Cloud Native DevOps with Kubernetes, 2nd Edition

Cover
Copyright
Table of Contents
Foreword to the Second Edition
Foreword to the First Edition
Preface
	Conventions Used in This Book
	Using Code Examples
	O’Reilly Online Learning
	How to Contact Us
		Acknowledgments
Chapter 1. Revolution in the Cloud
	The Creation of the Cloud
		Buying Time
		Infrastructure as a Service
	The Dawn of DevOps
		Improving Feedback Loops
		What Does DevOps Mean?
		Infrastructure as Code
		Learning Together
	The Coming of Containers
		The State of the Art
		Thinking Inside the Box
		Putting Software in Containers
		Plug and Play Applications
	Conducting the Container Orchestra
	Kubernetes
		From Borg to Kubernetes
		Why Kubernetes?
		Will Kubernetes Disappear?
		Kubernetes Is Not a Panacea
	Cloud Native
	The Future of Operations
		Distributed DevOps
		Some Things Will Remain Centralized
		Developer Productivity Engineering
		You Are the Future
	Summary
Chapter 2. First Steps with Kubernetes
	Running Your First Container
		Installing Docker Desktop
		What Is Docker?
		Running a Container Image
	The Demo Application
		Looking at the Source Code
		Introducing Go
		How the Demo App Works
	Building a Container
		Understanding Dockerfiles
		Minimal Container Images
		Running Docker Image Build
		Naming Your Images
		Port Forwarding
	Container Registries
		Authenticating to the Registry
		Naming and Pushing Your Image
		Running Your Image
	Hello, Kubernetes
		Running the Demo App
		If the Container Doesn’t Start
	Minikube
	Summary
Chapter 3. Getting Kubernetes
	Cluster Architecture
		The Control Plane
		Node Components
		High Availability
	The Costs of Self-Hosting Kubernetes
		It’s More Work Than You Think
		It’s Not Just About the Initial Setup
		Tools Don’t Do All the Work for You
		Kubernetes the Hard Way
		Kubernetes Is Hard
		Administration Overhead
		Start with Managed Services
	Managed Kubernetes Services
		Google Kubernetes Engine (GKE)
		Cluster Autoscaling
		Autopilot
		Amazon Elastic Kubernetes Service (EKS)
		Azure Kubernetes Service (AKS)
		IBM Cloud Kubernetes Service
		DigitalOcean Kubernetes
	Kubernetes Installers
		kops
		Kubespray
		kubeadm
		Rancher Kubernetes Engine (RKE)
		Puppet Kubernetes Module
	Buy or Build: Our Recommendations
		Run Less Software
		Use Managed Kubernetes if You Can
		But What About Vendor Lock-in?
		Bare-Metal and On-Prem
		Multicloud Kubernetes Clusters
		OpenShift
		Anthos
		Use Standard Kubernetes Self-Hosting Tools if You Must
	Clusterless Container Services
		AWS Fargate
		Azure Container Instances (ACI)
		Google Cloud Run
	Summary
Chapter 4. Working with Kubernetes Objects
	Deployments
		Supervising and Scheduling
		Restarting Containers
		Creating Deployments
	Pods
	ReplicaSets
	Maintaining Desired State
	The Kubernetes Scheduler
	Resource Manifests in YAML Format
		Resources Are Data
		Deployment Manifests
		Using kubectl apply
		Service Resources
		Querying the Cluster with kubectl
		Taking Resources to the Next Level
	Helm: A Kubernetes Package Manager
		Installing Helm
		Installing a Helm Chart
		Charts, Repositories, and Releases
		Listing Helm Releases
	Summary
Chapter 5. Managing Resources
	Understanding Resources
		Resource Units
		Resource Requests
		Resource Limits
		Quality of Service
	Managing the Container Life Cycle
		Liveness Probes
		Probe Delay and Frequency
		Other Types of Probes
		Readiness Probes
		Startup Probes
		gRPC Probes
		File-Based Readiness Probes
		minReadySeconds
		Pod Disruption Budgets
	Using Namespaces
		Working with Namespaces
		What Namespaces Should I Use?
