Home Page Icon
Home Page
Table of Contents for
Contributors
Close
Contributors
by Gigi Sayfan
Mastering Kubernetes
Title Page
Copyright and Credits
Mastering Kubernetes Second Edition
Packt Upsell
Why subscribe?
PacktPub.com
Contributors
About the author
About the reviewers
Packt is searching for authors like you
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the color images
Conventions used
Get in touch
Reviews
Understanding Kubernetes Architecture
What is Kubernetes?
What Kubernetes is not
Understanding container orchestration
Physical machines, virtual machines, and containers
The benefits of containers
Containers in the cloud
Cattle versus pets
Kubernetes concepts
Cluster
Node
Master
Pod
Label
Annotations
Label selectors
Replication controllers and replica sets
Services
Volume
StatefulSet
Secrets
Names
Namespaces
Diving into Kubernetes architecture in-depth
Distributed systems design patterns
Sidecar pattern
Ambassador pattern
Adapter pattern
Multinode patterns
The Kubernetes APIs
Resource categories
Workloads API
Discovery and load balancing
Config and storage
Metadata
Cluster
Kubernetes components
Master components
API server
Etcd
Kube controller manager
Cloud controller manager
Kube-scheduler
DNS
Node components
Proxy
Kubelet
Kubernetes runtimes
The Container Runtime Interface (CRI)
Docker
Rkt
App container
Cri-O
Rktnetes
Is rkt ready for use in production?
Hyper containers
Stackube
Continuous integration and deployment
What is a CI/CD pipeline?
Designing a CI/CD pipeline for Kubernetes
Summary
Creating Kubernetes Clusters
A quick single-node cluster with Minikube
Getting ready
On Windows
On macOS
Creating the cluster
Troubleshooting
Checking out the cluster
Doing work
Examining the cluster with the dashboard
Creating a multinode cluster using kubeadm
Setting expectations
Getting ready
Preparing a cluster of vagrant VMs
Installing the required software
The host file
The vars.yml file
The playbook.yml file
Creating the cluster
Initializing the master
Setting up the pod network
Adding the worker nodes
Creating clusters in the cloud (GCP, AWS, and Azure)
The cloud-provider interface
Google Cloud Platform (GCP)
Amazon Web Services (AWS)
Amazon Elastic Container Service for Kubernetes (EKS)
Fargate
Azure
Alibaba Cloud
Creating a bare-metal cluster from scratch
Use cases for bare metal
When should you consider creating a bare-metal cluster?
The process
Using virtual private cloud infrastructure
Bootkube
Summary
Monitoring, Logging, and Troubleshooting
Monitoring Kubernetes with Heapster
cAdvisor
Installing Heapster
InfluxDB backend
The storage schema
CPU
Filesystem
Memory
Network
Uptime
Grafana visualization
Performance analysis with the dashboard
Top-level view
Cluster
Workloads
Discovery and load balancing
Adding central logging
Planning central logging
Fluentd
Elasticsearch
Kibana
Detecting node problems
Node problem detector
DaemonSet
Problem daemons
Troubleshooting scenarios
Designing robust systems
Hardware failure
Quotas, shares, and limits
Bad configuration
Cost versus performance
Managing cost on the cloud
Managing cost on bare metal
Managing cost on hybrid clusters
Using Prometheus
What are operators?
The Prometheus Operator
Installing Prometheus with kube-prometheus
Monitoring your cluster with Prometheus
Summary
High Availability and Reliability
High-availability concepts
Redundancy
Hot swapping
Leader election
Smart load balancing
Idempotency
Self-healing
High-availability best practices
Creating highly available clusters
Making your nodes reliable
Protecting your cluster state
Clustering etcd
Installing the etcd operator
Creating the etcd cluster
Verifying the etcd cluster
Protecting your data
Running redundant API servers
Running leader election with Kubernetes
Leader election for your application
Making your staging environment highly available
Testing high availability
Live cluster upgrades
Rolling upgrades
Complex deployments
Blue-green upgrades
Managing data-contract changes
Migrating data
Deprecating APIs
Large-cluster performance, cost, and design trade-offs
Availability requirements
Best effort
Maintenance windows
Quick recovery
Zero-downtime
Performance and data consistency
Summary
Configuring Kubernetes Security, Limits, and Accounts
Understanding Kubernetes security challenges
Node challenges
Image challenges
Configuration and deployment challenges
Pod and container challenges
Organizational, cultural, and process challenges
Hardening Kubernetes
Understanding service accounts in Kubernetes
How does Kubernetes manage service accounts?
