Kubernetes for Developers Version 11

Kubernetes for Developers MEAP V11
Copyright
Welcome
Brief contents
Chapter 1: Kubernetes for Application Deployment
1.1 Containers: The Ideal Application Package
1.1.1 Language flexibility
1.1.2 Isolation Without Overhead
1.1.3 Developer Efficiency
1.1.4 Reproducibility
1.2 Running Containers on Kubernetes
1.2.1 Kubernetes Architecture: Life of a Container
1.3 Benefits of using Kubernetes
1.3.1 Automated Operations
1.3.2 A Workload Abstraction
1.3.3 The Ability to Scale Up
1.3.4 Cost Efficient Deployments
1.3.5 Extensibility
1.3.6 Open Source
1.3.7 Customized Workflows
1.4 Deciding when to use Kubernetes
1.4.1 Running a Stateful Database
1.4.2 Functions as a Service
1.4.3 Pure Stateless Applications
1.5 Summary
Chapter 2: Containerizing Apps
2.1 Building Docker Containers
2.1.1 Developer Setup
Windows 10
Mac
Linux
2.1.2 Running Commands in Docker
2.1.3 Building our own Images
2.1.4 Using Base Images
2.1.5 Adding a Default Command
2.1.6 Adding Dependencies
2.1.7 Compiling Code in Docker
2.1.8 Compiling Code with a Multi-stage Build
2.2 Containerizing a Server Application
2.2.1 Containerizing an Application Server
2.2.2 Debugging
2.3 Using Docker Compose for Local Testing
2.3.1 Mapping Folders Locally
2.3.2 Adding Service Dependencies
2.3.3 Faking External Dependencies
2.4 Summary
Chapter 3: Deploying to Kubernetes
3.1 Kubernetes Architecture
3.1.1 The Kubernetes Cluster
3.1.2 Kubernetes Objects
Pod
Deployment
Service
3.2 Deploying an Application
3.2.1 Creating a Cluster
Prefer a local cluster?
Google Kubernetes Engine
3.2.2 Uploading your Container
Authenticate
Tag
Push
3.2.3 Deploying to Kubernetes
Troubleshooting
3.2.4 The Podspec
3.2.5 Publishing your Service
Troubleshooting
3.2.6 Interactive with the Deployment
Running one-off commands
Copying files to/from the container
3.2.7 Updating your Application
Monitoring The Rollout
Watching the deployment
3.2.8 Cleaning Up
3.3 Declarative Commands
3.4 Local Kubernetes Environments
3.4.1 Docker Desktop’s Kubernetes Cluster
3.4.2 Minikube
3.4.3 Using your Local Kubernetes Cluster
Accessing the Service
Deploying Local Images
3.5 Summary
Chapter 4: Automated Operations
4.1 Automated Uptime with Health Checks
4.1.1 Liveness and Readiness Probes
4.1.2 Adding a Readiness Probe
4.1.3 Adding a Liveness Probe
4.1.4 Designing Good Health Checks
4.1.5 Rescheduling Unready Containers
4.1.6 Probe Types
4.2 Updating Live Applications
4.2.1 Rolling Update Strategy
MaxSurge
MaxUnavailable
Recommendation
Deploying Changes with Rolling Update
4.2.2 Replacement Strategy
4.2.3 Blue / Green Strategy
Implementing blue / green in Kubernetes
4.2.4 Choosing a Rollout Strategy
4.3 Summary
Chapter 5: Resource Management
5.1 Pod Scheduling
5.1.1 Specifying Pod Resources
5.1.2 Quality of Service
Guaranteed Class
Burstable Class
Best Effort
Summary
5.1.3 Evictions, Priority and Preemption
Eviction
“Evicted” Error Status
Priority
Preemption
When to Use Priority and Preemption
5.2 Calculating Pod Resources
5.2.1 Setting Memory Requests and Limits
5.2.2 Setting CPU Requests and Limits
5.2.3 Reducing Costs by Overcommitting CPU
5.2.4 Balancing Pod Replicas and Internal Pod Concurrency
5.3 Summary
Chapter 6: Scaling Up
6.1 Scaling Pods and Nodes
6.2 Horizontal Pod Autoscaling
6.2.1 External Metrics
Observing and Debugging
