Kubernetes for Developers (William Denniss) (Z-Library)

📄 File Format: PDF

💾 File Size: 8.0 MB

📖 Read Online ⬇️ Download

Registered users can read the full content for free

Register as a Gaohf Library member to read the complete e-book online for free and enjoy a better reading experience.

📄 Page 1

M A N N I N G William Denniss

📄 Page 2

Key development steps to take your application into production Task Description Section Containerize Building a Docker container image for your application is a key pre- requisite for deploying to production in Kubernetes. 2.1.3 Upload Your container isn’t much good if it’s just on your machine. Upload- ing to a container registry is another key step before you go into pro- duction. 3.2.2 Deploy Deploy your containerized code to the cloud in a Kubernetes cluster. 3.2.3 Expose Make your new container deployment available to the internet by exposing it with a load balancer. 3.2.5 Update With your application published to the world, you’ll no doubt need to update it. Just modify your configuration, submit the update, and Kubernetes will handle the rest. 3.2.7 Add health checks To get the full benefit of Kubernetes’ automated operations, add health checks for liveness and readiness so the platform can help keep your application running and ready for user traffic. 4.1 Set resource requirements In order to scale correctly, you need to specify the resource require- ments of your containers. 5.1.1 Scale manually When you get a spike of new users, it’s time to scale up! 6.1 Scale automatically Automatic scaling with a Horizontal Pod Autoscaler enables you to dynamically adjust the replicas of your code to process mode requests during busy times, and save money during the quiet hours. Pair with an autoscaling Kubernetes platform for a fully automated experience. 6.2 Deploy microser- vices Do you want to deploy multiple services and call them from other services? Microservice deployment patterns can easily be config- ured using internal services. 7.1.2 Require unique hardware Want to run on Arm architecture, or use Spot compute? Node selec- tion is how to specify such requirements in your workloads. 8.1.1 Build HA deployments By default, most Kubernetes platforms do a decent job of spreading out your pod replicas to reduce single-point-of-failure risk. As you start to grow, you’ll want to understand the details on how this works and potentially tune it. 8.2.1 Deploy applications with state It’s a good idea to take advantage of cloud-based object storage ser- vices and hosted databases where possible, but when you need to store data on a block-storage-based filesystem, StatefulSet has you covered. 9.2.1 Test data recovery Follow the example in this section to learn how to reattach disk resources to Kubernetes objects (in case of deletion or migration), and build trust in how the system handles state. 9.3

📄 Page 3

Kubernetes for Developers

📄 Page 4

(This page has no text content)

📄 Page 5

Kubernetes for Developers WILLIAM DENNISS MANN I NG SHELTER ISLAND

📄 Page 6

For online information and ordering of this and other Manning books, please visit www.manning.com. The publisher offers discounts on this book when ordered in quantity. For more information, please contact Special Sales Department Manning Publications Co. 20 Baldwin Road PO Box 761 Shelter Island, NY 11964 Email: orders@manning.com ©2024 by Manning Publications Co. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by means electronic, mechanical, photocopying, or otherwise, without prior written permission of the publisher. Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in the book, and Manning Publications was aware of a trademark claim, the designations have been printed in initial caps or all caps. Recognizing the importance of preserving what has been written, it is Manning’s policy to have the books we publish printed on acid-free paper, and we exert our best efforts to that end. Recognizing also our responsibility to conserve the resources of our planet, Manning books are printed on paper that is at least 15 percent recycled and processed without the use of elemental chlorine. The authors and publisher have made every effort to ensure that the information in this book was correct at press time. The authors and publisher do not assume and hereby disclaim any liability to any party for any loss, damage, or disruption caused by errors or omissions, whether such errors or omissions result from negligence, accident, or any other cause, or from any usage of the information herein. Manning Publications Co. Development editor: Elesha Hyde 20 Baldwin Road Technical development editor: Shawn Smith PO Box 761 Review editor: Adriana Sabo Shelter Island, NY 11964 Production editor: Deirdre Hiam Copy editor: Alisa Larson Proofreader: Mike Beady Technical proofreader: Mayur Patil Typesetter: Dennis Dalinnik Cover designer: Marija Tudor ISBN: 9781617297175 Printed in the United States of America

📄 Page 7

For Peter.