Accessing the API server
Authenticating users
Impersonation
Authorizing requests
Using admission control plugins
Securing pods
Using a private image repository
ImagePullSecrets
Specifying a security context
Protecting your cluster with AppArmor
Requirements
Securing a pod with AppArmor
Writing AppArmor profiles
Pod security policies
Authorizing pod security policies through RBAC
Managing network policies
Choosing a supported networking solution
Defining a network policy
Limiting Egress to external networks
Cross-namespace policies
Using secrets
Storing secrets in Kubernetes
Configuring encryption at Rest
Creating secrets
Decoding secrets
Using secrets in a container
Running a multiuser cluster
The case for a multiuser cluster
Using namespaces for safe multitenancy
Avoiding namespace pitfalls
Summary
Using Critical Kubernetes Resources
Designing the Hue platform
Defining the scope of Hue
Hue components
Hue microservices
Planning workflows
Automatic workflows
Human workflows
Budget-aware workflows
Using Kubernetes to build the Hue platform
Using Kubectl effectively
Understanding Kubectl resource configuration files
Deploying long-running microservices in pods
Creating pods
Decorating pods with labels
Deploying long-running processes with deployments
Updating a deployment
Separating internal and external services
Deploying an internal service
Creating the hue-reminders service
Exposing a service externally
Ingress
Using namespace to limit access
Launching jobs
Running jobs in parallel
Cleaning up completed jobs
Scheduling cron jobs
Mixing non-cluster components
Outside-the-cluster-network components
Inside-the-cluster-network components
Managing the Hue platform with Kubernetes
Using liveness probes to ensure your containers are alive
Using readiness probes to manage dependencies
Employing Init Containers for orderly pod bring-up
Sharing with DaemonSet pods
Evolving the Hue platform with Kubernetes
Utilizing Hue in enterprises
Advancing science with Hue
Educating the kids of the future with Hue
Summary
Handling Kubernetes Storage
Persistent volumes walk-through
Volumes
Using emptyDir for intra-pod communication
Using HostPath for intra-node communication
Using local volumes for durable node storage
Provisioning persistent volumes
Creating persistent volumes
Capacity
Volume mode
Access modes
Reclaim policy
Storage class
Volume type
Making persistent volume claims
Mounting claims as volumes
Raw block volumes
Storage classes
Default storage class
Demonstrating persistent volume storage end to end
Public storage volume types – GCE, AWS, and Azure
AWS Elastic Block Store (EBS)
AWS Elastic File System
GCE persistent disk
Azure data disk
Azure file storage
GlusterFS and Ceph volumes in Kubernetes
Using GlusterFS
Creating endpoints
Adding a GlusterFS Kubernetes service
Creating pods
Using Ceph
Connecting to Ceph using RBD
Connecting to Ceph using CephFS
Flocker as a clustered container data volume manager
Integrating enterprise storage into Kubernetes
Projecting volumes
Using out-of-tree volume plugins with FlexVolume
The Container Storage Interface
Summary
Running Stateful Applications with Kubernetes
Stateful versus stateless applications in Kubernetes
Understanding the nature of distributed data-intensive apps
Why manage state in Kubernetes?
Why manage state outside of Kubernetes?
