book

Kubernetes: Up and Running, 3rd Edition

by Brendan Burns, Joe Beda, Kelsey Hightower, Lachlan Evenson

August 2022

Intermediate to advanced

328 pages

8h 22m

English

O'Reilly Media, Inc.

Book available

Read now

Unlock full access

Includes

Includes Quizzes

Has Sandbox

Who Should Read This BookWhy We Wrote This BookWhy We Updated This BookA Word on Cloud Native Applications TodayNavigating This BookOnline ResourcesConventions Used in This BookUsing Code ExamplesO’Reilly Online LearningHow to Contact UsAcknowledgments
VelocityThe Value of ImmutabilityDeclarative ConfigurationSelf-Healing SystemsScaling Your Service and Your TeamsDecouplingEasy Scaling for Applications and ClustersScaling Development Teams with MicroservicesSeparation of Concerns for Consistency and ScalingAbstracting Your InfrastructureEfficiencyCloud Native EcosystemSummary
Container ImagesBuilding Application Images with DockerDockerfilesOptimizing Image SizesImage SecurityMultistage Image BuildsStoring Images in a Remote RegistryThe Container Runtime InterfaceRunning Containers with DockerExploring the kuard ApplicationLimiting Resource UsageCleanupSummary
Installing Kubernetes on a Public Cloud ProviderInstalling Kubernetes with Google Kubernetes EngineInstalling Kubernetes with Azure Kubernetes ServiceInstalling Kubernetes on Amazon Web ServicesInstalling Kubernetes Locally Using minikubeRunning Kubernetes in DockerThe Kubernetes ClientChecking Cluster StatusListing Kubernetes NodesCluster ComponentsKubernetes ProxyKubernetes DNSKubernetes UISummary
NamespacesContextsViewing Kubernetes API ObjectsCreating, Updating, and Destroying Kubernetes ObjectsLabeling and Annotating ObjectsDebugging CommandsCluster ManagementCommand AutocompletionAlternative Ways of Viewing Your ClusterSummary
Pods in KubernetesThinking with PodsThe Pod ManifestCreating a PodCreating a Pod ManifestRunning PodsListing PodsPod DetailsDeleting a PodAccessing Your PodGetting More Information with LogsRunning Commands in Your Container with execCopying Files to and from ContainersHealth ChecksLiveness ProbeReadiness ProbeStartup ProbeAdvanced Probe ConfigurationOther Types of Health ChecksResource ManagementResource Requests: Minimum Required ResourcesCapping Resource Usage with LimitsPersisting Data with VolumesUsing Volumes with PodsDifferent Ways of Using Volumes with PodsPutting It All TogetherSummary
LabelsApplying LabelsModifying LabelsLabel SelectorsLabel Selectors in API ObjectsLabels in the Kubernetes ArchitectureAnnotationsCleanupSummary
What Is Service Discovery?The Service ObjectService DNSReadiness ChecksLooking Beyond the ClusterLoad Balancer IntegrationAdvanced DetailsEndpointsManual Service Discoverykube-proxy and Cluster IPsCluster IP Environment VariablesConnecting with Other EnvironmentsConnecting to Resources Outside of a ClusterConnecting External Resources to Services Inside a ClusterCleanupSummary
Ingress Spec Versus Ingress ControllersInstalling ContourConfiguring DNSConfiguring a Local hosts FileUsing IngressSimplest UsageUsing HostnamesUsing PathsCleanupAdvanced Ingress Topics and GotchasRunning Multiple Ingress ControllersMultiple Ingress ObjectsIngress and NamespacesPath RewritingServing TLSAlternate Ingress ImplementationsThe Future of IngressSummary
Reconciliation LoopsRelating Pods and ReplicaSetsAdopting Existing ContainersQuarantining ContainersDesigning with ReplicaSetsReplicaSet SpecPod TemplatesLabelsCreating a ReplicaSetInspecting a ReplicaSetFinding a ReplicaSet from a PodFinding a Set of Pods for a ReplicaSetScaling ReplicaSetsImperative Scaling with kubectl scaleDeclaratively Scaling with kubectl applyAutoscaling a ReplicaSetDeleting ReplicaSetsSummary

