Book Image

The DevOps 2.3 Toolkit

By : Viktor Farcic
Book Image

The DevOps 2.3 Toolkit

By: Viktor Farcic

Overview of this book

Building on The DevOps 2.0 Toolkit, The DevOps 2.1 Toolkit: Docker Swarm, and The DevOps 2.2 Toolkit: Self-Sufficient Docker Clusters, Viktor Farcic brings his latest exploration of the DevOps Toolkit as he takes you on a journey to explore the features of Kubernetes. The DevOps 2.3 Toolkit: Kubernetes is a book in the series that helps you build a full DevOps Toolkit. This book in the series looks at Kubernetes, the tool designed to, among other roles, make it easier in the creation and deployment of highly available and fault-tolerant applications at scale, with zero downtime. Within this book, Viktor will cover a wide range of emerging topics, including what exactly Kubernetes is, how to use both first and third-party add-ons for projects, and how to get the skills to be able to call yourself a “Kubernetes ninja.” Work with Viktor and dive into the creation and exploration of Kubernetes with a series of hands-on guides.

Related Content you might be interested in

Current Title:

Small book image
The DevOps 2.3 Toolkit
Viktor Farcic
Sep, 2018 | 418 pages
Small book image
The DevOps 2.4 Toolkit
Viktor Farcic
Nov, 2019 | 398 pages
Small book image
The DevOps 2.2 Toolkit
Viktor Farcic
Mar, 2018 | 360 pages
Small book image
Kubernetes Cookbook
HuiChuan Chloe Lee | KeJou Carol Hsu | Hideto Saito
May, 2018 | 554 pages
Table of Contents (18 chapters)
Preface
Preface
Overview
Get in touch
Free Chapter
1
How Did We Get Here?
How Did We Get Here?
A glimpse from the past
A short history of infrastructure management
A short history of deployment processes
What is a container scheduler?
What is Kubernetes?
2
Running Kubernetes Cluster Locally
Running Kubernetes Cluster Locally
Installing kubectl
Installing Minikube
Creating a local Kubernetes cluster with Minikube
What now?
3
Creating Pods
Creating Pods
Creating a Cluster
Quick and dirty way to run Pods
Defining Pods through declarative syntax
Running multiple containers in a single Pod
Monitoring health
Pods are (almost) useless (by themselves)
What now?
4
Scaling Pods With ReplicaSets
Scaling Pods With ReplicaSets
Creating a Cluster
Creating ReplicaSets
Operating ReplicaSets
What now?
5
Using Services to Enable Communication between Pods
Using Services to Enable Communication between Pods
Creating a Cluster
Creating Services by exposing ports
Creating Services through declarative syntax
Splitting the Pod and establishing communication through Services
Defining multiple objects in the same YAML file
Discovering Services
What now?
Kubernetes Pods, ReplicaSets, and Services compared to Docker Swarm stacks
6
Deploying Releases with Zero-Downtime
Deploying Releases with Zero-Downtime
Creating a Cluster
Deploying new releases
Updating Deployments
Zero-Downtime Deployments
Rolling back or rolling forward?
Rolling back failed Deployments
Merging everything into the same YAML definition
Updating multiple objects
Scaling Deployments
What now?
Kubernetes Deployments compared to Docker Swarm stacks
7
Using Ingress to Forward Traffic
Using Ingress to Forward Traffic
Creating a cluster
Exploring deficiencies when enabling external access through Kubernetes services
Enabling Ingress controllers
Creating Ingress Resources based on paths
Creating Ingress resources based on domains
Creating an Ingress resource with default backends
What now?
Kubernetes Ingress compared to Docker Swarm equivalent
8
Using Volumes to Access Host's File System
Using Volumes to Access Host's File System
Creating a cluster
Accessing host's resources through hostPath volumes
Using hostPath volume type to inject configuration files
Using gitRepo to mount a Git repository
Persisting state through the emptyDir volume type
What now?
9
Using ConfigMaps to Inject Configuration Files
Using ConfigMaps to Inject Configuration Files
Creating a cluster
Injecting configurations from files
Injecting configurations from key/value literals
Injecting configurations from environment files
Converting ConfigMap output into environment variables
Defining ConfigMaps as YAML
A plea NOT to use ConfigMaps!
What now?
Kubernetes ConfigMaps compared to Docker Swarm configs
10
Using Secrets to Hide Confidential Information
Using Secrets to Hide Confidential Information
Creating a Cluster
Exploring built-in Secrets
Creating and mounting generic Secrets
Secrets compared to ConfigMaps
Not so secretive Secrets
What now?
Kubernetes Secrets compared to Docker Swarm Secrets
11
Dividing a Cluster into Namespaces
Dividing a Cluster into Namespaces
Creating a Cluster
Deploying the first release
Exploring virtual clusters
Exploring the existing Namespaces
Deploying to a new Namespace
Communicating between Namespaces
Deleting a Namespace and all its Objects
What now?
Kubernetes Namespaces compared to Docker Swarm equivalent (if there is any)
12
Securing Kubernetes Clusters
Securing Kubernetes Clusters
Accessing Kubernetes API
Authorizing requests
Creating a Cluster
Creating users
Exploring RBAC authorization
Peeking into pre-defined Cluster roles
Creating Role bindings and Cluster Role bindings
Replacing Users with Groups
What now?
Kubernetes RBAC compared to Docker Swarm RBAC
13
Managing Resources
Managing Resources
Creating a cluster
Defining container memory and CPU resources
Measuring actual memory and CPU consumption
Exploring the effects of discrepancies between resource specifications and resource usage
Adjusting resources based on actual usage
Exploring quality of service (QoS) contracts
Defining resource defaults and limitations within a namespace
Defining resource quotas for a namespace
What now?
Kubernetes resource management compared to docker swarm equivalent
14
Creating a Production-Ready Kubernetes Cluster
Creating a Production-Ready Kubernetes Cluster
What is kubernetes operations (kops) project?
Preparing for the cluster setup
Creating a kubernetes cluster in AWS
Exploring the components that constitute the cluster
Updating the cluster
Upgrading the cluster manually
Upgrading the cluster automatically
Accessing the cluster
Deploying applications
Exploring high-availability and fault-tolerance
Giving others access to the cluster
Destroying the cluster
What now?
Kubernetes operations (kops) compared to Docker for AWS
15
Persisting State
Persisting State
Creating a Kubernetes cluster
Creating AWS volumes
Creating Kubernetes persistent volumes
Claiming persistent volumes
Attaching claimed volumes to Pods
Using storage classes to dynamically provision persistent volumes
Using default storage classes
Creating storage classes
What now?
16
The End
The End
Contributions
17
Other Books You May Enjoy
Other Books You May Enjoy

What now?

Authorization and authentication are critical security components. Without a proper set of permissions, we are risking exposure with potentially devastating results. Moreover, with appropriate Rules, Roles, and RoleBindings, we can make a cluster not only more secure but also increase collaboration between different members of our organization. The only trick is to find a right balance between tight security and freedom. It takes time until that equilibrium is established.

RBAC combined with Namespaces provides an excellent separation. Without Namespaces, we'd need to create multiple clusters. Without RBAC, those clusters would be exposed or locked down to only a handful of users. The two combined provide an excellent way to increase collaboration without sacrificing security.

We did not explore Service Accounts. They are the third kind of Subjects, besides Users...

Previous Section
End of Section 10
Next Section