O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Cloud Native DevOps with Kubernetes

Book Description

With Early Release ebooks, you get books in their earliest form—the author's raw and unedited content as he or she writes—so you can take advantage of these technologies long before the official release of these titles. You'll also receive updates when significant changes are made, new chapters are available, and the final ebook bundle is released.

While DevOps, cloud, and containers have reshaped the IT landscape over the past five years, Kubernetes has served as de facto operating system of this cloud native world. But with the myriad possibilities Kubernetes provides, developers and operations personnel continue to seek advice on coherent, workable strategies for using this container-orchestration system in a production environment. That’s where this practical guide comes in.

Through the course of the book, authors John Arundel and Justin Domingus show you how to build and develop an example cloud native application with Kubernetes hands-on. You’ll learn to apply each of the concepts—such as authentication or reliability—one at a time to develop a non-trivial, production-ready cloud native application, complete with a development environment and deployment pipeline that you can use for real workloads.

Table of Contents

  1. About this book
    1. What will I learn?
    2. Who is this book for?
    3. What questions does this book answer?
    4. Acknowledgments
  2. 1. Revolution in the cloud
    1. The creation of the cloud
      1. Buying time
      2. Infrastructure as a service
    2. The dawn of DevOps
      1. Nobody understands DevOps
      2. The business advantage
      3. Infrastructure as code
      4. Learning together
    3. The coming of containers
      1. The state of the art
      2. Thinking inside the box
      3. Putting software in containers
      4. Plug and play applications
    4. Conducting the container orchestra
    5. Kubernetes
      1. From Borg to Kubernetes
      2. What makes Kubernetes so valuable?
      3. Will Kubernetes disappear?
      4. Kubernetes doesn’t do it all
    6. Cloud native
    7. The future of operations
      1. Distributed DevOps
      2. Some things will remain centralized
      3. Developer productivity engineering
      4. You are the future
    8. Summary
  3. 2. First steps with Kubernetes
    1. Running your first container
      1. Installing Docker Desktop
      2. What is Docker?
      3. Running a container image
    2. The demo application
      1. Looking at the source code
      2. Introducing Go
      3. How the demo app works
    3. Building a container
      1. Understanding Dockerfiles
      2. Minimal container images
      3. Running docker image build
      4. Naming your images
      5. Port forwarding
    4. Container registries
      1. Authenticating to the registry
      2. Naming and pushing your image
      3. Running your image
    5. Hello, Kubernetes
      1. Running the demo app
      2. If the container doesn’t start
    6. Minikube
    7. Summary
  4. 3. Getting Kubernetes
    1. Cluster architecture
      1. The control plane
      2. Node components
      3. High availability
    2. The costs of self-hosting Kubernetes
      1. It’s more work than you think
      2. It’s not just about the initial setup
      3. Tools don’t do all the work for you
      4. Kubernetes is hard
      5. Administration overhead
      6. Start with managed services
    3. Managed Kubernetes services
      1. Google Kubernetes Engine (GKE)
      2. Cluster autoscaling
      3. Amazon Elastic Container Service for Kubernetes (EKS)
      4. Azure Kubernetes Service (AKS)
      5. OpenShift
      6. IBM Cloud Kubernetes Service
      7. Heptio Kubernetes Subscription (HKS)
    4. Turnkey Kubernetes solutions
      1. Stackpoint
      2. Containership Kubernetes Engine (CKE)
    5. Kubernetes installers
      1. kops
      2. Kubespray
      3. TK8
      4. Kubernetes The Hard Way
      5. kubeadm
      6. Tarmak
      7. Rancher Kubernetes Engine (RKE)
      8. Puppet Kubernetes module
      9. Kubeformation
    6. Buy or build: our recommendations
      1. Run less software
      2. Use managed Kubernetes if you can
      3. But what about vendor lock-in?
      4. Use standard Kubernetes self-hosting tools if you must
      5. When your choices are limited
      6. Bare-metal and on-prem
    7. Clusterless container services
      1. Amazon Fargate
      2. Azure Container Instances (ACI)
    8. Summary
  5. 4. Working with Kubernetes objects
    1. Deployments
      1. Supervising and scheduling
      2. Restarting containers
      3. Querying Deployments
    2. Pods
    3. ReplicaSets
    4. Maintaining desired state
    5. The Kubernetes scheduler
    6. Resource manifests in YAML format
      1. Resources are data
      2. Deployment manifests
      3. Using kubectl apply
      4. Service resources
      5. Querying the cluster with kubectl
      6. Taking resources to the next level
    7. Helm: a Kubernetes package manager