AverageValue vs Value
Other metrics
Other Monitoring Solutions
6.3 Node Autoscaling & Capacity Planning
6.3.1 Cluster Autoscaling
6.3.2 Capacity Planning with Cluster Autoscaling
6.4 Building Your App to Scale
6.4.1 Avoiding State
6.4.2 Microservice Architectures
6.5 Summary
Chapter 7: Internal Services and Load Balancing
7.1 Internal Services
7.1.1 Kubernetes Cluster Networking
7.1.2 Creating an Internal Service
7.1.3 Service Discovery
Service Discovery using Environment Variables
Service Discovery using DNS
Putting it all together
7.2 Ingress: HTTP(S) Load Balancing
7.2.1 TLS
7.3 Summary
Chapter 8: Node Feature Selection
8.1 Node Feature Selection
8.1.1 Node Selectors
8.1.2 Node Affinity and Anti-Affinity
Preferred Node Affinity
8.1.3 Tainting Nodes to Prevent Scheduling by Default
Tolerating All Taints
8.1.4 Workload Separation
8.2 Placing Pods
8.2.1 Building Highly Available Deployments
Spreading Across Zones
8.2.2 Collocating Interdependent Pods
8.2.3 Avoiding Certain Pods
8.3 Debugging Placement Issues
Placement rules don’t appear to work
Pods are Pending
8.4 Summary
Chapter 9: Stateful Applications
9.1 Volumes, Persistent Volumes, Claims and Storage Classes
9.1.1 Volumes
EmptyDir Volumes
ConfigMap Volume
Cloud Provider Volumes
9.1.2 Persistent Volumes and Claims
9.1.3 Storage Classes
9.1.4 Single-pod Stateful Workload Deployments
9.2 StatefulSet
9.2.1 Deploying StatefulSet
MariaDB
Redis
9.2.2 Deploying a Multi-Role StatefulSet
9.3 Migrating/Recovering Disks
9.4 Summary
Chapter 10: Background Processing
10.1 Background Processing Queues
10.1.1 Creating a custom task queue
Creating a worker container
Deploying to Kubernetes
Adding work to the queue
Viewing the work
10.1.2 Signal Handling in Worker Pods
10.1.3 Scaling Worker Pods
10.1.4 Open Source Task Queues
10.2 Jobs
10.2.1 Running one-off tasks with Jobs
10.2.2 Scheduling Tasks with Cron Jobs
10.3 Batch task processing with Jobs
10.3.1 Dynamic Queue Processing with Jobs
10.3.2 Static Queue Processing with Jobs
10.4 Liveness Probes for Background Tasks
Liveness Bash Script for Background Tasks
10.5 Summary
Chapter 11: GitOps: Configuration as Code
11.1 Production and Staging Environments using Namespaces
11.1.1 Deploying to our new namespace
11.1.2 Syncing Mutations from the Cluster
11.2 Configuration as Code the Kubernetes Way
11.3 Rolling Out Safely
11.3.1 Deployment Pipelines
Continuous Deployment with Cloud Build
Continuous Reconciliation
11.4 Secrets
11.4.1 String-based (Password) Secrets
11.4.2 Base64 Encoded Secrets
11.4.3 File-based Secrets
11.4.4 Secrets and GitOps
Separate Repository
Sealed Secrets
Secrets Service
11.5 Summary
Chapter 12: Securing Kubernetes
12.1 Staying up to date
12.1.1 Cluster and Node Updates
12.1.2 Updating Containers
Reducing Container Updates
12.1.3 Handling Disruptions
Readiness Checks
Signal Handling and Graceful Termination
Rolling Updates
Pod Disruption Budgets
12.2 Deploying Node Agents with DaemonSet
12.3 Pod Security Context
12.4 Non-Root Containers
Updating Containers To Run As Non-Root
12.5 Admission Controllers
12.5.1 Pod Security Admission
Installing Pod Security Admission
Pod Security policies
Creating a Namespace with Pod Security
12.6 Role-based Access Control (RBAC)
Namespace Role
Cluster Role
Applying the Pod Security
RBAC for ServiceAccounts
12.7 Summary