Core Kubernetes 1st Edition by Jay Vyas, Chris Love ISBN 9781617297557 1617297550

Core Kubernetes 1st Edition by Jay Vyas, Chris Love – Ebook PDF Instant Download/Delivery: 9781617297557 ,1617297550
Full download Core Kubernetes 1st Edition after payment

Product details:

ISBN 10: 1617297550
ISBN 13: 9781617297557
Author: Jay Vyas, Chris Love

Core Kubernetes 1st Edition Table of contents:

1 Why Kubernetes exists

1.1 Reviewing a few key terms before we get started

1.2 The infrastructure drift problem and Kubernetes

1.3 Containers and images

1.4 Core foundation of Kubernetes

1.4.1 All infrastructure rules in Kubernetes are managed as plain YAML

1.5 Kubernetes features

1.6 Kubernetes components and architecture

1.6.1 The Kubernetes API

1.6.2 Example one: An online retailer

1.6.3 Example two: An online giving solution

1.7 When not to use Kubernetes

Summary

2 Why the Pod?

2.1 An example web application

2.1.1 Infrastructure for our web application

2.1.2 Operational requirements

2.2 What is a Pod?

2.2.1 A bunch of Linux namespaces

2.2.2 Kubernetes, infrastructure, and the Pod

2.2.3 The Node API object

2.2.4 Our web application and the control plane

2.3 Creating a web application with kubectl

2.3.1 The Kubernetes API server: kube-apiserver

2.3.2 The Kubernetes scheduler: kube-scheduler

2.3.3 Infrastructure controllers

2.4 Scaling, highly available applications, and the control plane

2.4.1 Autoscaling

2.4.2 Cost management

Summary

3 Let’s build a Pod

3.1 Looking at Kubernetes primitives with kind

3.2 What is a Linux primitive?

3.2.1 Linux primitives are resource management tools

3.2.2 Everything is a file (or a file descriptor)

3.2.3 Files are composable

3.2.4 Setting up kind

3.3 Using Linux primitives in Kubernetes

3.3.1 The prerequisites for running a Pod

3.3.2 Running a simple Pod

3.3.3 Exploring the Pod’s Linux dependencies

3.4 Building a Pod from scratch

3.4.1 Creating an isolated process with chroot

3.4.2 Using mount to give our process data to work with

3.4.3 Securing our process with unshare

3.4.4 Creating a network namespace

3.4.5 Checking whether a process is healthy

3.4.6 Adjusting CPU with cgroups

3.4.7 Creating a resources stanza

3.5 Using our Pod in the real world

3.5.1 The networking problem

3.5.2 Utilizing iptables to understand how kube-proxy implements Kubernetes services

3.5.3 Using the kube-dns Pod

3.5.4 Considering other issues

Summary

4 Using cgroups for processes in our Pods

4.1 Pods are idle until the prep work completes

4.2 Processes and threads in Linux

4.2.1 systemd and the init process

4.2.2 cgroups for our process

4.2.3 Implementing cgroups for a normal Pod

4.3 Testing the cgroups

4.4 How the kubelet manages cgroups

4.5 Diving into how the kubelet manages resources

4.5.1 Why can’t the OS use swap in Kubernetes?

4.5.2 Hack: The poor man’s priority knob

4.5.3 Hack: Editing HugePages with init containers

4.5.4 QoS classes: Why they matter and how they work

4.5.5 Creating QoS classes by setting resources

4.6 Monitoring the Linux kernel with Prometheus, cAdvisor, and the API server

4.6.1 Metrics are cheap to publish and extremely valuable

4.6.2 Why do I need Prometheus?

4.6.3 Creating a local Prometheus monitoring service

4.6.4 Characterizing an outage in Prometheus

Summary

5 CNIs and providing the Pod with a network

5.1 Why we need software-defined networks in Kubernetes

5.2 Implementing the service side of the Kubernetes SDN: The kube-proxy

5.2.1 The kube-proxy’s data plane

5.2.2 What about NodePorts?

5.3 CNI providers

5.4 Diving into two CNI networking plugins: Calico and Antrea

5.4.1 The architecture of a CNI plugin

5.4.2 Let’s play with some CNIs

5.4.3 Installing the Calico CNI provider

