Mastering Kubernetes - Third Edition

Mastering Kubernetes - Third Edition

by Gigi Sayfan
Released June 2020
Publisher(s): Packt Publishing
ISBN: 9781839211256

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

Go beyond simply learning Kubernetes fundamentals and its deployment, and explore more advanced concepts, including serverless computing and service meshes with the latest updates

Key Features

  • Master Kubernetes architecture and design to build and deploy secure distributed applications
  • Learn advanced concepts like autoscaling, cluster federation, serverless computing, and service mesh integration for observability
  • Explore Kubernetes 1.18 features and its rich ecosystem of tools like Kubectl, Knative, and Helm

Book Description

The third edition of Mastering Kubernetes is updated with the latest tools and code enabling you to learn Kubernetes 1.18’s latest features. This book primarily concentrates on diving deeply into complex concepts and Kubernetes best practices to help you master the skills of designing and deploying large clusters on various cloud platforms.

The book trains you to run complex stateful microservices on Kubernetes including advanced features such as horizontal pod autoscaling, rolling updates, resource quotas, and persistent storage backend. With the two new chapters, you will gain expertise in serverless computing and utilizing service meshes.

As you proceed through the chapters, you will explore different options for network configuration and learn to set up, operate, and troubleshoot Kubernetes networking plugins through real-world use cases. Furthermore, you will understand the mechanisms of custom resource development and its utilization in automation and maintenance workflows.

By the end of this Kubernetes book, you will graduate from an intermediate to advanced Kubernetes professional.

What you will learn

  • Master the fundamentals of Kubernetes architecture and design
  • Build and run stateful applications and complex microservices on Kubernetes
  • Use tools like Kubectl, secrets, and Helm to manage resources and storage
  • Master Kubernetes Networking with load balancing options like Ingress
  • Achieve high-availability Kubernetes clusters
  • Improve Kubernetes observability with tools like Prometheus, Grafana, and Jaeger
  • Extend Kubernetes working with Kubernetes API, plugins, and webhooks

Who this book is for

If you are a system administrator or a cloud developer with working knowledge of Kubernetes and are keen to master its advanced features, along with learning everything from building microservices to utilizing service meshes, Mastering Kubernetes is for you. Basic familiarity with networking concepts will be helpful.

