O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Cloud Native DevOps with Kubernetes

Book Description

Kubernetes is the operating system of the cloud-native world, providing a reliable and scalable platform for running containerized workloads. This book shows developers and operations staff how to apply industry-standard DevOps practices to Kubernetes in a cloud-native context. You’ll learn all about the Kubernetes ecosystem and discover battle-tested solutions to everyday problems.

In this friendly, pragmatic book, cloud experts John Arundel and Justin Domingus show you what Kubernetes can do—and what you can do with it. You’ll build, step by step, an example cloud-native application and its supporting infrastructure, along with a development environment and continuous deployment pipeline that you can use for your own applications.

  • Understand containers and Kubernetes from first principles—no experience necessary
  • Run your own clusters or choose a managed Kubernetes service from Amazon, Google, and others
  • Design your own cloud-native services and infrastructure
  • Use Kubernetes to manage resource usage and the container lifecycle
  • Optimize clusters for cost, performance, resilience, capacity, and scalability
  • Learn the best tools for developing, testing, and deploying your applications
  • Apply the latest industry practices for observability and monitoring
  • Secure your containers and clusters in production
  • Adopt DevOps principles to help make your development teams lean, fast, and effective

Table of Contents

  1. Foreword
  2. Preface
    1. What Will I Learn?
    2. Who Is This Book For?
    3. What Questions Does This Book Answer?
    4. Conventions Used in This Book
    5. Using Code Examples
    6. O’Reilly Online Learning Platform
    7. How to Contact Us
      1. Acknowledgments
  3. 1. Revolution in the Cloud
    1. The Creation of the Cloud
      1. Buying Time
      2. Infrastructure as a Service
    2. The Dawn of DevOps
      1. Nobody Understands DevOps
      2. The Business Advantage
      3. Infrastructure as Code
      4. Learning Together
    3. The Coming of Containers
      1. The State of the Art
      2. Thinking Inside the Box
      3. Putting Software in Containers
      4. Plug and Play Applications
    4. Conducting the Container Orchestra
    5. Kubernetes
      1. From Borg to Kubernetes
      2. What Makes Kubernetes So Valuable?
      3. Will Kubernetes Disappear?
      4. Kubernetes Doesn’t Do It All
    6. Cloud Native
    7. The Future of Operations
      1. Distributed DevOps
      2. Some Things Will Remain Centralized
      3. Developer Productivity Engineering
      4. You Are the Future
    8. Summary
  4. 2. First Steps with Kubernetes
    1. Running Your First Container
      1. Installing Docker Desktop
      2. What Is Docker?
      3. Running a Container Image
    2. The Demo Application
      1. Looking at the Source Code
      2. Introducing Go
      3. How the Demo App Works
    3. Building a Container
      1. Understanding Dockerfiles
      2. Minimal Container Images
      3. Running docker image build
      4. Naming Your Images
      5. Port Forwarding
    4. Container Registries
      1. Authenticating to the Registry
      2. Naming and Pushing Your Image
      3. Running Your Image
    5. Hello, Kubernetes
      1. Running the Demo App
      2. If the Container Doesn’t Start
    6. Minikube
    7. Summary
  5. 3. Getting Kubernetes
    1. Cluster Architecture
      1. The Control Plane
      2. Node Components
      3. High Availability
    2. The Costs of Self-Hosting Kubernetes
      1. It’s More Work Than You Think
      2. It’s Not Just About the Initial Setup
      3. Tools Don’t Do All the Work for You
      4. Kubernetes Is Hard
      5. Administration Overhead
      6. Start with Managed Services
    3. Managed Kubernetes Services
