Getting Started with Kubernetes - Second Edition

Title Page

Getting Started with Kubernetes

Second Edition

Harness the power of Kubernetes to manage Docker deployments with ease

Jonathan Baier

BIRMINGHAM - MUMBAI

Copyright

Getting Started with Kubernetes

Second Edition

Copyright © 2017 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

First published: December 2015

Second edition: May 2017

Production reference: 1300517

Published by Packt Publishing Ltd.

Livery Place

35 Livery Street

Birmingham 

B3 2PB, UK.

ISBN 978-1-78728-336-7

www.packtpub.com

Credits

About the Author

Jonathan Baier is an emerging technology leader living in Brooklyn, New York. He has had a passion for technology since an early age. When he was 14 years old, he was so interested in the family computer (an IBM PCjr) that he pored over the several hundred pages of BASIC and DOS manuals. Then, he taught himself to code a very poorly-written version of Tic-Tac-Toe. During his teen years, he started a computer support business. Since then, he has dabbled in entrepreneurship several times throughout his life.

He currently enjoys working for Moody's as Vice President of Global Cloud Engineering. He has over a decade of experience delivering technology strategies and solutions for both public and private sector businesses of all sizes. He has a breadth of experience working with a wide variety of technologies and he enjoys helping organizations and management embrace new technology to transform their businesses.

Working in the areas of architecture, containerization, and cloud security, he has created strategic roadmaps to guide and help mature the overall IT capabilities of various enterprises. Furthermore, he has helped organizations of various sizes build and implement their cloud strategy and solve the many challenges that arise when designs on paper meet reality.

Acknowledgement

I'd like to give a tremendous thank you to my wonderful wife, Tomoko, and my playful son, Nikko. You both gave me incredible support and motivation during the writing process for both editions of this book. There were many early morning, long weekend and late night writing sessions that I could not have done without you both. You're smiles move mountains I could not on my own. You are my True north and guiding light in the storm.

I'd also like to give a special thanks to all my colleagues and friends at Cloud Technology Partners. Many of whom provided the encouragement and support for the original inception of this book. I'd like to especially thank Mike Kavis, David Linthicum, Alan Zall, Lisa Noon, Charles Radi and also the amazing CTP marketing team (Brad Young, Shannon Croy, and Nicole Givin) for guiding me along the way!

About the Reviewer

Jay Payne has been a database administrator 5 at Rackspace for over 10 years, working on the design, development, implementation, and operation of storage systems.

Previously, Jay worked on billing and support systems for hosting companies. For the last 20 years, he has primarily focused on the data life cycle from database architecture, administration, operations, reporting, disaster recovery, and compliance. He has domain experience in hosting, finance, billing, and customer support industries.

www.PacktPub.com

For support files and downloads related to your book, please visit www.PacktPub.com.

Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.comand as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at service@packtpub.com for more details.

At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks.

https://www.packtpub.com/mapt

Get the most in-demand software skills with Mapt. Mapt gives you full access to all Packt books and video courses, as well as industry-leading tools to help you plan your personal development and advance your career.

Why subscribe?

Fully searchable across every book published by Packt

Copy and paste, print, and bookmark content

On demand and accessible via a web browser

Customer Feedback

Thanks for purchasing this Packt book. At Packt, quality is at the heart of our editorial process. To help us improve, please leave us an honest review on this book's Amazon page at https://www.amazon.com/dp/1787283364.

If you'd like to join our team of regular reviewers, you can e-mail us at customerreviews@packtpub.com. We award our regular reviewers with free eBooks and videos in exchange for their valuable feedback. Help us be relentless in improving our products!

Table of Contents

Preface

What this book covers

What you need for this book

Who this book is for

Conventions

Reader feedback

Customer support

Downloading the example code

Downloading the color images of this book

Errata

Piracy

Questions

Introduction to Kubernetes

A brief overview of containers

What is a container?

Why are containers so cool?