📄 Page 8

(This page has no text content)

📄 Page 9

vii brief contents PART 1 GETTING STARTED WITH KUBERNETES ...........................1 1 ■ Kubernetes for application deployment 3 2 ■ Containerizing apps 19 3 ■ Deploying to Kubernetes 42 4 ■ Automated operations 79 5 ■ Resource management 99 PART 2 GOING TO PRODUCTION ...........................................117 6 ■ Scaling up 119 7 ■ Internal services and load balancing 142 8 ■ Node feature selection 160 9 ■ Stateful applications 183 10 ■ Background processing 215 11 ■ GitOps: Configuration as code 245 12 ■ Securing Kubernetes 261

📄 Page 10

contents preface xiii acknowledgments xv about this book xvii about the author xxi about the cover illustration xxii PART 1—GETTING STARTED WITH KUBERNETES.................1 1 Kubernetes for application deployment 3 1.1 Why containers? 4 Container benefits 5 1.2 Why Kubernetes? 9 Composable building blocks 10 ■ Features and benefits 11 Kubernetes vs. platforms as a service 15 ■ When (not) to use Kubernetes 17 2 Containerizing apps 19 2.1 Building Docker containers 20 Developer setup 20 ■ Running commands in Docker 21 Building our own images 22 ■ Using base images 25 ■ Adding a default command 26 ■ Adding dependencies 27 ■ Compiling code in Docker 28 ■ Compiling code with a multistage build 29viii

📄 Page 11

CONTENTS ix2.2 Containerizing a server application 31 Containerizing an application server 31 ■ Debugging 33 2.3 Using Docker Compose for local testing 34 Mapping folders locally 35 ■ Adding service dependencies 37 Faking external dependencies 39 3 Deploying to Kubernetes 42 3.1 Kubernetes architecture 43 The Kubernetes cluster 43 ■ Kubernetes objects 46 3.2 Deploying an application 48 Creating a cluster 48 ■ Uploading your container 52 Deploying to Kubernetes 56 ■ The PodSpec 60 ■ Publishing your Service 63 ■ Interacting with the Deployment 66 Updating your application 67 ■ Cleaning up 69 3.3 Imperative commands 70 3.4 Local Kubernetes environments 72 Docker Desktop’s Kubernetes cluster 73 ■ Minikube 74 Using your local Kubernetes cluster 74 4 Automated operations 79 4.1 Automated uptime with health checks 80 Liveness and readiness probes 80 ■ Adding a readiness probe 81 Adding a liveness probe 83 ■ Designing good health checks 84 Rescheduling unready containers 88 ■ Probe types 89 4.2 Updating live applications 90 Rolling update strategy 90 ■ Re-create strategy 93 Blue/green strategy 94 ■ Choosing a rollout strategy 97 5 Resource management 99 5.1 Pod scheduling 100 Specifying Pod resources 102 ■ Quality of service 104 Evictions, priority, and preemption 105 5.2 Calculating Pod resources 109 Setting memory requests and limits 111 ■ Setting CPU requests and limits 113 ■ Reducing costs by overcommitting CPU 113 Balancing Pod replicas and internal Pod concurrency 114

📄 Page 12

CONTENTSxPART 2—GOING TO PRODUCTION .................................117 6 Scaling up 119 6.1 Scaling Pods and nodes 120 6.2 Horizontal Pod autoscaling 123 External metrics 127 6.3 Node autoscaling and capacity planning 131 Cluster autoscaling 131 ■ Spare capacity with cluster autoscaling 133 6.4 Building your app to scale 136 Avoiding state 136 ■ Microservice architectures 139 Background tasks 140 7 Internal services and load balancing 142 7.1 Internal services 143 Kubernetes cluster networking 143 ■ Creating an internal service 144 ■ Service discovery 147 7.2 Ingress: HTTP(S) load balancing 151 Securing connections with TLS 156 8 Node feature selection 160 8.1 Node feature selection 161 Node selectors 161 ■ Node affinity and anti-affinity 163 Tainting nodes to prevent scheduling by default 166 Workload separation 171 8.2 Placing Pods 173 Building highly available deployments 174 ■ Co-locating interdependent Pods 177 ■ Avoiding certain Pods 179 8.3 Debugging placement problems 180 Placement rules don’t appear to work 181 ■ Pods are pending 181 9 Stateful applications 183 9.1 Volumes, persistent volumes, claims, and storage classes 184 Volumes 184 ■ Persistent volumes and claims 187 Storage classes 193 ■ Single-Pod stateful workload deployments 195

