O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Mastering Kubernetes

Book Description

Exploit design, deployment, and management of large-scale containers

About This Book
  • Explore the latest features available in Kubernetes 1.10
  • Ensure that your clusters are always available, scalable, and up to date
  • Master the skills of designing and deploying large clusters on various cloud platforms
Who This Book Is For

Mastering Kubernetes is for you if you are a system administrator or a developer who has an intermediate understanding of Kubernetes and wish to master its advanced features. Basic knowledge of networking would also be helpful. In all, this advanced-level book provides a smooth pathway to mastering Kubernetes.

What You Will Learn
  • Architect a robust Kubernetes cluster for long-time operation
  • Discover the advantages of running Kubernetes on GCE, AWS, Azure, and bare metal
  • Understand the identity model of Kubernetes, along with the options for cluster federation
  • Monitor and troubleshoot Kubernetes clusters and run a highly available Kubernetes
  • Create and configure custom Kubernetes resources and use third-party resources in your automation workflows
  • Enjoy the art of running complex stateful applications in your container environment
  • Deliver applications as standard packages
In Detail

Kubernetes is an open source system that is used to automate the deployment, scaling, and management of containerized applications. If you are running more containers or want automated management of your containers, you need Kubernetes at your disposal. To put things into perspective, Mastering Kubernetes walks you through the advanced management of Kubernetes clusters.

To start with, you will learn the fundamentals of both Kubernetes architecture and Kubernetes design in detail. You will discover how to run complex stateful microservices on Kubernetes including advanced features such as horizontal pod autoscaling, rolling updates, resource quotas, and persistent storage backend. Using real-world use cases, you will explore the options for network configuration, and understand how to set up, operate, and troubleshoot various Kubernetes networking plugins. In addition to this, you will get to grips with custom resource development and utilization in automation and maintenance workflows.

To scale up your knowledge of Kubernetes, you will encounter some additional concepts based on the Kubernetes 1.10 release, such as Promethus, Role-based access control, API aggregation, and more. By the end of this book, you'll know everything you need to graduate from intermediate to advanced level of understanding Kubernetes.

Style and approach

Delving into the design of the Kubernetes platform, the reader will be exposed to Kubernetes advanced features and best practices. This advanced-level book will provide a pathway to mastering Kubernetes.

Downloading the example code for this book You can download the example code files for all Packt books you have purchased from your account at http://www.PacktPub.com. If you purchased this book elsewhere, you can visit http://www.PacktPub.com/support and register to have the files e-mailed directly to you.