The advantages of Continuous Integration/Continuous Deployment

Resource utilization

Microservices and orchestration

Future challenges

The birth of Kubernetes

Our first cluster

Kubernetes UI

Grafana

Command line

Services running on the master

Services running on the minions

Tear down cluster

Working with other providers

Resetting the cluster

Modifying kube-up parameters

Alternatives to kube-up.sh

Starting from scratch

Cluster setup

Installing Kubernetes components (kubelet and kubeadm)

Setting up a Master

Joining nodes

Networking

Joining the cluster

Summary

References

Pods, Services, Replication Controllers, and Labels

The architecture

Master

Node (formerly minions)

Core constructs

Pods

Pod example

Labels

The container's afterlife

Services

Replication controllers and replica sets

Our first Kubernetes application

More on labels

Replica sets

Health checks

TCP checks

Life cycle hooks or graceful shutdown

Application scheduling

Scheduling example

Summary

References

Networking, Load Balancers, and Ingress

Kubernetes networking

Networking options

Networking comparisons

Docker

Docker user-defined networks

Weave

Flannel

Project Calico

Canal

Balanced design

Advanced services

External services

Internal services

Custom load balancing

Cross-node proxy

Custom ports

Multiple ports

Ingress

Migrations, multicluster, and more

Custom addressing

Service discovery

DNS

Multitenancy

Limits

A note on resource usage

Summary

References

Updates, Gradual Rollouts, and Autoscaling

Example set up

Scaling up

Smooth updates

Testing, releases, and cutovers

Application autoscaling

Scaling a cluster

Autoscaling

Scaling up the cluster on GCE

Scaling up the cluster on AWS

Scaling manually

Summary

Deployments, Jobs, and DaemonSets

Deployments

Scaling

Updates and rollouts

History and rollbacks

Autoscaling

Jobs

Other types of jobs

Parallel jobs

Scheduled jobs

DaemonSets

Node selection

Summary

References

Storage and Running Stateful Applications

Persistent storage

Temporary disks

Cloud volumes

GCE persistent disks

AWS Elastic Block Store

Other storage options

PersistentVolumes and StorageClasses

StatefulSets

A stateful example

Summary

References

Continuous Delivery

Integrating with continuous delivery pipeline

Gulp.js

Prerequisites

Gulp build example

Kubernetes plugin for Jenkins

Prerequisites

Installing plugins

Configuring the Kubernetes plugin

Bonus fun

Summary

Monitoring and Logging

Monitoring operations

Built-in monitoring

Exploring Heapster

Customizing our dashboards

FluentD and Google Cloud Logging

FluentD

Maturing our monitoring operations

GCE (StackDriver)

Sign-up for GCE monitoring

Alerts

Beyond system monitoring with Sysdig

Sysdig Cloud

Detailed views

Topology views

Metrics

Alerting

The sysdig command line

The csysdig command-line UI

Prometheus

Summary

References

Cluster Federation

Introduction to federation

Setting up federation

Contexts

New clusters for federation

Initializing the federation control plane

Adding clusters to the federation system

Federated resources

Federated configurations

Other federated resources

True multi-cloud

Summary

Container Security

Basics of container security

Keeping containers contained

Resource exhaustion and orchestration security

Image repositories

Continuous vulnerability scanning

Image signing and verification

Kubernetes cluster security

Secure API calls

Secure node communication

Authorization and authentication plugins

Admission controllers

Pod security policies and context

Enabling beta APIs

Creating a PodSecurityPolicy

Creating a pod with a PodSecurityContext

Clean up

Additional considerations

Securing sensitive application data (secrets)

Summary

References

Extending Kubernetes with OCP, CoreOS, and Tectonic

The importance of standards

The Open Container Initiative

Cloud Native Computing Foundation

Standard container specification

CoreOS

rkt

etcd

Kubernetes with CoreOS

Tectonic

Dashboard highlights

Summary

References

Towards Production Ready

Ready for production

Ready, set, go

Third-party companies

Private registries

Google Container Engine

Azure Container Service

ClusterHQ

Portworx

Shippable

Twistlock

AquaSec

Mesosphere (Kubernetes on Mesos)

Deis

OpenShift

Where to learn more?

Summary

Preface

This book is a guide to getting started with Kubernetes and overall container management. We will walk you through the features and functions of Kubernetes and show how it fits into an overall operations strategy. You’ll learn what hurdles lurk in moving a container off the developer's laptop and managing them at a larger scale. You’ll also see how Kubernetes is the perfect tool to help you face these challenges with confidence.

What this book covers

Chapter 1, Introduction to Kubernetes, is a brief overview of containers and the how, what, and why of Kubernetes orchestration, exploring how it impacts your business goals and everyday operations.

