Table of Contents
Preface xiii
Acknowledgments xiv
About this book xv
About the author xix
Part 1 Fast Track to Kubernetes 1
1 Before you begin 3
1.1 Understanding Kubernetes 4
1.2 Is this book for you? 8
1.3 Creating your lab environment 8
Download the book's source code 9
Install Docker Desktop 9
Install Docker Community Edition and K3s 10
Install the Kubernetes command-line tool 11
Run a single-node Kubernetes cluster in Azure 12
Run a single-node Kubernetes cluster in AWS 12
Verify your cluster 13
1.4 Being immediately effective 13
2 Running containers in Kubernetes with Pods and Deployments 15
2.1 How Kubernetes runs and manages containers 15
2.2 Running Pods with controllers 21
2.3 Defining Deployments in application manifests 28
2.4 Working with applications in Pods 32
2.5 Understanding Kubernetes resource management 36
2.6 Lab 39
3 Connecting Pods over the network with Services 40
3.1 How Kubernetes routes network traffic 40
3.2 Routing traffic between Pods 45
3.3 Routing external traffic to Pods 49
3.4 Routing traffic outside Kubernetes 53
3.5 Understanding Kubernetes Service resolution 59
3.6 Lab 63
4 Configuring applications with ConfigMaps and Secrets 65
4.1 How Kubernetes supplies configuration to apps 65
4.2 Storing and using configuration files in ConfigMaps 69
4.3 Surfacing configuration data from ConfigMaps 75
4.4 Configuring sensitive data with Secrets 82
4.5 Managing app configuration in Kubernetes 89
4.6 Lab 91
5 Storing data with volumes, mounts, and claims 92
5.1 How Kubernetes builds the container filesystem 92
5.2 Storing data on a node with volumes and mounts 97
5.3 Storing clusterwide data with persistent volumes and claims 105
5.4 Dynamic volume provisioning and storage classes 115
5.5 Understanding storage choices in Kubernetes 120
5.6 Lab 120
6 Scaling applications across multiple Pods with controllers 122
6.1 How Kubernetes runs apps at scale 122
6.2 Scaling for load with Deployments and ReplicaSets 128
6.3 Scaling for high availability with DaemonSets 137
6.4 Understanding object ownership in Kubernetes 143
6.5 Lab 146
Part 2 Kubernetes in the Real World 147
7 Extending applications with multicontainer Pods 149
7.1 How containers communicate in a Pod 149
7.2 Setting up applications with init containers 156
7.3 Applying consistency with adapter containers 162
7.4 Abstracting connections with ambassador containers 167
7.5 Understanding the Pod environment 171
7.6 Lab 175
8 Running data-heavy apps with StatefulSets and Jobs 176
8.1 How Kubernetes models stability with StatefulSets 176
8.2 Bootstrapping Pods with init containers in StatefulSets 180
8.3 Requesting storage with volume claim templates 185
8.4 Running maintenance tasks with Jobs and CronJobs 190
8.5 Choosing your platform for stateful apps 198
8.6 Lab 199
9 Managing app releases with rollouts and rollbacks 201
9.1 How Kubernetes manages rollouts 201
9.2 Updating Deployments with rollouts and rollbacks 205
9.3 Configuring rolling updates for Deployments 213
9.4 Rolling updates in DaemonSets and StatefulSets 220
9.5 Understanding release strategies 226
9.6 Lab 227
10 Packaging and managing apps with Helm 228
10.1 What Helm adds to Kubernetes 228
10.2 Packaging your own apps with Helm 233
10.3 Modeling dependencies in charts 243
10.4 Upgrading and rolling back Helm releases 248
10.5 Understanding where Helm fits in 253
10.6 Lab 254
11 App development-Developer workflows and CI/CD 255
11.1 The Docker developer workflow 255
11.2 The Kubernetes-as-a-Service developer workflow 260
11.3 Isolating workloads with contexts and namespaces 266
11.4 Continuous delivery in Kubernetes without Docker 271
11.5 Evaluating developer workflows on Kubernetes 276
