Getting Started with Containerization电子书

Title Page

Copyright

Getting Started with Containerization

About Packt

Why subscribe?

Packt.com

Contributors

About the authors

Packt is searching for authors like you

Preface

Who this book is for

What this book covers

To get the most out of this book

Download the example code files

Conventions used

Get in touch

Reviews

What Are Containers and Why Should I Use Them?

Technical requirements

What are containers?

Why are containers important?

What's the benefit for me or for my company?

The Moby project

Docker products

Docker CE

Docker EE

The container ecosystem

Container architecture

Summary

Questions

Further reading

Setting up a Working Environment

Technical requirements

The Linux command shell

PowerShell for Windows

Using a package manager

Installing Homebrew on a Mac

Installing Chocolatey on Windows

Choosing a code editor

Docker Toolbox

Docker for Mac and Docker for Windows

Installing Docker for Mac

Installing Docker for Windows

Using docker-machine on Windows with Hyper-V

Minikube

Installing Minikube on Mac and Windows

Testing Minikube and kubectl

Summary

Questions

Further reading

Working with Containers

Technical requirements

Running the first container

Starting, stopping, and removing containers

Running a random quotes container

Listing containers

Stopping and starting containers

Removing containers

Inspecting containers

Exec into a running container

Attaching to a running container

Retrieving container logs

Logging drivers

Using a container-specific logging driver

Advanced topic – changing the default logging driver

Anatomy of containers

Architecture

Namespaces

Control groups (cgroups)

Union filesystem (UnionFS)

Container plumbing

Runc

Containerd

Summary

Questions

Further reading

Creating and Managing Container Images

What are images?

The layered filesystem

The writable container layer

Copy-on-write

Graph drivers

Creating images

Interactive image creation

Using Dockerfiles

The FROM keyword

The RUN keyword

The COPY and ADD keywords

The WORKDIR keyword

The CMD and ENTRYPOINT keywords

A complex Dockerfile

Building an image

Multistep builds

Dockerfile best practices

Saving and loading images

Sharing or shipping images

Tagging an image

Image namespaces

Official images

Pushing images to a registry

Summary

Questions

Further reading

Data Volumes and System Management

Technical requirements

Creating and mounting data volumes

Modifying the container layer

Creating volumes

Mounting a volume

Removing volumes

Sharing data between containers

Using host volumes

Defining volumes in images

Obtaining Docker system information

Listing resource consumption

Pruning unused resources

Pruning containers

Pruning images

Pruning volumes

Pruning networks

Pruning everything

Consuming Docker system events

Summary

Questions

Further reading

Distributed Application Architecture

What is a distributed application architecture?

Defining the terminology

Patterns and best practices

Loosely coupled components

Stateful versus stateless

Service discovery

Routing

Load balancing

Defensive programming

Retries

Logging

Error handling

Redundancy

Health checks

Circuit breaker pattern

Running in production

Logging

Tracing

Monitoring

Application updates

Rolling updates

Blue-green deployments

Canary releases

Irreversible data changes

Rollback

Summary

Questions

Further reading

Single-Host Networking

Technical requirements

The container network model

Network firewalling

The bridge network

The host network

The null network

Running in an existing network namespace

Port management

Summary

Questions

Further reading

Docker Compose

Demystifying declarative versus imperative

Running a multi-service app

Scaling a service

Building and pushing an application

Summary

Questions

Further reading

Orchestrators

What are orchestrators and why do we need them?

The tasks of an orchestrator

Reconciling the desired state

Replicated and global services

Service discovery

Routing

Load balancing

Scaling

Self-healing

Zero downtime deployments

Affinity and location awareness

Security

Secure communication and cryptographic node identity

Secure networks and network policies

Role-based access control (RBAC)

Secrets

Content trust

Reverse uptime

Introspection

Overview of popular orchestrators

Kubernetes

Docker Swarm

Apache Mesos and Marathon

Amazon ECS

Microsoft ACS

Summary

Questions

Further reading

Introduction to Docker Swarm

Architecture

Swarm nodes

Swarm managers

Swarm workers

Stacks, services, and tasks

Services

Task

Stack

Multi-host networking

Creating a Docker Swarm

Creating a local single node swarm

Creating a local swarm in VirtualBox or Hyper-V

Using Play with Docker (PWD) to generate a Swarm

Creating a Docker Swarm in the cloud

Deploying a first application

Creating a service

Inspecting the service and its tasks

Logs of a service

Reconciling the desired state

Deleting a service or a stack

Deploying a multi-service stack

The swarm routing mesh

Summary

Questions

Further reading

Zero Downtime Deployments and Secrets

Zero downtime deployment

Popular deployment strategies

Rolling updates

Health checks

Rollback

Blue–green deployments

Canary releases

Secrets

Creating secrets

Using a secret

Simulating secrets in a development environment

Secrets and legacy applications

Updating secrets

Summary

Questions

Further reading

Building Your Own Kubernetes Cluster

Introduction

Exploring the Kubernetes architecture

Getting ready

How to do it...