      1. Google Kubernetes Engine (GKE)
      2. Cluster Autoscaling
      3. Amazon Elastic Container Service for Kubernetes (EKS)
      4. Azure Kubernetes Service (AKS)
      5. OpenShift
      6. IBM Cloud Kubernetes Service
      7. Heptio Kubernetes Subscription (HKS)
    4. Turnkey Kubernetes Solutions
      1. Stackpoint
      2. Containership Kubernetes Engine (CKE)
    5. Kubernetes Installers
      1. kops
      2. Kubespray
      3. TK8
      4. Kubernetes The Hard Way
      5. kubeadm
      6. Tarmak
      7. Rancher Kubernetes Engine (RKE)
      8. Puppet Kubernetes Module
      9. Kubeformation
    6. Buy or Build: Our Recommendations
      1. Run Less Software
      2. Use Managed Kubernetes if You Can
      3. But What About Vendor Lock-in?
      4. Use Standard Kubernetes Self-Hosting Tools if You Must
      5. When Your Choices Are Limited
      6. Bare-Metal and On-Prem
    7. Clusterless Container Services
      1. Amazon Fargate
      2. Azure Container Instances (ACI)
    8. Summary
  6. 4. Working with Kubernetes Objects
    1. Deployments
      1. Supervising and Scheduling
      2. Restarting Containers
      3. Querying Deployments
    2. Pods
    3. ReplicaSets
    4. Maintaining Desired State
    5. The Kubernetes Scheduler
    6. Resource Manifests in YAML Format
      1. Resources Are Data
      2. Deployment Manifests
      3. Using kubectl apply
      4. Service Resources
      5. Querying the Cluster with kubectl
      6. Taking Resources to the Next Level
    7. Helm: A Kubernetes Package Manager
      1. Installing Helm
      2. Installing a Helm Chart
      3. Charts, Repositories, and Releases
      4. Listing Helm Releases
    8. Summary
  7. 5. Managing Resources
    1. Understanding Resources
      1. Resource Units
      2. Resource Requests
      3. Resource Limits
      4. Keep Your Containers Small
    2. Managing the Container Life Cycle
      1. Liveness Probes
      2. Probe Delay and Frequency
      3. Other Types of Probes
      4. gRPC Probes
      5. Readiness Probes
      6. File-Based Readiness Probes
      7. minReadySeconds
      8. Pod Disruption Budgets
    3. Using Namespaces
      1. Working with Namespaces
      2. What Namespaces Should I Use?
      3. Service Addresses
      4. Resource Quotas
      5. Default Resource Requests and Limits
    4. Optimizing Cluster Costs
      1. Optimizing Deployments
      2. Optimizing Pods
      3. Vertical Pod Autoscaler
      4. Optimizing Nodes
      5. Optimizing Storage
      6. Cleaning Up Unused Resources
      7. Checking Spare Capacity
      8. Using Reserved Instances
      9. Using Preemptible (Spot) Instances
      10. Keeping Your Workloads Balanced
    5. Summary
  8. 6. Operating Clusters
    1. Cluster Sizing and Scaling
      1. Capacity Planning
      2. Nodes and Instances
      3. Scaling the Cluster
    2. Conformance Checking
      1. CNCF Certification
      2. Conformance Testing with Sonobuoy
    3. Validation and Auditing
      1. K8Guard
      2. Copper
      3. kube-bench
      4. Kubernetes Audit Logging
    4. Chaos Testing
      1. Only Production Is Production
      2. chaoskube
      3. kube-monkey
      4. PowerfulSeal
    5. Summary
  9. 7. Kubernetes Power Tools
    1. Mastering kubectl
      1. Shell Aliases
      2. Using Short Flags
      3. Abbreviating Resource Types
      4. Auto-Completing kubectl Commands
      5. Getting Help
      6. Getting Help on Kubernetes Resources
      7. Showing More Detailed Output
      8. Working with JSON Data and jq
      9. Watching Objects
      10. Describing Objects
    2. Working with Resources
      1. Imperative kubectl Commands
      2. When Not to Use Imperative Commands
      3. Generating Resource Manifests
      4. Exporting Resources
      5. Diffing Resources
    3. Working with Containers
      1. Viewing a Container’s Logs
      2. Attaching to a Container
