SitePoint
Blog
Forum
Library
Login
Join Premium
Toggle sidebar
The Kubernetes Bible
Toggle community discussions
Close
Content
Files
Bookmarks
Preface
THE KUBERNETES BIBLE
Contributors
About the authors
About the reviewer
Who this book is for
What this book covers
To get the most out of this book
Download the example code files
Download the color images
Conventions used
Get in touch
Share Your Thoughts
1
Kubernetes Fundamentals
Section 1: Introducing Kubernetes
Understanding monoliths and microservices
Understanding the growth of the internet since the late 1990s
Understanding the need for more frequent software releases
Understanding the organizational shift to agile methodologies
Understanding the shift from on-premises to the cloud
Understanding why the cloud is well suited for scalability
Exploring the monolithic architecture
Exploring the microservices architecture
Choosing between monolithic and microservices architectures
Understanding containers and Docker
Understanding why Docker is good for microservices
Understanding the benefit of Docker container isolation
How can Kubernetes help you to manage your Docker containers?
Understanding that Kubernetes is meant to use Docker in production
Exploring the problems that Kubernetes solves
Ensuring high availability
Release management and container deployment
Autoscaling containers
When and where is Kubernetes not the solution?
Understanding the history of Kubernetes
Understanding how and where Kubernetes started
Who manages Kubernetes today?
Where is Kubernetes today?
Summary
Kubernetes Architecture – From Docker Images to Running Pods
Understanding the difference between the master and worker nodes
The kube-apiserver component
The role of kube-apiserver
How do you install kube-apiserver?
Where do you install kube-apiserver?
Exploring the kubectl command-line tool and YAML syntax
The role of kubectl
How does kubectl work?
The YAML syntax
kubectl should be installed on any machine that needs to interact with the cluster
The Etcd datastore
The role of the Etcd datastore
Where do you install Etcd?
The Kubelet and worker node components
The Kubelet agent
The kube-proxy component
The kube-scheduler component
The role of the kube-scheduler component
Where do you install kube-scheduler?
The kube-controller-manager component
The role of the kube-controller-manager component
Where do you install kube-controller-manager?
How to make Kubernetes highly available
The single-node cluster
The single-master cluster
The multi-master multi-node cluster
Summary
Installing Your First Kubernetes Cluster
Technical requirements
Installing a single-node cluster with Minikube
Launching a single-node Kubernetes cluster using Minikube
Stopping and deleting the local Minikube cluster
Launching a multi-node Kubernetes cluster with Kind
Installing Kind onto your local system
Stopping and deleting the local Kind cluster
Installing a Kubernetes cluster using Google GKE
Launching a multi-node Kubernetes cluster on Google GKE
Stopping and deleting a Kubernetes cluster on Google GKE
Installing a Kubernetes cluster using Amazon EKS
Launching a multi-node Kubernetes cluster on Amazon EKS
Deleting the Kubernetes cluster on Amazon EKS
Installing a Kubernetes cluster using Azure AKS
Launching a multi-node Kubernetes cluster on Azure AKS
Stopping and deleting a Kubernetes cluster on Azure AKS
Summary
Running Your Docker Containers
Section 2: Diving into Kubernetes Core Concepts
Technical requirements
Let's explain the notion of Pods
Each Pod gets an IP address
How you should design your Pods
Launching your first Pods
Creating a Pod with imperative syntax
Creating a Pod with declarative syntax
Reading the Pod's information and metadata
Listing the objects in JSON or YAML
Backing up your resource using the list operation
Getting more information from the list operation
Accessing a Pod from the outside world
Entering a container inside a Pod
Deleting a Pod
Labeling and annotating the Pods
What are labels and why do we need them?
What are annotations and how do they differ from labels?
Adding a label
Listing labels attached to a Pod
Adding or updating a label to/of a running Pod
Deleting a label attached to a running Pod
Adding an annotation
Launching your first job
What are jobs?
Creating a job with restartPolicy
Understanding the job's backoffLimit
Running a task multiple times using completions
Running a task multiple times in parallel
Terminating a job after a specific amount of time
What happens if a job succeeds?
