Mastering Kubernetes - Fourth Edition

Mastering Kubernetes - Fourth Edition

by Gigi Sayfan
Released June 2023
Publisher(s): Packt Publishing
ISBN: 9781804611395

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

Go beyond the basics of Kubernetes and explore more advanced concepts, including Kubernetes in production, governance, serverless computing, and service meshes. Purchase of the print or Kindle book includes a free eBook in PDF format.

Key Features

  • Master Kubernetes architecture and design to build, deploy, and secure large-scale distributed systems
  • Learn advanced concepts like autoscaling, multi-cluster management, serverless computing, service meshes and policy engines
  • Explore Kubernetes 1.25 and its rich ecosystem of tools like Kubectl, Krew, K9s, Lens, and Helm

Book Description

The fourth edition of the bestseller Mastering Kubernetes includes the most recent tools and code to enable you to learn the latest features of Kubernetes 1.25. This book contains a thorough exploration of complex concepts and best practices to help you master the skills of designing and deploying large-scale distributed systems on Kubernetes clusters.

You’ll learn how to run complex stateless and stateful microservices on Kubernetes, including advanced features such as horizontal pod autoscaling, rolling updates, resource quotas, and persistent storage backends. In addition, you’ll understand how to utilize serverless computing and service meshes.

Further, two new chapters have been added. “Governing Kubernetes” covers the problem of policy management, how admission control addresses it, and how policy engines provide a powerful governance solution. “Running Kubernetes in Production” shows you what it takes to run Kubernetes at scale across multiple cloud providers, multiple geographical regions, and multiple clusters, and it also explains how to handle topics such as upgrades, capacity planning, dealing with cloud provider limits/quotas, and cost management.

By the end of this Kubernetes book, you’ll have a strong understanding of, and hands-on experience with, a wide range of Kubernetes capabilities.

What you will learn

  • Learn how to govern Kubernetes using policy engines
  • Learn what it takes to run Kubernetes in production and at scale
  • Build and run stateful applications and complex microservices
  • Master Kubernetes networking with services, Ingress objects, load balancers, and service meshes
  • Achieve high availability for your Kubernetes clusters
  • Improve Kubernetes observability with tools such as Prometheus, Grafana, and Jaeger
  • Extend Kubernetes with the Kubernetes API, plugins, and webhooks

Who this book is for

If you're a system administrator or cloud developer who wants to become comfortable with Kubernetes and would like to master its advanced features, then this book is for you. Software and DevOps engineers with a working knowledge of Kubernetes, as well as technical managers of Kubernetes-based systems, will also find this book useful. Those deciding on whether to migrate to Kubernetes and are curious about its inner workings will find plenty of answers here as well. Basic familiarity with networking concepts will prove beneficial.