Table of contents

  1. Preface
    1. Who this book is for
    2. What this book covers
    3. To get the most out of this book
      1. Download the example code files
      2. Download the color images
      3. Conventions used
    4. Get in touch
      1. Reviews
  2. Understanding Kubernetes Architecture
    1. What is Kubernetes?
      1. What Kubernetes is not
      2. Understanding container orchestration
        1. Physical machines, virtual machines, and containers
        2. The benefits of containers
        3. Containers in the cloud
        4. Cattle versus pets
    2. Kubernetes concepts
      1. Clusters
      2. Nodes
      3. The master
      4. Pods
      5. Labels
      6. Annotations
      7. Label selectors
      8. Services
      9. Volume
      10. Replication controllers and replica sets
      11. StatefulSet
      12. Secrets
      13. Names
      14. Namespaces
    3. Diving into Kubernetes architecture in depth
      1. Distributed system design patterns
        1. The sidecar pattern
        2. The ambassador pattern
        3. The adapter pattern
        4. Multi-node patterns
      2. The Kubernetes APIs
        1. Resource categories
      3. Kubernetes components
        1. Master components
        2. Node components
    4. Kubernetes runtimes
      1. The container runtime interface (CRI)
      2. Docker
      3. rkt
        1. App container
      4. CRI-O
      5. Hyper containers
        1. Frakti
        2. Stackube
    5. Continuous integration and deployment
      1. What is a CI/CD pipeline?
      2. Designing a CI/CD pipeline for Kubernetes
    6. Summary
  3. Creating Kubernetes Clusters
    1. Overview
    2. Creating a single-node cluster with Minikube
      1. Meet kubectl
      2. Quick introduction to Minikube
      3. Getting ready
      4. On Windows
      5. On macOS
      6. Creating the cluster
      7. Troubleshooting
      8. Checking out the cluster
      9. Doing work
      10. Examining the cluster with the dashboard
    3. Creating a multi-node cluster with KinD
      1. Quick introduction to KinD
      2. Installing KinD
      3. Creating the cluster with KinD
      4. Doing work with KinD
      5. Accessing Kubernetes services locally though a proxy
    4. Creating a multi-node cluster with k3d
      1. Quick introduction to k3s and k3d
      2. Installing k3d
      3. Creating the cluster with k3d
    5. Comparing Minikube, KinD, and k3d
    6. Creating clusters in the cloud (GCP, AWS, Azure)
      1. The cloud-provider interface
      2. GCP
      3. AWS
        1. Kubernetes on EC2
        2. AWS EKS
        3. Fargate
      4. Azure
      5. Other cloud providers
        1. Once upon a time in China
        2. IBM Kubernetes Service
        3. Oracle Container Service
    7. Creating a bare-metal cluster from scratch
      1. Use cases for bare metal
      2. When should you consider creating a bare-metal cluster?
      3. Understanding the process
      4. Using virtual private cloud infrastructure
      5. Building your own cluster with Kubespray
      6. Building your cluster with KRIB
      7. Building your cluster with RKE
      8. Bootkube
    8. Summary
    9. References
  4. High Availability and Reliability
    1. High availability concepts
      1. Redundancy
      2. Hot swapping
      3. Leader election
      4. Smart load balancing
      5. Idempotency
      6. Self-healing
    2. High availability best practices
      1. Creating highly available clusters
      2. Making your nodes reliable
      3. Protecting your cluster state
        1. Clustering etcd
        2. Verifying the etcd cluster
      4. Protecting your data
      5. Running redundant API servers
      6. Running leader election with Kubernetes
      7. Making your staging environment highly available
      8. Testing high availability
    3. High availability, scalability, and capacity planning
      1. Installing the cluster autoscaler
      2. Considering the vertical pod autoscaler
    4. Live cluster updates
      1. Rolling updates
        1. Complex deployments
      2. Blue-green deployments
      3. Canary deployments
      4. Managing data-contract changes
      5. Migrating data
      6. Deprecating APIs
    5. Large cluster performance, cost, and design trade-offs
      1. Availability requirements
      2. Best effort
      3. Maintenance windows
      4. Quick recovery
      5. Zero downtime
      6. Site reliability engineering
      7. Performance and data consistency
    6. Summary
    7. References
  5. Securing Kubernetes
    1. Understanding Kubernetes security challenges
      1. Node challenges
      2. Network challenges
      3. Image challenges
      4. Configuration and deployment challenges
      5. Pod and container challenges
      6. Organizational, cultural, and process challenges
    2. Hardening Kubernetes
      1. Understanding service accounts in Kubernetes
        1. How does Kubernetes manage service accounts?
      2. Accessing the API server