Shared environment variables versus DNS records for discovery
Accessing external data stores via DNS
Accessing external data stores via environment variables
Creating a ConfigMap
Consuming a ConfigMap as an environment variable
Using a redundant in-memory state
Using DaemonSet for redundant persistent storage
Applying persistent volume claims
Utilizing StatefulSet
When to use StatefulSet
The components of StatefulSet
Running a Cassandra cluster in Kubernetes
Quick introduction to Cassandra
The Cassandra Docker image
Exploring the run.sh script
Hooking up Kubernetes and Cassandra
Digging into the Cassandra configuration
The custom seed provider
Creating a Cassandra headless service
Using StatefulSet to create the Cassandra cluster
Dissecting the stateful set configuration file
Using a replication controller to distribute Cassandra
Dissecting the replication controller configuration file
Assigning pods to nodes
Using DaemonSet to distribute Cassandra
Summary
Rolling Updates, Scalability, and Quotas
Horizontal pod autoscaling
Declaring horizontal pod autoscaler
Custom metrics
Using custom metrics
Autoscaling with kubectl
Performing rolling updates with autoscaling
Handling scarce resources with limits and quotas
Enabling resource quotas
Resource quota types
Compute resource quota
Storage resource quota
Object count quota
Quota scopes
Requests and limits
Working with quotas
Using namespace-specific context
Creating quotas
Using limit ranges for default compute quotas
Choosing and managing the cluster capacity
Choosing your node types
Choosing your storage solutions
Trading off cost and response time
Using effectively multiple node configurations
Benefiting from elastic cloud resources
Autoscaling instances
Mind your cloud quotas
Manage regions carefully
Considering Hyper.sh (and AWS Fargate)
Pushing the envelope with Kubernetes
Improving the performance and scalability of Kubernetes
Caching reads in the API server
The pod life cycle event generator
Serializing API objects with protocol buffers
etcd3
Other optimizations
Measuring the performance and scalability of Kubernetes
The Kubernetes SLOs
Measuring API responsiveness
Measuring end-to-end pod startup time
Testing Kubernetes at scale
Introducing the Kubemark tool
Setting up a Kubemark cluster
Comparing a Kubemark cluster to a real-world cluster
Summary
Advanced Kubernetes Networking
Understanding the Kubernetes networking model
Intra-pod communication (container to container)
Inter-pod communication (pod to pod)
Pod-to-service communication
External access
Kubernetes networking versus Docker networking
Lookup and discovery
Self-registration
Services and endpoints
Loosely coupled connectivity with queues
Loosely coupled connectivity with data stores
Kubernetes ingress
Kubernetes network plugins
Basic Linux networking
IP addresses and ports
Network namespaces
Subnets, netmasks, and CIDRs
Virtual Ethernet devices
Bridges
Routing
Maximum transmission unit
Pod networking
Kubenet
Requirements
Setting the MTU
Container Networking Interface (CNI)
Container runtime
CNI plugin
Kubernetes networking solutions
Bridging on bare metal clusters
Contiv
Open vSwitch
Nuage networks VCS
Canal
Flannel
Calico project
Romana
Weave net
Using network policies effectively
Understanding the Kubernetes network policy design
Network policies and CNI plugins
Configuring network policies
Implementing network policies
Load balancing options
External load balancer
Configuring an external load balancer
Via configuration file
Via Kubectl
Finding the load balancer IP addresses
Preserving client IP addresses
Specifying original client IP address preservation
Understanding potential in even external load balancing
Service load balancer
Ingress
HAProxy
Utilizing the NodePort
Custom load balancer provider using HAProxy
Running HAProxy Inside the Kubernetes cluster
Keepalived VIP
Træfic
Writing your own CNI plugin
First look at the loopback plugin
Building on the CNI plugin skeleton
Reviewing the bridge plugin
Summary
Running Kubernetes on Multiple Clouds and Cluster Federation
Understanding cluster federation
Important use cases for cluster federation
Capacity overflow
Sensitive workloads
Avoiding vendor lock-in
Geo-distributing high availability
The federation control plane
Federation API server
Federation controller manager
Federated resources
Federated ConfigMap
Creating a federated ConfigMap
Viewing a federated ConfigMap
Updating a federated ConfigMap
Deleting a federated ConfigMap
Federated DaemonSet
Federated Deployment
Federated Events
Federated Horizontal Pod Scaling
Federated ingress
Creating federated ingress
Request routing with federated ingress
