Kubernetes - A Complete DevOps Cookbook: Build and manage your applications, orchestrate containers, and deploy cloud-native services 1838828044, 9781838828042
Leverage Kubernetes and container architecture to successfully run production-ready workloads Key Features Implement Kub
2,415 505 19MB
English Pages 584 Year 2020
Table of contents :
Cover
Title Page
Copyright and Credits
Dedication
About Packt
Contributors
Table of Contents
Preface
Chapter 1: Building Production-Ready Kubernetes Clusters
Technical requirements
Configuring a Kubernetes cluster on Amazon Web Services
Getting ready
How to do it…
Installing the command-line tools to configure AWS services
Installing kops to provision a Kubernetes cluster
Provisioning a Kubernetes cluster on Amazon EC2
Provisioning a managed Kubernetes cluster on Amazon EKS
How it works...
There's more…
Using the AWS Shell
Using a gossip-based cluster
Using different regions for an S3 bucket
Editing the cluster configuration
Deleting your cluster
Provisioning an EKS cluster using the Amazon EKS Management Console
Deploying Kubernetes Dashboard
See also
Configuring a Kubernetes cluster on Google Cloud Platform
Getting ready
How to do it…
Installing the command-line tools to configure GCP services
Provisioning a managed Kubernetes cluster on GKE
Connecting to Google Kubernetes Engine (GKE) clusters
How it works…
There's more…
Using Google Cloud Shell
Deploying with a custom network configuration
Deleting your cluster
Viewing the Workloads dashboard
See also
Configuring a Kubernetes cluster on Microsoft Azure
Getting ready
How to do it…
Installing the command-line tools to configure Azure services
Provisioning a managed Kubernetes cluster on AKS
Connecting to AKS clusters
How it works…
There's more…
Deleting your cluster
Viewing Kubernetes Dashboard
See also
Configuring a Kubernetes cluster on Alibaba Cloud
Getting ready
How to do it…
Installing the command-line tools to configure Alibaba Cloud services
Provisioning a highly available Kubernetes cluster on Alibaba Cloud
Connecting to Alibaba Container Service clusters
How it works…
There's more…
Configuring and managing Kubernetes clusters with Rancher
Getting ready
How to do it…
Installing Rancher Server
Deploying a Kubernetes cluster
Importing an existing cluster
Enabling cluster and node providers
How it works…
There's more…
Bind mounting a host volume to keep data
Keeping user volumes persistent
Running Rancher on the same Kubernetes nodes
See also
Configuring Red Hat OpenShift
Getting ready
How to do it…
Downloading OpenShift binaries
Provisioning an OpenShift cluster
Connecting to OpenShift clusters
How it works…
There's more…
Deleting your cluster
See also
Configuring a Kubernetes cluster using Ansible
Getting ready
How to do it…
Installing Ansible
Provisioning a Kubernetes cluster using an Ansible playbook
Connecting to the Kubernetes cluster
See also
Troubleshooting installation issues
How to do it…
How it works…
There's more…
Setting log levels
See also
Chapter 2: Operating Applications on Kubernetes
Technical requirements
Deploying workloads using YAML files
Getting ready
How to do it…
Creating a Deployment
Verifying a Deployment
Editing a Deployment
Rolling back a deployment
Deleting a Deployment
How it works...
See also
Deploying workloads using Kustomize
Getting ready
How to do it…
Validating the Kubernetes cluster version
Generating Kubernetes resources from files
Creating a base for a development and production Deployment
How it works...
See also
Deploying workloads using Helm charts
Getting ready
How to do it…
Installing Helm 2.x
Installing an application using Helm charts
Searching for an application in Helm repositories
Upgrading an application using Helm
Rolling back an application using Helm
Deleting an application using Helm
Adding new Helm repositories
Building a Helm chart
How it works...
See also
Deploying and operating applications using Kubernetes operators
Getting ready
How to do it…
Installing KUDO and the KUDO kubectl plugin
Installing the Apache Kafka Operator using KUDO
Installing Operator Lifecycle Manager
Installing the Zalando PostgreSQL Operator
See also
Deploying and managing the life cycle of Jenkins X
Getting ready
How to do it...
Installing the Jenkins X CLI
Creating a Jenkins X Kubernetes cluster
Verifying Jenkins X components
Switching Kubernetes clusters
Validating cluster conformance
How it works...
