book

Cloud Native DevOps with Kubernetes

by John Arundel, Justin Domingus

March 2019

Intermediate to advanced

346 pages

8h 17m

English

O'Reilly Media, Inc.

Read now

Unlock full access

What Will I Learn?Who Is This Book For?What Questions Does This Book Answer?Conventions Used in This BookUsing Code ExamplesO’Reilly Online Learning PlatformHow to Contact UsAcknowledgments
The Creation of the CloudBuying TimeInfrastructure as a ServiceThe Dawn of DevOpsNobody Understands DevOpsThe Business AdvantageInfrastructure as CodeLearning TogetherThe Coming of ContainersThe State of the ArtThinking Inside the BoxPutting Software in ContainersPlug and Play ApplicationsConducting the Container OrchestraKubernetesFrom Borg to KubernetesWhat Makes Kubernetes So Valuable?Will Kubernetes Disappear?Kubernetes Doesn’t Do It AllCloud NativeThe Future of OperationsDistributed DevOpsSome Things Will Remain CentralizedDeveloper Productivity EngineeringYou Are the FutureSummary
Running Your First ContainerInstalling Docker DesktopWhat Is Docker?Running a Container ImageThe Demo ApplicationLooking at the Source CodeIntroducing GoHow the Demo App WorksBuilding a ContainerUnderstanding DockerfilesMinimal Container ImagesRunning docker image buildNaming Your ImagesPort ForwardingContainer RegistriesAuthenticating to the RegistryNaming and Pushing Your ImageRunning Your ImageHello, KubernetesRunning the Demo AppIf the Container Doesn’t StartMinikubeSummary
Cluster ArchitectureThe Control PlaneNode ComponentsHigh AvailabilityThe Costs of Self-Hosting KubernetesIt’s More Work Than You ThinkIt’s Not Just About the Initial SetupTools Don’t Do All the Work for YouKubernetes Is HardAdministration OverheadStart with Managed ServicesManaged Kubernetes ServicesGoogle Kubernetes Engine (GKE)Cluster AutoscalingAmazon Elastic Container Service for Kubernetes (EKS)Azure Kubernetes Service (AKS)OpenShiftIBM Cloud Kubernetes ServiceTurnkey Kubernetes SolutionsContainership Kubernetes Engine (CKE)Kubernetes InstallerskopsKubesprayTK8Kubernetes The Hard WaykubeadmTarmakRancher Kubernetes Engine (RKE)Puppet Kubernetes ModuleKubeformationBuy or Build: Our RecommendationsRun Less SoftwareUse Managed Kubernetes if You CanBut What About Vendor Lock-in?Use Standard Kubernetes Self-Hosting Tools if You MustWhen Your Choices Are LimitedBare-Metal and On-PremClusterless Container ServicesAmazon FargateAzure Container Instances (ACI)Summary
DeploymentsSupervising and SchedulingRestarting ContainersQuerying DeploymentsPodsReplicaSetsMaintaining Desired StateThe Kubernetes SchedulerResource Manifests in YAML FormatResources Are DataDeployment ManifestsUsing kubectl applyService ResourcesQuerying the Cluster with kubectlTaking Resources to the Next LevelHelm: A Kubernetes Package ManagerInstalling HelmInstalling a Helm ChartCharts, Repositories, and ReleasesListing Helm ReleasesSummary
Understanding ResourcesResource UnitsResource RequestsResource LimitsKeep Your Containers SmallManaging the Container Life CycleLiveness ProbesProbe Delay and FrequencyOther Types of ProbesgRPC ProbesReadiness ProbesFile-Based Readiness ProbesminReadySecondsPod Disruption BudgetsUsing NamespacesWorking with NamespacesWhat Namespaces Should I Use?Service AddressesResource QuotasDefault Resource Requests and LimitsOptimizing Cluster CostsOptimizing DeploymentsOptimizing PodsVertical Pod AutoscalerOptimizing NodesOptimizing StorageCleaning Up Unused ResourcesChecking Spare CapacityUsing Reserved InstancesUsing Preemptible (Spot) InstancesKeeping Your Workloads BalancedSummary
Cluster Sizing and ScalingCapacity PlanningNodes and InstancesScaling the ClusterConformance CheckingCNCF CertificationConformance Testing with SonobuoyValidation and AuditingK8GuardCopperkube-benchKubernetes Audit LoggingChaos TestingOnly Production Is Productionchaoskubekube-monkeyPowerfulSealSummary
Mastering kubectlShell AliasesUsing Short FlagsAbbreviating Resource TypesAuto-Completing kubectl CommandsGetting HelpGetting Help on Kubernetes ResourcesShowing More Detailed OutputWorking with JSON Data and jqWatching ObjectsDescribing ObjectsWorking with ResourcesImperative kubectl CommandsWhen Not to Use Imperative CommandsGenerating Resource ManifestsExporting ResourcesDiffing ResourcesWorking with ContainersViewing a Container’s LogsAttaching to a ContainerWatching Kubernetes Resources with kubespyForwarding a Container PortExecuting Commands on ContainersRunning Containers for TroubleshootingUsing BusyBox CommandsAdding BusyBox to Your ContainersInstalling Programs on a ContainerLive Debugging with kubesquashContexts and Namespaceskubectx and kubenskube-ps1Kubernetes Shells and Toolskube-shellClickkubed-shSternBuilding Your Own Kubernetes ToolsSummary
Containers and PodsWhat Is a Container?What Belongs in a Container?What Belongs in a Pod?Container ManifestsImage IdentifiersThe latest TagContainer DigestsBase Image TagsPortsResource Requests and LimitsImage Pull PolicyEnvironment VariablesContainer SecurityRunning Containers as a Non-Root UserBlocking Root ContainersSetting a Read-Only FilesystemDisabling Privilege EscalationCapabilitiesPod Security ContextsPod Security PoliciesPod Service AccountsVolumesemptyDir VolumesPersistent VolumesRestart PoliciesImage Pull SecretsSummary

