Mastering Kubernetes

Book description

Master the art of container management utilizing the power of Kubernetes.

About This Book

  • This practical guide demystifies Kubernetes and ensures that your clusters are always available, scalable, and up to date
  • Discover new features such as autoscaling, rolling updates, resource quotas, and cluster size
  • Master the skills of designing and deploying large clusters on various cloud platforms

Who This Book Is For

The book is for system administrators and developers who have intermediate level of knowledge with Kubernetes and are now waiting to master its advanced features. You should also have basic networking knowledge. This advanced-level book provides a pathway to master Kubernetes.

What You Will Learn

  • Architect a robust Kubernetes cluster for long-time operation
  • Discover the advantages of running Kubernetes on GCE, AWS, Azure, and bare metal
  • See the identity model of Kubernetes and options for cluster federation
  • Monitor and troubleshoot Kubernetes clusters and run a highly available Kubernetes
  • Create and configure custom Kubernetes resources and use third-party resources in your automation workflows
  • Discover the art of running complex stateful applications in your container environment
  • Deliver applications as standard packages

In Detail

Kubernetes is an open source system to automate the deployment, scaling, and management of containerized applications. If you are running more than just a few containers or want automated management of your containers, you need Kubernetes.

This book mainly focuses on the advanced management of Kubernetes clusters. It covers problems that arise when you start using container orchestration in production. We start by giving you an overview of the guiding principles in Kubernetes design and show you the best practises in the fields of security, high availability, and cluster federation.

You will discover how to run complex stateful microservices on Kubernetes including advanced features as horizontal pod autoscaling, rolling updates, resource quotas, and persistent storage back ends. Using real-world use cases, we explain the options for network configuration and provides guidelines on how to set up, operate, and troubleshoot various Kubernetes networking plugins. Finally, we cover custom resource development and utilization in automation and maintenance workflows.

By the end of this book, you'll know everything you need to know to go from intermediate to advanced level.

Style and approach

Delving into the design of the Kubernetes platform, the reader will be exposed to the advanced features and best practices of Kubernetes. This book will be an advanced level book which will provide a pathway to master Kubernetes

