Cloud Native DevOps with Kubernetes, 2nd Edition

Cloud Native DevOps with Kubernetes, 2nd Edition

by Justin Domingus, John Arundel
Released March 2022
Publisher(s): O'Reilly Media, Inc.
ISBN: 9781098116828

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Buy on Amazon Buy on ebooks.com
Start your free trial

Book description

Kubernetes has become the operating system of today's cloud native world, providing a reliable and scalable platform for running containerized workloads. In this friendly, pragmatic book, cloud experts Justin Domingus and John Arundel show you what Kubernetes can do-and what you can do with it.

This updated second edition guides you through the growing Kubernetes ecosystem and provides practical solutions to everyday problems with software tools currently in use. You'll walk through an example containerized application running in Kubernetes step-by-step, from the development environment through the continuous deployment pipeline, exploring patterns you can use for your own applications. Make your development teams lean, fast, and effective by adopting Kubernetes and DevOps principles.

  • Understand containers and Kubernetes-no experience necessary
  • Run your own applications on managed cloud Kubernetes services or on-prem environments
  • Design your own cloud native services and infrastructure
  • Use Kubernetes to manage resource usage and the container lifecycle
  • Optimize clusters for cost, performance, resilience, capacity, and scalability
  • Learn the best tools for developing, testing, and deploying your applications
  • Apply the latest industry practices for observability and monitoring
  • Secure your containers and clusters in production

