Book Image

Hands-On Kubernetes on Windows

By : Piotr Tylenda

Book Image

Hands-On Kubernetes on Windows

By: Piotr Tylenda

Overview of this book

With the adoption of Windows containers in Kubernetes, you can now fully leverage the flexibility and robustness of the Kubernetes container orchestration system in the Windows ecosystem. This support will enable you to create new Windows applications and migrate existing ones to the cloud-native stack with the same ease as for Linux-oriented cloud applications. This practical guide takes you through the key concepts involved in packaging Windows-distributed applications into containers and orchestrating these using Kubernetes. You'll also understand the current limitations of Windows support in Kubernetes. As you advance, you'll gain hands-on experience deploying a fully functional hybrid Linux/Windows Kubernetes cluster for development, and explore production scenarios in on-premises and cloud environments, such as Microsoft Azure Kubernetes Service. By the end of this book, you'll be well-versed with containerization, microservices architecture, and the critical considerations for running Kubernetes in production environments successfully.

Preface

Who this book is for

What this book covers

To get the most out of this book

Section 1: Creating and Working with Containers

Section 1: Creating and Working with Containers

Free Chapter

Creating Containers

Creating Containers

Technical requirements

Linux versus Windows containers

Understanding Windows container variants

Installing Docker Desktop for Windows tooling

Building your first container

Further reading

Managing State in Containers

Managing State in Containers

Technical requirements

Mounting local volumes for stateful applications

Using remote/cloud storage for container storage

Running clustered solutions inside containers

Further reading

Working with Container Images

Working with Container Images

Technical requirements

Storing and sharing container images

Using cloud container builders

Image tagging and versioning

Ensuring the integrity of the image supply chain

Further reading

Section 2: Understanding Kubernetes Fundamentals

Section 2: Understanding Kubernetes Fundamentals

Kubernetes Concepts and Windows Support

Kubernetes Concepts and Windows Support

Technical requirements

Kubernetes high-level architecture

Kubernetes objects

The Windows and Kubernetes ecosystem

Kubernetes limitations on Windows

Creating your own development cluster from scratch

Production cluster deployment strategies

Managed Kubernetes providers

Further reading

Kubernetes Networking

Kubernetes Networking

Technical requirements

Kubernetes networking principles

Kubernetes CNI network plugins

Windows Server networking in Kubernetes

Choosing Kubernetes network modes

Further reading

Interacting with Kubernetes Clusters

Interacting with Kubernetes Clusters

Technical requirements

Installing Kubernetes command-line tooling

Accessing Kubernetes clusters

Working with development clusters

Looking at common kubectl commands

Further reading

Section 3: Creating Windows Kubernetes Clusters

Section 3: Creating Windows Kubernetes Clusters

Deploying a Hybrid On-Premises Kubernetes Cluster

Deploying a Hybrid On-Premises Kubernetes Cluster

Technical requirements

Preparing the Hyper-V environment

Creating a Kubernetes master node using kubeadm

Installing the Kubernetes network

Preparing VMs for Windows nodes

Joining Windows nodes using kubeadm

Deploying and inspecting your first application

Further reading

Deploying a Hybrid Azure Kubernetes Service Engine Cluster

Deploying a Hybrid Azure Kubernetes Service Engine Cluster

Technical requirements

Installing AKS Engine

Creating an Azure resource group and a service principal

Using apimodel and generating an Azure resource manager template

Deploying the cluster

Deploying and inspecting your first application

Further reading

Section 4: Orchestrating Windows Containers Using Kubernetes

Section 4: Orchestrating Windows Containers Using Kubernetes

Deploying Your First Application

Deploying Your First Application

Technical requirements

Imperatively deploying an application

Using Kubernetes manifest files

Scheduling Pods on Windows nodes

Accessing your application

Scaling the application

Further reading