Deleting a job
Launching your first Cronjob
What are Cronjobs?
Creating your first Cronjob
Understanding the schedule
Understanding the role of the jobTemplate section
Controlling the Cronjob execution deadline
Managing the history limits of jobs
Creating a Cronjob
Deleting a Cronjob
Summary
Using Multi-Container Pods and Design Patterns
Technical requirements
Understanding what multi-container Pods are
Concrete scenarios where you need multi-container Pods
When not to create a multi-container Pod
Creating a Pod made up of two containers
What happens when Kubernetes fails to launch one container in a Pod?
Deleting a multi-container Pod
Understanding the Pod deletion grace period
Accessing a specific container inside a multi-container Pod
Running commands in containers
Overriding the default commands run by your containers
Introducing initContainers
Accessing the logs of a specific container
Sharing volumes between containers in the same Pod
What are Kubernetes volumes?
Creating and mounting an emptyDir volume
Creating and mounting a hostPath volume
The ambassador design pattern
What is the ambassador design pattern?
A simple example of an ambassador multi-container Pod
The sidecar design pattern
What is the sidecar design pattern?
A simple example of a sidecar multi-container Pod
The adapter design pattern
What is the adapter design pattern?
A simple example of an adapter multi-container Pod
Summary
Configuring Your Pods Using ConfigMaps and Secrets
Technical requirements
Understanding what ConfigMaps and Secrets are
Decoupling your application and your configuration
Understanding how Pods consume ConfigMaps and Secrets
Configuring your Pods using ConfigMaps
Listing ConfigMaps
Creating a ConfigMap
Creating a ConfigMap from literal values
Storing entire configuration files in a ConfigMap
Creating a ConfigMap from an env file
Reading values inside a ConfigMap
Linking ConfigMaps as environment variables
Mounting a ConfigMap as a volume mount
Deleting a ConfigMap
Updating a ConfigMap
Managing sensitive configuration with the Secret object
Listing Secrets
Creating a Secret imperatively with --from-literal
Creating a Secret declaratively with a YAML file
Creating a Secret with content from a file
Reading a Secret
Consuming a Secret as an environment variable
Consuming a Secret as a volume mount
Deleting a Secret
Updating a Secret
Summary
Exposing Your Pods with Services
Technical requirements
Why would you want to expose your Pods?
Understanding Pod IP assignment
Understanding Pod IP assignment is dynamic
Never hardcode a pod's IP addresses in your application code
Understanding how services route traffic to Pods
Understanding round-robin load balancing in Kubernetes
Understanding how to call a service in Kubernetes
Understanding how DNS names are generated for services
How services get a list of the Pods they service traffic to
Using the dnsutils Docker image to debug your services
Why you shouldn't use the --expose flag
Understanding how DNS names are generated for services
Understanding the different types of services
The NodePort service
Why do you need NodePort services?
Creating two containous/whoami Pods
Understanding NodePort YAML definition
Making sure NodePort works as expected
Is this setup production-ready?
Listing NodePort services
Adding more Pods to NodePort services
Describing NodePort services
Deleting NodePort services
NodePort or kubectl port-forward?
The ClusterIP service
Why do you need ClusterIP services?
How do I know if I need NodePort or ClusterIP services to expose my Pods?
Listing ClusterIP services
Creating ClusterIP services using the imperative way
Describing ClusterIP services
Creating ClusterIP services using the declarative way
Deleting ClusterIP services
Understanding headless services
The LoadBalancer service
Explaining the LoadBalancer services
Should I use the LoadBalancer service type?
Implementing ReadinessProbe
Why do you need ReadinessProbe?
Implementing ReadinessProbe
What is LivenessProbe and why do you need it?
Implementing LivenessProbe
Using ReadinessProbe and LivenessProbe together
Securing your Pods using the NetworkPolicy object
Why do you need NetworkPolicy?
Understanding Pods are not isolated by default
Configuring NetworkPolicy with labels and selectors
Summary
Managing Namespaces in Kubernetes
Technical requirements
Introduction to Kubernetes namespaces
Why do you need namespaces?
