Mastering Kubernetes电子书

Title Page

Copyright and Credits

Mastering Kubernetes Second Edition

Packt Upsell

Why subscribe?

PacktPub.com

Contributors

About the author

About the reviewers

Packt is searching for authors like you

Preface

Who this book is for

What this book covers

To get the most out of this book

Download the color images

Conventions used

Get in touch

Reviews

Understanding Kubernetes Architecture

What is Kubernetes?

What Kubernetes is not

Understanding container orchestration

Physical machines, virtual machines, and containers

The benefits of containers

Containers in the cloud

Cattle versus pets

Kubernetes concepts

Cluster

Node

Master

Pod

Label

Annotations

Label selectors

Replication controllers and replica sets

Services

Volume

StatefulSet

Secrets

Names

Namespaces

Diving into Kubernetes architecture in-depth

Distributed systems design patterns

Sidecar pattern

Ambassador pattern

Adapter pattern

Multinode patterns

The Kubernetes APIs

Resource categories

Workloads API

Discovery and load balancing

Config and storage

Metadata

Cluster

Kubernetes components

Master components

API server

Etcd

Kube controller manager

Cloud controller manager

Kube-scheduler

DNS

Node components

Proxy

Kubelet

Kubernetes runtimes

The Container Runtime Interface (CRI)

Docker

Rkt

App container

Cri-O

Rktnetes

Is rkt ready for use in production?

Hyper containers

Stackube

Continuous integration and deployment

What is a CI/CD pipeline?

Designing a CI/CD pipeline for Kubernetes

Summary

Creating Kubernetes Clusters

A quick single-node cluster with Minikube

Getting ready

On Windows

On macOS

Creating the cluster

Troubleshooting

Checking out the cluster

Doing work

Examining the cluster with the dashboard

Creating a multinode cluster using kubeadm

Setting expectations

Getting ready

Preparing a cluster of vagrant VMs

Installing the required software

The host file

The vars.yml file

The playbook.yml file

Creating the cluster

Initializing the master

Setting up the pod network

Adding the worker nodes

Creating clusters in the cloud (GCP, AWS, and Azure)

The cloud-provider interface

Google Cloud Platform (GCP)

Amazon Web Services (AWS)

Amazon Elastic Container Service for Kubernetes (EKS)

Fargate

Azure

Alibaba Cloud

Creating a bare-metal cluster from scratch

Use cases for bare metal

When should you consider creating a bare-metal cluster?

The process

Using virtual private cloud infrastructure

Bootkube

Summary

Monitoring, Logging, and Troubleshooting

Monitoring Kubernetes with Heapster

cAdvisor

Installing Heapster

InfluxDB backend

The storage schema

CPU

Filesystem

Memory

Network

Uptime

Grafana visualization

Performance analysis with the dashboard

Top-level view

Cluster

Workloads

Discovery and load balancing

Adding central logging

Planning central logging

Fluentd

Elasticsearch

Kibana

Detecting node problems

Node problem detector

DaemonSet

Problem daemons

Troubleshooting scenarios

Designing robust systems

Hardware failure

Quotas, shares, and limits

Bad configuration

Cost versus performance

Managing cost on the cloud

Managing cost on bare metal

Managing cost on hybrid clusters

Using Prometheus

What are operators?

The Prometheus Operator

Installing Prometheus with kube-prometheus

Monitoring your cluster with Prometheus

Summary

High Availability and Reliability

High-availability concepts

Redundancy

Hot swapping

Leader election

Smart load balancing

Idempotency

Self-healing

High-availability best practices

Creating highly available clusters

Making your nodes reliable

Protecting your cluster state

Clustering etcd

Installing the etcd operator

Creating the etcd cluster

Verifying the etcd cluster

Protecting your data

Running redundant API servers

Running leader election with Kubernetes

Leader election for your application

Making your staging environment highly available

Testing high availability

Live cluster upgrades

Rolling upgrades

Complex deployments

Blue-green upgrades

Managing data-contract changes

Migrating data

Deprecating APIs

Large-cluster performance, cost, and design trade-offs

Availability requirements

Best effort

Maintenance windows

Quick recovery

Zero-downtime

Performance and data consistency

Summary

Configuring Kubernetes Security, Limits, and Accounts

Understanding Kubernetes security challenges

Node challenges

Image challenges

Configuration and deployment challenges

Pod and container challenges

Organizational, cultural, and process challenges

Hardening Kubernetes

Understanding service accounts in Kubernetes

How does Kubernetes manage service accounts?