      3. Watching Kubernetes Resources with kubespy
      4. Forwarding a Container Port
      5. Executing Commands on Containers
      6. Running Containers for Troubleshooting
      7. Using BusyBox Commands
      8. Adding BusyBox to Your Containers
      9. Installing Programs on a Container
      10. Live Debugging with kubesquash
    4. Contexts and Namespaces
      1. kubectx and kubens
      2. kube-ps1
    5. Kubernetes Shells and Tools
      1. kube-shell
      2. Click
      3. kubed-sh
      4. Stern
    6. Building Your Own Kubernetes Tools
    7. Summary
  10. 8. Running Containers
    1. Containers and Pods
      1. What Is a Container?
      2. What Belongs in a Container?
      3. What Belongs in a Pod?
    2. Container Manifests
      1. Image Identifiers
      2. The latest Tag
      3. Container Digests
      4. Base Image Tags
      5. Ports
      6. Resource Requests and Limits
      7. Image Pull Policy
      8. Environment Variables
    3. Container Security
      1. Running Containers as a Non-Root User
      2. Blocking Root Containers
      3. Setting a Read-Only Filesystem
      4. Disabling Privilege Escalation
      5. Capabilities
      6. Pod Security Contexts
      7. Pod Security Policies
      8. Pod Service Accounts
    4. Volumes
      1. emptyDir Volumes
      2. Persistent Volumes
    5. Restart Policies
    6. Image Pull Secrets
    7. Summary
  11. 9. Managing Pods
    1. Labels
      1. What Are Labels?
      2. Selectors
      3. More Advanced Selectors
      4. Other Uses for Labels
      5. Labels and Annotations
    2. Node Affinities
      1. Hard Affinities
      2. Soft Affinities
    3. Pod Affinities and Anti-Affinities
      1. Keeping Pods Together
      2. Keeping Pods Apart
      3. Soft Anti-Affinities
      4. When to Use Pod Affinities
    4. Taints and Tolerations
    5. Pod Controllers
      1. DaemonSets
      2. StatefulSets
      3. Jobs
      4. Cronjobs
      5. Horizontal Pod Autoscalers
      6. PodPresets
      7. Operators and Custom Resource Definitions (CRDs)
    6. Ingress Resources
      1. Ingress Rules
      2. Terminating TLS with Ingress
      3. Ingress Controllers
    7. Istio
    8. Envoy
    9. Summary
  12. 10. Configuration and Secrets
    1. ConfigMaps
      1. Creating ConfigMaps
      2. Setting Environment Variables from ConfigMaps
      3. Setting the Whole Environment from a ConfigMap
      4. Using Environment Variables in Command Arguments
      5. Creating Config Files from ConfigMaps
      6. Updating Pods on a Config Change
    2. Kubernetes Secrets
      1. Using Secrets as Environment Variables
      2. Writing Secrets to Files
      3. Reading Secrets
      4. Access to Secrets
      5. Encryption at Rest
      6. Keeping Secrets
    3. Secrets Management Strategies
      1. Encrypt Secrets in Version Control
      2. Store Secrets Remotely
      3. Use a Dedicated Secrets Management Tool
      4. Recommendations
    4. Encrypting Secrets with Sops
      1. Introducing Sops
      2. Encrypting a File with Sops
      3. Using a KMS Backend
    5. Summary
  13. 11. Security and Backups
    1. Access Control and Permissions
      1. Managing Access by Cluster
      2. Introducing Role-Based Access Control (RBAC)
      3. Understanding Roles
      4. Binding Roles to Users
      5. What Roles Do I Need?
      6. Guard Access to Cluster-Admin
      7. Applications and Deployment
      8. RBAC Troubleshooting
    2. Security Scanning
      1. Clair
      2. Aqua
      3. Anchore Engine
    3. Backups
      1. Do I Need to Back Up Kubernetes?
      2. Backing Up etcd
      3. Backing Up Resource State
      4. Backing Up Cluster State
      5. Large and Small Disasters
      6. Velero
    4. Monitoring Cluster Status
      1. kubectl
      2. CPU and Memory Utilization
      3. Cloud Provider Console
      4. Kubernetes Dashboard
      5. Weave Scope
      6. kube-ops-view
