book

Managing Kubernetes

by Brendan Burns, Craig Tracey

November 2018

Intermediate to advanced

185 pages

4h 39m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Preface
Who should read This BookWhy we wrote This BookNavigating This BookConventions Used in This BookUsing Code ExamplesO’Reilly SafariHow to Contact UsAcknowledgments
1. Introduction
How the Cluster OperatesAdjust, Secure, and Tune the ClusterResponding When Things Go WrongExtending the System with New and Custom FunctionalitySummary
2. An Overview of Kubernetes
ContainersContainer OrchestrationThe Kubernetes APIBasic Objects: Pods, ReplicaSets, and ServicesOrganizing Your Cluster with Namespaces, Labels, and AnnotationsAdvanced Concepts: Deployments, Ingress, and StatefulSetsBatch Workloads: Job and ScheduledJobCluster Agents and Utilities: DaemonSetsSummary
3. Kubernetes Architecture
ConceptsDeclarative ConfigurationReconciliation or ControllersImplicit or Dynamic GroupingStructureUnix Philosophy of Many ComponentsAPI-Driven InteractionsComponentsHead Node ComponentsComponents On All NodesScheduled ComponentsSummary
4. The Kubernetes API Server
Basic Characteristics for ManageabilityPieces of the API ServerAPI ManagementAPI PathsAPI DiscoveryOpenAPI Spec ServingAPI TranslationRequest ManagementTypes of RequestsLife of a RequestAPI Server InternalsCRD Control LoopDebugging the API ServerBasic LogsAudit LogsActivating Additional LogsDebugging kubectl RequestsSummary
5. Scheduler
An Overview of SchedulingScheduling ProcessPredicatesPrioritiesHigh-Level AlgorithmConflictsControlling Scheduling with Labels, Affinity, Taints, and TolerationsNode SelectorsNode AffinityTaints and TolerationsSummary
6. Installing Kubernetes
kubeadmRequirementskubeletInstalling the Control Planekubeadm ConfigurationPreflight ChecksCertificatesetcdkubeconfigTaintsInstalling Worker NodesAdd-OnsPhasesHigh AvailabilityUpgradesSummary
7. Authentication and User Management
UsersAuthenticationkubeconfigService AccountsSummary
8. Authorization
RESTAuthorizationRole-Based Access ControlRole and ClusterRoleRoleBinding and ClusterRoleBindingTesting AuthorizationSummary
9. Admission Control
ConfigurationCommon ControllersPodSecurityPoliciesResourceQuotaLimitRangeDynamic Admission ControllersValidating Admission ControllersMutating Admission ControllersSummary

10. Networking
Container Network InterfaceChoosing a Plug-inkube-proxyService DiscoveryDNSEnvironment VariablesNetwork PolicyService MeshSummary
11. Monitoring Kubernetes
Goals for MonitoringDifferences Between Logging and MonitoringBuilding a Monitoring StackGetting Data from Your Cluster and ApplicationsAggregating Metrics and Logs from Multiple SourcesStoring Data for Retrieval and QueryingVisualizing and Interacting with Your DataWhat to Monitor?Monitoring MachinesMonitoring KubernetesMonitoring ApplicationsBlackbox MonitoringStreaming LogsAlertingSummary
12. Disaster Recovery
High AvailabilityStateApplication DataPersistent VolumesLocal DataWorker NodesetcdArkSummary
13. Extending Kubernetes
Kubernetes Extension PointsCluster DaemonsUse Cases for Cluster DaemonsInstalling a Cluster DaemonOperational Considerations for Cluster DaemonsHands-On: Example of Creating a Cluster DaemonCluster AssistantsUse Cases for Cluster AssistantsInstalling a Cluster AssistantOperational Considerations for Cluster AssistantsHands-On: Example of Cluster AssistantsExtending the Life Cycle of the API ServerUse Cases for Extending the API Life CycleInstalling API Life Cycle ExtensionsOperational Considerations for Life Cycle ExtensionsHands-On: Example of Life Cycle ExtensionsAdding Custom APIs to KubernetesUse Cases for Adding New APIsCustom Resource Definitions and Aggregated API ServersArchitecture for Custom Resource DefinitionsInstalling Custom Resource DefinitionsOperational Considerations for Custom ResourcesSummary
14. Conclusions
Index

Content preview from Managing Kubernetes

Chapter 4. The Kubernetes API Server

As mentioned in the overview of the Kubernetes components, the API server is the gateway to the Kubernetes cluster. It is the central touch point that is accessed by all users, automation, and components in the Kubernetes cluster. The API server implements a RESTful API over HTTP, performs all API operations, and is responsible for storing API objects into a persistent storage backend. This chapter covers the details of this operation.

Basic Characteristics for Manageability

For all of its complexity, from the standpoint of management, the Kubernetes API server is actually relatively simple to manage. Because all of the API server’s persistent state is stored in a database that is external to the API server, the server itself is stateless and can be replicated to handle request load and for fault tolerance. Typically, in a highly available cluster, the API server is replicated three times.

The API server can be quite chatty in terms of the logs that it outputs. It outputs at least a single line for every request that it receives. Because of this, it is critical that some form of log rolling be added to the API server so that it doesn’t consume all available disk space. However, because the API server logs are essential to understanding the operation of the API server, we highly recommend that logs be shipped from the API server to a log aggregation service for subsequent introspection and querying to debug user or component requests to the ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Managing Cloud Native Data on Kubernetes

Publisher Resources

ISBN: 9781492033905Errata Page

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Managing Kubernetes

by Brendan Burns, Craig Tracey

Chapter 4. The Kubernetes API Server

Basic Characteristics for Manageability

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.