Book Image

Hands-On Kubernetes on Windows

By : Piotr Tylenda

Book Image

Hands-On Kubernetes on Windows

By: Piotr Tylenda

Overview of this book

With the adoption of Windows containers in Kubernetes, you can now fully leverage the flexibility and robustness of the Kubernetes container orchestration system in the Windows ecosystem. This support will enable you to create new Windows applications and migrate existing ones to the cloud-native stack with the same ease as for Linux-oriented cloud applications. This practical guide takes you through the key concepts involved in packaging Windows-distributed applications into containers and orchestrating these using Kubernetes. You'll also understand the current limitations of Windows support in Kubernetes. As you advance, you'll gain hands-on experience deploying a fully functional hybrid Linux/Windows Kubernetes cluster for development, and explore production scenarios in on-premises and cloud environments, such as Microsoft Azure Kubernetes Service. By the end of this book, you'll be well-versed with containerization, microservices architecture, and the critical considerations for running Kubernetes in production environments successfully.

Preface

Who this book is for

What this book covers

To get the most out of this book

Section 1: Creating and Working with Containers

Section 1: Creating and Working with Containers

Free Chapter

Creating Containers

Creating Containers

Technical requirements

Linux versus Windows containers

Understanding Windows container variants

Installing Docker Desktop for Windows tooling

Building your first container

Further reading

Managing State in Containers

Managing State in Containers

Technical requirements

Mounting local volumes for stateful applications

Using remote/cloud storage for container storage

Running clustered solutions inside containers

Further reading

Working with Container Images

Working with Container Images

Technical requirements

Storing and sharing container images

Using cloud container builders

Image tagging and versioning

Ensuring the integrity of the image supply chain

Further reading

Section 2: Understanding Kubernetes Fundamentals

Section 2: Understanding Kubernetes Fundamentals

Kubernetes Concepts and Windows Support

Kubernetes Concepts and Windows Support

Technical requirements

Kubernetes high-level architecture

Kubernetes objects

The Windows and Kubernetes ecosystem

Kubernetes limitations on Windows

Creating your own development cluster from scratch

Production cluster deployment strategies

Managed Kubernetes providers

Further reading

Kubernetes Networking

Kubernetes Networking

Technical requirements

Kubernetes networking principles

Kubernetes CNI network plugins

Windows Server networking in Kubernetes

Choosing Kubernetes network modes

Further reading

Interacting with Kubernetes Clusters

Interacting with Kubernetes Clusters

Technical requirements

Installing Kubernetes command-line tooling

Accessing Kubernetes clusters

Working with development clusters

Looking at common kubectl commands

Further reading

Section 3: Creating Windows Kubernetes Clusters

Section 3: Creating Windows Kubernetes Clusters

Deploying a Hybrid On-Premises Kubernetes Cluster

Deploying a Hybrid On-Premises Kubernetes Cluster

Technical requirements

Preparing the Hyper-V environment

Creating a Kubernetes master node using kubeadm

Installing the Kubernetes network

Preparing VMs for Windows nodes

Joining Windows nodes using kubeadm

Deploying and inspecting your first application

Further reading

Deploying a Hybrid Azure Kubernetes Service Engine Cluster

Deploying a Hybrid Azure Kubernetes Service Engine Cluster

Technical requirements

Installing AKS Engine

Creating an Azure resource group and a service principal

Using apimodel and generating an Azure resource manager template

Deploying the cluster

Deploying and inspecting your first application

Further reading

Section 4: Orchestrating Windows Containers Using Kubernetes

Section 4: Orchestrating Windows Containers Using Kubernetes

Deploying Your First Application

Deploying Your First Application

Technical requirements

Imperatively deploying an application

Using Kubernetes manifest files

Scheduling Pods on Windows nodes

Accessing your application

Scaling the application

Further reading