📄 Page 13

CONTENTS xi9.2 StatefulSet 196 Deploying StatefulSet 197 ■ Deploying a multirole StatefulSet 203 9.3 Migrating/recovering disks 207 9.4 Generic ephemeral volume for scratch space 212 10 Background processing 215 10.1 Background processing queues 216 Creating a custom task queue 217 ■ Signal handling in worker Pods 224 ■ Scaling worker Pods 226 ■ Open source task queues 227 10.2 Jobs 227 Running one-off tasks with Jobs 228 ■ Scheduling tasks with CronJobs 231 10.3 Batch task processing with Jobs 234 Dynamic queue processing with Jobs 234 ■ Static queue processing with Jobs 239 10.4 Liveness probes for background tasks 241 11 GitOps: Configuration as code 245 11.1 Production and staging environments using namespaces 246 Deploying to our new namespace 247 ■ Syncing mutations from the cluster 248 11.2 Configuration as code the Kubernetes way 248 11.3 Rolling out safely 251 Deployment pipelines 252 ■ Continuous deployment with Cloud Build 253 11.4 Secrets 254 String-based (password) secrets 254 ■ Base64 encoded secrets 256 ■ File-based secrets 257 ■ Secrets and GitOps 259 12 Securing Kubernetes 261 12.1 Staying up to date 262 Cluster and node updates 262 ■ Updating containers 262 Handling disruptions 264 12.2 Deploying node agents with DaemonSet 266

📄 Page 14

CONTENTSxii12.3 Pod security context 269 12.4 Non-root containers 271 12.5 Admission controllers 276 Pod Security admission 277 ■ Balancing security with compatibility 281 12.6 Role-based access control 281 12.7 Next steps 287 Network policies 287 ■ Container isolation 288 Cluster hardening 288 index 291

📄 Page 15

preface Over the Christmas holidays in 2016, I sat down to learn Kubernetes. I was soon to join the Google Kubernetes Engine (GKE) team and needed to learn how this platform worked—and quickly. I’d previously used several Platform as a Service (PaaS) environ- ments to deploy stateless applications in a scalable way, and I was excited by the oppor- tunity that Kubernetes presented: the flexibility to run anything you could package in a container paired with the versatility of various workload constructs from stateless to stateful applications and batch jobs. Like many, perhaps, I found there was a bit of a learning curve when starting out. By early 2017, I’d gained some knowledge and was now a product manager on the GKE team, interacting frequently with developers. One such developer was my brother, who was migrating his startup from a PaaS to Kubernetes. I was able to share everything I’d learned so far and hopefully helped him skip some of the newbie mistakes I made. But I wished there was a simpler way to transfer this knowledge: content specifically writ- ten for the application developer who wants to deploy onto a production-grade system without needing to learn the whole system at the outset. This book is essentially the book I wish I had for those moments. I don’t assume any prior knowledge of Kubernetes or even containers. The book takes you through the development and deployment of a simple containerized application, starting by getting something up and running online and then gradually layering on additional Kubernetes concepts like stateful applications and background task queues to build up your knowledge.xiii