There's more…
Importing an application
Upgrading a Jenkins X application
Deleting a Jenkins X Kubernetes cluster
See also
Deploying and managing the life cycle of GitLab
Getting ready
How to do it...
Installing GitLab using Helm
Connecting to the GitLab dashboard
Creating the first GitLab user
Upgrading GitLab
How it works...
There's more…
Using your own wildcard certificate
Using autogenerated self-signed certificates
Enabling the GitLab Operator
Deleting GitLab
See also
Chapter 3: Building CI/CD Pipelines
Technical requirements
Creating a CI/CD pipeline in Jenkins X
Getting ready
How to do it…
Connecting to Jenkins Pipeline Console
Importing an application as a pipeline
Checking application status
Promoting an application to production
Creating a pipeline using a QuickStart application
How it works...
Creating a CI/CD pipeline in GitLab
Getting ready
How to do it…
Creating a project using templates
Importing an existing project from GitHub
Enabling Auto DevOps
Enabling Kubernetes cluster integration
Creating a pipeline using Auto DevOps
Incrementally rolling out applications to production
How it works...
There's more...
GitLab Web IDE
Monitoring environments
See also
Creating a CI/CD pipeline in CircleCI
Getting ready
How to do it...
Getting started with CircleCI
Deploying changes to a Kubernetes cluster on EKS
How it works...
See also
Setting up a CI/CD pipeline using GitHub Actions
Getting ready
How to do it...
Creating a workflow file
Creating a basic Docker build workflow
Building and publishing images to Docker Registry
Adding a workflow status badge
See also
Setting up a CI/CD pipeline on Amazon Web Services
Getting ready
How to do it...
Creating an AWS CodeCommit code repository
Building projects with AWS CodeBuild
Creating an AWS CodeDeploy deployment
Building a pipeline with AWS CodePipeline
How it works...
See also
Setting up a CI/CD pipeline with Spinnaker on Google Cloud Build
Getting ready
How to do it...
Installing and configuring the Spin CLI
Configuring a service account for the CI/CD
Configuring events to trigger a pipeline
Deploying Spinnaker using Helm
Creating a Google Cloud Source code repository
Building projects with Google Cloud Build
Configuring a Spinnaker pipeline
Rolling out an application to production
See also
Setting up a CI/CD pipeline on Azure DevOps
Getting ready
How to do it...
Getting started with Azure DevOps
Configuring Azure Pipelines
Deploying changes to an AKS cluster
How it works...
See also
Chapter 4: Automating Tests in DevOps
Technical requirements
Building event-driven automation with StackStorm
Getting ready
How to do it…
Installing StackStorm
Accessing the StackStorm UI
Using the st2 CLI
Defining a rule
Deploying a rule
See also
Automating tests with the Litmus framework
Getting ready
How to do it…
Installing the Litmus Operator
Using Chaos Charts for Kubernetes
Creating a pod deletion chaos experiment
Reviewing chaos experiment results
Viewing chaos experiment logs
How it works...
See also
Automating Chaos Engineering with Gremlin
Getting ready
How to do it…
Setting up Gremlin credentials
Installing Gremlin on Kubernetes
Creating a CPU attack against a Kubernetes worker
Creating a node shutdown attack against a Kubernetes worker
Running predefined scenario-based attacks
Deleting Gremlin from your cluster
How it works...
See also
Automating your code review with Codacy
Getting ready
How to do it…
Accessing the Project Dashboard
Reviewing commits and PRs
Viewing issues by category
Adding a Codacy badge to your repository
See also
Detecting bugs and anti-patterns with SonarQube
Getting ready
How to do it…
Installing SonarQube using Helm
Accessing the SonarQube Dashboard
Creating a new user and tokens
Enabling quality profiles
Adding a project
Reviewing a project's quality
Adding marketplace plugins
Deleting SonarQube from your cluster
How it works...
See also
Detecting license compliance issues with FOSSA
Getting ready
How to do it…
Adding projects to FOSSA
Triaging licensing issues
Adding a FOSSA badge to your project
Chapter 5: Preparing for Stateful Workloads
Technical requirements
Managing Amazon EBS volumes in Kubernetes
Getting ready
How to do it…
Creating an EBS storage class
Changing the default storage class
Using EBS volumes for persistent storage
Using EBS storage classes to dynamically create persistent volumes
Deleting EBS persistent volumes
Installing the EBS CSI driver to manage EBS volumes
See also
Managing GCE PD volumes in Kubernetes
Getting ready
How to do it…
Creating a GCE persistent disk storage class
Changing the default storage class
Using GCE PD volumes for persistent storage
Using GCE PD storage classes to create dynamic persistent volumes
Deleting GCE PD persistent volumes
Installing the GCP Compute PD CSI driver to manage PD volumes
How it works...
See also
Managing Azure Disk volumes in Kubernetes
Getting ready
How to do it…
Creating an Azure Disk storage class
Changing the default storage class to ZRS
Using Azure Disk storage classes to create dynamic PVs
Deleting Azure Disk persistent volumes
Installing the Azure Disk CSI driver
See also
Configuring and managing persistent storage using Rook
Getting ready
How to do it…
Installing a Ceph provider using Rook
Creating a Ceph cluster
Verifying a Ceph cluster's health
Create a Ceph block storage class
Using a Ceph block storage class to create dynamic PVs
See also
Configuring and managing persistent storage using OpenEBS
Getting ready
How to do it…
Installing iSCSI client prerequisites
Installing OpenEBS
Using ephemeral storage to create persistent volumes
Creating storage pools
Creating OpenEBS storage classes
Using an OpenEBS storage class to create dynamic PVs
How it works...
See also
Setting up NFS for shared storage on Kubernetes
Getting ready
How to do it…
Installing NFS prerequisites
Installing an NFS provider using a Rook NFS operator
Using a Rook NFS operator storage class to create dynamic NFS PVs
Installing an NFS provisioner using OpenEBS
Using the OpenEBS NFS provisioner storage class to create dynamic NFS PVs
See also
Troubleshooting storage issues
Getting ready
How to do it…
Persistent volumes in the pending state
A PV is stuck once a PVC has been deleted
Chapter 6: Disaster Recovery and Backup
Technical requirements
Configuring and managing S3 object storage using MinIO
Getting ready
How to do it…
Creating a deployment YAML manifest
Creating a MinIO S3 service
Accessing the MinIO web user interface
How it works...
See also
Managing Kubernetes Volume Snapshots and restore
Getting ready
How to do it…
Enabling feature gates
Creating a volume snapshot via CSI
Restoring a volume from a snapshot via CSI
Cloning a volume via CSI
How it works...
See also
Application backup and recovery using Velero
Getting ready
How to do it…
Installing Velero
Backing up an application
Restoring an application
Creating a scheduled backup
Taking a backup of an entire namespace
Viewing backups with MinIO
Deleting backups and schedules
How it works...
See also
Application backup and recovery using Kasten
Getting ready
How to do it…
Installing Kasten
Accessing the Kasten Dashboard
Backing up an application
Restoring an application
How it works...
See also
Cross-cloud application migration
Getting ready
How to do it…
Creating an export profile in Kasten
Exporting a restore point in Kasten
Creating an import profile in Kasten
Migrating an application in Kasten
Importing clusters into OpenEBS Director
Migrating an application in OpenEBS Director
See also
Chapter 7: Scaling and Upgrading Applications
Technical requirements
Scaling applications on Kubernetes
Getting ready
How to do it…
Validating the installation of Metrics Server
Manually scaling an application
Autoscaling applications using a Horizontal Pod Autoscaler
How it works...
See also
Assigning applications to nodes
Getting ready
How to do it…
Labeling nodes
Assigning pods to nodes using nodeSelector
Assigning pods to nodes using node and inter-pod Affinity
How it works...
See also
Creating an external load balancer
Getting ready
How to do it…
Creating an external cloud load balancer
Finding the external address of the service
How it works...
See also
Creating an ingress service and service mesh using Istio
Getting ready
How to do it…
Installing Istio using Helm
Verifying the installation
Creating an ingress gateway
How it works...
There's more…
Deleting Istio
See also
Creating an ingress service and service mesh using Linkerd
Getting ready
How to do it…
Installing the Linkerd CLI
Installing Linkerd
Verifying a Linkerd deployment
Adding Linkerd to a service
There's more…
Accessing the dashboard
Deleting Linkerd
See also
Auto-healing pods in Kubernetes
Getting ready
How to do it…
Testing self-healing pods
Adding liveness probes to pods
How it works...