Table of Contents

  1. Title Page
  2. Copyright and Credits
    1. Mastering Kubernetes Second Edition
  3. Packt Upsell
    1. Why subscribe?
    2. PacktPub.com
  4. Contributors
    1. About the author
    2. About the reviewers
    3. Packt is searching for authors like you
  5. Preface
    1. Who this book is for
    2. What this book covers
    3. To get the most out of this book
      1. Download the color images
      2. Conventions used
    4. Get in touch
      1. Reviews
  6. Understanding Kubernetes Architecture
    1. What is Kubernetes?
    2. What Kubernetes is not
    3. Understanding container orchestration
      1. Physical machines, virtual machines, and containers
      2. The benefits of containers
      3. Containers in the cloud
      4. Cattle versus pets
    4. Kubernetes concepts
      1. Cluster
      2. Node
      3. Master
      4. Pod
      5. Label
      6. Annotations
      7. Label selectors
      8. Replication controllers and replica sets
      9. Services
      10. Volume
      11. StatefulSet
      12. Secrets
      13. Names
      14. Namespaces
    5. Diving into Kubernetes architecture in-depth
      1. Distributed systems design patterns
        1. Sidecar pattern
        2. Ambassador pattern
        3. Adapter pattern
        4. Multinode patterns
    6. The Kubernetes APIs
      1. Resource categories
        1. Workloads API
        2. Discovery and load balancing
        3. Config and storage
        4. Metadata
        5. Cluster
    7. Kubernetes components
      1. Master components
        1. API server
        2. Etcd
        3. Kube controller manager
        4. Cloud controller manager
        5. Kube-scheduler
        6. DNS
        7. Node components
        8. Proxy
        9. Kubelet
    8. Kubernetes runtimes
      1. The Container Runtime Interface (CRI)
      2. Docker
      3. Rkt
        1. App container
        2. Cri-O
        3. Rktnetes
        4. Is rkt ready for use in production?
      4. Hyper containers
        1. Stackube
    9. Continuous integration and deployment
      1. What is a CI/CD pipeline?
      2. Designing a CI/CD pipeline for Kubernetes
    10. Summary
  7. Creating Kubernetes Clusters
    1. A quick single-node cluster with Minikube
      1. Getting ready
      2. On Windows
      3. On macOS
      4. Creating the cluster
      5. Troubleshooting
      6. Checking out the cluster
      7. Doing work
      8. Examining the cluster with the dashboard
    2. Creating a multinode cluster using kubeadm
      1. Setting expectations
      2. Getting ready
      3. Preparing a cluster of vagrant VMs
      4. Installing the required software
        1. The host file
        2. The vars.yml file
        3. The playbook.yml file
      5. Creating the cluster
        1. Initializing the master
      6. Setting up the pod network
      7. Adding the worker nodes
    3. Creating clusters in the cloud (GCP, AWS, and Azure)
      1. The cloud-provider interface
      2. Google Cloud Platform (GCP)
      3. Amazon Web Services (AWS)
        1. Amazon Elastic Container Service for Kubernetes (EKS)
        2. Fargate
      4. Azure
      5. Alibaba Cloud
    4. Creating a bare-metal cluster from scratch
      1. Use cases for bare metal
      2. When should you consider creating a bare-metal cluster?
    5. The process
    6. Using virtual private cloud infrastructure
      1. Bootkube
    7. Summary
  8. Monitoring, Logging, and Troubleshooting
    1. Monitoring Kubernetes with Heapster
      1. cAdvisor
    2. Installing Heapster
    3. InfluxDB backend
      1. The storage schema
        1. CPU
        2. Filesystem
        3. Memory
        4. Network
        5. Uptime
      2. Grafana visualization
    4. Performance analysis with the dashboard
      1. Top-level view
        1. Cluster
        2. Workloads
        3. Discovery and load balancing
      2. Adding central logging
        1. Planning central logging
        2. Fluentd
        3. Elasticsearch
        4. Kibana
    5. Detecting node problems
      1. Node problem detector
      2. DaemonSet
      3. Problem daemons
    6. Troubleshooting scenarios
    7. Designing robust systems
    8. Hardware failure
      1. Quotas, shares, and limits
      2. Bad configuration
      3. Cost versus performance
        1. Managing cost on the cloud
        2. Managing cost on bare metal
        3. Managing cost on hybrid clusters
    9. Using Prometheus
      1. What are operators?
      2. The Prometheus Operator
      3. Installing Prometheus with kube-prometheus
      4. Monitoring your cluster with Prometheus