Table of contents

  1. Mastering Kubernetes
    1. Table of Contents
    2. Mastering Kubernetes
    3. Credits
    4. About the Author
    5. About the Reviewer
    6. www.PacktPub.com
      1. eBooks, discount offers, and more
        1. Why subscribe?
    7. Customer Feedback
    8. Preface
      1. What this book covers
      2. What you need for this book
      3. Who this book is for
      4. Conventions
      5. Reader feedback
      6. Customer support
        1. Downloading the color images of this book
        2. Errata
        3. Piracy
        4. Questions
    9. 1. Understanding Kubernetes Architecture
      1. Understanding container orchestration
        1. Physical machines, virtual machines, and containers
        2. Containers in the cloud
        3. Cattle versus pets
      2. Kubernetes concepts
        1. Cluster
        2. Node
        3. Master
        4. Pod
        5. Label
        6. Annotation
        7. Label selector
        8. Replication controller and replica set
        9. Service
        10. Volume
        11. StatefulSet
        12. Secret
        13. Name
        14. Namespace
      3. Diving into Kubernetes architecture in depth
        1. Distributed systems design patterns
          1. Sidecar pattern
          2. Ambassador pattern
          3. Adapter pattern
          4. Multi-node patterns
      4. The Kubernetes APIs
        1. Kubernetes API
        2. Autoscaling API
          1. Batch API
      5. Kubernetes components
        1. Master components
          1. API server
          2. Etcd
          3. Controller manager
          4. Scheduler
          5. DNS
        2. Node components
          1. Proxy
          2. Kubelet
      6. Kubernetes runtimes
        1. The runtime interface
        2. Docker
        3. Rkt
          1. App container
          2. Rktnetes
          3. Is rkt ready for production usage?
        4. Hyper containers
          1. Hypernetes
      7. Continuous integration and deployment
        1. What is a CI/CD pipeline?
        2. Designing a CI/CD pipeline for Kubernetes
      8. Summary
    10. 2. Creating Kubernetes Clusters
      1. Quick single-node cluster with Minikube
        1. Getting ready
        2. Creating the cluster
        3. Troubleshooting
        4. Checking out the cluster
        5. Doing work
        6. Examining the cluster with the dashboard
      2. Creating a multi-node cluster using kubeadm
        1. Getting ready
        2. Preparing a cluster of vagrant VMs
        3. Installing the required software
          1. The hosts file
          2. The vars.yml file
          3. The playbook.yml file
        4. Creating the cluster
          1. Initializing the master
        5. Setting up the pod network
        6. Adding the worker nodes
      3. Creating clusters in the cloud (GCP, AWS, Azure)
        1. The cloud-provider interface
        2. GCP
        3. AWS
        4. Azure
      4. Creating a bare-metal cluster from scratch
        1. Use cases for bare-metal
        2. When should you consider creating a bare-metal cluster?
      5. The process
      6. Using virtual private cloud infrastructure
      7. Summary
    11. 3. Monitoring, Logging, and Troubleshooting
      1. Monitoring Kubernetes with Heapster
        1. cAdvisor
      2. InfluxDB backend
        1. The storage schema
          1. CPU
          2. Filesystem
          3. Memory
          4. Network
          5. Uptime
        2. Grafana visualization
      3. Performance analysis with the dashboard
        1. Top-level view
          1. Admin view
          2. Workloads
          3. Services and discovery
        2. Adding central logging
          1. Planning central logging
          2. Fluentd
          3. Elasticsearch
          4. Kibana
      4. Detecting node problems
        1. Node problem detector
        2. DaemonSet
        3. Problem Daemons
      5. Troubleshooting scenarios
      6. Designing robust systems
        1. Hardware failure
        2. Quotas, shares, and limits
        3. Bad configuration
        4. Cost versus performance
          1. Managing cost on the cloud
          2. Managing cost on bare metal
          3. Managing cost on hybrid clusters
      7. Summary
    12. 4. High Availability and Reliability
      1. High-availability concepts
        1. Redundancy
        2. Hot swapping
        3. Leader election
        4. Smart load balancing
        5. Idempotency
        6. Self-healing
      2. High-availability best practices
        1. Creating highly available clusters
        2. Making your nodes reliable
        3. Protecting your cluster state
          1. Clustering etcd
            1. Static discovery
            2. Etcd discovery
            3. DNS discovery
          2. The etcd.yaml file
          3. Verifying the etcd cluster
          4. etcd 2 versus etcd 3
        4. Protecting your data
        5. Running redundant API servers
        6. Running leader election with Kubernetes
          1. Leader election for your application
        7. Making your staging environment highly available
        8. Testing high-availability
      3. Live cluster upgrades
        1. Rolling upgrades
          1. Complex deployments
        2. Blue-green upgrades
        3. Managing data-contract changes
        4. Migrating data
        5. Deprecating APIs
      4. Large-cluster performance, cost, and design trade-offs
        1. Availability requirements
        2. Best effort
        3. Maintenance windows
        4. Quick recovery
        5. Zero-downtime
        6. Performance and data consistency
      5. Summary
    13. 5. Configuring Kubernetes Security, Limits, and Accounts
      1. Understanding Kubernetes security challenges
        1. Node challenges
        2. Network challenges
        3. Image challenges
        4. Configuration and deployment challenges