Handling failures with federated ingress
Federated job
Federated namespace
Federated ReplicaSet
Federated secrets
The hard parts
Federated unit of work
Location affinity
Strictly-coupled
Loosely-coupled
Preferentially-coupled
Strictly-decoupled
Uniformly-spread
Cross-cluster scheduling
Federated data access
Federated auto-scaling
Managing a Kubernetes cluster federation
Setting up cluster federation from the ground up
Initial setup
Using the official Hyperkube image
Running the federation control plane
Registering Kubernetes clusters with the federation
Updating KubeDNS
Shutting down the federation
Setting up cluster federation with Kubefed
Getting Kubefed
Choosing a host cluster
Deploying a federation control plane
Adding a cluster to a federation
Naming rules and customization
Secret name
Removing a cluster from a federation
Shutting down the federation
Cascading delete of resources
Load balancing across multiple clusters
Failing over across multiple clusters
Federated service discovery
Federated migration
Running federated workloads
Creating a federated service
Adding backend pods
Verifying public DNS records
Discovering a federated service
DNS expansion
Handling failures of backend pods and whole clusters
Troubleshooting
Unable to connect to federation API server
Federated service is created successfully but no service is created in the underlying clusters
Summary
Customizing Kubernetes – API and Plugins
Working with the Kubernetes API
Understanding OpenAPI
Setting up a proxy
Exploring the Kubernetes API directly
Using Postman to explore the Kubernetes API
Filtering the output with httpie and jq
Creating a pod via the Kubernetes API
Accessing the Kubernetes API via the Python client
Dissecting the CoreV1API group
Listing objects
Creating objects
Watching objects
Invoking Kubectl programmatically
Using Python subprocess to run Kubectl
Extending the Kubernetes API
Understanding the structure of a custom resource
Developing custom resource definitions
Integrating custom resources
Finalizing custom resources
Validating custom resources
Understanding API server aggregation
Utilizing the service catalog
Writing Kubernetes plugins
Writing a custom scheduler plugin
Understanding the design of the Kubernetes scheduler
The scheduler
Registering an algorithm provider
Configuring the scheduler
Packaging the scheduler
Deploying the custom scheduler
Running another custom scheduler in the cluster
Assigning pods to the custom scheduler
Verifying that the pods were scheduled using the custom scheduler
Employing access control webhooks
Using an authentication webhook
Using an authorization webhook
Using an admission control webhook
Configuring webhook admission controller on the fly
Providing custom metrics for horizontal pod autoscaling
Extending Kubernetes with custom storage
Taking advantage of FlexVolume
Benefitting from CSI
Summary
Handling the Kubernetes Package Manager
Understanding Helm
The motivation for Helm
The Helm architecture
Helm components
The Tiller server
The Helm client
Using Helm
Installing Helm
Installing the Helm client
Installing the Tiller server
Installing Tiller in-cluster
Installing Tiller locally
Using Alternative Storage Backend
Finding charts
Installing packages
Checking installation status
Customizing a chart
Additional installation options
Upgrading and rolling back a release
Deleting a release
Working with repositories
Managing charts with Helm
Taking advantage of starter packs
Creating your own charts
The Chart.yaml file
Versioning charts
The appVersion field
Deprecating charts
Chart metadata files
Managing chart dependencies
Managing dependencies with requirements.yaml
Using special fields in requirements.yaml
Using templates and values
Writing template files
Using pipelines and functions
Embedding predefined values
Feeding values from a file
Scope, dependencies, and values
Summary
The Future of Kubernetes
The road ahead
Kubernetes releases and milestones
Kubernetes special interest and working groups
Competition
The value of bundling
Docker Swarm
Mesos/Mesosphere
Cloud platforms
AWS
Azure
Alibaba Cloud
The Kubernetes momentum
Community
GitHub
Conferences and meetups
Mindshare
Ecosystem
Public cloud providers
OpenShift
OpenStack
Other players
Education and training
Modularization and out-of-tree plugins
Service meshes and serverless frameworks
Service meshes
Serverless frameworks
Summary
Other Books You May Enjoy
Leave a review - let other readers know what you think
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Prev
Previous Chapter
PacktPub.com
Next
Next Chapter
About the author
Contributors
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset