Book Image

The DevOps 2.3 Toolkit

By : Viktor Farcic
Book Image

The DevOps 2.3 Toolkit

By: Viktor Farcic

Overview of this book

Building on The DevOps 2.0 Toolkit, The DevOps 2.1 Toolkit: Docker Swarm, and The DevOps 2.2 Toolkit: Self-Sufficient Docker Clusters, Viktor Farcic brings his latest exploration of the DevOps Toolkit as he takes you on a journey to explore the features of Kubernetes. The DevOps 2.3 Toolkit: Kubernetes is a book in the series that helps you build a full DevOps Toolkit. This book in the series looks at Kubernetes, the tool designed to, among other roles, make it easier in the creation and deployment of highly available and fault-tolerant applications at scale, with zero downtime. Within this book, Viktor will cover a wide range of emerging topics, including what exactly Kubernetes is, how to use both first and third-party add-ons for projects, and how to get the skills to be able to call yourself a “Kubernetes ninja.” Work with Viktor and dive into the creation and exploration of Kubernetes with a series of hands-on guides.

Related Content you might be interested in

Current Title:

Small book image
The DevOps 2.3 Toolkit
Viktor Farcic
Sep, 2018 | 418 pages
Small book image
The DevOps 2.4 Toolkit
Viktor Farcic
Nov, 2019 | 398 pages
Small book image
The DevOps 2.2 Toolkit
Viktor Farcic
Mar, 2018 | 360 pages
Small book image
Kubernetes Cookbook
HuiChuan Chloe Lee | KeJou Carol Hsu | Hideto Saito
May, 2018 | 554 pages
Table of Contents (18 chapters)
Preface
Preface
Overview
Get in touch
Free Chapter
1
How Did We Get Here?
How Did We Get Here?
A glimpse from the past
A short history of infrastructure management
A short history of deployment processes
What is a container scheduler?
What is Kubernetes?
2
Running Kubernetes Cluster Locally
Running Kubernetes Cluster Locally
Installing kubectl
Installing Minikube
Creating a local Kubernetes cluster with Minikube
What now?
3
Creating Pods
Creating Pods
Creating a Cluster
Quick and dirty way to run Pods
Defining Pods through declarative syntax
Running multiple containers in a single Pod
Monitoring health
Pods are (almost) useless (by themselves)
What now?
4
Scaling Pods With ReplicaSets
Scaling Pods With ReplicaSets
Creating a Cluster
Creating ReplicaSets
Operating ReplicaSets
What now?
5
Using Services to Enable Communication between Pods
Using Services to Enable Communication between Pods
Creating a Cluster
Creating Services by exposing ports
Creating Services through declarative syntax
Splitting the Pod and establishing communication through Services
Defining multiple objects in the same YAML file
Discovering Services
What now?
Kubernetes Pods, ReplicaSets, and Services compared to Docker Swarm stacks
6
Deploying Releases with Zero-Downtime
Deploying Releases with Zero-Downtime
Creating a Cluster
Deploying new releases
Updating Deployments
Zero-Downtime Deployments
Rolling back or rolling forward?
Rolling back failed Deployments
Merging everything into the same YAML definition
Updating multiple objects
Scaling Deployments
What now?
Kubernetes Deployments compared to Docker Swarm stacks
7
Using Ingress to Forward Traffic
Using Ingress to Forward Traffic
Creating a cluster
Exploring deficiencies when enabling external access through Kubernetes services
Enabling Ingress controllers
Creating Ingress Resources based on paths
Creating Ingress resources based on domains
Creating an Ingress resource with default backends
What now?
Kubernetes Ingress compared to Docker Swarm equivalent
8
Using Volumes to Access Host's File System
Using Volumes to Access Host's File System
Creating a cluster
Accessing host's resources through hostPath volumes
Using hostPath volume type to inject configuration files
Using gitRepo to mount a Git repository
Persisting state through the emptyDir volume type
What now?
9
Using ConfigMaps to Inject Configuration Files
Using ConfigMaps to Inject Configuration Files
Creating a cluster
Injecting configurations from files
Injecting configurations from key/value literals
Injecting configurations from environment files
Converting ConfigMap output into environment variables
Defining ConfigMaps as YAML
A plea NOT to use ConfigMaps!
What now?
Kubernetes ConfigMaps compared to Docker Swarm configs
10
Using Secrets to Hide Confidential Information
Using Secrets to Hide Confidential Information
Creating a Cluster
Exploring built-in Secrets
Creating and mounting generic Secrets
Secrets compared to ConfigMaps
Not so secretive Secrets
What now?
Kubernetes Secrets compared to Docker Swarm Secrets
11
Dividing a Cluster into Namespaces
Dividing a Cluster into Namespaces
Creating a Cluster
Deploying the first release
Exploring virtual clusters
Exploring the existing Namespaces
Deploying to a new Namespace
Communicating between Namespaces
Deleting a Namespace and all its Objects
What now?
Kubernetes Namespaces compared to Docker Swarm equivalent (if there is any)
12
Securing Kubernetes Clusters
Securing Kubernetes Clusters
Accessing Kubernetes API
Authorizing requests
Creating a Cluster
Creating users
Exploring RBAC authorization
Peeking into pre-defined Cluster roles
Creating Role bindings and Cluster Role bindings
Replacing Users with Groups
What now?
Kubernetes RBAC compared to Docker Swarm RBAC
13
Managing Resources
Managing Resources
Creating a cluster
Defining container memory and CPU resources
Measuring actual memory and CPU consumption
Exploring the effects of discrepancies between resource specifications and resource usage
Adjusting resources based on actual usage
Exploring quality of service (QoS) contracts
Defining resource defaults and limitations within a namespace
Defining resource quotas for a namespace
What now?
Kubernetes resource management compared to docker swarm equivalent
14
Creating a Production-Ready Kubernetes Cluster
Creating a Production-Ready Kubernetes Cluster
What is kubernetes operations (kops) project?
Preparing for the cluster setup
Creating a kubernetes cluster in AWS
Exploring the components that constitute the cluster
Updating the cluster
Upgrading the cluster manually
Upgrading the cluster automatically
Accessing the cluster
Deploying applications
Exploring high-availability and fault-tolerance
Giving others access to the cluster
Destroying the cluster
What now?
Kubernetes operations (kops) compared to Docker for AWS
15
Persisting State
Persisting State
Creating a Kubernetes cluster
Creating AWS volumes
Creating Kubernetes persistent volumes
Claiming persistent volumes
Attaching claimed volumes to Pods
Using storage classes to dynamically provision persistent volumes
Using default storage classes
Creating storage classes
What now?
16
The End
The End
Contributions
17
Other Books You May Enjoy
Other Books You May Enjoy

Not so secretive Secrets

Almost everything Kubernetes needs is stored in etcd (https://github.com/coreos/etcd). That includes Secrets. The problem is that they are stored as plain text. Anyone with access to etcd has access to Kubernetes Secrets. We can limit the access to etcd, but that's not the end of our troubles. etcd stores data to disk as plain text. Restricting the access to etcd still leaves the Secrets vulnerable to who has access to the file system. That, in a way, diminishes the advantage of storing Secrets in containers in tmpfs. There's not much benefit of having them in tmpfs used by containers, if those same Secrets are stored on disk by etcd.

Even after securing the access to etcd and making sure that unauthorized users do not have access to the file system partition used by etcd, we are still at risk. When multiple replicas of etcd are running, data...

Previous Section
End of Section 6
Next Section