Search in book...
Toggle Font Controls
Create new playlist

Name your new playlist

Playlist description (optional)
Sign In

Email address

Password

Forgot Password?

or

Continue with Facebook

Continue with Google
Sign Up

Full Name

Email address

Confirm Email Address

Password

or

Continue with Facebook

Continue with Google

Previous Chapter

About the Authors

Index

A

access control, Security and Backups-RBAC Troubleshooting
ACI (Azure Container Instances), Azure Container Instances (ACI)
admission controller, PodPresets
AKS (Azure Kubernetes Service), Azure Kubernetes Service (AKS)
alerting, Alerting on Metrics
Alertmanager, Prometheus
aliases, Shell Aliases, Using BusyBox Commands
allowPrivilegeEscalation, Disabling Privilege Escalation
Alpine Linux, Understanding Dockerfiles
Amazon Cloudwatch, AWS Cloudwatch
Anchore Engine, Anchore Engine
annotations
- owner, Using owner metadata
- versus labels, Labels and Annotations
Ansible, Ansible
application deployment
- building manifests with Helm, Building Manifests with Helm-Specifying Dependencies
- deploying Helm charts, Deploying Helm Charts-Managing Helm Chart Secrets with Sops
- managing multiple charts with Helmfile, Managing Multiple Charts with Helmfile-Applying the Helmfile
- manifest management tools, Advanced Manifest Management Tools-kubeval
- metrics for, Application metrics
Application Performance Monitoring, Datadog
Aqua, Aqua
audit logging, Kubernetes Audit Logging
autoscaling
- benefits of, Autoscaling
- nodes, Cluster Autoscaling
- replicas, Horizontal Pod Autoscalers
- Vertical Pod Autoscaler, Vertical Pod Autoscaler
Azure Container Instances (ACI), Azure Container Instances (ACI)
Azure Event Grid, Azure Container Instances (ACI)
Azure Kubernetes Service (AKS), Azure Kubernetes Service (AKS)
Azure Monitor, Azure Monitor
Azure Pipelines, Azure Pipelines

B

b64enc, Managing Helm Chart Secrets with Sops
backups, Backups-Other uses for Velero
bare-metal servers, Kubernetes on, Bare-Metal and On-Prem
base64
- encoding and decoding, base64
- in Helm charts, Managing Helm Chart Secrets with Sops
Borg, From Borg to Kubernetes
Borgmon, Prometheus
BusyBox, Using BusyBox Commands

C

cAdvisor, Kubernetes Metrics
capabilities, Capabilities
capacity planning, Capacity Planning
CD (see continuous deployment (CD))
cert-manager, Automating LetsEncrypt certificates with Cert-Manager
Certified Kubernetes, Certified Kubernetes
Certified Kubernetes Administrator (CKA), Certified Kubernetes Administrator (CKA)
chaos testing, Chaos Testing
chaoskube, chaoskube
checksum/config, Updating Pods on a Config Change
circuit breaker pattern, Services and circuit breakers
CKA (Certified Kubernetes Administrator), Certified Kubernetes Administrator (CKA)
Clair, Clair
Click, Click
client-go, Building Your Own Kubernetes Tools
Cloud Build
- benefits of, Google Cloud Build
- CD example, A CD Pipeline with Cloud Build
- pipeline, Introducing Cloud Build
cloud functions, Cloud functions and funtainers
Cloud Native Computing Foundation (CNCF), Cloud Native, CNCF Certification
cloud native, definition of term, Cloud Native
cloud-controller-manager, The Control Plane
Cloudwatch, AWS Cloudwatch
cluster balancing, Keeping Your Workloads Balanced
cluster-admin role, Understanding Roles-Guard Access to Cluster-Admin
clusterIP, StatefulSets
ClusterRoleBinding, Binding Roles to Users
clusters
- administration overhead, Administration Overhead
- architecture, Cluster Architecture
- autoscaling, Cluster Autoscaling, Autoscaling
- backing up cluster state, Backing Up Cluster State-Other uses for Velero
- conformance checking, Conformance Checking-Conformance Testing with Sonobuoy
- federation, Federated clusters
- health metrics, Cluster health metrics
- maximum size, The biggest cluster
- minimum size, The smallest cluster
- monitoring cluster status, Monitoring Cluster Status-Further Reading
- multiple, Do I need multiple clusters?
- node types, Node Components
- optimizing cluster costs, Optimizing Cluster Costs-Keeping Your Workloads Balanced
- scaling, Scaling the Cluster
- self-hosted, The Costs of Self-Hosting Kubernetes
- setup tools, Kubernetes Installers
- sizing, Cluster Sizing and Scaling
- validation and auditing, Validation and Auditing-PowerfulSeal
CNCF (Cloud Native Computing Foundation), Cloud Native, CNCF Certification
Codefresh, Codefresh
completions, Jobs
Concourse, Concourse
config file
- creating from ConfigMap, Creating Config Files from ConfigMaps
- creating from Secret, Writing Secrets to Files
ConfigMap
- creating config file from, Creating Config Files from ConfigMaps
- purpose of, ConfigMaps
- setting command-line arguments from, Using Environment Variables in Command Arguments
- setting environment variables from, Setting Environment Variables from ConfigMaps
- updating Deployment on changes to, Updating Pods on a Config Change
configMapKeyRef, Setting Environment Variables from ConfigMaps
configuration management, The State of the Art
conformance testing
- benefits of, Conformance Checking
- using Sonobouy, Conformance Testing with Sonobuoy
container registry, Container Registries
ContainerCreating status, If the Container Doesn’t Start
containers (see also Docker)
- arguments, Using Environment Variables in Command Arguments
- building, Building a Container
- capabilities, Capabilities
- container security, Container Security-Pod Security Policies
- entrypoint, What Belongs in a Container?
- image identifier, Image Identifiers
- image pull secrets, Image Pull Secrets
- internals, What Is a Container?
- managing container life cycles, Managing the Container Life Cycle-maxUnavailable
- manifest, Container Manifests
- metrics for, Container metrics
- minimal, Minimal Container Images
- multi-stage builds, Understanding Dockerfiles
- origins, The Coming of Containers
- processes, What Belongs in a Container?
- ready status, Workloads
- restart policy, Restart Policies
- runtime, Node Components
- tag, Image Identifiers
- tools and utilities for, Working with Containers-Live Debugging with kubesquash
- user, Running Containers as a Non-Root User
Containership Kubernetes Engine, Containership Kubernetes Engine (CKE)
contexts, Contexts and Namespaces-Stern
continuous deployment (CD)
- Cloud Build pipeline, A CD Pipeline with Cloud Build-Adapting the Example Pipeline
- introduction to, What Is Continuous Deployment?
- tools for, Which CD Tool Should I Use?-Keel
Contour, Ingress Controllers
control plane
- failure, Control plane failure
- purpose of, The Control Plane
- status information, Control plane status
Copper, Copper
counters, Counters and Gauges
CPU utilization, CPU and Memory Utilization
CrashLoopBackOff, Workloads
CreateContainerConfigError, Blocking Root Containers
Cronjob, Cronjobs
custom resource definition, Operators and Custom Resource Definitions (CRDs)

D

DaemonSet, DaemonSets
Dashboard, Kubernetes Dashboard
dashboards
- for specific services, Dashboard Things That Break
- layout of, Use a Standard Layout for All Services
- master dashboards, Build an Information Radiator with Master Dashboards
Datadog, Datadog
debugging, Live Debugging with kubesquash
Deployment objects
- describing, Querying Deployments
- introduction, Deployments
- listing, Querying Deployments
- manifest, Deployment Manifests
- restart policy, Restarting Containers
deployments (see also application deployment)
- blue/green, Blue/Green Deployments
- canary, Canary Deployments
- metrics for, Deployment metrics
- rainbow, Rainbow Deployments
- strategies for, Deployment Strategies-Canary Deployments
- zero-downtime, Readiness Probes, Deployment Strategies
Descheduler, Keeping Your Workloads Balanced
developer productivity engineering (DPE), Developer Productivity Engineering
development workflow
- deployment strategies, Deployment Strategies
- development tools, Development Tools-Knative
- handling migrations with Helm, Handling Migrations with Helm
DevOps, The Dawn of DevOps-Learning Together, Distributed DevOps-Summary
dlv, Live Debugging with kubesquash
DNS names, communicating with Services in other namespaces, Service Addresses
Docker
- commands
  - container run, Running a Container Image, Running Your Image
  - image build, Running docker image build
  - image push, Naming and Pushing Your Image
  - image tag, Naming and Pushing Your Image
  - login, Authenticating to the Registry
- installing, Installing Docker Desktop
- introduction, What Is Docker?
- naming and tagging images, Naming Your Images
- version, Installing Docker Desktop
Docker Hub
- authentication, Authenticating to the Registry
- Docker ID creation, Container Registries
- triggers and, Docker Hub
Dockerfile, introduction to, Understanding Dockerfiles
DPE (developer productivity engineering), Developer Productivity Engineering
Draft, Draft
draining nodes, Checking Spare Capacity, Scaling down
Drone, Drone

E

edit role, What Roles Do I Need?
Elastic Container Service for Kubernetes (EKS)
- benefits of, Amazon Elastic Container Service for Kubernetes (EKS)
- Fargate support, Amazon Fargate
emptyDir, emptyDir Volumes
encryption at rest, Encryption at Rest
env, Environment Variables
envFrom, Setting the Whole Environment from a ConfigMap
environment variables
- benefits and drawbacks of, Environment Variables
- creating from Secret, Using Secrets as Environment Variables
- setting from ConfigMap, Setting Environment Variables from ConfigMaps
- setting with Helm, Creating a environment variable
Envoy load balancer, Envoy
ErrImagePull status, If the Container Doesn’t Start
etcd, The Control Plane, Backups
Evans, Julia, The Kubernetes Scheduler
eviction, maxUnavailable
exec probe, Other Types of Probes

F

Fargate, Amazon Fargate
federation, Federated clusters
file probe, File-Based Readiness Probes
Flux, Flux
funtainers, Cloud functions and funtainers

G

garbage collection, Cleaning Up Unused Resources
gauges, Counters and Gauges
Git
- clone command, The Demo Application
- installing, The Demo Application
- SHA tags, Git SHA Tags
Gitkube, Gitkube
GitLab CI, GitLab CI
GitOps, Flux
GKE (Google Kubernetes Engine), Google Kubernetes Engine (GKE), Cloud Provider Console
GnuPG, Encrypting a File with Sops
Go language, introduction to, Introducing Go
Go templates, Helm Templates
Google Cloud Build, Google Cloud Build, A CD Pipeline with Cloud Build-Adapting the Example Pipeline
Google Kubernetes Engine (GKE)
- benefits of, Google Kubernetes Engine (GKE)
- console, Cloud Provider Console
Google Stackdriver, Google Stackdriver
GPU, Heterogeneous nodes
Grafana, Prometheus
gray failures, Cloud native applications are never up
grpc, gRPC Probes

H

Hausenblas, Michael, Further Reading
healthz endpoint, Liveness Probes
Helm
- commands
  - dependency update, Specifying Dependencies
  - init, Installing Helm
  - install, Installing a Helm Chart, Specifying Values in a Helm Release
  - list, Listing Helm Releases
  - repo add, Creating a Helm Chart Repo
  - repo index, Creating a Helm Chart Repo
  - rollback, Rolling Back to Previous Versions
  - status, Listing Helm Releases
  - template, Validating the Kubernetes Manifests
  - upgrade, Updating an App with Helm
  - version, Installing Helm
- flags
  - --set, Specifying Values in a Helm Release
  - --values, Specifying Values in a Helm Release
- hooks, Helm Hooks, Other Hooks
- installing, Installing Helm
- introduction, Helm: A Kubernetes Package Manager
- managing secrets with Sops, Managing Helm Chart Secrets with Sops
- release, Installing a Helm Chart
- requirements.yaml, Specifying Dependencies
- Tiller connection error, Installing Helm
Helm chart
- Chart.yaml, The Chart.yaml file
- contents, What’s Inside a Helm Chart?
- definition, Charts, Repositories, and Releases
- installing and using, Helm: A Kubernetes Package Manager
- layout, Installing a Helm Chart
- quoting values, Quoting Values in Templates
- release, Charts, Repositories, and Releases
- repository, Charts, Repositories, and Releases, Creating a Helm Chart Repo
- template format, Helm Templates
- template syntax, Helm Templates
- templates, Helm Templates
- values.yaml, The values.yaml file
- variables, Interpolating Variables
helm-monitor, Automatic rollback with helm-monitor
helm.sh/hook, Helm Hooks
helm.sh/hook-delete-policy, Helm Hooks
helm.sh/hook-weight, Chaining Hooks
helm.sh/resource-policy, Keeping Secrets
Helmfile
- alternatives to, Applying the Helmfile
- chart metadata, Chart Metadata
- contents, What’s in a Helmfile?
- managing multiple charts with, Managing Multiple Charts with Helmfile
- sync command, Applying the Helmfile
Heptio Kubernetes Subscription (HKS), Heptio Kubernetes Subscription (HKS)
high availability
- configuring, High Availability
- Google Kubernetes Engine, Google Kubernetes Engine (GKE)
- testing, Trust, but verify
Hightower, Kelsey, What Makes Kubernetes So Valuable?, Kubernetes The Hard Way
HKS (Heptio Kubernetes Service), Heptio Kubernetes Subscription (HKS)
Horizontal Pod Autoscaler, Horizontal Pod Autoscalers
httpGet probe, Liveness Probes

I

IaaS (infrastructure as a service), Infrastructure as a Service
IBM Cloud Kubernetes Service, IBM Cloud Kubernetes Service
ImagePullBackOff status, If the Container Doesn’t Start
imagePullPolicy, Image Pull Policy
imagePullSecrets, Image Pull Secrets
information radiator, Build an Information Radiator with Master Dashboards
infrastructure as a service (IaaS), Infrastructure as a Service
infrastructure as code, Infrastructure as Code
Ingress
- Contour, Ingress Controllers
- controller, Ingress Controllers
- nginx-ingress, Ingress Controllers
- rules, Ingress Rules
- TLS, Terminating TLS with Ingress
- Traefik, Ingress Controllers
initialDelaySeconds, Probe Delay and Frequency
installation and management
- cluster architecture, Cluster Architecture-Trust, but verify
- clusterless container services, Clusterless Container Services
- Kubernetes installers, Kubernetes Installers-Kubeformation
- managed Kubernetes services, Managed Kubernetes Services-Heptio Kubernetes Subscription (HKS)
- recommendations for, Buy or Build: Our Recommendations-Bare-Metal and On-Prem
- self-hosting costs, The Costs of Self-Hosting Kubernetes-Start with Managed Services
- turnkey Kubernetes solutions, Turnkey Kubernetes Solutions
instance group, Instance groups
instances
- preemptible, Using Preemptible (Spot) Instances
- reserved, Using Reserved Instances
- spot, Using Preemptible (Spot) Instances
IOPS, Optimizing Storage
Istio, Istio

J

Jenkins, Jenkins
Jobs
- cleaning up, Cleaning up completed Jobs
- completions field, Jobs
- parallelism field, Jobs
jq, Working with JSON Data and jq
JSON, Working with JSON Data and jq
Jsonnet, ksonnet