		Service Addresses
		Resource Quotas
		Default Resource Requests and Limits
	Optimizing Cluster Costs
		Kubecost
		Optimizing Deployments
		Optimizing Pods
		Vertical Pod Autoscaler
		Optimizing Nodes
		Optimizing Storage
		Cleaning Up Unused Resources
		Checking Spare Capacity
		Using Reserved Instances
		Using Preemptible (Spot) Instances
		Keeping Your Workloads Balanced
	Summary
Chapter 6. Operating Clusters
	Cluster Sizing and Scaling
		Capacity Planning
		Nodes and Instances
		Scaling the Cluster
	Conformance Checking
		CNCF Certification
		Conformance Testing with Sonobuoy
		Kubernetes Audit Logging
	Chaos Testing
		Only Production Is Production
		chaoskube
		kube-monkey
		PowerfulSeal
	Summary
Chapter 7. Kubernetes Power Tools
	Mastering kubectl
		Shell Aliases
		Using Short Flags
		Abbreviating Resource Types
		Auto-Completing kubectl Commands
		Getting Help
		Getting Help on Kubernetes Resources
		Showing More Detailed Output
		Working with JSON Data and jq
		Watching Objects
		Describing Objects
	Working with Resources
		Imperative kubectl Commands
		When Not to Use Imperative Commands
		Generating Resource Manifests
		Exporting Resources
		Diffing Resources
	Working with Containers
		Viewing a Container’s Logs
		Attaching to a Container
		Watching Kubernetes Resources with kubespy
		Forwarding a Container Port
		Executing Commands on Containers
		Running Containers for Troubleshooting
		Using BusyBox Commands
		Adding BusyBox to Your Containers
		Installing Programs on a Container
	Contexts and Namespaces
		kubeconfig files
		kubectx and kubens
		kube-ps1
	Kubernetes Shells and Tools
		kube-shell
		Click
		kubed-sh
		Stern
	Kubernetes IDEs
		Lens
		VS Code Kubernetes Extension
	Building Your Own Kubernetes Tools
	Summary
Chapter 8. Running Containers
	Containers and Pods
		What Is a Container?
		Container Runtimes in Kubernetes
		What Belongs in a Container?
		What Belongs in a Pod?
	Container Manifests
		Image Identifiers
		The latest Tag
		Container Digests
		Base Image Tags
		Ports
		Resource Requests and Limits
		Image Pull Policy
		Environment Variables
	Container Security
		Running Containers as a Non-Root User
		Blocking Root Containers
		Setting a Read-Only Filesystem
		Disabling Privilege Escalation
		Capabilities
		Pod Security Contexts
		Pod Service Accounts
	Volumes
		emptyDir Volumes
		Persistent Volumes
	Restart Policies
	Image Pull Secrets
	Init Containers
	Summary
Chapter 9. Managing Pods
	Labels
		What Are Labels?
		Selectors
		More Advanced Selectors
		Other Uses for Labels
		Labels and Annotations
	Node Affinities
		Hard Affinities
		Soft Affinities
	Pod Affinities and Anti-Affinities
		Keeping Pods Together
		Keeping Pods Apart
		Soft Anti-Affinities
		When to Use Pod Affinities
	Taints and Tolerations
	Pod Controllers
		DaemonSets
		StatefulSets
		Jobs
		CronJobs
		Horizontal Pod Autoscalers
		Operators and Custom Resource Definitions (CRDs)
	Ingress
		Ingress Controllers
		Ingress Rules
		Terminating TLS with Ingress
	Service Mesh
		Istio
		Linkerd
		Consul Connect
		NGINX Service Mesh
	Summary
Chapter 10. Configuration and Secrets
	ConfigMaps
		Creating ConfigMaps
		Setting Environment Variables from ConfigMaps
		Setting the Whole Environment from a ConfigMap
		Using Environment Variables in Command Arguments
		Creating Config Files from ConfigMaps
		Updating Pods on a Config Change
	Kubernetes Secrets
		Using Secrets as Environment Variables
		Writing Secrets to Files
		Reading Secrets
		Access to Secrets
		Encryption at Rest
		Keeping Secrets and ConfigMaps
	Secrets Management Strategies
		Encrypt Secrets in Version Control
		Use a Dedicated Secrets Management Tool
	Encrypting Secrets with Sops
		Encrypting a File with Sops
		Using a KMS Backend
	Sealed Secrets
	Summary
Chapter 11. Security, Backups, and Cluster Health
	Access Control and Permissions
		Managing Access by Cluster
		Introducing Role-Based Access Control (RBAC)
		Understanding Roles
		Binding Roles to Users
		What Roles Do I Need?
