Production Kubernetes

(ebook) (audiobook) (audiobook)

Autorzy:: Josh Rosso, Rich Lander, Alex Brand

Promocja Przejdź

Production Kubernetes Josh Rosso, Rich Lander, Alex Brand - okładka książki

Production Kubernetes Josh Rosso, Rich Lander, Alex Brand - okładka audiobooka MP3

Production Kubernetes Josh Rosso, Rich Lander, Alex Brand - okładka audiobooks CD

Wydawnictwo:: O'Reilly Media (Z chęcią przeczytam książkę w języku polskim)
Ocena:: Bądź pierwszym, który oceni tę książkę
Stron:: 508
2w1 w pakiecie:: ePub

Mobi

Ebook

~~319,00 zł~~ (-15%)
271,15 zł

Dodaj do koszyka lub Kup na prezent Kup 1-kliknięciem

Przenieś na półkę

Do przechowalni

Kubernetes has become the dominant container orchestrator, but many organizations that have recently adopted this system are still struggling to run actual production workloads. In this practical book, four software engineers from VMware bring their shared experiences running Kubernetes in production and provide insight on key challenges and best practices.

The brilliance of Kubernetes is how configurable and extensible the system is, from pluggable runtimes to storage integrations. For platform engineers, software developers, infosec, network engineers, storage engineers, and others, this book examines how the path to success with Kubernetes involves a variety of technology, pattern, and abstraction considerations.

With this book, you will:

Understand what the path to production looks like when using Kubernetes
Examine where gaps exist in your current Kubernetes strategy
Learn Kubernetes's essential building blocks--and their trade-offs
Understand what's involved in making Kubernetes a viable location for applications
Learn better ways to navigate the cloud native landscape

O autorach książki

Josh Rosso jest inżynierem oprogramowania. Pracował z Kubernetesem w CoreOS (Red Hat), Heptio i VMware.

Rich Lander jest inżynierem terenowym VMware. Pomaga przedsiębiorstwom wdrażać Kubernetes i technologie natywne dla chmury.

Alexander Brand jest inżynierem oprogramowania. Zajmuje się Kubernetesem i technologiami natywnymi chmury.

Ebooka przeczytasz na:

czytnikach Inkbook, Kindle, Pocketbook
i innych
systemach Windows, MacOS i innych

systemach Windows, Android, iOS, HarmonyOS
na dowolnych urządzeniach i aplikacjach obsługujących formaty: PDF, EPub, Mobi

Masz pytania? Zajrzyj do zakładki Pomoc »

Audiobooka posłuchasz:

w aplikacji Ebookpoint na Android, iOS, HarmonyOs
na systemach Windows, MacOS i innych

na dowolonych urządzeniach
i aplikacjach obsługujących format MP3
(pliki spakowane w ZIP)

Masz pytania? Zajrzyj do zakładki Pomoc »

Kurs Video zobaczysz:

Szczegóły książki

ISBN Ebooka:: 978-14-920-9225-4, 9781492092254
Data wydania ebooka:: 2021-03-16 Data wydania ebooka często jest dniem wprowadzenia tytułu do sprzedaży i może nie być równoznaczna z datą wydania książki papierowej. Dodatkowe informacje możesz znaleźć w darmowym fragmencie. Jeśli masz wątpliwości skontaktuj się z nami sklep@helion.pl.
Język publikacji:: angielski
Rozmiar pliku ePub:: 8.5MB
Rozmiar pliku Mobi:: 21.7MB

