Transcription
ndco ionSe ditEKubernetesUp & RunningDive into the Future of InfrastructureBrendan Burns,Joe Beda & Kelsey Hightower
Get startedKuberneteson AzureFind out what you can do with a fully managedservice for simplifying Kubernetes deployment,management and operations, including: Build microservices applications. Deploy a Kubernetes cluster. Easily monitor and manage Kubernetes.Create a free account and get started withKubernetes on Azure. Azure Kubernetes Service(AKS) is one of more than 25 products that arealways free with your account. Start free Then, try these labs to master the basic andadvanced tasks required to deploy a multicontainer application to Kubernetes on AzureKubernetes Service (AKS). Try now
SECOND EDITIONKubernetes: Up and RunningDive into the Future of InfrastructureBrendan Burns, Joe Beda, and Kelsey HightowerBeijingBoston Farnham SebastopolTokyo
Kubernetes: Up and Runningby Brendan Burns, Joe Beda, and Kelsey HightowerCopyright 2019 Brendan Burns, Joe Beda, and Kelsey Hightower. All rights reserved.Printed in the United States of America.Published by O’Reilly Media, Inc., 1005 Gravenstein Highway North, Sebastopol, CA 95472.O’Reilly books may be purchased for educational, business, or sales promotional use. Online editions arealso available for most titles (http://oreilly.com). For more information, contact our corporate/institutionalsales department: 800-998-9938 or corporate@oreilly.com.Acquisition Editor: John DevinsDevelopment Editor: Virginia WilsonProduction Editor: Kristen BrownCopyeditor: Kim CoferProofreader: Rachel HeadSeptember 2017:August 2019:Indexer: Ellen Troutman-ZaigInterior Designer: David FutatoCover Designer: Karen MontgomeryIllustrator: Rebecca DemarestFirst EditionSecond EditionRevision History for the Second Edition2019-07-15:First ReleaseSee http://oreilly.com/catalog/errata.csp?isbn 9781492046530 for release details.The O’Reilly logo is a registered trademark of O’Reilly Media, Inc. Kubernetes: Up and Running, the coverimage, and related trade dress are trademarks of O’Reilly Media, Inc.The views expressed in this work are those of the authors, and do not represent the publisher’s views.While the publisher and the authors have used good faith efforts to ensure that the information andinstructions contained in this work are accurate, the publisher and the authors disclaim all responsibilityfor errors or omissions, including without limitation responsibility for damages resulting from the use ofor reliance on this work. Use of the information and instructions contained in this work is at your ownrisk. If any code samples or other technology this work contains or describes is subject to open sourcelicenses or the intellectual property rights of others, it is your responsibility to ensure that your usethereof complies with such licenses and/or rights.This work is part of a collaboration between O’Reilly and Microsoft. See our statement of editorial inde‐pendence.978-1-492-04653-0[LSI]
For Robin, Julia, Ethan, and everyone who bought cookies to pay for that Commodore64 in my third-grade class.—Brendan BurnsFor my Dad, who helped me fall in love with computers by bringing home punch cardsand dot matrix banners.—Joe BedaFor Klarissa and Kelis, who keep me sane. And for my Mom, who taught me a strongwork ethic and how to rise above all odds.—Kelsey Hightower
Table of ContentsPreface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii1. Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1VelocityThe Value of ImmutabilityDeclarative ConfigurationSelf-Healing SystemsScaling Your Service and Your TeamsDecouplingEasy Scaling for Applications and ClustersScaling Development Teams with MicroservicesSeparation of Concerns for Consistency and ScalingAbstracting Your InfrastructureEfficiencySummary234556678910112. Creating and Running Containers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13Container ImagesThe Docker Image FormatBuilding Application Images with DockerDockerfilesOptimizing Image SizesImage SecurityMultistage Image BuildsStoring Images in a Remote RegistryThe Docker Container RuntimeRunning Containers with DockerExploring the kuard Application1415161618192022232323v