Accessing the API server

Authenticating users

Impersonation

Authorizing requests

Using admission control plugins

Securing pods

Using a private image repository

ImagePullSecrets

Specifying a security context

Protecting your cluster with AppArmor

Requirements

Securing a pod with AppArmor

Writing AppArmor profiles

Pod security policies

Authorizing pod security policies through RBAC

Managing network policies

Choosing a supported networking solution

Defining a network policy

Limiting Egress to external networks

Cross-namespace policies

Using secrets

Storing secrets in Kubernetes

Configuring encryption at Rest

Creating secrets

Decoding secrets

Using secrets in a container

Running a multiuser cluster

The case for a multiuser cluster

Using namespaces for safe multitenancy

Avoiding namespace pitfalls

Summary

Using Critical Kubernetes Resources

Designing the Hue platform

Defining the scope of Hue

Hue components

Hue microservices

Planning workflows

Automatic workflows

Human workflows

Budget-aware workflows

Using Kubernetes to build the Hue platform

Using Kubectl effectively

Understanding Kubectl resource configuration files

Deploying long-running microservices in pods

Creating pods

Decorating pods with labels

Deploying long-running processes with deployments

Updating a deployment

Separating internal and external services

Deploying an internal service

Creating the hue-reminders service

Exposing a service externally

Ingress

Using namespace to limit access

Launching jobs

Running jobs in parallel

Cleaning up completed jobs

Scheduling cron jobs

Mixing non-cluster components

Outside-the-cluster-network components

Inside-the-cluster-network components

Managing the Hue platform with Kubernetes

Using liveness probes to ensure your containers are alive

Using readiness probes to manage dependencies

Employing Init Containers for orderly pod bring-up

Sharing with DaemonSet pods

Evolving the Hue platform with Kubernetes

Utilizing Hue in enterprises

Advancing science with Hue

Educating the kids of the future with Hue

Summary

Handling Kubernetes Storage

Persistent volumes walk-through

Volumes

Using emptyDir for intra-pod communication

Using HostPath for intra-node communication

Using local volumes for durable node storage

Provisioning persistent volumes

Creating persistent volumes

Capacity

Volume mode

Access modes

Reclaim policy

Storage class

Volume type

Making persistent volume claims

Mounting claims as volumes

Raw block volumes

Storage classes

Default storage class

Demonstrating persistent volume storage end to end

Public storage volume types – GCE, AWS, and Azure

AWS Elastic Block Store (EBS)

AWS Elastic File System

GCE persistent disk

Azure data disk

Azure file storage

GlusterFS and Ceph volumes in Kubernetes

Using GlusterFS

Creating endpoints

Adding a GlusterFS Kubernetes service

Creating pods

Using Ceph

Connecting to Ceph using RBD

Connecting to Ceph using CephFS

Flocker as a clustered container data volume manager

Integrating enterprise storage into Kubernetes

Projecting volumes

Using out-of-tree volume plugins with FlexVolume

The Container Storage Interface

Summary

Running Stateful Applications with Kubernetes

Stateful versus stateless applications in Kubernetes

Understanding the nature of distributed data-intensive apps

Why manage state in Kubernetes?

Why manage state outside of Kubernetes?