        5. Pod and container challenges
        6. Organisational, cultural, and process challenges
      2. Hardening Kubernetes
        1. Understanding service accounts in Kubernetes
          1. How does Kubernetes manage service accounts?
        2. Accessing the API server
          1. Authenticating users
          2. Authorizing requests
          3. Using admission control plugins
        3. Securing pods
          1. Using a private image repository
          2. ImagePullSecrets
          3. Specifying a security context
          4. Protecting your cluster with AppArmor
            1. Requirements
            2. Securing a pod with AppArmor
            3. Writing AppArmor profiles
          5. Pod security policies
        4. Managing network policies
          1. Choosing a supported networking solution
          2. Defining a network policy
        5. Using secrets
          1. Storing secrets in Kubernetes
          2. Creating secrets
          3. Decoding secrets
          4. Using secrets in a container
      3. Running a multi-user cluster
        1. The case for a multi-user cluster
        2. Using namespaces for safe multi-tenancy
        3. Avoiding namespace pitfalls
      4. Summary
    14. 6. Using Critical Kubernetes Resources
      1. Designing the Hue platform
        1. Defining the scope of Hue
          1. Hue components
            1. User profile
            2. User graph
            3. Identity
            4. Authorizer
            5. External service
            6. Generic sensor
            7. Generic actuator
            8. User learner
          2. Hue microservices
            1. Plugins
            2. Data stores
            3. Stateless microservices
            4. Queue-based interactions
        2. Planning workflows
          1. Automatic workflows
          2. Human workflows
          3. Budget-aware workflows
      2. Using Kubernetes to build the Hue platform
        1. Using Kubectl effectively
        2. Understanding Kubectl resource configuration files
          1. ApiVersion
          2. Kind
          3. Metadata
          4. Spec
            1. Container spec
        3. Deploying long-running microservices in pods
          1. Creating pods
          2. Decorating pods with labels
          3. Deploying long- running processes with deployments
          4. Updating a deployment
      3. Separating internal and external services
        1. Deploying an internal service
        2. Creating the Hue-reminders service
        3. Exposing a service externally
          1. Ingress
      4. Using namespace to limit access
      5. Launching jobs
        1. Running jobs in parallel
        2. Cleaning up completed jobs
        3. Scheduling cron jobs
      6. Kubectl get pods
      7. Mixing non-cluster components
        1. Outside-the-cluster-network components
        2. Inside-the-cluster-network components
        3. Managing the Hue platform with Kubernetes
          1. Using liveness probes to ensure your containers are alive
        4. Using readiness probes to manage dependencies
      8. Employing init containers for orderly pod bring-up
        1. Sharing with DaemonSet pods
      9. Evolving the Hue platform with Kubernetes
        1. Utilizing Hue in the enterprise
        2. Advancing science with Hue
        3. Educating the kids of the future with hue
      10. Summary
    15. 7. Handling Kubernetes Storage
      1. Persistent volumes walkthrough
        1. Volumes
          1. Using emptyDir for intra-pod communication
          2. Using HostPath for intra-node communication
          3. Provisioning persistent volumes
            1. Provisioning persistent volumes statically
            2. Provisioning persistent volumes dynamically
        2. Creating persistent volumes
          1. Capacity
          2. Access modes
          3. Reclaim policy
          4. Volume type
        3. Making persistent volume claims
        4. Mounting claims as volumes
        5. Storage classes
          1. Default storage class
        6. Demonstrating persistent volume storage end to end
      2. Public storage volume types - GCE, AWS, and Azure
        1. AWS Elastic Block Store (EBS)
        2. AWS Elastic File System (EFS)
        3. GCE persistent disk
        4. Azure data disk
        5. Azure file storage
      3. GlusterFS and Ceph volumes in Kubernetes
        1. Using GlusterFS
          1. Creating endpoints
          2. Adding a GlusterFS Kubernetes service
          3. Creating pods
        2. Using Ceph
          1. Connecting to Ceph using RBD
          2. Connecting to Ceph using CephFS
      4. Flocker as a clustered container data volume manager
      5. Integrating enterprise storage into Kubernetes
        1. Torus – the new kid on the block
      6. Summary
    16. 8. Running Stateful Applications with Kubernetes
      1. Stateful versus stateless applications in Kubernetes
        1. Understanding the nature of distributed data-intensive apps
        2. Why manage states in Kubernetes?
        3. Why manage states outside of Kubernetes?
      2. Shared environment variables versus DNS records for discovery
        1. Accessing external data stores via DNS
        2. Accessing external data stores via environment variables
          1. Creating a ConfigMap
          2. Consuming a ConfigMap as an environment variable
        3. Using a redundant in-memory state
        4. Using DaemonSet for redundant persistent storage
        5. Applying persistent volume claims
        6. Utilizing StatefulSet
          1. When to use StatefulSet
          2. The components of StatefulSet
      3. Running a Cassandra cluster in Kubernetes
        1. Quick introduction to Cassandra
        2. The Cassandra Docker image
          1. Exploring the run.sh script
        3. Hooking up Kubernetes and Cassandra