    10. Summary
  9. High Availability and Reliability
    1. High-availability concepts
      1. Redundancy
      2. Hot swapping
      3. Leader election
      4. Smart load balancing
      5. Idempotency
      6. Self-healing
    2. High-availability best practices
      1. Creating highly available clusters
      2. Making your nodes reliable
      3. Protecting your cluster state
        1. Clustering etcd
          1. Installing the etcd operator
          2. Creating the etcd cluster
        2. Verifying the etcd cluster
      4. Protecting your data
      5. Running redundant API servers
      6. Running leader election with Kubernetes
        1. Leader election for your application
      7. Making your staging environment highly available
      8. Testing high availability
    3. Live cluster upgrades
      1. Rolling upgrades
        1. Complex deployments
      2. Blue-green upgrades
      3. Managing data-contract changes
      4. Migrating data
      5. Deprecating APIs
    4. Large-cluster performance, cost, and design trade-offs
      1. Availability requirements
      2. Best effort
      3. Maintenance windows
      4. Quick recovery
      5. Zero-downtime
      6. Performance and data consistency
    5. Summary
  10. Configuring Kubernetes Security, Limits, and Accounts
    1. Understanding Kubernetes security challenges
      1. Node challenges
      2. Image challenges
      3. Configuration and deployment challenges
      4. Pod and container challenges
      5. Organizational, cultural, and process challenges
    2. Hardening Kubernetes
      1. Understanding service accounts in Kubernetes
        1. How does Kubernetes manage service accounts?
      2. Accessing the API server
        1. Authenticating users
          1. Impersonation
        2. Authorizing requests
        3. Using admission control plugins
      3. Securing pods
        1. Using a private image repository
        2. ImagePullSecrets
        3. Specifying a security context
        4. Protecting your cluster with AppArmor
          1. Requirements
          2. Securing a pod with AppArmor
          3. Writing AppArmor profiles
        5. Pod security policies
        6. Authorizing pod security policies through RBAC
      4. Managing network policies
        1. Choosing a supported networking solution
        2. Defining a network policy
        3. Limiting Egress to external networks
        4. Cross-namespace policies
      5. Using secrets
        1. Storing secrets in Kubernetes
        2. Configuring encryption at Rest
        3. Creating secrets
        4. Decoding secrets
        5. Using secrets in a container
    3. Running a multiuser cluster
      1. The case for a multiuser cluster
      2. Using namespaces for safe multitenancy
      3. Avoiding namespace pitfalls
    4. Summary
  11. Using Critical Kubernetes Resources
    1. Designing the Hue platform
      1. Defining the scope of Hue
        1. Hue components
        2. Hue microservices
      2. Planning workflows
        1. Automatic workflows
        2. Human workflows
        3. Budget-aware workflows
    2. Using Kubernetes to build the Hue platform
      1. Using Kubectl effectively
      2. Understanding Kubectl resource configuration files
      3. Deploying long-running microservices in pods
        1. Creating pods
        2. Decorating pods with labels
        3. Deploying long-running processes with deployments
        4. Updating a deployment
    3. Separating internal and external services
      1. Deploying an internal service
      2. Creating the hue-reminders service
      3. Exposing a service externally
        1. Ingress
    4. Using namespace to limit access
    5. Launching jobs
      1. Running jobs in parallel
      2. Cleaning up completed jobs
      3. Scheduling cron jobs
    6. Mixing non-cluster components
      1. Outside-the-cluster-network components
      2. Inside-the-cluster-network components
      3. Managing the Hue platform with Kubernetes
        1. Using liveness probes to ensure your containers are alive
      4. Using readiness probes to manage dependencies
    7. Employing Init Containers for orderly pod bring-up
      1. Sharing with DaemonSet pods
    8. Evolving the Hue platform with Kubernetes
      1. Utilizing Hue in enterprises
      2. Advancing science with Hue
      3. Educating the kids of the future with Hue
    9. Summary
  12. Handling Kubernetes Storage
    1. Persistent volumes walk-through
      1. Volumes
        1. Using emptyDir for intra-pod communication
        2. Using HostPath for intra-node communication
