Getting Started with Kubernetes

Other Books You May Enjoy

Chapter 15: Kubernetes Infrastructure Management

Chapter 14: Hardening Kubernetes

Chapter 13: Cluster Authentication Authorization and Container Security

Chapter 12: Cluster Federation and Multi-Tenancy

Chapter 11: Kubernetes SIGs Incubation Projects and the CNCF

Chapter 10: Designing for High Availability and Scalability

Chapter 8: Monitoring and Logging

Chapter 7: Designing for Continuous Integration and Delivery

Chapter 6: Application Updates Gradual Rollouts and Autoscaling

Chapter 5: Exploring Kubernetes Storage Concepts

Chapter 4: Implementing Reliable Container-Native Applications

Chapter 3: Working with Networking Load Balancers and Ingress

Chapter 2: Building a Foundation with Core Kubernetes Constructs

Chapter 1: Introduction to Kubernetes

Assessments

Further reading

Questions

Summary

Additional configuration options

Node maintenance

DIY clusters

On GKE and AKS

Scaling the cluster

Upgrading PaaS clusters

Upgrading the cluster

Tuning examples

Securing the cluster

Picking what's right

Planning a cluster

Technical requirements

Kubernetes Infrastructure Management

Further reading

Questions

Summary

OpenShift

Deis

Mesosphere (Kubernetes on Mesos)

Aqua Sec

Twistlock

Shippable

Portworx

ClusterHQ

Azure Kubernetes Service

Google Kubernetes Engine

Private registries

Third-party companies

Securing a cluster

CPU constraints example

Scheduling CPU constraints

Memory limit example

Scheduling limits

Setting limits

Lessons learned from production

Ready set go

Ready for production

Hardening Kubernetes

Further reading

Questions

Summary

Securing sensitive application data (secrets)

Additional considerations

Enabling PodSecurityPolicies

Pod security policies and context

RBAC

Admission controllers

Authorization and authentication plugins

Secure node communication

Secure API calls

Kubernetes cluster security

Image signing and verification

Continuous vulnerability scanning

Image repositories

Resource exhaustion and orchestration security

Keeping containers contained

Basics of container security

Cluster Authentication Authorization and Container Security

Further reading

Questions

Summary

Deleting the cluster

Getting to multi-cloud

True multi-cloud

Jobs

Events

Other federated resources

How to use federated HPAs

Federated horizontal pod autoscalers

Federated configurations

Federated resources

Adding clusters to the federation system

Initializing the federation control plane

New clusters for federation

Contexts

Setting up federation

Federated services

Key components

The building blocks of federation

Why federation?

Introduction to federation

Technical requirements

Cluster Federation and Multi-Tenancy

Further reading

Questions

Summary

How to get involved

Kubernetes SIGs

What Kubernetes isn't

CNCF structure

Git's benefits

Setting up Git for contributions

Technical requirements

Kubernetes SIGs Incubation Projects and the CNCF

Further reading

Questions

Summary

Using CRDs

Custom resource definitions

The workloads API

Using admission controllers

Admission controllers

Cluster life cycle

Installing workers

Stacked nodes

Setting up

Prerequisites

HA approaches for Kubernetes

HA features of the major cloud service providers

HA clusters

Anti-fragility

HA best practices

The five nines of availability

Downtime

Uptime

Uptime and downtime

How do we measure availability?

Introduction to high availability

Technical requirements

Designing for High Availability and Scalability

Further reading

Summary

Google Kubernetes Engine

Microsoft Azure

Amazon Web Services

Hosted platforms

Dashboard highlights

Tectonic

Kubernetes with CoreOS

etcd

rkt

CoreOS

Standard container specification

CNCF

More on container runtimes

Trying out CRI-O

Container Runtime Interface

The OCI

The OCI Charter

The importance of standards

Technical requirements

Operating Systems Platforms and Cloud and Local Providers

Further reading

Questions

Summary

Installing Prometheus

Tips for creating an Operator

Prometheus installation choices

Prometheus summary

Prometheus

The Csysdig command-line UI

The Sysdig command line

Alerting

Metrics

Topology views

Detailed views

Sysdig Cloud

Beyond system monitoring with Sysdig

Alerts

Signing up for GCE monitoring

GCE (Stackdriver)