Publisher resources

View/Submit Errata

Table of contents

  1. Foreword to the Second Edition
  2. Foreword to the First Edition
  3. Preface
    1. What Will I Learn?
    2. Who Is This Book For?
    3. What Questions Does This Book Answer?
    4. Conventions Used in This Book
    5. Using Code Examples
    6. O’Reilly Online Learning
    7. How to Contact Us
      1. Acknowledgments
  4. 1. Revolution in the Cloud
    1. The Creation of the Cloud
      1. Buying Time
      2. Infrastructure as a Service
    2. The Dawn of DevOps
      1. Improving Feedback Loops
      2. What Does DevOps Mean?
      3. Infrastructure as Code
      4. Learning Together
    3. The Coming of Containers
      1. The State of the Art
      2. Thinking Inside the Box
      3. Putting Software in Containers
      4. Plug and Play Applications
    4. Conducting the Container Orchestra
    5. Kubernetes
      1. From Borg to Kubernetes
      2. Why Kubernetes?
      3. Will Kubernetes Disappear?
      4. Kubernetes Is Not a Panacea
    6. Cloud Native
    7. The Future of Operations
      1. Distributed DevOps
      2. Some Things Will Remain Centralized
      3. Developer Productivity Engineering
      4. You Are the Future
    8. Summary
  5. 2. First Steps with Kubernetes
    1. Running Your First Container
      1. Installing Docker Desktop
      2. What Is Docker?
      3. Running a Container Image
    2. The Demo Application
      1. Looking at the Source Code
      2. Introducing Go
      3. How the Demo App Works
    3. Building a Container
      1. Understanding Dockerfiles
      2. Minimal Container Images
      3. Running Docker Image Build
      4. Naming Your Images
      5. Port Forwarding
    4. Container Registries
      1. Authenticating to the Registry
      2. Naming and Pushing Your Image
      3. Running Your Image
    5. Hello, Kubernetes
      1. Running the Demo App
      2. If the Container Doesn’t Start
    6. Minikube
    7. Summary
  6. 3. Getting Kubernetes
    1. Cluster Architecture
      1. The Control Plane
      2. Node Components
      3. High Availability
    2. The Costs of Self-Hosting Kubernetes
      1. It’s More Work Than You Think
      2. It’s Not Just About the Initial Setup
      3. Tools Don’t Do All the Work for You
      4. Kubernetes the Hard Way
      5. Kubernetes Is Hard
      6. Administration Overhead
      7. Start with Managed Services
    3. Managed Kubernetes Services
      1. Google Kubernetes Engine (GKE)
      2. Cluster Autoscaling
      3. Autopilot
      4. Amazon Elastic Kubernetes Service (EKS)
      5. Azure Kubernetes Service (AKS)
      6. IBM Cloud Kubernetes Service
      7. DigitalOcean Kubernetes
    4. Kubernetes Installers
      1. kops
      2. Kubespray
      3. kubeadm
      4. Rancher Kubernetes Engine (RKE)
      5. Puppet Kubernetes Module
    5. Buy or Build: Our Recommendations
      1. Run Less Software
      2. Use Managed Kubernetes if You Can
      3. But What About Vendor Lock-in?
      4. Bare-Metal and On-Prem
      5. Multicloud Kubernetes Clusters
      6. OpenShift
      7. Anthos
      8. Use Standard Kubernetes Self-Hosting Tools if You Must
    6. Clusterless Container Services
      1. AWS Fargate
      2. Azure Container Instances (ACI)
      3. Google Cloud Run
    7. Summary
  7. 4. Working with Kubernetes Objects
    1. Deployments
      1. Supervising and Scheduling
      2. Restarting Containers
      3. Creating Deployments
    2. Pods
    3. ReplicaSets
    4. Maintaining Desired State
    5. The Kubernetes Scheduler
    6. Resource Manifests in YAML Format
      1. Resources Are Data
      2. Deployment Manifests
      3. Using kubectl apply
      4. Service Resources
      5. Querying the Cluster with kubectl
      6. Taking Resources to the Next Level
    7. Helm: A Kubernetes Package Manager
      1. Installing Helm
      2. Installing a Helm Chart
      3. Charts, Repositories, and Releases
      4. Listing Helm Releases
    8. Summary
  8. 5. Managing Resources
    1. Understanding Resources
      1. Resource Units
      2. Resource Requests
      3. Resource Limits
      4. Quality of Service
    2. Managing the Container Life Cycle
      1. Liveness Probes
      2. Probe Delay and Frequency
      3. Other Types of Probes
      4. Readiness Probes
      5. Startup Probes
      6. gRPC Probes
      7. File-Based Readiness Probes
      8. minReadySeconds
      9. Pod Disruption Budgets
    3. Using Namespaces
      1. Working with Namespaces
      2. What Namespaces Should I Use?
      3. Service Addresses
      4. Resource Quotas
      5. Default Resource Requests and Limits
    4. Optimizing Cluster Costs
      1. Kubecost
      2. Optimizing Deployments
      3. Optimizing Pods
      4. Vertical Pod Autoscaler
      5. Optimizing Nodes
      6. Optimizing Storage
      7. Cleaning Up Unused Resources