        3. Using local volumes for durable node storage
        4. Provisioning persistent volumes
      2. Creating persistent volumes
        1. Capacity
        2. Volume mode
        3. Access modes
        4. Reclaim policy
        5. Storage class
        6. Volume type
      3. Making persistent volume claims
      4. Mounting claims as volumes
      5. Raw block volumes
      6. Storage classes
        1. Default storage class
      7. Demonstrating persistent volume storage end to end
    2. Public storage volume types – GCE, AWS, and Azure
      1. AWS Elastic Block Store (EBS)
      2. AWS Elastic File System
      3. GCE persistent disk
      4. Azure data disk
      5. Azure file storage
    3. GlusterFS and Ceph volumes in Kubernetes
      1. Using GlusterFS
        1. Creating endpoints
        2. Adding a GlusterFS Kubernetes service
        3. Creating pods
      2. Using Ceph
        1. Connecting to Ceph using RBD
        2. Connecting to Ceph using CephFS
    4. Flocker as a clustered container data volume manager
    5. Integrating enterprise storage into Kubernetes
    6. Projecting volumes
    7. Using out-of-tree volume plugins with FlexVolume
    8. The Container Storage Interface
    9. Summary
  13. Running Stateful Applications with Kubernetes
    1. Stateful versus stateless applications in Kubernetes
      1. Understanding the nature of distributed data-intensive apps
      2. Why manage state in Kubernetes?
      3. Why manage state outside of Kubernetes?
    2. Shared environment variables versus DNS records for discovery
      1. Accessing external data stores via DNS
      2. Accessing external data stores via environment variables
        1. Creating a ConfigMap
      3. Consuming a ConfigMap as an environment variable
      4. Using a redundant in-memory state
      5. Using DaemonSet for redundant persistent storage
      6. Applying persistent volume claims
      7. Utilizing StatefulSet
        1. When to use StatefulSet
        2. The components of StatefulSet
    3. Running a Cassandra cluster in Kubernetes
      1. Quick introduction to Cassandra
      2. The Cassandra Docker image
        1. Exploring the run.sh script
      3. Hooking up Kubernetes and Cassandra
        1. Digging into the Cassandra configuration
        2. The custom seed provider
      4. Creating a Cassandra headless service
      5. Using StatefulSet to create the Cassandra cluster
        1. Dissecting the stateful set configuration file
      6. Using a replication controller to distribute Cassandra
        1. Dissecting the replication controller configuration file
        2. Assigning pods to nodes
      7. Using DaemonSet to distribute Cassandra
    4. Summary
  14. Rolling Updates, Scalability, and Quotas
    1. Horizontal pod autoscaling
      1. Declaring horizontal pod autoscaler
      2. Custom metrics
        1. Using custom metrics
      3. Autoscaling with kubectl
    2. Performing rolling updates with autoscaling
    3. Handling scarce resources with limits and quotas
      1. Enabling resource quotas
      2. Resource quota types
        1. Compute resource quota
        2. Storage resource quota
        3. Object count quota
      3. Quota scopes
      4. Requests and limits
      5. Working with quotas
        1. Using namespace-specific context
        2. Creating quotas
        3. Using limit ranges for default compute quotas
    4. Choosing and managing the cluster capacity
      1. Choosing your node types
      2. Choosing your storage solutions
      3. Trading off cost and response time
      4. Using effectively multiple node configurations
      5. Benefiting from elastic cloud resources
        1. Autoscaling instances
        2. Mind your cloud quotas
        3. Manage regions carefully
      6. Considering Hyper.sh (and AWS Fargate)
    5. Pushing the envelope with Kubernetes
      1. Improving the performance and scalability of Kubernetes
        1. Caching reads in the API server
        2. The pod life cycle event generator
        3. Serializing API objects with protocol buffers
        4. etcd3
        5. Other optimizations
      2. Measuring the performance and scalability of Kubernetes
        1. The Kubernetes SLOs
        2. Measuring API responsiveness
        3. Measuring end-to-end pod startup time
      3. Testing Kubernetes at scale
        1. Introducing the Kubemark tool
        2. Setting up a Kubemark cluster
        3. Comparing a Kubemark cluster to a real-world cluster
    6. Summary
  15. Advanced Kubernetes Networking
    1. Understanding the Kubernetes networking model