Kategorie:
Serwery internetowe » Inne

Spis treści książki

Foreword
Preface
- Conventions Used in This Book
- Using Code Examples
- OReilly Online Learning
- How to Contact Us
- Acknowledgments
1. A Path to Production
- Defining Kubernetes
  - The Core Components
  - Beyond OrchestrationExtended Functionality
  - Kubernetes Interfaces
  - Summarizing Kubernetes
- Defining Application Platforms
  - The Spectrum of Approaches
  - Aligning Your Organizational Needs
  - Summarizing Application Platforms
- Building Application Platforms on Kubernetes
  - Starting from the Bottom
  - The Abstraction Spectrum
  - Determining Platform Services
  - The Building Blocks
    - IAAS/datacenter and Kubernetes
    - Container runtime
    - Container networking
    - Storage integration
    - Service routing
    - Secret management
    - Identity
    - Authorization/admission control
    - Software supply chain
    - Observability
    - Developer abstractions
- Summary
2. Deployment Models
- Managed Service Versus Roll Your Own
  - Managed Services
  - Roll Your Own
  - Making the Decision
- Automation
  - Prebuilt Installer
  - Custom Automation
- Architecture and Topology
  - etcd Deployment Models
    - Network considerations
    - Dedicated versus colocated
    - Containerized versus on host
  - Cluster Tiers
  - Node Pools
  - Cluster Federation
    - Management clusters
    - Observability
    - Federated software deployment
- Infrastructure
  - Bare Metal Versus Virtualized
  - Cluster Sizing
  - Compute Infrastructure
  - Networking Infrastructure
    - Routability
    - Redundancy
    - Load balancing
  - Automation Strategies
    - Infra management tools
    - Kubernetes operators
- Machine Installations
  - Configuration Management
  - Machine Images
  - What to Install
- Containerized Components
- Add-ons
- Upgrades
  - Platform Versioning
  - Plan to Fail
  - Integration Testing
  - Strategies
    - Cluster replacement
    - Node replacement
    - In-place upgrades
- Triggering Mechanisms
- Summary
3. Container Runtime
- The Advent of Containers
- The Open Container Initiative
  - OCI Runtime Specification
  - OCI Image Specification
- The Container Runtime Interface
  - Starting a Pod
- Choosing a Runtime
  - Docker
  - containerd
  - CRI-O
  - Kata Containers
  - Virtual Kubelet
- Summary
4. Container Storage
- Storage Considerations
  - Access Modes
  - Volume Expansion
  - Volume Provisioning
  - Backup and Recovery
  - Block Devices and File and Object Storage
  - Ephemeral Data
  - Choosing a Storage Provider
- Kubernetes Storage Primitives
  - Persistent Volumes and Claims
  - Storage Classes
- The Container Storage Interface (CSI)
  - CSI Controller
  - CSI Node
- Implementing Storage as a Service
  - Installation
  - Exposing Storage Options
  - Consuming Storage
  - Resizing
  - Snapshots
- Summary
5. Pod Networking
- Networking Considerations
  - IP Address Management
  - Routing Protocols
  - Encapsulation and Tunneling
  - Workload Routability
  - IPv4 and IPv6
  - Encrypted Workload Traffic
  - Network Policy
  - Summary: Networking Considerations
- The Container Networking Interface (CNI)
  - CNI Installation
- CNI Plug-ins
  - Calico
  - Cilium
  - AWS VPC CNI
  - Multus
  - Additional Plug-ins
- Summary
6. Service Routing
- Kubernetes Services
  - The Service Abstraction
    - Service IP Address Management
    - The Service resource
    - Service types
      - ClusterIP
      - NodePort
      - LoadBalancer
      - ExternalName
      - Headless Service
    - Supported communication protocols
  - Endpoints
    - The Endpoints resource
    - The Endpoints controller
    - Pod readiness and readiness probes
    - The EndpointSlices resource
  - Service Implementation Details
    - Kube-proxy