K

K8Guard, K8Guard
Kapitan, Kapitan
Keel, Keel
KMS (Key Management Service), Encrypting Secrets with Sops-Using a KMS Backend
Knative, Knative
kompose, kompose
kops, kops
KPIs, Business Metrics
ksonnet, ksonnet
kube-apiserver, The Control Plane
kube-bench, kube-bench
kube-controller-manager, The Control Plane
kube-hunter, Aqua
kube-job-cleaner, Cleaning up completed Jobs
kube-lego, Automating LetsEncrypt certificates with Cert-Manager
kube-monkey, kube-monkey
kube-ops-view, kube-ops-view
kube-proxy, Node Components
kube-ps1, kube-ps1
kube-scheduler, The Control Plane
kube-shell, kube-shell
kube-state-metrics, Kubernetes Metrics
kubeadm, kubeadm
kubectl
- abbreviated flags, Using Short Flags
- abbreviated resource types, Abbreviating Resource Types
- auto-completion, Auto-Completing kubectl Commands
- automation, Building Your Own Kubernetes Tools
- commands
  - apply, Using kubectl apply
  - attach, Attaching to a Container
  - cluster-info, Contexts and Namespaces
  - config, Contexts and Namespaces
  - create, Imperative kubectl Commands, Creating ConfigMaps
  - delete, Maintaining Desired State, Imperative kubectl Commands
  - delete -f, Service Resources
  - describe, Querying Deployments, Querying the Cluster with kubectl, Describing Objects
  - diff, When Not to Use Imperative Commands, Diffing Resources
  - drain, Scaling down
  - edit, Imperative kubectl Commands
  - exec, Executing Commands on Containers
  - explain, Getting Help on Kubernetes Resources
  - get, Running the Demo App, Querying Deployments
  - get all, Querying the Cluster with kubectl
  - get componentstatuses, Control plane status
  - get nodes, Querying the Cluster with kubectl, Node status
  - logs, Viewing a Container’s Logs
  - port-forward, Running the Demo App, Forwarding a Container Port
  - run, Running the Demo App, Pods
  - taint, Taints and Tolerations
  - top, CPU and Memory Utilization
- contexts, Contexts and Namespaces
- features, Querying the Cluster with kubectl
- flags
  - --all-namespaces, Workloads
  - --command, Running Containers for Troubleshooting
  - --container, Viewing a Container’s Logs, Executing Commands on Containers
  - --export, Exporting Resources
  - --follow, Viewing a Container’s Logs
  - --restart, Running Containers for Troubleshooting
  - --rm, Running Containers for Troubleshooting
  - --selector, Using Short Flags, Selectors
  - --show-labels, Selectors
  - --tail, Viewing a Container’s Logs
  - --watch, Watching Objects
  - -h, Getting Help
  - -it, Running Containers for Troubleshooting
  - -o json, Working with JSON Data and jq
  - -o jsonpath, Working with JSON Data and jq
  - -o wide, Showing More Detailed Output
  - -o yaml, Generating Resource Manifests
kubectx, kubectx and kubens
kubed-sh, kubed-sh
Kubeformation, Kubeformation
kubelet, Node Components, The Kubernetes Scheduler
kubens, kubectx and kubens
Kubernetes
- application deployment, Deploying Kubernetes Applications-Summary
- backups and restoration, Backups-Other uses for Velero
- benefits of, From Borg to Kubernetes-Cloud functions and funtainers
- cluster monitoring, Monitoring Cluster Status-Further Reading
- cluster operation, Operating Clusters-PowerfulSeal
- configuration, Configuration and Secrets-Updating Pods on a Config Change
- container management, Running Containers-Summary
- continuous deployment, Continuous Deployment in Kubernetes-Summary
- development workflow, Development Workflow-Summary
- first steps, Running Your First Container-Summary
- installation and management, Getting Kubernetes-Summary
- Kubernetes objects, Working with Kubernetes Objects-Summary
- metrics, Metrics in Kubernetes-Summary
- observability and monitoring, Observability and Monitoring-Summary
- origins of, Kubernetes
- Pod management, Managing Pods-Summary
- resource management, Managing Resources-Summary
- Secrets, Kubernetes Secrets-Using a KMS Backend
- security, Access Control and Permissions-Anchore Engine
- tools and utilities, Kubernetes Power Tools-Summary
Kubernetes Certified Service Provider, Kubernetes Certified Service Provider (KCSP)
Kubernetes The Hard Way (Hightower), Kubernetes The Hard Way
Kubespray, Kubespray
kubespy, Watching Kubernetes Resources with kubespy
kubesquash, Live Debugging with kubesquash
kubeval, kubeval, Validating the Kubernetes Manifests
kustomize, kustomize

