecurityPolicy
Activity 13.01: Securing Our App
Summary
Chapter 14: Running Stateful Components in Kubernetes
Introduction
Stateful Apps
Understanding StatefulSets
Deployments versus StatefulSets
Further Refactoring Our Application
Exercise 14.01: Deploying a Counter App with a MySQL Backend
Exercise 14.02: Testing the Resilience of StatefulSet Data in PersistentVolumes
Helm
Exercise 14.03: Chart-ifying Our Redis-Based Counter Application
Activity 14.01: Chart-ifying Our StatefulSet Deployment
Summary
Chapter 15: Monitoring and Autoscaling in Kubernetes
Introduction
Kubernetes Monitoring
Kubernetes Metrics API/Metrics Server
Prometheus
Grafana
Monitoring Your Applications
Exercise 15.01: Setting up the Metrics Server and Observing Kubernetes Objects
Autoscaling in Kubernetes
HorizontalPodAutoscaler
Exercise 15.02: Scaling Workloads in Kubernetes
ClusterAutoscaler
Exercise 15.03: Configuring the ClusterAutoscaler
Activity 15.01: Autoscaling Our Cluster Using ClusterAutoscaler
Deleting Your Cluster Resources
Summary
Chapter 16: Kubernetes Admission Controllers
Introduction
How Admission Controllers Work
Creating Controllers with Custom Logic
The Mutating Admission Webhook
The Validating Admission Webhook
How a Webhook Works
Exercise 16.01: Modifying a ConfigMap Object through a Patch
Guidelines for Building a Mutating Admission WebHook
Exercise 16.02: Deploying a Webhook
Configuring the Webhook to Work with Kubernetes
How to Encode a Certificate in Base64 Format
Activity 16.01: Creating a Mutating Webhook That Adds an Annotation to a Pod
Validating a Webhook
Coding a Simple Validating WebHook
Activity 16.02: Creating a Validating Webhook That Checks for a Label in a Pod
Controlling the Effect of a Webhook on Selected Namespaces
Exercise 16.03: Creating a Validating Webhook with the Namespace Selector Defined
Summary
Chapter 17: Advanced Scheduling in Kubernetes
Introduction
The Kubernetes Scheduler
The Pod Scheduling Process
Filtering
Scoring
Assigning
Timeline of Pod Scheduling
Managing the Kubernetes Scheduler
Node Affinity and Anti-Affinity
Exercise 17.01: Running a Pod with Node Affinity
Pod Affinity and Anti-Affinity
Exercise 17.02: Running Pods with Pod Affinity
Pod Priority
Exercise 17.03: Pod Priority and Preemption
Taints and Tolerations
Exercise 17.04: Taints and Tolerations
Using a Custom Kubernetes Scheduler
Activity 17.01: Configuring a Kubernetes Scheduler to Schedule Pods
Summary
Chapter 18: Upgrading Your Cluster without Downtime
Introduction
The Need to Upgrade Your Kubernetes Cluster
Kubernetes Components – Refresher
A Word of Caution
The Upgrade Process
Some Considerations for kops
An overview of the Upgrade Process
The Importance of Automation
Backing up the etcd Datastore
Exercise 18.01: Taking a Snapshot of the etcd Datastore
Draining a Node and Making It Non-Schedulable
Exercise 18.02: Draining All the Pods from the Nodes
Upgrading Kubernetes Master Components
Exercise 18.03: Upgrading Kubernetes Master Components
Upgrading Kubernetes Worker Nodes
Exercise 18.04: Upgrading the Worker Nodes
Activity 18.01: Upgrading the Kubernetes Platform from Version 1.15.7 to 1.15.10
Summary
Chapter 19: Custom Resource Definitions in Kubernetes
Introduction
What Is a Custom Controller?
The Relationship between a CRD, a CR, and a Controller
Standard Kubernetes API Resources
Why We Need Custom Resources?
Example Use Case 1
Example Use Case 2
Example Use Case 3
How Our Custom Resources Are Defined
apiVersion
kind
spec
namespaceName and podLiveForThisMinutes
The Definition of a CRD
Exercise 19.01: Defining a CRD
Exercise 19.02: Defining a CR Using a CRD
Writing the Custom Controller
The Components of the Custom Controller
Activity 19.01: CRD and Custom Controller in Action
Adding Data to Our Custom Resource
Exercise 19.03: Adding Custom Information to the CR List Command
Summary
Index