DevOps with Kubernetes Second Edition Accelerating software delivery with container orchestrators Hideto Saito Hui-Chuan Chloe Lee Cheng-Yang Wu BIRMINGHAM - MUMBAI DevOps with Kubernetes Second Edition Copyright © 2019 Packt Publishing All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews. Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author(s), nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book. Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information. Commissioning Editor: Gebin George Acquisition Editor: Shrilekha Inani Content Development Editor: Deepti Thore Technical Editor: Varsha Shivhare Copy Editor: Safis Editing Language Support Editor: Storm Mann, Mary McGowan Project Coordinator: Jagdish Prabhu Proofreader: Safis Editing Indexer: Rekha Nair Graphics: Jisha Chirayil Production Coordinator: Aparna Bhagat First published: October 2017 Second edition: January 2019 Production reference: 1280119 Published by Packt Publishing Ltd. Livery Place 35 Livery Street Birmingham B3 2PB, UK. ISBN 978-1-78953-399-6 www.packtpub.com mapt.io Mapt is an online digital library that gives you full access to over 5,000 books and videos, as well as industry leading tools to help you plan your personal development and advance your career. For more information, please visit our website. Why subscribe? Spend less time learning and more time coding with practical eBooks and Videos from over 4,000 industry professionals Improve your learning with Skill Plans built especially for you Get a free eBook or video every month Mapt is fully searchable Copy and paste, print, and bookmark content Packt.com Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.packt.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at [email protected] for more details. At www.packt.com, you can also read a collection of free technical articles, sign up for a range of free newsletters, and receive exclusive discounts and offers on Packt books and eBooks. Contributors About the authors Hideto Saito has around 20 years of experience in the computer industry. In 1998, while working for Sun Microsystems Japan, he was impressed with Solaris OS, OPENSTEP, and Sun Ultra Enterprise 10000 (AKA StarFire). Then, he decided to pursue the UNIX and macOS X operating systems. In 2006, he relocated to Southern California as a software engineer to develop products and services running on Linux and macOS X. He was especially renowned for his quick Objective-C code when he was drunk. He is also an enthusiast of Japanese anime, drama, and motorsports, and loves Japanese Otaku culture. Hui-Chuan Chloe Lee is a DevOps and software developer. She has worked in the software industry on a wide range of projects for over 5 years. As a technology enthusiast, Chloe loves trying and learning about new technologies, which makes her life happier and more fulfilled. In her free time, she enjoys reading, traveling, and spending time with the people she loves. Cheng-Yang Wu has been tackling infrastructure and system reliability since he received his master's degree in computer science from National Taiwan University. His laziness prompted him to master DevOps skills to maximize his efficiency at work so as to squeeze in writing code for fun. He enjoys cooking as it's just like working with software – a perfect dish always comes from balanced flavors and fine-tuned tastes. About the reviewer Guang Ya Liu is a Senior Technical Staff Member (STSM) for IBM Cloud Private and is now focusing on cloud computing, container technology, and distributed computing. He is also a member of the IBM Academy of Technology. He used to be an OpenStack Magnum Core member from 2015 to 2017, and now serves as an Istio maintainer, Kubernetes member, Kubernetes Federation V2 maintainer, and Apache Mesos committer and PMC member. Packt is searching for authors like you If you're interested in becoming an author for Packt, please visit authors.packtpub.com and apply today. We have worked with thousands of developers and tech professionals, just like you, to help them share their insight with the global tech community. You can make a general application, apply for a specific hot topic that we are recruiting an author for, or submit your own idea. Table of Contents Preface 1 Chapter 1: Introduction to DevOps 6 Software delivery challenges 6 Waterfall and static delivery 6 Agile and digital delivery 7 Software delivery on the cloud 8 Continuous integration 9 Continuous delivery 10 Configuration management 10 Infrastructure as code 11 Orchestration 12 The microservices trend 12 Modular programming 13 Package management 13 The MVC design pattern 16 Monolithic applications 