Kubernetes master

API server (kube-apiserver)

Scheduler (kube-scheduler)

Controller manager (kube-controller-manager)

Command-line interface (kubectl)

Kubernetes node

kubelet

Proxy (kube-proxy)

How it works...

etcd

Kubernetes network

See also

Setting up the Kubernetes cluster on macOS by minikube

Getting ready

How to do it...

How it works...

See also

Setting up the Kubernetes cluster on Windows by minikube

Getting ready

How to do it...

How it works...

See also

Setting up the Kubernetes cluster on Linux via kubeadm

Getting ready

How to do it...

Package installation

Ubuntu

CentOS

System configuration prerequisites

CentOS system settings

Booting up the service

Network configurations for containers

Getting a node involved

How it works...

See also

Setting up the Kubernetes cluster on Linux via Ansible (kubespray)

Getting ready

Installing pip

Installing Ansible

Installing python-netaddr

Setting up ssh public key authentication

How to do it...

Maintaining the Ansible inventory

Running the Ansible ad hoc command to test your environment

Ansible troubleshooting

Need to specify a sudo password

Need to specify different ssh logon user

Need to change ssh port

Common ansible issue

How it works...

See also

Running your first container in Kubernetes

Getting ready

How to do it...

Running a HTTP server (nginx)

Exposing the port for external access

Stopping the application

How it works…

See also

Walking through Kubernetes Concepts

Introduction

An overview of Kubernetes

Linking Pods and containers

Getting ready

How to do it...

How it works...

See also

Managing Pods with ReplicaSets

Getting ready

How to do it...

Creating a ReplicaSet

Getting the details of a ReplicaSet

Changing the configuration of a ReplicaSet

Deleting a ReplicaSet

How it works...

There's more...

See also

Deployment API

Getting ready

How to do it...

How it works...

Using kubectl set to update the container image

Updating the YAML and using kubectl apply

See also

Working with Services

Getting ready

How to do it...

Creating a Service for different resources

Creating a Service for a Pod

Creating a Service for a Deployment with an external IP

Creating a Service for an Endpoint without a selector

Creating a Service for another Service with session affinity

Deleting a Service

How it works...

There's more...

See also

Working with volumes

Getting ready

How to do it...

emptyDir

hostPath

NFS

glusterfs

downwardAPI

gitRepo

There's more...

PersistentVolumes

Using storage classes

gcePersistentDisk

awsElasticBlockStore

See also

Working with Secrets

Getting ready

How to do it...

Creating a Secret

Working with kubectl create command line

From a file

From a directory

From a literal value

Via configuration file

Using Secrets in Pods

By environment variables

By volumes

Deleting a Secret

How it works...

There's more...

Using ConfigMaps

Mounting Secrets and ConfigMap in the same volume

Working with names

Getting ready

How to do it...

How it works...

See also

Working with Namespaces

Getting ready

How to do it...

Creating a Namespace

Changing the default Namespace

Deleting a Namespace

How it works…

There's more...

Creating a LimitRange

Deleting a LimitRange

See also

Working with labels and selectors

Getting ready

How to do it...

How it works...

Equality-based label selector

Set-based label selector

There's more...

Linking Service to Pods or ReplicaSets using label selectors

Linking Deployment to ReplicaSet using the set-based selector

See also

Playing with Containers

Introduction

Scaling your containers

Getting ready

How to do it...

Scale up and down manually with the kubectl scale command

Horizontal Pod Autoscaler (HPA)

How it works...

There is more…

See also

Updating live containers

Getting ready

How to do it...

Deployment update strategy – rolling-update

Rollback the update

Deployment update strategy – recreate

How it works...

There's more...

See also

Forwarding container ports

Getting ready

How to do it...

Container-to-container communication

Pod-to-Pod communication

Working with NetworkPolicy

Pod-to-Service communication

External-to-internal communication

Working with Ingress

There's more...