Chapter 2, Pods, Services, Replication Controllers, and Labels, uses a few simple examples to explore core Kubernetes constructs, namely pods, services, replication controllers, replica sets, and labels. Basic operations including health checks and scheduling will also be covered.

Chapter 3, Networking, Load Balancers, and Ingress, covers cluster networking for Kubernetes and the Kubernetes proxy. It also takes a deeper dive into services, finishing up, it shows a brief overview of some higher level isolation features for mutli-tenancy.

Chapter 4, Updates, Gradual Rollouts, and Autoscaling, is a quick look at how to roll out updates and new features with minimal disruption to uptime. We will also look at scaling for applications and the Kubernetes cluster.

Chapter 5, Deployments, Jobs, and DaemonSets, covers both long-running application deployments as well as short-lived jobs. We will also look at using DaemonSets to run containers on all or subsets of nodes in the cluster.

Chapter 6, Storage and Running Stateful Applications, covers storage concerns and persistent data across pods and the container life cycle. We will also look at new constructs for working with stateful application in Kubernetes.

Chapter 7, Continuous Delivery, explains how to integrate Kubernetes into your continuous delivery pipeline. We will see how to use a k8s cluster with Gulp.js and Jenkins as well.

Chapter 8, Monitoring and Logging, teaches how to use and customize built-in and third-party monitoring tools on your Kubernetes cluster. We will look at built-in logging and monitoring, the Google Cloud Monitoring/Logging service, and Sysdig.

Chapter 9, Cluster Federation, enables you to try out the new federation capabilities and explains how to use them to manage multiple clusters across cloud providers. We will also cover the federated version of the core constructs from previous chapters.

Chapter 10, Container Security, teaches the basics of container security from the container runtime level to the host itself. It also explains how to apply these concepts to running containers and some of the security concerns and practices that relate specifically to running Kubernetes.

Chapter 11, Extending Kubernetes with OCP, CoreOS, and Tectonic, discovers how open standards benefit the entire container ecosystem. We’ll look at a few of the prominent standards organizations and cover CoreOS and Tectonic, exploring their advantages as a host OS and enterprise platform.

Chapter 12, Towards Production Ready, the final chapter, shows some of the helpful tools and third-party projects that are available and where you can go to get more help.

What you need for this book

This book will cover downloading and running the Kubernetes project. You’ll need access to a Linux system (VirtualBox will work if you are on Windows) and some familiarity with the command shell.

Additionally, you should have a Google Cloud Platform account. You can sign up for a free trial here:

https://cloud.google.com/

Also, an AWS account is necessary for a few sections of the book. You can sign up for a free trial here:

https://aws.amazon.com/

Who this book is for

Whether you’re heads down in development, neck deep in operations, or looking forward as an executive, Kubernetes and this book are for you. Getting Started with Kubernetes will help you understand how to move your container applications into production with best practices and step by step walk-throughs tied to a real-world operational strategy. You’ll learn how Kubernetes fits into your everyday operations, which can help you prepare for production-ready container application stacks.

Having some familiarity with Docker containers, general software developments, and operations at a high-level will be helpful.

Conventions

In this book, you will find a number of text styles that distinguish between different kinds of information. Here are some examples of these styles and an explanation of their meaning.

Code words in text, folder names, filenames, file extensions, and pathnames are shown as follows: Do a simple curl command to the pod IP.

URLs are shown as follows:

http://swagger.io/

If we wish you to replace a portion of the URL with your own values it will be shown like this:

https:///swagger-ui/

Resource definition files and other code blocks are set as follows:

When we wish you to replace a portion of the listing with your own value, the relevant lines or items are set in bold between less than and greater than symbols:

Any command-line input or output is written as follows:

New terms and important words are shown in bold. Words that you see on the screen, for example, in menus or dialog boxes, appear in the text like this: Clicking the Add New button moves you to the next screen.

There are several areas where the text refers to key-value pairs or to input dialogs on the screen. In these case the key or input label will be shown in bold and the value will be shown in bold italics. For example: "In the box labelled Timeout enter 5s."

Warnings or important notes appear in a box like this.

Tips and tricks appear like this.

Reader feedback

Feedback from our readers is always welcome. Let us know what you think about this book-what you liked or disliked. Reader feedback is important for us as it helps us develop titles that you will really get the most out of.

To send us general feedback, simply e-mail feedback@packtpub.com, and mention the book's title in the subject of your message.

If there is a topic that you have expertise