How namespaces are used to split resources into chunks
Understanding default namespaces
How namespaces impact your resources and services
Listing namespaces inside your cluster
Retrieving the data of a specific namespace
Creating a namespace using imperative syntax
Creating a namespace using declarative syntax
Deleting a namespace
Creating a resource inside a namespace with the -n option
Listing resources inside a specific namespace
Listing all the resources inside a specific namespace
Understanding that names are scoped to a namespace
Understanding that not all resources are in a namespace
Resolving a service using namespaces
Switching between namespaces with kubectl
Displaying the current namespace with kubectl
Configuring ResourceQuota and Limit at the namespace level
Understanding why you should set ResourceQuota
Understanding how Pods consume these resources
Understanding how Pods can require computing resources
Understanding how you can limit resource consumption
Understanding why you need ResourceQuota
Creating a ResourceQuota
Listing ResourceQuota
Deleting ResourceQuota
Introducing LimitRange
Listing LimitRange
Deleting LimitRange
Summary
Persistent Storage in Kubernetes
Technical requirements
Why you would want to use PersistentVolume
Introducing PersistentVolumes
Introducing PersistentVolume types
The benefits brought by PersistentVolume
Introducing access modes
Understanding that not all access modes are available to all PersistentVolume types
Creating our first PersistentVolume
How does Kubernetes PersistentVolumes handle cloud-based storage?
Amazon EBS PersistentVolume YAML
GCE PersistentDisk PersistentVolume YAML
NFS PersistentVolume YAML
Can Kubernetes handle the provisioning or creation of the resource itself?
Understanding how to mount a PersistentVolume to your Pod claims
Introducing PersistentVolumeClaim
Splitting storage creation and storage consumption
The summarized PersistentVolume workflow
Creating a Pod with a PersistentVolumeClaim object
Understanding the life cycle of a PersistentVolume object in Kubernetes
Understanding that PersistentVolume objects are not bound to namespaces
Reclaiming a PersistentVolume object
Updating a reclaim policy
Understanding PersistentVolume and PersistentVolumeClaims statuses
Static and dynamic PersistentVolume provisioning
Static versus dynamic provisioning
Introducing dynamic provisioning
Introducing StorageClasses
Understanding the role of PersistentVolumeClaim for dynamic storage provisioning
Summary
Running Production-Grade Kubernetes Workloads
Section 3: Using Managed Pods with Controllers
Technical requirements
Ensuring HA and FT on Kubernetes
High Availability
Fault Tolerance
HA and FT for Kubernetes applications
What is ReplicationController?
Creating a ReplicationController object
Testing the behavior of ReplicationController
Scaling ReplicationController
Deleting ReplicationController
What is ReplicaSet and how does it differ from ReplicationController?
Creating a ReplicaSet object
Testing the behavior of ReplicaSet
Scaling ReplicaSet
Using Pod liveness probes together with ReplicaSet
Deleting a ReplicaSet object
Summary
Further reading
Deployment – Deploying Stateless Applications
Technical requirements
Introducing the Deployment object
Creating a Deployment object
Exposing Deployment Pods using Service objects
Scaling a Deployment object
Deleting a Deployment object
How does a Deployment object manage revisions and version rollout?
Updating a Deployment object
Rolling back a Deployment object
Deployment object best practices
Use declarative object management for Deployments
Do not use the Recreate strategy for production workloads
Do not create Pods that match an existing Deployment label selector
Carefully set up your container probes
Use meaningful and semantic image tags
Migrating from older versions of Kubernetes
Summary
Further reading
StatefulSet – Deploying Stateful Applications
Technical requirements
Introducing the StatefulSet object
Managing state in containers
Managing state in Kubernetes Pods
StatefulSet and how it differs from a Deployment object
Managing StatefulSet
Creating a StatefulSet
Using the headless Service and stable network identities
State persistence
Scaling StatefulSet
Deleting a StatefulSet
Releasing a new version of an app deployed as a StatefulSet
Updating StatefulSet
Rolling back StatefulSet
StatefulSet best practices
Use declarative object management for StatefulSets
Do not use the TerminationGracePeriodSeconds Pod with a 0 value for StatefulSets
Scale down StatefulSets before deleting
Ensure state compatibility during StatefulSet rollbacks
Do not create Pods that match an existing StatefulSet label selector
Summary
Further reading
DaemonSet – Maintaining Pod Singletons on Nodes
Technical requirements
Introducing the DaemonSet object
Creating and managing DaemonSets
Creating a DaemonSet
Modifying a DaemonSet
Deleting a DaemonSet
Common use cases for DaemonSets
Alternatives to DaemonSets
Summary
Further reading
Kubernetes Clusters on Google Kubernetes Engine
Section 4: Deploying Kubernetes on the Cloud
Technical requirements
What are GCP and GKE?