      1. Intra-pod communication (container to container)
      2. Inter-pod communication (pod to pod)
      3. Pod-to-service communication
      4. External access
      5. Kubernetes networking versus Docker networking
      6. Lookup and discovery
        1. Self-registration
        2. Services and endpoints
        3. Loosely coupled connectivity with queues
        4. Loosely coupled connectivity with data stores
        5. Kubernetes ingress
      7. Kubernetes network plugins
        1. Basic Linux networking
        2. IP addresses and ports
        3. Network namespaces
        4. Subnets, netmasks, and CIDRs
        5. Virtual Ethernet devices
        6. Bridges
        7. Routing
        8. Maximum transmission unit
        9. Pod networking
        10. Kubenet
          1. Requirements
          2. Setting the MTU
        11. Container Networking Interface (CNI)
          1. Container runtime
          2. CNI plugin
    2. Kubernetes networking solutions
      1. Bridging on bare metal clusters
      2. Contiv
      3. Open vSwitch
      4. Nuage networks VCS
      5. Canal
      6. Flannel
      7. Calico project
      8. Romana
      9. Weave net
    3. Using network policies effectively
      1. Understanding the Kubernetes network policy design
      2. Network policies and CNI plugins
      3. Configuring network policies
      4. Implementing network policies
    4. Load balancing options
      1. External load balancer
        1. Configuring an external load balancer
          1. Via configuration file
          2. Via Kubectl
        2. Finding the load balancer IP addresses
        3. Preserving client IP addresses
          1. Specifying original client IP address preservation
        4. Understanding potential in even external load balancing
      2. Service load balancer
      3. Ingress
        1. HAProxy
        2. Utilizing the NodePort
        3. Custom load balancer provider using HAProxy
        4. Running HAProxy Inside the Kubernetes cluster
        5. Keepalived VIP
    5. Træfic
    6. Writing your own CNI plugin
      1. First look at the loopback plugin
        1. Building on the CNI plugin skeleton
        2. Reviewing the bridge plugin
    7. Summary
  16. Running Kubernetes on Multiple Clouds and Cluster Federation
    1. Understanding cluster federation
      1. Important use cases for cluster federation
        1. Capacity overflow
        2. Sensitive workloads
        3. Avoiding vendor lock-in
        4. Geo-distributing high availability
      2. The federation control plane
        1. Federation API server
        2. Federation controller manager
      3. Federated resources
        1. Federated ConfigMap
          1. Creating a federated ConfigMap
          2. Viewing a federated ConfigMap
          3. Updating a federated ConfigMap
          4. Deleting a federated ConfigMap
        2. Federated DaemonSet
        3. Federated Deployment
        4. Federated Events
        5. Federated Horizontal Pod Scaling
        6. Federated ingress
          1. Creating federated ingress
          2. Request routing with federated ingress
          3. Handling failures with federated ingress
        7. Federated job
        8. Federated namespace
        9. Federated ReplicaSet
        10. Federated secrets
      4. The hard parts
        1. Federated unit of work
        2. Location affinity
          1. Strictly-coupled
          2. Loosely-coupled
          3. Preferentially-coupled
          4. Strictly-decoupled
          5. Uniformly-spread
        3. Cross-cluster scheduling
        4. Federated data access
        5. Federated auto-scaling
    2. Managing a Kubernetes cluster federation
      1. Setting up cluster federation from the ground up
      2. Initial setup
      3. Using the official Hyperkube image
      4. Running the federation control plane
      5. Registering Kubernetes clusters with the federation
      6. Updating KubeDNS
      7. Shutting down the federation
      8. Setting up cluster federation with Kubefed
        1. Getting Kubefed
        2. Choosing a host cluster
        3. Deploying a federation control plane
        4. Adding a cluster to a federation
          1. Naming rules and customization
          2. Secret name
          3. Removing a cluster from a federation
          4. Shutting down the federation
        5. Cascading delete of resources
        6. Load balancing across multiple clusters
        7. Failing over across multiple clusters
        8. Federated service discovery
        9. Federated migration
    3. Running federated workloads
