Kubernetes Best Practices, 2nd Edition

Kubernetes Best Practices, 2nd Edition

by Brendan Burns, Eddie Villalba, Dave Strebel, Lachlan Evenson
Released October 2023
Publisher(s): O'Reilly Media, Inc.
ISBN: 9781098142162

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Buy on Amazon Buy on ebooks.com
Start your free trial

Book description

In this practical guide, four Kubernetes professionals with deep experience in distributed systems, enterprise application development, and open source will guide you through the process of building applications with this container orchestration system. They distill decades of experience from companies that are successfully running Kubernetes in production and provide concrete code examples to back the methods presented in this book.

Revised to cover all the latest Kubernetes features, new tooling, and deprecations, this book is ideal for those who are familiar with basic Kubernetes concepts but want to get up to speed on the latest best practices. You'll learn exactly what you need to know to build your best app with Kubernetes the first time.

  • Set up and develop applications in Kubernetes
  • Learn patterns for monitoring, securing your systems, and managing upgrades, rollouts, and rollbacks
  • Integrate services and legacy applications and develop higher-level platforms on top of Kubernetes
  • Run machine learning workloads in Kubernetes
  • Ensure pod and container security
  • Understand issues that have become increasingly critical to the successful implementation of Kubernetes, such as chaos engineering/testing, GitOps, service mesh, and observability