        1. Authenticating users
        2. Authorizing requests
        3. Using admission control plugins
      3. Securing pods
        1. Using a private image repository
        2. ImagePullSecrets
        3. Specifying a security context
        4. Protecting your cluster with AppArmor
        5. Pod security policies
        6. Authorizing pod security policies via RBAC
      4. Managing network policies
        1. Choosing a supported networking solution
        2. Defining a network policy
        3. Limiting egress to external networks
        4. Cross-namespace policies
      5. Using secrets
        1. Storing secrets in Kubernetes
        2. Configuring encryption at rest
        3. Creating secrets
        4. Decoding secrets
        5. Using secrets in a container
    3. Running a multi-user cluster
      1. The case for a multi-user cluster
      2. Using namespaces for safe multi-tenancy
      3. Avoiding namespace pitfalls
    4. Summary
    5. References
  6. Using Kubernetes Resources in Practice
    1. Designing the Hue platform
      1. Defining the scope of Hue
        1. Smart reminders and notifications
        2. Security, identity, and privacy
        3. Hue components
        4. Hue microservices
      2. Planning workflows
        1. Automatic workflows
        2. Human workflows
        3. Budget-aware workflows
    2. Using Kubernetes to build the Hue platform
      1. Using kubectl effectively
      2. Understanding kubectl resource configuration files
        1. ApiVersion
        2. Kind
        3. Metadata
        4. Spec
      3. Deploying long-running microservices in pods
        1. Creating pods
        2. Decorating pods with labels
        3. Deploying long-running processes with deployments
        4. Updating a deployment
    3. Separating internal and external services
      1. Deploying an internal service
      2. Creating the Hue-reminders service
      3. Exposing a service externally
        1. Ingress
    4. Advanced scheduling
      1. Node selector
      2. Taints and tolerations
      3. Node affinity and anti-affinity
      4. Pod affinity and anti-affinity
    5. Using namespaces to limit access
    6. Using kustomization for hierarchical cluster structures
      1. Understanding the basics of kustomize
      2. Configuring the directory structure
      3. Applying kustomizations
        1. Patching
        2. Kustomizing the entire staging namespace
    7. Launching jobs
      1. Running jobs in parallel
      2. Cleaning up completed jobs
      3. Scheduling cron jobs
    8. Mixing non-cluster components
      1. Outside-the-cluster-network components
      2. Inside-the-cluster-network components
      3. Managing the Hue platform with Kubernetes
        1. Using liveness probes to ensure your containers are alive
      4. Using readiness probes to manage dependencies
      5. Employing init containers for orderly pod bring-up
      6. Pod readiness and readiness gates
      7. Sharing with DaemonSet pods
    9. Evolving the Hue platform with Kubernetes
      1. Utilizing Hue in an enterprise
      2. Advancing science with Hue
      3. Educating the kids of the future with Hue
    10. Summary
    11. References
  7. Managing Storage
    1. Persistent volumes walkthrough
      1. Volumes
        1. Using emptyDir for intra-pod communication
        2. Using HostPath for intra-node communication
        3. Using local volumes for durable node storage
        4. Provisioning persistent volumes
      2. Provisioning persistent volumes externally
      3. Creating persistent volumes
        1. Capacity
        2. Volume mode
        3. Access modes
        4. Reclaim policy
        5. Storage class
        6. Volume type
        7. Mount options
      4. Making persistent volume claims
      5. Mounting claims as volumes
      6. Raw block volumes
      7. Storage classes
        1. Default storage class
      8. Demonstrating persistent volume storage end to end
    2. Public cloud storage volume types – GCE, AWS, and Azure
      1. Amazon EBS
      2. Amazon EFS
      3. GCE persistent disk
      4. Azure data disk
      5. Azure Files
    3. GlusterFS and Ceph volumes in Kubernetes
      1. Using GlusterFS
        1. Creating endpoints
        2. Adding a GlusterFS Kubernetes service
        3. Creating pods
      2. Using Ceph
        1. Connecting to Ceph using RBD
        2. Connecting to Ceph using CephFS
    4. Flocker as a clustered container data volume manager
    5. Integrating enterprise storage into Kubernetes
      1. Rook – the new kid on the block
    6. Projecting volumes
    7. Using out-of-tree volume plugins with FlexVolume
    8. The Container Storage Interface
      1. Volume snapshotting and cloning
        1. Volume snapshots
        2. Volume cloning
    9. Summary
  8. Running Stateful Applications with Kubernetes
    1. Stateful versus stateless applications in Kubernetes
      1. Understanding the nature of distributed data-intensive apps