Table of contents

  1. Preface
    1. Who this book is for
    2. What this book covers
    3. To get the most out of this book
    4. Get in touch
  2. Understanding Kubernetes Architecture
    1. What is Kubernetes?
    2. What Kubernetes is not
    3. Understanding container orchestration
      1. Physical machines, virtual machines, and containers
      2. The benefits of containers
      3. Containers in the cloud
      4. Cattle versus pets
    4. Kubernetes concepts
      1. Node
      2. Cluster
      3. Control plane
      4. Pod
      5. Label
      6. Label selector
      7. Annotation
      8. Service
      9. Volume
      10. Replication controller and replica set
      11. StatefulSet
      12. Secret
      13. Name
      14. Namespace
    5. Diving into Kubernetes architecture in depth
      1. Distributed systems design patterns
        1. Sidecar pattern
        2. Ambassador pattern
        3. Adapter pattern
        4. Multi-node patterns
        5. Level-triggered infrastructure and reconciliation
      2. The Kubernetes APIs
        1. Resource categories
      3. Kubernetes components
        1. Control plane components
        2. Node components
    6. Kubernetes container runtimes
      1. The Container Runtime Interface (CRI)
      2. Docker
      3. containerd
      4. CRI-O
      5. Lightweight VMs
    7. Summary
  3. Creating Kubernetes Clusters
    1. Getting ready for your first cluster
      1. Installing Rancher Desktop
        1. Installation on macOS
        2. Installation on Windows
        3. Additional installation methods
      2. Meet kubectl
      3. Kubectl alternatives – K9S, KUI, and Lens
        1. K9S
        2. KUI
        3. Lens
    2. Creating a single-node cluster with Minikube
      1. Quick introduction to Minikube
      2. Installing Minikube
        1. Installing Minikube on Windows
        2. Installing Minikube on macOS
        3. Troubleshooting the Minikube installation
      3. Checking out the cluster
      4. Doing work
      5. Examining the cluster with the dashboard
    3. Creating a multi-node cluster with KinD
      1. Quick introduction to KinD
      2. Installing KinD
      3. Dealing with Docker contexts
      4. Creating a cluster with KinD
      5. Doing work with KinD
      6. Accessing Kubernetes services locally through a proxy
    4. Creating a multi-node cluster with k3d
      1. Quick introduction to k3s and k3d
      2. Installing k3d
      3. Creating the cluster with k3d
    5. Comparing Minikube, KinD, and k3d
      1. Honorable mention – Rancher Desktop Kubernetes cluster
    6. Creating clusters in the cloud (GCP, AWS, Azure, and Digital Ocean)
      1. The cloud-provider interface
      2. Creating Kubernetes clusters in the cloud
      3. GCP
        1. GKE Autopilot
      4. AWS
        1. Kubernetes on EC2
        2. Amazon EKS
        3. Fargate
      5. Azure
      6. Digital Ocean
      7. Other cloud providers
        1. Once upon a time in China
        2. IBM Kubernetes service
        3. Oracle Container Service
    7. Creating a bare-metal cluster from scratch
      1. Use cases for bare metal
      2. When should you consider creating a bare-metal cluster?
      3. Understanding the process
      4. Using the Cluster API for managing bare-metal clusters
      5. Using virtual private cloud infrastructure
      6. Building your own cluster with Kubespray
      7. Building your cluster with Rancher RKE
      8. Running managed Kubernetes on bare metal or VMs
        1. GKE Anthos
        2. EKS Anywhere
        3. AKS Arc
    8. Summary
  4. High Availability and Reliability
    1. High availability concepts
      1. Redundancy
      2. Hot swapping
      3. Leader election
      4. Smart load balancing
      5. Idempotency
      6. Self-healing
    2. High availability best practices
      1. Creating highly available clusters
      2. Making your nodes reliable
      3. Protecting your cluster state
        1. Clustering etcd
      4. Protecting your data
      5. Running redundant API servers
      6. Running leader election with Kubernetes
      7. Making your staging environment highly available
      8. Testing high availability
    3. High availability, scalability, and capacity planning
      1. Installing the cluster autoscaler
      2. Considering the vertical pod autoscaler
      3. Autoscaling based on custom metrics
    4. Large cluster performance, cost, and design trade-offs
      1. Best effort
      2. Maintenance windows
      3. Quick recovery
      4. Zero downtime