11.6 Lab 278
Part 3 Preparing for Production 281
12 Preparing For, Production 281
12 Empowering self-healing apps 283
12.1 Routing traffic to healthy Pods using readiness probes 283
12.2 Restarting unhealthy Pods with liveness probes 288
12.3 Deploying upgrades safely with Helm 294
12.4 Protecting apps and nodes with resource limits 301
12.5 Understanding the limits of self-healing apps 308
12.6 Lab 309
13 Centralizing logs with Fluentd and Elasticsearch 310
13.1 How Kubernetes stores log entries 310
13.2 Collecting logs from nodes with Fluentd 315
13.3 Shipping logs to Elasticsearch 321
13.4 Parsing and filtering log entries 325
13.5 Understanding logging options in Kubernetes 330
13.6 Lab 331
14 Monitoring applications and Kubernetes with Prometheus 332
14.1 How Prometheus monitors Kubernetes workloads 332
14.2 Monitoring apps built with Prometheus client libraries 337
14.3 Monitoring third-party apps with metrics exporters 344
14.4 Monitoring containers and Kubernetes objects 349
14.5 Understanding the investment you make in monitoring 354
14.6 Lab 356
15 Managing incoming traffic with Ingress 357
15.1 How Kubernetes routes traffic with Ingress 357
15.2 Routing HTTP traffic with Ingress rules 363
15.3 Comparing ingress controllers 369
15.4 Using Ingress to secure your apps with HTTPS 378
15.5 Understanding Ingress and ingress controllers 383
15.6 Lab 384
16 Securing applications with policies, contexts, and admission control 385
16.1 Securing communication with network policies 385
16.2 Restricting container capabilities with security contexts 394
16.3 Blocking and modifying workloads with webhooks 398
16.4 Controlling admission with Open Policy Agent 406
16.5 Understanding security in depth in Kubernetes 412
16.6 Lab 414
Part 4 Pure and Applied Kubernetes 415
17 Securing resources with role-based access control 417
17.1 How Kubernetes secures access to resources 417
17.2 Securing resource access within the cluster 424
17.3 Binding roles to groups of users and service accounts 433
17.4 Discovering and auditing permissions with plugins 441
17.5 Planning your RBAC strategy 445
17.6 Lab 446
18 Deploying Kubernetes: Multinode and multiarchitecture clusters 447
18.1 What's inside a Kubernetes cluster? 447
18.2 Initializing the control plane 451
18.3 Adding nodes and running Linux workloads 455
18.4 Adding Windows nodes and running hybrid workloads 461
18.5 Understanding Kubernetes at scale 469
18.6 Lab 471
19 Controlling workload placement and automatic scaling 472
19.1 How Kubernetes schedules workloads 472
19.2 Directing Pod placement with affinity and antiaffinity 477
19.3 Controlling capacity with automatic scaling 484
19.4 Protecting resources with preemption and priorities 491
19.5 Understanding the controls for managing workloads 497
19.6 Lab 498
20 Extending Kubernetes with custom resources and Operators 500
20.1 How to extend Kubernetes with custom resources 500
20.2 Triggering workflows with custom controllers 506
20.3 Using Operators to manage third-party components 512
20.4 Building Operators for your own applications 522
20.5 Understanding when to extend Kubernetes 528
20.6 Lab 529
21 Running serverless junctions in Kubernetes 530
21.1 How serverless platforms work in Kubernetes 530
21.2 Triggering functions from HTTP requests 537
21.3 Triggering functions from events and schedules 543
21.4 Abstracting serverless functions with Serverless 548
21.5 Understanding where serverless functions fit 554
21.6 Lab 555
Never the end 556
22.1 Further reading by chapter 556
22.2 Choosing a Kubernetes platform 559
22.3 Understanding how Kubernetes is built 560
22.4 Joining the community 561
Index 563