Maturing our monitoring operations

FluentD

FluentD and Google Cloud Logging

Customizing our dashboards

Exploring Heapster

Built-in monitoring

Monitoring operations

Technical requirements

Monitoring and Logging

Further reading

Questions

Summary

Bonus fun

Helm and Minikube

Configuring the Kubernetes plugin

Installing plugins

Prerequisites

The Kubernetes plugin for Jenkins

gulp.js build example

Prerequisites

gulp.js

Integrating Kubernetes with a continuous delivery pipeline

Technical requirements

Designing for Continuous Integration and Delivery

Further reading

Questions

Summary

Getting started with Helm

Managing applications

Scaling manually

Scaling up the cluster on AWS

Scaling up the cluster on GCE

Autoscaling

Scaling a cluster

Application autoscaling

Testing releases and cutovers

Smooth updates

Scaling up

Example setup

Technical requirements

Application Updates Gradual Rollouts and Autoscaling

Further reading

Questions

Summary

A stateful example

StatefulSets

Dynamic volume provisioning

PersistentVolumes and Storage Classes

Other storage options

AWS Elastic Block Store

GCE Persistent Disks

Cloud volumes

Temporary disks

Persistent storage

Technical requirements

Exploring Kubernetes Storage Concepts

Questions

Summary

Node selection

DaemonSets

Scheduled jobs

Parallel jobs

Other types of jobs

Jobs

Autoscaling

History and rollbacks

Updates and rollouts

Scaling

Deployment use cases

Deployments

How Kubernetes manages state

Technical requirements

Implementing Reliable Container-Native Applications

Further reading

Questions

Summary

A note on resource usage

Limits

Multitenancy

DNS

Service discovery

Custom addressing

Migrations multicluster and more

Types of ingress

Ingress

Multiple ports

Custom ports

Cross-node proxy

Custom load balancing

Internal services

External services

Advanced services

Balanced design

Kube-router

Canal

Project Calico

Flannel

Weave

Networking comparisons

Networking options

The Kubernetes approach

Docker user-defined networks

Docker default networks

The Docker approach

Container networking

Technical requirements

Working with Networking Load Balancers and Ingress

Further reading

Questions

Summary

Scheduling example

Application scheduling

Life cycle hooks or graceful shutdown

TCP checks

Health checks

Replica sets

More on labels

Our first Kubernetes application

Replication controllers and replica sets

Services

The container's afterlife

Labels

Pod example

Pods

Core constructs

Nodes (formerly minions)

Master

Cluster nodes

Cluster state

The Master

The architecture

Ecosystem

Interface layer

Governance layer

Application layer

Nucleus

The Kubernetes system

Technical requirements

Building a Foundation with Core Kubernetes Constructs

Further reading

Questions

Summary

Joining the cluster

Networking

Joining nodes

Setting up a master

Installing Kubernetes components (kubelet and kubeadm)

Cluster setup

Starting from scratch

Local alternatives

Investigating other deployment automation

Resetting the cluster

Other modes

Creating your cluster

Cluster state storage

IAM setup

CLI setup

Working with other providers

Tearing down a cluster

Services running on the minions

Services running on the master

Command line

Grafana

Kubernetes UI

Running Kubernetes on GCE

Our first clusters

Future challenges

Microservices and orchestration

Resource utilization

The advantages of Continuous Integration/Continuous Deployment

Why are containers so cool?

Union filesystems

Namespaces

cgroups

What is a container?

A brief overview of containers

Technical requirements

Introduction to Kubernetes

Reviews

Get in touch

Conventions used

Download the color images

Download the example code files

To get the most out of this book

What this book covers

Who this book is for

Preface

Packt is searching for authors like you

About the reviewer

About the authors

Contributors

Packt.com

Why subscribe?