L

labels
- Service matching, Service Resources
- working with, Labels-Labels and Annotations
Lambda, Cloud functions and funtainers
latest tag, The latest Tag
LimitRange, Default Resource Requests and Limits
limits, resource, Resource Limits
liveness probe, Liveness Probes, Services and circuit breakers
load balancer, Ingress Controllers
logs
- audit logging, Kubernetes Audit Logging
- information included in, Logging
- limitations, The limits of logging
- viewing, Viewing a Container’s Logs, Stern

M

managed services
- Amazon Elastic Container Service for Kubernetes, Amazon Elastic Container Service for Kubernetes (EKS)
- Azure Kubernetes Service, Azure Kubernetes Service (AKS)
- benefits of, Managed Kubernetes Services
- cluster autoscaling, Cluster Autoscaling
- Google Kubernetes Engine, Google Kubernetes Engine (GKE)
- Heptio Kubernetes Subscription, Heptio Kubernetes Subscription (HKS)
- IBM Cloud Kubernetes Service, IBM Cloud Kubernetes Service
- OpenShift, OpenShift
- recommendations for, Use Managed Kubernetes if You Can
manifest
- applying, Using kubectl apply
- introduction, Resource Manifests in YAML Format
- templating, Helm Templates
- validating, kubeval
master nodes, minimum number, Control plane failure
maxSurge, maxSurge and maxUnavailable
maxUnavailable, maxUnavailable, maxSurge and maxUnavailable
median, Means, Medians, and Outliers
memory utilization, CPU and Memory Utilization
metrics
- alerting, Alerting on Metrics
- application, Application metrics
- averages, What’s Wrong with a Simple Average?
- business, Business Metrics
- cluster health, Cluster health metrics
- containers, Container metrics
- dashboards, Use a Standard Layout for All Services
- deployments, Deployment metrics
- introduction, Introducing Metrics
- percentiles, Discovering Percentiles
- radiator, Build an Information Radiator with Master Dashboards
- RED pattern, Services: The RED Pattern
- runtime, Runtime metrics
- tools and services, Metrics Tools and Services-New Relic
- USE pattern, Resources: The USE Pattern
- uses, What Are Metrics, Really?
MicroScanner, Aqua
microservices, Cloud Native
Microsoft Flow, Azure Container Instances (ACI)
migrations, Handling Migrations with Helm
minAvailable, minAvailable
Minikube, Minikube
minimal containers, Keep Your Containers Small
minReadySeconds, minReadySeconds
monitoring
- black-box, Black-Box Monitoring, External Black-Box Checks
- definition, What Is Monitoring?
- internal health checks, Internal Health Checks-Graceful degradation
- limitations, The limits of black-box monitoring

N

namespaces
- default, Working with Namespaces
- kube-system, Working with Namespaces
- tools and utilities for, Contexts and Namespaces-kube-ps1
- using, Using Namespaces
network policies, What Namespaces Should I Use?
New Relic, New Relic
nginx-ingress, Ingress Controllers
nines of uptime, What Does “Up” Mean?
node affinities, Using node affinities to control scheduling, Node Affinities
node-problem-detector, node-problem-detector
nodes
- draining, Scaling down
- GPU, Heterogeneous nodes
- instance types, Using Reserved Instances, Cloud instance types
- sizing, Optimizing Nodes, Picking the right node size
- status, Node status
nodeSelectorTerms, Hard Affinities