        1. Why manage state in Kubernetes?
        2. Why manage state outside of Kubernetes?
      2. Shared environment variables versus DNS records for discovery
        1. Accessing external data stores via DNS
        2. Accessing external data stores via environment variables
        3. Consuming a ConfigMap as an environment variable
        4. Using a redundant in-memory state
        5. Using DaemonSet for redundant persistent storage
        6. Applying persistent volume claims
        7. Utilizing StatefulSets
      3. Running a Cassandra cluster in Kubernetes
        1. Quick introduction to Cassandra
        2. The Cassandra Docker image
        3. Hooking up Kubernetes and Cassandra
        4. Creating a Cassandra headless service
        5. Using StatefulSets to create the Cassandra cluster
      4. Summary
  9. Deploying and Updating Applications
    1. Horizontal pod autoscaling
      1. Declaring an HPA
      2. Custom metrics
      3. Autoscaling with Kubectl
    2. Performing rolling updates with autoscaling
    3. Handling scarce resources with limits and quotas
      1. Enabling resource quotas
      2. Resource quota types
        1. Compute resource quota
        2. Storage resource quota
        3. Object count quota
      3. Quota scopes
      4. Resource quotas and priority classes
      5. Requests and limits
      6. Working with quotas
        1. Using namespace-specific context
        2. Creating quotas
        3. Using limit ranges for default compute quotas
    4. Choosing and managing the cluster capacity
      1. Choosing your node types
      2. Choosing your storage solutions
      3. Trading off cost and response time
      4. Using multiple node configurations effectively
      5. Benefiting from elastic cloud resources
        1. Autoscaling instances
        2. Mind your cloud quotas
        3. Manage regions carefully
      6. Considering container-native solutions
    5. Pushing the envelope with Kubernetes
      1. Improving the performance and scalability of Kubernetes
        1. Caching reads in the API server
        2. The pod lifecycle event generator
        3. Serializing API objects with protocol buffers
        4. etcd3
        5. Other optimizations
      2. Measuring the performance and scalability of Kubernetes
        1. The Kubernetes SLOs
        2. Measuring API responsiveness
        3. Measuring end-to-end pod startup time
      3. Testing Kubernetes at scale
        1. Introducing the Kubemark tool
        2. Setting up a Kubemark cluster
        3. Comparing a Kubemark cluster to a real-world cluster
    6. Summary
  10. Packaging Applications
    1. Understanding Helm
      1. The motivation for Helm
      2. The Helm 2 architecture
      3. Helm 2 components
        1. The Tiller server
        2. The Helm client
      4. Helm 3
    2. Using Helm
      1. Installing Helm
        1. Installing the Helm client
        2. Installing the Tiller server for Helm 2
      2. Finding charts
        1. Adding repositories
      3. Installing packages
        1. Checking the installation status
        2. Customizing a chart
        3. Additional installation options
        4. Upgrading and rolling back a release
        5. Deleting a release
      4. Working with repositories
      5. Managing charts with Helm
        1. Taking advantage of starter packs
    3. Creating your own charts
      1. The Chart.yaml file
        1. Versioning charts
        2. The appVersion field
        3. Deprecating charts
      2. Chart metadata files
      3. Managing chart dependencies
        1. Managing dependencies with requirements.yaml
        2. Utilizing special fields in requirements.yaml
      4. Using templates and values
        1. Writing template files
        2. Testing and troubleshooting your charts
        3. Embedding built-in objects
        4. Feeding values from a file
        5. Scope, dependencies, and values
    4. Summary
  11. Exploring Advanced Networking
    1. Understanding the Kubernetes networking model
      1. Intra-pod communication (container to container)
      2. Inter-pod communication (pod to pod)
      3. Pod-to-service communication
      4. External access
      5. Kubernetes networking versus Docker networking
      6. Lookup and discovery
        1. Self-registration
        2. Services and endpoints
        3. Loosely coupled connectivity with queues
        4. Loosely coupled connectivity with data stores
        5. Kubernetes ingress
      7. Kubernetes network plugins
        1. Basic Linux networking
        2. IP addresses and ports
        3. Network namespaces
        4. Subnets, netmasks, and CIDRs
        5. Virtual Ethernet devices
        6. Bridges
        7. Routing
        8. Maximum transmission unit
        9. Pod networking
        10. Kubenet
        11. Container networking interface
    2. Kubernetes networking solutions
      1. Bridging on bare metal clusters
      2. Contiv
      3. Open vSwitch
