Title Page Copyright and Credits Getting Started with Kubernetes Third Edition Dedication Packt Upsell Why subscribe? Packt.com Contributors About the authors About the reviewer Packt is searching for authors like you Preface Who this book is for What this book covers To get the most out of this book Download the example code files Download the color images Conventions used Get in touch Reviews Introduction to Kubernetes Technical requirements A brief overview of containers What is a container? cgroups Namespaces  Union filesystems Why are containers so cool? The advantages of Continuous Integration/Continuous Deployment Resource utilization Microservices and orchestration Future challenges Our first clusters Running Kubernetes on GCE Kubernetes UI Grafana Command line Services running on the master Services running on the minions Tearing down a cluster Working with other providers CLI setup IAM setup Cluster state storage Creating your cluster Other modes Resetting the cluster Investigating other deployment automation Local alternatives Starting from scratch Cluster setup Installing Kubernetes components (kubelet and kubeadm) Setting up a master Joining nodes Networking Joining the cluster Summary Questions Further reading Building a Foundation with Core Kubernetes Constructs Technical requirements The Kubernetes system Nucleus Application layer Governance layer Interface layer Ecosystem The architecture The Master Cluster state Cluster nodes Master Nodes (formerly minions) Core constructs Pods Pod example Labels The container's afterlife Services Replication controllers and replica sets Our first Kubernetes application More on labels Replica sets Health checks TCP checks Life cycle hooks or graceful shutdown Application scheduling Scheduling example Summary Questions Further reading Working with Networking, Load Balancers, and Ingress Technical requirements Container networking The Docker approach Docker default networks Docker user-defined networks The Kubernetes approach Networking options Networking comparisons Weave Flannel Project Calico Canal Kube-router Balanced design Advanced services External services Internal services Custom load balancing Cross-node proxy Custom ports Multiple ports Ingress Types of ingress Migrations, multicluster, and more Custom addressing Service discovery DNS Multitenancy Limits A note on resource usage Summary Questions Further reading Implementing Reliable Container-Native Applications Technical requirements How Kubernetes manages state Deployments Deployment use cases Scaling Updates and rollouts History and rollbacks Autoscaling Jobs Other types of jobs Parallel jobs Scheduled jobs DaemonSets Node selection Summary Questions Exploring Kubernetes Storage Concepts Technical requirements Persistent storage Temporary disks Cloud volumes GCE Persistent Disks AWS Elastic Block Store Other storage options PersistentVolumes and Storage Classes Dynamic volume provisioning StatefulSets A stateful example Summary Questions Further reading Application Updates, Gradual Rollouts, and Autoscaling Technical requirements Example setup Scaling up Smooth updates Testing, releases, and cutovers Application autoscaling Scaling a cluster Autoscaling Scaling up the cluster on GCE Scaling up the cluster on AWS Scaling manually Managing applications Getting started with Helm Summary Questions Further reading Designing for Continuous Integration and Delivery Technical requirements Integrating Kubernetes with a continuous delivery pipeline gulp.js Prerequisites gulp.js build example The Kubernetes plugin for Jenkins Prerequisites Installing plugins Configuring the Kubernetes plugin Helm and Minikube Bonus fun Summary Questions Further reading Monitoring and Logging Technical requirements Monitoring operations Built-in monitoring Exploring Heapster Customizing our dashboards FluentD and Google Cloud Logging FluentD Maturing our monitoring operations GCE (Stackdriver) Signing up for GCE monitoring Alerts Beyond system monitoring with Sysdig Sysdig Cloud Detailed views Topology views Metrics Alerting The Sysdig command line The Csysdig command-line UI Prometheus Prometheus summary Prometheus installation choices Tips for creating an Operator Installing Prometheus Summary Questions Further reading Operating Systems, Platforms, and Cloud and Local Providers Technical requirements The importance of standards The OCI Charter The OCI Container Runtime Interface Trying out CRI-O More on container runtimes CNCF Standard container specification CoreOS rkt etcd Kubernetes with CoreOS Tectonic Dashboard highlights Hosted platforms Amazon Web Services Microsoft Azure Google Kubernetes Engine Summary Further reading Designing for High Availability and Scalability Technical requirements Introduction to high availability How do we measure availability? Uptime and downtime Uptime Downtime The five nines of availability HA best practices Anti-fragility HA clusters HA features of the major cloud service providers HA approaches for Kubernetes Prerequisites Setting up Stacked nodes Installing workers Cluster life cycle Admission controllers Using admission controllers The workloads API Custom resource definitions Using CRDs Summary Questions Further reading Kubernetes SIGs, Incubation Projects, and the CNCF Technical requirements Setting up Git for contributions Git's benefits CNCF structure What Kubernetes isn't Kubernetes SIGs How to get involved Summary Questions Further reading Cluster Federation and Multi-Tenancy Technical requirements Introduction to federation Why federation? The building blocks of federation Key components Federated services Setting up federation Contexts New clusters for federation Initializing the federation control plane Adding clusters to the federation system Federated resources Federated configurations Federated horizontal pod autoscalers How to use federated HPAs Other federated resources Events Jobs True multi-cloud Getting to multi-cloud Deleting the cluster Summary Questions Further reading Cluster Authentication, Authorization, and Container Security Basics of container security Keeping containers contained  Resource exhaustion and orchestration security Image repositories Continuous vulnerability scanning Image signing and verification Kubernetes cluster security Secure API calls Secure node communication Authorization and authentication plugins Admission controllers RBAC Pod security policies and context Enabling PodSecurityPolicies Additional considerations Securing sensitive application data (secrets) Summary Questions Further reading Hardening Kubernetes Ready for production Ready, set, go Lessons learned from production Setting limits Scheduling limits Memory limit example Scheduling CPU constraints CPU constraints example Securing a cluster Third-party companies Private registries Google Kubernetes Engine Azure Kubernetes Service ClusterHQ Portworx Shippable Twistlock Aqua Sec Mesosphere (Kubernetes on Mesos) Deis OpenShift Summary Questions Further reading Kubernetes Infrastructure Management Technical requirements Planning a cluster Picking what's right Securing the cluster Tuning examples Upgrading the cluster Upgrading PaaS clusters Scaling the cluster On GKE and AKS DIY clusters Node maintenance Additional configuration options Summary Questions Further reading Assessments Chapter 1: Introduction to Kubernetes Chapter 2: Building a Foundation with Core Kubernetes Constructs Chapter 3: Working with Networking, Load Balancers, and Ingress Chapter 4: Implementing Reliable, Container-Native Applications Chapter 5: Exploring Kubernetes Storage Concepts Chapter 6: Application Updates, Gradual Rollouts, and Autoscaling Chapter 7: Designing for Continuous Integration and Delivery Chapter 8: Monitoring and Logging Chapter 10: Designing for High Availability and Scalability Chapter 11: Kubernetes SIGs, Incubation Projects, and the CNCF Chapter 12: Cluster Federation and Multi-Tenancy Chapter 13: Cluster Authentication, Authorization, and Container Security Chapter 14: Hardening Kubernetes Chapter 15: Kubernetes Infrastructure Management Other Books You May Enjoy Leave a review - let other readers know what you think