    - Kube-proxy: iptables mode
      - ClusterIP Services
      - NodePort and LoadBalancer Services
      - Connection tracking (conntrack)
      - Masquerade
      - Performance concerns
    - Kube-proxy: IP Virtual Server (IPVS) mode
      - ClusterIP Services
      - NodePort and LoadBalancer Services
    - Running without kube-proxy
  - Service Discovery
    - Using DNS
    - Using the Kubernetes API
    - Using environment variables
  - DNS Service Performance
    - DNS cache on each node
    - Auto-scaling the DNS server deployment
- Ingress
  - The Case for Ingress
  - The Ingress API
  - Ingress Controllers and How They Work
  - Ingress Traffic Patterns
    - HTTP proxying
    - HTTP proxying with TLS
    - Layer 3/4 proxying
  - Choosing an Ingress Controller
  - Ingress Controller Deployment Considerations
    - Dedicated Ingress nodes
    - Binding to the host network
    - Ingress controllers and external traffic policy
    - Spread Ingress controllers across failure domains
  - DNS and Its Role in Ingress
    - Wildcard DNS record
    - Kubernetes and DNS integration
  - Handling TLS Certificates
- Service Mesh
  - When (Not) to Use a Service Mesh
  - The Service Mesh Interface (SMI)
  - The Data Plane Proxy
  - Service Mesh on Kubernetes
  - Data Plane Architecture
    - Sidecar proxy
    - Node proxy
  - Adopting a Service Mesh
    - Prioritize one of the pillars
    - Deploy to a new or an existing cluster?
    - Handling upgrades
    - Resource overhead
    - Certificate Authority for mutual TLS
    - Multicluster service mesh
- Summary
7. Secret Management
- Defense in Depth
  - Disk Encryption
  - Transport Security
  - Application Encryption
- The Kubernetes Secret API
  - Secret Consumption Models
    - Environment variables
    - Volumes
    - Client API Consumption
  - Secret Data in etcd
  - Static-Key Encryption
  - Envelope Encryption
- External Providers
  - Vault
  - Cyberark
  - Injection Integration
  - CSI Integration
- Secrets in the Declarative World
  - Sealing Secrets
  - Sealed Secrets Controller
  - Key Renewal
  - Multicluster Models
- Best Practices for Secrets
  - Always Audit Secret Interaction
  - Dont Leak Secrets
  - Prefer Volumes Over Environment Variables
  - Make Secret Store Providers Unknown to Your Application
- Summary
8. Admission Control
- The Kubernetes Admission Chain
- In-Tree Admission Controllers
- Webhooks
  - Configuring Webhook Admission Controllers
  - Webhook Design Considerations
- Writing a Mutating Webhook
  - Plain HTTPS Handler
  - Controller Runtime
- Centralized Policy Systems
- Summary
9. Observability
- Logging Mechanics
  - Container Log Processing
    - Application forwarding
    - Sidecar processing
    - Node agent forwarding
  - Kubernetes Audit Logs
  - Kubernetes Events
  - Alerting on Logs
  - Security Implications
- Metrics
  - Prometheus
  - Long-Term Storage
  - Pushing Metrics
  - Custom Metrics
  - Organization and Federation
  - Alerts
    - Dead mans switch
  - Showback and Chargeback
    - Showback by requests
    - Showback by consumption
    - Chargeback
    - Network and storage
  - Metrics Components
    - Prometheus Operator
    - Prometheus servers
    - Alertmanager
    - Grafana
    - Node exporter
    - kube-state-metrics
    - Prometheus adapter
- Distributed Tracing
  - OpenTracing and OpenTelemetry
  - Tracing Components
    - Agent
    - Collector
    - Storage
    - API
    - User interface
  - Application Instrumentation
  - Service Meshes
- Summary
10. Identity
- User Identity
  - Authentication Methods
    - Shared secrets
    - Public key infrastructure
    - OpenID Connect (OIDC)
  - Implementing Least Privilege Permissions for Users
- Application/Workload Identity
  - Shared Secrets