Deploying Microsoft SQL Server 2019 and a ASP.NET MVC Application

Deploying Microsoft SQL Server 2019 and a ASP.NET MVC Application

Technical requirements

Creating and publishing an ASP.NET MVC application to Docker Hub

Preparing the AKS Engine

Deploying a failover Microsoft SQL Server 2019

Deploying the ASP.NET MVC application

Accessing the application

Scaling the application

Debugging the application

Further reading

Configuring Applications to Use Kubernetes Features

Configuring Applications to Use Kubernetes Features

Technical requirements

Using namespaces to isolate applications

Health monitoring using liveness and readiness probes

Specifying resource limits and configuring autoscaling

Managing application configuration using ConfigMaps and Secrets

Managing persistent data storage on Windows nodes

Configuring rolling updates for Deployments

Role-Based Access Control

Further reading

Development Workflow with Kubernetes

Development Workflow with Kubernetes

Technical requirements

Using developer tooling with Kubernetes

Packaging applications using Helm

Debugging a containerized application using Azure Application Insights

Using Kubernetes Dashboard

Working on microservices in a team using Azure Dev Spaces

Further reading

Securing Kubernetes Clusters and Applications

Securing Kubernetes Clusters and Applications

Technical requirements

Securing Kubernetes clusters

Securing container runtime in Windows

Deploying secure applications using network policies

Kubernetes secrets on Windows machines

Further reading

Monitoring Kubernetes Applications Using Prometheus

Monitoring Kubernetes Applications Using Prometheus

Technical requirements

Available monitoring solutions

Provisioning observable Windows nodes

Deploying Prometheus using a Helm chart

Windows Performance Counters

Monitoring .NET applications using prometheus-net

Configuring dashboards and alerts in Grafana

Further reading

Disaster Recovery

Disaster Recovery

Technical requirements

Kubernetes cluster backup strategy

Backing up an etcd cluster

Restoring the etcd cluster backup

Automating backup

Replacing a failed etcd cluster member

Further reading

Production Considerations for Running Kubernetes

Production Considerations for Running Kubernetes

Technical requirements

Provisioning clusters reproducibly

Kubeadm limitations

Upgrading clusters

Configuring a network proxy for the Docker daemon and Kubernetes

Further reading

Assessments

Chapter 1: Creating Containers

Chapter 2: Managing State in Containers

Chapter 3: Working with Container Images

Chapter 4: Kubernetes Concepts and Windows Support

Chapter 5: Kubernetes Networking

Chapter 6: Interacting with Kubernetes Clusters

Chapter 7: Deploying a Hybrid On-Premises Kubernetes Cluster

Chapter 8: Deploying a Hybrid Azure Kubernetes Service Engine Cluster

Chapter 9: Deploying Your First Application

Chapter 10: Deploying Microsoft SQL Server 2019 and ASP.NET MVC Applications

Chapter 11: Configuring Applications to Use Kubernetes Features

Chapter 12: Development Workflow with Kubernetes

Chapter 13: Securing Kubernetes Clusters and Applications

Chapter 14: Monitoring Kubernetes Applications Using Prometheus

Chapter 15: Disaster Recovery

Chapter 16: Production Considerations for Running Kubernetes

Other Books You May Enjoy

Other Books You May Enjoy

Leave a review - let other readers know what you think

Customer Reviews

5 star

0

4 star

0

3 star

0

2 star

0

1 star

0

Kubernetes secrets on Windows machines

In Chapter 4, Kubernetes Concepts and Windows Support, we mentioned that one of Windows's node support limitations is that Kubernetes secrets that are mounted to pods as volumes are written in clear-text on node disk storage (not RAM memory). The reason for this is that Windows currently does not support mounting in-memory filesystems to pod containers. This may pose security risks, and needs additional actions to secure the cluster. At the same time, mounting secrets as environment variables has its own security risks—you can enumerate environment variables for processes if you have access to the system. Until it is possible to mount secrets as volumes from in-memory filesystems, there is no completely secure solution for injecting secrets for Windows containers apart from using third-party providers, such as Azure Key Vault...