          1. Digging into the Cassandra configuration
          2. The custom seed provider
        4. Creating a Cassandra headless service
        5. Using statefulSet to create the Cassandra cluster
          1. Dissecting the stateful set configuration file
        6. Using a replication controller to distribute Cassandra
          1. Dissecting the replication controller configuration file
          2. Assigning pods to nodes
        7. Using DaemonSet to distribute Cassandra
      4. Summary
    17. 9. Rolling Updates, Scalability, and Quotas
      1. Horizontal pod autoscaling
        1. Declaring horizontal pod autoscaler
        2. Custom metrics
        3. Autoscaling with Kubectl
      2. Performing rolling updates with autoscaling
      3. Handling scarce resources with limits and quotas
        1. Enabling resource quotas
        2. Resource quota types
          1. Compute resource quota
          2. Storage resource quota
          3. Object count quota
        3. Quota scopes
        4. Requests and limits
        5. Working with quotas
          1. Using namespace-specific context
          2. Creating quotas
          3. Using limit ranges for default compute quotas
      4. Choosing and managing the cluster capacity
        1. Choosing your node types
        2. Choosing your storage solutions
        3. Trading off cost and response time
        4. Using effectively multiple node configurations
        5. Benefiting from elastic cloud resources
          1. Autoscaling instances
          2. Mind your cloud quotas
          3. Manage regions carefully
        6. Considering Hyper.sh
      5. Pushing the envelope with Kubernetes
        1. Improving the performance and scalability of Kubernetes
          1. Caching reads in the API server
          2. The pod lifecycle event generator
          3. Serializing API objects with protocol buffers
        2. Measuring the performance and scalability of Kubernetes
          1. The Kubernetes SLOs
          2. Measuring API responsiveness
          3. Measuring end to end pod startup time
        3. Testing Kubernetes at scale
          1. Introducing the Kubemark tool
          2. Setting up a Kubemark cluster
          3. Comparing a Kubemark cluster to a real-world cluster
      6. Summary
    18. 10. Advanced Kubernetes Networking
      1. Understanding the Kubernetes networking model
        1. Intra-pod communication (container to container)
        2. Inter-pod communication (pod to pod)
        3. Pod to service communication
        4. External access
        5. Kubernetes networking versus Docker networking
        6. Lookup and discovery
          1. Self-registration
          2. Services and endpoints
          3. Loosely coupled connectivity with queues
          4. Loosely coupled connectivity with data stores
          5. Kubernetes ingress
        7. Kubernetes network plugins
          1. Basic Linux networking
          2. IP addresses and ports
          3. Network namespaces
          4. Virtual Ethernet devices
          5. Bridges
          6. Routing
          7. Maximum transmission unit
          8. Pod networking
          9. Kubenet
            1. Requirements
            2. Setting the MTU
          10. Container networking interface
            1. Container runtime
            2. CNI plugin
      2. Kubernetes networking solutions
        1. Bridging on bare metal clusters
        2. Contiv
        3. Open vSwitch
        4. Nuage networks VCS
        5. Canal
        6. Flannel
        7. Calico project
        8. Romana
        9. Weave net
      3. Using network policies effectively
          1. Understanding the Kubernetes network policy design
          2. Network policies and CNI plugins
          3. Configuring network policies
          4. Implementing network policies
      4. Load balancing options
        1. External load balancer
          1. Configuring an external load balancer
            1. Via configuration file
            2. Via Kubectl
          2. Finding the load balancer IP addresses
          3. Identifying client IP addresses
            1. Annotating the load balancer for client IP address preservation
          4. Understanding potential in even external load balancing
        2. Service load balancer
        3. Ingress
          1. HAProxy
          2. Utilizing the NodePort
          3. Custom load balancer provider using HAProxy
          4. Running HAProxy Inside the Kubernetes cluster
          5. Keepalived VIP
      5. Writing your own CNI plugin
        1. First look at the loopback plugin
          1. Building on the CNI plugin skeleton
          2. Reviewing the bridge plugin
      6. Summary
    19. 11. Running Kubernetes on Multiple Clouds and Cluster Federation
      1. Understanding cluster federation
        1. Important use cases for cluster federation
          1. Capacity overflow
          2. Sensitive workloads
          3. Avoiding vendor lock-in
          4. Geo-distributing high availability
        2. The federation control plane
          1. Federation API server
          2. Federation controller manager
        3. Federated resources
          1. Federated ConfigMap
            1. Creating a federated ConfigMap
            2. Viewing a federated ConfigMap
            3. Updating a federated ConfigMap
            4. Deleting a federated ConfigMap
          2. Federated DaemonSet
          3. Federated deployment
          4. Federated events
          5. Federated ingress
            1. Creating a federated ingress
            2. Request routing with a federated ingress
            3. Handling failures with federated ingress
          6. Federated namespace
          7. Federated ReplicaSet
          8. Federated secrets
        4. The hard parts
          1. Federated unit of work
          2. Location affinity
            1. Strictly-coupled