  - Network Identity
    - Calico
    - Cilium
  - Service Account Tokens (SAT)
  - Projected Service Account Tokens (PSAT)
  - Platform Mediated Node Identity
    - AWS platform authentication methods/tooling
      - kube2iam
      - kiam
      - IAM Roles for Service Accounts (IRSA)
    - Cross-platform identity with SPIFFE and SPIRE
      - Architecture and concepts
      - Direct application access
      - Sidecar proxy
      - Service mesh (Istio)
      - Other application integration methods
      - Integration with secrets store (Vault)
      - Integration with AWS
- Summary
11. Building Platform Services
- Points of Extension
  - Plug-in Extensions
  - Webhook Extensions
    - Authentication extensions
    - Admission control
  - Operator Extensions
- The Operator Pattern
  - Kubernetes Controllers
  - Custom Resources
- Operator Use Cases
  - Platform Utilities
  - General-Purpose Workload Operators
  - App-Specific Operators
- Developing Operators
  - Operator Development Tooling
    - Kubebuilder
    - Metacontroller
    - Operator Framework
  - Data Model Design
  - Logic Implementation
    - Existing state
    - Desired state
    - Reconciliation
    - Implementation details
    - Admission webhooks
    - Finalizers
- Extending the Scheduler
  - Predicates and Priorities
  - Scheduling Policies
  - Scheduling Profiles
  - Multiple Schedulers
  - Custom Scheduler
- Summary
12. Multitenancy
- Degrees of Isolation
  - Single-Tenant Clusters
  - Multitenant Clusters
- The Namespace Boundary
- Multitenancy in Kubernetes
  - Role-Based Access Control (RBAC)
  - Resource Quotas
  - Admission Webhooks
  - Resource Requests and Limits
  - Network Policies
  - Pod Security Policies
  - Multitenant Platform Services
- Summary
13. Autoscaling
- Types of Scaling
- Application Architecture
- Workload Autoscaling
  - Horizontal Pod Autoscaler
  - Vertical Pod Autoscaler
  - Autoscaling with Custom Metrics
  - Cluster Proportional Autoscaler
  - Custom Autoscaling
- Cluster Autoscaling
  - Cluster Overprovisioning
- Summary
14. Application Considerations
- Deploying Applications to Kubernetes
  - Templating Deployment Manifests
  - Packaging Applications for Kubernetes
- Ingesting Configuration and Secrets
  - Kubernetes ConfigMaps and Secrets
  - Obtaining Configuration from External Systems
- Handling Rescheduling Events
  - Pre-stop Container Life Cycle Hook
  - Graceful Container Shutdown
  - Satisfying Availability Requirements
- State Probes
  - Liveness Probes
  - Readiness Probes
  - Startup Probes
  - Implementing Probes
- Pod Resource Requests and Limits
  - Resource Requests
  - Resource Limits
- Application Logs
  - What to Log
  - Unstructured Versus Structured Logs
  - Contextual Information in Logs
- Exposing Metrics
  - Instrumenting Applications
  - USE Method
  - RED Method
  - The Four Golden Signals
  - App-Specific Metrics
- Instrumenting Services for Distributed Tracing
  - Initializing the Tracer
  - Creating Spans
  - Propagate Context
- Summary
15. Software Supply Chain
- Building Container Images
  - The Golden Base Images Antipattern
  - Choosing a Base Image
  - Runtime User
  - Pinning Package Versions
  - Build Versus Runtime Image
  - Cloud Native Buildpacks
- Image Registries
  - Vulnerability Scanning
  - Quarantine Workflow
  - Image Signing
- Continuous Delivery
  - Integrating Builds into a Pipeline
  - Push-Based Deployments
  - Rollout Patterns
  - GitOps
- Summary
16. Platform Abstractions
- Platform Exposure
- Self-Service Onboarding
- The Spectrum of Abstraction
  - Command-Line Tooling
  - Abstraction Through Templating
    - Helm
    - Kustomize
  - Abstracting Kubernetes Primitives
  - Making Kubernetes Invisible
- Summary
Index

pokaż cały spis treści