      1. Creating a federated service
      2. Adding backend pods
      3. Verifying public DNS records
      4. Discovering a federated service
        1. DNS expansion
      5. Handling failures of backend pods and whole clusters
      6. Troubleshooting
        1. Unable to connect to federation API server
        2. Federated service is created successfully but no service is created in the underlying clusters
    4. Summary
  17. Customizing Kubernetes – API and Plugins
    1. Working with the Kubernetes API
      1. Understanding OpenAPI
      2. Setting up a proxy
      3. Exploring the Kubernetes API directly
        1. Using Postman to explore the Kubernetes API
        2. Filtering the output with httpie and jq
      4. Creating a pod via the Kubernetes API
      5. Accessing the Kubernetes API via the Python client
        1. Dissecting the CoreV1API group
        2. Listing objects
        3. Creating objects
        4. Watching objects
        5. Invoking Kubectl programmatically
        6. Using Python subprocess to run Kubectl
    2. Extending the Kubernetes API
      1. Understanding the structure of a custom resource
      2. Developing custom resource definitions
      3. Integrating custom resources
        1. Finalizing custom resources
        2. Validating custom resources
      4. Understanding API server aggregation
      5. Utilizing the service catalog
    3. Writing Kubernetes plugins
      1. Writing a custom scheduler plugin
        1. Understanding the design of the Kubernetes scheduler
          1. The scheduler
          2. Registering an algorithm provider
          3. Configuring the scheduler
        2. Packaging the scheduler
        3. Deploying the custom scheduler
        4. Running another custom scheduler in the cluster
        5. Assigning pods to the custom scheduler
        6. Verifying that the pods were scheduled using the custom scheduler
    4. Employing access control webhooks
      1. Using an authentication webhook
      2. Using an authorization webhook
      3. Using an admission control webhook
        1. Configuring webhook admission controller on the fly
      4. Providing custom metrics for horizontal pod autoscaling
      5. Extending Kubernetes with custom storage
        1. Taking advantage of FlexVolume
        2. Benefitting from CSI
    5. Summary
  18. Handling the Kubernetes Package Manager
    1. Understanding Helm
      1. The motivation for Helm
      2. The Helm architecture
      3. Helm components
        1. The Tiller server
        2. The Helm client
    2. Using Helm
      1. Installing Helm
        1. Installing the Helm client
        2. Installing the Tiller server
          1. Installing Tiller in-cluster
          2. Installing Tiller locally
          3. Using Alternative Storage Backend
      2. Finding charts
      3. Installing packages
        1. Checking installation status
        2. Customizing a chart
        3. Additional installation options
        4. Upgrading and rolling back a release
        5. Deleting a release
      4. Working with repositories
      5. Managing charts with Helm
        1. Taking advantage of starter packs
    3. Creating your own charts
      1. The Chart.yaml file
        1. Versioning charts
        2. The appVersion field
        3. Deprecating charts
      2. Chart metadata files
      3. Managing chart dependencies
        1. Managing dependencies with requirements.yaml
        2. Using special fields in requirements.yaml
      4. Using templates and values
        1. Writing template files
          1. Using pipelines and functions
        2. Embedding predefined values
        3. Feeding values from a file
        4. Scope, dependencies, and values
    4. Summary
  19. The Future of Kubernetes
    1. The road ahead
      1. Kubernetes releases and milestones
      2. Kubernetes special interest and working groups
    2. Competition
      1. The value of bundling
      2. Docker Swarm
      3. Mesos/Mesosphere
      4. Cloud platforms
      5. AWS
      6. Azure
      7. Alibaba Cloud
        1. The Kubernetes momentum
      8. Community
      9. GitHub
      10. Conferences and meetups
      11. Mindshare
      12. Ecosystem
      13. Public cloud providers
        1. OpenShift
        2. OpenStack
        3. Other players
    3. Education and training
    4. Modularization and out-of-tree plugins
    5. Service meshes and serverless frameworks
      1. Service meshes
      2. Serverless frameworks
    6. Summary
  20. Other Books You May Enjoy
    1. Leave a review - let other readers know what you think