Shared environment variables versus DNS records for discovery

Accessing external data stores via DNS

Accessing external data stores via environment variables

Creating a ConfigMap

Consuming a ConfigMap as an environment variable

Using a redundant in-memory state

Using DaemonSet for redundant persistent storage

Applying persistent volume claims

Utilizing StatefulSet

When to use StatefulSet

The components of StatefulSet

Running a Cassandra cluster in Kubernetes

Quick introduction to Cassandra

The Cassandra Docker image

Exploring the run.sh script

Hooking up Kubernetes and Cassandra

Digging into the Cassandra configuration

The custom seed provider

Creating a Cassandra headless service

Using StatefulSet to create the Cassandra cluster

Dissecting the stateful set configuration file

Using a replication controller to distribute Cassandra

Dissecting the replication controller configuration file

Assigning pods to nodes

Using DaemonSet to distribute Cassandra

Summary

Rolling Updates, Scalability, and Quotas

Horizontal pod autoscaling

Declaring horizontal pod autoscaler

Custom metrics

Using custom metrics

Autoscaling with kubectl

Performing rolling updates with autoscaling

Handling scarce resources with limits and quotas

Enabling resource quotas

Resource quota types

Compute resource quota

Storage resource quota

Object count quota

Quota scopes

Requests and limits

Working with quotas

Using namespace-specific context

Creating quotas

Using limit ranges for default compute quotas

Choosing and managing the cluster capacity

Choosing your node types

Choosing your storage solutions

Trading off cost and response time

Using effectively multiple node configurations

Benefiting from elastic cloud resources

Autoscaling instances

Mind your cloud quotas

Manage regions carefully

Considering Hyper.sh (and AWS Fargate)

Pushing the envelope with Kubernetes

Improving the performance and scalability of Kubernetes

Caching reads in the API server

The pod life cycle event generator

Serializing API objects with protocol buffers

etcd3

Other optimizations

Measuring the performance and scalability of Kubernetes

The Kubernetes SLOs

Measuring API responsiveness

Measuring end-to-end pod startup time

Testing Kubernetes at scale

Introducing the Kubemark tool

Setting up a Kubemark cluster

Comparing a Kubemark cluster to a real-world cluster

Summary

Advanced Kubernetes Networking

Understanding the Kubernetes networking model

Intra-pod communication (container to container)

Inter-pod communication (pod to pod)

Pod-to-service communication

External access

Kubernetes networking versus Docker networking

Lookup and discovery

Self-registration

Services and endpoints

Loosely coupled connectivity with queues

Loosely coupled connectivity with data stores

Kubernetes ingress

Kubernetes network plugins

Basic Linux networking

IP addresses and ports

Network namespaces

Subnets, netmasks, and CIDRs

Virtual Ethernet devices

Bridges

Routing

Maximum transmission unit

Pod networking

Kubenet

Requirements

Setting the MTU

Container Networking Interface (CNI)