      1. Installing Helm
      2. Installing a Helm chart
      3. Charts, repositories, and releases
      4. Listing Helm releases
    8. Summary
  6. 5. Managing resources
    1. Understanding resources
      1. Resource units
      2. Resource requests
      3. Resource limits
      4. Keep your containers small
    2. Managing the container lifecycle
      1. Liveness probes
      2. Probe delay and frequency
      3. Other types of probes
      4. gRPC probes
      5. Readiness probes
      6. File-based readiness probes
      7. minReadySeconds
      8. Pod disruption budgets
    3. Using namespaces
      1. Working with namespaces
      2. What namespaces should I use?
      3. Service addresses
      4. Resource quotas
      5. Default resource requests and limits
    4. Optimizing cluster costs
      1. Optimizing Deployments
      2. Optimizing Pods
      3. Vertical Pod Autoscaler
      4. Optimizing nodes
      5. Optimizing storage
      6. Cleaning up unused resources
      7. Checking spare capacity
      8. Using reserved instances
      9. Using preemptible (spot) instances
      10. Keeping your workloads balanced
    5. Summary
  7. 6. Operating clusters
    1. Cluster sizing and scaling
      1. Capacity planning
      2. Nodes and instances
      3. Scaling the cluster
    2. Conformance checking
      1. CNCF certification
      2. Conformance testing with Sonobuoy
    3. Validation and auditing
      1. K8Guard
      2. Copper
      3. kube-bench
      4. Kubernetes audit logging
    4. Chaos testing
      1. Only production is production
      2. chaoskube
      3. kube-monkey
      4. PowerfulSeal
    5. Summary
  8. 7. Kubernetes power tools
    1. Mastering kubectl
      1. Shell aliases
      2. Using short flags
      3. Abbreviating resource types
      4. Auto-completing kubectl commands
      5. Getting help
      6. Getting help on Kubernetes resources
      7. Showing more detailed output
      8. Working with JSON data and jq
      9. Watching objects
      10. Describing objects
    2. Working with resources
      1. Imperative kubectl commands
      2. When not to use imperative commands
      3. Generating resource manifests
      4. Exporting resources
      5. Diffing resources
    3. Working with containers
      1. Viewing a container’s logs
      2. Attaching to a container
      3. Watching Kubernetes resources with kubespy
      4. Forwarding a container port
      5. Executing commands on containers
      6. Running containers for troubleshooting
      7. Using BusyBox commands
      8. Adding BusyBox to your containers
      9. Installing programs on a container
      10. Live debugging with kubesquash
    4. Contexts and namespaces
      1. kubectx and kubens
      2. kube-ps1
    5. Kubernetes shells and tools
      1. kube-shell
      2. Click
      3. kubed-sh
      4. Stern
    6. Building your own Kubernetes tools
    7. Summary
  9. 8. Running containers
    1. Containers and Pods
      1. What is a container?
      2. What belongs in a container?
      3. What belongs in a Pod?
    2. Container manifests
      1. Image identifiers
      2. The latest tag
      3. Container digests
      4. Base image tags
      5. Ports
      6. Resource requests and limits
      7. Image pull policy
      8. Environment variables
    3. Container security
      1. Running containers as a non-root user
      2. Blocking root containers
      3. Setting a read-only filesystem
      4. Disabling privilege escalation
      5. Capabilities
      6. Pod security contexts
      7. Pod Security Policies
      8. Pod service accounts
    4. Volumes
      1. emptyDir volumes
      2. Persistent volumes
    5. Restart policies
    6. Image pull secrets
    7. Summary
  10. 9. Managing Pods
    1. Labels
      1. What are labels?
      2. Selectors
      3. More advanced selectors
      4. Other uses for labels
      5. Labels and annotations
    2. Node affinities
      1. Hard affinities
      2. Soft affinities
    3. Pod affinities and anti-affinities
      1. Keeping Pods together
      2. Keeping Pods apart
      3. Soft anti-affinities
      4. When to use Pod affinities
    4. Taints and tolerations
    5. Pod controllers
      1. DaemonSets
      2. StatefulSets
      3. Jobs
      4. Cronjobs
      5. Horizontal Pod Autoscalers
      6. PodPresets
      7. Operators and Custom Resource Definitions (CRDs)
    6. Ingress resources
      1. Ingress rules
      2. Terminating TLS with Ingress
      3. Ingress controllers
    7. Istio
    8. Envoy
    9. Summary
  11. 10. Configuration and secrets
    1. ConfigMaps
      1. Creating ConfigMaps
      2. Setting environment variables from ConfigMaps
      3. Setting the whole environment from a ConfigMap
      4. Using environment variables in command arguments
      5. Creating config files from ConfigMaps
      6. Updating pods on a config change
    2. Kubernetes Secrets
      1. Using Secrets as environment variables
      2. Writing Secrets to files
      3. Reading Secrets
      4. Access to Secrets
      5. Encryption at rest