		Guard Access to cluster-admin
		Applications and Deployment
		RBAC Troubleshooting
	Cluster Security Scanning
		Gatekeeper/OPA
		kube-bench
		Kubescape
	Container Security Scanning
		Clair
		Aqua
		Anchore Engine
		Synk
	Backups
		Do I Need to Back Up Kubernetes?
		Backing Up etcd
		Backing Up Resource State
		Backing Up Cluster State
		Large and Small Disasters
		Velero
	Monitoring Cluster Status
		kubectl
		CPU and Memory Utilization
		Cloud Provider Console
		Kubernetes Dashboard
		Weave Scope
		kube-ops-view
		node-problem-detector
	Further Reading
	Summary
Chapter 12. Deploying Kubernetes Applications
	Building Manifests with Helm
		What’s Inside a Helm Chart?
		Helm Templates
		Interpolating Variables
		Quoting Values in Templates
		Specifying Dependencies
	Deploying Helm Charts
		Setting Variables
		Specifying Values in a Helm Release
		Updating an App with Helm
		Rolling Back to Previous Versions
		Creating a Helm Chart Repo
		Managing Helm Chart Secrets with Sops
	Managing Multiple Charts with Helmfile
		What’s in a Helmfile?
		Chart Metadata
		Applying the Helmfile
	Advanced Manifest Management Tools
		kustomize
		Tanka
		Kapitan
		kompose
		Ansible
		kubeval
	Summary
Chapter 13. Development Workflow
	Development Tools
		Skaffold
		Telepresence
		Waypoint
		Knative
		OpenFaaS
		Crossplane
	Deployment Strategies
		Rolling Updates
		Recreate
		maxSurge and maxUnavailable
		Blue/Green Deployments
		Rainbow Deployments
		Canary Deployments
	Handling Migrations with Helm
		Helm Hooks
		Handling Failed Hooks
		Other Hooks
		Chaining Hooks
	Summary
Chapter 14. Continuous Deployment in Kubernetes
	What Is Continuous Deployment?
	Which CD Tool Should I Use?
	Hosted CI/CD Tools
		Azure Pipelines
		Google Cloud Build
		Codefresh
		GitHub Actions
		GitLab CI
	Self-Hosted CI/CD Tools
		Jenkins
		Drone
		Tekton
		Concourse
		Spinnaker
		Argo
		Keel
	A CI/CD Pipeline with Cloud Build
		Setting Up Google Cloud and GKE
		Forking the Demo Repository
		Create Artifact Registry Container Repository
		Configuring Cloud Build
		Building the Test Container
		Running the Tests
		Building the Application Container
		Substitution Variables
		Git SHA Tags
		Validating the Kubernetes Manifests
		Publishing the Image
		Creating the First Build Trigger
		Testing the Trigger
		Deploying from a CI/CD Pipeline
		Creating a Deploy Trigger
		Adapting the Example Pipeline
	GitOps
		Flux
	Summary
Chapter 15. Observability and Monitoring
	What Is Observability?
		What Is Monitoring?
		Closed-Box Monitoring
		What Does “Up” Mean?
		Logging
		Introducing Metrics
		Tracing
		Observability
	The Observability Pipeline
	Monitoring in Kubernetes
		External Closed-Box Checks
		Internal Health Checks
	Summary
Chapter 16. Metrics in Kubernetes
	What Are Metrics, Really?
		Time-Series Data
		Counters and Gauges
		What Can Metrics Tell Us?
	Choosing Good Metrics
		Services: The RED Pattern
		Resources: The USE Pattern
		Business Metrics
		Kubernetes Metrics
	Analyzing Metrics
		What’s Wrong with a Simple Average?
		Means, Medians, and Outliers
		Discovering Percentiles
		Applying Percentiles to Metrics Data
		We Usually Want to Know the Worst
		Beyond Percentiles
	Graphing Metrics with Dashboards
		Use a Standard Layout for All Services
		Build an Information Radiator with Primary Dashboards
		Dashboard Things That Break
	Alerting on Metrics
		What’s Wrong with Alerts?
		On-Call Should Not Be Hell
		Urgent, Important, and Actionable Alerts
		Track Your Alerts, Out-of-Hours Pages, and Wake-Ups
	Metrics Tools and Services
		Prometheus
		Google Operations Suite
		AWS CloudWatch
		Azure Monitor
		Datadog
		New Relic
	Summary
Afterword
	Where to Go Next
	Second Edition Notes
	Welcome Aboard
Index
About the Authors
Colophon