📄 Page 16

PREFACExiv My hope is to give you the confidence to deploy your own applications to Kuberne- tes while challenging the notion that “Kubernetes is hard.” It’s certainly a large and complex system, but as I hope to convince you, its wide scope gives you a lot of power- ful functionality that will come in handy when you have complex workloads to deploy. But that can wait. You don’t need to learn it all at once! In fact, deploying a stateless application is pretty straightforward, so start there and add on the rest as you need. By the end of the book, you’ll hopefully appreciate the flexibility of the platform, which I expect you will when you have requirements that wouldn’t have easily been met on a more special-purpose platform like many PaaSs environments. I was a bit nervous writing a technical book, especially since it would take multiple years, for fear that things would change so much that parts would become out of date and I would be forever rewriting to catch up. Fortunately, I can report that for every generally available (GA) concept that I wrote about, specifically Kubernetes APIs with a v1 version, the content remained current. This experience gives me hope both in the stability of Kubernetes as you use it in your own projects and the longevity of this book. As I was drafting the content, I covered a few non-GA APIs, and those did change substantially. Fortunately, by the time I was done writing, everything had made it to GA, and I was able to update the content to use those stable versions (based on this, I would also steer well away from beta APIs except to experiment). When I joined the GKE team, Kubernetes was rapidly gaining in popularity but was not yet ubiquitous. I remember being excited by the prospect of working on what looked to be a pivotal piece of open source software but, at the same time, with some uncertainty as to how things would unfold (and, thus, a chance to influence in a posi- tive way). Well, in that time, we’ve seen basically every cloud platform offer its own managed platform (fortunately, with high compatibility among them and a culture of maintaining software conformance) and Kubernetes’s rise to be the primary way peo- ple orchestrate containers in production. I’ve enjoyed being a part of the Kubernetes community and working on such a pivotal computing platform. I hope this book helps you as you embark on your own journey with Kubernetes!

📄 Page 17

acknowledgments First, I want to thank my development editor, Elesha Hyde, who taught me how to weave a story out of this technical content and greatly influenced the final product. To Shawn Smith, my technical development editor, I appreciate your detailed review of the early drafts and your suggestions, which helped to fine-tune the narrative. Thank you, Michael Stephens, for having the confidence in me to write this book when I pitched it to you four years ago, and thanks to everyone at Manning who helped make it what it is: Deirdre Hiam, my project editor; Alisa Larson, my copyeditor; and Mike Beady, my proofreader. Before starting the project, I was unaware just how much working with you all would contribute to the quality of the book, but it became appar- ent quickly. To all the reviewers: Amar Manigandan, Andres Sacco, Ariel Gamiño, Atul S. Khot, Becky Huett, Bonnie Malec, Chase Sillevis, Chris Heneghan, Chris Viner, Conor Redmond, David Paccoud, Davide Fiorentino, Deepika, George Thomas, Giuliano Latini, Gregorio Piccoli, Guy Ndjeng, Hans Donner, Harinath Mallepally, Ioannis Polyzos, Javid Asgarov, Juan Jimenez, Julien Pohie, Kamesh Ganesan, Karthikeyarajan Rajendran, Kelum Prabath Senanayake, Kelvin Johnson, Kosmas Chatzimichalis, Krzysztof Kamyczek, Mark Dechamps, Michael Bright, Mike Wright, Mitchell Fox, Najeeb Arif, Pierre-Michel Ansel, Rahul Modpur, Rajaseelan Ganeswaran, Rambabu Posa, Richard Vaughan, Robert Kielty, Satadru Roy, Sebastian Czech, Sergiu Popa, Simeon Leyzerzon, Suhas Krishnayya, Basheeruddin Ahmed, Venkatesh Sundaramoorthy, Waldemar Modzelewski, and Zalán Somogyváry, your suggestions helped to make this a better book.xv

📄 Page 18

ACKNOWLEDGMENTSxvi I greatly appreciate the technical staff at Manning who built the incredible tools that power the Manning Early Access Program (MEAP), which meant I could share the content while it was still a work in progress and get feedback directly from my early readers. Thank you as well to everyone who bought the book via MEAP when it was still half done. Thank you to my team at work: Drew Bradstock and Yochay Kiriaty for believing in me and supporting me to work on this 120% project and for the team environment you have created that makes building things fun. Thanks to Tim Hockin, Chen Gold- berg, Kelsey Hightower, Eric Brewer, Jeremy Olmsted-Thompson, Jerzy Foryciarz, and Brian Grant, who influenced me greatly, and Aparna Sinha, who bet on me early on. Tom Edwards is the photographer and site reliability engineer who took my profile photo during one KubeCon; check out his work at tomedwardsphotography.com. Thanks, mate! Lastly, thank you to my family for supporting me to work on this project. Aaron and Ashleigh, though you were too young to know what I was working on, those months when we walked every day to Imua so I could get some quiet space to work on the manuscript while you played nearby are moments I will treasure. To my wife, Fiona, thank you for supporting all my endeavors and being a reality check when I need one. Xianqiong, thank you for supporting our family—without your help, I would barely have time to make anything. To Julie, Graeme, and Laurel, thank you for foster- ing my interest in technology from a young age, and to my siblings, Jessica and Peter, thanks for always being there for each other and our various endeavors.