      8. Checking Spare Capacity
      9. Using Reserved Instances
      10. Using Preemptible (Spot) Instances
      11. Keeping Your Workloads Balanced
    5. Summary
  9. 6. Operating Clusters
    1. Cluster Sizing and Scaling
      1. Capacity Planning
      2. Nodes and Instances
      3. Scaling the Cluster
    2. Conformance Checking
      1. CNCF Certification
      2. Conformance Testing with Sonobuoy
      3. Kubernetes Audit Logging
    3. Chaos Testing
      1. Only Production Is Production
      2. chaoskube
      3. kube-monkey
      4. PowerfulSeal
    4. Summary
  10. 7. Kubernetes Power Tools
    1. Mastering kubectl
      1. Shell Aliases
      2. Using Short Flags
      3. Abbreviating Resource Types
      4. Auto-Completing kubectl Commands
      5. Getting Help
      6. Getting Help on Kubernetes Resources
      7. Showing More Detailed Output
      8. Working with JSON Data and jq
      9. Watching Objects
      10. Describing Objects
    2. Working with Resources
      1. Imperative kubectl Commands
      2. When Not to Use Imperative Commands
      3. Generating Resource Manifests
      4. Exporting Resources
      5. Diffing Resources
    3. Working with Containers
      1. Viewing a Container’s Logs
      2. Attaching to a Container
      3. Watching Kubernetes Resources with kubespy
      4. Forwarding a Container Port
      5. Executing Commands on Containers
      6. Running Containers for Troubleshooting
      7. Using BusyBox Commands
      8. Adding BusyBox to Your Containers
      9. Installing Programs on a Container
    4. Contexts and Namespaces
      1. kubeconfig files
      2. kubectx and kubens
      3. kube-ps1
    5. Kubernetes Shells and Tools
      1. kube-shell
      2. Click
      3. kubed-sh
      4. Stern
    6. Kubernetes IDEs
      1. Lens
      2. VS Code Kubernetes Extension
    7. Building Your Own Kubernetes Tools
    8. Summary
  11. 8. Running Containers
    1. Containers and Pods
      1. What Is a Container?
      2. Container Runtimes in Kubernetes
      3. What Belongs in a Container?
      4. What Belongs in a Pod?
    2. Container Manifests
      1. Image Identifiers
      2. The latest Tag
      3. Container Digests
      4. Base Image Tags
      5. Ports
      6. Resource Requests and Limits
      7. Image Pull Policy
      8. Environment Variables
    3. Container Security
      1. Running Containers as a Non-Root User
      2. Blocking Root Containers
      3. Setting a Read-Only Filesystem
      4. Disabling Privilege Escalation
      5. Capabilities
      6. Pod Security Contexts
      7. Pod Service Accounts
    4. Volumes
      1. emptyDir Volumes
      2. Persistent Volumes
    5. Restart Policies
    6. Image Pull Secrets
    7. Init Containers
    8. Summary
  12. 9. Managing Pods
    1. Labels
      1. What Are Labels?
      2. Selectors
      3. More Advanced Selectors
      4. Other Uses for Labels
      5. Labels and Annotations
    2. Node Affinities
      1. Hard Affinities
      2. Soft Affinities
    3. Pod Affinities and Anti-Affinities
      1. Keeping Pods Together
      2. Keeping Pods Apart
      3. Soft Anti-Affinities
      4. When to Use Pod Affinities
    4. Taints and Tolerations
    5. Pod Controllers
      1. DaemonSets
      2. StatefulSets
      3. Jobs
      4. CronJobs
      5. Horizontal Pod Autoscalers
      6. Operators and Custom Resource Definitions (CRDs)
    6. Ingress
      1. Ingress Controllers
      2. Ingress Rules
      3. Terminating TLS with Ingress
    7. Service Mesh
      1. Istio
      2. Linkerd
      3. Consul Connect
      4. NGINX Service Mesh
    8. Summary
  13. 10. Configuration and Secrets
    1. ConfigMaps
      1. Creating ConfigMaps
      2. Setting Environment Variables from ConfigMaps
      3. Setting the Whole Environment from a ConfigMap
      4. Using Environment Variables in Command Arguments
      5. Creating Config Files from ConfigMaps
      6. Updating Pods on a Config Change
    2. Kubernetes Secrets
      1. Using Secrets as Environment Variables
      2. Writing Secrets to Files
      3. Reading Secrets
      4. Access to Secrets
      5. Encryption at Rest
      6. Keeping Secrets and ConfigMaps
    3. Secrets Management Strategies
      1. Encrypt Secrets in Version Control
      2. Use a Dedicated Secrets Management Tool
    4. Encrypting Secrets with Sops
      1. Encrypting a File with Sops
      2. Using a KMS Backend
    5. Sealed Secrets
    6. Summary
  14. 11. Security, Backups, and Cluster Health
    1. Access Control and Permissions
      1. Managing Access by Cluster
      2. Introducing Role-Based Access Control (RBAC)
      3. Understanding Roles
      4. Binding Roles to Users
      5. What Roles Do I Need?
      6. Guard Access to cluster-admin
      7. Applications and Deployment
      8. RBAC Troubleshooting
    2. Cluster Security Scanning
      1. Gatekeeper/OPA