Publisher resources

View/Submit Errata

Table of contents

  1. Preface
    1. Who Should Read This Book
    2. Why We Wrote This Book
    3. Navigating This Book
    4. New to This Edition
    5. Conventions Used in This Book
    6. Using Code Examples
    7. O’Reilly Online Learning
    8. How to Contact Us
    9. Acknowledgments
  2. 1. Setting Up a Basic Service
    1. Application Overview
    2. Managing Configuration Files
    3. Creating a Replicated Service Using Deployments
      1. Best Practices for Image Management
      2. Creating a Replicated Application
    4. Setting Up an External Ingress for HTTP Traffic
    5. Configuring an Application with ConfigMaps
    6. Managing Authentication with Secrets
    7. Deploying a Simple Stateful Database
    8. Creating a TCP Load Balancer by Using Services
    9. Using Ingress to Route Traffic to a Static File Server
    10. Parameterizing Your Application by Using Helm
    11. Deploying Services Best Practices
    12. Summary
  3. 2. Developer Workflows
    1. Goals
    2. Building a Development Cluster
    3. Setting Up a Shared Cluster for Multiple Developers
      1. Onboarding Users
      2. Creating and Securing a Namespace
      3. Managing Namespaces
      4. Cluster-Level Services
    4. Enabling Developer Workflows
      1. Initial Setup
      2. Enabling Active Development
      3. Enabling Testing and Debugging
    5. Setting Up a Development Environment Best Practices
    6. Summary
  4. 3. Monitoring and Logging in Kubernetes
    1. Metrics Versus Logs
    2. Monitoring Techniques
    3. Monitoring Patterns
    4. Kubernetes Metrics Overview
      1. cAdvisor
      2. Metrics Server
      3. kube-state-metrics
    5. What Metrics Do I Monitor?
    6. Monitoring Tools
    7. Monitoring Kubernetes Using Prometheus
    8. Logging Overview
    9. Tools for Logging
    10. Logging by Using a Loki-Stack
    11. Alerting
    12. Best Practices for Monitoring, Logging, and Alerting
      1. Monitoring
      2. Logging
      3. Alerting
    13. Summary
  5. 4. Configuration, Secrets, and RBAC
    1. Configuration Through ConfigMaps and Secrets
      1. ConfigMaps
      2. Secrets
    2. Common Best Practices for the ConfigMap and Secrets APIs
    3. Best Practices Specific to Secrets
    4. RBAC
      1. RBAC Primer
      2. RBAC Best Practices
    5. Summary
  6. 5. Continuous Integration, Testing, and Deployment
    1. Version Control
    2. Continuous Integration
    3. Testing
    4. Container Builds
    5. Container Image Tagging
    6. Continuous Deployment
    7. Deployment Strategies
    8. Testing in Production
    9. Setting Up a Pipeline and Performing a Chaos Experiment
      1. Setting Up CI
      2. Setting Up CD
      3. Performing a Rolling Upgrade
      4. A Simple Chaos Experiment
    10. Best Practices for CI/CD
    11. Summary
  7. 6. Versioning, Releases, and Rollouts
    1. Versioning
    2. Releases
    3. Rollouts
    4. Putting It All Together
    5. Best Practices for Versioning, Releases, and Rollouts
    6. Summary
  8. 7. Worldwide Application Distribution and Staging
    1. Distributing Your Image
    2. Parameterizing Your Deployment
    3. Load-Balancing Traffic Around the World
    4. Reliably Rolling Out Software Around the World
      1. Pre-Rollout Validation
      2. Canary Region
      3. Identifying Region Types
      4. Constructing a Global Rollout
    5. When Something Goes Wrong
    6. Worldwide Rollout Best Practices
    7. Summary
  9. 8. Resource Management
    1. Kubernetes Scheduler
      1. Predicates
      2. Priorities
    2. Advanced Scheduling Techniques
      1. Pod Affinity and Anti-Affinity
      2. nodeSelector
      3. Taints and Tolerations
    3. Pod Resource Management
      1. Resource Request
      2. Resource Limits and Pod Quality of Service
      3. PodDisruptionBudgets
      4. Managing Resources by Using Namespaces
      5. ResourceQuota
      6. LimitRange
      7. Cluster Scaling
      8. Application Scaling
      9. Scaling with HPA
      10. HPA with Custom Metrics
      11. Vertical Pod Autoscaler
    4. Resource Management Best Practices
    5. Summary
  10. 9. Networking, Network Security, and Service Mesh
    1. Kubernetes Network Principles
    2. Network Plug-ins
      1. Kubenet
      2. Kubenet Best Practices
      3. The CNI Plug-in
      4. CNI Best Practices
    3. Services in Kubernetes
      1. Service Type ClusterIP
      2. Service Type NodePort
      3. Service Type ExternalName
      4. Service Type LoadBalancer
      5. Ingress and Ingress Controllers
      6. Gateway API
      7. Services and Ingress Controllers Best Practices
    4. Network Security Policy
    5. Network Policy Best Practices
    6. Service Meshes
    7. Service Mesh Best Practices
    8. Summary
  11. 10. Pod and Container Security
    1. Pod Security Admission Controller
      1. Enabling Pod Security Admission
      2. Pod Security levels
      3. Activating Pod Security Using Namespace Labels
    2. Workload Isolation and RuntimeClass
      1. Using RuntimeClass
      2. Runtime Implementations
      3. Workload Isolation and RuntimeClass Best Practices
    3. Other Pod and Container Security Considerations
      1. Admission Controllers
      2. Intrusion and Anomaly Detection Tooling
    4. Summary
  12. 11. Policy and Governance for Your Cluster
    1. Why Policy and Governance Are Important
    2. How Is This Policy Different?
    3. Cloud Native Policy Engine
    4. Introducing Gatekeeper
      1. Example Policies