Google Cloud Platform
Google Kubernetes Engine
Preparing your environment
Signing up for a GCP account
Creating a project
Installing the GCP command-line interface
Launching your first GKE cluster
Deploying a workload and interacting with your cluster
Configuring your local client
Launching an example workload
Exploring Google Cloud Console
Deleting your cluster
More about cluster nodes
Summary
Further reading
Launching a Kubernetes Cluster on Amazon Web Services with Amazon Elastic Kubernetes Service
Technical requirements
What are AWS and Amazon EKS?
AWS
Amazon EKS
Preparing your local environment
Signing up for an AWS account
Installing the AWS command-line interface
Installing eksctl, the official CLI for Amazon EKS
Launching your Amazon EKS cluster
Deploying a workload and interacting with your cluster
Deploying the workload
Exploring the AWS console
Deleting your Amazon EKS cluster
Summary
Further reading
Kubernetes Clusters on Microsoft Azure with Azure Kubernetes Service
Technical requirements
What are Microsoft Azure and AKS?
Microsoft Azure
AKS
Preparing your local environment
The Azure CLI
Launching your AKS cluster
Deploying a workload and interacting with your cluster
Launching the workload
Exploring the Azure portal
Deleting your AKS cluster
Summary
Further reading
Working with Helm Charts
Section 5: Advanced Kubernetes
Technical requirements
Understanding Helm
Releasing software to Kubernetes using Helm
Installing Helm on Ubuntu
Installing Helm on Windows
Installing Helm on macOS
Deploying an example chart
Helm chart anatomy
Installing popular solutions using Helm charts
Kubernetes Dashboard
Elasticsearch with Kibana
Prometheus with Grafana
Summary
Further reading
Authentication and Authorization on Kubernetes
Technical requirements
Authentication and user management
Static token files
ServiceAccount tokens
X.509 client certificates
OpenID Connect tokens
Other methods
Authorization and introduction to RBAC
RBAC mode in Kubernetes
Azure Kubernetes Service and Azure Active Directory integration
Prerequisites
Deploying a managed AKS cluster with AAD and Azure RBAC integration
Accessing the AKS cluster with AAD integration enabled
Using Azure RBAC for an AKS cluster
Summary
Further reading
Advanced Techniques for Scheduling Pods
Technical requirements
Refresher – What is kube-scheduler?
Managing Node affinity
Pod Node name
Pod Node selector
Node affinity configuration for Pods
Using Node taints and tolerations
Scheduling policies
Summary
Further reading
Autoscaling Kubernetes Pods and Nodes
Technical requirements
Pod resource requests and limits
Autoscaling Pods vertically using a Vertical Pod Autoscaler
Enabling a VPA in GKE
Enabling a VPA for other Kubernetes clusters
Using a VPA
Autoscaling Pods horizontally using a Horizontal Pod Autoscaler
Using an HPA
Autoscaling Kubernetes Nodes using a Cluster Autoscaler
Enabling the cluster autoscaler in GKE
Enabling the cluster autoscaler in the Amazon Elastic Kubernetes Service
Enabling the cluster autoscaler in the Azure Kubernetes Service
Using the cluster autoscaler
Summary
Further reading
Advanced Traffic Routing with Ingress
Technical requirements
Refresher: Kubernetes services
The ClusterIP Service
NodePort service
The LoadBalancer service
Introducing the Ingress object
Using nginx as an Ingress Controller
Azure Application Gateway Ingress Controller for AKS
Summary
Further reading
Open text modal
Community Questions
Close