ebook img

The Kubernetes Book PDF

182 Pages·2020·5.658 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview The Kubernetes Book

The Kubernetes Book Nigel Poulton Thisbookisforsaleathttp://leanpub.com/thekubernetesbook Thisversionwaspublishedon2020-09-24 ThisisaLeanpubbook.LeanpubempowersauthorsandpublisherswiththeLeanPublishingprocess.Lean Publishingistheactofpublishinganin-progressebookusinglightweighttoolsandmanyiterationstoget readerfeedback,pivotuntilyouhavetherightbookandbuildtractiononceyoudo. ©2017-2020NigelPoulton Tweet This Book! PleasehelpNigelPoultonbyspreadingthewordaboutthisbookonTwitter! Thesuggestedtweetforthisbookis: IjustboughtTheKubernetesBookfrom@nigelpoultonandcan’twaittogetintothis! Thesuggestedhashtagforthisbookis#kubernetes. Findoutwhatotherpeoplearesayingaboutthebookbyclickingonthislinktosearchforthishashtagon Twitter: #kubernetes Educationisaboutinspiringandcreatingopportunities.Ihopethisbook,andmyvideotrainingcourses,inspire youandcreatelotsofopportunities! Ahugethankstomyfamilyforputtingupwithme.I’mageekwhothinkshe’ssoftwarerunningonmidrange biologicalhardware.Iknowit’snoteasylivingwithme. ThankstoeveryonewhowatchesmyPluralsightandACloudGurutrainingvideos.Iloveconnectingwithyou andappreciateallthefeedbackI’vehadovertheyears.Thisfeedbackiswhatinspiredmetowritethisbook.I thinkyou’llloveit,andIhopeithelpsdriveyourcareerforward. @nigelpoulton Contents 0:Aboutthebook . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Paperbackeditions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Audiobook . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 eBookandKindleeditions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 WhyshouldanyonereadthisbookorcareaboutKubernetes? . . . . . . . . . . . . . . . . . . . . 2 ShouldIbuythebookifI’vealreadywatchedyourvideotrainingcourses?. . . . . . . . . . . . . . 2 Updatestothebook. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Thebook’sGitHubrepo . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Versionsofthebook . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1:Kubernetesprimer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Kubernetesbackground . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 WheredidKubernetescomefrom . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Theoperatingsystemofthecloud . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Chaptersummary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 2:Kubernetesprinciplesofoperation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Kubernetesfrom40Kfeet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Mastersandnodes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 KubernetesDNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 PackagingappsforKubernetes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 Thedeclarativemodelanddesiredstate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 Pods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 Deployments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 Servicesandnetworkstablenetworking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 Chaptersummary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 3:InstallingKubernetes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 Kubernetesplaygrounds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 HostedKubernetes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 DIYKubernetesclusters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 InstallingKubernetes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 PlaywithKubernetes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 DockerDesktop. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 GoogleKubernetesEngine(GKE) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 CONTENTS Otherinstallationmethods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 kubectl . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 Chaptersummary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 4:WorkingwithPods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 Podtheory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 Hands-onwithPods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 ChapterSummary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48 5:KubernetesDeployments. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 Deploymenttheory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 HowtocreateaDeployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54 Performingarollingupdate. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57 Howtoperformarollback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59 Chaptersummary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61 6:KubernetesServices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62 Settingthescene . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62 Theory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62 Hands-onwithServices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69 Realworldexample . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76 ChapterSummary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78 7:Servicediscovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79 Quickbackground . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79 Serviceregistration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80 Servicediscovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83 ServicediscoveryandNamespaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86 Troubleshootingservicediscovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94 8:Kubernetesstorage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95 Thebigpicture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95 StorageProviders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96 TheContainerStorageInterface(CSI) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97 TheKubernetespersistentvolumesubsystem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97 StorageClassesandDynamicProvisioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102 Demo . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106 ChapterSummary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109 9:ConfigMaps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110 Thebigpicture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110 ConfigMaptheory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112 Hands-onwithConfigMaps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114 ChapterSummary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122 10:StatefulSets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123 ThetheoryofStatefulSets. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123 CONTENTS Hands-onwithStatefulSets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127 ChapterSummary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137 11:ThreatmodelingKubernetes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138 Threatmodel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138 Spoofing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138 Tampering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140 Repudiation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142 InformationDisclosure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144 DenialofService . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145 Elevationofprivilege . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148 PodSecurityPolicies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152 TowardsmoresecureKubernetes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154 Chaptersummary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154 12:Real-worldKubernetessecurity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155 CI/CDpipeline . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155 Infrastructureandnetworking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160 Identityandaccessmanagement(IAM) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165 Auditingandsecuritymonitoring. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166 Realworldexample . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168 Chaptersummary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169 Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170 Whatnext . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173 Practicemakesperfect . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173 Morebooks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174 Videotraining . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174 Eventsandmeetups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174 Feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175 0: About the book Thisisanup-to-datebookaboutKubernetesthat’sshortandstraight-to-the-point. Paperback editions Thereareafewdifferentversionsofthepaperbackavailable: • Iself-publishpaperbackcopiesonAmazoninasmanymarketsaspossible • Aspecial-editionpaperbackisavailablefortheIndiansub-continentviaShroffPublishers • AsimplifiedChinesepaperbackisavailableviaPosts&TelecomPressCo.LTDinChina WhyisthereaspecialpaperbackeditionfortheIndiansub-continent? Atthetimeofwriting,theAmazonself-publishingservicewasnotavailableinIndia.ThismeantIdid’nthavea waytogetpaperbackcopiestoreadersinIndia.IconsideredseveraloptionsanddecidedtopartnerwithShroff Publisherswhohavemadealow-costpaperbackavailabletoreadersintheIndiansub-continent.I’mgratefulto Shroffforhelpingmemakethebookavailabletoasmanyreadersaspossible. Audio book