      4. Nuage networks VCS
      5. Flannel
      6. Calico
      7. Romana
      8. Weave Net
    3. Using network policies effectively
      1. Understanding the Kubernetes network policy design
      2. Network policies and CNI plugins
      3. Configuring network policies
      4. Implementing network policies
    4. Load balancing options
      1. External load balancer
        1. Configuring an external load balancer
        2. Finding the load balancer IP addresses
        3. Preserving client IP addresses
        4. Understanding even external load balancing
      2. Service load balancing
      3. Ingress
        1. HAProxy
        2. MetalLB
        3. Keepalived VIP
        4. Traefic
    5. Writing your own CNI plugin
      1. First look at the loopback plugin
        1. Building on the CNI plugin skeleton
        2. Reviewing the bridge plugin
    6. Summary
  12. Running Kubernetes on Multiple Clouds and Cluster Federation
    1. The history of cluster federation on Kubernetes
    2. Understanding cluster federation
      1. Important use cases for cluster federation
        1. Capacity overflow
        2. Sensitive workloads
        3. Avoiding vendor lock-in
        4. Geo-distributing high availability
      2. Learning the basics of Kubernetes federation
        1. Defining basic concepts
        2. Federation building blocks
        3. Federation features
      3. The KubeFed control plane
        1. The federation API server
        2. The federation controller manager
      4. The hard parts
        1. Federated unit of work
        2. Location affinity
        3. Cross-cluster scheduling
        4. Federated data access
        5. Federated auto-scaling
    3. Managing a Kubernetes Cluster Federation
      1. Installing kubefedctl
      2. Creating clusters
      3. Configuring the Host Cluster
      4. Registering clusters with the federation
      5. Working with federated API types
      6. Federating resources
        1. Federating an entire namespace
        2. Checking the status of federated resources
      7. Using overrides
      8. Using placement to control federation
      9. Debugging propagation failures
      10. Employing higher-order behavior
        1. Utilizing multi-cluster Ingress DNS
        2. Utilizing multi-cluster Service DNS
        3. Utilizing multi-cluster scheduling
    4. Introducing the Gardener project
      1. Understanding the terminology of Gardener
      2. Understanding the conceptual model of Gardener
      3. Diving into the Gardener architecture
      4. Managing cluster state
        1. Managing the control plane
        2. Preparing the infrastructure
        3. Using the Machine controller manager
        4. Networking across clusters
        5. Monitoring clusters
        6. The gardenctl CLI
      5. Extending Gardener
      6. Gardener ring
    5. Summary
  13. Serverless Computing on Kubernetes
    1. Understanding serverless computing
      1. Running long-running services on "serverless" infrastructure
      2. Running FaaS on "serverless" infrastructure
    2. Serverless Kubernetes in the cloud
      1. Don't forget the cluster autoscaler
      2. Azure AKS and Azure Container Instances
      3. AWS EKS and Fargate
      4. Google Cloud Run
    3. Knative
      1. Knative Serving
        1. The Knative Service object
        2. The Knative Route object
        3. The Knative Configuration object
        4. The Knative Revision object
      2. Knative Eventing
        1. Getting familiar with Knative Eventing terminology
        2. The architecture of Knative Eventing
      3. Taking Knative for a ride
        1. Installing Knative
        2. Deploying a Knative service
        3. Invoking a Knative service
        4. Checking the scale-to-zero option in Knative
    4. Kubernetes FaaS frameworks
      1. Fission
        1. Fission Workflows
        2. Experimenting with Fission
      2. Kubeless
        1. Kubeless architecture
        2. Playing with Kubeless
        3. Using the Kubeless UI
        4. Kubeless with the serverless framework
      3. Knative and riff
        1. Understanding riff runtimes
        2. Installing riff with Helm 2
    5. Summary
  14. Monitoring Kubernetes Clusters
    1. Understanding observability
      1. Logging
        1. Log format
        2. Log storage
        3. Log aggregation
      2. Metrics
      3. Distributed tracing
      4. Application error reporting
      5. Dashboards and visualization
      6. Alerting
    2. Logging with Kubernetes
      1. Container logs
      2. Kubernetes component logs
      3. Centralized logging
        1. Choosing a log collection strategy
        2. Cluster-level central logging
        3. Remote central logging
        4. Dealing with sensitive log information
      4. Using Fluentd for log collection
    3. Collecting metrics with Kubernetes
      1. Monitoring with the metrics server
      2. Exploring your cluster with the Kubernetes dashboard
      3. The rise of Prometheus