17 Remote procedure call 17 RESTful design 19 Microservices 19 Automation and tools 21 Continuous integration tools 21 Configuration management tools 23 Monitoring and logging tools 27 Communication tools 29 The public cloud 30 Summary 33 Chapter 2: DevOps with Containers 34 Understanding containers 34 Resource isolation 34 Linux containers 35 Containerized delivery 39 Getting started with containers 40 Installing Docker for Ubuntu 40 Installing Docker for CentOS 41 Installing Docker for macOS 42 The life cycle of a container 43 The basics of Docker 43 Layers, images, containers, and volumes 45 Distributing images 47 Table of Contents Connecting containers 50 Working with a Dockerfile 53 Writing your first Dockerfile 54 The syntax of a Dockerfile 55 Organizing a Dockerfile 61 Multi-stage builds 63 Multi-container orchestration 64 Piling up containers 65 An overview of Docker compose 66 Composing containers 67 Summary 71 Chapter 3: Getting Started with Kubernetes 72 Understanding Kubernetes 72 Kubernetes components 73 Master components 74 API server (kube-apiserver) 74 Controller manager (kube-controller-manager) 74 etcd 75 Scheduler (kube-scheduler) 75 Node components 75 Kubelet 76 Proxy (kube-proxy) 76 Docker 76 The interaction between the Kubernetes master and nodes 76 Getting started with Kubernetes 77 Preparing the environment 77 kubectl 80 Kubernetes resources 81 Kubernetes objects 81 Namespaces 82 Name 83 Label and selector 84 Annotation 85 Pods 86 ReplicaSet 92 Deployments 97 Services 103 ClusterIP 104 NodePort 109 LoadBalancer 110 ExternalName (kube-dns version >= 1.7) 110 Service without selectors 111 Volumes 113 Secrets 114 Retrieving secrets via files 115 Retrieving secrets via environment variables 117 ConfigMap 118 Using ConfigMap via volume 119 Using ConfigMap via environment variables 120 Multi-container orchestration 121 [ ii ] Table of Contents Summary 129 Chapter 4: Managing Stateful Workloads 130 Kubernetes volume management 130 Container volume life cycle 130 Sharing volume between containers within a pod 132 Stateless and stateful applications 132 Kubernetes' persistent volume and dynamic provisioning 135 Abstracting the volume layer with a persistent volume claim 137 Dynamic provisioning and StorageClass 140 Problems with ephemeral and persistent volume settings 143 Replicating pods with a persistent volume using StatefulSet 148 Submitting Jobs to Kubernetes 150 Submitting a single Job to Kubernetes 151 Submitting a repeatable Job 153 Submitting a parallel Job 154 Scheduling running a Job using CronJob 155 Summary 157 Chapter 5: Cluster Administration and Extension 158 Kubernetes namespaces 159 Context 159 Creating a context 160 Switching the current context 160 Kubeconfig 160 Service account 162 Authentication and authorization 163 Authentication 165 Service account token authentication 165 User account authentication 166 Authorization 167 Role-based access control (RBAC) 168 Roles and ClusterRoles 169 RoleBinding and ClusterRoleBinding 170 Admission control 172 NamespaceLifecycle 173 LimitRanger 173 ServiceAccount 173 PersistentVolumeLabel 173 DefaultStorageClass 173 ResourceQuota 174 DefaultTolerationSeconds 174 PodNodeSelector 174 AlwaysPullImages 175 DenyEscalatingExec 175 Other admission controller plugins 175 [ iii ] Table of Contents Dynamic admission control 175 Admission webhook 176 Custom resources 182 Custom resources definition 182 Summary 189 Chapter 6: Kubernetes Network 190 Kubernetes networking 190 Docker networking 191 Container-to-container communications 194 Pod-to-pod communications 196 Pod communication within the same node 196 Pod communication across nodes 197 Pod-to-service communications 200 External-to-service communications 203 Ingress 205 Network policy 209 Service mesh 213 Summary 218 Chapter 7: Monitoring and Logging 219 Inspecting a container 219 The Kubernetes dashboard 221 Monitoring in Kubernetes 223 Monitoring applications 223 Monitoring infrastructure 224 Monitoring external dependencies 224 Monitoring containers 225 Monitoring Kubernetes 225 Getting monitoring essentials for Kubernetes 226 Hands-on monitoring 229 Getting to know Prometheus 229 Deploying Prometheus 230 Working with PromQL 231 Discovering targets in Kubernetes 231 Gathering data from Kubernetes 236 Visualizing metrics with Grafana 238 Logging events 240 Patterns of aggregating logs 240 Collecting logs with a logging agent per node 240 Running a sidecar container to forward written logs 242 Ingesting Kubernetes state events 243 Logging with Fluent Bit and Elasticsearch 244 Extracting metrics from logs 247 Incorporating data from Istio 248 The Istio adapter model 250 [ iv ]