Limiting Resource UsageCleanupSummary2424253. Deploying a Kubernetes Cluster. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27Installing Kubernetes on a Public Cloud ProviderGoogle Kubernetes EngineInstalling Kubernetes with Azure Kubernetes ServiceInstalling Kubernetes on Amazon Web ServicesInstalling Kubernetes Locally Using minikubeRunning Kubernetes in DockerRunning Kubernetes on Raspberry PiThe Kubernetes ClientChecking Cluster StatusListing Kubernetes Worker NodesCluster ComponentsKubernetes ProxyKubernetes DNSKubernetes UISummary2828282929303131313234343435364. Common kubectl Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37NamespacesContextsViewing Kubernetes API ObjectsCreating, Updating, and Destroying Kubernetes ObjectsLabeling and Annotating ObjectsDebugging CommandsCommand AutocompletionAlternative Ways of Viewing Your ClusterSummary3737383940404242435. Pods. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45Pods in KubernetesThinking with PodsThe Pod ManifestCreating a PodCreating a Pod ManifestRunning PodsListing PodsPod DetailsDeleting a Podvi Table of Contents464647484849495051
Accessing Your PodUsing Port ForwardingGetting More Info with LogsRunning Commands in Your Container with execCopying Files to and from ContainersHealth ChecksLiveness ProbeReadiness ProbeTypes of Health ChecksResource ManagementResource Requests: Minimum Required ResourcesCapping Resource Usage with LimitsPersisting Data with VolumesUsing Volumes with PodsDifferent Ways of Using Volumes with PodsPersisting Data Using Remote DisksPutting It All 36. Labels and Annotations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65LabelsApplying LabelsModifying LabelsLabel SelectorsLabel Selectors in API ObjectsLabels in the Kubernetes ArchitectureAnnotationsDefining AnnotationsCleanupSummary656768687071717273737. Service Discovery. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75What Is Service Discovery?The Service ObjectService DNSReadiness ChecksLooking Beyond the ClusterCloud IntegrationAdvanced DetailsEndpointsManual Service Discoverykube-proxy and Cluster IPs75767778798182828384Table of Contents vii
Cluster IP Environment VariablesConnecting with Other EnvironmentsCleanupSummary858686868. HTTP Load Balancing with Ingress. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89Ingress Spec Versus Ingress ControllersInstalling ContourConfiguring DNSConfiguring a Local hosts FileUsing IngressSimplest UsageUsing HostnamesUsing PathsCleaning UpAdvanced Ingress Topics and GotchasRunning Multiple Ingress ControllersMultiple Ingress ObjectsIngress and NamespacesPath RewritingServing TLSAlternate Ingress ImplementationsThe Future of 019. ReplicaSets. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103Reconciliation LoopsRelating Pods and ReplicaSetsAdopting Existing ContainersQuarantining ContainersDesigning with ReplicaSetsReplicaSet SpecPod TemplatesLabelsCreating a ReplicaSetInspecting a ReplicaSetFinding a ReplicaSet from a PodFinding a Set of Pods for a ReplicaSetScaling ReplicaSetsImperative Scaling with kubectl scaleDeclaratively Scaling with kubectl applyAutoscaling a ReplicaSetviii Table of 109110
Deleting ReplicaSetsSummary11111210. Deployments. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113Your First DeploymentDeployment InternalsCreating DeploymentsManaging DeploymentsUpdating DeploymentsScaling a DeploymentUpdating a Container ImageRollout HistoryDeployment StrategiesRecreate StrategyRollingUpdate StrategySlowing Rollouts to Ensure Service HealthDeleting a DeploymentMonitoring a 12612812812911. DaemonSets. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131DaemonSet SchedulerCreating DaemonSetsLimiting DaemonSets to Specific NodesAdding Labels to NodesNode SelectorsUpdating a DaemonSetRolling Update of a DaemonSetDeleting a DaemonSetSummary13213213413513513613613713812. Jobs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139The Job ObjectJob PatternsOne ShotParallelismWork QueuesCronJobsSummary13914014014414615015113. ConfigMaps and Secrets. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153ConfigMaps153Table of Contents ix
