Table Of ContentDevOps with Kubernetes
Second Edition
Accelerating software delivery with container orchestrators
Hideto Saito
Hui-Chuan Chloe Lee
Cheng-Yang Wu
BIRMINGHAM - MUMBAI
DevOps with Kubernetes
Second Edition
Copyright © 2019 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form
or by any means, without the prior written permission of the publisher, except in the case of brief quotations
embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented.
However, the information contained in this book is sold without warranty, either express or implied. Neither the
author(s), nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged
to have been caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products
mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy
of this information.
Commissioning Editor: Gebin George
Acquisition Editor: Shrilekha Inani
Content Development Editor: Deepti Thore
Technical Editor: Varsha Shivhare
Copy Editor: Safis Editing
Language Support Editor: Storm Mann, Mary McGowan
Project Coordinator: Jagdish Prabhu
Proofreader: Safis Editing
Indexer: Rekha Nair
Graphics: Jisha Chirayil
Production Coordinator: Aparna Bhagat
First published: October 2017
Second edition: January 2019
Production reference: 1280119
Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham
B3 2PB, UK.
ISBN 978-1-78953-399-6
www.packtpub.com
mapt.io
Mapt is an online digital library that gives you full access to over 5,000 books and videos, as
well as industry leading tools to help you plan your personal development and advance
your career. For more information, please visit our website.
Why subscribe?
Spend less time learning and more time coding with practical eBooks and Videos
from over 4,000 industry professionals
Improve your learning with Skill Plans built especially for you
Get a free eBook or video every month
Mapt is fully searchable
Copy and paste, print, and bookmark content
Packt.com
Did you know that Packt offers eBook versions of every book published, with PDF and
ePub files available? You can upgrade to the eBook version at www.packt.com and as a print
book customer, you are entitled to a discount on the eBook copy. Get in touch with us at
[email protected] for more details.
At www.packt.com, you can also read a collection of free technical articles, sign up for a
range of free newsletters, and receive exclusive discounts and offers on Packt books and
eBooks.
Contributors
About the authors
Hideto Saito has around 20 years of experience in the computer industry. In 1998, while
working for Sun Microsystems Japan, he was impressed with Solaris OS, OPENSTEP, and
Sun Ultra Enterprise 10000 (AKA StarFire). Then, he decided to pursue the UNIX and
macOS X operating systems.
In 2006, he relocated to Southern California as a software engineer to develop products and
services running on Linux and macOS X. He was especially renowned for his quick
Objective-C code when he was drunk. He is also an enthusiast of Japanese anime, drama,
and motorsports, and loves Japanese Otaku culture.
Hui-Chuan Chloe Lee is a DevOps and software developer. She has worked in the
software industry on a wide range of projects for over 5 years. As a technology enthusiast,
Chloe loves trying and learning about new technologies, which makes her life happier and
more fulfilled. In her free time, she enjoys reading, traveling, and spending time with the
people she loves.
Cheng-Yang Wu has been tackling infrastructure and system reliability since he received
his master's degree in computer science from National Taiwan University. His laziness
prompted him to master DevOps skills to maximize his efficiency at work so as to squeeze
in writing code for fun. He enjoys cooking as it's just like working with software – a perfect
dish always comes from balanced flavors and fine-tuned tastes.
About the reviewer
Guang Ya Liu is a Senior Technical Staff Member (STSM) for IBM Cloud Private and is
now focusing on cloud computing, container technology, and distributed computing. He is
also a member of the IBM Academy of Technology. He used to be an OpenStack Magnum
Core member from 2015 to 2017, and now serves as an Istio maintainer, Kubernetes
member, Kubernetes Federation V2 maintainer, and Apache Mesos committer and PMC
member.
Packt is searching for authors like you
If you're interested in becoming an author for Packt, please visit authors.packtpub.com
and apply today. We have worked with thousands of developers and tech professionals,
just like you, to help them share their insight with the global tech community. You can
make a general application, apply for a specific hot topic that we are recruiting an author
for, or submit your own idea.