O

observability
- culture of, Building an observability culture
- definition, Observability
- distinction from monitoring, Observability is about understanding
- monitoring in Kubernetes, Monitoring in Kubernetes-Graceful degradation
- pipeline for, The Observability Pipeline
Omega, From Borg to Kubernetes
on-call, tempering with mercy, On-call Should Not Be Hell
OpenMetrics, Prometheus
OpenShift, OpenShift
operator, Operators and Custom Resource Definitions (CRDs)
orchestration, Conducting the Container Orchestra
overcommitting resources, Resource Limits

P

parallelism, Jobs
percentiles, Discovering Percentiles
periodSeconds, Probe Delay and Frequency
permissions, Access Control and Permissions-Introducing Role-Based Access Control (RBAC)
persistent volumes, Persistent Volumes
PersistentVolumeClaim, Persistent Volumes
Platform-as- a-Service (PaaS), OpenShift
Pod objects
- affinity, Pod Affinities and Anti-Affinities
- concept, Containers and Pods
- introduction to, Pods
- multiple containers in, What Belongs in a Pod?
- Pod management, Managing Pods-Summary
- replicas, Updating an App with Helm
- security context, Pod Security Contexts
- service account, Pod Service Accounts
- template, Querying Deployments
PodDisruptionBudget, Pod Disruption Budgets, Scaling down
PodPreset, PodPresets
PodSecurityPolicy, Pod Security Policies
port forwarding
- explanation, Port Forwarding
- via Service, Service Resources
- with Docker, Port Forwarding
- with kubectl, Running the Demo App
PowerfulSeal, PowerfulSeal
preferredDuringSchedulingIgnoredDuringExecution, Node Affinities
principle of least privilege, Container Security
probes
- /healthz endpoint, Liveness Probes
- exec, Other Types of Probes
- file, File-Based Readiness Probes
- gRPC, gRPC Probes
- httpGet, Liveness Probes
- initialDelaySeconds, Probe Delay and Frequency
- liveness, Liveness Probes
- periodSeconds, Probe Delay and Frequency
- readiness, Readiness Probes
- redirect, Readiness Probes
- tcpSocket, Other Types of Probes
Prometheus
- alternataives to, Prometheus
- benefits of, Prometheus
- Borgmon tool and, Prometheus
- metrics format, Prometheus
- pull monitoring in, Prometheus
Puppet Kubernetes module, Puppet Kubernetes Module

R

Rancher Kubernetes Engine (RKE), Rancher Kubernetes Engine (RKE)
RBAC (Role-Based Acces Control), Introducing Role-Based Access Control (RBAC)-RBAC Troubleshooting
readiness probe, Readiness Probes, Services and circuit breakers
readOnlyRootFilesystem, Setting a Read-Only Filesystem
reconciliation loop, Maintaining Desired State
Recreate, Deployment Strategies-Recreate
RED pattern, Services: The RED Pattern
replicas
- changing number of, Updating an App with Helm
- sizing, Optimizing Deployments
ReplicaSet objects, ReplicaSets
replication, Do I Need to Back Up Kubernetes?
requiredDuringSchedulingIgnoredDuringExecution, Node Affinities
ResourceQuota, Resource Quotas
resources
- limits, Resource Limits, Default Resource Requests and Limits, Optimizing Pods
- requests, Resource Requests, Optimizing Pods
- stranded, Optimizing Nodes
- tools and utilities for, Working with Resources-Diffing Resources
- units, Resource Units
restartPolicy, Restart Policies
Rice, Liz, What Is a Container?, Further Reading
RKE (Rancher Kubernetes Engine), Rancher Kubernetes Engine (RKE)
Role-Based Access Control (RBAC), Introducing Role-Based Access Control (RBAC)-RBAC Troubleshooting
RoleBinding, Binding Roles to Users
RollingUpdate, Rolling Updates
run less software philosophy, Buy or Build: Our Recommendations
runAsNonRoot, Blocking Root Containers
runAsUser, Running Containers as a Non-Root User
Running status, If the Container Doesn’t Start