        1. Installing Prometheus
        2. Interacting with Prometheus
        3. Incorporating kube-state-metrics
        4. Utilizing the node exporter
        5. Incorporating custom metrics
        6. Alerting with Alertmanager
        7. Visualizing your metrics with Grafana
        8. Considering Loki
    4. Distributed tracing with Jaeger
      1. What is OpenTracing?
        1. OpenTracing concepts
      2. Introducing Jaeger
        1. Jaeger architecture
      3. Installing Jaeger
    5. Troubleshooting problems
      1. Taking advantage of staging environments
      2. Detecting problems at the node level
        1. Problem daemons
      3. Dashboards versus alerts
      4. Logs versus metrics versus error reports
      5. Detecting performance and root cause with distributed tracing
    6. Summary
  15. Utilizing Service Meshes
    1. What is a service mesh?
      1. Control plane and data plane
    2. Choosing a service mesh
      1. Envoy
      2. Linkerd 2
      3. Kuma
      4. AWS App Mesh
      5. Maesh
      6. Istio
    3. Incorporating Istio into your Kubernetes cluster
      1. Understanding the Istio architecture
        1. Envoy
        2. Pilot
        3. Mixer
        4. Citadel
        5. Galley
      2. Preparing a minikube cluster for Istio
      3. Installing Istio
      4. Installing Bookinfo
      5. Traffic management
      6. Security
        1. Istio identity
        2. Istio PKI
        3. Istio authentication
        4. Istio authorization
      7. Policies
      8. Monitoring and observability
        1. Logs
        2. Metrics
        3. Distributed tracing
        4. Visualizing your service mesh with Kiali
    4. Summary
  16. Extending Kubernetes
    1. Working with the Kubernetes API
      1. Understanding OpenAPI
      2. Setting up a proxy
      3. Exploring the Kubernetes API directly
        1. Using Postman to explore the Kubernetes API
        2. Filtering the output with HTTPie and jq
      4. Creating a pod via the Kubernetes API
      5. Accessing the Kubernetes API via the Python client
        1. Dissecting the CoreV1API group
        2. Listing objects
        3. Creating objects
        4. Watching objects
        5. Invoking Kubectl programmatically
        6. Using Python subprocesses to run Kubectl
    2. Extending the Kubernetes API
      1. Understanding Kubernetes extension points and patterns
        1. Extending Kubernetes with plugins
        2. Extending Kubernetes with the cloud controller manager
        3. Extending Kubernetes with webhooks
        4. Extending Kubernetes with controllers and operators
        5. Extending Kubernetes scheduling
        6. Extending Kubernetes with custom container runtimes
      2. Introducing custom resources
      3. Developing custom resource definitions
      4. Integrating custom resources
        1. Dealing with unknown fields
        2. Finalizing custom resources
        3. Adding custom printer columns
      5. Understanding API server aggregation
      6. Utilizing the service catalog
    3. Writing Kubernetes plugins
      1. Writing a custom scheduler
        1. Understanding the design of the Kubernetes scheduler
        2. Scheduling pods manually
        3. Preparing our own scheduler
        4. Assigning pods to the custom scheduler
        5. Verifying that the pods were scheduled using the correct scheduler
      2. Writing Kubectl plugins
        1. Understanding Kubectl plugins
        2. Managing Kubectl plugins with Krew
        3. Creating your own Kubectl plugin
        4. Kubectl plugin gotchas
        5. Don't forget your shebangs!
        6. Naming
        7. Overriding existing Kubectl commands
        8. Flat namespace for Krew plugins
    4. Employing access control webhooks
      1. Using an authentication webhook
      2. Using an authorization webhook
      3. Using an admission control webhook
        1. Configuring a webhook admission controller on the fly
      4. Providing custom metrics for horizontal pod autoscaling
      5. Extending Kubernetes with custom storage
    5. Summary
  17. The Future of Kubernetes
    1. The Kubernetes momentum
      1. The importance of the CNCF
        1. Project curation
        2. Certification
        3. Training
        4. Community and education
      2. Tooling
    2. The rise of managed Kubernetes platforms
      1. Public cloud Kubernetes platforms
      2. Bare-metal, private clouds, and Kubernetes on the edge
      3. Kubernetes Platform as a Service (PaaS)
    3. Upcoming trends
      1. Security
      2. Networking
      3. Custom hardware and devices
      4. Service mesh
      5. Serverless computing
      6. Kubernetes on the Edge
      7. Native CI/CD
      8. Operators
    4. Summary
    5. References
  18. Other Books You May Enjoy
  19. Index

Product information

  • Title: Mastering Kubernetes - Third Edition
  • Author(s): Gigi Sayfan
  • Release date: June 2020
  • Publisher(s): Packt Publishing
  • ISBN: 9781839211256