Table of Contents
Preface 1
Chapter 1: Introduction to DevOps 6
Software delivery challenges 6
Waterfall and static delivery 6
Agile and digital delivery 7
Software delivery on the cloud 8
Continuous integration 9
Continuous delivery 10
Configuration management 10
Infrastructure as code 11
Orchestration 12
The microservices trend 12
Modular programming 13
Package management 13
The MVC design pattern 16
Monolithic applications 17
Remote procedure call 17
RESTful design 19
Microservices 19
Automation and tools 21
Continuous integration tools 21
Configuration management tools 23
Monitoring and logging tools 27
Communication tools 29
The public cloud 30
Summary 33
Chapter 2: DevOps with Containers 34
Understanding containers 34
Resource isolation 34
Linux containers 35
Containerized delivery 39
Getting started with containers 40
Installing Docker for Ubuntu 40
Installing Docker for CentOS 41
Installing Docker for macOS 42
The life cycle of a container 43
The basics of Docker 43
Layers, images, containers, and volumes 45
Distributing images 47
Table of Contents
Connecting containers 50
Working with a Dockerfile 53
Writing your first Dockerfile 54
The syntax of a Dockerfile 55
Organizing a Dockerfile 61
Multi-stage builds 63
Multi-container orchestration 64
Piling up containers 65
An overview of Docker compose 66
Composing containers 67
Summary 71
Chapter 3: Getting Started with Kubernetes 72
Understanding Kubernetes 72
Kubernetes components 73
Master components 74
API server (kube-apiserver) 74
Controller manager (kube-controller-manager) 74
etcd 75
Scheduler (kube-scheduler) 75
Node components 75
Kubelet 76
Proxy (kube-proxy) 76
Docker 76
The interaction between the Kubernetes master and nodes 76
Getting started with Kubernetes 77
Preparing the environment 77
kubectl 80
Kubernetes resources 81
Kubernetes objects 81
Namespaces 82
Name 83
Label and selector 84
Annotation 85
Pods 86
ReplicaSet 92
Deployments 97
Services 103
ClusterIP 104
NodePort 109
LoadBalancer 110
ExternalName (kube-dns version >= 1.7) 110
Service without selectors 111
Volumes 113
Secrets 114
Retrieving secrets via files 115
Retrieving secrets via environment variables 117
ConfigMap 118
Using ConfigMap via volume 119
Using ConfigMap via environment variables 120
Multi-container orchestration 121
[ ii ]
Table of Contents
Summary 129
Chapter 4: Managing Stateful Workloads 130
Kubernetes volume management 130
Container volume life cycle 130
Sharing volume between containers within a pod 132
Stateless and stateful applications 132
Kubernetes' persistent volume and dynamic provisioning 135
Abstracting the volume layer with a persistent volume claim 137
Dynamic provisioning and StorageClass 140
Problems with ephemeral and persistent volume settings 143
Replicating pods with a persistent volume using StatefulSet 148
Submitting Jobs to Kubernetes 150
Submitting a single Job to Kubernetes 151
Submitting a repeatable Job 153
Submitting a parallel Job 154
Scheduling running a Job using CronJob 155
Summary 157
Chapter 5: Cluster Administration and Extension 158
Kubernetes namespaces 159
Context 159
Creating a context 160
Switching the current context 160
Kubeconfig 160
Service account 162
Authentication and authorization 163
Authentication 165
Service account token authentication 165
User account authentication 166
Authorization 167
Role-based access control (RBAC) 168
Roles and ClusterRoles 169
RoleBinding and ClusterRoleBinding 170
Admission control 172
NamespaceLifecycle 173
LimitRanger 173
ServiceAccount 173
PersistentVolumeLabel 173
DefaultStorageClass 173
ResourceQuota 174
DefaultTolerationSeconds 174
PodNodeSelector 174
AlwaysPullImages 175
DenyEscalatingExec 175
Other admission controller plugins 175
[ iii ]
Table of Contents
Dynamic admission control 175
Admission webhook 176
Custom resources 182
Custom resources definition 182
Summary 189
Chapter 6: Kubernetes Network 190
Kubernetes networking 190
Docker networking 191
Container-to-container communications 194
Pod-to-pod communications 196
Pod communication within the same node 196
Pod communication across nodes 197
Pod-to-service communications 200
External-to-service communications 203
Ingress 205
Network policy 209
Service mesh 213
Summary 218
Chapter 7: Monitoring and Logging 219
Inspecting a container 219
The Kubernetes dashboard 221
Monitoring in Kubernetes 223
Monitoring applications 223
Monitoring infrastructure 224
Monitoring external dependencies 224
Monitoring containers 225
Monitoring Kubernetes 225
Getting monitoring essentials for Kubernetes 226
Hands-on monitoring 229
Getting to know Prometheus 229
Deploying Prometheus 230
Working with PromQL 231
Discovering targets in Kubernetes 231
Gathering data from Kubernetes 236
Visualizing metrics with Grafana 238
Logging events 240
Patterns of aggregating logs 240
Collecting logs with a logging agent per node 240
Running a sidecar container to forward written logs 242
Ingesting Kubernetes state events 243
Logging with Fluent Bit and Elasticsearch 244
Extracting metrics from logs 247
Incorporating data from Istio 248
The Istio adapter model 250
[ iv ]