There’sahighlyentertainingaudioversionoftheMarch2019editionavailablefromAudible.Thiseditionhasa fewminortweakstotheexamplesandlabssothatthey’reeasiertofollowinanaudiobook.Butasidefromthat, yougetthefullexperience. eBook and Kindle editions Theeasiestplacetogetanelectroniccopyisleanpub.com.It’saslickplatformandupdatesarefreeandsimple. You can also get a Kindle edition from Amazon, which also entitles you to free updates. However, Kindle is notoriously bad at delivering updates. If you have problems getting updates to your Kindle edition, contact KindleSupportandthey’llresolvetheissue. Feedback Ifyoulikethebookanditaddedvalue,pleasesharethelovebyrecommendingittoafriendandleavingareview onAmazon(youcanleaveanAmazonreviewevenifyouboughtitsomewhereelse). 0:Aboutthebook 2 Why should anyone read this book or care about Kubernetes? Kubernetesiswhite-hot,andKubernetesskillsareinhighdemand.So,ifyouwanttopushaheadwithyour careerandworkwithatechnologythat’sshapingthefuture,youneedtoreadthisbook.Ifyoudon’tcareabout yourcareerandarefinebeingleftbehind,don’treadit.It’sthetruth. Should I buy the book if I’ve already watched your video training courses? KubernetesisKubernetes.Soyes,there’sobviouslysimilaritiesbetweenmybooksandvideocourses.Butreading booksandwatchingvideosaretotallydifferentexperiencesandhaveverydifferentimpactsonlearning.Inmy opinion,videosaremorefun,butbooksareeasiertomakenotesinandflickthroughwhenyou’retryingtofind something. IfIwasyou,I’dwatchthevideosand getthebook.Theycomplementeachother,andlearningviamultiple methodsisaprovenstrategy. SomeofmyVideocourses: • GettingStartedwithKubernetes(pluralsight.com) • KubernetesDeepDive(acloud.guru) • Kubernetes101(nigelpoulton.com) • DockerDeepDive(pluralsight.com) Updates to the book I’vedoneeverythingIcantomakesureyourinvestmentinthisbookismaximizedtothefullestextent. AllKindleandLeanpubcustomersreceiveallupdatesatnoextracost.UpdatesworkwellonLeanpub,butit’sa differentstoryonKindle.ManyreaderscomplainthattheirKindledevicesdon’tgetaccesstoupdates.Thisisa commonissue,andonethatiseasilyresolvedbycontactingKindleSupport. IfyoubuyapaperbackversionfromAmazon.com,youcangettheKindleversionatthediscountedpriceof $2.99.ThisisdoneviatheKindleMatchbookprogram.Unfortunately,KindleMatchbookisonlyavailableinthe US,andit’sbuggy—sometimestheKindleMatchbookicondoesn’tappearonthebook’sAmazonsellingpage. ContactKindleSupportifyouhaveissueslikethisandthey’llsortthingsout. Thingswillbedifferentifyoubuythebookthroughotherchannels,asIhavenocontroloverthem.I’matechie, notabookpublisher¯\_(￿)_/¯ The book’s GitHub repo ThebookhasaGitHubrepowithalloftheYAMLcodeandexamplesusedthroughoutthebook: 0:Aboutthebook 3 https://github.com/nigelpoulton/TheK8sBook Versions of the book Kubernetesisdevelopingfast!Asaresult,thevalueofabooklikethisisinverselyproportionaltohowolditis. Whoa,that’samouthful.Putinotherwords,theolderanyKubernetesbookis,thelessvaluableitis.Withthis inmind,I’mcommittedtoupdatingthebookatleastonceperyear.AndwhenIsay“update”,Imeanreal updates—everywordandconceptisreviewed,andeveryexampleistestedandupdated.I’m100%committed tomakingthisbookthebestKubernetesbookintheworld. Ifanupdateeveryyearseemslikealot…welcometothenewnormal. Wenolongerliveinaworldwherea2-year-oldtechnologybookisvaluable.Infact,Iquestionthevalueofa 1-year-oldbookonatopicthat’sdevelopingasfastasKubernetes.Don’tgetmewrong,asanauthorI’dloveto writeabookthatwasusefulfor5years.Butthat’snottheworldwelivein.Again…welcometothenewnormal. • Version7:September 2020. Tested againstKubernetes1.18. Addednewchapter onStatefulSets. Added glossaryofterms. • **Version 6: February 2020. All content tested with Kubernetes version 1.16.6. Added new chapter on servicediscovery.RemovedAppendixaspeoplethoughtitgavethebookanunfinishedfeel. • Version5November2019.AllcontentupdatedandexamplestestedonKubernetes1.16.2.Addednew chapteronConfigMaps.MovedChapter8totheendasanappendixandaddedoverviewofservicemesh technologytotheappendix. • Version4March2019.AllcontentupdatedandallexamplestestedonthelatestversionsofKubernetes. AddednewStorageChapter.Addednewreal-worldsecuritysectionwithtwonewchapters. • Version3November2018.Re-orderedsomechaptersforbetterflow.RemovedtheReplicaSetschapter andshiftedthatcontenttoanimprovedDeployments chapter.Addednewchaptergivingoverviewof othermajorconceptsnotcoveredindedicatedchapters. • Version 2.2 January 2018. Fixed a few typos, added several clarifications, and added a couple of new diagrams. • Version2.1December2017.FixedafewtyposandupdatedFigures6.11and6.12toincludemissinglabels. • Version2.October2017.AddednewchapteronReplicaSets.AddedsignificantchangestoPodschapter. Fixedtyposandmadeafewotherminorupdatestoexistingchapters. • Version1July2017.Initialversion.

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.