      2. kube-bench
      3. Kubescape
    3. Container Security Scanning
      1. Clair
      2. Aqua
      3. Anchore Engine
      4. Synk
    4. Backups
      1. Do I Need to Back Up Kubernetes?
      2. Backing Up etcd
      3. Backing Up Resource State
      4. Backing Up Cluster State
      5. Large and Small Disasters
      6. Velero
    5. Monitoring Cluster Status
      1. kubectl
      2. CPU and Memory Utilization
      3. Cloud Provider Console
      4. Kubernetes Dashboard
      5. Weave Scope
      6. kube-ops-view
      7. node-problem-detector
    6. Further Reading
    7. Summary
  15. 12. Deploying Kubernetes Applications
    1. Building Manifests with Helm
      1. What’s Inside a Helm Chart?
      2. Helm Templates
      3. Interpolating Variables
      4. Quoting Values in Templates
      5. Specifying Dependencies
    2. Deploying Helm Charts
      1. Setting Variables
      2. Specifying Values in a Helm Release
      3. Updating an App with Helm
      4. Rolling Back to Previous Versions
      5. Creating a Helm Chart Repo
      6. Managing Helm Chart Secrets with Sops
    3. Managing Multiple Charts with Helmfile
      1. What’s in a Helmfile?
      2. Chart Metadata
      3. Applying the Helmfile
    4. Advanced Manifest Management Tools
      1. kustomize
      2. Tanka
      3. Kapitan
      4. kompose
      5. Ansible
      6. kubeval
    5. Summary
  16. 13. Development Workflow
    1. Development Tools
      1. Skaffold
      2. Telepresence
      3. Waypoint
      4. Knative
      5. OpenFaaS
      6. Crossplane
    2. Deployment Strategies
      1. Rolling Updates
      2. Recreate
      3. maxSurge and maxUnavailable
      4. Blue/Green Deployments
      5. Rainbow Deployments
      6. Canary Deployments
    3. Handling Migrations with Helm
      1. Helm Hooks
      2. Handling Failed Hooks
      3. Other Hooks
      4. Chaining Hooks
    4. Summary
  17. 14. Continuous Deployment in Kubernetes
    1. What Is Continuous Deployment?
    2. Which CD Tool Should I Use?
    3. Hosted CI/CD Tools
      1. Azure Pipelines
      2. Google Cloud Build
      3. Codefresh
      4. GitHub Actions
      5. GitLab CI
    4. Self-Hosted CI/CD Tools
      1. Jenkins
      2. Drone
      3. Tekton
      4. Concourse
      5. Spinnaker
      6. Argo
      7. Keel
    5. A CI/CD Pipeline with Cloud Build
      1. Setting Up Google Cloud and GKE
      2. Forking the Demo Repository
      3. Create Artifact Registry Container Repository
      4. Configuring Cloud Build
      5. Building the Test Container
      6. Running the Tests
      7. Building the Application Container
      8. Substitution Variables
      9. Git SHA Tags
      10. Validating the Kubernetes Manifests
      11. Publishing the Image
      12. Creating the First Build Trigger
      13. Testing the Trigger
      14. Deploying from a CI/CD Pipeline
      15. Creating a Deploy Trigger
      16. Adapting the Example Pipeline
    6. GitOps
      1. Flux
    7. Summary
  18. 15. Observability and Monitoring
    1. What Is Observability?
      1. What Is Monitoring?
      2. Closed-Box Monitoring
      3. What Does “Up” Mean?
      4. Logging
      5. Introducing Metrics
      6. Tracing
      7. Observability
    2. The Observability Pipeline
    3. Monitoring in Kubernetes
      1. External Closed-Box Checks
      2. Internal Health Checks
    4. Summary
  19. 16. Metrics in Kubernetes
    1. What Are Metrics, Really?
      1. Time-Series Data
      2. Counters and Gauges
      3. What Can Metrics Tell Us?
    2. Choosing Good Metrics
      1. Services: The RED Pattern
      2. Resources: The USE Pattern
      3. Business Metrics
      4. Kubernetes Metrics
    3. Analyzing Metrics
      1. What’s Wrong with a Simple Average?
      2. Means, Medians, and Outliers
      3. Discovering Percentiles
      4. Applying Percentiles to Metrics Data
      5. We Usually Want to Know the Worst
      6. Beyond Percentiles
    4. Graphing Metrics with Dashboards
      1. Use a Standard Layout for All Services
      2. Build an Information Radiator with Primary Dashboards
      3. Dashboard Things That Break
    5. Alerting on Metrics
      1. What’s Wrong with Alerts?
      2. On-Call Should Not Be Hell
      3. Urgent, Important, and Actionable Alerts
      4. Track Your Alerts, Out-of-Hours Pages, and Wake-Ups
    6. Metrics Tools and Services
      1. Prometheus
      2. Google Operations Suite
      3. AWS CloudWatch
      4. Azure Monitor
      5. Datadog
      6. New Relic
    7. Summary
  20. Afterword
    1. Where to Go Next
    2. Second Edition Notes
    3. Welcome Aboard
  21. Index
  22. About the Authors

Product information

  • Title: Cloud Native DevOps with Kubernetes, 2nd Edition
  • Author(s): Justin Domingus, John Arundel
  • Release date: March 2022
  • Publisher(s): O'Reilly Media, Inc.
  • ISBN: 9781098116828