Creating ConfigMapsUsing a ConfigMapSecretsCreating SecretsConsuming SecretsPrivate Docker RegistriesNaming ConstraintsManaging ConfigMaps and 5916016116216216316316514. Role-Based Access Control for Kubernetes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167Role-Based Access ControlIdentity in KubernetesUnderstanding Roles and Role BindingsRoles and Role Bindings in KubernetesTechniques for Managing RBACTesting Authorization with can-iManaging RBAC in Source ControlAdvanced TopicsAggregating ClusterRolesUsing Groups for . Integrating Storage Solutions and Kubernetes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177Importing External ServicesServices Without SelectorsLimitations of External Services: Health CheckingRunning Reliable SingletonsRunning a MySQL SingletonDynamic Volume ProvisioningKubernetes-Native Storage with StatefulSetsProperties of StatefulSetsManually Replicated MongoDB with StatefulSetsAutomating MongoDB Cluster CreationPersistent Volumes and StatefulSetsOne Final Thing: Readiness ProbesSummaryx Table of Contents178179181181181185186187187189192193194
16. Extending Kubernetes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195What It Means to Extend KubernetesPoints of ExtensibilityPatterns for Custom ResourcesJust DataCompilersOperatorsGetting StartedSummary19519620420420520520520517. Deploying Real-World Applications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207JupyterParsePrerequisitesBuilding the parse-serverDeploying the parse-serverTesting ParseGhostConfiguring GhostRedisConfiguring RedisCreating a Redis ServiceDeploying RedisPlaying with Our Redis 21821918. Organizing Your Application. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221Principles to Guide UsFilesystems as the Source of TruthThe Role of Code ReviewFeature Gates and GuardsManaging Your Application in Source ControlFilesystem LayoutManaging Periodic VersionsStructuring Your Application for Development, Testing, and DeploymentGoalsProgression of a ReleaseParameterizing Your Application with TemplatesParameterizing with Helm and TemplatesFilesystem Layout for ParameterizationDeploying Your Application Around the WorldArchitectures for Worldwide DeploymentTable of 230 xi
Implementing Worldwide DeploymentDashboards and Monitoring for Worldwide DeploymentsSummary232233233A. Building a Raspberry Pi Kubernetes Cluster. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235Index. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243xii Table of Contents
PrefaceKubernetes: A DedicationKubernetes would like to thank every sysadmin who has woken up at 3 a.m. to restarta process. Every developer who pushed code to production only to find that it didn’trun like it did on their laptop. Every systems architect who mistakenly pointed a loadtest at the production service because of a leftover hostname that they hadn’t updated.It was the pain, the weird hours, and the weird errors that inspired the developmentof Kubernetes. In a single sentence: Kubernetes intends to radically simplify the taskof building, deploying, and maintaining distributed systems. It has been inspired bydecades of real-world experience building reliable systems and it has been designedfrom the ground up to make that experience if not euphoric, at least pleasant. Wehope you enjoy the book!Who Should Read This BookWhether you are new to distributed systems or have been deploying cloud-native sys‐tems for years, containers and Kubernetes can help you achieve new levels of velocity,agility, reliability, and efficiency. This book describes the Kubernetes cluster orches‐trator and how its tools and APIs can be used to improve the development, delivery,and maintenance of distributed applications. Though no previous experience withKubernetes is assumed, to make maximal use of the book you should be comfortablebuilding and deploying server-based applications. Familiarity with concepts like loadbalancers and network storage will be useful, though not required. Likewise, experi‐ence with Linux, Li
management and operations, including: Build microservices applications. Deploy a Kubernetes cluster. Easily monitor and manage Kubernetes. Create a free account and get started with Kubernetes on Azure. Azure Kubernetes Service (AKS) is one of more than 25 products that are always free with your account. Start free Then, try these labs to master the basic and advanced tasks .