5.4.4 Kubernetes networking with OVS and Antrea

5.4.5 A note on CNI providers and kube-proxy on different OSs

Summary

6 Troubleshooting large-scale network errors

6.1 Sonobuoy: A tool for confirming your cluster is functioning

6.1.1 Tracing data paths for Pods in a real cluster

6.1.2 Setting up a cluster with the Antrea CNI provider

6.2 Inspecting CNI routing on different providers with the arp and ip commands

6.2.1 What is an IP tunnel and why do CNI providers use them?

6.2.2 How many packets are flowing through the network interfaces for our CNI?

6.2.3 Routes

6.2.4 CNI-specific tooling: Open vSwitch (OVS)

6.2.5 Tracing the data path of active containers with tcpdump

6.3 The kube-proxy and iptables

6.3.1 iptables-save and the diff tool

6.3.2 Looking at how network policies modify CNI rules

6.3.3 How are these policies implemented?

6.4 Ingress controllers

6.4.1 Setting up Contour and kind to explore ingress controllers

6.4.2 Setting up a simple web server Pod

Summary

7 Pod storage and the CSI

7.1 A quick detour: The virtual filesystem (VFS) in Linux

7.2 Three types of storage requirements for Kubernetes

7.3 Let’s create a PVC in our kind cluster

7.4 The container storage interface (CSI)

7.4.1 The in-tree provider problem

7.4.2 CSI as a specification that works inside of Kubernetes

7.4.3 CSI: How a storage driver works

7.4.4 Bind mounting

7.5 A quick look at a few running CSI drivers

7.5.1 The controller

7.5.2 The node interface

7.5.3 CSI on non-Linux OSs

Summary

8 Storage implementation and modeling

8.1 A microcosm of the broader Kubernetes ecosystem: Dynamic storage

8.1.1 Managing storage on the fly: Dynamic provisioning

8.1.2 Local storage compared with emptyDir

8.1.3 PersistentVolumes

8.1.4 CSI (container storage interface)

8.2 Dynamic provisioning benefits from CSI but is orthogonal

8.2.1 StorageClasses

8.2.2 Back to the data center stuff

8.3 Kubernetes use cases for storage

8.3.1 Secrets: Sharing files ephemerally

8.4 What does a dynamic storage provider typically look like?

8.5 hostPath for system control and/or data access

8.5.1 hostPaths, CSI, and CNI: A canonical use case

8.5.2 Cassandra: An example of real-world Kubernetes application storage

8.5.3 Advanced storage functionality and the Kubernetes storage model

8.6 Further reading

Summary

9 Running Pods: How the kubelet works

9.1 The kubelet and the node

9.2 The core kubelet

9.2.1 Container runtimes: Standards and conventions

9.2.2 The kubelet configurations and its API

9.3 Creating a Pod and seeing it in action

9.3.1 Starting the kubelet binary

9.3.2 After startup: Node life cycle

9.3.3 Leasing and locking in etcd and the evolution of the node lease

9.3.4 The kubelet’s management of the Pod life cycle

9.3.5 CRI, containers, and images: How they are related

9.3.6 The kubelet doesn’t run containers: That’s the CRI’s job

9.3.7 Pause container: An “aha” moment

9.4 The Container Runtime Interface (CRI)

9.4.1 Telling Kubernetes where our container runtime lives

9.4.2 The CRI routines

9.4.3 The kubelet’s abstraction around CRI: The GenericRuntimeManager

9.4.4 How is the CRI invoked?

9.5 The kubelet’s interfaces

9.5.1 The Runtime internal interface

9.5.2 How the kubelet pulls images: The ImageService interface

9.5.3 Giving ImagePullSecrets to the kubelet

9.6 Further reading

Summary

10 DNS in Kubernetes

10.1 A brief intro to DNS (and CoreDNS)

10.1.1 NXDOMAINs, A records, and CNAME records

10.1.2 Pods need internal DNS

10.2 Why StatefulSets instead of Deployments?

10.2.1 DNS with headless services

10.2.2 Persistent DNS records in StatefulSets

10.2.3 Using a polyglot deployment to explore Pod DNS properties

10.3 The resolv.conf file

10.3.1 A quick note about routing