See also
Managing upgrades through blue/green deployments
Getting ready
How to do it…
Creating the blue deployment
Creating the green deployment
Switching traffic from blue to green
See also
Chapter 8: Observability and Monitoring on Kubernetes
Technical requirements
Monitoring in Kubernetes
Getting ready
How to do it…
Adding metrics using Kubernetes Metrics Server
Monitoring metrics using the CLI
Monitoring metrics using Kubernetes Dashboard
Monitoring node health
See also
Inspecting containers
Getting ready
How to do it…
Inspecting pods in Pending status
Inspecting pods in ImagePullBackOff status
Inspecting pods in CrashLoopBackOff status
See also
Monitoring using Amazon CloudWatch
Getting ready
How to do it…
Enabling Webhook authorization mode
Installing Container Insights Agents for Amazon EKS
Viewing Container Insights metrics
See also
Monitoring using Google Stackdriver
Getting ready
How to do it…
Installing Stackdriver Kubernetes Engine Monitoring support for GKE
Configuring a workspace on Stackdriver
Monitoring GKE metrics using Stackdriver
See also
Monitoring using Azure Monitor
Getting ready
How to do it…
Enabling Azure Monitor support for AKS using the CLI
Monitoring AKS performance metrics using Azure Monitor
Viewing live logs using Azure Monitor
See also
Monitoring Kubernetes using Prometheus and Grafana
Getting ready
How to do it…
Deploying Prometheus using Helm charts
Monitoring metrics using Grafana dashboards
Adding a Grafana dashboard to monitor applications
See also
Monitoring and performance analysis using Sysdig
Getting ready
How to do it…
Installing the Sysdig agent
Analyzing application performance
See also
Managing the cost of resources using Kubecost
Getting ready
How to do it…
Installing Kubecost
Accessing the Kubecost dashboard
Monitoring Kubernetes resource cost allocation
See also
Chapter 9: Securing Applications and Clusters
Technical requirements
Using RBAC to harden cluster security
Getting ready
How to do it…
Viewing the default Roles
Creating user accounts
Creating Roles and RoleBindings
Testing the RBAC rules
How it works...
See also
Configuring Pod Security Policies
Getting ready
How to do it…
Enabling PSPs on EKS
Enabling PSPs on GKE
Enabling PodSecurityPolicy on AKS
Creating a restricted PSPs
There's more…
Restricting pods to access certain volume types
Using Kubernetes PodSecurityPolicy advisor
See also
Using Kubernetes CIS Benchmark for security auditing
Getting ready
How to do it…
Running kube-bench on Kubernetes
Running kube-bench on managed Kubernetes services
Running kube-bench on OpenShift
How it works...
See also
Building DevSecOps into the pipeline using Aqua Security
Getting ready
How to do it…
Scanning images using Trivy
Building vulnerability scanning into GitLab
Building vulnerability scanning into CircleCI
See also
Monitoring suspicious application activities using Falco
Getting ready
How to do it…
Installing Falco on Kubernetes
Detecting anomalies using Falco
Defining custom rules
How it works...
See also
Securing credentials using HashiCorp Vault
Getting ready
How to do it…
Installing Vault on Kubernetes
Accessing the Vault UI
Storing credentials on Vault
See also
Chapter 10: Logging with Kubernetes
Technical requirements
Accessing Kubernetes logs locally
Getting ready
How to do it…
Accessing logs through Kubernetes
Debugging services locally using Telepresence
How it works...
See also
Accessing application-specific logs
Getting ready
How to do it…
Getting shell access in a container
Accessing PostgreSQL logs inside a container
Building centralized logging in Kubernetes using the EFK stack
Getting ready
How to do it…
Deploying Elasticsearch Operator
Requesting the Elasticsearch endpoint
Deploying Kibana
Aggregating logs with Fluent Bit
Accessing Kubernetes logs on Kibana
See also
Logging Kubernetes using Google Stackdriver
Getting ready
How to do it…
Installing Stackdriver Kubernetes Engine Monitoring support for GKE
Viewing GKE logs using Stackdriver
See also
Using a managed Kubernetes logging service
Getting ready
How to do it…
Connecting clusters to Director Online
Accessing logs using Director Online
Logging for your Jenkins CI/CD environment
Getting ready
How to do it…
Installing the Fluentd plugin
Streaming Jenkins logs to Elasticsearch using Fluentd
There's more…
Installing the Logstash plugin
Streaming Jenkins logs to Elasticsearch using Logstash
See also
Other Books You May Enjoy
Index