Packt Upsell

Dedication

Title Page

coverpage

coverpage

Title Page

Dedication

Packt Upsell

Why subscribe?

Packt.com

Contributors

About the authors

About the reviewer

Packt is searching for authors like you

Preface

Who this book is for

What this book covers

To get the most out of this book

Download the example code files

Download the color images

Conventions used

Get in touch

Reviews

Introduction to Kubernetes

Technical requirements

A brief overview of containers

What is a container?

cgroups

Namespaces

Union filesystems

Why are containers so cool?

The advantages of Continuous Integration/Continuous Deployment

Resource utilization

Microservices and orchestration

Future challenges

Our first clusters

Running Kubernetes on GCE

Kubernetes UI

Grafana

Command line

Services running on the master

Services running on the minions

Tearing down a cluster

Working with other providers

CLI setup

IAM setup

Cluster state storage

Creating your cluster

Other modes

Resetting the cluster

Investigating other deployment automation

Local alternatives

Starting from scratch

Cluster setup

Installing Kubernetes components (kubelet and kubeadm)

Setting up a master

Joining nodes

Networking

Joining the cluster

Summary

Questions

Further reading

Building a Foundation with Core Kubernetes Constructs

Technical requirements

The Kubernetes system

Nucleus

Application layer

Governance layer

Interface layer

Ecosystem

The architecture

The Master

Cluster state

Cluster nodes

Master

Nodes (formerly minions)

Core constructs

Pods

Pod example

Labels

The container's afterlife

Services

Replication controllers and replica sets

Our first Kubernetes application

More on labels

Replica sets

Health checks

TCP checks

Life cycle hooks or graceful shutdown

Application scheduling

Scheduling example

Summary

Questions

Further reading

Working with Networking Load Balancers and Ingress

Technical requirements

Container networking

The Docker approach

Docker default networks

Docker user-defined networks

The Kubernetes approach

Networking options

Networking comparisons

Weave

Flannel

Project Calico

Canal

Kube-router

Balanced design

Advanced services

External services

Internal services

Custom load balancing

Cross-node proxy

Custom ports

Multiple ports

Ingress

Types of ingress

Migrations multicluster and more

Custom addressing

Service discovery

DNS

Multitenancy

Limits

A note on resource usage

Summary

Questions

Further reading

Implementing Reliable Container-Native Applications

Technical requirements

How Kubernetes manages state

Deployments

Deployment use cases

Scaling

Updates and rollouts

History and rollbacks

Autoscaling

Jobs

Other types of jobs

Parallel jobs

Scheduled jobs

DaemonSets

Node selection

Summary

Questions

Exploring Kubernetes Storage Concepts

Technical requirements

Persistent storage

Temporary disks

Cloud volumes

GCE Persistent Disks

AWS Elastic Block Store

Other storage options

PersistentVolumes and Storage Classes

Dynamic volume provisioning

StatefulSets

A stateful example

Summary

Questions

Further reading

Application Updates Gradual Rollouts and Autoscaling

Technical requirements

Example setup

Scaling up

Smooth updates

Testing releases and cutovers

Application autoscaling

Scaling a cluster

Autoscaling

Scaling up the cluster on GCE

Scaling up the cluster on AWS

Scaling manually

Managing applications

Getting started with Helm

Summary

Questions

Further reading

Designing for Continuous Integration and Delivery

Technical requirements

Integrating Kubernetes with a continuous delivery pipeline

gulp.js

Prerequisites

gulp.js build example

The Kubernetes plugin for Jenkins

Prerequisites

Installing plugins

Configuring the Kubernetes plugin

Helm and Minikube

Bonus fun

Summary

Questions

Further reading

Monitoring and Logging

Technical requirements

Monitoring operations

Built-in monitoring

Exploring Heapster

Customizing our dashboards

FluentD and Google Cloud Logging

FluentD

Maturing our monitoring operations

GCE (Stackdriver)