LabelsWhat Are Labels?SelectorsMore Advanced SelectorsOther Uses for LabelsLabels and AnnotationsNode AffinitiesHard AffinitiesSoft AffinitiesPod Affinities and Anti-AffinitiesKeeping Pods TogetherKeeping Pods ApartSoft Anti-AffinitiesWhen to Use Pod AffinitiesTaints and TolerationsPod ControllersDaemonSetsStatefulSetsJobsCronjobsHorizontal Pod AutoscalersPodPresetsOperators and Custom Resource Definitions (CRDs)Ingress ResourcesIngress RulesTerminating TLS with IngressIngress ControllersIstioEnvoySummary
ConfigMapsCreating ConfigMapsSetting Environment Variables from ConfigMapsSetting the Whole Environment from a ConfigMapUsing Environment Variables in Command ArgumentsCreating Config Files from ConfigMapsUpdating Pods on a Config ChangeKubernetes SecretsUsing Secrets as Environment VariablesWriting Secrets to FilesReading SecretsAccess to SecretsEncryption at RestKeeping SecretsSecrets Management StrategiesEncrypt Secrets in Version ControlStore Secrets RemotelyUse a Dedicated Secrets Management ToolRecommendationsEncrypting Secrets with SopsIntroducing SopsEncrypting a File with SopsUsing a KMS BackendSummary
Access Control and PermissionsManaging Access by ClusterIntroducing Role-Based Access Control (RBAC)Understanding RolesBinding Roles to UsersWhat Roles Do I Need?Guard Access to Cluster-AdminApplications and DeploymentRBAC TroubleshootingSecurity ScanningClairAquaAnchore EngineBackupsDo I Need to Back Up Kubernetes?Backing Up etcdBacking Up Resource StateBacking Up Cluster StateLarge and Small DisastersVeleroMonitoring Cluster StatuskubectlCPU and Memory UtilizationCloud Provider ConsoleKubernetes DashboardWeave Scopekube-ops-viewnode-problem-detectorFurther ReadingSummary
Building Manifests with HelmWhat’s Inside a Helm Chart?Helm TemplatesInterpolating VariablesQuoting Values in TemplatesSpecifying DependenciesDeploying Helm ChartsSetting VariablesSpecifying Values in a Helm ReleaseUpdating an App with HelmRolling Back to Previous VersionsCreating a Helm Chart RepoManaging Helm Chart Secrets with SopsManaging Multiple Charts with HelmfileWhat’s in a Helmfile?Chart MetadataApplying the HelmfileAdvanced Manifest Management ToolsTankaKapitankustomizekomposeAnsiblekubevalSummary
Development ToolsSkaffoldDraftTelepresenceKnativeDeployment StrategiesRolling UpdatesRecreatemaxSurge and maxUnavailableBlue/Green DeploymentsRainbow DeploymentsCanary DeploymentsHandling Migrations with HelmHelm HooksHandling Failed HooksOther HooksChaining HooksSummary
What Is Continuous Deployment?Which CD Tool Should I Use?JenkinsDroneGoogle Cloud BuildConcourseSpinnakerGitLab CICodefreshAzure PipelinesCD ComponentsDocker HubGitkubeFluxKeelA CD Pipeline with Cloud BuildSetting Up Google Cloud and GKEForking the Demo RepositoryIntroducing Cloud BuildBuilding the Test ContainerRunning the TestsBuilding the Application ContainerValidating the Kubernetes ManifestsPublishing the ImageGit SHA TagsCreating the First Build TriggerTesting the TriggerDeploying from a CD PipelineCreating a Deploy TriggerOptimizing Your Build PipelineAdapting the Example PipelineSummary
What Is Observability?What Is Monitoring?Black-Box MonitoringWhat Does “Up” Mean?LoggingIntroducing MetricsTracingObservabilityThe Observability PipelineMonitoring in KubernetesExternal Black-Box ChecksInternal Health ChecksSummary
What Are Metrics, Really?Time Series DataCounters and GaugesWhat Can Metrics Tell Us?Choosing Good MetricsServices: The RED PatternResources: The USE PatternBusiness MetricsKubernetes MetricsAnalyzing MetricsWhat’s Wrong with a Simple Average?Means, Medians, and OutliersDiscovering PercentilesApplying Percentiles to Metrics DataWe Usually Want to Know the WorstBeyond PercentilesGraphing Metrics with DashboardsUse a Standard Layout for All ServicesBuild an Information Radiator with Master DashboardsDashboard Things That BreakAlerting on MetricsWhat’s Wrong with Alerts?On-call Should Not Be HellUrgent, Important, and Actionable AlertsTrack Your Alerts, Out-of-Hours Pages, and Wake-upsMetrics Tools and ServicesPrometheusGoogle StackdriverAWS CloudwatchAzure MonitorDatadogNew RelicSummary
Where to Go NextWelcome Aboard