S

scheduler
- introduction, The Kubernetes Scheduler
- kube-scheduler, The Control Plane
- resource evaluation and, Understanding Resources
secretKeyRef, Using Secrets as Environment Variables
Secrets
- creating config file from, Writing Secrets to Files
- encrypting with Sops, Encrypting a File with Sops-Encrypting a File with Sops
- management strategies, Secrets Management Strategies-Recommendations
- opaque representation, base64
- purpose of, Kubernetes Secrets
- setting environment variables from, Using Secrets as Environment Variables
security, Security and Backups-Anchore Engine, Git SHA Tags
securityContext, Pod Security Contexts
selectors, Selectors
self-hosting, The Costs of Self-Hosting Kubernetes
service accounts, application default, Applications and Deployment
Service objects
- DNS names and, Service Addresses
- headless, StatefulSets
- introduction, Service Resources
- manifest, Service Resources
- matching labels, Service Resources
- port forwarding, Service Resources
serviceAccountName, Pod Service Accounts
setuid binaries, Disabling Privilege Escalation
SHA tags, Git SHA Tags
Skaffold, Skaffold
Sonobuoy, Conformance Testing with Sonobuoy
Sops
- encrypting secrets with, Encrypting Secrets with Sops-Using a KMS Backend
- with Helm charts, Managing Helm Chart Secrets with Sops
Spinnaker, Spinnaker
SRE, Developer Productivity Engineering
Stackdriver, Google Stackdriver
Stackpoint, Stackpoint
StatefulSet, StatefulSets
Stern, Stern
substitutions, in Cloud Build, Creating a Deploy Trigger

T

tags
- default (latest), The latest Tag
- purpose of, Image Identifiers
taints, Taints and Tolerations
Tarmak, Tarmak
tcpSocket probe, Other Types of Probes
Telepresence, Telepresence
Terminating status, Maintaining Desired State
time series, Time Series Data
TK8, TK8
TLS (Transport Layer Security)
- automatic certificate requests, Automating LetsEncrypt certificates with Cert-Manager
- termination, Terminating TLS with Ingress
tolerations, Taints and Tolerations
tools and utilities
- building your own, Building Your Own Kubernetes Tools
- contexts and namespaces, Contexts and Namespaces-kube-ps1
- kubectl (see kubectl)
- Kubernetes shells and tools, Kubernetes Shells and Tools
- working with containers, Working with Containers-Live Debugging with kubesquash
- working with Resources, Working with Resources-Diffing Resources
tracing, Tracing
Traefik, Ingress Controllers
Transport Layer Security (TLS)
- automatic certificate requests, Automating LetsEncrypt certificates with Cert-Manager
- termination, Terminating TLS with Ingress
triggers, in Cloud Build, Creating the First Build Trigger
turnkey services, Turnkey Kubernetes Solutions, When Your Choices Are Limited

U

undifferentiated heavy lifting, Run Less Software
uptime, What Does “Up” Mean?
Uptime Robot, Don’t build your own monitoring infrastructure
USE pattern, Resources: The USE Pattern

V

validation and auditing, Validation and Auditing-Kubernetes Audit Logging
Vault, Use a Dedicated Secrets Management Tool
Velero
- commands
  - backup create, Creating a Velero backup
  - backup download, Restoring data
  - backup get, Restoring data
  - restore, Restoring data
  - schedule create, Scheduling Velero backups
  - schedule get, Scheduling Velero backups
- configuring, Configuring Velero
- function of, Velero
vendor lock-in, But What About Vendor Lock-in?
Vertical Pod Autoscaler, Vertical Pod Autoscaler
view role, What Roles Do I Need?
volumes, Volumes-Persistent Volumes
- emptyDir, emptyDir Volumes
- persistent, Persistent Volumes

W

Weave Scope, Weave Scope
weights
- for soft affinities, Soft Affinities
- helm.sh/hook-weight property, Chaining Hooks
- purpose of, Soft Affinities
- soft anti-affinities, Soft Anti-Affinities
worker nodes
- components, Node Components
- failure, Worker node failure

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.

18.220.20.210