      7. node-problem-detector
    5. Further Reading
    6. Summary
  14. 12. Deploying Kubernetes Applications
    1. Building Manifests with Helm
      1. What’s Inside a Helm Chart?
      2. Helm Templates
      3. Interpolating Variables
      4. Quoting Values in Templates
      5. Specifying Dependencies
    2. Deploying Helm Charts
      1. Setting Variables
      2. Specifying Values in a Helm Release
      3. Updating an App with Helm
      4. Rolling Back to Previous Versions
      5. Creating a Helm Chart Repo
      6. Managing Helm Chart Secrets with Sops
    3. Managing Multiple Charts with Helmfile
      1. What’s in a Helmfile?
      2. Chart Metadata
      3. Applying the Helmfile
    4. Advanced Manifest Management Tools
      1. ksonnet
      2. Kapitan
      3. kustomize
      4. kompose
      5. Ansible
      6. kubeval
    5. Summary
  15. 13. Development Workflow
    1. Development Tools
      1. Skaffold
      2. Draft
      3. Telepresence
      4. Knative
    2. Deployment Strategies
      1. Rolling Updates
      2. Recreate
      3. maxSurge and maxUnavailable
      4. Blue/Green Deployments
      5. Rainbow Deployments
      6. Canary Deployments
    3. Handling Migrations with Helm
      1. Helm Hooks
      2. Handling Failed Hooks
      3. Other Hooks
      4. Chaining Hooks
    4. Summary
  16. 14. Continuous Deployment in Kubernetes
    1. What Is Continuous Deployment?
    2. Which CD Tool Should I Use?
      1. Jenkins
      2. Drone
      3. Google Cloud Build
      4. Concourse
      5. Spinnaker
      6. GitLab CI
      7. Codefresh
      8. Azure Pipelines
    3. CD Components
      1. Docker Hub
      2. Gitkube
      3. Flux
      4. Keel
    4. A CD Pipeline with Cloud Build
      1. Setting Up Google Cloud and GKE
      2. Forking the Demo Repository
      3. Introducing Cloud Build
      4. Building the Test Container
      5. Running the Tests
      6. Building the Application Container
      7. Validating the Kubernetes Manifests
      8. Publishing the Image
      9. Git SHA Tags
      10. Creating the First Build Trigger
      11. Testing the Trigger
      12. Deploying from a CD Pipeline
      13. Creating a Deploy Trigger
      14. Optimizing Your Build Pipeline
      15. Adapting the Example Pipeline
    5. Summary
  17. 15. Observability and Monitoring
    1. What Is Observability?
      1. What Is Monitoring?
      2. Black-Box Monitoring
      3. What Does “Up” Mean?
      4. Logging
      5. Introducing Metrics
      6. Tracing
      7. Observability
    2. The Observability Pipeline
    3. Monitoring in Kubernetes
      1. External Black-Box Checks
      2. Internal Health Checks
    4. Summary
  18. 16. Metrics in Kubernetes
    1. What Are Metrics, Really?
      1. Time Series Data
      2. Counters and Gauges
      3. What Can Metrics Tell Us?
    2. Choosing Good Metrics
      1. Services: The RED Pattern
      2. Resources: The USE Pattern
      3. Business Metrics
      4. Kubernetes Metrics
    3. Analyzing Metrics
      1. What’s Wrong with a Simple Average?
      2. Means, Medians, and Outliers
      3. Discovering Percentiles
      4. Applying Percentiles to Metrics Data
      5. We Usually Want to Know the Worst
      6. Beyond Percentiles
    4. Graphing Metrics with Dashboards
      1. Use a Standard Layout for All Services
      2. Build an Information Radiator with Master Dashboards
      3. Dashboard Things That Break
    5. Alerting on Metrics
      1. What’s Wrong with Alerts?
      2. On-call Should Not Be Hell
      3. Urgent, Important, and Actionable Alerts
      4. Track Your Alerts, Out-of-Hours Pages, and Wake-ups
    6. Metrics Tools and Services
      1. Prometheus
      2. Google Stackdriver
      3. AWS Cloudwatch
      4. Azure Monitor
      5. Datadog
      6. New Relic
    7. Summary
  19. Afterword
    1. Where to Go Next
    2. Welcome Aboard
  20. Index