See also

Ensuring flexible usage of your containers

Getting ready

How to do it...

Pod as DaemonSets

Running a stateful Pod

How it works...

Pod recovery by DaemonSets

Pod recovery by StatefulSet

There's more...

See also

Submitting Jobs on Kubernetes

Getting ready

How to do it...

Pod as a single Job

Create a repeatable Job

Create a parallel Job

Schedule to run Job using CronJob

How it works...

See also

Working with configuration files

Getting ready

YAML

JSON

How to do it...

How it works...

Pod

Deployment

Service

See also

Building High-Availability Clusters

Introduction

Clustering etcd

Getting ready

How to do it...

Static mechanism

Discovery mechanism

kubeadm

kubespray

Kops

Building multiple masters

Getting ready

How to do it...

Setting up the first master

Setting up the other master with existing certifications

Adding nodes in a HA cluster

How it works...

See also

Building Continuous Delivery Pipelines

Introduction

Moving monolithic to microservices

Getting ready

How to do it...

Microservices

Frontend WebUI

How it works...

Microservices

Frontend WebUI

Working with the private Docker registry

Getting ready

Using Kubernetes to run a Docker registry server

Using Amazon elastic container registry

Using Google cloud registry

How to do it...

Launching a private registry server using Kubernetes

Creating a self-signed SSL certificate

Creating HTTP secret

Creating the HTTP basic authentication file

Creating a Kubernetes secret to store security files

Configuring a private registry to load a Kubernetes secret

Create a repository on the AWS elastic container registry

Determining your repository URL on Google container registry

How it works...

Push and pull an image from your private registry

Push and pull an image from Amazon ECR

Push and pull an image from Google cloud registry

Using gcloud to wrap the Docker command

Using the GCP service account to grant a long-lived credential

Integrating with Jenkins

Getting ready

How to do it...

Setting up a custom Jenkins image

Setting up Kubernetes service account and ClusterRole

Launching the Jenkins server via Kubernetes deployment

How it works...

Using Jenkins to build a Docker image

Deploying the latest container image to Kubernetes

Building Kubernetes on AWS

Introduction

Playing with Amazon Web Services

Getting ready

Creating an IAM user

Installing AWS CLI on macOS

Installing AWS CLI on Windows

How to do it...

How it works...

Creating VPC and Subnets

Internet gateway

NAT-GW

Security group

EC2

Setting up Kubernetes with kops

Getting ready

How to do it...

How it works...

Working with kops-built AWS cluster

Deleting kops-built AWS cluster

See also

Using AWS as Kubernetes Cloud Provider

Getting ready

How to do it...

Elastic load balancer as LoadBalancer service

Elastic Block Store as StorageClass

There's more...

Managing Kubernetes cluster on AWS by kops

Getting ready

How to do it...

Modifying and resizing instance groups

Updating nodes

Updating masters

Upgrading a cluster

There's more...

See also

Advanced Cluster Administration

Introduction

Advanced settings in kubeconfig

Getting ready

How to do it...

Setting new credentials

Setting new clusters

Setting contexts and changing current-context

Cleaning up kubeconfig

There's more...

See also

Setting resources in nodes

Getting ready

How to do it...

Configuring a BestEffort pod

Configuring a Guaranteed pod

Configuring a Burstable pod

How it works...

See also

Playing with WebUI

Getting ready

How to do it...

Relying on the dashboard created by minikube

Creating a dashboard manually on a system using other booting tools

How it works...

Browsing your resource by dashboard

Deploying resources by dashboard

Removing resources by dashboard

See also

Working with the RESTful API

Getting ready

How to do it...

How it works...

There's more...

See also

Working with Kubernetes DNS

Getting ready

How to do it...

DNS for pod

DNS for Kubernetes Service

DNS for StatefulSet

How it works...

Headless service when pods scale out

See also

Authentication and authorization

Getting ready

How to do it...

Authentication

Service account token authentication

X509 client certs

OpenID connect tokens

Authorization

Role and RoleBinding

ClusterRole and ClusterRoleBinding

Role-based access control (RBAC)

Admission control

NamespaceLifecycle

LimitRanger

ServiceAccount

PersistentVolumeLabel (deprecated from v1.8)

DefaultStorageClass

DefaultTolerationSeconds

ResourceQuota

DenyEscalatingExec

AlwaysPullImages

There's more…

Initializers (alpha)

Webhook admission controllers (beta in v1.9)

See also

Other Books You May Enjoy

Leave a review - let other readers know what you think