Your First DeploymentCreating DeploymentsManaging DeploymentsUpdating DeploymentsScaling a DeploymentUpdating a Container ImageRollout HistoryDeployment StrategiesRecreate StrategyRollingUpdate StrategySlowing Rollouts to Ensure Service HealthDeleting a DeploymentMonitoring a DeploymentSummary
DaemonSet SchedulerCreating DaemonSetsLimiting DaemonSets to Specific NodesAdding Labels to NodesNode SelectorsUpdating a DaemonSetDeleting a DaemonSetSummary
The Job ObjectJob PatternsOne ShotParallelismWork QueuesCronJobsSummary
ConfigMapsCreating ConfigMapsUsing a ConfigMapSecretsCreating SecretsConsuming SecretsPrivate Container RegistriesNaming ConstraintsManaging ConfigMaps and SecretsListingCreatingUpdatingSummary
Role-Based Access ControlIdentity in KubernetesUnderstanding Roles and Role BindingsRoles and Role Bindings in KubernetesTechniques for Managing RBACTesting Authorization with can-iManaging RBAC in Source ControlAdvanced TopicsAggregating ClusterRolesUsing Groups for BindingsSummary
Encryption and Authentication with Mutal TLSTraffic ShapingIntrospectionDo You Really Need a Service Mesh?Introspecting a Service Mesh ImplementationService Mesh LandscapeSummary
Importing External ServicesServices Without SelectorsLimitations of External Services: Health CheckingRunning Reliable SingletonsRunning a MySQL SingletonDynamic Volume ProvisioningKubernetes-Native Storage with StatefulSetsProperties of StatefulSetsManually Replicated MongoDB with StatefulSetsAutomating MongoDB Cluster CreationPersistent Volumes and StatefulSetsOne Final Thing: Readiness ProbesSummary
What It Means to Extend KubernetesPoints of ExtensibilityPatterns for Custom ResourcesJust DataCompilersOperatorsGetting StartedSummary
The Kubernetes API: A Client’s PerspectiveOpenAPI and Generated Client LibrariesBut What About kubectl x?Programming the Kubernetes APIInstalling the Client LibrariesAuthenticating to the Kubernetes APIAccessing the Kubernetes APIPutting It All Together: Listing and Creating Pods in Python, Java, and .NETCreating and Patching ObjectsWatching Kubernetes APIs for ChangesInteracting with PodsSummary
Understanding SecurityContextSecurityContext ChallengesPod SecurityWhat Is Pod Security?Applying Pod Security StandardsService Account ManagementRole-Based Access ControlRuntimeClassNetwork PolicyService MeshSecurity Benchmark ToolsImage SecuritySummary
Why Policy and Governance MatterAdmission FlowPolicy and Governance with GatekeeperWhat Is Open Policy Agent?Installing GatekeeperConfiguring PoliciesUnderstanding Constraint TemplatesCreating ConstraintsAuditMutationData ReplicationMetricsPolicy LibrarySummary
Before You Even BeginStarting at the Top with a Load-Balancing ApproachBuilding Applications for Multiple ClustersReplicated Silos: The Simplest Cross-Regional ModelSharding: Regional DataBetter Flexibility: Microservice RoutingSummary
Principles to Guide UsFilesystems as the Source of TruthThe Role of Code ReviewFeature GatesManaging Your Application in Source ControlFilesystem LayoutManaging Periodic VersionsStructuring Your Application for Development, Testing, and DeploymentGoalsProgression of a ReleaseParameterizing Your Application with TemplatesParameterizing with Helm and TemplatesFilesystem Layout for ParameterizationDeploying Your Application Around the WorldArchitectures for Worldwide DeploymentImplementing Worldwide DeploymentDashboards and Monitoring for Worldwide DeploymentsSummary
Parts ListFlashing ImagesFirst BootSetting Up NetworkingInstalling a Container RuntimeInstalling KubernetesSetting Up the ClusterSetting Up Cluster NetworkingSummary

Content preview from Kubernetes: Up and Running, 3rd Edition

Chapter 11. DaemonSets

Deployments and ReplicaSets are generally about creating a service (such as a web server) with multiple replicas for redundancy. But that is not the only reason to replicate a set of Pods within a cluster. Another reason is to schedule a single Pod on every node within the cluster. Generally, the motivation for replicating a Pod to every node is to land some sort of agent or daemon on each node, and the Kubernetes object for achieving this is the DaemonSet.

A DaemonSet ensures that a copy of a Pod is running across a set of nodes in a Kubernetes cluster. DaemonSets are used to deploy system daemons such as log collectors and monitoring agents, which typically must run on every node. DaemonSets share similar functionality with ReplicaSets; both create Pods that are expected to be long-running services and ensure that the desired state and the observed state of the cluster match.

Given the similarities between DaemonSets and ReplicaSets, it’s important to understand when to use one over the other. ReplicaSets should be used when your application is completely decoupled from the node and you can run multiple copies on a given node without special consideration. DaemonSets should be used when a single copy of your application must run on all or a subset of the nodes in the cluster.

You should generally not use scheduling restrictions or other parameters to ensure that Pods do not colocate on the same node. If you find yourself wanting a single Pod per node, ...