book

Managing Kubernetes

by Brendan Burns, Craig Tracey

November 2018

Intermediate to advanced

185 pages

4h 39m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Who should read This BookWhy we wrote This BookNavigating This BookConventions Used in This BookUsing Code ExamplesO’Reilly SafariHow to Contact UsAcknowledgments
How the Cluster OperatesAdjust, Secure, and Tune the ClusterResponding When Things Go WrongExtending the System with New and Custom FunctionalitySummary
ContainersContainer OrchestrationThe Kubernetes APIBasic Objects: Pods, ReplicaSets, and ServicesOrganizing Your Cluster with Namespaces, Labels, and AnnotationsAdvanced Concepts: Deployments, Ingress, and StatefulSetsBatch Workloads: Job and ScheduledJobCluster Agents and Utilities: DaemonSetsSummary
ConceptsDeclarative ConfigurationReconciliation or ControllersImplicit or Dynamic GroupingStructureUnix Philosophy of Many ComponentsAPI-Driven InteractionsComponentsHead Node ComponentsComponents On All NodesScheduled ComponentsSummary
Basic Characteristics for ManageabilityPieces of the API ServerAPI ManagementAPI PathsAPI DiscoveryOpenAPI Spec ServingAPI TranslationRequest ManagementTypes of RequestsLife of a RequestAPI Server InternalsCRD Control LoopDebugging the API ServerBasic LogsAudit LogsActivating Additional LogsDebugging kubectl RequestsSummary
An Overview of SchedulingScheduling ProcessPredicatesPrioritiesHigh-Level AlgorithmConflictsControlling Scheduling with Labels, Affinity, Taints, and TolerationsNode SelectorsNode AffinityTaints and TolerationsSummary
kubeadmRequirementskubeletInstalling the Control Planekubeadm ConfigurationPreflight ChecksCertificatesetcdkubeconfigTaintsInstalling Worker NodesAdd-OnsPhasesHigh AvailabilityUpgradesSummary
UsersAuthenticationkubeconfigService AccountsSummary
RESTAuthorizationRole-Based Access ControlRole and ClusterRoleRoleBinding and ClusterRoleBindingTesting AuthorizationSummary
ConfigurationCommon ControllersPodSecurityPoliciesResourceQuotaLimitRangeDynamic Admission ControllersValidating Admission ControllersMutating Admission ControllersSummary

Container Network InterfaceChoosing a Plug-inkube-proxyService DiscoveryDNSEnvironment VariablesNetwork PolicyService MeshSummary
Goals for MonitoringDifferences Between Logging and MonitoringBuilding a Monitoring StackGetting Data from Your Cluster and ApplicationsAggregating Metrics and Logs from Multiple SourcesStoring Data for Retrieval and QueryingVisualizing and Interacting with Your DataWhat to Monitor?Monitoring MachinesMonitoring KubernetesMonitoring ApplicationsBlackbox MonitoringStreaming LogsAlertingSummary
High AvailabilityStateApplication DataPersistent VolumesLocal DataWorker NodesetcdArkSummary
Kubernetes Extension PointsCluster DaemonsUse Cases for Cluster DaemonsInstalling a Cluster DaemonOperational Considerations for Cluster DaemonsHands-On: Example of Creating a Cluster DaemonCluster AssistantsUse Cases for Cluster AssistantsInstalling a Cluster AssistantOperational Considerations for Cluster AssistantsHands-On: Example of Cluster AssistantsExtending the Life Cycle of the API ServerUse Cases for Extending the API Life CycleInstalling API Life Cycle ExtensionsOperational Considerations for Life Cycle ExtensionsHands-On: Example of Life Cycle ExtensionsAdding Custom APIs to KubernetesUse Cases for Adding New APIsCustom Resource Definitions and Aggregated API ServersArchitecture for Custom Resource DefinitionsInstalling Custom Resource DefinitionsOperational Considerations for Custom ResourcesSummary

Content preview from Managing Kubernetes

Chapter 4. The Kubernetes API Server

As mentioned in the overview of the Kubernetes components, the API server is the gateway to the Kubernetes cluster. It is the central touch point that is accessed by all users, automation, and components in the Kubernetes cluster. The API server implements a RESTful API over HTTP, performs all API operations, and is responsible for storing API objects into a persistent storage backend. This chapter covers the details of this operation.

Basic Characteristics for Manageability

For all of its complexity, from the standpoint of management, the Kubernetes API server is actually relatively simple to manage. Because all of the API server’s persistent state is stored in a database that is external to the API server, the server itself is stateless and can be replicated to handle request load and for fault tolerance. Typically, in a highly available cluster, the API server is replicated three times.

The API server can be quite chatty in terms of the logs that it outputs. It outputs at least a single line for every request that it receives. Because of this, it is critical that some form of log rolling be added to the API server so that it doesn’t consume all available disk space. However, because the API server logs are essential to understanding the operation of the API server, we highly recommend that logs be shipped from the API server to a log aggregation service for subsequent introspection and querying to debug user or component requests to the ...