10.3.2 CoreDNS: The upstream resolver for the ClusterFirst Pod DNS

10.3.3 Hacking the CoreDNS plugin configuration

Summary

11 The core of the control plane

11.1 Investigating the control plane

11.2 API server details

11.2.1 API objects and custom API objects

11.2.2 Custom resource definitions (CRDs)

11.2.3 Scheduler details

11.2.4 Recap of scheduling

11.3 The controller manager

11.3.1 Storage

11.3.2 Service accounts and tokens

11.4 Kubernetes cloud controller managers (CCMs)

11.5 Further reading

Summary

12 etcd and the control plane

12.1 Notes for the impatient

12.1.1 Visualizing etcd performance with Prometheus

12.1.2 Knowing when to tune etcd

12.1.3 Example: A quick health check of etcd

12.1.4 etcd v3 vs. v2

12.2 etcd as a data store

12.2.1 The watch: Can you run Kubernetes on other databases?

12.2.2 Strict consistency

12.2.3 fsync operations make etcd consistent

12.3 Looking at the interface for Kubernetes to etcd

12.4 etcd’s job is to keep the facts straight

12.4.1 The etcd write-ahead log

12.4.2 Effect on Kubernetes

12.5 The CAP theorem

12.6 Load balancing at the client level and etcd

12.6.1 Size limitations: What (not) to worry about

12.7 etcd encryption at rest

12.8 Performance and fault tolerance of etcd at a global scale

12.9 Heartbeat times for a highly distributed etcd

12.10 Setting an etcd client up on a kind cluster

12.10.1 Running etcd in non-Linux environments

Summary

13 Container and Pod security

13.1 Blast radius

13.1.1 Vulnerabilities

13.1.2 Intrusion

13.2 Container security

13.2.1 Plan to update containers and custom software

13.2.2 Container screening

13.2.3 Container users—do not run as root

13.2.4 Use the smallest container

13.2.5 Container provenance

13.2.6 Linters for containers

13.3 Pod security

13.3.1 Security context

13.3.2 Escalated permissions and capabilities

13.3.3 Pod Security Policies (PSPs)

13.3.4 Do not automount the service account token

13.3.5 Root-like Pods

13.3.6 The security outskirts

Summary

14 Nodes and Kubernetes security

14.1 Node security

14.1.1 TLS certificates

14.1.2 Immutable OSs vs. patching nodes

14.1.3 Isolated container runtimes

14.1.4 Resource attacks

14.1.5 CPU units

14.1.6 Memory units

14.1.7 Storage units

14.1.8 Host networks vs. Pod networks

14.1.9 Pod example

14.2 API server security

14.2.1 Role-based access control (RBAC)

14.2.2 RBAC API definition

14.2.3 Resources and subresources

14.2.4 Subjects and RBAC

14.2.5 Debugging RBAC

14.3 Authn, Authz, and Secrets

14.3.1 IAM service accounts: Securing your cloud APIs

14.3.2 Access to cloud resources

14.3.3 Private API servers

14.4 Network security

14.4.1 Network policies

14.4.2 Load balancers

14.4.3 Open Policy Agent (OPA)

14.4.4 Multi-tenancy

14.5 Kubernetes tips

Summary

15 Installing applications

15.1 Thinking about apps in Kubernetes

15.1.1 Application scope influences what tools you should use

15.2 Microservice apps typically require thousands of lines of configuration code

15.3 Rethinking our Guestbook app installation for the real world

15.4 Installing the Carvel toolkit

15.4.1 Part 1: Modularizing our resources into separate files

15.4.2 Part 2: Patching our application files with ytt

15.4.3 Part 3: Managing and deploying Guestbook as a single application

15.4.4 Part 4: Constructing a kapp Operator to package and manage our application

15.5 Revisiting the Kubernetes Operator

15.6 Tanzu Community Edition: An end-to-end example of the Carvel toolkit

Summary

index

People also search for Core Kubernetes 1st Edition:

at its core kubernetes is a platform for
    
.net core kubernetes
    
which of the following forms the core kubernetes objects
    
dbt core kubernetes
    
ubuntu core kubernetes

Tags: Jay Vyas, Chris Love, Core Kubernetes