Content preview from Cloud Native DevOps with Kubernetes

Chapter 1. Revolution in the Cloud

There was never a time when the world began, because it goes round and round like a circle, and there is no place on a circle where it begins.
Alan Watts

There’s a revolution going on. Actually, three revolutions.

The first revolution is the creation of the cloud, and we’ll explain what that is and why it’s important. The second is the dawn of DevOps, and you’ll find out what that involves and how it’s changing operations. The third revolution is the coming of containers. Together, these three waves of change are creating a new software world: the cloud native world. The operating system for this world is called Kubernetes.

In this chapter, we’ll briefly recount the history and significance of these revolutions, and explore how the changes are affecting the way we all deploy and operate software. We’ll outline what cloud native means, and what changes you can expect to see in this new world if you work in software development, operations, deployment, engineering, networking, or security.

Thanks to the effects of these interlinked revolutions, we think the future of computing lies in cloud-based, containerized, distributed systems, dynamically managed by automation, on the Kubernetes platform (or something very like it). The art of developing and running these applications—cloud native DevOps—is what we’ll explore in the rest of this book.

If you’re already familiar with all of this background material, and you just want to start having fun with ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

Cloud Native DevOps with Kubernetes, 2nd Edition

Publisher Resources

ISBN: 9781492040750Errata Page Supplemental Content

Cloud Native DevOps with Kubernetes

by John Arundel, Justin Domingus

Chapter 1. Revolution in the Cloud

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

You might also like