            2. Loosely-coupled
            3. Preferentially-coupled
            4. Strictly-decoupled
            5. Uniformly-spread
          3. Cross-cluster scheduling
          4. Federated data access
          5. Federated auto-scaling
      2. Managing a Kubernetes cluster federation
      3. Setting up cluster federation from the ground up
        1. Initial setup
        2. Using the official hyperkube image
        3. Running the federation control plane
        4. Registering Kubernetes clusters with federation
        5. Updating KubeDNS
        6. Shutting down the federation
        7. Setting up cluster federation with Kubefed
          1. Getting Kubefed
          2. Choosing a host cluster
          3. Deploying a federation control plane
          4. Adding a cluster to a federation
            1. Naming rules and customization
            2. Secret name
            3. Removing a cluster from a federation
            4. Shutting down the federation
          5. Cascading delete of resources
          6. Load balancing across multiple clusters
          7. Failing over across multiple clusters
          8. Federated service discovery
          9. Federated migration
      4. Running federated workloads
        1. Creating a federated service
        2. Adding backend pods
        3. Verifying public DNS records
        4. Discovering a federated service
          1. DNS expansion
        5. Handling failures of backend pods and whole clusters
        6. Troubleshooting
          1. Unable to connect to federation API server
      5. Summary
    20. 12. Customizing Kubernetes - API and Plugins
      1. Working with the Kubernetes API
        1. Understanding OpenAPI
        2. Setting up a proxy
        3. Exploring the Kubernetes API directly
          1. Using Postman to explore the Kubernetes API
          2. Filtering the output with httpie and jq
        4. Creating a pod via the Kubernetes API
        5. Accessing the Kubernetes API via the Python client
          1. Dissecting the CoreV1API group
          2. Listing objects
          3. Creating objects
          4. Watching objects
          5. Invoking Kubectl programmatically
          6. Using Python subprocess to run Kubectl
      2. Extending the Kubernetes API
        1. Understanding the structure of a third-party-resource
        2. Developing third-party-resources
        3. Integrating third party resources
      3. Writing Kubernetes plugins
        1. Writing a custom scheduler plugin
          1. Understanding the design of the Kubernetes scheduler
            1. The scheduler
            2. Registering an algorithm provider
            3. Configuring the scheduler
          2. Packaging the scheduler
          3. Deploying the custom scheduler
          4. Running another custom scheduler in the cluster
          5. Assigning pods to the custom scheduler
          6. Verifying that the pods were scheduled using custom scheduler
      4. Writing an authorization plugin
        1. Writing an admission control plugin
          1. Implementing an admission control plugin
          2. Registering an admission control plugin
          3. Linking your custom admission control plugin
        2. Writing a custom metrics plugin
          1. Configuring the pod for custom metrics
          2. Specifying a target metric value
        3. Writing a volume plugin
          1. Implementing a volume plugin
          2. Registering a volume plugin
          3. Linking a volume plugin
      5. Summary
    21. 13. Handling the Kubernetes Package Manager
      1. Understanding Helm
        1. The motivation for Helm
        2. The Helm architecture
        3. Helm components
          1. The Tiller server
          2. The Helm client
        4. Helm versus. Helm-classic
      2. Using Helm
        1. Installing Helm
          1. Installing the Helm client
          2. Installing the Tiller server
            1. Installing Tiller in-cluster
            2. Installing Tiller locally
        2. Finding charts
        3. Installing packages
          1. Checking installation status
          2. Customizing a chart
          3. Additional installation options
          4. Upgrading and rolling back a release
          5. Deleting a release
        4. Working with repositories
        5. Managing charts with Helm
          1. Taking advantage of starter packs
      3. Creating your own charts
        1. The Chart.yaml file
          1. Versioning charts
          2. The appVersion field
          3. Deprecating charts
        2. Chart metadata files
        3. Managing chart dependencies
          1. Managing dependencies with requirements.yaml
          2. Utilizing special fields in requirements.yaml
        4. Using templates and values
          1. Writing template files
            1. Using pipelines and functions
          2. Embedding predefined values
          3. Feeding values from a file
          4. Scope, dependencies, and values
      4. Summary
    22. 14. The Future of Kubernetes
      1. The road ahead
        1. Kubernetes releases and milestones
        2. Kubernetes special interest and working groups
      2. Competition
        1. The value of bundling
        2. Docker Swarm
        3. Mesos/Mesosphere
        4. Cloud platforms
        5. AWS
        6. Azure
        7. Alibaba Cloud
      3. The Kubernetes momentum
        1. Community
        2. GitHub
        3. Conferences and meetups
        4. Mindshare
        5. Ecosystem
        6. Public Cloud providers
          1. OpenShift
          2. OpenStack
          3. Other players
      4. Education and training
      5. Dynamic plugins
      6. Summary
    23. Index

Product information

  • Title: Mastering Kubernetes
  • Author(s): Gigi Sayfan
  • Release date: May 2017
  • Publisher(s): Packt Publishing
  • ISBN: 9781786461001