Container runtime

CNI plugin

Kubernetes networking solutions

Bridging on bare metal clusters

Contiv

Open vSwitch

Nuage networks VCS

Canal

Flannel

Calico project

Romana

Weave net

Using network policies effectively

Understanding the Kubernetes network policy design

Network policies and CNI plugins

Configuring network policies

Implementing network policies

Load balancing options

External load balancer

Configuring an external load balancer

Via configuration file

Via Kubectl

Finding the load balancer IP addresses

Preserving client IP addresses

Specifying original client IP address preservation

Understanding potential in even external load balancing

Service load balancer

Ingress

HAProxy

Utilizing the NodePort

Custom load balancer provider using HAProxy

Running HAProxy Inside the Kubernetes cluster

Keepalived VIP

Træfic

Writing your own CNI plugin

First look at the loopback plugin

Building on the CNI plugin skeleton

Reviewing the bridge plugin

Summary

Running Kubernetes on Multiple Clouds and Cluster Federation

Understanding cluster federation

Important use cases for cluster federation

Capacity overflow

Sensitive workloads

Avoiding vendor lock-in

Geo-distributing high availability

The federation control plane

Federation API server

Federation controller manager

Federated resources

Federated ConfigMap

Creating a federated ConfigMap

Viewing a federated ConfigMap

Updating a federated ConfigMap

Deleting a federated ConfigMap

Federated DaemonSet

Federated Deployment

Federated Events

Federated Horizontal Pod Scaling

Federated ingress

Creating federated ingress

Request routing with federated ingress

Handling failures with federated ingress

Federated job

Federated namespace

Federated ReplicaSet

Federated secrets

The hard parts

Federated unit of work

Location affinity

Strictly-coupled

Loosely-coupled

Preferentially-coupled

Strictly-decoupled

Uniformly-spread

Cross-cluster scheduling

Federated data access

Federated auto-scaling

Managing a Kubernetes cluster federation

Setting up cluster federation from the ground up

Initial setup

Using the official Hyperkube image

Running the federation control plane

Registering Kubernetes clusters with the federation

Updating KubeDNS

Shutting down the federation

Setting up cluster federation with Kubefed

Getting Kubefed

Choosing a host cluster

Deploying a federation control plane

Adding a cluster to a federation

Naming rules and customization

Secret name

Removing a cluster from a federation

Shutting down the federation

Cascading delete of resources

Load balancing across multiple clusters

Failing over across multiple clusters

Federated service discovery

Federated migration

Running federated workloads

Creating a federated service

Adding backend pods

Verifying public DNS records

Discovering a federated service

DNS expansion

Handling failures of backend pods and whole clusters

Troubleshooting

Unable to connect to federation API server

Federated service is created successfully but no service is created in the underlying clusters

Summary

Customizing Kubernetes – API and Plugins

Working with the Kubernetes API

Understanding OpenAPI

Setting up a proxy

Exploring the Kubernetes API directly

Using Postman to explore the Kubernetes API

Filtering the output with httpie and jq

Creating a pod via the Kubernetes API

Accessing the Kubernetes API via the Python client

Dissecting the CoreV1API group

Listing objects

Creating objects

Watching objects

Invoking Kubectl programmatically

Using Python subprocess to run Kubectl

Extending the Kubernetes API

Understanding the structure of a custom resource

Developing custom resource definitions

Integrating custom resources

Finalizing custom resources

Validating custom resources

Understanding API server aggregation

Utilizing the service catalog

Writing Kubernetes plugins

Writing a custom scheduler plugin

Understanding the design of the Kubernetes scheduler

The scheduler

Registering an algorithm provider

Configuring the scheduler

Packaging the scheduler

Deploying the custom scheduler

Running another custom scheduler in the cluster

Assigning pods to the custom scheduler

Verifying that the pods were scheduled using the custom scheduler

Employing access control webhooks

Using an authentication webhook

Using an authorization webhook

Using an admission control webhook

Configuring webhook admission controller on the fly

Providing custom metrics for horizontal pod autoscaling

Extending Kubernetes with custom storage

Taking advantage of FlexVolume

Benefitting from CSI

Summary

Handling the Kubernetes Package Manager

Understanding Helm

The motivation for Helm

The Helm architecture

Helm components

The Tiller server

The Helm client

Using Helm

Installing Helm

Installing the Helm client

Installing the Tiller server

Installing Tiller in-cluster

Installing Tiller locally

Using Alternative Storage Backend

Finding charts

Installing packages

Checking installation status

Customizing a chart

Additional installation options

Upgrading and rolling back a release

Deleting a release

Working with repositories

Managing charts with Helm

Taking advantage of starter packs

Creating your own charts

The Chart.yaml file

Versioning charts

The appVersion field

Deprecating charts

Chart metadata files

Managing chart dependencies

Managing dependencies with requirements.yaml

Using special fields in requirements.yaml

Using templates and values

Writing template files

Using pipelines and functions

Embedding predefined values

Feeding values from a file

Scope, dependencies, and values

Summary

The Future of Kubernetes

The road ahead

Kubernetes releases and milestones

Kubernetes special interest and working groups

Competition

The value of bundling

Docker Swarm

Mesos/Mesosphere

Cloud platforms

AWS

Azure

Alibaba Cloud

The Kubernetes momentum

Community

GitHub

Conferences and meetups

Mindshare

Ecosystem

Public cloud providers

OpenShift

OpenStack

Other players

Education and training

Modularization and out-of-tree plugins

Service meshes and serverless frameworks

Service meshes

Serverless frameworks

Summary

Other Books You May Enjoy

Leave a review - let other readers know what you think