      6. Keeping Secrets
    3. Secrets management strategies
      1. Encrypt secrets in version control
      2. Store secrets remotely
      3. Use a dedicated secrets management tool
      4. Recommendations
    4. Encrypting secrets with Sops
      1. Introducing Sops
      2. Encrypting a file with Sops
      3. Using a KMS backend
    5. Summary
  12. 11. Security and backups
    1. Access control and permissions
      1. Managing access by cluster
      2. Introducing Role-Based Access Control (RBAC)
      3. Understanding roles
      4. Binding roles to users
      5. What roles do I need?
      6. Guard access to cluster-admin
      7. Applications and deployment
      8. RBAC troubleshooting
    2. Security scanning
      1. Clair
      2. Aqua
      3. Anchore Engine
    3. Backups
      1. Do I need to back up Kubernetes?
      2. Backing up etcd
      3. Backing up resource state
      4. Backing up cluster state
      5. Large and small disasters
      6. Heptio Ark
    4. Monitoring cluster status
      1. kubectl
      2. CPU and memory utilization
      3. Cloud provider console
      4. Kubernetes Dashboard
      5. Weave Scope
      6. kube-ops-view
      7. node-problem-detector
    5. Further reading
    6. Summary
  13. 12. Deploying Kubernetes applications
    1. Building manifests with Helm
      1. What’s inside a Helm chart?
      2. Helm templates
      3. Interpolating variables
      4. Quoting values in templates
      5. Specifying dependencies
    2. Deploying Helm charts
      1. Setting variables
      2. Specifying values in a Helm release
      3. Updating an app with Helm
      4. Rolling back to previous versions
      5. Creating a Helm chart repo
      6. Managing Helm chart secrets with Sops
    3. Managing multiple charts with Helmfile
      1. What’s in a Helmfile?
      2. Chart metadata
      3. Applying the Helmfile
    4. Advanced manifest management tools
      1. ksonnet
      2. Kapitan
      3. kustomize
      4. kompose
      5. Ansible
      6. kubeval
    5. Summary
  14. 13. Development workflow
    1. Development tools
      1. Skaffold
      2. Draft
      3. Telepresence
      4. Knative
    2. Deployment strategies
      1. Rolling updates
      2. Recreate
      3. maxSurge and maxUnavailable
      4. Blue/green deployments
      5. Rainbow deployments
      6. Canary deployments
    3. Handling migrations with Helm
      1. Helm hooks
      2. Handling failed hooks
      3. Other hooks
      4. Chaining hooks
    4. Summary
  15. 14. Continuous deployment in Kubernetes
    1. What is continuous deployment?
    2. Which CD tool should I use?
      1. Jenkins
      2. Drone
      3. Google Cloud Build
      4. Concourse
      5. Spinnaker
      6. GitLab CI
      7. Codefresh
      8. Azure Pipelines
    3. CD components
      1. Docker Hub
      2. Gitkube
      3. Flux
      4. Keel
    4. A CD pipeline with Cloud Build
      1. Setting up Google Cloud and GKE
      2. Forking the demo repository
      3. Introducing Cloud Build
      4. Building the test container
      5. Running the tests
      6. Building the application container
      7. Validating the Kubernetes manifests
      8. Publishing the image
      9. Git SHA tags
      10. Creating the first build trigger
      11. Testing the trigger
      12. Deploying from a CD Pipeline
      13. Creating a deploy trigger
      14. Optimizing your build pipeline
      15. Adapting the example pipeline
    5. Summary
  16. 15. Observability and monitoring
    1. What is observability?
      1. What is monitoring?
      2. Black-box monitoring
      3. What does up mean?
      4. Logging
      5. Introducing metrics
      6. Tracing
      7. Observability
    2. The observability pipeline
    3. Monitoring in Kubernetes
      1. External black-box checks
      2. Internal health checks
    4. Summary
  17. 16. Metrics in Kubernetes
    1. What are metrics, really?
      1. Time series data
      2. Counters and gauges
      3. What can metrics tell us?
    2. Choosing good metrics
      1. Services: the RED pattern
      2. Resources: the USE pattern
      3. Business metrics
      4. Kubernetes metrics
    3. Analyzing metrics
      1. What’s wrong with a simple average?
      2. Means, medians, and outliers
      3. Discovering percentiles
      4. Applying percentiles to metrics data
      5. We usually want to know the worst
      6. Beyond percentiles
    4. Graphing metrics with dashboards
      1. Use a standard layout for all services
      2. Build an information radiator with master dashboards
      3. Dashboard things that break
    5. Alerting on metrics
      1. What’s wrong with alerts?
      2. On-call should not be hell
      3. Urgent, important, and actionable alerts
      4. Track your alerts, out-of-hours pages, and wake-ups
    6. Metrics tools and services
      1. Prometheus
      2. Google Stackdriver
      3. AWS Cloudwatch
      4. Azure Monitor
      5. Datadog
      6. New Relic
    7. Summary
  18. 17. Afterword
    1. Where to go next
    2. Welcome aboard