      5. Site reliability engineering
      6. Performance and data consistency
    5. Choosing and managing the cluster capacity
      1. Choosing your node types
      2. Choosing your storage solutions
      3. Trading off cost and response time
      4. Using multiple node configurations effectively
      5. Benefiting from elastic cloud resources
        1. Autoscaling instances
        2. Mind your cloud quotas
        3. Manage regions carefully
        4. Considering container-native solutions
    6. Pushing the envelope with Kubernetes
      1. Improving the performance and scalability of Kubernetes
      2. Caching reads in the API server
      3. The pod lifecycle event generator
      4. Serializing API objects with protocol buffers
      5. etcd3
        1. gRPC instead of REST
        2. Leases instead of TTLs
        3. Watch implementation
        4. State storage
      6. Other optimizations
      7. Measuring the performance and scalability of Kubernetes
        1. The Kubernetes SLOs
        2. Measuring API responsiveness
        3. Measuring end-to-end pod startup time
    7. Testing Kubernetes at scale
      1. Introducing the Kubemark tool
        1. Setting up a Kubemark cluster
        2. Comparing a Kubemark cluster to a real-world cluster
    8. Summary
  5. Securing Kubernetes
    1. Understanding Kubernetes security challenges
      1. Node challenges
      2. Network challenges
      3. Image challenges
      4. Configuration and deployment challenges
      5. Pod and container challenges
      6. Organizational, cultural, and process challenges
    2. Hardening Kubernetes
      1. Understanding service accounts in Kubernetes
        1. How does Kubernetes manage service accounts?
      2. Accessing the API server
        1. Authenticating users
        2. Impersonation
        3. Authorizing requests
        4. Using admission control plugins
      3. Securing pods
        1. Using a private image repository
        2. ImagePullSecrets
        3. Specifying a security context for pods and containers
        4. Pod security standards
        5. Protecting your cluster with AppArmor
      4. Writing AppArmor profiles
      5. Pod Security Admission
      6. Managing network policies
        1. Choosing a supported networking solution
        2. Defining a network policy
        3. Limiting egress to external networks
        4. Cross-namespace policies
        5. The costs of network policies
      7. Using secrets
        1. Storing secrets in Kubernetes
        2. Configuring encryption at rest
        3. Creating secrets
        4. Decoding secrets
      8. Using secrets in a container
      9. Managing secrets with Vault
    3. Running a multi-tenant cluster
      1. The case for multi-tenant clusters
      2. Using namespaces for safe multi-tenancy
      3. Avoiding namespace pitfalls
      4. Using virtual clusters for strong multi-tenancy
    4. Summary
  6. Using Kubernetes Resources in Practice
    1. Designing the Hue platform
      1. Defining the scope of Hue
        1. Smart reminders and notifications
        2. Security, identity, and privacy
      2. Hue components
        1. User profile
        2. User graph
        3. Identity
        4. Authorizer
        5. External services
        6. Generic sensor
        7. Generic actuator
        8. User learner
        9. Hue microservices
        10. Plugins
        11. Data stores
        12. Stateless microservices
        13. Serverless functions
        14. Event-driven interactions
      3. Planning workflows
        1. Automatic workflows
        2. Human workflows
        3. Budget-aware workflows
    2. Using Kubernetes to build the Hue platform
      1. Using kubectl effectively
      2. Understanding kubectl manifest files
        1. apiVersion
        2. kind
        3. metadata
        4. spec
      3. Deploying long-running microservices in pods
        1. Creating pods
        2. Decorating pods with labels
        3. Deploying long-running processes with deployments
        4. Updating a deployment
    3. Separating internal and external services
      1. Deploying an internal service
      2. Creating the hue-reminders service
      3. Exposing a service externally
        1. Ingress
    4. Advanced scheduling
      1. Node selector
      2. Taints and tolerations
      3. Node affinity and anti-affinity
      4. Pod affinity and anti-affinity
      5. Pod topology spread constraints
      6. The descheduler
    5. Using namespaces to limit access