Deploying Microsoft SQL Server 2019 and a ASP.NET MVC Application

Deploying Microsoft SQL Server 2019 and a ASP.NET MVC Application

Technical requirements

Creating and publishing an ASP.NET MVC application to Docker Hub

Preparing the AKS Engine

Deploying a failover Microsoft SQL Server 2019

Deploying the ASP.NET MVC application

Accessing the application

Scaling the application

Debugging the application

Further reading

Configuring Applications to Use Kubernetes Features

Configuring Applications to Use Kubernetes Features

Technical requirements

Using namespaces to isolate applications

Health monitoring using liveness and readiness probes

Specifying resource limits and configuring autoscaling

Managing application configuration using ConfigMaps and Secrets

Managing persistent data storage on Windows nodes

Configuring rolling updates for Deployments

Role-Based Access Control

Further reading

Development Workflow with Kubernetes

Development Workflow with Kubernetes

Technical requirements

Using developer tooling with Kubernetes

Packaging applications using Helm

Debugging a containerized application using Azure Application Insights

Using Kubernetes Dashboard

Working on microservices in a team using Azure Dev Spaces

Further reading

Securing Kubernetes Clusters and Applications

Securing Kubernetes Clusters and Applications

Technical requirements

Securing Kubernetes clusters

Securing container runtime in Windows

Deploying secure applications using network policies

Kubernetes secrets on Windows machines

Further reading

Monitoring Kubernetes Applications Using Prometheus

Monitoring Kubernetes Applications Using Prometheus

Technical requirements

Available monitoring solutions

Provisioning observable Windows nodes

Deploying Prometheus using a Helm chart

Windows Performance Counters

Monitoring .NET applications using prometheus-net

Configuring dashboards and alerts in Grafana

Further reading

Disaster Recovery

Disaster Recovery

Technical requirements

Kubernetes cluster backup strategy

Backing up an etcd cluster

Restoring the etcd cluster backup

Automating backup

Replacing a failed etcd cluster member

Further reading

Production Considerations for Running Kubernetes

Production Considerations for Running Kubernetes

Technical requirements

Provisioning clusters reproducibly

Kubeadm limitations

Upgrading clusters

Configuring a network proxy for the Docker daemon and Kubernetes

Further reading

Assessments

Chapter 1: Creating Containers

Chapter 2: Managing State in Containers

Chapter 3: Working with Container Images

Chapter 4: Kubernetes Concepts and Windows Support

Chapter 5: Kubernetes Networking

Chapter 6: Interacting with Kubernetes Clusters

Chapter 7: Deploying a Hybrid On-Premises Kubernetes Cluster

Chapter 8: Deploying a Hybrid Azure Kubernetes Service Engine Cluster

Chapter 9: Deploying Your First Application

Chapter 10: Deploying Microsoft SQL Server 2019 and ASP.NET MVC Applications

Chapter 11: Configuring Applications to Use Kubernetes Features

Chapter 12: Development Workflow with Kubernetes

Chapter 13: Securing Kubernetes Clusters and Applications

Chapter 14: Monitoring Kubernetes Applications Using Prometheus

Chapter 15: Disaster Recovery

Chapter 16: Production Considerations for Running Kubernetes

Other Books You May Enjoy

Other Books You May Enjoy

Leave a review - let other readers know what you think

Customer Reviews

5 star

0

4 star

0

3 star

0

2 star

0

1 star

0

Chapter 13: Securing Kubernetes Clusters and Applications

Kubernetes itself does not provide a means for managing normal external users who access the cluster. This should be delegated to an external authentication provider that can integrate with Kubernetes, for example, via Authenticating Proxy.
To reduce the attack vector, the recommended practice is to never expose Kubernetes Dashboard using a LoadBalancer service and always use a kubectl proxy for accessing the page.
This will provide an extra layer of security for your API resources and Secrets, which otherwise would be kept in etcd in unencrypted form.

No, this feature is supported only in Linux containers.
NetworkPolicy objects define how groups of Pods can communicate with each other and network endpoints in general—think of them as a basic firewall for enforcing network segmentation at Layer 3 of the OSI...