Signing up for GCE monitoring

Alerts

Beyond system monitoring with Sysdig

Sysdig Cloud

Detailed views

Topology views

Metrics

Alerting

The Sysdig command line

The Csysdig command-line UI

Prometheus

Prometheus summary

Prometheus installation choices

Tips for creating an Operator

Installing Prometheus

Summary

Questions

Further reading

Operating Systems Platforms and Cloud and Local Providers

Technical requirements

The importance of standards

The OCI Charter

The OCI

Container Runtime Interface

Trying out CRI-O

More on container runtimes

CNCF

Standard container specification

CoreOS

rkt

etcd

Kubernetes with CoreOS

Tectonic

Dashboard highlights

Hosted platforms

Amazon Web Services

Microsoft Azure

Google Kubernetes Engine

Summary

Further reading

Designing for High Availability and Scalability

Technical requirements

Introduction to high availability

How do we measure availability?

Uptime and downtime

Uptime

Downtime

The five nines of availability

HA best practices

Anti-fragility

HA clusters

HA features of the major cloud service providers

HA approaches for Kubernetes

Prerequisites

Setting up

Stacked nodes

Installing workers

Cluster life cycle

Admission controllers

Using admission controllers

The workloads API

Custom resource definitions

Using CRDs

Summary

Questions

Further reading

Kubernetes SIGs Incubation Projects and the CNCF

Technical requirements

Setting up Git for contributions

Git's benefits

CNCF structure

What Kubernetes isn't

Kubernetes SIGs

How to get involved

Summary

Questions

Further reading

Cluster Federation and Multi-Tenancy

Technical requirements

Introduction to federation

Why federation?

The building blocks of federation

Key components

Federated services

Setting up federation

Contexts

New clusters for federation

Initializing the federation control plane

Adding clusters to the federation system

Federated resources

Federated configurations

Federated horizontal pod autoscalers

How to use federated HPAs

Other federated resources

Events

Jobs

True multi-cloud

Getting to multi-cloud

Deleting the cluster

Summary

Questions

Further reading

Cluster Authentication Authorization and Container Security

Basics of container security

Keeping containers contained

Resource exhaustion and orchestration security

Image repositories

Continuous vulnerability scanning

Image signing and verification

Kubernetes cluster security

Secure API calls

Secure node communication

Authorization and authentication plugins

Admission controllers

RBAC

Pod security policies and context

Enabling PodSecurityPolicies

Additional considerations

Securing sensitive application data (secrets)

Summary

Questions

Further reading

Hardening Kubernetes

Ready for production

Ready set go

Lessons learned from production

Setting limits

Scheduling limits

Memory limit example

Scheduling CPU constraints

CPU constraints example

Securing a cluster

Third-party companies

Private registries

Google Kubernetes Engine

Azure Kubernetes Service

ClusterHQ

Portworx

Shippable

Twistlock

Aqua Sec

Mesosphere (Kubernetes on Mesos)

Deis

OpenShift

Summary

Questions

Further reading

Kubernetes Infrastructure Management

Technical requirements

Planning a cluster

Picking what's right

Securing the cluster

Tuning examples

Upgrading the cluster

Upgrading PaaS clusters

Scaling the cluster

On GKE and AKS

DIY clusters

Node maintenance

Additional configuration options

Summary

Questions

Further reading

Assessments

Chapter 1: Introduction to Kubernetes

Chapter 2: Building a Foundation with Core Kubernetes Constructs

Chapter 3: Working with Networking Load Balancers and Ingress

Chapter 4: Implementing Reliable Container-Native Applications

Chapter 5: Exploring Kubernetes Storage Concepts

Chapter 6: Application Updates Gradual Rollouts and Autoscaling

Chapter 7: Designing for Continuous Integration and Delivery

Chapter 8: Monitoring and Logging

Chapter 10: Designing for High Availability and Scalability

Chapter 11: Kubernetes SIGs Incubation Projects and the CNCF

Chapter 12: Cluster Federation and Multi-Tenancy

Chapter 13: Cluster Authentication Authorization and Container Security

Chapter 14: Hardening Kubernetes

Chapter 15: Kubernetes Infrastructure Management

Other Books You May Enjoy