    6. Using Kustomization for hierarchical cluster structures
      1. Understanding the basics of Kustomize
      2. Configuring the directory structure
      3. Applying Kustomizations
        1. Patching
        2. Kustomizing the entire staging namespace
    7. Launching jobs
      1. Running jobs in parallel
      2. Cleaning up completed jobs
      3. Scheduling cron jobs
    8. Mixing non-cluster components
      1. Outside-the-cluster-network components
      2. Inside-the-cluster-network components
      3. Managing the Hue platform with Kubernetes
      4. Using liveness probes to ensure your containers are alive
      5. Using readiness probes to manage dependencies
      6. Using startup probes
      7. Employing init containers for orderly pod bring-up
      8. Pod readiness and readiness gates
      9. Sharing with DaemonSet pods
    9. Evolving the Hue platform with Kubernetes
      1. Utilizing Hue in an enterprise
      2. Advancing science with Hue
      3. Educating the kids of the future with Hue
    10. Summary
  7. Managing Storage
    1. Persistent volumes walk-through
      1. Understanding volumes
        1. Using emptyDir for intra-pod communication
        2. Using HostPath for intra-node communication
        3. Using local volumes for durable node storage
        4. Provisioning persistent volumes
      2. Creating persistent volumes
        1. Capacity
        2. Volume mode
        3. Access modes
        4. Reclaim policy
        5. Storage class
        6. Volume type
        7. Mount options
      3. Projected volumes
        1. serviceAccountToken projected volumes
      4. Creating a local volume
      5. Making persistent volume claims
      6. Mounting claims as volumes
      7. Raw block volumes
      8. CSI ephemeral volumes
      9. Generic ephemeral volumes
      10. Storage classes
        1. Default storage class
    2. Demonstrating persistent volume storage end to end
    3. Public cloud storage volume types – GCE, AWS, and Azure
      1. AWS Elastic Block Store (EBS)
      2. AWS Elastic File System (EFS)
      3. GCE persistent disk
      4. Google Cloud Filestore
      5. Azure data disk
      6. Azure file
    4. GlusterFS and Ceph volumes in Kubernetes
      1. Using GlusterFS
        1. Creating endpoints
        2. Adding a GlusterFS Kubernetes service
        3. Creating pods
      2. Using Ceph
        1. Connecting to Ceph using RBD
      3. Rook
    5. Integrating enterprise storage into Kubernetes
      1. Other storage providers
    6. The Container Storage Interface
      1. Advanced storage features
        1. Volume snapshots
        2. CSI volume cloning
        3. Storage capacity tracking
        4. Volume health monitoring
    7. Summary
  8. Running Stateful Applications with Kubernetes
    1. Stateful versus stateless applications in Kubernetes
      1. Understanding the nature of distributed data-intensive apps
      2. Why manage the state in Kubernetes?
      3. Why manage the state outside of Kubernetes?
      4. Shared environment variables versus DNS records for discovery
        1. Accessing external data stores via DNS
        2. Accessing external data stores via environment variables
        3. Consuming a ConfigMap as an environment variable
        4. Using a redundant in-memory state
        5. Using DaemonSet for redundant persistent storage
        6. Applying persistent volume claims
        7. Utilizing StatefulSet
        8. Working with StatefulSets
    2. Running a Cassandra cluster in Kubernetes
      1. A quick introduction to Cassandra
      2. The Cassandra Docker image
        1. Exploring the build.sh script
        2. Exploring the run.sh script
      3. Hooking up Kubernetes and Cassandra
        1. Digging into the Cassandra configuration file
        2. The custom seed provider
      4. Creating a Cassandra headless service
      5. Using StatefulSet to create the Cassandra cluster
        1. Dissecting the StatefulSet YAML file
    3. Summary
  9. Deploying and Updating Applications
    1. Live cluster updates
      1. Rolling updates
        1. Complex deployments
      2. Blue-green deployments
      3. Canary deployments
      4. Managing data-contract changes
      5. Migrating data
      6. Deprecating APIs
    2. Horizontal pod autoscaling
      1. Creating a horizontal pod autoscaler
      2. Custom metrics
        1. Keda
      3. Autoscaling with kubectl
      4. Performing rolling updates with autoscaling
    3. Handling scarce resources with limits and quotas
      1. Enabling resource quotas
      2. Resource quota types
        1. Compute resource quota
        2. Storage resource quota
        3. Object count quota
      3. Quota scopes
      4. Resource quotas and priority classes
      5. Requests and limits
      6. Working with quotas
        1. Using namespace-specific context
        2. Creating quotas
        3. Using limit ranges for default compute quotas
    4. Continuous integration and deployment
      1. What is a CI/CD pipeline?
      2. Designing a CI/CD pipeline for Kubernetes
    5. Provisioning infrastructure for your applications
      1. Cloud provider APIs and tooling
      2. Terraform
      3. Pulumi
      4. Custom operators
      5. Using Crossplane
    6. Summary
  10. Packaging Applications
    1. Understanding Helm
      1. The motivation for Helm
      2. The Helm 3 architecture
        1. Helm release secrets
        2. The Helm client
        3. The Helm library
      3. Helm 2 vs Helm 3
    2. Using Helm
      1. Installing Helm
        1. Installing the Helm client
      2. Finding charts
        1. Adding repositories
      3. Installing packages
        1. Checking the installation status
        2. Customizing a chart
        3. Additional installation options
        4. Upgrading and rolling back a release
        5. Deleting a release
      4. Working with repositories
      5. Managing charts with Helm
        1. Taking advantage of starter packs
    3. Creating your own charts
      1. The Chart.yaml file
        1. Versioning charts
        2. The appVersion field
        3. Deprecating charts
      2. Chart metadata files
      3. Managing chart dependencies
        1. Utilizing additional subfields of the dependencies field
      4. Using templates and values
        1. Writing template files
        2. Testing and troubleshooting your charts
        3. Embedding built-in objects
        4. Feeding values from a file
    4. Helm alternatives
      1. Kustomize
      2. Cue
      3. kapp-controller
    5. Summary
  11. Exploring Kubernetes Networking
    1. Understanding the Kubernetes networking model
      1. Intra-pod communication (container to container)
      2. Inter-pod communication (pod to pod)
      3. Pod-to-service communication
      4. Lookup and discovery
        1. Self-registration
        2. Services and endpoints
        3. Loosely coupled connectivity with queues
        4. Loosely coupled connectivity with data stores
        5. Kubernetes ingress
      5. DNS in Kubernetes
        1. CoreDNS
    2. Kubernetes network plugins
      1. Basic Linux networking
        1. IP addresses and ports
        2. Network namespaces
        3. Subnets, netmasks, and CIDRs
        4. Virtual Ethernet devices
        5. Bridges
        6. Routing
        7. Maximum transmission unit
        8. Pod networking
      2. Kubenet
        1. Requirements
        2. Setting the MTU
      3. The CNI
        1. The container runtime
        2. The CNI plugin
    3. Kubernetes and eBPF
    4. Kubernetes networking solutions
      1. Bridging on bare-metal clusters
      2. The Calico project
      3. Weave Net
      4. Cilium
        1. Efficient IP allocation and routing
        2. Identity-based service-to-service communication
        3. Load balancing
        4. Bandwidth management
        5. Observability
    5. Using network policies effectively
      1. Understanding the Kubernetes network policy design
      2. Network policies and CNI plugins
      3. Configuring network policies
      4. Implementing network policies
    6. Load balancing options
      1. External load balancers
        1. Configuring an external load balancer
        2. Finding the load balancer IP addresses
        3. Preserving client IP addresses
        4. Understanding even external load balancing
      2. Service load balancers
      3. Ingress
        1. HAProxy
        2. MetalLB
        3. Traefik
      4. Kubernetes Gateway API
        1. Gateway API resources
        2. Attaching routes to gateways
        3. Gateway API in action
    7. Writing your own CNI plugin
      1. First look at the loopback plugin
        1. Building on the CNI plugin skeleton
        2. Reviewing the bridge plugin
    8. Summary
  12. Running Kubernetes on Multiple Clusters
    1. Stretched Kubernetes clusters versus multi-cluster Kubernetes
      1. Understanding stretched Kubernetes clusters
        1. Pros of a stretched cluster
        2. Cons of a stretched cluster
      2. Understanding multi-cluster Kubernetes
        1. Pros of multi-cluster Kubernetes
        2. Cons of multi-cluster Kubernetes
    2. The history of cluster federation in Kubernetes
    3. Cluster API
      1. Cluster API architecture
      2. Management cluster
      3. Work cluster
      4. Bootstrap provider
      5. Infrastructure provider
      6. Control plane
      7. Custom resources
    4. Karmada
      1. Karmada architecture
      2. Karmada concepts
        1. ResourceTemplate
        2. PropagationPolicy
        3. OverridePolicy
      3. Additional capabilities
    5. Clusternet
      1. Clusternet architecture
        1. Clusternet hub
        2. Clusternet scheduler
        3. Clusternet agent
      2. Multi-cluster deployment
    6. Clusterpedia
      1. Clusterpedia architecture
        1. Clusterpedia API server
        2. ClusterSynchro manager
        3. Storage layer
        4. Storage component
      2. Importing clusters
      3. Advanced multi-cluster search
      4. Resource collections
    7. Open Cluster Management
      1. OCM architecture
      2. OCM cluster lifecycle
      3. OCM application lifecycle
      4. OCM governance, risk, and compliance
    8. Virtual Kubelet
      1. Tensile-kube
      2. Admiralty
      3. Liqo
    9. Introducing the Gardener project
      1. Understanding the terminology of Gardener
      2. Understanding the conceptual model of Gardener
      3. Diving into the Gardener architecture
        1. Managing the cluster state
        2. Managing the control plane
        3. Preparing the infrastructure
        4. Using the Machine controller manager
        5. Networking across clusters
        6. Monitoring clusters
        7. The gardenctl CLI
      4. Extending Gardener
    10. Summary
  13. Serverless Computing on Kubernetes
    1. Understanding serverless computing
      1. Running long-running services on “serverless” infrastructure
      2. Running functions as a service on “serverless” infrastructure
    2. Serverless Kubernetes in the cloud
      1. Azure AKS and Azure Container Instances
      2. AWS EKS and Fargate
      3. Google Cloud Run
    3. Knative
      1. Knative serving
        1. Install a quickstart environment
        2. The Knative Service object
        3. Creating new revisions
        4. The Knative Route object
        5. The Knative Configuration object
      2. Knative eventing
        1. Getting familiar with Knative eventing terminology
        2. The architecture of Knative eventing
      3. Checking the scale to zero option of Knative
    4. Kubernetes Function-as-a-Service frameworks
      1. OpenFaaS
        1. Delivery pipeline
        2. OpenFaaS features
        3. OpenFaaS architecture
        4. Taking OpenFaaS for a ride
      2. Fission
        1. Fission executor
        2. Fission workflows
        3. Experimenting with Fission
    5. Summary
  14. Monitoring Kubernetes Clusters
    1. Understanding observability
      1. Logging
        1. Log format
        2. Log storage
        3. Log aggregation
      2. Metrics
      3. Distributed tracing
      4. Application error reporting
      5. Dashboards and visualization
      6. Alerting
    2. Logging with Kubernetes
      1. Container logs
      2. Kubernetes component logs
      3. Centralized logging
        1. Choosing a log collection strategy
        2. Cluster-level central logging
        3. Remote central logging
        4. Dealing with sensitive log information
      4. Using Fluentd for log collection
    3. Collecting metrics with Kubernetes
      1. Monitoring with the Metrics Server
      2. The rise of Prometheus
        1. Installing Prometheus
        2. Interacting with Prometheus
        3. Incorporating kube-state-metrics
        4. Utilizing the node exporter
        5. Incorporating custom metrics
        6. Alerting with Alertmanager
      3. Visualizing your metrics with Grafana
        1. Considering Loki
    4. Distributed tracing with Kubernetes
      1. What is OpenTelemetry?
        1. OpenTelemetry tracing concepts
      2. Introducing Jaeger
        1. Jaeger architecture
      3. Installing Jaeger
    5. Troubleshooting problems
      1. Taking advantage of staging environments
      2. Detecting problems at the node level
        1. Problem daemons
      3. Dashboards vs. alerts
      4. Logs vs metrics vs. error reports
      5. Detecting performance and root cause with distributed tracing
    6. Summary
  15. Utilizing Service Meshes
    1. What is a service mesh?
    2. Choosing a service mesh
      1. Envoy
      2. Linkerd 2
      3. Kuma
      4. AWS App Mesh
      5. Mæsh
      6. Istio
      7. OSM (Open Service Mesh)
      8. Cilium Service Mesh
    3. Understanding the Istio architecture
      1. Envoy
        1. Pilot
        2. Citadel
        3. Galley
    4. Incorporating Istio into your Kubernetes cluster
      1. Preparing a minikube cluster for Istio
      2. Installing Istio
      3. Installing BookInfo
    5. Working with Istio
      1. Traffic management
      2. Security
        1. Istio identity
        2. Istio certificate management
        3. Istio authentication
        4. Istio authorization
      3. Monitoring and observability
        1. Istio access logs
        2. Metrics
        3. Distributed tracing
        4. Visualizing your service mesh with Kiali
    6. Summary
  16. Extending Kubernetes
    1. Working with the Kubernetes API
      1. Understanding OpenAPI
      2. Setting up a proxy
      3. Exploring the Kubernetes API directly
        1. Using Postman to explore the Kubernetes API
        2. Filtering the output with HTTPie and jq
      4. Accessing the Kubernetes API via the Python client
        1. Dissecting the CoreV1Api group
        2. Listing objects
        3. Creating objects
        4. Watching objects
      5. Creating a pod via the Kubernetes API
      6. Controlling Kubernetes using Go and controller-runtime
        1. Using controller-runtime via go-k8s
        2. Invoking kubectl programmatically from Python and Go
        3. Using Python subprocess to run kubectl
    2. Extending the Kubernetes API
      1. Understanding Kubernetes extension points and patterns
        1. Extending Kubernetes with plugins
        2. Extending Kubernetes with the cloud controller manager
        3. Extending Kubernetes with webhooks
        4. Extending Kubernetes with controllers and operators
        5. Extending Kubernetes scheduling
        6. Extending Kubernetes with custom container runtimes
      2. Introducing custom resources
      3. Developing custom resource definitions
      4. Integrating custom resources
        1. Dealing with unknown fields
        2. Finalizing custom resources
        3. Adding custom printer columns
      5. Understanding API server aggregation
      6. Building Kubernetes-like control planes
    3. Writing Kubernetes plugins
      1. Writing a custom scheduler
        1. Understanding the design of the Kubernetes scheduler
        2. Scheduling pods manually
        3. Preparing our own scheduler
        4. Assigning pods to the custom scheduler
      2. Writing kubectl plugins
        1. Understanding kubectl plugins
        2. Managing kubectl plugins with Krew
        3. Creating your own kubectl plugin
    4. Employing access control webhooks
      1. Using an authentication webhook
      2. Using an authorization webhook
      3. Using an admission control webhook
        1. Configuring a webhook admission controller on the fly
    5. Additional extension points
      1. Providing custom metrics for horizontal pod autoscaling
      2. Extending Kubernetes with custom storage
    6. Summary
  17. Governing Kubernetes
    1. Kubernetes in the enterprise
      1. Requirements of enterprise software
      2. Kubernetes and enterprise software
    2. What is Kubernetes governance?
      1. Image management
      2. Pod security
      3. Network policy
      4. Configuration constraints
      5. RBAC and admission control
      6. Policy management
      7. Policy validation and enforcement
      8. Reporting
      9. Audit
    3. Policy engines
      1. Admission control as the foundation of policy engines
      2. Responsibilities of a policy engine
      3. Quick review of open source policy engines
        1. OPA/Gatekeeper
        2. Kyverno
        3. jsPolicy
        4. Kubewarden
    4. Kyverno deep dive
      1. Quick intro to Kyverno
      2. Installing and configuring Kyverno
        1. Installing pod security policies
        2. Configuring Kyverno
      3. Applying Kyverno policies
      4. Kyverno policies in depth
        1. Understanding policy settings
        2. Understanding Kyverno policy rules
        3. Validating requests
        4. Mutating resources
        5. Generating resources
        6. Advanced policy rules
      5. Writing and testing Kyverno policies
        1. Writing validating policies
        2. Writing mutating policies
        3. Writing generating policies
      6. Testing policies
        1. The Kyverno CLI
        2. Understanding Kyverno tests
        3. Writing Kyverno tests
        4. Running Kyverno tests
      7. Viewing Kyverno reports