      2. Gatekeeper Terminology
      3. Defining Constraint Templates
      4. Defining Constraints
      5. Data Replication
      6. UX
    5. Using Enforcement Action and Audit
      1. Mutation
      2. Testing Policies
      3. Becoming Familiar with Gatekeeper
    6. Policy and Governance Best Practices
    7. Summary
  13. 12. Managing Multiple Clusters
    1. Why Multiple Clusters?
    2. Multicluster Design Concerns
    3. Managing Multiple Cluster Deployments
    4. Deployment and Management Patterns
    5. The GitOps Approach to Managing Clusters
    6. Multicluster Management Tools
    7. Kubernetes Federation
    8. Managing Multiple Clusters Best Practices
    9. Summary
  14. 13. Integrating External Services with Kubernetes
    1. Importing Services into Kubernetes
      1. Selector-Less Services for Stable IP Addresses
      2. CNAME-Based Services for Stable DNS Names
      3. Active Controller-Based Approaches
    2. Exporting Services from Kubernetes
      1. Exporting Services by Using Internal Load Balancers
      2. Exporting Services on NodePorts
      3. Integrating External Machines and Kubernetes
    3. Sharing Services Between Kubernetes
    4. Third-Party Tools
    5. Connecting Cluster and External Services Best Practices
    6. Summary
  15. 14. Running Machine Learning in Kubernetes
    1. Why Is Kubernetes Great for Machine Learning?
    2. Machine Learning Workflow
    3. Machine Learning for Kubernetes Cluster Admins
      1. Model Training on Kubernetes
      2. Distributed Training on Kubernetes
      3. Resource Constraints
      4. Specialized Hardware
      5. Libraries, Drivers, and Kernel Modules
      6. Storage
      7. Networking
      8. Specialized Protocols
    4. Data Scientist Concerns
    5. Machine Learning on Kubernetes Best Practices
    6. Summary
  16. 15. Building Higher-Level Application Patterns on Top of Kubernetes
    1. Approaches to Developing Higher-Level Abstractions
    2. Extending Kubernetes
      1. Extending Kubernetes Clusters
      2. Extending the Kubernetes User Experience
      3. Making Containerized Development Easier
      4. Developing a “Push-to-Deploy” Experience
    3. Design Considerations When Building Platforms
      1. Support Exporting to a Container Image
      2. Support Existing Mechanisms for Service and Service Discovery
    4. Building Application Platforms Best Practices
    5. Summary
  17. 16. Managing State and Stateful Applications
    1. Volumes and Volume Mounts
    2. Volume Best Practices
    3. Kubernetes Storage
      1. PersistentVolume
      2. PersistentVolumeClaims
      3. StorageClasses
      4. Kubernetes Storage Best Practices
    4. Stateful Applications
      1. StatefulSets
      2. Operators
      3. StatefulSet and Operator Best Practices
    5. Summary
  18. 17. Admission Control and Authorization
    1. Admission Control
      1. What Are They?
      2. Why Are They Important?
      3. Admission Controller Types
      4. Configuring Admission Webhooks
      5. Admission Control Best Practices
    2. Authorization
      1. Authorization Modules
      2. Authorization Best Practices
    3. Summary
  19. 18. GitOps and Deployment
    1. What Is GitOps?
    2. Why GitOps?
    3. GitOps Repo Structure
    4. Managing Secrets
    5. Setting Up Flux
    6. GitOps Tooling
    7. GitOps Best Practices
    8. Summary
  20. 19. Security
    1. Cluster Security
      1. etcd Access
      2. Authentication
      3. Authorization
      4. TLS
      5. Kubelet and Cloud Metadata Access
      6. Secrets
      7. Logging and Auditing
      8. Cluster Security Posture Tooling
    2. Cluster Security Best Practices
    3. Workload Container Security
      1. Pod Security Admission
      2. Seccomp, AppArmor, and SELinux
      3. Admission Controllers
      4. Operators
      5. Network Policy
      6. Runtime Security
      7. Workload Container Security Best Practices
    4. Code Security
      1. Non-Root and Distroless Containers
      2. Container Vulnerability Scanning
      3. Code Repository Security
    5. Code Security Best Practices
    6. Summary
  21. 20. Chaos Testing, Load Testing, and Experiments
    1. Chaos Testing
      1. Goals for Chaos Testing
      2. Prerequisites for Chaos Testing
      3. Chaos Testing Your Application’s Communication
      4. Chaos Testing Your Application’s Operation
      5. Fuzz Testing Your Application for Security and Resiliency
      6. Summary
    2. Load Testing
      1. Goals for Load Testing
      2. Prerequisites for Load Testing
      3. Generating Realistic Traffic
      4. Load Testing Your Application
      5. Tuning Your Application Using Load Tests
      6. Summary
    3. Experiments
      1. Goals for Experiments
      2. Prerequisites for an Experiment
      3. Setting Up an Experiment
      4. Summary
    4. Chaos Testing, Load Testing, and Experiments Summary
  22. 21. Implementing an Operator
    1. Operator Key Components
    2. Custom Resource Definitions
    3. Creating Our API
    4. Controller Reconciliation
    5. Resource Validation
    6. Controller Implementation
    7. Operator Life Cycle
      1. Version Upgrades
      2. Operator Best Practices
    8. Summary
  23. 22. Conclusion
  24. Index
  25. About the Authors

Product information

  • Title: Kubernetes Best Practices, 2nd Edition
  • Author(s): Brendan Burns, Eddie Villalba, Dave Strebel, Lachlan Evenson
  • Release date: October 2023
  • Publisher(s): O'Reilly Media, Inc.
  • ISBN: 9781098142162