📄 Page 19

about this book Got an application you want to host in a production-grade environment on the cloud with the power and flexibility to handle your requirements as they evolve and with the potential to scale massively? This book will give you what you need to take an applica- tion, whether it’s Python, Java, Ruby, or whatever else, and confidently deploy it to the cloud in a professional-grade platform that can meet your needs now and in the future using containers and Kubernetes. If you don’t have an application of your own ready to deploy, one is provided for you to use as a sample. No prior knowledge of Docker or Kubernetes is required. By the end of this book, you should feel confident to deploy workloads to Kubernetes in production, from stateless applications to batch jobs and databases. Who should read the book There are many books on Kubernetes out there, written with different audiences in mind. This one is specifically written for developers, intended to cover the journey that goes something like, “I have a bunch of code sitting on my laptop. How do I pub- lish it to the world and do so on a platform that can scale if my product becomes a hit?” When I was learning Kubernetes, I wanted an end-to-end demo of how to get my code into Kubernetes, updated, running smoothly without intervention, and ready to scale if needed. I hope this book provides that for you. If you’re new to containers, no worries, as this book has you covered with a chapter on containerizing applications so you can get them ready to deploy. If you’re already familiar with Docker and containers and want to start deploying to Kubernetes right away, you can skip straight to chapter 3.xvii

📄 Page 20

ABOUT THIS BOOKxviiiHow this book is organized The book is split into two parts. The first is designed to give you the basics of Kuberne- tes, starting with building containers and running them in Kubernetes. You’ll learn how to set the right resources and configure them to make the most of Kubernetes’s automated operations and, of course, how to update your application. If your goal is to deploy a stateless application to Kubernetes, this might be all you need:  Chapter 1 is a high-level overview of Kubernetes and its benefits.  Chapter 2 is a crash course in Docker for application developers. Feel free to skip it if you’re already familiar.  Chapter 3 gets you going with your first Kubernetes deployment. Deploy, expose to the internet, and update. You’re now live with Kubernetes.  Chapter 4 adds essential health checks for a more reliable deployment.  Chapter 5 helps you right-size your workload so it gets the resources it needs without wastage. The second part goes deeper into the production aspects of Kubernetes. You’ll learn about scaling apps, configuring internal services, and deploying workload constructs like stateful applications and background processing queues. The book concludes by covering configuration as code, continuous deployment, and security considerations:  Chapter 6 is about scaling up (and down): manual, automated, nodes, and Pods— it’s all here.  Chapter 7 discusses how to configure internal services and microservice archi- tectures and introduces HTTP-based load balancing.  Chapter 8 covers how you can indicate in your workloads the specific hardware requirements of your containers, as well as how to group or spread out Pods on nodes.  Chapter 9 gets you set up with stateful workloads like databases.  Chapter 10 is about all the activity that happens outside of the request/ response chain, including task queues and batch jobs.  Chapter 11 is an introduction to GitOps, covering how to use namespaces for different environments and treating configuration as code.  Chapter 12 rounds out the book with several security topics worth considering as a developer. About the code The code in this book is open source under the Apache 2.0 license and can be down- loaded in full at https://github.com/WilliamDenniss/kubernetes-for-developers. Examples are organized into folders by chapter number. Kubernetes configuration can be found in subfolders prefixed with the section or subsection in which they appear, along with a descriptive suffix. For example, the configuration appearing in chapter 3, section 3.2, can be found in Chapter03/3.2_DeployingToKubernetes. The