    5. Summary
  18. Running Kubernetes in Production
    1. Understanding Managed Kubernetes in the cloud
      1. Deep integration
      2. Quotas and limits
        1. Real-world examples of quotas and limits
        2. Capacity planning
      3. When should you not use Managed Kubernetes?
    2. Managing multiple clusters
      1. Geo-distributed clusters
      2. Multi-cloud
      3. Hybrid
      4. Kubernetes on the edge
    3. Building effective processes for large-scale Kubernetes deployments
      1. The development lifecycle
      2. Environments
        1. Separated environments
        2. Staging environment fidelity
        3. Resource quotas
        4. Promotion process
      3. Permissions and access control
        1. The principle of least privilege
        2. Assign permissions to groups
        3. Fine-tune your permission model
        4. Break glass
      4. Observability
        1. One-stop shop observability
        2. Troubleshooting your observability stack
    4. Handling infrastructure at scale
      1. Cloud-level considerations
      2. Compute
        1. Design your cluster breakdown
        2. Design your node pool breakdown
      3. Networking
        1. IP address space management
        2. Network topology
        3. Network segmentation
        4. Cross-cluster communication
        5. Cross-cloud communication
        6. Cross-cluster service meshes
        7. Managing egress at scale
        8. Managing the DNS at the cluster level
      4. Storage
        1. Choose the right storage solutions
        2. Data backup and recovery
        3. Storage monitoring
        4. Data security
        5. Optimize storage usage
        6. Test and validate storage performance
    5. Managing clusters and node pools
      1. Provisioning managed clusters and node pools
        1. The Cluster API
        2. Terraform/Pulumi
        3. Kubernetes operators
      2. Utilizing managed nodes
    6. Bin packing and utilization
      1. Understanding workload shape
      2. Setting requests and limits
      3. Utilizing init containers
      4. Shared nodes vs. dedicated nodes
      5. Large nodes vs, small nodes
      6. Small and short-lived workloads
      7. Pod density
      8. Fallback node pools
    7. Upgrading Kubernetes
      1. Know the lifecycle of your cloud provider
      2. Upgrading clusters
        1. Planning an upgrade
        2. Detecting incompatible resources
        3. Updating incompatible resources
        4. Dealing with removed features
      3. Upgrading node pools
        1. Syncing with control plane upgrades
        2. How to perform node pool upgrades
        3. Concurrent draining
        4. Dealing with workloads with no PDB
        5. Dealing with workloads with PDB zero
    8. Troubleshooting
      1. Handling pending pods
      2. Handling scheduled pods that are not running
      3. Handling running pods that are not ready
    9. Cost management
      1. Cost mindset
      2. Cost observability
        1. Tagging
        2. Policies and budgets
        3. Alerting
        4. Tools
      3. The smart selection of resources
      4. Efficient usage of resources
      5. Discounts, reserved instances, and spot instances
        1. Discounts and credits
        2. Reserved instances
        3. Spot instances
      6. Invest in local environments
    10. Summary
  19. The Future of Kubernetes
    1. The Kubernetes momentum
      1. The importance of the CNCF
        1. Project curation
        2. Certification
        3. Training
        4. Community and education
      2. Tooling
    2. The rise of managed Kubernetes platforms
      1. Public cloud Kubernetes platforms
      2. Bare metal, private clouds, and Kubernetes on the edge
      3. Kubernetes PaaS (Platform as a Service)
    3. Upcoming trends
      1. Security
      2. Networking
      3. Custom hardware and devices
      4. Service mesh
      5. Serverless computing
      6. Kubernetes on the edge
      7. Native CI/CD
      8. Operators
    4. Kubernetes and AI
      1. Kubernetes and AI synergy
      2. Training AI models on Kubernetes
      3. Running AI-based systems on Kubernetes
      4. Kubernetes and AIOps
    5. Kubernetes challenges
      1. Kubernetes complexity
      2. Serverless function platforms
    6. Summary
  20. Other Books You May Enjoy
  21. Index

Product information

  • Title: Mastering Kubernetes - Fourth Edition
  • Author(s): Gigi Sayfan
  • Release date: June 2023
  • Publisher(s): Packt Publishing
  • ISBN: 9781804611395